An implementation of the ATProto statusphere example app but in Go
update the indigo oauth library. Fix bug when returning after a while where session ID doesn't match up. Now forcing the user to log in when that happens
authored by
+7
-3
auth_handlers.go
+7
-3
auth_handlers.go
···
8
8
"github.com/bluesky-social/indigo/atproto/syntax"
9
9
)
10
10
11
+
const (
12
+
sessionStoreName = "statusphere-go"
13
+
)
14
+
11
15
type LoginData struct {
12
16
Handle string
13
17
Error string
···
69
73
}
70
74
71
75
// create signed cookie session, indicating account DID
72
-
sess, _ := s.sessionStore.Get(r, "oauth-demo")
76
+
sess, _ := s.sessionStore.Get(r, sessionStoreName)
73
77
sess.Values["account_did"] = sessData.AccountDID.String()
74
78
sess.Values["session_id"] = sessData.SessionID
75
79
if err := sess.Save(r, w); err != nil {
···
91
95
}
92
96
}
93
97
94
-
sess, _ := s.sessionStore.Get(r, "oauth-demo")
98
+
sess, _ := s.sessionStore.Get(r, sessionStoreName)
95
99
sess.Values = make(map[any]any)
96
100
err := sess.Save(r, w)
97
101
if err != nil {
···
102
106
}
103
107
104
108
func (s *Server) currentSessionDID(r *http.Request) (*syntax.DID, string) {
105
-
sess, _ := s.sessionStore.Get(r, "oauth-demo")
109
+
sess, _ := s.sessionStore.Get(r, sessionStoreName)
106
110
accountDID, ok := sess.Values["account_did"].(string)
107
111
if !ok || accountDID == "" {
108
112
return nil, ""
+18
-2
database/oauth_requests.go
+18
-2
database/oauth_requests.go
···
3
3
import (
4
4
"context"
5
5
"database/sql"
6
+
"encoding/json"
6
7
"fmt"
7
8
"log/slog"
8
9
···
45
46
did = info.AccountDID.String()
46
47
}
47
48
49
+
scopes, err := json.Marshal(info.Scopes)
50
+
if err != nil {
51
+
return fmt.Errorf("encoding scopes to JSON: %w", err)
52
+
}
53
+
48
54
sql := `INSERT INTO oauthrequests (state, authServerURL, accountDID, scope, requestURI, authServerTokenEndpoint, pkceVerifier, dpopAuthserverNonce, dpopPrivateKeyMultibase) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?) ON CONFLICT(state) DO NOTHING;`
49
-
_, err := d.db.Exec(sql, info.State, info.AuthServerURL, did, info.Scope, info.RequestURI, info.AuthServerTokenEndpoint, info.PKCEVerifier, info.DPoPAuthServerNonce, info.DPoPPrivateKeyMultibase)
55
+
_, err = d.db.Exec(sql, info.State, info.AuthServerURL, did, string(scopes), info.RequestURI, info.AuthServerTokenEndpoint, info.PKCEVerifier, info.DPoPAuthServerNonce, info.DPoPPrivateKeyMultibase)
50
56
if err != nil {
51
57
slog.Error("saving auth request info", "error", err)
52
58
return fmt.Errorf("exec insert oauth request: %w", err)
···
65
71
defer rows.Close()
66
72
67
73
var did string
74
+
var scopesStr string
68
75
69
76
for rows.Next() {
70
-
if err := rows.Scan(&oauthRequest.State, &oauthRequest.AuthServerURL, &did, &oauthRequest.Scope, &oauthRequest.RequestURI, &oauthRequest.AuthServerTokenEndpoint, &oauthRequest.PKCEVerifier, &oauthRequest.DPoPAuthServerNonce, &oauthRequest.DPoPPrivateKeyMultibase); err != nil {
77
+
if err := rows.Scan(&oauthRequest.State, &oauthRequest.AuthServerURL, &did, &scopesStr, &oauthRequest.RequestURI, &oauthRequest.AuthServerTokenEndpoint, &oauthRequest.PKCEVerifier, &oauthRequest.DPoPAuthServerNonce, &oauthRequest.DPoPPrivateKeyMultibase); err != nil {
71
78
return nil, fmt.Errorf("scan row: %w", err)
72
79
}
73
80
···
77
84
return nil, fmt.Errorf("invalid DID stored in record: %w", err)
78
85
}
79
86
oauthRequest.AccountDID = &parsedDID
87
+
}
88
+
89
+
if scopesStr != "" {
90
+
var scopes []string
91
+
err = json.Unmarshal([]byte(scopesStr), &scopes)
92
+
if err != nil {
93
+
return nil, fmt.Errorf("decode scopes in record: %w", err)
94
+
}
95
+
oauthRequest.Scopes = scopes
80
96
}
81
97
82
98
return &oauthRequest, nil
+13
-13
go.mod
+13
-13
go.mod
···
1
1
module github.com/willdot/statusphere-go
2
2
3
-
go 1.24.0
4
-
5
-
toolchain go1.24.2
3
+
go 1.25
6
4
7
5
require (
8
6
github.com/avast/retry-go/v4 v4.6.1
9
-
github.com/bluesky-social/indigo v0.0.0-20250813051257-8be102876fb7
7
+
github.com/bluesky-social/indigo v0.0.0-20260114211028-207c9d49d0de
10
8
github.com/bluesky-social/jetstream v0.0.0-20250414024304-d17bd81a945e
11
9
github.com/glebarez/go-sqlite v1.22.0
12
10
github.com/gorilla/sessions v1.4.0
···
19
17
github.com/cespare/xxhash/v2 v2.3.0 // indirect
20
18
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
21
19
github.com/dustin/go-humanize v1.0.1 // indirect
20
+
github.com/earthboundkid/versioninfo/v2 v2.24.1 // indirect
22
21
github.com/goccy/go-json v0.10.3 // indirect
23
22
github.com/golang-jwt/jwt/v5 v5.3.0 // indirect
24
-
github.com/google/go-querystring v1.1.0 // indirect
23
+
github.com/google/go-querystring v1.2.0 // indirect
25
24
github.com/google/uuid v1.6.0 // indirect
26
25
github.com/gorilla/securecookie v1.1.2 // indirect
27
26
github.com/gorilla/websocket v1.5.1 // indirect
···
39
38
github.com/multiformats/go-varint v0.0.7 // indirect
40
39
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
41
40
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
42
-
github.com/prometheus/client_golang v1.23.0 // indirect
41
+
github.com/prometheus/client_golang v1.23.2 // indirect
43
42
github.com/prometheus/client_model v0.6.2 // indirect
44
-
github.com/prometheus/common v0.65.0 // indirect
45
-
github.com/prometheus/procfs v0.17.0 // indirect
43
+
github.com/prometheus/common v0.67.5 // indirect
44
+
github.com/prometheus/procfs v0.19.2 // indirect
46
45
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
47
46
github.com/spaolacci/murmur3 v1.1.0 // indirect
48
47
github.com/whyrusleeping/cbor-gen v0.2.1-0.20241030202151-b7a6831be65e // indirect
···
52
51
go.opentelemetry.io/otel/metric v1.29.0 // indirect
53
52
go.opentelemetry.io/otel/trace v1.29.0 // indirect
54
53
go.uber.org/atomic v1.11.0 // indirect
55
-
golang.org/x/crypto v0.41.0 // indirect
56
-
golang.org/x/net v0.42.0 // indirect
57
-
golang.org/x/sys v0.35.0 // indirect
58
-
golang.org/x/time v0.12.0 // indirect
54
+
go.yaml.in/yaml/v2 v2.4.3 // indirect
55
+
golang.org/x/crypto v0.47.0 // indirect
56
+
golang.org/x/net v0.48.0 // indirect
57
+
golang.org/x/sys v0.40.0 // indirect
58
+
golang.org/x/time v0.14.0 // indirect
59
59
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
60
-
google.golang.org/protobuf v1.36.7 // indirect
60
+
google.golang.org/protobuf v1.36.11 // indirect
61
61
lukechampine.com/blake3 v1.2.1 // indirect
62
62
modernc.org/libc v1.37.6 // indirect
63
63
modernc.org/mathutil v1.6.0 // indirect
+27
go.sum
+27
go.sum
···
4
4
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
5
5
github.com/bluesky-social/indigo v0.0.0-20250813051257-8be102876fb7 h1:FyoGfQFw/cTkDHdUTIYIHxfyUDgRS12K4o1mYC3ovRs=
6
6
github.com/bluesky-social/indigo v0.0.0-20250813051257-8be102876fb7/go.mod h1:n6QE1NDPFoi7PRbMUZmc2y7FibCqiVU4ePpsvhHUBR8=
7
+
github.com/bluesky-social/indigo v0.0.0-20260114211028-207c9d49d0de h1:75emVEzhTQWXwAQoBZV4/Bg2NEULZSgRwLFAdTccTrY=
8
+
github.com/bluesky-social/indigo v0.0.0-20260114211028-207c9d49d0de/go.mod h1:KIy0FgNQacp4uv2Z7xhNkV3qZiUSGuRky97s7Pa4v+o=
7
9
github.com/bluesky-social/jetstream v0.0.0-20250414024304-d17bd81a945e h1:P/O6TDHs53gwgV845uDHI+Nri889ixksRrh4bCkCdxo=
8
10
github.com/bluesky-social/jetstream v0.0.0-20250414024304-d17bd81a945e/go.mod h1:WiYEeyJSdUwqoaZ71KJSpTblemUCpwJfh5oVXplK6T4=
9
11
github.com/carlmjohnson/versioninfo v0.22.5 h1:O00sjOLUAFxYQjlN/bzYTuZiS0y6fWDQjMRvwtKgwwc=
···
14
16
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
15
17
github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
16
18
github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
19
+
github.com/earthboundkid/versioninfo/v2 v2.24.1 h1:SJTMHaoUx3GzjjnUO1QzP3ZXK6Ee/nbWyCm58eY3oUg=
20
+
github.com/earthboundkid/versioninfo/v2 v2.24.1/go.mod h1:VcWEooDEuyUJnMfbdTh0uFN4cfEIg+kHMuWB2CDCLjw=
17
21
github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
18
22
github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
19
23
github.com/glebarez/go-sqlite v1.22.0 h1:uAcMJhaA6r3LHMTFgP0SifzgXg46yJkgxqyuyec+ruQ=
···
26
30
github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
27
31
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
28
32
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
33
+
github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
29
34
github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=
30
35
github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
31
36
github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
37
+
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
32
38
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
33
39
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
34
40
github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
35
41
github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
42
+
github.com/google/go-querystring v1.2.0 h1:yhqkPbu2/OH+V9BfpCVPZkNmUXhb2gBxJArfhIxNtP0=
43
+
github.com/google/go-querystring v1.2.0/go.mod h1:8IFJqpSRITyJ8QhQ13bmbeMBDfmeEJZD5A0egEOmkqU=
36
44
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
37
45
github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
38
46
github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26 h1:Xim43kblpZXfIBQsbuBVKCudVG457BR2GZFIz3uw3hQ=
···
111
119
github.com/polydawn/refmt v0.89.1-0.20221221234430-40501e09de1f/go.mod h1:/zvteZs/GwLtCgZ4BL6CBsk9IKIlexP43ObX9AxTqTw=
112
120
github.com/prometheus/client_golang v1.23.0 h1:ust4zpdl9r4trLY/gSjlm07PuiBq2ynaXXlptpfy8Uc=
113
121
github.com/prometheus/client_golang v1.23.0/go.mod h1:i/o0R9ByOnHX0McrTMTyhYvKE4haaf2mW08I+jGAjEE=
122
+
github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o=
123
+
github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg=
114
124
github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
115
125
github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
116
126
github.com/prometheus/common v0.65.0 h1:QDwzd+G1twt//Kwj/Ww6E9FQq1iVMmODnILtW1t2VzE=
117
127
github.com/prometheus/common v0.65.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8=
128
+
github.com/prometheus/common v0.67.5 h1:pIgK94WWlQt1WLwAC5j2ynLaBRDiinoAb86HZHTUGI4=
129
+
github.com/prometheus/common v0.67.5/go.mod h1:SjE/0MzDEEAyrdr5Gqc6G+sXI67maCxzaT3A2+HqjUw=
118
130
github.com/prometheus/procfs v0.17.0 h1:FuLQ+05u4ZI+SS/w9+BWEM2TXiHKsUQ9TADiRH7DuK0=
119
131
github.com/prometheus/procfs v0.17.0/go.mod h1:oPQLaDAMRbA+u8H5Pbfq+dl3VDAvHxMUOVhe0wYB2zw=
132
+
github.com/prometheus/procfs v0.19.2 h1:zUMhqEW66Ex7OXIiDkll3tl9a1ZdilUOd/F6ZXw4Vws=
133
+
github.com/prometheus/procfs v0.19.2/go.mod h1:M0aotyiemPhBCM0z5w87kL22CxfcH05ZpYlu+b4J7mw=
120
134
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
121
135
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
122
136
github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI=
···
145
159
go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
146
160
go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
147
161
go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
162
+
go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0=
163
+
go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8=
148
164
golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
149
165
golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
166
+
golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
167
+
golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
150
168
golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
151
169
golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
170
+
golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
171
+
golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
152
172
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
153
173
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
154
174
golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
155
175
golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
176
+
golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
177
+
golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
156
178
golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
157
179
golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
180
+
golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
181
+
golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
158
182
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
159
183
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU=
160
184
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
161
185
google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A=
162
186
google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
187
+
google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
188
+
google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
189
+
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
163
190
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
164
191
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
165
192
lukechampine.com/blake3 v1.2.1 h1:YuqqRuaqsGV71BV/nm9xlI0MKUv4QC54jQnBChWbGnI=
+8
-1
home_handler.go
+8
-1
home_handler.go
···
116
116
117
117
oauthSess, err := s.oauthClient.ResumeSession(r.Context(), *did, sessionID)
118
118
if err != nil {
119
-
http.Error(w, "not authenticated", http.StatusUnauthorized)
119
+
slog.Error("resuming session", "error", err, "did", *did)
120
+
121
+
// clear the session out
122
+
sess, _ := s.sessionStore.Get(r, sessionStoreName)
123
+
sess.Values = make(map[any]any)
124
+
_ = sess.Save(r, w)
125
+
126
+
http.Redirect(w, r, "/login", http.StatusFound)
120
127
return
121
128
}
122
129
c := oauthSess.APIClient()