chore: protect oauthClient usages

Author: userquin

server/api/auth/atproto.get.ts

@@ -80,7 +80,14 @@ export default defineEventHandler(async event => {
     // Handle callback
     try {
       const params = new URLSearchParams(query as Record<string, string>)
-      const result = await event.context.oauthClient.callback(params)
+      const result = await event.context.oauthClient?.callback(params)
+      if (!result) {
+        return handleApiError('Failed to initiate authentication', {
+          statusCode: 401,
+          statusMessage: 'Unauthorized',
+          message: `Failed to initiate authentication. Please login and try again.`,
+        })
+      }
       try {
         const state = decodeOAuthState(event, result.state)
         const profile = await getMiniProfile(result.session)

server/plugins/oauth-client.ts

@@ -4,12 +4,18 @@ import type { NodeOAuthClient } from '@atproto/oauth-client-node'
  * Creates a long living instance of the NodeOAuthClient.
  */
 export default defineNitroPlugin(async nitroApp => {
-  const oauthClient = await getNodeOAuthClient()
+  try {
+    const oauthClient = await getNodeOAuthClient()
 
-  // Attach to event context for access in composables via useRequestEvent()
-  nitroApp.hooks.hook('request', event => {
-    event.context.oauthClient = oauthClient
-  })
+    // Attach to event context for access in composables via useRequestEvent()
+    nitroApp.hooks.hook('request', event => {
+      event.context.oauthClient = oauthClient
+    })
+  } catch (e) {
+    if (!import.meta.test) {
+      throw e
+    }
+  }
 })
 
 // Extend the H3EventContext type

server/utils/atproto/oauth.ts

@@ -90,7 +90,7 @@ export async function loadJWKs(): Promise<Keyset | undefined> {
   // under a new variable and update here
   const jwkOne = useRuntimeConfig().oauthJwkOne
   if (!jwkOne) {
-    if (import.meta.test) {
+    if (!import.meta.test) {
       // eslint-disable-next-line no-console
       console.error('Failed to load JWKs (not set).')
     }
@@ -100,14 +100,8 @@ export async function loadJWKs(): Promise<Keyset | undefined> {
   // For multiple keys if we need to rotate
   // const keys = await Promise.all([JoseKey.fromImportable(jwkOne)])
 
-  try {
-    const keys = await JoseKey.fromImportable(jwkOne)
-    return new Keyset([keys])
-  } catch (e) {
-    // eslint-disable-next-line no-console
-    console.error('Failed to load JWKs.', e)
-    return undefined
-  }
+  const keys = await JoseKey.fromImportable(jwkOne)
+  return new Keyset([keys])
 }
 
 async function getOAuthSession(event: H3Event): Promise<{
@@ -123,7 +117,7 @@ async function getOAuthSession(event: H3Event): Promise<{
       return { oauthSession: undefined, serverSession }
     }
 
-    const oauthSession = await event.context.oauthClient.restore(currentSession.public.did)
+    const oauthSession = await event.context.oauthClient?.restore(currentSession.public.did)
     return { oauthSession, serverSession }
   } catch (error) {
     // Log error safely without using util.inspect on potentially problematic objects