@atproto/oauth-provider 0.6.6 → 0.7.0

package/src/router/assets/send-error-page.ts

@@ -0,0 +1,42 @@
+import type { IncomingMessage, ServerResponse } from 'node:http'
+import { buildCustomizationCss } from '../../customization/build-customization-css.js'
+import { buildCustomizationData } from '../../customization/build-customization-data.js'
+import { Customization } from '../../customization/customization.js'
+import {
+  buildErrorPayload,
+  buildErrorStatus,
+} from '../../errors/error-parser.js'
+import { declareHydrationData } from '../../lib/html/hydration-data.js'
+import { cssCode } from '../../lib/html/index.js'
+import { html } from '../../lib/html/tags.js'
+import { CrossOriginEmbedderPolicy } from '../../lib/http/security-headers.js'
+import { sendWebPage } from '../../lib/send-web-page.js'
+import { HydrationData, SPA_CSP, getAssets } from './assets.js'
+
+export function sendErrorPageFactory(customization: Customization) {
+  // Pre-computed options:
+  const customizationData = buildCustomizationData(customization)
+  const customizationCss = cssCode(buildCustomizationCss(customization))
+  const { scripts, styles } = getAssets('error-page')
+
+  return function sendErrorPage(
+    req: IncomingMessage,
+    res: ServerResponse,
+    err: unknown,
+  ): void {
+    const script = declareHydrationData<HydrationData['error-page']>({
+      __customizationData: customizationData,
+      __errorData: buildErrorPayload(err),
+    })
+
+    return sendWebPage(res, {
+      status: buildErrorStatus(err),
+      meta: [{ name: 'robots', content: 'noindex' }],
+      body: html`<div id="root"></div>`,
+      csp: SPA_CSP,
+      coep: CrossOriginEmbedderPolicy.credentialless,
+      scripts: [script, ...scripts],
+      styles: [...styles, customizationCss],
+    })
+  }
+}

package/src/router/create-account-page-middleware.ts

@@ -0,0 +1,69 @@
+import type { IncomingMessage, ServerResponse } from 'node:http'
+import type { ActiveDeviceSession } from '@atproto/oauth-provider-api'
+import {
+  Middleware,
+  Router,
+  validateFetchDest,
+  validateFetchMode,
+  validateOrigin,
+} from '../lib/http/index.js'
+import type { OAuthProvider } from '../oauth-provider.js'
+import { sendAccountPageFactory } from './assets/send-account-page.js'
+import { sendErrorPageFactory } from './assets/send-error-page.js'
+import type { MiddlewareOptions } from './middleware-options.js'
+
+export function createAccountPageMiddleware<
+  Ctx extends object | void = void,
+  Req extends IncomingMessage = IncomingMessage,
+  Res extends ServerResponse = ServerResponse,
+>(
+  server: OAuthProvider,
+  { onError }: MiddlewareOptions<Req, Res>,
+): Middleware<Ctx, Req, Res> {
+  const sendAccountPage = sendAccountPageFactory(server.customization)
+  const sendErrorPage = sendErrorPageFactory(server.customization)
+
+  const issuerUrl = new URL(server.issuer)
+  const issuerOrigin = issuerUrl.origin
+
+  const router = new Router<Ctx, Req, Res>(issuerUrl)
+
+  router.get<never>(/^\/account(?:\/.*)?$/, async function (req, res) {
+    try {
+      res.setHeader('Referrer-Policy', 'same-origin')
+
+      res.setHeader('Cache-Control', 'no-store')
+      res.setHeader('Pragma', 'no-cache')
+
+      validateFetchMode(req, ['navigate'])
+      validateFetchDest(req, ['document'])
+      validateOrigin(req, issuerOrigin)
+
+      const { deviceId } = await server.deviceManager.load(req, res)
+      const deviceAccounts =
+        await server.accountManager.listDeviceAccounts(deviceId)
+
+      sendAccountPage(req, res, {
+        deviceSessions: deviceAccounts.map(
+          (deviceAccount): ActiveDeviceSession => ({
+            account: deviceAccount.account,
+            loginRequired: server.checkLoginRequired(deviceAccount),
+          }),
+        ),
+      })
+    } catch (err) {
+      onError?.(
+        req,
+        res,
+        err,
+        `Failed to handle navigation request to "${req.url}"`,
+      )
+
+      if (!res.headersSent) {
+        sendErrorPage(req, res, err)
+      }
+    }
+  })
+
+  return router.buildMiddleware()
+}