oppi.li / indigo-ci
porting all github actions from bluesky-social/indigo to tangled CI
fork atom

updates from code review

bnewbold.net c91628aa 2bb06bfb

options
unified split
Changed files
+10 -16
atproto
auth
http_test.go
jwt.go
+6 -12
atproto/auth/http_test.go
··· 11 11 "github.com/bluesky-social/indigo/atproto/syntax" 12 12 13 13 "github.com/stretchr/testify/assert" 14 + "github.com/stretchr/testify/require" 14 15 ) 15 16 16 17 func webHome(w http.ResponseWriter, r *http.Request) { ··· 71 72 72 73 func TestServiceAuthMiddleware(t *testing.T) { 73 74 assert := assert.New(t) 75 + require := require.New(t) 74 76 75 77 iss := syntax.DID("did:example:iss") 76 78 aud := "did:example:aud#svc" 77 79 lxm := syntax.NSID("com.example.api") 78 80 79 81 priv, err := crypto.GeneratePrivateKeyP256() 80 - if err != nil { 81 - t.Fatal(err) 82 - } 82 + require.NoError(err) 83 83 pub, err := priv.PublicKey() 84 - if err != nil { 85 - t.Fatal(err) 86 - } 84 + require.NoError(err) 87 85 88 86 dir := identity.NewMockDirectory() 89 87 dir.Insert(identity.Identity{ ··· 123 121 { 124 122 // mandatory middleware, valid auth 125 123 tok, err := SignServiceAuth(iss, aud, time.Minute, &lxm, priv) 126 - if err != nil { 127 - t.Fatal(err) 128 - } 124 + require.NoError(err) 129 125 req := httptest.NewRequest(http.MethodGet, "/xrpc/com.example.api", nil) 130 126 req.Header.Set("Authorization", "Bearer "+tok) 131 127 middle := v.Middleware(webHome, true) ··· 148 144 { 149 145 // wrong path 150 146 tok, err := SignServiceAuth(iss, aud, time.Minute, &lxm, priv) 151 - if err != nil { 152 - t.Fatal(err) 153 - } 147 + require.NoError(err) 154 148 req := httptest.NewRequest(http.MethodGet, "/xrpc/com.example.other.api", nil) 155 149 req.Header.Set("Authorization", "Bearer "+tok) 156 150 middle := v.Middleware(webHome, true)
+4 -4
atproto/auth/jwt.go
··· 2 2 3 3 import ( 4 4 "context" 5 + "crypto/rand" 5 6 "encoding/base64" 6 7 "errors" 7 8 "fmt" 8 9 "log/slog" 9 - "math/rand" 10 10 "time" 11 11 12 12 "github.com/bluesky-social/indigo/atproto/crypto" ··· 91 91 return func(token *jwt.Token) (any, error) { 92 92 claims, ok := token.Claims.(*serviceAuthClaims) 93 93 if !ok { 94 - return nil, fmt.Errorf("%w: missing 'iss'", jwt.ErrTokenInvalidClaims) 94 + return nil, jwt.ErrTokenInvalidClaims 95 95 } 96 96 iss, err := claims.GetIssuer() 97 97 if err != nil { 98 - return nil, fmt.Errorf("%w: missing 'iss'", jwt.ErrTokenInvalidClaims) 98 + return nil, fmt.Errorf("%w: missing 'iss' claim", jwt.ErrTokenInvalidIssuer) 99 99 } 100 100 did, err := syntax.ParseDID(iss) 101 101 if err != nil { ··· 139 139 case *crypto.PrivateKeyK256: 140 140 sm = signingMethodES256K 141 141 default: 142 - return "", fmt.Errorf("unknown signing key type") 142 + return "", fmt.Errorf("unknown signing key type: %T", priv) 143 143 } 144 144 145 145 token := jwt.NewWithClaims(sm, claims)