Remove uneeded session ID from auth token
This commit is contained in:
parent
f25284daa9
commit
e8a7dfef2b
|
@ -53,8 +53,6 @@ interface AppEnv extends HonoEnv {
|
|||
pubkey?: string;
|
||||
/** Hex secret key for the current user. Optional, but easiest way to use legacy Mastodon apps. */
|
||||
seckey?: string;
|
||||
/** UUID from the access token. Used for WebSocket event signing. */
|
||||
session?: string;
|
||||
/** NIP-98 signed event proving the pubkey is owned by the user. */
|
||||
proof?: Event<27235>;
|
||||
};
|
||||
|
|
|
@ -88,7 +88,7 @@ const oauthController: AppController = (c) => {
|
|||
</head>
|
||||
<body>
|
||||
<form id="oauth_form" action="/oauth/authorize" method="post">
|
||||
<input type="text" placeholder="npub1... or nsec1..." name="nip19" autocomplete="off">
|
||||
<input type="text" placeholder="npub1... or nsec1..." name="nip19" autocomplete="off">
|
||||
<input type="hidden" name="pubkey" id="pubkey" value="">
|
||||
<input type="hidden" name="redirect_uri" id="redirect_uri" value="${lodash.escape(redirectUri)}">
|
||||
<button type="submit">Authorize</button>
|
||||
|
@ -137,19 +137,12 @@ const oauthAuthorizeController: AppController = async (c) => {
|
|||
// Parsed FormData values.
|
||||
const { pubkey, nip19: nip19id, redirect_uri: redirectUri } = result.data;
|
||||
|
||||
/**
|
||||
* Normally the auth token is just an npub, which is public information.
|
||||
* The sessionId helps us know that Request "B" and Request "A" came from the same person.
|
||||
* Useful for sending websocket events to the correct client.
|
||||
*/
|
||||
const sessionId: string = uuid62.v4();
|
||||
|
||||
if (pubkey) {
|
||||
const encoded = nip19.npubEncode(pubkey!);
|
||||
const url = addCodeToRedirectUri(redirectUri, `${encoded}_${sessionId}`);
|
||||
const url = addCodeToRedirectUri(redirectUri, encoded);
|
||||
return c.redirect(url);
|
||||
} else if (nip19id) {
|
||||
const url = addCodeToRedirectUri(redirectUri, `${nip19id}_${sessionId}`);
|
||||
const url = addCodeToRedirectUri(redirectUri, nip19id);
|
||||
return c.redirect(url);
|
||||
}
|
||||
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
import { AppController } from '@/app.ts';
|
||||
import { z } from '@/deps.ts';
|
||||
import { type AppController } from '@/app.ts';
|
||||
import { nip19, z } from '@/deps.ts';
|
||||
import { type DittoFilter } from '@/filter.ts';
|
||||
import { TOKEN_REGEX } from '@/middleware/auth19.ts';
|
||||
import { Sub } from '@/subs.ts';
|
||||
import { toStatus } from '@/transformers/nostr-to-mastoapi.ts';
|
||||
|
||||
|
@ -39,7 +38,7 @@ const streamingController: AppController = (c) => {
|
|||
return c.json({ error: 'Missing access token' }, 401);
|
||||
}
|
||||
|
||||
const match = token.match(new RegExp(`^${TOKEN_REGEX.source}$`));
|
||||
const match = token.match(new RegExp(`^${nip19.BECH32_REGEX.source}$`));
|
||||
if (!match) {
|
||||
return c.json({ error: 'Invalid access token' }, 401);
|
||||
}
|
||||
|
|
|
@ -1,10 +1,8 @@
|
|||
import { type AppMiddleware } from '@/app.ts';
|
||||
import { getPublicKey, HTTPException, nip19 } from '@/deps.ts';
|
||||
|
||||
/** The token includes a Bech32 Nostr ID (npub, nsec, etc) and an optional session ID. */
|
||||
const TOKEN_REGEX = new RegExp(`(${nip19.BECH32_REGEX.source})(?:_(\\w+))?`);
|
||||
/** We only accept "Bearer" type. */
|
||||
const BEARER_REGEX = new RegExp(`^Bearer (${TOKEN_REGEX.source})$`);
|
||||
const BEARER_REGEX = new RegExp(`^Bearer (${nip19.BECH32_REGEX.source})$`);
|
||||
|
||||
/** NIP-19 auth middleware. */
|
||||
const auth19: AppMiddleware = async (c, next) => {
|
||||
|
@ -12,8 +10,7 @@ const auth19: AppMiddleware = async (c, next) => {
|
|||
const match = authHeader?.match(BEARER_REGEX);
|
||||
|
||||
if (match) {
|
||||
const [_, _token, bech32, session] = match;
|
||||
c.set('session', session);
|
||||
const [_, bech32] = match;
|
||||
|
||||
try {
|
||||
const decoded = nip19.decode(bech32!);
|
||||
|
@ -47,4 +44,4 @@ const requireAuth: AppMiddleware = async (c, next) => {
|
|||
await next();
|
||||
};
|
||||
|
||||
export { auth19, requireAuth, TOKEN_REGEX };
|
||||
export { auth19, requireAuth };
|
||||
|
|
Loading…
Reference in New Issue