wip

Author: fatfingers23

server/api/auth/session.get.ts

@@ -7,5 +7,12 @@ export default eventHandlerWithOAuthSession(async (event, oAuthSession, serverSe
     return null
   }
 
+  if (oAuthSession) {
+    let tokenInfo = await oAuthSession.getTokenInfo()
+    console.log('scopes', tokenInfo.scope)
+
+    // return null
+  }
+
   return result.output
 })

server/api/auth/social/like.post.ts

@@ -1,7 +1,8 @@
 import { Client } from '@atproto/lex'
-import { main as likeRecord } from '#shared/types/lexicons/dev/npmx/feed/like.defs'
+// import { main as likeRecord } from '#shared/types/lexicons/dev/npmx/feed/like.defs'
 import * as dev from '#shared/types/lexicons/dev'
 import type { UriString } from '@atproto/lex'
+import { ERROR_NEED_REAUTH, LIKES_SCOPE } from '~~/shared/utils/constants'
 
 export default eventHandlerWithOAuthSession(async (event, oAuthSession) => {
   const loggedInUsersDid = oAuthSession?.did.toString()
@@ -39,6 +40,15 @@ export default eventHandlerWithOAuthSession(async (event, oAuthSession) => {
     })
   }
 
+  //Checks if the user has a scope to like packages
+  const tokenInfo = await oAuthSession.getTokenInfo()
+  if (!tokenInfo.scope.includes(LIKES_SCOPE)) {
+    throw createError({
+      status: 403,
+      message: ERROR_NEED_REAUTH,
+    })
+  }
+
   const subjectRef = PACKAGE_SUBJECT_REF(body.packageName)
   const client = new Client(oAuthSession)
 
@@ -48,7 +58,7 @@ export default eventHandlerWithOAuthSession(async (event, oAuthSession) => {
     subjectRef: subjectRef as UriString,
   })
 
-  const result = await client.create(likeRecord, like)
+  const result = await client.create(dev.npmx.feed.like, like)
   if (!result) {
     throw createError({
       status: 500,

server/utils/atproto/oauth.ts

@@ -4,12 +4,13 @@ import { NodeOAuthClient } from '@atproto/oauth-client-node'
 import { parse } from 'valibot'
 import { getOAuthLock } from '#server/utils/atproto/lock'
 import { useOAuthStorage } from '#server/utils/atproto/storage'
-import { UNSET_NUXT_SESSION_PASSWORD } from '#shared/utils/constants'
+import { LIKES_SCOPE, UNSET_NUXT_SESSION_PASSWORD } from '#shared/utils/constants'
 import { OAuthMetadataSchema } from '#shared/schemas/oauth'
 // @ts-expect-error virtual file from oauth module
 import { clientUri } from '#oauth/config'
 // TODO: limit scope as features gets added. atproto just allows login so no scary login screen till we have scopes
-export const scope = 'atproto repo:dev.npmx.feed.like'
+// export const scope = 'atproto'
+export const scope = `atproto ${LIKES_SCOPE}`
 
 export function getOauthClientMetadata() {
   const dev = import.meta.dev

shared/utils/constants.ts

@@ -1,3 +1,5 @@
+import * as dev from '#shared/types/lexicons/dev'
+
 // Duration
 export const CACHE_MAX_AGE_ONE_MINUTE = 60
 export const CACHE_MAX_AGE_FIVE_MINUTES = 60 * 5
@@ -25,6 +27,7 @@ export const ERROR_SKILL_FILE_NOT_FOUND = 'Skill file not found.'
 export const ERROR_GRAVATAR_FETCH_FAILED = 'Failed to fetch Gravatar profile.'
 /** @public */
 export const ERROR_GRAVATAR_EMAIL_UNAVAILABLE = "User's email not accessible."
+export const ERROR_NEED_REAUTH = 'User needs to reauthenticate'
 
 // microcosm services
 export const CONSTELLATION_HOST = 'constellation.microcosm.blue'
@@ -34,6 +37,8 @@ export const SLINGSHOT_HOST = 'slingshot.microcosm.blue'
 // Refrences used to link packages to things that are not inherently atproto
 export const PACKAGE_SUBJECT_REF = (packageName: string) =>
   `https://npmx.dev/package/${packageName}`
+// OAuth scopes as we add new ones we need to check these on certain actions. If not redirect the user to login again to upgrade the scopes
+export const LIKES_SCOPE = `repo:${dev.npmx.feed.like.$nsid}`
 
 // Theming
 export const ACCENT_COLORS = {