cduck.me / statusphere-example-app-fork
Scratch space for learning atproto app development
fork atom

Compare changes

Choose any two refs to compare.

options
unified split
Changed files
+45 -3
.env.template
README.md
src
auth
client.ts
+2 -2
.env.template 
···

       
4

       
4

       
 

       
DB_PATH=":memory:"         # The SQLite database path. Set as ":memory:" to use a temporary in-memory database.


     

       
5

       
5

       
 

       
# PUBLIC_URL=""            # Set when deployed publicly, e.g. "https://mysite.com". Informs OAuth client id.


     

       
6

       
6

       
 

       
# LOG_LEVEL="info"         # Options: 'fatal', 'error', 'warn', 'info', 'debug'


     

       
7

       

       
-

       
# PDS_URL="https://my.pds" # The the default PDS for login and sign-ups


     

       

       
7

       
+

       
# PDS_URL="https://my.pds" # The default PDS for login and sign-ups


     

       
8

       
8

       
 

       



     

       
9

       

       
-

       
# Secrets bellow *MUST* be set in production


     

       

       
9

       
+

       
# Secrets below *MUST* be set in production


     

       
10

       
10

       
 

       



     

       
11

       
11

       
 

       
# May be generated with `openssl rand -base64 33`


     

       
12

       
12

       
 

       
# COOKIE_SECRET=""
+42
README.md 
···

       
19

       
19

       
 

       
npm run dev


     

       
20

       
20

       
 

       
# Navigate to http://localhost:8080


     

       
21

       
21

       
 

       
```


     

       

       
22

       
+

       



     

       

       
23

       
+

       
## Deploying


     

       

       
24

       
+

       



     

       

       
25

       
+

       
In production, you will need a private key to sign OAuth tokens request. Use the


     

       

       
26

       
+

       
following command to generate a new private key:


     

       

       
27

       
+

       



     

       

       
28

       
+

       
```sh


     

       

       
29

       
+

       
./bin/gen-jwk


     

       

       
30

       
+

       
```


     

       

       
31

       
+

       



     

       

       
32

       
+

       
The generated key must be added to the environment variables (`.env` file) in `PRIVATE_KEYS`.


     

       

       
33

       
+

       



     

       

       
34

       
+

       
```env


     

       

       
35

       
+

       
PRIVATE_KEYS='[{"kty":"EC","kid":"12",...}]'


     

       

       
36

       
+

       
```


     

       

       
37

       
+

       



     

       

       
38

       
+

       
> [!NOTE]


     

       

       
39

       
+

       
>


     

       

       
40

       
+

       
> The `PRIVATE_KEYS` can contain multiple keys. The first key in the array is


     

       

       
41

       
+

       
> the most recent one, and it will be used to sign new tokens. When a key is


     

       

       
42

       
+

       
> removed, all associated sessions will be invalidated.


     

       

       
43

       
+

       



     

       

       
44

       
+

       
Make sure to also set the `COOKIE_SECRET`, which is used to sign session


     

       

       
45

       
+

       
cookies, in your environment variables (`.env` file). You should use a random


     

       

       
46

       
+

       
string for this:


     

       

       
47

       
+

       



     

       

       
48

       
+

       
```sh


     

       

       
49

       
+

       
openssl rand -base64 33


     

       

       
50

       
+

       
```


     

       

       
51

       
+

       



     

       

       
52

       
+

       
Finally, set the `PUBLIC_URL` to the URL where your app will be accessible. This


     

       

       
53

       
+

       
will allow the authorization servers to download the app's public keys.


     

       

       
54

       
+

       



     

       

       
55

       
+

       
```env


     

       

       
56

       
+

       
PUBLIC_URL="https://your-app-url.com"


     

       

       
57

       
+

       
```


     

       

       
58

       
+

       



     

       

       
59

       
+

       
> [!NOTE]


     

       

       
60

       
+

       
>


     

       

       
61

       
+

       
> You can use services like [ngrok](https://ngrok.com/) to expose your local


     

       

       
62

       
+

       
> server to the internet for testing purposes. Just set the `PUBLIC_URL` to the


     

       

       
63

       
+

       
> ngrok URL.
+1 -1
src/auth/client.ts 
···

       
31

       
31

       
 

       



     

       
32

       
32

       
 

       
  // If a keyset is defined (meaning the client is confidential). Let's make


     

       
33

       
33

       
 

       
  // sure it has a private key for signing. Note: findPrivateKey will throw if


     

       
34

       

       
-

       
  // the keyset does no contain a suitable private key.


     

       

       
34

       
+

       
  // the keyset does not contain a suitable private key.


     

       
35

       
35

       
 

       
  const pk = keyset?.findPrivateKey({ use: 'sig' })


     

       
36

       
36

       
 

       



     

       
37

       
37

       
 

       
  const clientMetadata: OAuthClientMetadataInput = env.PUBLIC_URL