-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: User registration #185
Conversation
let mut base = hex::decode(uaid.to_simple().to_string()).chain_err(|| "Error decoding")?; | ||
base.extend(hex::decode(chid.to_simple().to_string()).chain_err(|| "Error decoding")?); | ||
|
||
if let Some(k) = key { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, part of me wonders if we should create a NONCE key when there's none specified. This would ensure that the new URLs have a consistent length and be a little less subject to potential scrutiny.
Not saying we should do that here, but just thinking about it a bit more with the new system we're putting out.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
v2 endpoints require VAPID, at minimum to validate the public key hash in the endpoint URL. This would require changes to the clients who don't currently provide a key, because they probably also don't send VAPID.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, but we'd use the nonce for v1
endpoints that don't include the key. That shouldn't require any modification of the client.
8845fab
to
7086e1a
Compare
3d5171e
to
9e02178
Compare
4ed59b3
to
a11591b
Compare
54255d1
to
26e1743
Compare
a11591b
to
89813f6
Compare
fd5699b
to
a363c51
Compare
Also we now use the `Bytes` and `Json` extractors to read the payload. The payload size limit is configured through the respective extractor config objects.
The `sign_oneshot_to_vec` method is only available with OpenSSL >=1.1.1.
5cd962b
to
3887081
Compare
Major changes:
Minor changes:
Bytes
/Json
extractors to simplify code and to use their built-in size limiting functionality.Display
impl forUuid
).Closes #176