oppi.li / indigo
fork of indigo with slightly nicer lexgen
fork atom

http.Request has context; start tweaking service auth

bnewbold.net 09ee990d 99823eb2

options
unified split
Changed files
+46 -7
atproto
client
admin_auth.go
api_client.go
auth_method.go
refresh_auth.go
service_auth.go
+1 -2
atproto/client/admin_auth.go
··· 1 1 package client 2 2 3 3 import ( 4 - "context" 5 4 "encoding/base64" 6 5 "net/http" 7 6 ··· 17 16 return AdminAuth{basicAuthHeader: header} 18 17 } 19 18 20 - func (a *AdminAuth) DoWithAuth(ctx context.Context, req *http.Request, httpClient *http.Client) (*http.Response, error) { 19 + func (a *AdminAuth) DoWithAuth(req *http.Request, httpClient *http.Client) (*http.Response, error) { 21 20 req.Header.Set("Authorization", a.basicAuthHeader) 22 21 return httpClient.Do(req) 23 22 }
+1 -1
atproto/client/api_client.go
··· 108 108 109 109 var resp *http.Response 110 110 if c.Auth != nil { 111 - resp, err = c.Auth.DoWithAuth(ctx, httpReq, c.HTTPClient) 111 + resp, err = c.Auth.DoWithAuth(httpReq, c.HTTPClient) 112 112 } else { 113 113 resp, err = c.HTTPClient.Do(httpReq) 114 114 }
+1 -2
atproto/client/auth_method.go
··· 1 1 package client 2 2 3 3 import ( 4 - "context" 5 4 "net/http" 6 5 7 6 "github.com/bluesky-social/indigo/atproto/syntax" 8 7 ) 9 8 10 9 type AuthMethod interface { 11 - DoWithAuth(ctx context.Context, httpReq *http.Request, httpClient *http.Client) (*http.Response, error) 10 + DoWithAuth(httpReq *http.Request, httpClient *http.Client) (*http.Response, error) 12 11 AccountDID() syntax.DID 13 12 }
+1 -2
atproto/client/refresh_auth.go
··· 1 1 package client 2 2 3 3 import ( 4 - "context" 5 4 "net/http" 6 5 7 6 "github.com/bluesky-social/indigo/atproto/syntax" ··· 18 17 // TODO: 19 18 //func NewRefreshAuth(pdsHost, accountIdentifier, password string) (*RefreshAuth, error) { 20 19 21 - func (a *RefreshAuth) DoWithAuth(ctx context.Context, httpReq *http.Request, httpClient *http.Client) (*http.Response, error) { 20 + func (a *RefreshAuth) DoWithAuth(httpReq *http.Request, httpClient *http.Client) (*http.Response, error) { 22 21 httpReq.Header.Set("Authorization", "Bearer "+a.AccessToken) 23 22 // XXX: check response. if it is 403, because access token is expired, then take a lock and do a refresh 24 23 // TODO: when doing a refresh request, copy at least the User-Agent header from httpReq, and re-use httpClient
+42
atproto/client/service_auth.go
··· 1 + package client 2 + 3 + import ( 4 + "net/http" 5 + "time" 6 + 7 + "github.com/bluesky-social/indigo/atproto/crypto" 8 + "github.com/bluesky-social/indigo/atproto/syntax" 9 + ) 10 + 11 + // used for inter-service requests, using JWTs 12 + type ServiceAuth struct { 13 + // account DID 14 + Issuer syntax.DID 15 + // optionally, service context 16 + IssuerFrag string 17 + Duration time.Duration 18 + SigningKey *crypto.PrivateKey 19 + } 20 + 21 + func NewServiceAuth(issuer syntax.DID, frag string, key *crypto.PrivateKey) ServiceAuth { 22 + return ServiceAuth{ 23 + Issuer: issuer, 24 + IssuerFrag: frag, 25 + Duration: time.Second * 30, 26 + SigningKey: key, 27 + } 28 + } 29 + 30 + func (a *ServiceAuth) DoWithAuth(req *http.Request, httpClient *http.Client) (*http.Response, error) { 31 + // TODO: detect audience from request headers (atproto-proxy) 32 + // TODO: extract endpoint (LXM) from request 33 + 34 + thing := "" 35 + req.Header.Set("Authorization", "Bearer "+thing) 36 + return httpClient.Do(req) 37 + } 38 + 39 + // Admin bearer token auth does not involve an account DID 40 + func (a *ServiceAuth) AccountDID() syntax.DID { 41 + return a.Issuer 42 + }