From 77eddea3aff27ffebf53d2341609221d4c1924e7 Mon Sep 17 00:00:00 2001
From: kim <grufwub@gmail.com>
Date: Fri, 6 Jun 2025 15:14:37 +0200
Subject: [chore] updates code.superseriousbusiness.org/oauth2/v4 to
 ssb-v4.5.3-1 (#4245)

A brief note on the above change: Go does not seem to like version tagging outside of `v?[0-9\.]` formatting, so it translates `ssb-v4.5.3-1` to `v4.5.4-0.20250606121655-9d54ef189d42` and as such sees it as a "downgrade" compared to the previous `v4.9.0`. which functionally isn't a problem, everything still behaves as it should, but it means people can't just run `go get repo@latest` for this particular dependency.

Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4245
Co-authored-by: kim <grufwub@gmail.com>
Co-committed-by: kim <grufwub@gmail.com>
---
 .../oauth2/v4/generates/jwt_access.go              | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

(limited to 'vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go')

diff --git a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go
index 57c2950f0..10021812b 100644
--- a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go
+++ b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go
@@ -8,18 +8,18 @@ import (
 
 	"code.superseriousbusiness.org/oauth2/v4"
 	"code.superseriousbusiness.org/oauth2/v4/errors"
-	"github.com/golang-jwt/jwt"
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/google/uuid"
 )
 
 // JWTAccessClaims jwt claims
 type JWTAccessClaims struct {
-	jwt.StandardClaims
+	jwt.RegisteredClaims
 }
 
 // Valid claims verification
 func (a *JWTAccessClaims) Valid() error {
-	if time.Unix(a.ExpiresAt, 0).Before(time.Now()) {
+	if a.ExpiresAt != nil && time.Unix(a.ExpiresAt.Unix(), 0).Before(time.Now()) {
 		return errors.ErrInvalidAccessToken
 	}
 	return nil
@@ -44,10 +44,10 @@ type JWTAccessGenerate struct {
 // Token based on the UUID generated token
 func (a *JWTAccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic, isGenRefresh bool) (string, string, error) {
 	claims := &JWTAccessClaims{
-		StandardClaims: jwt.StandardClaims{
-			Audience:  data.Client.GetID(),
+		RegisteredClaims: jwt.RegisteredClaims{
+			Audience:  jwt.ClaimStrings{data.Client.GetID()},
 			Subject:   data.UserID,
-			ExpiresAt: data.TokenInfo.GetAccessCreateAt().Add(data.TokenInfo.GetAccessExpiresIn()).Unix(),
+			ExpiresAt: jwt.NewNumericDate(data.TokenInfo.GetAccessCreateAt().Add(data.TokenInfo.GetAccessExpiresIn())),
 		},
 	}
 
@@ -70,6 +70,12 @@ func (a *JWTAccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasi
 		key = v
 	} else if a.isHs() {
 		key = a.SignedKey
+	} else if a.isEd() {
+		v, err := jwt.ParseEdPrivateKeyFromPEM(a.SignedKey)
+		if err != nil {
+			return "", "", err
+		}
+		key = v
 	} else {
 		return "", "", errors.New("unsupported sign method")
 	}
@@ -102,3 +108,7 @@ func (a *JWTAccessGenerate) isRsOrPS() bool {
 func (a *JWTAccessGenerate) isHs() bool {
 	return strings.HasPrefix(a.SignedMethod.Alg(), "HS")
 }
+
+func (a *JWTAccessGenerate) isEd() bool {
+	return strings.HasPrefix(a.SignedMethod.Alg(), "Ed")
+}
-- 
cgit v1.2.3