From d8534ef748e91efb77888986b9f29eb14a125330 Mon Sep 17 00:00:00 2001 From: Neil Richter Date: Wed, 5 Feb 2025 12:43:59 +0100 Subject: [PATCH] fix(bluesky): use local map for session storing (#340) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Sébastien Chopin --- playground/app.vue | 2 +- src/runtime/server/lib/atproto/bluesky.ts | 32 ++++++++++++----------- 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/playground/app.vue b/playground/app.vue index 8a73e59..39ba482 100644 --- a/playground/app.vue +++ b/playground/app.vue @@ -223,7 +223,7 @@ const providers = computed(() => prefetch: false, external: true, to: inPopup.value ? '#' : p.to, - click: inPopup.value ? () => openInPopup(p.to) : void 0, + click: inPopup.value ? () => openInPopup(p.to) : p.click, })), ) diff --git a/src/runtime/server/lib/atproto/bluesky.ts b/src/runtime/server/lib/atproto/bluesky.ts index 054f082..2125081 100644 --- a/src/runtime/server/lib/atproto/bluesky.ts +++ b/src/runtime/server/lib/atproto/bluesky.ts @@ -36,7 +36,7 @@ export function defineOAuthBlueskyEventHandler({ config, onSuccess, onError }: O const clientMetadata = getAtprotoClientMetadata(event, 'bluesky', config) const scopes = clientMetadata.scope?.split(' ') ?? [] - const sessionStore = new SessionStore(event) + const sessionStore = new SessionStore() const stateStore = new StateStore(event) const client = new NodeOAuthClient({ @@ -86,12 +86,12 @@ export function defineOAuthBlueskyEventHandler({ config, onSuccess, onError }: O try { const { session } = await client.callback(new URLSearchParams(query as Record)) - const sessionInfo = await sessionStore.get() + const sessionInfo = await sessionStore.get(session.did) const profile = scopes.includes('transition:generic') ? (await new Agent(session).getProfile({ actor: session.did })).data : null - sessionStore.del() + sessionStore.del(session.did) return onSuccess(event, { user: profile ?? { did: session.did }, @@ -111,7 +111,7 @@ export function defineOAuthBlueskyEventHandler({ config, onSuccess, onError }: O } export class StateStore implements NodeSavedStateStore { - private readonly stateKey = 'oauth:bluesky:stat' + private readonly stateKey = 'oauth-bluesky-state' constructor(private event: H3Event) {} @@ -122,7 +122,12 @@ export class StateStore implements NodeSavedStateStore { } async set(key: string, val: NodeSavedState) { - setCookie(this.event, this.stateKey, btoa(JSON.stringify(val))) + setCookie(this.event, this.stateKey, btoa(JSON.stringify(val)), { + path: '/', + httpOnly: true, + secure: true, + sameSite: 'lax', + }) } async del() { @@ -131,21 +136,18 @@ export class StateStore implements NodeSavedStateStore { } export class SessionStore implements NodeSavedSessionStore { - private readonly sessionKey = 'oauth:bluesky:session' - - constructor(private event: H3Event) {} + private store: Record = {} - async get(): Promise { - const result = getCookie(this.event, this.sessionKey) - if (!result) return - return JSON.parse(atob(result)) + async get(key: string): Promise { + return this.store[key] } async set(key: string, val: NodeSavedSession) { - setCookie(this.event, this.sessionKey, btoa(JSON.stringify(val))) + this.store[key] = val } - async del() { - deleteCookie(this.event, this.sessionKey) + async del(key: string) { + // eslint-disable-next-line @typescript-eslint/no-dynamic-delete + delete this.store[key] } }