willdot.net / bsky-bookmarks
this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

refactor the auth. don't need to auth, just get a token if present

Will Andrews ac0d4c6f a4778e98

+18 -34
-4
go.mod
··· 22 22 github.com/hashicorp/go-cleanhttp v0.5.2 // indirect 23 23 github.com/hashicorp/go-retryablehttp v0.7.5 // indirect 24 24 github.com/hashicorp/golang-lru v1.0.2 // indirect 25 - github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect 26 25 github.com/ipfs/bbloom v0.0.4 // indirect 27 26 github.com/ipfs/go-block-format v0.2.0 // indirect 28 27 github.com/ipfs/go-cid v0.4.1 // indirect ··· 54 53 github.com/prometheus/procfs v0.15.1 // indirect 55 54 github.com/spaolacci/murmur3 v1.1.0 // indirect 56 55 github.com/whyrusleeping/cbor-gen v0.1.3-0.20240904181319-8dc02b38228c // indirect 57 - gitlab.com/yawning/secp256k1-voi v0.0.0-20230925100816-f2616030848b // indirect 58 - gitlab.com/yawning/tuplehash v0.0.0-20230713102510-df83abbf9a02 // indirect 59 56 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect 60 57 go.opentelemetry.io/otel v1.21.0 // indirect 61 58 go.opentelemetry.io/otel/metric v1.21.0 // indirect ··· 66 63 golang.org/x/crypto v0.22.0 // indirect 67 64 golang.org/x/net v0.24.0 // indirect 68 65 golang.org/x/sys v0.22.0 // indirect 69 - golang.org/x/time v0.5.0 // indirect 70 66 golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect 71 67 google.golang.org/protobuf v1.34.2 // indirect 72 68 lukechampine.com/blake3 v1.2.1 // indirect
-8
go.sum
··· 45 45 github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= 46 46 github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c= 47 47 github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= 48 - github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= 49 - github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= 50 48 github.com/ipfs/bbloom v0.0.4 h1:Gi+8EGJ2y5qiD5FbsbpX/TMNcJw8gSqr7eyjHa4Fhvs= 51 49 github.com/ipfs/bbloom v0.0.4/go.mod h1:cS9YprKXpoZ9lT0n/Mw/a6/aFV6DTjTLYHeA+gyqMG0= 52 50 github.com/ipfs/go-block-format v0.2.0 h1:ZqrkxBA2ICbDRbK8KJs/u0O3dlp6gmAuuXUJNiW1Ycs= ··· 150 148 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 151 149 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 152 150 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= 153 - gitlab.com/yawning/secp256k1-voi v0.0.0-20230925100816-f2616030848b h1:CzigHMRySiX3drau9C6Q5CAbNIApmLdat5jPMqChvDA= 154 - gitlab.com/yawning/secp256k1-voi v0.0.0-20230925100816-f2616030848b/go.mod h1:/y/V339mxv2sZmYYR64O07VuCpdNZqCTwO8ZcouTMI8= 155 - gitlab.com/yawning/tuplehash v0.0.0-20230713102510-df83abbf9a02 h1:qwDnMxjkyLmAFgcfgTnfJrmYKWhHnci3GjDqcZp1M3Q= 156 - gitlab.com/yawning/tuplehash v0.0.0-20230713102510-df83abbf9a02/go.mod h1:JTnUj0mpYiAsuZLmKjTx/ex3AtMowcCgnE7YNyCEP0I= 157 151 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 h1:aFJWCqJMNjENlcleuuOkGAPH82y0yULBScfXcIEdS24= 158 152 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo= 159 153 go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc= ··· 215 209 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= 216 210 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 217 211 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 218 - golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= 219 - golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= 220 212 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 221 213 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 222 214 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+18 -22
server.go
··· 9 9 "strconv" 10 10 "strings" 11 11 12 - "github.com/bluesky-social/indigo/atproto/identity" 13 12 "github.com/bluesky-social/indigo/atproto/syntax" 14 13 "github.com/golang-jwt/jwt/v5" 15 14 ) ··· 97 96 } 98 97 99 98 cursor := params.Get("cursor") 100 - usersDID, err := validateAuth(r) 99 + usersDID, err := getRequestUserDID(r) 101 100 if err != nil { 102 101 slog.Error("validate auth", "error", err) 103 102 http.Error(w, "validate auth", http.StatusUnauthorized) 104 103 return 105 104 } 105 + if usersDID == "" { 106 + slog.Error("missing users DID from request") 107 + http.Error(w, "validate auth", http.StatusUnauthorized) 108 + return 109 + } 106 110 107 111 resp, err := s.feeder.GetFeed(r.Context(), usersDID, feed, cursor, limit) 108 112 if err != nil { ··· 187 191 w.Write(b) 188 192 } 189 193 190 - // this extracts the DID of the user that has made the request from the JWT of the auth header 191 - var directory = identity.DefaultDirectory() 192 - 193 - func validateAuth(r *http.Request) (string, error) { 194 + func getRequestUserDID(r *http.Request) (string, error) { 194 195 headerValues := r.Header["Authorization"] 195 196 if len(headerValues) != 1 { 196 197 return "", fmt.Errorf("missing authorization header") 197 198 } 198 199 token := strings.TrimSpace(strings.Replace(headerValues[0], "Bearer ", "", 1)) 199 - 200 - nsid := strings.Replace(r.URL.Path, "/xrpc/", "", 1) 201 200 202 201 parsedToken, err := jwt.ParseWithClaims(token, jwt.MapClaims{}, func(token *jwt.Token) (interface{}, error) { 203 - did := syntax.DID(token.Claims.(jwt.MapClaims)["iss"].(string)) 204 - identity, err := directory.LookupDID(r.Context(), did) 205 - if err != nil { 206 - return nil, fmt.Errorf("unable to resolve did %s: %s", did, err) 207 - } 208 - key, err := identity.PublicKey() 209 - if err != nil { 210 - return nil, fmt.Errorf("signing key not found for did %s: %s", did, err) 211 - } 212 - return key, nil 202 + return token, nil 213 203 }) 214 204 if err != nil { 215 205 return "", fmt.Errorf("invalid token: %s", err) 216 206 } 217 207 218 - claims := parsedToken.Claims.(jwt.MapClaims) 219 - if claims["lxm"] != nsid { 220 - return "", fmt.Errorf("bad jwt lexicon method (\"lxm\"). must match: %s", nsid) 208 + claims, ok := parsedToken.Claims.(jwt.MapClaims) 209 + if !ok { 210 + return "", fmt.Errorf("token contained no claims") 221 211 } 222 - return claims["iss"].(string), nil 212 + 213 + issVal, ok := claims["iss"].(string) 214 + if !ok { 215 + return "", fmt.Errorf("iss claim missing") 216 + } 217 + 218 + return string(syntax.DID(issVal)), nil 223 219 }