diff options
| author |  kim <grufwub@gmail.com> | 2025-06-06 15:14:37 +0200 |
|---|---|---|
| committer |  kim <gruf@noreply.codeberg.org> | 2025-06-06 15:14:37 +0200 |
| commit | 77eddea3aff27ffebf53d2341609221d4c1924e7 (patch) | |
| tree | 27ca0c930f93c12d2e36ea083c6dbf1eef8521b1 /vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go | |
| parent | [chore] blocklist -> allowlist config typo fix (#4242) (diff) | |
| download | gotosocial-77eddea3aff27ffebf53d2341609221d4c1924e7.tar.xz | |
[chore] updates code.superseriousbusiness.org/oauth2/v4 to ssb-v4.5.3-1 (#4245)
A brief note on the above change: Go does not seem to like version tagging outside of `v?[0-9\.]` formatting, so it translates `ssb-v4.5.3-1` to `v4.5.4-0.20250606121655-9d54ef189d42` and as such sees it as a "downgrade" compared to the previous `v4.9.0`. which functionally isn't a problem, everything still behaves as it should, but it means people can't just run `go get repo@latest` for this particular dependency.
Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4245
Co-authored-by: kim <grufwub@gmail.com>
Co-committed-by: kim <grufwub@gmail.com>
Diffstat (limited to 'vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go')
| -rw-r--r-- | vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go index 57c2950f0..10021812b 100644 --- a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go +++ b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go @@ -8,18 +8,18 @@ import ( "code.superseriousbusiness.org/oauth2/v4" "code.superseriousbusiness.org/oauth2/v4/errors" - "github.com/golang-jwt/jwt" + "github.com/golang-jwt/jwt/v5" "github.com/google/uuid" ) // JWTAccessClaims jwt claims type JWTAccessClaims struct { - jwt.StandardClaims + jwt.RegisteredClaims } // Valid claims verification func (a *JWTAccessClaims) Valid() error { - if time.Unix(a.ExpiresAt, 0).Before(time.Now()) { + if a.ExpiresAt != nil && time.Unix(a.ExpiresAt.Unix(), 0).Before(time.Now()) { return errors.ErrInvalidAccessToken } return nil @@ -44,10 +44,10 @@ type JWTAccessGenerate struct { // Token based on the UUID generated token func (a *JWTAccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic, isGenRefresh bool) (string, string, error) { claims := &JWTAccessClaims{ - StandardClaims: jwt.StandardClaims{ - Audience: data.Client.GetID(), + RegisteredClaims: jwt.RegisteredClaims{ + Audience: jwt.ClaimStrings{data.Client.GetID()}, Subject: data.UserID, - ExpiresAt: data.TokenInfo.GetAccessCreateAt().Add(data.TokenInfo.GetAccessExpiresIn()).Unix(), + ExpiresAt: jwt.NewNumericDate(data.TokenInfo.GetAccessCreateAt().Add(data.TokenInfo.GetAccessExpiresIn())), }, } @@ -70,6 +70,12 @@ func (a *JWTAccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasi key = v } else if a.isHs() { key = a.SignedKey + } else if a.isEd() { + v, err := jwt.ParseEdPrivateKeyFromPEM(a.SignedKey) + if err != nil { + return "", "", err + } + key = v } else { return "", "", errors.New("unsupported sign method") } @@ -102,3 +108,7 @@ func (a *JWTAccessGenerate) isRsOrPS() bool { func (a *JWTAccessGenerate) isHs() bool { return strings.HasPrefix(a.SignedMethod.Alg(), "HS") } + +func (a *JWTAccessGenerate) isEd() bool { + return strings.HasPrefix(a.SignedMethod.Alg(), "Ed") +} |