redis cache and other updates

fatfingers23 · fatfingers23 · commit b2e887e5e20c · 2026-02-14T18:08:49.000-06:00
diff --git a/server/api/auth/session.get.ts b/server/api/auth/session.get.ts
@@ -1,8 +1,7 @@
 import { PublicUserSessionSchema } from '#shared/schemas/publicUserSession'
 import { safeParse } from 'valibot'
 
-export default defineEventHandler(async event => {
-  const serverSession = await useServerSession(event)
+export default eventHandlerWithOAuthSession(async (event, _, serverSession) => {
   const result = safeParse(PublicUserSessionSchema, serverSession.data.public)
   if (!result.success) {
     return null
diff --git a/server/utils/atproto/oauth-session-store.ts b/server/utils/atproto/oauth-session-store.ts
@@ -3,12 +3,18 @@ import type { UserServerSession } from '#shared/types/userSession'
 import type { SessionManager } from 'h3'
 import { OAUTH_CACHE_STORAGE_BASE } from '#server/utils/atproto/storage'
 
+// Refresh tokens from a confidential client should last for 180 days, each new refresh of access token resets
+// the expiration with the new refresh token. Shorting to 179 days to keep it a bit simpler since we rely on redis to clear sessions
+// Note: This expiration only lasts this long in production. Local dev is 2 weeks
+const SESSION_EXPIRATION = CACHE_MAX_AGE_ONE_DAY * 179
+
 export class OAuthSessionStore implements NodeSavedSessionStore {
   private readonly serverSession: SessionManager<UserServerSession>
-  private readonly storage = useStorage(OAUTH_CACHE_STORAGE_BASE)
+  private readonly cache: CacheAdapter
 
   constructor(session: SessionManager<UserServerSession>) {
     this.serverSession = session
+    this.cache = getCacheAdapter(OAUTH_CACHE_STORAGE_BASE)
   }
 
   private createStorageKey(did: string, sessionId: string) {
@@ -23,7 +29,7 @@ export class OAuthSessionStore implements NodeSavedSessionStore {
       return undefined
     }
 
-    let session = await this.storage.getItem<NodeSavedSession>(
+    let session = await this.cache.get<NodeSavedSession>(
       this.createStorageKey(key, serverSessionData.oauthSessionId),
     )
     return session ?? undefined
@@ -41,7 +47,14 @@ export class OAuthSessionStore implements NodeSavedSessionStore {
       sessionId = serverSessionData.oauthSessionId
     }
     try {
-      await this.storage.setItem<NodeSavedSession>(this.createStorageKey(key, sessionId), val)
+      await this.cache.set<NodeSavedSession>(
+        this.createStorageKey(key, sessionId),
+        val,
+        SESSION_EXPIRATION,
+      )
+      await this.serverSession.update({
+        lastUpdatedAt: new Date(),
+      })
     } catch (error) {
       // Not sure if this has been happening. But helps with debugging
       console.error(
@@ -59,7 +72,7 @@ export class OAuthSessionStore implements NodeSavedSessionStore {
       console.warn('[oauth session store] No oauthSessionId found in session data')
       return undefined
     }
-    await this.storage.removeItem(this.createStorageKey(key, serverSessionData.oauthSessionId))
+    await this.cache.delete(this.createStorageKey(key, serverSessionData.oauthSessionId))
     await this.serverSession.update({
       oauthSessionId: undefined,
     })
diff --git a/server/utils/atproto/oauth-state-store.ts b/server/utils/atproto/oauth-state-store.ts
@@ -1,14 +1,17 @@
 import type { NodeSavedState, NodeSavedStateStore } from '@atproto/oauth-client-node'
 import type { UserServerSession } from '#shared/types/userSession'
 import type { SessionManager } from 'h3'
-import { OAUTH_CACHE_STORAGE_BASE } from '#server/utils/atproto/storage'
+
+// It is recommended that oauth state is only saved for 30 minutes
+const STATE_EXPIRATION = CACHE_MAX_AGE_ONE_MINUTE * 30
 
 export class OAuthStateStore implements NodeSavedStateStore {
   private readonly serverSession: SessionManager<UserServerSession>
-  private readonly storage = useStorage(OAUTH_CACHE_STORAGE_BASE)
+  private readonly cache: CacheAdapter
 
   constructor(session: SessionManager<UserServerSession>) {
     this.serverSession = session
+    this.cache = getCacheAdapter(OAUTH_CACHE_STORAGE_BASE)
   }
 
   private createStorageKey(did: string, sessionId: string) {
@@ -19,7 +22,7 @@ export class OAuthStateStore implements NodeSavedStateStore {
     const serverSessionData = this.serverSession.data
     if (!serverSessionData) return undefined
     if (!serverSessionData.oauthStateId) return undefined
-    const state = await this.storage.getItem<NodeSavedState>(
+    const state = await this.cache.get<NodeSavedState>(
       this.createStorageKey(key, serverSessionData.oauthStateId),
     )
     return state ?? undefined
@@ -30,14 +33,14 @@ export class OAuthStateStore implements NodeSavedStateStore {
     await this.serverSession.update({
       oauthStateId: stateId,
     })
-    await this.storage.setItem<NodeSavedState>(this.createStorageKey(key, stateId), val)
+    await this.cache.set<NodeSavedState>(this.createStorageKey(key, stateId), val, STATE_EXPIRATION)
   }
 
   async del(key: string) {
     const serverSessionData = this.serverSession.data
     if (!serverSessionData) return undefined
     if (!serverSessionData.oauthStateId) return undefined
-    await this.storage.removeItem(this.createStorageKey(key, serverSessionData.oauthStateId))
+    await this.cache.delete(this.createStorageKey(key, serverSessionData.oauthStateId))
     await this.serverSession.update({
       oauthStateId: undefined,
     })
diff --git a/server/utils/atproto/oauth.ts b/server/utils/atproto/oauth.ts
@@ -156,6 +156,18 @@ export function eventHandlerWithOAuthSession<T extends EventHandlerRequest, D>(
 ) {
   return defineEventHandler(async event => {
     const { oauthSession, serverSession } = await getOAuthSession(event)
+    let oauthSessionId = serverSession.data.oauthSessionId
+
+    // User was authenticated at one point, but was not able to restore
+    // the session to the PDS
+    if (!oauthSession && oauthSessionId) {
+      // cleans up our server side session store
+      await serverSession.clear()
+      throw createError({
+        status: 401,
+        message: 'User needs to re authenticate',
+      })
+    }
 
     return await handler(event, oauthSession, serverSession)
   })
diff --git a/server/utils/server-session.ts b/server/utils/server-session.ts
@@ -14,8 +14,9 @@ export const useServerSession = async (event: H3Event) => {
     throw new Error('Session password is not configured')
   }
 
-  const serverSession = useSession<UserServerSession>(event, {
+  const serverSession = await useSession<UserServerSession>(event, {
     password: config.sessionPassword,
+    maxAge: CACHE_MAX_AGE_ONE_DAY * 179,
   })
 
   return serverSession
diff --git a/shared/types/userSession.ts b/shared/types/userSession.ts
@@ -13,6 +13,8 @@ export interface UserServerSession {
   // These values are tied to the users browser session and used by atproto OAuth
   oauthSessionId?: string | undefined
   oauthStateId?: string | undefined
+  // Last time the oauth session was updated
+  lastUpdatedAt?: Date | undefined
 
   // DO NOT USE
   // Here for historic reasons to redirect users logged in with the previous oauth to login again

Original file line number	Diff line number	Diff line change
`@@ -14,8 +14,9 @@ export const useServerSession = async (event: H3Event) => {`
`14`	`14`	`throw new Error('Session password is not configured')`
`15`	`15`	`}`
`16`	`16`
`17`		`- const serverSession = useSession<UserServerSession>(event, {`
	`17`	`+ const serverSession = await useSession<UserServerSession>(event, {`
`18`	`18`	`password: config.sessionPassword,`
	`19`	`+ maxAge: CACHE_MAX_AGE_ONE_DAY * 179,`
`19`	`20`	`})`
`20`	`21`
`21`	`22`	`return serverSession`