internal/core/oauth/session.go at 5d7a2d47851f87a09fc1a63e2a07e7cd6ea83098 · bretton.dev/coves

bretton.dev / coves

A community based topic aggregation platform built on atproto

coves / internal / core / oauth / session.go

at 5d7a2d47851f87a09fc1a63e2a07e7cd6ea83098 2.3 kB view raw

 1package oauth
 2
 3import (
 4	"time"
 5)
 6
 7// OAuthRequest represents a temporary OAuth authorization flow state
 8// Stored during the redirect to auth server, deleted after callback
 9type OAuthRequest struct {
10	State               string    `db:"state"`
11	DID                 string    `db:"did"`
12	Handle              string    `db:"handle"`
13	PDSURL              string    `db:"pds_url"`
14	PKCEVerifier        string    `db:"pkce_verifier"`
15	DPoPPrivateJWK      string    `db:"dpop_private_jwk"` // JSON-encoded JWK
16	DPoPAuthServerNonce string    `db:"dpop_authserver_nonce"`
17	AuthServerIss       string    `db:"auth_server_iss"`
18	ReturnURL           string    `db:"return_url"`
19	CreatedAt           time.Time `db:"created_at"`
20}
21
22// OAuthSession represents a long-lived authenticated user session
23// Stored after successful OAuth login, used for all authenticated requests
24type OAuthSession struct {
25	DID                 string    `db:"did"`
26	Handle              string    `db:"handle"`
27	PDSURL              string    `db:"pds_url"`
28	AccessToken         string    `db:"access_token"`
29	RefreshToken        string    `db:"refresh_token"`
30	DPoPPrivateJWK      string    `db:"dpop_private_jwk"` // JSON-encoded JWK
31	DPoPAuthServerNonce string    `db:"dpop_authserver_nonce"`
32	DPoPPDSNonce        string    `db:"dpop_pds_nonce"`
33	AuthServerIss       string    `db:"auth_server_iss"`
34	ExpiresAt           time.Time `db:"expires_at"`
35	CreatedAt           time.Time `db:"created_at"`
36	UpdatedAt           time.Time `db:"updated_at"`
37}
38
39// SessionStore defines the interface for OAuth session storage
40type SessionStore interface {
41	// OAuth flow state management
42	SaveRequest(req *OAuthRequest) error
43	GetRequestByState(state string) (*OAuthRequest, error)
44	GetAndDeleteRequest(state string) (*OAuthRequest, error) // Atomic get-and-delete for CSRF protection
45	DeleteRequest(state string) error
46
47	// User session management
48	SaveSession(session *OAuthSession) error
49	GetSession(did string) (*OAuthSession, error)
50	UpdateSession(session *OAuthSession) error
51	DeleteSession(did string) error
52
53	// Token refresh
54	RefreshSession(did, newAccessToken, newRefreshToken string, expiresAt time.Time) error
55
56	// Nonce updates (for DPoP)
57	UpdateAuthServerNonce(did, nonce string) error
58	UpdatePDSNonce(did, nonce string) error
59}