whyrusleeping / algoz Goto Github PK
View Code? Open in Web Editor NEWBluesky custom algo hacking
License: MIT License
Bluesky custom algo hacking
License: MIT License
I'm trying to write some bsky go code to verify a JWT, and I'm having some issues with it validating the signature. My code looks like this:
type jwtBody struct {
UserDID string `json:"sub"`
ServiceDID string `json:"aud"`
Expiry int64 `json:"exp,omitempty"`
}
func ValidateAuthentication(ctx context.Context, r *http.Request) error {
authHeader := r.Header.Get("authorization")
jwt := ""
if strings.HasPrefix(strings.ToLower(authHeader), "bearer ") {
jwt = authHeader[len("bearer "):]
}
jwtParts := strings.Split(jwt, ".")
encodedJWTBody, jwtSignature := jwtParts[1], jwtParts[2]
decoded, err := base64.StdEncoding.DecodeString(encodedJWTBody)
if err != nil {
return err
}
var body jwtBody
if err = json.Unmarshal(decoded, &body); err != nil {
return err
}
ignore := IgnoreJWTExpiration(ctx)
if ignore {
expireTime := time.Unix(body.Expiry, 0)
if body.Expiry > 0 && time.Now().After(expireTime) {
return errors.New("jwt expired")
}
}
resolver := GetResolver(ctx)
did, err := syntax.ParseDID(body.UserDID)
if err != nil {
return err
}
user, err := resolver.LookupDID(ctx, did)
if err != nil {
return err
}
key, err := user.PublicKey()
if err != nil {
return err
}
// rawSig, err := base64.RawStdEncoding.DecodeString(jwtSignature)
// if err != nil {
// return err
// }
return key.HashAndVerifyLenient([]byte(strings.Join(jwtParts[0:2], ".")), []byte(jwtSignature))
}
I was trying to look at your auth_jwt.go
code and I'm having a hard time finding any uses of it. How do the signing methods in that file correlate to a JWT? I appreciate all the help you've given me (@jaygles.bsky.social) on bsky today but thought this might be a better place for it
Hi @whyrusleeping :)
I'm trying to run this code on my VPS, because I love the "Latest From Follows" feed, and would like to write a patch to the ordering (to randomize it every hour or something like that)
However I'm getting confused whether that feed lives in this repo or not, or how it works!
I do see this code that seems to generate it, I just don't see the rest of the feed metadata like description and name.
I am also a bit confused about the difference between publishing a feed's metadata, and serving the actual posts.
I am probably not auth-ing correctly either which may be contributing to the issue.
This is what i'm getting at http://137.184.28.191:3339/xrpc/app.bsky.feed.describeFeedGenerator
when running the server.
(it doesn't seem to include bestoffollows
!)
{"did":"","feeds":[
{"uri":"at://did:plc:wmhp7mubpgafjggwvaxeozmu/app.bsky.feed.generator/upandup"},
{"uri":"at://did:plc:wmhp7mubpgafjggwvaxeozmu/app.bsky.feed.generator/coolstuff"},
{"uri":"at://did:plc:wmhp7mubpgafjggwvaxeozmu/app.bsky.feed.generator/mostpop"},
{"uri":"at://did:plc:wmhp7mubpgafjggwvaxeozmu/app.bsky.feed.generator/cats"},
{"uri":"at://did:plc:wmhp7mubpgafjggwvaxeozmu/app.bsky.feed.generator/dogs"},
{"uri":"at://did:plc:wmhp7mubpgafjggwvaxeozmu/app.bsky.feed.generator/nsfw"},
{"uri":"at://did:plc:wmhp7mubpgafjggwvaxeozmu/app.bsky.feed.generator/seacreatures"},
{"uri":"at://did:plc:wmhp7mubpgafjggwvaxeozmu/app.bsky.feed.generator/flowers"},
{"uri":"at://did:plc:wmhp7mubpgafjggwvaxeozmu/app.bsky.feed.generator/allpics"},
{"uri":"at://did:plc:wmhp7mubpgafjggwvaxeozmu/app.bsky.feed.generator/allqps"},
{"uri":"at://did:plc:wmhp7mubpgafjggwvaxeozmu/app.bsky.feed.generator/followpics"},
{"uri":"at://did:plc:wmhp7mubpgafjggwvaxeozmu/app.bsky.feed.generator/cozy"},
{"uri":"at://did:plc:wmhp7mubpgafjggwvaxeozmu/app.bsky.feed.generator/enjoy"}]}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.