internal/core/oauth/session.go at d08c9e3083cdc4fde41b848d2206f241f8cd5170 · bretton.dev/coves

bretton.dev / coves

A community based topic aggregation platform built on atproto

coves / internal / core / oauth / session.go

at d08c9e3083cdc4fde41b848d2206f241f8cd5170 2.3 kB view raw

 1package oauth
 2
 3import (
 4	"time"
 5)
 6
 7// OAuthRequest represents a temporary OAuth authorization flow state
 8// Stored during the redirect to auth server, deleted after callback
 9type OAuthRequest struct {
10	CreatedAt           time.Time `db:"created_at"`
11	State               string    `db:"state"`
12	DID                 string    `db:"did"`
13	Handle              string    `db:"handle"`
14	PDSURL              string    `db:"pds_url"`
15	PKCEVerifier        string    `db:"pkce_verifier"`
16	DPoPPrivateJWK      string    `db:"dpop_private_jwk"`
17	DPoPAuthServerNonce string    `db:"dpop_authserver_nonce"`
18	AuthServerIss       string    `db:"auth_server_iss"`
19	ReturnURL           string    `db:"return_url"`
20}
21
22// OAuthSession represents a long-lived authenticated user session
23// Stored after successful OAuth login, used for all authenticated requests
24type OAuthSession struct {
25	ExpiresAt           time.Time `db:"expires_at"`
26	CreatedAt           time.Time `db:"created_at"`
27	UpdatedAt           time.Time `db:"updated_at"`
28	DID                 string    `db:"did"`
29	Handle              string    `db:"handle"`
30	PDSURL              string    `db:"pds_url"`
31	AccessToken         string    `db:"access_token"`
32	RefreshToken        string    `db:"refresh_token"`
33	DPoPPrivateJWK      string    `db:"dpop_private_jwk"`
34	DPoPAuthServerNonce string    `db:"dpop_authserver_nonce"`
35	DPoPPDSNonce        string    `db:"dpop_pds_nonce"`
36	AuthServerIss       string    `db:"auth_server_iss"`
37}
38
39// SessionStore defines the interface for OAuth session storage
40type SessionStore interface {
41	// OAuth flow state management
42	SaveRequest(req *OAuthRequest) error
43	GetRequestByState(state string) (*OAuthRequest, error)
44	GetAndDeleteRequest(state string) (*OAuthRequest, error) // Atomic get-and-delete for CSRF protection
45	DeleteRequest(state string) error
46
47	// User session management
48	SaveSession(session *OAuthSession) error
49	GetSession(did string) (*OAuthSession, error)
50	UpdateSession(session *OAuthSession) error
51	DeleteSession(did string) error
52
53	// Token refresh
54	RefreshSession(did, newAccessToken, newRefreshToken string, expiresAt time.Time) error
55
56	// Nonce updates (for DPoP)
57	UpdateAuthServerNonce(did, nonce string) error
58	UpdatePDSNonce(did, nonce string) error
59}