commit 8c01019eff6f8768c3ea55f5a6acb07fcece0cb7 · knotbin.com/airport

+112

auth/creds/sessions.ts

···

       1
       1
       +
       import { Agent } from "npm:@atproto/api";

     

       2
       2
       +
       import { getIronSession, SessionOptions } from "npm:iron-session";

     

       3
       3
       +
       import { CredentialSession, createSessionOptions } from "../types.ts";

     

       4
       4
       +
       

     

       5
       5
       +
       const migrationSessionOptions = createSessionOptions("migration_sid");

     

       6
       6
       +
       const credentialSessionOptions = createSessionOptions("cred_sid");

     

       7
       7
       +
       

     

       8
       8
       +
       export function getCredentialSession(

     

       9
       9
       +
         req: Request,

     

       10
       10
       +
         res: Response = new Response(),

     

       11
       11
       +
         options: SessionOptions

     

       12
       12
       +
       ) {

     

       13
       13
       +
         return getIronSession<CredentialSession>(

     

       14
       14
       +
           req,

     

       15
       15
       +
           res,

     

       16
       16
       +
           options,

     

       17
       17
       +
         );

     

       18
       18
       +
       }

     

       19
       19
       +
       

     

       20
       20
       +
       export async function getCredentialAgent(

     

       21
       21
       +
         req: Request,

     

       22
       22
       +
         res: Response = new Response(),

     

       23
       23
       +
         isMigration: boolean = false,

     

       24
       24
       +
       ) {

     

       25
       25
       +
         const session = await getCredentialSession(

     

       26
       26
       +
           req,

     

       27
       27
       +
           res,

     

       28
       28
       +
           isMigration ?

     

       29
       29
       +
           migrationSessionOptions : credentialSessionOptions

     

       30
       30
       +
         );

     

       31
       31
       +
         if (!session.did || !session.service) {

     

       32
       32
       +
           return null;

     

       33
       33
       +
         }

     

       34
       34
       +
       

     

       35
       35
       +
         try {

     

       36
       36
       +
           return new Agent({

     

       37
       37
       +
             service: session.service,

     

       38
       38
       +
           });

     

       39
       39
       +
         } catch (err) {

     

       40
       40
       +
           console.warn("Failed to create migration agent:", err);

     

       41
       41
       +
           session.destroy();

     

       42
       42
       +
           return null;

     

       43
       43
       +
         }

     

       44
       44
       +
       }

     

       45
       45
       +
       

     

       46
       46
       +
       export async function setCredentialSession(

     

       47
       47
       +
         req: Request,

     

       48
       48
       +
         res: Response,

     

       49
       49
       +
         data: CredentialSession,

     

       50
       50
       +
         isMigration: boolean = false,

     

       51
       51
       +
       ) {

     

       52
       52
       +
         const session = await getCredentialSession(

     

       53
       53
       +
           req,

     

       54
       54
       +
           res,

     

       55
       55
       +
           isMigration ?

     

       56
       56
       +
           migrationSessionOptions : credentialSessionOptions

     

       57
       57
       +
         );

     

       58
       58
       +
         session.did = data.did;

     

       59
       59
       +
         session.handle = data.handle;

     

       60
       60
       +
         session.service = data.service;

     

       61
       61
       +
         session.password = data.password;

     

       62
       62
       +
         await session.save();

     

       63
       63
       +
         return session;

     

       64
       64
       +
       }

     

       65
       65
       +
       

     

       66
       66
       +
       export async function getCredentialSessionAgent(

     

       67
       67
       +
         req: Request,

     

       68
       68
       +
         res: Response = new Response(),

     

       69
       69
       +
         isMigration: boolean = false,

     

       70
       70
       +
       ) {

     

       71
       71
       +
         const session = await getCredentialSession(

     

       72
       72
       +
           req,

     

       73
       73
       +
           res,

     

       74
       74
       +
           isMigration ?

     

       75
       75
       +
           migrationSessionOptions : credentialSessionOptions

     

       76
       76
       +
         );

     

       77
       77
       +
       

     

       78
       78
       +
         if (

     

       79
       79
       +
           !session.did || !session.service || !session.handle || !session.password

     

       80
       80
       +
         ) {

     

       81
       81
       +
           return null;

     

       82
       82
       +
         }

     

       83
       83
       +
       

     

       84
       84
       +
         try {

     

       85
       85
       +
           console.log("Creating agent with service:", session.service);

     

       86
       86
       +
           const agent = new Agent({ service: session.service });

     

       87
       87
       +
       

     

       88
       88
       +
           // Attempt to restore session by creating a new one

     

       89
       89
       +
           try {

     

       90
       90
       +
             console.log("Attempting to create session for:", session.handle);

     

       91
       91
       +
             const sessionRes = await agent.com.atproto.server.createSession({

     

       92
       92
       +
               identifier: session.handle,

     

       93
       93
       +
               password: session.password,

     

       94
       94
       +
             });

     

       95
       95
       +
             console.log("Session created successfully:", !!sessionRes);

     

       96
       96
       +
       

     

       97
       97
       +
             // Set the auth tokens in the agent

     

       98
       98
       +
             agent.setHeader("Authorization", `Bearer ${sessionRes.data.accessJwt}`);

     

       99
       99
       +
       

     

       100
       100
       +
             return agent;

     

       101
       101
       +
           } catch (err) {

     

       102
       102
       +
             // Session creation failed, clear the session

     

       103
       103
       +
             console.error("Failed to create session:", err);

     

       104
       104
       +
             session.destroy();

     

       105
       105
       +
             return null;

     

       106
       106
       +
           }

     

       107
       107
       +
         } catch (err) {

     

       108
       108
       +
           console.warn("Failed to create migration agent:", err);

     

       109
       109
       +
           session.destroy();

     

       110
       110
       +
           return null;

     

       111
       111
       +
         }

     

       112
       112
       +
       }

+41

auth/oauth/sessions.ts

···

       1
       1
       +
       import { Agent } from "npm:@atproto/api";

     

       2
       2
       +
       import { getIronSession } from "npm:iron-session";

     

       3
       3
       +
       import { oauthClient } from "./client.ts";

     

       4
       4
       +
       import { OauthSession, createSessionOptions } from "../types.ts";

     

       5
       5
       +
       

     

       6
       6
       +
       const oauthSessionOptions = createSessionOptions("oauth_sid");

     

       7
       7
       +
       

     

       8
       8
       +
       export async function getOauthSessionAgent(

     

       9
       9
       +
         req: Request

     

       10
       10
       +
       ) {

     

       11
       11
       +
         const res = new Response();

     

       12
       12
       +
         const session = await getIronSession<OauthSession>(

     

       13
       13
       +
           req,

     

       14
       14
       +
           res,

     

       15
       15
       +
           oauthSessionOptions,

     

       16
       16
       +
         );

     

       17
       17
       +
       

     

       18
       18
       +
         if (!session.did) {

     

       19
       19
       +
           return null;

     

       20
       20
       +
         }

     

       21
       21
       +
       

     

       22
       22
       +
         try {

     

       23
       23
       +
           const oauthSession = await oauthClient.restore(session.did);

     

       24
       24
       +
           return oauthSession ? new Agent(oauthSession) : null;

     

       25
       25
       +
         } catch (err) {

     

       26
       26
       +
           console.warn({ err }, "oauth restore failed");

     

       27
       27
       +
           session.destroy();

     

       28
       28
       +
           return null;

     

       29
       29
       +
         }

     

       30
       30
       +
       }

     

       31
       31
       +
       

     

       32
       32
       +
       export function getOauthSession(

     

       33
       33
       +
         req: Request,

     

       34
       34
       +
         res: Response = new Response(),

     

       35
       35
       +
       ) {

     

       36
       36
       +
         return getIronSession<OauthSession>(

     

       37
       37
       +
           req,

     

       38
       38
       +
           res,

     

       39
       39
       +
           oauthSessionOptions,

     

       40
       40
       +
         );

     

       41
       41
       +
       }

+51

auth/sessions.ts

···

       1
       1
       +
       import { Agent } from "npm:@atproto/api";

     

       2
       2
       +
       import { OauthSession, CredentialSession, createSessionOptions } from "./types.ts";

     

       3
       3
       +
       import { getCredentialSession, getCredentialSessionAgent } from "./creds/sessions.ts";

     

       4
       4
       +
       import { getOauthSession, getOauthSessionAgent } from "./oauth/sessions.ts";

     

       5
       5
       +
       import { IronSession } from "npm:iron-session";

     

       6
       6
       +
       

     

       7
       7
       +
       const migrationSessionOptions = createSessionOptions("migration_sid");

     

       8
       8
       +
       const credentialSessionOptions = createSessionOptions("cred_sid");

     

       9
       9
       +
       

     

       10
       10
       +
       export async function getSession(

     

       11
       11
       +
         req: Request,

     

       12
       12
       +
         res: Response = new Response(),

     

       13
       13
       +
         isMigration: boolean = false

     

       14
       14
       +
       ): Promise<IronSession<OauthSession | CredentialSession>> {

     

       15
       15
       +
         if (isMigration) {

     

       16
       16
       +
           return await getCredentialSession(req, res, migrationSessionOptions);

     

       17
       17
       +
         }

     

       18
       18
       +
         const oauthSession = await getOauthSession(req);

     

       19
       19
       +
         const credentialSession = await getCredentialSession(req, res, credentialSessionOptions);

     

       20
       20
       +
       

     

       21
       21
       +
         if (oauthSession) {

     

       22
       22
       +
           console.log("Oauth session found")

     

       23
       23
       +
           return oauthSession;

     

       24
       24
       +
         }

     

       25
       25
       +
         if (credentialSession) {

     

       26
       26
       +
           return credentialSession;

     

       27
       27
       +
         }

     

       28
       28
       +
       

     

       29
       29
       +
         throw new Error("No session found");

     

       30
       30
       +
       }

     

       31
       31
       +
       

     

       32
       32
       +
       export async function getSessionAgent(

     

       33
       33
       +
         req: Request,

     

       34
       34
       +
         res: Response = new Response(),

     

       35
       35
       +
         isMigration: boolean = false

     

       36
       36
       +
       ): Promise<Agent | null> {

     

       37
       37
       +
         if (isMigration) {

     

       38
       38
       +
           return await getCredentialSessionAgent(req, res, isMigration);

     

       39
       39
       +
         }

     

       40
       40
       +
       

     

       41
       41
       +
         const oauthAgent = await getOauthSessionAgent(req);

     

       42
       42
       +
         if (oauthAgent) {

     

       43
       43
       +
           return oauthAgent;

     

       44
       44
       +
         }

     

       45
       45
       +
         const credentialAgent = await getCredentialSessionAgent(req, res, isMigration);

     

       46
       46
       +
         if (credentialAgent) {

     

       47
       47
       +
           return credentialAgent;

     

       48
       48
       +
         }

     

       49
       49
       +
       

     

       50
       50
       +
         return null;

     

       51
       51
       +
       }

+37

auth/types.ts

···

       1
       1
       +
       import { SessionOptions } from "npm:iron-session";

     

       2
       2
       +
       

     

       3
       3
       +
       export interface OauthSession {

     

       4
       4
       +
         did: string

     

       5
       5
       +
       }

     

       6
       6
       +
       

     

       7
       7
       +
       export interface CredentialSession {

     

       8
       8
       +
         did: string;

     

       9
       9
       +
         handle: string;

     

       10
       10
       +
         service: string;

     

       11
       11
       +
         password: string;

     

       12
       12
       +
         recoveryKey?: string;

     

       13
       13
       +
         recoveryKeyDid?: string;

     

       14
       14
       +
         credentials?: {

     

       15
       15
       +
           rotationKeys: string[];

     

       16
       16
       +
           [key: string]: unknown;

     

       17
       17
       +
         };

     

       18
       18
       +
       }

     

       19
       19
       +
       

     

       20
       20
       +
       export const createSessionOptions = (cookieName: string): SessionOptions =>  {

     

       21
       21
       +
           const cookieSecret = Deno.env.get("COOKIE_SECRET");

     

       22
       22
       +
           if (!cookieSecret) {

     

       23
       23
       +
               throw new Error("COOKIE_SECRET is not set");

     

       24
       24
       +
           }

     

       25
       25
       +
       

     

       26
       26
       +
           return {

     

       27
       27
       +
               cookieName: cookieName,

     

       28
       28
       +
               password: cookieSecret,

     

       29
       29
       +
               cookieOptions: {

     

       30
       30
       +
                   secure: Deno.env.get("NODE_ENV") === "production" || Deno.env.get("NODE_ENV") === "staging",

     

       31
       31
       +
                   httpOnly: true,

     

       32
       32
       +
                   sameSite: "lax",

     

       33
       33
       +
                   path: "/",

     

       34
       34
       +
                   domain: undefined,

     

       35
       35
       +
               },

     

       36
       36
       +
           }

     

       37
       37
       +
       };

+7 -7

islands/MigrationProgress.tsx

···

       97
       97
        
             console.log("Starting account creation...");

     

       98
       98
        
       

     

       99
       99
        
             try {

     

       100
       100
       -
               const createRes = await fetch("/api/server/migrate/create", {

     

       100
       100
       +
               const createRes = await fetch("/api/migrate/create", {

     

       101
       101
        
                 method: "POST",

     

       102
       102
        
                 headers: { "Content-Type": "application/json" },

     

       103
       103
        
                 body: JSON.stringify({

     
···

       141
       141
        
             console.log("Starting data migration...");

     

       142
       142
        
       

     

       143
       143
        
             try {

     

       144
       144
       -
               const dataRes = await fetch("/api/server/migrate/data", {

     

       144
       144
       +
               const dataRes = await fetch("/api/migrate/data", {

     

       145
       145
        
                 method: "POST",

     

       146
       146
        
                 headers: { "Content-Type": "application/json" },

     

       147
       147
        
               });

     
···

       180
       180
        
             console.log("Requesting identity migration...");

     

       181
       181
        
       

     

       182
       182
        
             try {

     

       183
       183
       -
               const requestRes = await fetch("/api/server/migrate/identity/request", {

     

       183
       183
       +
               const requestRes = await fetch("/api/migrate/identity/request", {

     

       184
       184
        
                 method: "POST",

     

       185
       185
        
                 headers: { "Content-Type": "application/json" },

     

       186
       186
        
               });

     
···

       231
       231
        
       

     

       232
       232
        
           try {

     

       233
       233
        
             const identityRes = await fetch(

     

       234
       234
       -
               `/api/server/migrate/identity/sign?token=${encodeURIComponent(token)}`,

     

       234
       234
       +
               `/api/migrate/identity/sign?token=${encodeURIComponent(token)}`,

     

       235
       235
        
               {

     

       236
       236
        
                 method: "POST",

     

       237
       237
        
                 headers: { "Content-Type": "application/json" },

     
···

       251
       251
        
               if (!data.success) {

     

       252
       252
        
                 throw new Error(data.message || "Identity migration failed");

     

       253
       253
        
               }

     

       254
       254
       -
             } catch (e) {

     

       254
       254
       +
             } catch {

     

       255
       255
        
               throw new Error("Invalid response from server");

     

       256
       256
        
             }

     

       257
       257
        
       

     
···

       261
       261
        
             // Step 5: Finalize Migration

     

       262
       262
        
             updateStepStatus(4, "in-progress");

     

       263
       263
        
             try {

     

       264
       264
       -
               const finalizeRes = await fetch("/api/server/migrate/finalize", {

     

       264
       264
       +
               const finalizeRes = await fetch("/api/migrate/finalize", {

     

       265
       265
        
                 method: "POST",

     

       266
       266
        
                 headers: { "Content-Type": "application/json" },

     

       267
       267
        
               });

     
···

       276
       276
        
                 if (!jsonData.success) {

     

       277
       277
        
                   throw new Error(jsonData.message || "Finalization failed");

     

       278
       278
        
                 }

     

       279
       279
       -
               } catch (e) {

     

       279
       279
       +
               } catch {

     

       280
       280
        
                 throw new Error("Invalid response from server during finalization");

     

       281
       281
        
               }

     

       282
       282

+1 -1

oauth/client.ts auth/oauth/client.ts

···

       1
       1
        
       import { AtprotoOAuthClient } from "jsr:@bigmoves/atproto-oauth-client";

     

       2
       2
       -
       import { SessionStore, StateStore } from "./storage.ts";

     

       2
       2
       +
       import { SessionStore, StateStore } from "../storage.ts";

     

       3
       3
        
       

     

       4
       4
        
       export const createClient = (db: Deno.Kv) => {

     

       5
       5
        
         if (Deno.env.get("NODE_ENV") == "production" && !Deno.env.get("PUBLIC_URL")) {

-174

oauth/session.ts

···

       1
       1
       -
       import { Agent } from "npm:@atproto/api";

     

       2
       2
       -
       import { getIronSession, SessionOptions } from "npm:iron-session";

     

       3
       3
       -
       import { oauthClient } from "./client.ts";

     

       4
       4
       -
       

     

       5
       5
       -
       export interface Session {

     

       6
       6
       -
         did: string;

     

       7
       7
       -
         newAccountDid?: string;

     

       8
       8
       -
       }

     

       9
       9
       -
       

     

       10
       10
       -
       export interface MigrationSession {

     

       11
       11
       -
         did: string;

     

       12
       12
       -
         handle: string;

     

       13
       13
       -
         service: string;

     

       14
       14
       -
         password: string;

     

       15
       15
       -
         recoveryKey?: string;

     

       16
       16
       -
         recoveryKeyDid?: string;

     

       17
       17
       -
         credentials?: {

     

       18
       18
       -
           rotationKeys: string[];

     

       19
       19
       -
           [key: string]: unknown;

     

       20
       20
       -
         };

     

       21
       21
       -
       }

     

       22
       22
       -
       

     

       23
       23
       -
       export interface State {

     

       24
       24
       -
         session?: Session;

     

       25
       25
       -
         sessionUser?: Agent;

     

       26
       26
       -
         migrationSession?: MigrationSession;

     

       27
       27
       -
         migrationAgent?: Agent;

     

       28
       28
       -
       }

     

       29
       29
       -
       

     

       30
       30
       -
       const cookieSecret = Deno.env.get("COOKIE_SECRET");

     

       31
       31
       -
       console.log("COOKIE_SECRET", cookieSecret);

     

       32
       32
       -
       

     

       33
       33
       -
       const sessionOptions: SessionOptions = {

     

       34
       34
       -
         cookieName: "sid",

     

       35
       35
       -
         password: cookieSecret!,

     

       36
       36
       -
         cookieOptions: {

     

       37
       37
       -
           secure: Deno.env.get("NODE_ENV") === "production",

     

       38
       38
       -
           httpOnly: true,

     

       39
       39
       -
           sameSite: "lax",

     

       40
       40
       -
           path: "/",

     

       41
       41
       -
           domain: undefined,

     

       42
       42
       -
         },

     

       43
       43
       -
       };

     

       44
       44
       -
       

     

       45
       45
       -
       const migrationSessionOptions: SessionOptions = {

     

       46
       46
       -
         cookieName: "migration_sid",

     

       47
       47
       -
         password: cookieSecret!,

     

       48
       48
       -
         cookieOptions: {

     

       49
       49
       -
           secure: Deno.env.get("NODE_ENV") === "production",

     

       50
       50
       -
           httpOnly: true,

     

       51
       51
       -
           sameSite: "lax",

     

       52
       52
       -
           path: "/",

     

       53
       53
       -
           domain: undefined,

     

       54
       54
       -
         },

     

       55
       55
       -
       };

     

       56
       56
       -
       

     

       57
       57
       -
       export async function getSessionAgent(

     

       58
       58
       -
         req: Request

     

       59
       59
       -
       ) {

     

       60
       60
       -
         const res = new Response();

     

       61
       61
       -
         const session = await getIronSession<Session>(

     

       62
       62
       -
           req,

     

       63
       63
       -
           res,

     

       64
       64
       -
           sessionOptions,

     

       65
       65
       -
         );

     

       66
       66
       -
       

     

       67
       67
       -
         if (!session.did) {

     

       68
       68
       -
           return null;

     

       69
       69
       -
         }

     

       70
       70
       -
       

     

       71
       71
       -
         try {

     

       72
       72
       -
           const oauthSession = await oauthClient.restore(session.did);

     

       73
       73
       -
           return oauthSession ? new Agent(oauthSession) : null;

     

       74
       74
       -
         } catch (err) {

     

       75
       75
       -
           console.warn({ err }, "oauth restore failed");

     

       76
       76
       -
           session.destroy();

     

       77
       77
       -
           return null;

     

       78
       78
       -
         }

     

       79
       79
       -
       }

     

       80
       80
       -
       

     

       81
       81
       -
       export function getSession(req: Request, res: Response = new Response()) {

     

       82
       82
       -
         return getIronSession<Session>(req, res, sessionOptions);

     

       83
       83
       -
       }

     

       84
       84
       -
       

     

       85
       85
       -
       export function getMigrationSession(

     

       86
       86
       -
         req: Request,

     

       87
       87
       -
         res: Response = new Response(),

     

       88
       88
       -
       ) {

     

       89
       89
       -
         return getIronSession<MigrationSession>(req, res, migrationSessionOptions);

     

       90
       90
       -
       }

     

       91
       91
       -
       

     

       92
       92
       -
       export async function getMigrationAgent(

     

       93
       93
       -
         req: Request,

     

       94
       94
       -
         res: Response = new Response(),

     

       95
       95
       -
       ) {

     

       96
       96
       -
         const session = await getMigrationSession(req, res);

     

       97
       97
       -
         if (!session.did || !session.service) {

     

       98
       98
       -
           return null;

     

       99
       99
       -
         }

     

       100
       100
       -
       

     

       101
       101
       -
         try {

     

       102
       102
       -
           return new Agent({

     

       103
       103
       -
             service: session.service,

     

       104
       104
       -
           });

     

       105
       105
       -
         } catch (err) {

     

       106
       106
       -
           console.warn("Failed to create migration agent:", err);

     

       107
       107
       -
           session.destroy();

     

       108
       108
       -
           return null;

     

       109
       109
       -
         }

     

       110
       110
       -
       }

     

       111
       111
       -
       

     

       112
       112
       -
       export async function setMigrationSession(

     

       113
       113
       -
         req: Request,

     

       114
       114
       -
         res: Response,

     

       115
       115
       -
         data: MigrationSession,

     

       116
       116
       -
       ) {

     

       117
       117
       -
         const session = await getMigrationSession(req, res);

     

       118
       118
       -
         session.did = data.did;

     

       119
       119
       -
         session.handle = data.handle;

     

       120
       120
       -
         session.service = data.service;

     

       121
       121
       -
         session.password = data.password;

     

       122
       122
       -
         await session.save();

     

       123
       123
       -
         return session;

     

       124
       124
       -
       }

     

       125
       125
       -
       

     

       126
       126
       -
       export async function getMigrationSessionAgent(

     

       127
       127
       -
         req: Request,

     

       128
       128
       -
         res: Response = new Response(),

     

       129
       129
       -
       ) {

     

       130
       130
       -
         const session = await getMigrationSession(req, res);

     

       131
       131
       -
         console.log("Migration session data:", {

     

       132
       132
       -
           hasDid: !!session.did,

     

       133
       133
       -
           hasService: !!session.service,

     

       134
       134
       -
           hasHandle: !!session.handle,

     

       135
       135
       -
           hasPassword: !!session.password,

     

       136
       136
       -
           sessionData: session,

     

       137
       137
       -
         });

     

       138
       138
       -
       

     

       139
       139
       -
         if (

     

       140
       140
       -
           !session.did || !session.service || !session.handle || !session.password

     

       141
       141
       -
         ) {

     

       142
       142
       -
           console.log("Missing required session data");

     

       143
       143
       -
           return null;

     

       144
       144
       -
         }

     

       145
       145
       -
       

     

       146
       146
       -
         try {

     

       147
       147
       -
           console.log("Creating agent with service:", session.service);

     

       148
       148
       -
           const agent = new Agent({ service: session.service });

     

       149
       149
       -
       

     

       150
       150
       -
           // Attempt to restore session by creating a new one

     

       151
       151
       -
           try {

     

       152
       152
       -
             console.log("Attempting to create session for:", session.handle);

     

       153
       153
       -
             const sessionRes = await agent.com.atproto.server.createSession({

     

       154
       154
       -
               identifier: session.handle,

     

       155
       155
       -
               password: session.password,

     

       156
       156
       -
             });

     

       157
       157
       -
             console.log("Session created successfully:", !!sessionRes);

     

       158
       158
       -
       

     

       159
       159
       -
             // Set the auth tokens in the agent

     

       160
       160
       -
             agent.setHeader("Authorization", `Bearer ${sessionRes.data.accessJwt}`);

     

       161
       161
       -
       

     

       162
       162
       -
             return agent;

     

       163
       163
       -
           } catch (err) {

     

       164
       164
       -
             // Session creation failed, clear the session

     

       165
       165
       -
             console.error("Failed to create session:", err);

     

       166
       166
       -
             await session.destroy();

     

       167
       167
       -
             return null;

     

       168
       168
       -
           }

     

       169
       169
       -
         } catch (err) {

     

       170
       170
       -
           console.warn("Failed to create migration agent:", err);

     

       171
       171
       -
           await session.destroy();

     

       172
       172
       -
           return null;

     

       173
       173
       -
         }

     

       174
       174
       -
       }

oauth/storage.ts auth/storage.ts

+2 -1

routes/api/me.ts

···

       1
       1
       -
       import { getSessionAgent } from "../../oauth/session.ts";

     

       1
       1
       +
       import { getSessionAgent } from "../../auth/sessions.ts";

     

       2
       2
        
       import { define } from "../../utils.ts";

     

       3
       3
        
       import { resolver } from "../../tools/id-resolver.ts";

     

       4
       4
        
       

     
···

       7
       7
        
           const req = ctx.req;

     

       8
       8
        
           const agent = await getSessionAgent(req);

     

       9
       9
        
           if (!agent) {

     

       10
       10
       +
             console.log("No agent found")

     

       10
       11
        
             return Response.json(null);

     

       11
       12
        
           }

     

       12
       13

+96

routes/api/migrate/identity/request.ts

···

       1
       1
       +
       import {

     

       2
       2
       +
         getSessionAgent,

     

       3
       3
       +
       } from "../../../../auth/sessions.ts";

     

       4
       4
       +
       import { define } from "../../../../utils.ts";

     

       5
       5
       +
       

     

       6
       6
       +
       export const handler = define.handlers({

     

       7
       7
       +
         async POST(ctx) {

     

       8
       8
       +
           const res = new Response();

     

       9
       9
       +
           try {

     

       10
       10
       +
             console.log("Starting identity migration request...");

     

       11
       11
       +
             const oldAgent = await getSessionAgent(ctx.req);

     

       12
       12
       +
             console.log("Got old agent:", {

     

       13
       13
       +
               hasDid: !!oldAgent?.did,

     

       14
       14
       +
               hasSession: !!oldAgent,

     

       15
       15
       +
               did: oldAgent?.did,

     

       16
       16
       +
             });

     

       17
       17
       +
       

     

       18
       18
       +
             const newAgent = await getSessionAgent(ctx.req, res, true);

     

       19
       19
       +
             console.log("Got new agent:", {

     

       20
       20
       +
               hasAgent: !!newAgent,

     

       21
       21
       +
             });

     

       22
       22
       +
       

     

       23
       23
       +
             if (!oldAgent) {

     

       24
       24
       +
               return new Response(

     

       25
       25
       +
                 JSON.stringify({

     

       26
       26
       +
                   success: false,

     

       27
       27
       +
                   message: "Unauthorized",

     

       28
       28
       +
                 }),

     

       29
       29
       +
                 {

     

       30
       30
       +
                   status: 401,

     

       31
       31
       +
                   headers: { "Content-Type": "application/json" },

     

       32
       32
       +
                 },

     

       33
       33
       +
               );

     

       34
       34
       +
             }

     

       35
       35
       +
             if (!newAgent) {

     

       36
       36
       +
               return new Response(

     

       37
       37
       +
                 JSON.stringify({

     

       38
       38
       +
                   success: false,

     

       39
       39
       +
                   message: "Migration session not found or invalid",

     

       40
       40
       +
                 }),

     

       41
       41
       +
                 {

     

       42
       42
       +
                   status: 400,

     

       43
       43
       +
                   headers: { "Content-Type": "application/json" },

     

       44
       44
       +
                 },

     

       45
       45
       +
               );

     

       46
       46
       +
             }

     

       47
       47
       +
       

     

       48
       48
       +
             // Request the signature

     

       49
       49
       +
             console.log("Requesting PLC operation signature...");

     

       50
       50
       +
             try {

     

       51
       51
       +
               await oldAgent.com.atproto.identity.requestPlcOperationSignature();

     

       52
       52
       +
               console.log("Successfully requested PLC operation signature");

     

       53
       53
       +
             } catch (error) {

     

       54
       54
       +
               console.error("Error requesting PLC operation signature:", {

     

       55
       55
       +
                 name: error instanceof Error ? error.name : "Unknown",

     

       56
       56
       +
                 message: error instanceof Error ? error.message : String(error),

     

       57
       57
       +
                 status: 400

     

       58
       58
       +
               });

     

       59
       59
       +
               throw error;

     

       60
       60
       +
             }

     

       61
       61
       +
       

     

       62
       62
       +
             return new Response(

     

       63
       63
       +
               JSON.stringify({

     

       64
       64
       +
                 success: true,

     

       65
       65
       +
                 message:

     

       66
       66
       +
                   "PLC operation signature requested successfully. Please check your email for the token.",

     

       67
       67
       +
               }),

     

       68
       68
       +
               {

     

       69
       69
       +
                 status: 200,

     

       70
       70
       +
                 headers: {

     

       71
       71
       +
                   "Content-Type": "application/json",

     

       72
       72
       +
                   ...Object.fromEntries(res.headers), // Include session cookie headers

     

       73
       73
       +
                 },

     

       74
       74
       +
               },

     

       75
       75
       +
             );

     

       76
       76
       +
           } catch (error) {

     

       77
       77
       +
             console.error("Identity migration request error:", {

     

       78
       78
       +
               name: error instanceof Error ? error.name : "Unknown",

     

       79
       79
       +
               message: error instanceof Error ? error.message : String(error),

     

       80
       80
       +
               stack: error instanceof Error ? error.stack : undefined,

     

       81
       81
       +
             });

     

       82
       82
       +
             return new Response(

     

       83
       83
       +
               JSON.stringify({

     

       84
       84
       +
                 success: false,

     

       85
       85
       +
                 message: error instanceof Error

     

       86
       86
       +
                   ? error.message

     

       87
       87
       +
                   : "Failed to request identity migration",

     

       88
       88
       +
               }),

     

       89
       89
       +
               {

     

       90
       90
       +
                 status: 400,

     

       91
       91
       +
                 headers: { "Content-Type": "application/json" },

     

       92
       92
       +
               },

     

       93
       93
       +
             );

     

       94
       94
       +
           }

     

       95
       95
       +
         },

     

       96
       96
       +
       });

+137

routes/api/migrate/identity/sign.ts

···

       1
       1
       +
       import {

     

       2
       2
       +
         getSessionAgent,

     

       3
       3
       +
       } from "../../../../auth/sessions.ts";

     

       4
       4
       +
       import { Secp256k1Keypair } from "npm:@atproto/crypto";

     

       5
       5
       +
       import * as ui8 from "npm:uint8arrays";

     

       6
       6
       +
       import { define } from "../../../../utils.ts";

     

       7
       7
       +
       

     

       8
       8
       +
       export const handler = define.handlers({

     

       9
       9
       +
         async POST(ctx) {

     

       10
       10
       +
           const res = new Response();

     

       11
       11
       +
           try {

     

       12
       12
       +
             const url = new URL(ctx.req.url);

     

       13
       13
       +
             const token = url.searchParams.get("token");

     

       14
       14
       +
       

     

       15
       15
       +
             if (!token) {

     

       16
       16
       +
               return new Response(

     

       17
       17
       +
                 JSON.stringify({

     

       18
       18
       +
                   success: false,

     

       19
       19
       +
                   message: "Missing param token",

     

       20
       20
       +
                 }),

     

       21
       21
       +
                 {

     

       22
       22
       +
                   status: 400,

     

       23
       23
       +
                   headers: { "Content-Type": "application/json" },

     

       24
       24
       +
                 },

     

       25
       25
       +
               );

     

       26
       26
       +
             }

     

       27
       27
       +
       

     

       28
       28
       +
             const oldAgent = await getSessionAgent(ctx.req);

     

       29
       29
       +
             const newAgent = await getSessionAgent(ctx.req, res, true);

     

       30
       30
       +
       

     

       31
       31
       +
             if (!oldAgent) {

     

       32
       32
       +
               return new Response(

     

       33
       33
       +
                 JSON.stringify({

     

       34
       34
       +
                   success: false,

     

       35
       35
       +
                   message: "Unauthorized",

     

       36
       36
       +
                 }),

     

       37
       37
       +
                 {

     

       38
       38
       +
                   status: 401,

     

       39
       39
       +
                   headers: { "Content-Type": "application/json" },

     

       40
       40
       +
                 },

     

       41
       41
       +
               );

     

       42
       42
       +
             }

     

       43
       43
       +
             if (!newAgent) {

     

       44
       44
       +
               return new Response(

     

       45
       45
       +
                 JSON.stringify({

     

       46
       46
       +
                   success: false,

     

       47
       47
       +
                   message: "Migration session not found or invalid",

     

       48
       48
       +
                 }),

     

       49
       49
       +
                 {

     

       50
       50
       +
                   status: 400,

     

       51
       51
       +
                   headers: { "Content-Type": "application/json" },

     

       52
       52
       +
                 },

     

       53
       53
       +
               );

     

       54
       54
       +
             }

     

       55
       55
       +
       

     

       56
       56
       +
             // Generate recovery key

     

       57
       57
       +
             console.log("Generating recovery key...");

     

       58
       58
       +
             const recoveryKey = await Secp256k1Keypair.create({ exportable: true });

     

       59
       59
       +
             const privateKeyBytes = await recoveryKey.export();

     

       60
       60
       +
             const privateKey = ui8.toString(privateKeyBytes, "hex");

     

       61
       61
       +
             const recoveryKeyDid = recoveryKey.did();

     

       62
       62
       +
             console.log("Generated recovery key and DID:", {

     

       63
       63
       +
               hasPrivateKey: !!privateKey,

     

       64
       64
       +
               recoveryDid: recoveryKeyDid,

     

       65
       65
       +
             });

     

       66
       66
       +
       

     

       67
       67
       +
             // Get recommended credentials

     

       68
       68
       +
             console.log("Getting recommended credentials...");

     

       69
       69
       +
             let credentials;

     

       70
       70
       +
             try {

     

       71
       71
       +
               const getDidCredentials = await newAgent.com.atproto.identity

     

       72
       72
       +
                 .getRecommendedDidCredentials();

     

       73
       73
       +
               console.log("Got recommended credentials:", {

     

       74
       74
       +
                 hasRotationKeys: !!getDidCredentials.data.rotationKeys,

     

       75
       75
       +
                 rotationKeysLength: getDidCredentials.data.rotationKeys?.length,

     

       76
       76
       +
                 data: getDidCredentials.data,

     

       77
       77
       +
               });

     

       78
       78
       +
       

     

       79
       79
       +
               const rotationKeys = getDidCredentials.data.rotationKeys ?? [];

     

       80
       80
       +
               if (!rotationKeys) {

     

       81
       81
       +
                 throw new Error("No rotation key provided");

     

       82
       82
       +
               }

     

       83
       83
       +
       

     

       84
       84
       +
               // Prepare credentials with recovery key

     

       85
       85
       +
               credentials = {

     

       86
       86
       +
                 ...getDidCredentials.data,

     

       87
       87
       +
                 rotationKeys: [recoveryKeyDid, ...rotationKeys],

     

       88
       88
       +
               };

     

       89
       89
       +
             } catch (error) {

     

       90
       90
       +
               console.error("Error getting recommended credentials:", {

     

       91
       91
       +
                 name: error instanceof Error ? error.name : "Unknown",

     

       92
       92
       +
                 message: error instanceof Error ? error.message : String(error),

     

       93
       93
       +
               });

     

       94
       94
       +
               throw error;

     

       95
       95
       +
             }

     

       96
       96
       +
       

     

       97
       97
       +
             // Sign and submit the operation

     

       98
       98
       +
             const plcOp = await oldAgent.com.atproto.identity.signPlcOperation({

     

       99
       99
       +
               token: token,

     

       100
       100
       +
               ...credentials,

     

       101
       101
       +
             });

     

       102
       102
       +
       

     

       103
       103
       +
             await newAgent.com.atproto.identity.submitPlcOperation({

     

       104
       104
       +
               operation: plcOp.data.operation,

     

       105
       105
       +
             });

     

       106
       106
       +
       

     

       107
       107
       +
             return new Response(

     

       108
       108
       +
               JSON.stringify({

     

       109
       109
       +
                 success: true,

     

       110
       110
       +
                 message: "Identity migration completed successfully",

     

       111
       111
       +
                 recoveryKey: privateKey,

     

       112
       112
       +
               }),

     

       113
       113
       +
               {

     

       114
       114
       +
                 status: 200,

     

       115
       115
       +
                 headers: {

     

       116
       116
       +
                   "Content-Type": "application/json",

     

       117
       117
       +
                   ...Object.fromEntries(res.headers), // Include session cookie headers

     

       118
       118
       +
                 },

     

       119
       119
       +
               },

     

       120
       120
       +
             );

     

       121
       121
       +
           } catch (error) {

     

       122
       122
       +
             console.error("Identity migration sign error:", error);

     

       123
       123
       +
             return new Response(

     

       124
       124
       +
               JSON.stringify({

     

       125
       125
       +
                 success: false,

     

       126
       126
       +
                 message: error instanceof Error

     

       127
       127
       +
                   ? error.message

     

       128
       128
       +
                   : "Failed to complete identity migration",

     

       129
       129
       +
               }),

     

       130
       130
       +
               {

     

       131
       131
       +
                 status: 400,

     

       132
       132
       +
                 headers: { "Content-Type": "application/json" },

     

       133
       133
       +
               },

     

       134
       134
       +
             );

     

       135
       135
       +
           }

     

       136
       136
       +
         },

     

       137
       137
       +
       });

+3 -3

routes/api/oauth/callback.ts

···

       1
       1
       -
       import { oauthClient } from "../../../oauth/client.ts";

     

       2
       2
       -
       import { getSession } from "../../../oauth/session.ts";

     

       1
       1
       +
       import { oauthClient } from "../../../auth/oauth/client.ts";

     

       2
       2
       +
       import { getOauthSession } from "../../../auth/oauth/sessions.ts";

     

       3
       3
        
       import { define } from "../../../utils.ts";

     

       4
       4
        
       

     

       5
       5
        
       export const handler = define.handlers({

     
···

       37
       37
        
             });

     

       38
       38
        
       

     

       39
       39
        
             // Create and save our client session

     

       40
       40
       -
             const clientSession = await getSession(req, response);

     

       40
       40
       +
             const clientSession = await getOauthSession(req, response);

     

       41
       41
        
             clientSession.did = session.did;

     

       42
       42
        
             await clientSession.save();

     

       43
       43

+1 -1

routes/api/oauth/initiate.ts

···

       1
       1
        
       import { isValidHandle } from 'npm:@atproto/syntax'

     

       2
       2
       -
       import { oauthClient } from "../../../oauth/client.ts";

     

       2
       2
       +
       import { oauthClient } from "../../../auth/oauth/client.ts";

     

       3
       3
        
       import { define } from "../../../utils.ts";

     

       4
       4
        
       

     

       5
       5
        
       function isValidUrl(url: string): boolean {

+3 -3

routes/api/oauth/logout.ts

···

       1
       1
       -
       import { getSession } from "../../../oauth/session.ts";

     

       2
       2
       -
       import { oauthClient } from "../../../oauth/client.ts";

     

       1
       1
       +
       import { getSession } from "../../../auth/sessions.ts";

     

       2
       2
       +
       import { oauthClient } from "../../../auth/oauth/client.ts";

     

       3
       3
        
       import { define } from "../../../utils.ts";

     

       4
       4
        
       

     

       5
       5
        
       export const handler = define.handlers({

     
···

       14
       14
        
               // First destroy the oauth session

     

       15
       15
        
               await oauthClient.revoke(session.did);

     

       16
       16
        
               // Then destroy the iron session

     

       17
       17
       -
               await session.destroy();

     

       17
       17
       +
               session.destroy();

     

       18
       18
        
             }

     

       19
       19
        
       

     

       20
       20
        
             return response;

+1 -1

routes/api/server/describe.ts

···

       1
       1
        
       

     

       2
       2
        
       import { Agent } from "@atproto/api";

     

       3
       3
       -
       import { getSessionAgent } from "../../../oauth/session.ts";

     

       3
       3
       +
       import { getSessionAgent } from "../../../auth/sessions.ts";

     

       4
       4
        
       import { define } from "../../../utils.ts";

     

       5
       5
        
       /**

     

       6
       6
        
        * Describe the server configuration and capabilities

+5 -7

routes/api/server/migrate/create.ts routes/api/migrate/create.ts

···

       1
       1
       -
       import {

     

       2
       2
       -
         getSessionAgent,

     

       3
       3
       -
         setMigrationSession,

     

       4
       4
       -
       } from "../../../../oauth/session.ts";

     

       1
       1
       +
       import { getSessionAgent } from "../../../auth/sessions.ts";

     

       2
       2
       +
       import { setCredentialSession } from "../../../auth/creds/sessions.ts";

     

       5
       3
        
       import { Agent } from "@atproto/api";

     

       6
       6
       -
       import { define } from "../../../../utils.ts";

     

       4
       4
       +
       import { define } from "../../../utils.ts";

     

       7
       5
        
       

     

       8
       6
        
       export const handler = define.handlers({

     

       9
       7
        
         async POST(ctx) {

     
···

       68
       66
        
             });

     

       69
       67
        
       

     

       70
       68
        
             // Store the migration session

     

       71
       71
       -
             await setMigrationSession(ctx.req, res, {

     

       69
       69
       +
             await setCredentialSession(ctx.req, res, {

     

       72
       70
        
               did: sessionRes.data.did,

     

       73
       71
        
               handle: newHandle,

     

       74
       72
        
               service: serviceUrl,

     

       75
       73
        
               password: newPassword,

     

       76
       76
       -
             });

     

       74
       74
       +
             }, true);

     

       77
       75
        
       

     

       78
       76
        
             return new Response(

     

       79
       77
        
               JSON.stringify({

+3 -4

routes/api/server/migrate/data.ts routes/api/migrate/data.ts

···

       1
       1
       -
       import { define } from "../../../../utils.ts";

     

       1
       1
       +
       import { define } from "../../../utils.ts";

     

       2
       2
        
       import {

     

       3
       3
       -
         getMigrationSessionAgent,

     

       4
       3
        
         getSessionAgent,

     

       5
       5
       -
       } from "../../../../oauth/session.ts";

     

       4
       4
       +
       } from "../../../auth/sessions.ts";

     

       6
       5
        
       

     

       7
       6
        
       export const handler = define.handlers({

     

       8
       7
        
         async POST(ctx) {

     
···

       17
       16
        
             console.log("Data migration: Cookies present:", !!cookies);

     

       18
       17
        
             console.log("Data migration: Cookie header:", cookies);

     

       19
       18
        
       

     

       20
       20
       -
             const newAgent = await getMigrationSessionAgent(ctx.req, res);

     

       19
       19
       +
             const newAgent = await getSessionAgent(ctx.req, res, true);

     

       21
       20
        
             console.log("Data migration: Got new agent:", !!newAgent);

     

       22
       21
        
       

     

       23
       22
        
             if (!oldAgent) {

+3 -6

routes/api/server/migrate/finalize.ts routes/api/migrate/finalize.ts

···

       1
       1
       -
       import {

     

       2
       2
       -
         getMigrationSessionAgent,

     

       3
       3
       -
         getSessionAgent,

     

       4
       4
       -
       } from "../../../../oauth/session.ts";

     

       5
       5
       -
       import { define } from "../../../../utils.ts";

     

       1
       1
       +
       import { getSessionAgent } from "../../../auth/sessions.ts";

     

       2
       2
       +
       import { define } from "../../../utils.ts";

     

       6
       3
        
       

     

       7
       4
        
       export const handler = define.handlers({

     

       8
       5
        
         async POST(ctx) {

     

       9
       6
        
           const res = new Response();

     

       10
       7
        
           try {

     

       11
       8
        
             const oldAgent = await getSessionAgent(ctx.req);

     

       12
       12
       -
             const newAgent = await getMigrationSessionAgent(ctx.req, res);

     

       9
       9
       +
             const newAgent = await getSessionAgent(ctx.req, res, true);

     

       13
       10
        
       

     

       14
       11
        
             if (!oldAgent) return new Response("Unauthorized", { status: 401 });

     

       15
       12
        
             if (!newAgent) {

-148

routes/api/server/migrate/identity/request.ts

···

       1
       1
       -
       import {

     

       2
       2
       -
         getMigrationSession,

     

       3
       3
       -
         getMigrationSessionAgent,

     

       4
       4
       -
         getSessionAgent,

     

       5
       5
       -
       } from "../../../../../oauth/session.ts";

     

       6
       6
       -
       import { Secp256k1Keypair } from "npm:@atproto/crypto";

     

       7
       7
       -
       import * as ui8 from "npm:uint8arrays";

     

       8
       8
       -
       import { define } from "../../../../../utils.ts";

     

       9
       9
       -
       

     

       10
       10
       -
       export const handler = define.handlers({

     

       11
       11
       -
         async POST(ctx) {

     

       12
       12
       -
           const res = new Response();

     

       13
       13
       -
           try {

     

       14
       14
       -
             console.log("Starting identity migration request...");

     

       15
       15
       -
             const oldAgent = await getSessionAgent(ctx.req);

     

       16
       16
       -
             console.log("Got old agent:", {

     

       17
       17
       -
               hasDid: !!oldAgent?.did,

     

       18
       18
       -
               hasSession: !!oldAgent,

     

       19
       19
       -
               did: oldAgent?.did,

     

       20
       20
       -
             });

     

       21
       21
       -
       

     

       22
       22
       -
             const newAgent = await getMigrationSessionAgent(ctx.req, res);

     

       23
       23
       -
             console.log("Got new agent:", {

     

       24
       24
       -
               hasAgent: !!newAgent,

     

       25
       25
       -
             });

     

       26
       26
       -
       

     

       27
       27
       -
             if (!oldAgent) {

     

       28
       28
       -
               return new Response(

     

       29
       29
       -
                 JSON.stringify({

     

       30
       30
       -
                   success: false,

     

       31
       31
       -
                   message: "Unauthorized",

     

       32
       32
       -
                 }),

     

       33
       33
       -
                 {

     

       34
       34
       -
                   status: 401,

     

       35
       35
       -
                   headers: { "Content-Type": "application/json" },

     

       36
       36
       -
                 },

     

       37
       37
       -
               );

     

       38
       38
       -
             }

     

       39
       39
       -
             if (!newAgent) {

     

       40
       40
       -
               return new Response(

     

       41
       41
       -
                 JSON.stringify({

     

       42
       42
       -
                   success: false,

     

       43
       43
       -
                   message: "Migration session not found or invalid",

     

       44
       44
       -
                 }),

     

       45
       45
       -
                 {

     

       46
       46
       -
                   status: 400,

     

       47
       47
       -
                   headers: { "Content-Type": "application/json" },

     

       48
       48
       -
                 },

     

       49
       49
       -
               );

     

       50
       50
       -
             }

     

       51
       51
       -
       

     

       52
       52
       -
             // Generate recovery key

     

       53
       53
       -
             console.log("Generating recovery key...");

     

       54
       54
       -
             const recoveryKey = await Secp256k1Keypair.create({ exportable: true });

     

       55
       55
       -
             const privateKeyBytes = await recoveryKey.export();

     

       56
       56
       -
             const privateKey = ui8.toString(privateKeyBytes, "hex");

     

       57
       57
       -
             console.log("Generated recovery key and DID:", {

     

       58
       58
       -
               hasPrivateKey: !!privateKey,

     

       59
       59
       -
               recoveryDid: recoveryKey.did(),

     

       60
       60
       -
             });

     

       61
       61
       -
       

     

       62
       62
       -
             // Store the recovery key and its DID in the session for the sign step

     

       63
       63
       -
             const session = await getMigrationSession(ctx.req, res);

     

       64
       64
       -
             session.recoveryKey = privateKey;

     

       65
       65
       -
             session.recoveryKeyDid = recoveryKey.did();

     

       66
       66
       -
             await session.save();

     

       67
       67
       -
             console.log("Stored recovery key in session");

     

       68
       68
       -
       

     

       69
       69
       -
             // Get recommended credentials for later use

     

       70
       70
       -
             console.log("Getting recommended credentials...");

     

       71
       71
       -
             try {

     

       72
       72
       -
               const getDidCredentials = await newAgent.com.atproto.identity

     

       73
       73
       -
                 .getRecommendedDidCredentials();

     

       74
       74
       -
               console.log("Got recommended credentials:", {

     

       75
       75
       -
                 hasRotationKeys: !!getDidCredentials.data.rotationKeys,

     

       76
       76
       -
                 rotationKeysLength: getDidCredentials.data.rotationKeys?.length,

     

       77
       77
       -
                 data: getDidCredentials.data,

     

       78
       78
       -
               });

     

       79
       79
       -
       

     

       80
       80
       -
               const rotationKeys = getDidCredentials.data.rotationKeys ?? [];

     

       81
       81
       -
               if (!rotationKeys) {

     

       82
       82
       -
                 throw new Error("No rotation key provided");

     

       83
       83
       -
               }

     

       84
       84
       -
       

     

       85
       85
       -
               // Store credentials in session for sign step

     

       86
       86
       -
               session.credentials = {

     

       87
       87
       -
                 ...getDidCredentials.data,

     

       88
       88
       -
                 rotationKeys, // Ensure rotationKeys is always an array

     

       89
       89
       -
               };

     

       90
       90
       -
               await session.save();

     

       91
       91
       -
               console.log("Stored credentials in session");

     

       92
       92
       -
             } catch (error) {

     

       93
       93
       -
               console.error("Error getting recommended credentials:", {

     

       94
       94
       -
                 name: error instanceof Error ? error.name : "Unknown",

     

       95
       95
       -
                 message: error instanceof Error ? error.message : String(error),

     

       96
       96
       -
               });

     

       97
       97
       -
               throw error;

     

       98
       98
       -
             }

     

       99
       99
       -
       

     

       100
       100
       -
             // Request the signature

     

       101
       101
       -
             console.log("Requesting PLC operation signature...");

     

       102
       102
       -
             try {

     

       103
       103
       -
               await oldAgent.com.atproto.identity.requestPlcOperationSignature();

     

       104
       104
       -
               console.log("Successfully requested PLC operation signature");

     

       105
       105
       -
             } catch (error) {

     

       106
       106
       -
               console.error("Error requesting PLC operation signature:", {

     

       107
       107
       -
                 name: error instanceof Error ? error.name : "Unknown",

     

       108
       108
       -
                 message: error instanceof Error ? error.message : String(error),

     

       109
       109
       -
                 status: 400

     

       110
       110
       -
               });

     

       111
       111
       -
               throw error;

     

       112
       112
       -
             }

     

       113
       113
       -
       

     

       114
       114
       -
             return new Response(

     

       115
       115
       -
               JSON.stringify({

     

       116
       116
       -
                 success: true,

     

       117
       117
       -
                 message:

     

       118
       118
       -
                   "PLC operation signature requested successfully. Please check your email for the token.",

     

       119
       119
       -
               }),

     

       120
       120
       -
               {

     

       121
       121
       -
                 status: 200,

     

       122
       122
       -
                 headers: {

     

       123
       123
       -
                   "Content-Type": "application/json",

     

       124
       124
       -
                   ...Object.fromEntries(res.headers), // Include session cookie headers

     

       125
       125
       -
                 },

     

       126
       126
       -
               },

     

       127
       127
       -
             );

     

       128
       128
       -
           } catch (error) {

     

       129
       129
       -
             console.error("Identity migration request error:", {

     

       130
       130
       -
               name: error instanceof Error ? error.name : "Unknown",

     

       131
       131
       -
               message: error instanceof Error ? error.message : String(error),

     

       132
       132
       -
               stack: error instanceof Error ? error.stack : undefined,

     

       133
       133
       -
             });

     

       134
       134
       -
             return new Response(

     

       135
       135
       -
               JSON.stringify({

     

       136
       136
       -
                 success: false,

     

       137
       137
       -
                 message: error instanceof Error

     

       138
       138
       -
                   ? error.message

     

       139
       139
       -
                   : "Failed to request identity migration",

     

       140
       140
       -
               }),

     

       141
       141
       -
               {

     

       142
       142
       -
                 status: 400,

     

       143
       143
       -
                 headers: { "Content-Type": "application/json" },

     

       144
       144
       -
               },

     

       145
       145
       -
             );

     

       146
       146
       -
           }

     

       147
       147
       -
         },

     

       148
       148
       -
       });

-110

routes/api/server/migrate/identity/sign.ts

···

       1
       1
       -
       import {

     

       2
       2
       -
         getMigrationSession,

     

       3
       3
       -
         getMigrationSessionAgent,

     

       4
       4
       -
         getSessionAgent,

     

       5
       5
       -
       } from "../../../../../oauth/session.ts";

     

       6
       6
       -
       import { define } from "../../../../../utils.ts";

     

       7
       7
       -
       

     

       8
       8
       -
       export const handler = define.handlers({

     

       9
       9
       -
         async POST(ctx) {

     

       10
       10
       -
           const res = new Response();

     

       11
       11
       -
           try {

     

       12
       12
       -
             const url = new URL(ctx.req.url);

     

       13
       13
       -
             const token = url.searchParams.get("token");

     

       14
       14
       -
       

     

       15
       15
       -
             if (!token) {

     

       16
       16
       -
               return new Response(

     

       17
       17
       -
                 JSON.stringify({

     

       18
       18
       -
                   success: false,

     

       19
       19
       -
                   message: "Missing param token",

     

       20
       20
       -
                 }),

     

       21
       21
       -
                 {

     

       22
       22
       -
                   status: 400,

     

       23
       23
       -
                   headers: { "Content-Type": "application/json" },

     

       24
       24
       -
                 },

     

       25
       25
       -
               );

     

       26
       26
       -
             }

     

       27
       27
       -
       

     

       28
       28
       -
             const oldAgent = await getSessionAgent(ctx.req);

     

       29
       29
       -
             const newAgent = await getMigrationSessionAgent(ctx.req, res);

     

       30
       30
       -
             const session = await getMigrationSession(ctx.req, res);

     

       31
       31
       -
       

     

       32
       32
       -
             if (!oldAgent) {

     

       33
       33
       -
               return new Response(

     

       34
       34
       -
                 JSON.stringify({

     

       35
       35
       -
                   success: false,

     

       36
       36
       -
                   message: "Unauthorized",

     

       37
       37
       -
                 }),

     

       38
       38
       -
                 {

     

       39
       39
       -
                   status: 401,

     

       40
       40
       -
                   headers: { "Content-Type": "application/json" },

     

       41
       41
       -
                 },

     

       42
       42
       -
               );

     

       43
       43
       -
             }

     

       44
       44
       -
             if (

     

       45
       45
       -
               !newAgent || !session.recoveryKey || !session.recoveryKeyDid ||

     

       46
       46
       -
               !session.credentials

     

       47
       47
       -
             ) {

     

       48
       48
       -
               return new Response(

     

       49
       49
       -
                 JSON.stringify({

     

       50
       50
       -
                   success: false,

     

       51
       51
       -
                   message:

     

       52
       52
       -
                     "Migration session not found or invalid. Please restart the identity migration process.",

     

       53
       53
       -
                 }),

     

       54
       54
       -
                 {

     

       55
       55
       -
                   status: 400,

     

       56
       56
       -
                   headers: { "Content-Type": "application/json" },

     

       57
       57
       -
                 },

     

       58
       58
       -
               );

     

       59
       59
       -
             }

     

       60
       60
       -
       

     

       61
       61
       -
             // Prepare credentials with recovery key

     

       62
       62
       -
             const credentials = {

     

       63
       63
       -
               ...session.credentials,

     

       64
       64
       -
               rotationKeys: [

     

       65
       65
       -
                 session.recoveryKeyDid,

     

       66
       66
       -
                 ...session.credentials.rotationKeys,

     

       67
       67
       -
               ],

     

       68
       68
       -
             };

     

       69
       69
       -
       

     

       70
       70
       -
             // Sign and submit the operation

     

       71
       71
       -
             const plcOp = await oldAgent.com.atproto.identity.signPlcOperation({

     

       72
       72
       -
               token: token,

     

       73
       73
       -
               ...credentials,

     

       74
       74
       -
             });

     

       75
       75
       -
       

     

       76
       76
       -
             await newAgent.com.atproto.identity.submitPlcOperation({

     

       77
       77
       -
               operation: plcOp.data.operation,

     

       78
       78
       -
             });

     

       79
       79
       -
       

     

       80
       80
       -
             return new Response(

     

       81
       81
       -
               JSON.stringify({

     

       82
       82
       -
                 success: true,

     

       83
       83
       -
                 message: "Identity migration completed successfully",

     

       84
       84
       -
                 recoveryKey: session.recoveryKey,

     

       85
       85
       -
               }),

     

       86
       86
       -
               {

     

       87
       87
       -
                 status: 200,

     

       88
       88
       -
                 headers: {

     

       89
       89
       -
                   "Content-Type": "application/json",

     

       90
       90
       -
                   ...Object.fromEntries(res.headers), // Include session cookie headers

     

       91
       91
       -
                 },

     

       92
       92
       -
               },

     

       93
       93
       -
             );

     

       94
       94
       -
           } catch (error) {

     

       95
       95
       -
             console.error("Identity migration sign error:", error);

     

       96
       96
       -
             return new Response(

     

       97
       97
       -
               JSON.stringify({

     

       98
       98
       -
                 success: false,

     

       99
       99
       -
                 message: error instanceof Error

     

       100
       100
       -
                   ? error.message

     

       101
       101
       -
                   : "Failed to complete identity migration",

     

       102
       102
       -
               }),

     

       103
       103
       -
               {

     

       104
       104
       -
                 status: 400,

     

       105
       105
       -
                 headers: { "Content-Type": "application/json" },

     

       106
       106
       -
               },

     

       107
       107
       -
             );

     

       108
       108
       -
           }

     

       109
       109
       -
         },

     

       110
       110
       -
       });