willdot.net / cocoon
forked from hailey.at/cocoon
An atproto PDS written in Go
fork atom

fix: prevent nil pointer crash in ES256K token verification (#49)

authored by Scan and committed by GitHub 05a3665a 109c855e

options
unified split
Changed files
+15
server
middleware.go
+15
server/middleware.go
··· 123 123 rr, _ := secp256k1.NewScalarFromBytes((*[32]byte)(rBytes)) 124 124 ss, _ := secp256k1.NewScalarFromBytes((*[32]byte)(sBytes)) 125 125 126 + if repo == nil { 127 + sub, ok := claims["sub"].(string) 128 + if !ok { 129 + s.logger.Error("no sub claim in ES256K token and repo not set") 130 + return helpers.InvalidTokenError(e) 131 + } 132 + maybeRepo, err := s.getRepoActorByDid(ctx, sub) 133 + if err != nil { 134 + s.logger.Error("error fetching repo for ES256K verification", "error", err) 135 + return helpers.ServerError(e, nil) 136 + } 137 + repo = maybeRepo 138 + did = sub 139 + } 140 + 126 141 sk, err := secp256k1secec.NewPrivateKey(repo.SigningKey) 127 142 if err != nil { 128 143 s.logger.Error("can't load private key", "error", err)