[chore] update dependencies (#4188)

Update dependencies: - github.com/gin-gonic/gin v1.10.0 -> v1.10.1 - github.com/gin-contrib/sessions v1.10.3 -> v1.10.4 - github.com/jackc/pgx/v5 v5.7.4 -> v5.7.5 - github.com/minio/minio-go/v7 v7.0.91 -> v7.0.92 - github.com/pquerna/otp v1.4.0 -> v1.5.0 - github.com/tdewolff/minify/v2 v2.23.5 -> v2.23.8 - github.com/yuin/goldmark v1.7.11 -> v1.7.12 - go.opentelemetry.io/otel{,/*} v1.35.0 -> v1.36.0 - modernc.org/sqlite v1.37.0 -> v1.37.1 Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4188 Reviewed-by: Daenney <daenney@noreply.codeberg.org> Co-authored-by: kim <grufwub@gmail.com> Co-committed-by: kim <grufwub@gmail.com>
2025-11-09 16:37:30 -06:00 · 2025-05-22 16:27:55 +02:00 · 2025-05-22 16:27:55 +02:00 · b6ff55662e
commit b6ff55662e
parent 20aad9be0f
214 changed files with 44839 additions and 32023 deletions
--- a/vendor/github.com/pquerna/otp/hotp/hotp.go
+++ b/vendor/github.com/pquerna/otp/hotp/hotp.go
@ -57,6 +57,8 @@ type ValidateOpts struct {
 	Digits otp.Digits
 	// Algorithm to use for HMAC. Defaults to SHA1.
 	Algorithm otp.Algorithm
+	// Encoder to use for output code.
+	Encoder otp.Encoder
 }

 // GenerateCode creates a HOTP passcode given a counter and secret.
@ -112,15 +114,34 @@ func GenerateCodeCustom(secret string, counter uint64, opts ValidateOpts) (passc
 		(int(sum[offset+3]) & 0xff))

 	l := opts.Digits.Length()
-	mod := int32(value % int64(math.Pow10(l)))
+	switch opts.Encoder {
+	case otp.EncoderDefault:
+		mod := int32(value % int64(math.Pow10(l)))

-	if debug {
-		fmt.Printf("offset=%v\n", offset)
-		fmt.Printf("value=%v\n", value)
-		fmt.Printf("mod'ed=%v\n", mod)
+		if debug {
+			fmt.Printf("offset=%v\n", offset)
+			fmt.Printf("value=%v\n", value)
+			fmt.Printf("mod'ed=%v\n", mod)
+		}
+		passcode = opts.Digits.Format(mod)
+	case otp.EncoderSteam:
+		// Define the character set used by Steam Guard codes.
+		alphabet := []byte{
+			'2', '3', '4', '5', '6', '7', '8', '9', 'B', 'C',
+			'D', 'F', 'G', 'H', 'J', 'K', 'M', 'N', 'P', 'Q',
+			'R', 'T', 'V', 'W', 'X', 'Y',
+		}
+		radix := int64(len(alphabet))
+
+		for i := 0; i < l; i++ {
+			digit := value % radix
+			value /= radix
+			c := alphabet[digit]
+			passcode += string(c)
+		}
 	}

-	return opts.Digits.Format(mod), nil
+	return
 }

 // ValidateCustom validates an HOTP with customizable options. Most users should
@ -194,7 +215,7 @@ func Generate(opts GenerateOpts) (*otp.Key, error) {
 		v.Set("secret", b32NoPadding.EncodeToString(opts.Secret))
 	} else {
 		secret := make([]byte, opts.SecretSize)
-		_, err := opts.Rand.Read(secret)
+		_, err := io.ReadFull(opts.Rand, secret)
 		if err != nil {
 			return nil, err
 		}