ExploreTrendingAnalytics
Nostr Archives
ExploreTrendingAnalytics
hodlbod13d ago
@mleku https://git.mleku.dev/mleku/gitea-nostr-auth is giving me an SSL error
💬 10 replies

Replies (10)

mleku13d ago
it's lucky you can still fetch it from the go mod cache. i have the source here, looking...
0000 sats
mleku13d ago
i'm moving it here: https://github.com/mlekudev/gitea-nostr-auth currently refactoring its internal paths to the new, refactoring the nostr library dependencies to git.nostrdev.com/mleku/next.orly.dev i'll let you know when it's all together. probably in the next hour. i am cooking dinner in parallel, almost done with the risotto :)
0000 sats
mleku13d ago
should be good to go at the new repo. let me know
0000 sats
hodlbod13d ago
Got it working, thanks!
0000 sats
mleku13d ago
btw, you know that it automatically creates users from the npubs named with their username field?
0000 sats
hodlbod13d ago
Yeah, pretty nice. Although it auto linked my email account, could there be an attack vector based on non-unique names?
0000 sats
mleku13d ago
how did it do that? i don't remember it doing that. through your ssh?
0000 sats
hodlbod12d ago
I may be wrong, I tried again with another pubkey and it didn't merge accounts
0000 sats
mleku12d ago
yeah, it doesn't actually use email at all, even though that is part of how the auth system in gitea works. i'm not sure how it picked up an email but i think it searches for your kind 0 to find the username to use. it may have something to do with your initial setup of gitea. each pubkey is a distinct identity, so that makes sense. if there is anyhting you think of to improve it (eg, i felt like the prompt to auth is redundant on the in between screen, it should just ask for the pubkey and challenge and sign and log in if it passes. anyway, i love that thing. makes collaboration on gitea so smooth.
0000 sats
mleku12d ago
i think it has a countermeasure against same usernames also, probably a counter increment.
0000 sats