From 28251876e1ba1d4a2f3617bea09057df739ccb55 Mon Sep 17 00:00:00 2001 From: mkelvers Date: Tue, 26 May 2026 15:56:55 +0200 Subject: [PATCH] fix: handle mac.Write errors in proxy token signing --- internal/playback/service/service.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/internal/playback/service/service.go b/internal/playback/service/service.go index 6fef801..bfa1849 100644 --- a/internal/playback/service/service.go +++ b/internal/playback/service/service.go @@ -59,7 +59,9 @@ func (s *playbackService) SignProxyToken(targetURL, referer, scope string) (stri return "", err } mac := hmac.New(sha256.New, []byte(s.proxyTokenKey)) - mac.Write(body) + if _, err := mac.Write(body); err != nil { + return "", fmt.Errorf("sign proxy token: %w", err) + } signature := mac.Sum(nil) encodedBody := base64.RawURLEncoding.EncodeToString(body) encodedSignature := base64.RawURLEncoding.EncodeToString(signature) @@ -83,7 +85,9 @@ func (s *playbackService) VerifyProxyToken(token string) (proxyTokenPayload, err return proxyTokenPayload{}, fmt.Errorf("invalid signature encoding: %w", err) } mac := hmac.New(sha256.New, []byte(s.proxyTokenKey)) - mac.Write(body) + if _, err := mac.Write(body); err != nil { + return proxyTokenPayload{}, fmt.Errorf("verify proxy token: %w", err) + } expectedSig := mac.Sum(nil) if !hmac.Equal(expectedSig, decodedSig) { return proxyTokenPayload{}, fmt.Errorf("invalid signature")