draft: check redirect url

server/api/auth/atproto.get.ts

@@ -1,12 +1,12 @@
 import { Agent } from '@atproto/api'
 import { NodeOAuthClient } from '@atproto/oauth-client-node'
 import { createError, getQuery, sendRedirect } from 'h3'
 import { getOAuthLock } from '#server/utils/atproto/lock'
 import { useOAuthStorage } from '#server/utils/atproto/storage'
 import { SLINGSHOT_HOST } from '#shared/utils/constants'
 import { useServerSession } from '#server/utils/server-session'
 import type { PublicUserSession } from '#shared/schemas/publicUserSession'
 import { handleResolver } from '#server/utils/atproto/oauth'
 import { Client } from '@atproto/lex'
 import * as app from '#shared/types/lexicons/app'
 import { ensureValidAtIdentifier } from '@atproto/syntax'
@@ -17,7 +17,7 @@
  * @param pds
  * @returns
  */
 async function getAvatar(did: string, pds: string) {
   let avatar: string | undefined
   try {
     const pdsUrl = new URL(pds)
@@ -54,77 +54,5 @@
 
   const query = getQuery(event)
   const clientMetadata = getOauthClientMetadata()
-  const session = await useServerSession(event)
-  const { stateStore, sessionStore } = useOAuthStorage(session)
-
-  const atclient = new NodeOAuthClient({
-    stateStore,
-    sessionStore,
-    clientMetadata,
-    requestLock: getOAuthLock(),
-    handleResolver,
-  })
-
-  if (!query.code) {
-    try {
-      const handle = query.handle?.toString()
-      const create = query.create?.toString()
-
-      if (!handle) {
-        throw createError({
-          statusCode: 401,
-          message: 'Handle not provided in query',
-        })
-      }
-
-      const redirectUrl = await atclient.authorize(handle, {
-        scope,
-        prompt: create ? 'create' : undefined,
-      })
-      return sendRedirect(event, redirectUrl.toString())
-    } catch (error) {
-      const message = error instanceof Error ? error.message : 'Authentication failed.'
-
-      return handleApiError(error, {
-        statusCode: 401,
-        message: `${message}. Please login and try again.`,
-      })
-    }
-  }
-
-  const { session: authSession } = await atclient.callback(
-    new URLSearchParams(query as Record<string, string>),
-  )
-  const agent = new Agent(authSession)
-  event.context.agent = agent
-
-  const response = await fetch(
-    `https://${SLINGSHOT_HOST}/xrpc/com.bad-example.identity.resolveMiniDoc?identifier=${agent.did}`,
-    { headers: { 'User-Agent': 'npmx' } },
-  )
-  if (response.ok) {
-    const miniDoc: PublicUserSession = await response.json()
-
-    let avatar: string | undefined = await getAvatar(authSession.did, miniDoc.pds)
-
-    await session.update({
-      public: {
-        ...miniDoc,
-        avatar,
-      },
-    })
-  } else {
-    //If slingshot fails we still want to set some key info we need.
-    const pdsBase = (await authSession.getTokenInfo()).aud
-    let avatar: string | undefined = await getAvatar(authSession.did, pdsBase)
-    await session.update({
-      public: {
-        did: authSession.did,
-        handle: 'Not available',
-        pds: pdsBase,
-        avatar,
-      },
-    })
-  }
-  return sendRedirect(event, '/')
+  return clientMetadata
 })