willdot.net / statusphere-go
An implementation of the ATProto statusphere example app but in Go
fork atom

fix the sessions table to make a session unique accross the did and sessionID

authored by willdot.net and committed by tangled.org add27499 5adb3036

+5 -5
unified split
+4 -4
database/oauth_sessions.go
··· 25 25 "dpopAuthServerNonce" TEXT, 26 26 "dpopHostNonce" TEXT, 27 27 "dpopPrivateKeyMultibase" TEXT, 28 - UNIQUE(accountDID) 28 + UNIQUE(accountDID,sessionID) 29 29 );` 30 30 31 31 slog.Info("Create oauthsessions table...") ··· 48 48 return fmt.Errorf("marshalling scopes: %w", err) 49 49 } 50 50 51 - sql := `INSERT INTO oauthsessions (accountDID, sessionID, hostURL, authServerURL, authServerTokenEndpoint, scopes, accessToken, refreshToken, dpopAuthServerNonce, dpopHostNonce, dpopPrivateKeyMultibase) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ON CONFLICT(accountDID) DO NOTHING;` // TODO: update on conflict 51 + sql := `INSERT INTO oauthsessions (accountDID, sessionID, hostURL, authServerURL, authServerTokenEndpoint, scopes, accessToken, refreshToken, dpopAuthServerNonce, dpopHostNonce, dpopPrivateKeyMultibase) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ON CONFLICT(accountDID,sessionID) DO NOTHING;` 52 52 _, err = d.db.Exec(sql, sess.AccountDID.String(), sess.SessionID, sess.HostURL, sess.AuthServerURL, sess.AuthServerTokenEndpoint, string(scopes), sess.AccessToken, sess.RefreshToken, sess.DPoPAuthServerNonce, sess.DPoPHostNonce, sess.DPoPPrivateKeyMultibase) 53 53 if err != nil { 54 54 slog.Error("saving session", "error", err) ··· 88 88 } 89 89 90 90 func (d *DB) DeleteSession(ctx context.Context, did syntax.DID, sessionID string) error { 91 - sql := "DELETE FROM oauthsessions WHERE accountDID = ?;" 92 - _, err := d.db.Exec(sql, did.String()) 91 + sql := "DELETE FROM oauthsessions WHERE accountDID = ? AND sessionID = ?;" 92 + _, err := d.db.Exec(sql, did.String(), sessionID) 93 93 if err != nil { 94 94 return fmt.Errorf("exec delete oauth session: %w", err) 95 95 }
+1 -1
home_handler.go
··· 116 116 117 117 oauthSess, err := s.oauthClient.ResumeSession(r.Context(), *did, sessionID) 118 118 if err != nil { 119 - slog.Error("resuming session", "error", err, "did", *did) 119 + slog.Error("resuming session", "error", err, "did", *did, "session ID", sessionID) 120 120 121 121 // clear the session out 122 122 sess, _ := s.sessionStore.Get(r, sessionStoreName)