aljaz/ditto
1
0
Fork 0
mirror of https://github.com/aljazceru/ditto.git synced 2025-12-25 09:14:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove uneeded session ID from auth token

Browse Source
This commit is contained in:
Alex Gleason
2023-08-28 13:00:00 -05:00
parent f25284daa9
commit e8a7dfef2b
4 changed files with 9 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/controllers/api/oauth.ts
View File

@@ -88,7 +88,7 @@ const oauthController: AppController = (c) => {
</head>
<body>
<form id="oauth_form" action="/oauth/authorize" method="post">
<input type="text" placeholder="npub1... or nsec1..." name="nip19" autocomplete="off">
<input type="text" placeholder="npub1... or nsec1..." name="nip19" autocomplete="off">
<input type="hidden" name="pubkey" id="pubkey" value="">
<input type="hidden" name="redirect_uri" id="redirect_uri" value="${lodash.escape(redirectUri)}">
<button type="submit">Authorize</button>
@@ -137,19 +137,12 @@ const oauthAuthorizeController: AppController = async (c) => {
// Parsed FormData values.
const { pubkey, nip19: nip19id, redirect_uri: redirectUri } = result.data;
/**
* Normally the auth token is just an npub, which is public information.
* The sessionId helps us know that Request "B" and Request "A" came from the same person.
* Useful for sending websocket events to the correct client.
*/
const sessionId: string = uuid62.v4();
if (pubkey) {
const encoded = nip19.npubEncode(pubkey!);
const url = addCodeToRedirectUri(redirectUri, `${encoded}_${sessionId}`);
const url = addCodeToRedirectUri(redirectUri, encoded);
return c.redirect(url);
} else if (nip19id) {
const url = addCodeToRedirectUri(redirectUri, `${nip19id}_${sessionId}`);
const url = addCodeToRedirectUri(redirectUri, nip19id);
return c.redirect(url);
}

7
src/controllers/api/streaming.ts
View File

@@ -1,7 +1,6 @@
import { AppController } from '@/app.ts';
import { z } from '@/deps.ts';
import { type AppController } from '@/app.ts';
import { nip19, z } from '@/deps.ts';
import { type DittoFilter } from '@/filter.ts';
import { TOKEN_REGEX } from '@/middleware/auth19.ts';
import { Sub } from '@/subs.ts';
import { toStatus } from '@/transformers/nostr-to-mastoapi.ts';
@@ -39,7 +38,7 @@ const streamingController: AppController = (c) => {
return c.json({ error: 'Missing access token' }, 401);
}
const match = token.match(new RegExp(`^${TOKEN_REGEX.source}$`));
const match = token.match(new RegExp(`^${nip19.BECH32_REGEX.source}$`));
if (!match) {
return c.json({ error: 'Invalid access token' }, 401);
}