From 77eddea3aff27ffebf53d2341609221d4c1924e7 Mon Sep 17 00:00:00 2001 From: kim Date: Fri, 6 Jun 2025 15:14:37 +0200 Subject: [chore] updates code.superseriousbusiness.org/oauth2/v4 to ssb-v4.5.3-1 (#4245) A brief note on the above change: Go does not seem to like version tagging outside of `v?[0-9\.]` formatting, so it translates `ssb-v4.5.3-1` to `v4.5.4-0.20250606121655-9d54ef189d42` and as such sees it as a "downgrade" compared to the previous `v4.9.0`. which functionally isn't a problem, everything still behaves as it should, but it means people can't just run `go get repo@latest` for this particular dependency. Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4245 Co-authored-by: kim Co-committed-by: kim --- .../oauth2/v4/generates/access.go | 76 +++++++++++----------- .../oauth2/v4/generates/authorize.go | 60 ++++++++--------- .../oauth2/v4/generates/jwt_access.go | 22 +++++-- 3 files changed, 84 insertions(+), 74 deletions(-) (limited to 'vendor/code.superseriousbusiness.org/oauth2/v4/generates') diff --git a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/access.go b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/access.go index 972b5dce1..ca66f840a 100644 --- a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/access.go +++ b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/access.go @@ -1,38 +1,38 @@ -package generates - -import ( - "bytes" - "context" - "encoding/base64" - "strconv" - "strings" - - "code.superseriousbusiness.org/oauth2/v4" - "github.com/google/uuid" -) - -// NewAccessGenerate create to generate the access token instance -func NewAccessGenerate() *AccessGenerate { - return &AccessGenerate{} -} - -// AccessGenerate generate the access token -type AccessGenerate struct { -} - -// Token based on the UUID generated token -func (ag *AccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic, isGenRefresh bool) (string, string, error) { - buf := bytes.NewBufferString(data.Client.GetID()) - buf.WriteString(data.UserID) - buf.WriteString(strconv.FormatInt(data.CreateAt.UnixNano(), 10)) - - access := base64.URLEncoding.EncodeToString([]byte(uuid.NewMD5(uuid.Must(uuid.NewRandom()), buf.Bytes()).String())) - access = strings.ToUpper(strings.TrimRight(access, "=")) - refresh := "" - if isGenRefresh { - refresh = base64.URLEncoding.EncodeToString([]byte(uuid.NewSHA1(uuid.Must(uuid.NewRandom()), buf.Bytes()).String())) - refresh = strings.ToUpper(strings.TrimRight(refresh, "=")) - } - - return access, refresh, nil -} +package generates + +import ( + "bytes" + "context" + "encoding/base64" + "strconv" + "strings" + + "code.superseriousbusiness.org/oauth2/v4" + "github.com/google/uuid" +) + +// NewAccessGenerate create to generate the access token instance +func NewAccessGenerate() *AccessGenerate { + return &AccessGenerate{} +} + +// AccessGenerate generate the access token +type AccessGenerate struct { +} + +// Token based on the UUID generated token +func (ag *AccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic, isGenRefresh bool) (string, string, error) { + buf := bytes.NewBufferString(data.Client.GetID()) + buf.WriteString(data.UserID) + buf.WriteString(strconv.FormatInt(data.CreateAt.UnixNano(), 10)) + + access := base64.URLEncoding.EncodeToString([]byte(uuid.NewMD5(uuid.Must(uuid.NewRandom()), buf.Bytes()).String())) + access = strings.ToUpper(strings.TrimRight(access, "=")) + refresh := "" + if isGenRefresh { + refresh = base64.URLEncoding.EncodeToString([]byte(uuid.NewSHA1(uuid.Must(uuid.NewRandom()), buf.Bytes()).String())) + refresh = strings.ToUpper(strings.TrimRight(refresh, "=")) + } + + return access, refresh, nil +} diff --git a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/authorize.go b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/authorize.go index 9d8f3fb45..0a4784903 100644 --- a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/authorize.go +++ b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/authorize.go @@ -1,30 +1,30 @@ -package generates - -import ( - "bytes" - "context" - "encoding/base64" - "strings" - - "code.superseriousbusiness.org/oauth2/v4" - "github.com/google/uuid" -) - -// NewAuthorizeGenerate create to generate the authorize code instance -func NewAuthorizeGenerate() *AuthorizeGenerate { - return &AuthorizeGenerate{} -} - -// AuthorizeGenerate generate the authorize code -type AuthorizeGenerate struct{} - -// Token based on the UUID generated token -func (ag *AuthorizeGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic) (string, error) { - buf := bytes.NewBufferString(data.Client.GetID()) - buf.WriteString(data.UserID) - token := uuid.NewMD5(uuid.Must(uuid.NewRandom()), buf.Bytes()) - code := base64.URLEncoding.EncodeToString([]byte(token.String())) - code = strings.ToUpper(strings.TrimRight(code, "=")) - - return code, nil -} +package generates + +import ( + "bytes" + "context" + "encoding/base64" + "strings" + + "code.superseriousbusiness.org/oauth2/v4" + "github.com/google/uuid" +) + +// NewAuthorizeGenerate create to generate the authorize code instance +func NewAuthorizeGenerate() *AuthorizeGenerate { + return &AuthorizeGenerate{} +} + +// AuthorizeGenerate generate the authorize code +type AuthorizeGenerate struct{} + +// Token based on the UUID generated token +func (ag *AuthorizeGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic) (string, error) { + buf := bytes.NewBufferString(data.Client.GetID()) + buf.WriteString(data.UserID) + token := uuid.NewMD5(uuid.Must(uuid.NewRandom()), buf.Bytes()) + code := base64.URLEncoding.EncodeToString([]byte(token.String())) + code = strings.ToUpper(strings.TrimRight(code, "=")) + + return code, nil +} diff --git a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go index 57c2950f0..10021812b 100644 --- a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go +++ b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go @@ -8,18 +8,18 @@ import ( "code.superseriousbusiness.org/oauth2/v4" "code.superseriousbusiness.org/oauth2/v4/errors" - "github.com/golang-jwt/jwt" + "github.com/golang-jwt/jwt/v5" "github.com/google/uuid" ) // JWTAccessClaims jwt claims type JWTAccessClaims struct { - jwt.StandardClaims + jwt.RegisteredClaims } // Valid claims verification func (a *JWTAccessClaims) Valid() error { - if time.Unix(a.ExpiresAt, 0).Before(time.Now()) { + if a.ExpiresAt != nil && time.Unix(a.ExpiresAt.Unix(), 0).Before(time.Now()) { return errors.ErrInvalidAccessToken } return nil @@ -44,10 +44,10 @@ type JWTAccessGenerate struct { // Token based on the UUID generated token func (a *JWTAccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic, isGenRefresh bool) (string, string, error) { claims := &JWTAccessClaims{ - StandardClaims: jwt.StandardClaims{ - Audience: data.Client.GetID(), + RegisteredClaims: jwt.RegisteredClaims{ + Audience: jwt.ClaimStrings{data.Client.GetID()}, Subject: data.UserID, - ExpiresAt: data.TokenInfo.GetAccessCreateAt().Add(data.TokenInfo.GetAccessExpiresIn()).Unix(), + ExpiresAt: jwt.NewNumericDate(data.TokenInfo.GetAccessCreateAt().Add(data.TokenInfo.GetAccessExpiresIn())), }, } @@ -70,6 +70,12 @@ func (a *JWTAccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasi key = v } else if a.isHs() { key = a.SignedKey + } else if a.isEd() { + v, err := jwt.ParseEdPrivateKeyFromPEM(a.SignedKey) + if err != nil { + return "", "", err + } + key = v } else { return "", "", errors.New("unsupported sign method") } @@ -102,3 +108,7 @@ func (a *JWTAccessGenerate) isRsOrPS() bool { func (a *JWTAccessGenerate) isHs() bool { return strings.HasPrefix(a.SignedMethod.Alg(), "HS") } + +func (a *JWTAccessGenerate) isEd() bool { + return strings.HasPrefix(a.SignedMethod.Alg(), "Ed") +} -- cgit v1.3