commit 8a14a867b214645416f4b86f64023b761289844a · cduck.me/statusphere-example-app-fork

+32 -4

src/auth/session.ts

···

       4
       4
        
       import type { IncomingMessage, ServerResponse } from 'node:http'

     

       5
       5
        
       import { getIronSession } from 'iron-session'

     

       6
       6
        
       import { env } from '#/env'

     

       7
       7
       +
       import { AppContext } from '#/config'

     

       7
       8
        
       

     

       8
       9
        
       export type Session = { did: string }

     

       9
       10
        
       

     

       10
       10
       -
       export async function createSession(req: IncomingMessage, res: ServerResponse<IncomingMessage>, did: string) {

     

       11
       11
       +
       export async function createSession(

     

       12
       12
       +
         req: IncomingMessage,

     

       13
       13
       +
         res: ServerResponse<IncomingMessage>,

     

       14
       14
       +
         did: string

     

       15
       15
       +
       ) {

     

       11
       16
        
         const session = await getSessionRaw(req, res)

     

       12
       17
        
         assert(!session.did, 'session already exists')

     

       13
       18
        
         session.did = did

     
···

       15
       20
        
         return { did: session.did }

     

       16
       21
        
       }

     

       17
       22
        
       

     

       18
       18
       -
       export async function destroySession(req: IncomingMessage, res: ServerResponse<IncomingMessage>) {

     

       23
       23
       +
       export async function destroySession(

     

       24
       24
       +
         req: IncomingMessage,

     

       25
       25
       +
         res: ServerResponse<IncomingMessage>

     

       26
       26
       +
       ) {

     

       19
       27
        
         const session = await getSessionRaw(req, res)

     

       20
       28
        
         await session.destroy()

     

       21
       29
        
         return null

     

       22
       30
        
       }

     

       23
       31
        
       

     

       24
       24
       -
       export async function getSession(req: IncomingMessage, res: ServerResponse<IncomingMessage>) {

     

       32
       32
       +
       export async function getSession(

     

       33
       33
       +
         req: IncomingMessage,

     

       34
       34
       +
         res: ServerResponse<IncomingMessage>

     

       35
       35
       +
       ) {

     

       25
       36
        
         const session = await getSessionRaw(req, res)

     

       26
       37
        
         if (!session.did) return null

     

       27
       38
        
         return { did: session.did }

     

       28
       39
        
       }

     

       29
       40
        
       

     

       30
       30
       -
       async function getSessionRaw(req: IncomingMessage, res: ServerResponse<IncomingMessage>) {

     

       41
       41
       +
       export async function getSessionAgent(

     

       42
       42
       +
         req: IncomingMessage,

     

       43
       43
       +
         res: ServerResponse<IncomingMessage>,

     

       44
       44
       +
         ctx: AppContext

     

       45
       45
       +
       ) {

     

       46
       46
       +
         const session = await getSessionRaw(req, res)

     

       47
       47
       +
         if (!session.did) return null

     

       48
       48
       +
         return await ctx.oauthClient.restore(session.did).catch(async (err) => {

     

       49
       49
       +
           ctx.logger.warn({ err }, 'oauth restore failed')

     

       50
       50
       +
           await destroySession(req, res)

     

       51
       51
       +
           return null

     

       52
       52
       +
         })

     

       53
       53
       +
       }

     

       54
       54
       +
       

     

       55
       55
       +
       async function getSessionRaw(

     

       56
       56
       +
         req: IncomingMessage,

     

       57
       57
       +
         res: ServerResponse<IncomingMessage>

     

       58
       58
       +
       ) {

     

       31
       59
        
         return await getIronSession<Session>(req, res, {

     

       32
       60
        
           cookieName: 'sid',

     

       33
       61
        
           password: env.COOKIE_SECRET,

+6 -18

src/routes/index.ts

···

       2
       2
        
       import { OAuthResolverError } from '@atproto/oauth-client-node'

     

       3
       3
        
       import { isValidHandle } from '@atproto/syntax'

     

       4
       4
        
       import express from 'express'

     

       5
       5
       -
       import { createSession, destroySession, getSession } from '#/auth/session'

     

       5
       5
       +
       import { createSession, destroySession, getSessionAgent } from '#/auth/session'

     

       6
       6
        
       import type { AppContext } from '#/config'

     

       7
       7
        
       import { home } from '#/pages/home'

     

       8
       8
        
       import { login } from '#/pages/login'

     
···

       81
       81
        
         router.get(

     

       82
       82
        
           '/',

     

       83
       83
        
           handler(async (req, res) => {

     

       84
       84
       -
             const session = await getSession(req, res)

     

       85
       85
       -
             const agent =

     

       86
       86
       -
               session &&

     

       87
       87
       -
               (await ctx.oauthClient.restore(session.did).catch(async (err) => {

     

       88
       88
       -
                 ctx.logger.warn({ err }, 'oauth restore failed')

     

       89
       89
       -
                 await destroySession(req, res)

     

       90
       90
       -
                 return null

     

       91
       91
       -
               }))

     

       84
       84
       +
             const agent = await getSessionAgent(req, res, ctx)

     

       92
       85
        
             const statuses = await ctx.db

     

       93
       86
        
               .selectFrom('status')

     

       94
       87
        
               .selectAll()

     
···

       108
       101
        
             if (!agent) {

     

       109
       102
        
               return res.type('html').send(page(home({ statuses, didHandleMap })))

     

       110
       103
        
             }

     

       111
       111
       -
             const { data: profile } = await agent.getProfile({ actor: session.did })

     

       104
       104
       +
             const { data: profile } = await agent.getProfile({

     

       105
       105
       +
               actor: agent.accountDid,

     

       106
       106
       +
             })

     

       112
       107
        
             return res

     

       113
       108
        
               .type('html')

     

       114
       109
        
               .send(page(home({ statuses, didHandleMap, profile, myStatus })))

     
···

       118
       113
        
         router.post(

     

       119
       114
        
           '/status',

     

       120
       115
        
           handler(async (req, res) => {

     

       121
       121
       -
             const session = await getSession(req, res)

     

       122
       122
       -
             const agent =

     

       123
       123
       -
               session &&

     

       124
       124
       -
               (await ctx.oauthClient.restore(session.did).catch(async (err) => {

     

       125
       125
       -
                 ctx.logger.warn({ err }, 'oauth restore failed')

     

       126
       126
       -
                 await destroySession(req, res)

     

       127
       127
       -
                 return null

     

       128
       128
       -
               }))

     

       116
       116
       +
             const agent = await getSessionAgent(req, res, ctx)

     

       129
       117
        
             if (!agent) {

     

       130
       118
        
               return res.status(401).json({ error: 'Session required' })

     

       131
       119
        
             }