willdot.net / cocoon
forked from hailey.at/cocoon
An atproto PDS written in Go
fork atom

fix: use float for expiration in service auth request

hailey.at 5f0d713f 4c6db2f1

options
unified split
Changed files
+8 -6
server
handle_server_get_service_auth.go
+8 -6
server/handle_server_get_service_auth.go
··· 19 20 type ServerGetServiceAuthRequest struct { 21 Aud string `query:"aud" validate:"required,atproto-did"` 22 - Exp int64 `query:"exp"` 23 - Lxm string `query:"lxm" validate:"required,atproto-nsid"` 24 } 25 26 func (s *Server) handleServerGetServiceAuth(e echo.Context) error { ··· 34 return helpers.InputError(e, nil) 35 } 36 37 now := time.Now().Unix() 38 - if req.Exp == 0 { 39 - req.Exp = now + 60 // default 40 } 41 42 if req.Lxm == "com.atproto.server.getServiceAuth" { ··· 44 } 45 46 maxExp := now + (60 * 30) 47 - if req.Exp > maxExp { 48 return helpers.InputError(e, to.StringPtr("expiration too big. smoller please")) 49 } 50 ··· 68 "aud": req.Aud, 69 "lxm": req.Lxm, 70 "jti": uuid.NewString(), 71 - "exp": req.Exp, 72 "iat": now, 73 } 74 pj, err := json.Marshal(payload)
··· 19 20 type ServerGetServiceAuthRequest struct { 21 Aud string `query:"aud" validate:"required,atproto-did"` 22 + // exp should be a float, as some clients will send a non-integer expiration 23 + Exp float64 `query:"exp"` 24 + Lxm string `query:"lxm" validate:"required,atproto-nsid"` 25 } 26 27 func (s *Server) handleServerGetServiceAuth(e echo.Context) error { ··· 35 return helpers.InputError(e, nil) 36 } 37 38 + exp := int64(req.Exp) 39 now := time.Now().Unix() 40 + if exp == 0 { 41 + exp = now + 60 // default 42 } 43 44 if req.Lxm == "com.atproto.server.getServiceAuth" { ··· 46 } 47 48 maxExp := now + (60 * 30) 49 + if exp > maxExp { 50 return helpers.InputError(e, to.StringPtr("expiration too big. smoller please")) 51 } 52 ··· 70 "aud": req.Aud, 71 "lxm": req.Lxm, 72 "jti": uuid.NewString(), 73 + "exp": exp, 74 "iat": now, 75 } 76 pj, err := json.Marshal(payload)