flo-bit.dev
your personal website on atproto - mirror
blento.app
1import { json } from '@sveltejs/kit';
2import { isDid } from '@atcute/lexicons/syntax';
3import { getRecord } from '$lib/atproto/methods';
4import type { Did } from '@atcute/lexicons';
5
6export async function POST({ request, platform }) {
7 let body: { did: string; domain: string };
8 try {
9 body = await request.json();
10 } catch {
11 return json({ error: 'Invalid JSON body' }, { status: 400 });
12 }
13
14 const { did, domain } = body;
15
16 if (!did || !domain) {
17 return json({ error: 'Missing required fields: did, domain' }, { status: 400 });
18 }
19
20 if (!isDid(did)) {
21 return json({ error: 'Invalid DID format' }, { status: 400 });
22 }
23
24 // Validate domain format
25 if (
26 !/^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)+$/.test(
27 domain
28 )
29 ) {
30 return json({ error: 'Invalid domain format' }, { status: 400 });
31 }
32
33 // Verify the user's ATProto profile has this domain set
34 try {
35 const record = await getRecord({
36 did: did as Did,
37 collection: 'site.standard.publication',
38 rkey: 'blento.self'
39 });
40
41 const url = (record?.value as Record<string, unknown>)?.url;
42 if (url !== `https://${domain}`) {
43 return json(
44 {
45 error: `Profile does not have this domain set. Expected "https://${domain}" but got "${url || '(none)'}".`
46 },
47 { status: 403 }
48 );
49 }
50 } catch {
51 return json({ error: 'Failed to verify profile record.' }, { status: 500 });
52 }
53
54 // Write to CUSTOM_DOMAINS KV
55 const kv = platform?.env?.CUSTOM_DOMAINS;
56 if (!kv) {
57 return json({ error: 'KV storage not available.' }, { status: 500 });
58 }
59
60 try {
61 await kv.put(domain.toLowerCase(), did);
62 } catch {
63 return json({ error: 'Failed to register domain.' }, { status: 500 });
64 }
65
66 return json({ success: true });
67}