anirudh.fi / atproto-oauth
fork of haileyok/atproto-oauth-golang
fork atom

add option to disable some URL checks

This is useful for local development.

authored by winter.bsky.social and committed by Tangled 5d3e087a 28e66037

options
unified split
Changed files
+18 -13
helpers
generic.go
oauth.go
types.go
+3 -3
helpers/generic.go
··· 36 36 return key, nil 37 37 } 38 38 39 - func IsUrlSafeAndParsed(ustr string) (*url.URL, error) { 39 + func IsUrlSafeAndParsed(ustr string, insecure bool) (*url.URL, error) { 40 40 u, err := url.Parse(ustr) 41 41 if err != nil { 42 42 return nil, err 43 43 } 44 44 45 - if u.Scheme != "https" { 45 + if u.Scheme != "https" && !insecure { 46 46 return nil, fmt.Errorf("input url is not https") 47 47 } 48 48 ··· 54 54 return nil, fmt.Errorf("url user was not empty") 55 55 } 56 56 57 - if u.Port() != "" { 57 + if u.Port() != "" && !insecure { 58 58 return nil, fmt.Errorf("url port was not empty") 59 59 } 60 60
+7 -4
oauth.go
··· 24 24 clientKid string 25 25 clientId string 26 26 redirectUri string 27 + insecure bool 27 28 } 28 29 29 30 type ClientArgs struct { ··· 31 32 ClientJwk jwk.Key 32 33 ClientId string 33 34 RedirectUri string 35 + Insecure bool 34 36 } 35 37 36 38 func NewClient(args ClientArgs) (*Client, error) { ··· 61 63 clientPrivateKey: clientPkey, 62 64 clientId: args.ClientId, 63 65 redirectUri: args.RedirectUri, 66 + insecure: args.Insecure, 64 67 }, nil 65 68 } 66 69 67 70 func (c *Client) ResolvePdsAuthServer(ctx context.Context, ustr string) (string, error) { 68 - u, err := helpers.IsUrlSafeAndParsed(ustr) 71 + u, err := helpers.IsUrlSafeAndParsed(ustr, c.insecure) 69 72 if err != nil { 70 73 return "", err 71 74 } ··· 106 109 } 107 110 108 111 func (c *Client) FetchAuthServerMetadata(ctx context.Context, ustr string) (*OauthAuthorizationMetadata, error) { 109 - u, err := helpers.IsUrlSafeAndParsed(ustr) 112 + u, err := helpers.IsUrlSafeAndParsed(ustr, c.insecure) 110 113 if err != nil { 111 114 return nil, err 112 115 } ··· 139 142 return nil, fmt.Errorf("could not unmarshal authserver metadata: %w", err) 140 143 } 141 144 142 - if err := metadata.Validate(u); err != nil { 145 + if err := metadata.Validate(u, c.insecure); err != nil { 143 146 return nil, fmt.Errorf("could not validate authserver metadata: %w", err) 144 147 } 145 148 ··· 261 264 params.Set("login_hint", loginHint) 262 265 } 263 266 264 - _, err = helpers.IsUrlSafeAndParsed(parUrl) 267 + _, err = helpers.IsUrlSafeAndParsed(parUrl, c.insecure) 265 268 if err != nil { 266 269 return nil, err 267 270 }
+8 -6
types.go
··· 97 97 return nil 98 98 } 99 99 100 - func (oam *OauthAuthorizationMetadata) Validate(fetch_url *url.URL) error { 100 + func (oam *OauthAuthorizationMetadata) Validate(fetch_url *url.URL, insecure bool) error { 101 101 if fetch_url == nil { 102 102 return fmt.Errorf("fetch_url was nil") 103 103 } ··· 111 111 return fmt.Errorf("issuer hostname does not match fetch url hostname") 112 112 } 113 113 114 - if iu.Scheme != "https" { 115 - return fmt.Errorf("issuer url is not https") 116 - } 114 + if !insecure { 115 + if iu.Scheme != "https" { 116 + return fmt.Errorf("issuer url is not https") 117 + } 117 118 118 - if iu.Port() != "" { 119 - return fmt.Errorf("issuer port is not empty") 119 + if iu.Port() != "" { 120 + return fmt.Errorf("issuer port is not empty") 121 + } 120 122 } 121 123 122 124 if iu.Path != "" && iu.Path != "/" {