gmstn.systems / shard
decentralised message store
fork atom

refactor!: remember channels per session

serenity 05440ebb 6f74d9a3

options
unified split
Changed files
+23 -6
src
lib
handlers
handshake.ts
sessions.ts
+8 -2
src/lib/handlers/handshake.ts 
···

       
29

       
29

       
 

       
        });


     

       
30

       
30

       
 

       
    }


     

       
31

       
31

       
 

       



     

       
32

       

       
-

       
    const { interServiceJwt } = handshakeData;


     

       

       
32

       
+

       
    const { interServiceJwt, channelAtUris: channelAtUriStrings } =


     

       

       
33

       
+

       
        handshakeData;


     

       

       
34

       
+

       
    const allowedChannels = channelAtUriStrings.map((channel) => {


     

       

       
35

       
+

       
        const res = stringToAtUri(channel);


     

       

       
36

       
+

       
        if (!res.ok) return;


     

       

       
37

       
+

       
        return res.data;


     

       

       
38

       
+

       
    });


     

       
33

       
39

       
 

       



     

       
34

       
40

       
 

       
    const verifyJwtResult = await verifyServiceJwt(interServiceJwt);


     

       
35

       
41

       
 

       
    if (!verifyJwtResult.ok) {


     
···

       
176

       
182

       
 

       



     

       
177

       
183

       
 

       
    // yipee, it's a valid request :3


     

       
178

       
184

       
 

       



     

       
179

       

       
-

       
    const sessionInfo = issueNewHandshakeToken();


     

       

       
185

       
+

       
    const sessionInfo = issueNewHandshakeToken(allowedChannels);


     

       
180

       
186

       
 

       



     

       
181

       
187

       
 

       
    return newSuccessResponse({ sessionInfo });


     

       
182

       
188

       
 

       
};
+15 -4
src/lib/sessions.ts 
···

       
3

       
3

       
 

       
import { SESSIONS_SECRET } from "@/lib/utils/crypto";


     

       
4

       
4

       
 

       
import { z } from "zod";


     

       
5

       
5

       
 

       
import type { Result } from "@/lib/utils/result";


     

       

       
6

       
+

       
import type { AtUri } from "@/lib/types/atproto";


     

       

       
7

       
+

       
import { atUriSchema } from "@/lib/types/atproto";


     

       
6

       
8

       
 

       



     

       
7

       
9

       
 

       
export const sessionInfoSchema = z.object({


     

       
8

       
10

       
 

       
    id: z.string(),


     

       
9

       
11

       
 

       
    token: z.string(),


     

       
10

       
12

       
 

       
    fingerprint: z.string(),


     

       

       
13

       
+

       
    allowedChannels: z.array(atUriSchema),


     

       
11

       
14

       
 

       
});


     

       
12

       
15

       
 

       
export type SessionInfo = z.infer<typeof sessionInfoSchema>;


     

       
13

       
16

       
 

       



     
···

       
15

       
18

       
 

       
    return crypto.randomUUID();


     

       
16

       
19

       
 

       
};


     

       
17

       
20

       
 

       



     

       
18

       

       
-

       
export const generateSessionInfo = (sessionId: string): SessionInfo => {


     

       

       
21

       
+

       
export const generateSessionInfo = (


     

       

       
22

       
+

       
    sessionId: string,


     

       

       
23

       
+

       
    allowedChannels: Array<AtUri>,


     

       

       
24

       
+

       
): SessionInfo => {


     

       
19

       
25

       
 

       
    const token = crypto.randomBytes(32).toString("base64url");


     

       
20

       
26

       
 

       



     

       
21

       
27

       
 

       
    const hmac = crypto.createHmac("sha256", SESSIONS_SECRET);


     

       
22

       
28

       
 

       
    hmac.update(`${token}:${sessionId}`);


     

       
23

       
29

       
 

       
    const fingerprint = hmac.digest("hex");


     

       
24

       
30

       
 

       



     

       
25

       

       
-

       
    return { id: sessionId, token, fingerprint };


     

       

       
31

       
+

       
    return { id: sessionId, token, fingerprint, allowedChannels };


     

       
26

       
32

       
 

       
};


     

       
27

       
33

       
 

       



     

       
28

       
34

       
 

       
export const verifyHandshakeToken = ({


     
···

       
46

       
52

       
 

       



     

       
47

       
53

       
 

       
export const issuedHandshakes = new Map<string, SessionInfo>();


     

       
48

       
54

       
 

       



     

       
49

       

       
-

       
export const issueNewHandshakeToken = () => {


     

       

       
55

       
+

       
export const issueNewHandshakeToken = (


     

       

       
56

       
+

       
    allowedChannels: Array<AtUri | undefined>,


     

       

       
57

       
+

       
) => {


     

       

       
58

       
+

       
    const filteredChannels = allowedChannels.filter(


     

       

       
59

       
+

       
        (channels) => channels !== undefined,


     

       

       
60

       
+

       
    );


     

       
50

       
61

       
 

       
    const sessionId = generateSessionId();


     

       
51

       

       
-

       
    const sessionInfo = generateSessionInfo(sessionId);


     

       

       
62

       
+

       
    const sessionInfo = generateSessionInfo(sessionId, filteredChannels);


     

       
52

       
63

       
 

       
    issuedHandshakes.set(sessionInfo.id, sessionInfo);


     

       
53

       
64

       
 

       
    return sessionInfo;


     

       
54

       
65

       
 

       
};