moved to a defineEventHandler

fatfingers23 · fatfingers23 · commit 86fb98a6a415 · 2026-01-29T14:22:45.000-06:00
diff --git a/server/api/auth/session.delete.ts b/server/api/auth/session.delete.ts
@@ -1,10 +1,11 @@
-export default defineEventHandler(async event => {
+import { eventHandlerWithOAuthSession } from '#server/utils/atproto'
+
+export default eventHandlerWithOAuthSession(async (event, oAuthSession) => {
   const session = await useSession(event, {
     password: process.env.NUXT_SESSION_PASSWORD as string,
   })
 
-  let oauthSession = await event.context.getOAuthSession()
-  await oauthSession?.signOut()
+  await oAuthSession?.signOut()
   await session.clear()
 
   return 'Session cleared'
diff --git a/server/plugins/atproto-session.ts b/server/plugins/atproto-session.ts
diff --git a/server/utils/atproto.ts b/server/utils/atproto.ts
@@ -1,7 +1,11 @@
 import type { OAuthClientMetadataInput } from '@atproto/oauth-client-node'
+import type { EventHandlerRequest, H3Event } from 'h3'
+import type { OAuthSession } from '@atproto/oauth-client-node'
+import { NodeOAuthClient } from '@atproto/oauth-client-node'
+import { SessionStore, StateStore } from '#server/api/auth/atproto.get'
 
-// TODO: limit scope as features gets added
-export const scope = 'atproto transition:generic'
+// TODO: limit scope as features gets added. atproto just allows login so no scary login screen till we have scopes
+export const scope = 'atproto'
 
 export function getOauthClientMetadata() {
   const dev = import.meta.dev
@@ -26,3 +30,35 @@ export function getOauthClientMetadata() {
     dpop_bound_access_tokens: true,
   } as OAuthClientMetadataInput
 }
+
+type EventHandlerWithOAuthSession<T extends EventHandlerRequest, D> = (
+  event: H3Event<T>,
+  session: OAuthSession | undefined,
+) => Promise<D>
+
+async function getOAuthSession(event: H3Event): Promise<OAuthSession | undefined> {
+  const clientMetadata = getOauthClientMetadata()
+  const stateStore = new StateStore(event)
+  const sessionStore = new SessionStore(event)
+
+  const client = new NodeOAuthClient({
+    stateStore,
+    sessionStore,
+    clientMetadata,
+  })
+
+  const currentSession = await sessionStore.get()
+  if (!currentSession) return undefined
+
+  // restore using the subject
+  return await client.restore(currentSession.tokenSet.sub)
+}
+
+export function eventHandlerWithOAuthSession<T extends EventHandlerRequest, D>(
+  handler: EventHandlerWithOAuthSession<T, D>,
+) {
+  return defineEventHandler(async event => {
+    const oAuthSession = await getOAuthSession(event)
+    return await handler(event, oAuthSession)
+  })
+}
