knotbin.com / airport
Graphical PDS migrator for AT Protocol
fork atom

fix logout

knotbin.com 18132f36 2f5c846a

options
unified split
Changed files
+27 -17
main.ts
routes
api
logout.ts
me.ts
+4 -7
main.ts 
···

       
12

       
12

       
 

       
  const url = new URL(ctx.req.url);


     

       
13

       
13

       
 

       
  const needsAuth = url.pathname.startsWith("/migrate");


     

       
14

       
14

       
 

       
  


     

       
15

       

       
-

       
  // Skip auth check for login page and API endpoints


     

       
16

       

       
-

       
  if (url.pathname === "/login" || url.pathname.startsWith("/api/")) {


     

       

       
15

       
+

       
  // Skip auth check if not a protected route


     

       

       
16

       
+

       
  if (!needsAuth || url.pathname === "/login" || url.pathname.startsWith("/api/")) {


     

       
17

       
17

       
 

       
    return ctx.next();


     

       
18

       
18

       
 

       
  }


     

       
19

       
19

       
 

       



     
···

       
37

       
37

       
 

       
    const isAuthenticated = json && typeof json === 'object' && json.did;


     

       
38

       
38

       
 

       
    ctx.state.auth = isAuthenticated;


     

       
39

       
39

       
 

       
    


     

       
40

       

       
-

       
    if (needsAuth && !isAuthenticated) {


     

       

       
40

       
+

       
    if (!isAuthenticated) {


     

       
41

       
41

       
 

       
      console.log("[auth] Authentication required but not authenticated");


     

       
42

       
42

       
 

       
      return ctx.redirect("/login");


     

       
43

       
43

       
 

       
    }


     
···

       
46

       
46

       
 

       
  } catch (err) {


     

       
47

       
47

       
 

       
    console.error("[auth] Middleware error:", err);


     

       
48

       
48

       
 

       
    ctx.state.auth = false;


     

       
49

       

       
-

       
    if (needsAuth) {


     

       
50

       

       
-

       
      return ctx.redirect("/login");


     

       
51

       

       
-

       
    }


     

       
52

       

       
-

       
    return ctx.next();


     

       

       
49

       
+

       
    return ctx.redirect("/login");


     

       
53

       
50

       
 

       
  }


     

       
54

       
51

       
 

       
});


     

       
55

       
52

       
 

       
app.use(authMiddleware);
+22 -3
routes/api/logout.ts 
···

       
1

       

       
-

       
import { destroyAllSessions } from "../../lib/sessions.ts";


     

       

       
1

       
+

       
import { getSession } from "../../lib/sessions.ts";


     

       

       
2

       
+

       
import { oauthClient } from "../../lib/oauth/client.ts";


     

       
2

       
3

       
 

       
import { define } from "../../utils.ts";


     

       
3

       
4

       
 

       



     

       
4

       
5

       
 

       
export const handler = define.handlers({


     

       
5

       
6

       
 

       
  async POST(ctx) {


     

       
6

       

       
-

       
    await destroyAllSessions(ctx.req)


     

       

       
7

       
+

       
    const req = ctx.req;


     

       

       
8

       
+

       



     

       

       
9

       
+

       
    try {


     

       

       
10

       
+

       
      const response = new Response(null, { status: 200 });


     

       

       
11

       
+

       
      const session = await getSession(req, response);


     

       

       
12

       
+

       



     

       

       
13

       
+

       
      if (session.did) {


     

       

       
14

       
+

       
        // Try to revoke both types of sessions - the one that doesn't exist will just no-op


     

       

       
15

       
+

       
        await Promise.all([


     

       

       
16

       
+

       
          oauthClient.revoke(session.did).catch(console.error)


     

       

       
17

       
+

       
        ]);


     

       

       
18

       
+

       
        // Then destroy the iron session


     

       

       
19

       
+

       
        session.destroy();


     

       

       
20

       
+

       
      }


     

       
7

       
21

       
 

       



     

       
8

       

       
-

       
    return new Response("All Sessions Destroyed")


     

       

       
22

       
+

       
      return response;


     

       

       
23

       
+

       
    } catch (error: unknown) {


     

       

       
24

       
+

       
      const err = error instanceof Error ? error : new Error(String(error));


     

       

       
25

       
+

       
      console.error("Logout failed:", err.message);


     

       

       
26

       
+

       
      return new Response("Logout failed", { status: 500 });


     

       

       
27

       
+

       
    }


     

       
9

       
28

       
 

       
  },


     

       
10

       
29

       
 

       
});
+1 -7
routes/api/me.ts 
···

       
22

       
22

       
 

       
        });


     

       
23

       
23

       
 

       
      }


     

       
24

       
24

       
 

       



     

       
25

       

       
-

       
      console.log("[/api/me] Got agent, checking authentication");


     

       
26

       
25

       
 

       
      const session = await agent.com.atproto.server.getSession();


     

       
27

       

       
-

       
      console.log("[/api/me] Session info:", {


     

       
28

       

       
-

       
        did: session.data.did,


     

       
29

       

       
-

       
        handle: session.data.handle


     

       
30

       

       
-

       
      });


     

       
31

       
26

       
 

       



     

       
32

       
27

       
 

       
      const handle = await resolver.resolveDidToHandle(session.data.did);


     

       
33

       

       
-

       
      console.log("[/api/me] Resolved handle:", handle);


     

       
34

       
28

       
 

       



     

       
35

       
29

       
 

       
      const responseData = {


     

       
36

       
30

       
 

       
        did: session.data.did,


     
···

       
46

       
40

       
 

       
      });


     

       
47

       
41

       
 

       
    } catch (err) {


     

       
48

       
42

       
 

       
      const message = err instanceof Error ? err.message : String(err);


     

       
49

       

       
-

       
      console.error("[/api/me] Error:", { 


     

       

       
43

       
+

       
      console.error("[/api/me] Error:", {


     

       
50

       
44

       
 

       
        error: message,


     

       
51

       
45

       
 

       
        stack: err instanceof Error ? err.stack : undefined,


     

       
52

       
46

       
 

       
        url: req.url,