diff options
| author |  kim <grufwub@gmail.com> | 2025-06-06 15:14:37 +0200 |
|---|---|---|
| committer |  kim <gruf@noreply.codeberg.org> | 2025-06-06 15:14:37 +0200 |
| commit | 77eddea3aff27ffebf53d2341609221d4c1924e7 (patch) | |
| tree | 27ca0c930f93c12d2e36ea083c6dbf1eef8521b1 /vendor/code.superseriousbusiness.org/oauth2/v4/generates | |
| parent | [chore] blocklist -> allowlist config typo fix (#4242) (diff) | |
| download | gotosocial-77eddea3aff27ffebf53d2341609221d4c1924e7.tar.xz | |
[chore] updates code.superseriousbusiness.org/oauth2/v4 to ssb-v4.5.3-1 (#4245)
A brief note on the above change: Go does not seem to like version tagging outside of `v?[0-9\.]` formatting, so it translates `ssb-v4.5.3-1` to `v4.5.4-0.20250606121655-9d54ef189d42` and as such sees it as a "downgrade" compared to the previous `v4.9.0`. which functionally isn't a problem, everything still behaves as it should, but it means people can't just run `go get repo@latest` for this particular dependency.
Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4245
Co-authored-by: kim <grufwub@gmail.com>
Co-committed-by: kim <grufwub@gmail.com>
Diffstat (limited to 'vendor/code.superseriousbusiness.org/oauth2/v4/generates')
3 files changed, 84 insertions, 74 deletions
diff --git a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/access.go b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/access.go index 972b5dce1..ca66f840a 100644 --- a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/access.go +++ b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/access.go @@ -1,38 +1,38 @@ -package generates - -import ( - "bytes" - "context" - "encoding/base64" - "strconv" - "strings" - - "code.superseriousbusiness.org/oauth2/v4" - "github.com/google/uuid" -) - -// NewAccessGenerate create to generate the access token instance -func NewAccessGenerate() *AccessGenerate { - return &AccessGenerate{} -} - -// AccessGenerate generate the access token -type AccessGenerate struct { -} - -// Token based on the UUID generated token -func (ag *AccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic, isGenRefresh bool) (string, string, error) { - buf := bytes.NewBufferString(data.Client.GetID()) - buf.WriteString(data.UserID) - buf.WriteString(strconv.FormatInt(data.CreateAt.UnixNano(), 10)) - - access := base64.URLEncoding.EncodeToString([]byte(uuid.NewMD5(uuid.Must(uuid.NewRandom()), buf.Bytes()).String())) - access = strings.ToUpper(strings.TrimRight(access, "=")) - refresh := "" - if isGenRefresh { - refresh = base64.URLEncoding.EncodeToString([]byte(uuid.NewSHA1(uuid.Must(uuid.NewRandom()), buf.Bytes()).String())) - refresh = strings.ToUpper(strings.TrimRight(refresh, "=")) - } - - return access, refresh, nil -} +package generates
+
+import (
+ "bytes"
+ "context"
+ "encoding/base64"
+ "strconv"
+ "strings"
+
+ "code.superseriousbusiness.org/oauth2/v4"
+ "github.com/google/uuid"
+)
+
+// NewAccessGenerate create to generate the access token instance
+func NewAccessGenerate() *AccessGenerate {
+ return &AccessGenerate{}
+}
+
+// AccessGenerate generate the access token
+type AccessGenerate struct {
+}
+
+// Token based on the UUID generated token
+func (ag *AccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic, isGenRefresh bool) (string, string, error) {
+ buf := bytes.NewBufferString(data.Client.GetID())
+ buf.WriteString(data.UserID)
+ buf.WriteString(strconv.FormatInt(data.CreateAt.UnixNano(), 10))
+
+ access := base64.URLEncoding.EncodeToString([]byte(uuid.NewMD5(uuid.Must(uuid.NewRandom()), buf.Bytes()).String()))
+ access = strings.ToUpper(strings.TrimRight(access, "="))
+ refresh := ""
+ if isGenRefresh {
+ refresh = base64.URLEncoding.EncodeToString([]byte(uuid.NewSHA1(uuid.Must(uuid.NewRandom()), buf.Bytes()).String()))
+ refresh = strings.ToUpper(strings.TrimRight(refresh, "="))
+ }
+
+ return access, refresh, nil
+}
diff --git a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/authorize.go b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/authorize.go index 9d8f3fb45..0a4784903 100644 --- a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/authorize.go +++ b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/authorize.go @@ -1,30 +1,30 @@ -package generates - -import ( - "bytes" - "context" - "encoding/base64" - "strings" - - "code.superseriousbusiness.org/oauth2/v4" - "github.com/google/uuid" -) - -// NewAuthorizeGenerate create to generate the authorize code instance -func NewAuthorizeGenerate() *AuthorizeGenerate { - return &AuthorizeGenerate{} -} - -// AuthorizeGenerate generate the authorize code -type AuthorizeGenerate struct{} - -// Token based on the UUID generated token -func (ag *AuthorizeGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic) (string, error) { - buf := bytes.NewBufferString(data.Client.GetID()) - buf.WriteString(data.UserID) - token := uuid.NewMD5(uuid.Must(uuid.NewRandom()), buf.Bytes()) - code := base64.URLEncoding.EncodeToString([]byte(token.String())) - code = strings.ToUpper(strings.TrimRight(code, "=")) - - return code, nil -} +package generates
+
+import (
+ "bytes"
+ "context"
+ "encoding/base64"
+ "strings"
+
+ "code.superseriousbusiness.org/oauth2/v4"
+ "github.com/google/uuid"
+)
+
+// NewAuthorizeGenerate create to generate the authorize code instance
+func NewAuthorizeGenerate() *AuthorizeGenerate {
+ return &AuthorizeGenerate{}
+}
+
+// AuthorizeGenerate generate the authorize code
+type AuthorizeGenerate struct{}
+
+// Token based on the UUID generated token
+func (ag *AuthorizeGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic) (string, error) {
+ buf := bytes.NewBufferString(data.Client.GetID())
+ buf.WriteString(data.UserID)
+ token := uuid.NewMD5(uuid.Must(uuid.NewRandom()), buf.Bytes())
+ code := base64.URLEncoding.EncodeToString([]byte(token.String()))
+ code = strings.ToUpper(strings.TrimRight(code, "="))
+
+ return code, nil
+}
diff --git a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go index 57c2950f0..10021812b 100644 --- a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go +++ b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go @@ -8,18 +8,18 @@ import ( "code.superseriousbusiness.org/oauth2/v4" "code.superseriousbusiness.org/oauth2/v4/errors" - "github.com/golang-jwt/jwt" + "github.com/golang-jwt/jwt/v5" "github.com/google/uuid" ) // JWTAccessClaims jwt claims type JWTAccessClaims struct { - jwt.StandardClaims + jwt.RegisteredClaims } // Valid claims verification func (a *JWTAccessClaims) Valid() error { - if time.Unix(a.ExpiresAt, 0).Before(time.Now()) { + if a.ExpiresAt != nil && time.Unix(a.ExpiresAt.Unix(), 0).Before(time.Now()) { return errors.ErrInvalidAccessToken } return nil @@ -44,10 +44,10 @@ type JWTAccessGenerate struct { // Token based on the UUID generated token func (a *JWTAccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic, isGenRefresh bool) (string, string, error) { claims := &JWTAccessClaims{ - StandardClaims: jwt.StandardClaims{ - Audience: data.Client.GetID(), + RegisteredClaims: jwt.RegisteredClaims{ + Audience: jwt.ClaimStrings{data.Client.GetID()}, Subject: data.UserID, - ExpiresAt: data.TokenInfo.GetAccessCreateAt().Add(data.TokenInfo.GetAccessExpiresIn()).Unix(), + ExpiresAt: jwt.NewNumericDate(data.TokenInfo.GetAccessCreateAt().Add(data.TokenInfo.GetAccessExpiresIn())), }, } @@ -70,6 +70,12 @@ func (a *JWTAccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasi key = v } else if a.isHs() { key = a.SignedKey + } else if a.isEd() { + v, err := jwt.ParseEdPrivateKeyFromPEM(a.SignedKey) + if err != nil { + return "", "", err + } + key = v } else { return "", "", errors.New("unsupported sign method") } @@ -102,3 +108,7 @@ func (a *JWTAccessGenerate) isRsOrPS() bool { func (a *JWTAccessGenerate) isHs() bool { return strings.HasPrefix(a.SignedMethod.Alg(), "HS") } + +func (a *JWTAccessGenerate) isEd() bool { + return strings.HasPrefix(a.SignedMethod.Alg(), "Ed") +} |