[chore] updates code.superseriousbusiness.org/oauth2/v4 to ssb-v4.5.3-1 (#4245)

A brief note on the above change: Go does not seem to like version tagging outside of `v?[0-9\.]` formatting, so it translates `ssb-v4.5.3-1` to `v4.5.4-0.20250606121655-9d54ef189d42` and as such sees it as a "downgrade" compared to the previous `v4.9.0`. which functionally isn't a problem, everything still behaves as it should, but it means people can't just run `go get repo@latest` for this particular dependency. Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4245 Co-authored-by: kim <grufwub@gmail.com> Co-committed-by: kim <grufwub@gmail.com>
2025-11-02 04:12:26 -06:00 · 2025-06-06 15:14:37 +02:00 · 2025-06-06 15:14:37 +02:00 · 77eddea3af
commit 77eddea3af
parent a37dd59d1f
40 changed files with 325 additions and 1921 deletions
--- a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/access.go
+++ b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/access.go
@ -1,38 +1,38 @@
-package generates
-
-import (
-	"bytes"
-	"context"
-	"encoding/base64"
-	"strconv"
-	"strings"
-
-	"code.superseriousbusiness.org/oauth2/v4"
-	"github.com/google/uuid"
-)
-
-// NewAccessGenerate create to generate the access token instance
-func NewAccessGenerate() *AccessGenerate {
-	return &AccessGenerate{}
-}
-
-// AccessGenerate generate the access token
-type AccessGenerate struct {
-}
-
-// Token based on the UUID generated token
-func (ag *AccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic, isGenRefresh bool) (string, string, error) {
-	buf := bytes.NewBufferString(data.Client.GetID())
-	buf.WriteString(data.UserID)
-	buf.WriteString(strconv.FormatInt(data.CreateAt.UnixNano(), 10))
-
-	access := base64.URLEncoding.EncodeToString([]byte(uuid.NewMD5(uuid.Must(uuid.NewRandom()), buf.Bytes()).String()))
-	access = strings.ToUpper(strings.TrimRight(access, "="))
-	refresh := ""
-	if isGenRefresh {
-		refresh = base64.URLEncoding.EncodeToString([]byte(uuid.NewSHA1(uuid.Must(uuid.NewRandom()), buf.Bytes()).String()))
-		refresh = strings.ToUpper(strings.TrimRight(refresh, "="))
-	}
-
-	return access, refresh, nil
-}
+package generates
+
+import (
+	"bytes"
+	"context"
+	"encoding/base64"
+	"strconv"
+	"strings"
+
+	"code.superseriousbusiness.org/oauth2/v4"
+	"github.com/google/uuid"
+)
+
+// NewAccessGenerate create to generate the access token instance
+func NewAccessGenerate() *AccessGenerate {
+	return &AccessGenerate{}
+}
+
+// AccessGenerate generate the access token
+type AccessGenerate struct {
+}
+
+// Token based on the UUID generated token
+func (ag *AccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic, isGenRefresh bool) (string, string, error) {
+	buf := bytes.NewBufferString(data.Client.GetID())
+	buf.WriteString(data.UserID)
+	buf.WriteString(strconv.FormatInt(data.CreateAt.UnixNano(), 10))
+
+	access := base64.URLEncoding.EncodeToString([]byte(uuid.NewMD5(uuid.Must(uuid.NewRandom()), buf.Bytes()).String()))
+	access = strings.ToUpper(strings.TrimRight(access, "="))
+	refresh := ""
+	if isGenRefresh {
+		refresh = base64.URLEncoding.EncodeToString([]byte(uuid.NewSHA1(uuid.Must(uuid.NewRandom()), buf.Bytes()).String()))
+		refresh = strings.ToUpper(strings.TrimRight(refresh, "="))
+	}
+
+	return access, refresh, nil
+}
--- a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/authorize.go
+++ b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/authorize.go
@ -1,30 +1,30 @@
-package generates
-
-import (
-	"bytes"
-	"context"
-	"encoding/base64"
-	"strings"
-
-	"code.superseriousbusiness.org/oauth2/v4"
-	"github.com/google/uuid"
-)
-
-// NewAuthorizeGenerate create to generate the authorize code instance
-func NewAuthorizeGenerate() *AuthorizeGenerate {
-	return &AuthorizeGenerate{}
-}
-
-// AuthorizeGenerate generate the authorize code
-type AuthorizeGenerate struct{}
-
-// Token based on the UUID generated token
-func (ag *AuthorizeGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic) (string, error) {
-	buf := bytes.NewBufferString(data.Client.GetID())
-	buf.WriteString(data.UserID)
-	token := uuid.NewMD5(uuid.Must(uuid.NewRandom()), buf.Bytes())
-	code := base64.URLEncoding.EncodeToString([]byte(token.String()))
-	code = strings.ToUpper(strings.TrimRight(code, "="))
-
-	return code, nil
-}
+package generates
+
+import (
+	"bytes"
+	"context"
+	"encoding/base64"
+	"strings"
+
+	"code.superseriousbusiness.org/oauth2/v4"
+	"github.com/google/uuid"
+)
+
+// NewAuthorizeGenerate create to generate the authorize code instance
+func NewAuthorizeGenerate() *AuthorizeGenerate {
+	return &AuthorizeGenerate{}
+}
+
+// AuthorizeGenerate generate the authorize code
+type AuthorizeGenerate struct{}
+
+// Token based on the UUID generated token
+func (ag *AuthorizeGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic) (string, error) {
+	buf := bytes.NewBufferString(data.Client.GetID())
+	buf.WriteString(data.UserID)
+	token := uuid.NewMD5(uuid.Must(uuid.NewRandom()), buf.Bytes())
+	code := base64.URLEncoding.EncodeToString([]byte(token.String()))
+	code = strings.ToUpper(strings.TrimRight(code, "="))
+
+	return code, nil
+}
--- a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go
+++ b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go
@ -8,18 +8,18 @@ import (

 	"code.superseriousbusiness.org/oauth2/v4"
 	"code.superseriousbusiness.org/oauth2/v4/errors"
-	"github.com/golang-jwt/jwt"
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/google/uuid"
 )

 // JWTAccessClaims jwt claims
 type JWTAccessClaims struct {
-	jwt.StandardClaims
+	jwt.RegisteredClaims
 }

 // Valid claims verification
 func (a *JWTAccessClaims) Valid() error {
-	if time.Unix(a.ExpiresAt, 0).Before(time.Now()) {
+	if a.ExpiresAt != nil && time.Unix(a.ExpiresAt.Unix(), 0).Before(time.Now()) {
 		return errors.ErrInvalidAccessToken
 	}
 	return nil
@ -44,10 +44,10 @@ type JWTAccessGenerate struct {
 // Token based on the UUID generated token
 func (a *JWTAccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic, isGenRefresh bool) (string, string, error) {
 	claims := &JWTAccessClaims{
-		StandardClaims: jwt.StandardClaims{
-			Audience:  data.Client.GetID(),
+		RegisteredClaims: jwt.RegisteredClaims{
+			Audience:  jwt.ClaimStrings{data.Client.GetID()},
 			Subject:   data.UserID,
-			ExpiresAt: data.TokenInfo.GetAccessCreateAt().Add(data.TokenInfo.GetAccessExpiresIn()).Unix(),
+			ExpiresAt: jwt.NewNumericDate(data.TokenInfo.GetAccessCreateAt().Add(data.TokenInfo.GetAccessExpiresIn())),
 		},
 	}

@ -70,6 +70,12 @@ func (a *JWTAccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasi
 		key = v
 	} else if a.isHs() {
 		key = a.SignedKey
+	} else if a.isEd() {
+		v, err := jwt.ParseEdPrivateKeyFromPEM(a.SignedKey)
+		if err != nil {
+			return "", "", err
+		}
+		key = v
 	} else {
 		return "", "", errors.New("unsupported sign method")
 	}
@ -102,3 +108,7 @@ func (a *JWTAccessGenerate) isRsOrPS() bool {
 func (a *JWTAccessGenerate) isHs() bool {
 	return strings.HasPrefix(a.SignedMethod.Alg(), "HS")
 }
+
+func (a *JWTAccessGenerate) isEd() bool {
+	return strings.HasPrefix(a.SignedMethod.Alg(), "Ed")
+}