[chore] update dependencies (#4188)

Update dependencies: - github.com/gin-gonic/gin v1.10.0 -> v1.10.1 - github.com/gin-contrib/sessions v1.10.3 -> v1.10.4 - github.com/jackc/pgx/v5 v5.7.4 -> v5.7.5 - github.com/minio/minio-go/v7 v7.0.91 -> v7.0.92 - github.com/pquerna/otp v1.4.0 -> v1.5.0 - github.com/tdewolff/minify/v2 v2.23.5 -> v2.23.8 - github.com/yuin/goldmark v1.7.11 -> v1.7.12 - go.opentelemetry.io/otel{,/*} v1.35.0 -> v1.36.0 - modernc.org/sqlite v1.37.0 -> v1.37.1 Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4188 Reviewed-by: Daenney <daenney@noreply.codeberg.org> Co-authored-by: kim <grufwub@gmail.com> Co-committed-by: kim <grufwub@gmail.com>
2025-10-29 18:52:24 -05:00 · 2025-05-22 16:27:55 +02:00 · 2025-05-22 16:27:55 +02:00 · b6ff55662e
commit b6ff55662e
parent 20aad9be0f
214 changed files with 44839 additions and 32023 deletions
--- a/vendor/github.com/pquerna/otp/hotp/hotp.go
+++ b/vendor/github.com/pquerna/otp/hotp/hotp.go
@ -57,6 +57,8 @@ type ValidateOpts struct {
 	Digits otp.Digits
 	// Algorithm to use for HMAC. Defaults to SHA1.
 	Algorithm otp.Algorithm
+	// Encoder to use for output code.
+	Encoder otp.Encoder
 }

 // GenerateCode creates a HOTP passcode given a counter and secret.
@ -112,15 +114,34 @@ func GenerateCodeCustom(secret string, counter uint64, opts ValidateOpts) (passc
 		(int(sum[offset+3]) & 0xff))

 	l := opts.Digits.Length()
-	mod := int32(value % int64(math.Pow10(l)))
+	switch opts.Encoder {
+	case otp.EncoderDefault:
+		mod := int32(value % int64(math.Pow10(l)))

-	if debug {
-		fmt.Printf("offset=%v\n", offset)
-		fmt.Printf("value=%v\n", value)
-		fmt.Printf("mod'ed=%v\n", mod)
+		if debug {
+			fmt.Printf("offset=%v\n", offset)
+			fmt.Printf("value=%v\n", value)
+			fmt.Printf("mod'ed=%v\n", mod)
+		}
+		passcode = opts.Digits.Format(mod)
+	case otp.EncoderSteam:
+		// Define the character set used by Steam Guard codes.
+		alphabet := []byte{
+			'2', '3', '4', '5', '6', '7', '8', '9', 'B', 'C',
+			'D', 'F', 'G', 'H', 'J', 'K', 'M', 'N', 'P', 'Q',
+			'R', 'T', 'V', 'W', 'X', 'Y',
+		}
+		radix := int64(len(alphabet))
+
+		for i := 0; i < l; i++ {
+			digit := value % radix
+			value /= radix
+			c := alphabet[digit]
+			passcode += string(c)
+		}
 	}

-	return opts.Digits.Format(mod), nil
+	return
 }

 // ValidateCustom validates an HOTP with customizable options. Most users should
@ -194,7 +215,7 @@ func Generate(opts GenerateOpts) (*otp.Key, error) {
 		v.Set("secret", b32NoPadding.EncodeToString(opts.Secret))
 	} else {
 		secret := make([]byte, opts.SecretSize)
-		_, err := opts.Rand.Read(secret)
+		_, err := io.ReadFull(opts.Rand, secret)
 		if err != nil {
 			return nil, err
 		}
--- a/vendor/github.com/pquerna/otp/otp.go
+++ b/vendor/github.com/pquerna/otp/otp.go
@ -154,12 +154,7 @@ func (k *Key) Digits() Digits {
 	q := k.url.Query()

 	if u, err := strconv.ParseUint(q.Get("digits"), 10, 64); err == nil {
-		switch u {
-		case 8:
-			return DigitsEight
-		default:
-			return DigitsSix
-		}
+		return Digits(u)
 	}

 	// Six is the most common value.
@ -183,6 +178,19 @@ func (k *Key) Algorithm() Algorithm {
 	}
 }

+// Encoder returns the encoder used or the default ("")
+func (k *Key) Encoder() Encoder {
+	q := k.url.Query()
+
+	a := strings.ToLower(q.Get("encoder"))
+	switch a {
+	case "steam":
+		return EncoderSteam
+	default:
+		return EncoderDefault
+	}
+}
+
 // URL returns the OTP URL as a string
 func (k *Key) URL() string {
 	return k.url.String()
@ -253,3 +261,10 @@ func (d Digits) Length() int {
 func (d Digits) String() string {
 	return fmt.Sprintf("%d", d)
 }
+
+type Encoder string
+
+const (
+	EncoderDefault Encoder = ""
+	EncoderSteam   Encoder = "steam"
+)
--- a/vendor/github.com/pquerna/otp/totp/totp.go
+++ b/vendor/github.com/pquerna/otp/totp/totp.go
@ -73,6 +73,8 @@ type ValidateOpts struct {
 	Digits otp.Digits
 	// Algorithm to use for HMAC. Defaults to SHA1.
 	Algorithm otp.Algorithm
+	// Encoder to use for output code.
+	Encoder otp.Encoder
 }

 // GenerateCodeCustom takes a timepoint and produces a passcode using a
@ -86,6 +88,7 @@ func GenerateCodeCustom(secret string, t time.Time, opts ValidateOpts) (passcode
 	passcode, err = hotp.GenerateCodeCustom(secret, counter, hotp.ValidateOpts{
 		Digits:    opts.Digits,
 		Algorithm: opts.Algorithm,
+		Encoder:   opts.Encoder,
 	})
 	if err != nil {
 		return "", err
@ -113,8 +116,8 @@ func ValidateCustom(passcode string, secret string, t time.Time, opts ValidateOp
 		rv, err := hotp.ValidateCustom(passcode, counter, secret, hotp.ValidateOpts{
 			Digits:    opts.Digits,
 			Algorithm: opts.Algorithm,
+			Encoder:   opts.Encoder,
 		})
-
 		if err != nil {
 			return false, err
 		}
@ -184,7 +187,7 @@ func Generate(opts GenerateOpts) (*otp.Key, error) {
 		v.Set("secret", b32NoPadding.EncodeToString(opts.Secret))
 	} else {
 		secret := make([]byte, opts.SecretSize)
-		_, err := opts.Rand.Read(secret)
+		_, err := io.ReadFull(opts.Rand, secret)
 		if err != nil {
 			return nil, err
 		}