Should be state store as well

fatfingers23 · fatfingers23 · commit 67e5787b7934 · 2026-02-14T18:08:49.000-06:00
diff --git a/server/utils/atproto/oauth-state-store.ts b/server/utils/atproto/oauth-state-store.ts
@@ -11,26 +11,35 @@ export class OAuthStateStore implements NodeSavedStateStore {
     this.serverSession = session
   }
 
-  private createAKey(did: string, sessionId: string) {
+  private createStorageKey(did: string, sessionId: string) {
     return `state:${did}:${sessionId}`
   }
 
-  async get(): Promise<NodeSavedState | undefined> {
+  async get(key: string): Promise<NodeSavedState | undefined> {
     const serverSessionData = this.serverSession.data
     if (!serverSessionData) return undefined
-    return serverSessionData.oauthState
+    if (!serverSessionData.oauthStateId) return undefined
+    const state = await this.storage.getItem<NodeSavedState>(
+      this.createStorageKey(key, serverSessionData.oauthStateId),
+    )
+    return state ?? undefined
   }
 
   async set(key: string, val: NodeSavedState) {
-    // We are ignoring the key since the mapping is already done in the session
+    let stateId = crypto.randomUUID()
     await this.serverSession.update({
-      oauthState: val,
+      oauthStateId: stateId,
     })
+    await this.storage.setItem<NodeSavedState>(this.createStorageKey(key, stateId), val)
   }
 
-  async del() {
+  async del(key: string) {
+    const serverSessionData = this.serverSession.data
+    if (!serverSessionData) return undefined
+    if (!serverSessionData.oauthStateId) return undefined
+    await this.storage.removeItem(this.createStorageKey(key, serverSessionData.oauthStateId))
     await this.serverSession.update({
-      oauthState: undefined,
+      oauthStateId: undefined,
     })
   }
 }
diff --git a/shared/types/userSession.ts b/shared/types/userSession.ts
@@ -1,5 +1,3 @@
-import type { NodeSavedSession, NodeSavedState } from '@atproto/oauth-client-node'
-
 export interface UserServerSession {
   public?:
     | {
@@ -9,13 +7,7 @@ export interface UserServerSession {
         avatar?: string
       }
     | undefined
-  // Only to be used in the atproto session and state stores
-  // Will need to change to Record<string, T> and add a current logged in user if we ever want to support
-  // multiple did logins per server session
-  oauthSession?: NodeSavedSession | undefined
-  oauthState?: NodeSavedState | undefined
-  // TODO: This todo is a place holder to rememebr to clean this up after this current oauth change
-  //
-  // Will most likely be crypto.randomUUID() and the did
+  // These values are tied to the users browser session and used by atproto OAuth
   oauthSessionId?: string | undefined
+  oauthStateId?: string | undefined
 }
