cuducos.me / at-container-registry
forked from evan.jarrett.net/at-container-registry
A container registry that uses the AT Protocol for manifest storage and S3 for blob storage.
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

more oauth fixes for hold and appview

Evan Jarrett eab91882 34ace405

+32 -6
+16
cmd/appview/serve.go
··· 3 3 import ( 4 4 "context" 5 5 "database/sql" 6 + "encoding/json" 6 7 "fmt" 7 8 "html/template" 8 9 "net/http" ··· 201 202 mux.HandleFunc("/auth/oauth/authorize", oauthServer.ServeAuthorize) 202 203 mux.HandleFunc("/auth/oauth/callback", oauthServer.ServeCallback) 203 204 205 + // OAuth client metadata endpoint 206 + mux.HandleFunc("/client-metadata.json", func(w http.ResponseWriter, r *http.Request) { 207 + // Get the client config from the OAuth app 208 + config := oauth.NewClientConfig(baseURL) 209 + metadata := config.ClientMetadata() 210 + 211 + // Serve as JSON 212 + w.Header().Set("Content-Type", "application/json") 213 + w.Header().Set("Access-Control-Allow-Origin", "*") 214 + if err := json.NewEncoder(w).Encode(metadata); err != nil { 215 + http.Error(w, "Failed to encode metadata", http.StatusInternalServerError) 216 + } 217 + }) 218 + 204 219 // Note: Indigo handles OAuth state cleanup internally via its store 205 220 206 221 // Mount auth endpoints if enabled ··· 227 242 fmt.Printf(" - Device Auth: /auth/device/token\n") 228 243 fmt.Printf(" - OAuth: /auth/oauth/authorize\n") 229 244 fmt.Printf(" - OAuth: /auth/oauth/callback\n") 245 + fmt.Printf(" - OAuth Meta: /client-metadata.json\n") 230 246 } 231 247 232 248 // Create HTTP server
+16 -6
cmd/hold/main.go
··· 763 763 mux.HandleFunc("/put-presigned-url", service.HandlePutPresignedURL) 764 764 mux.HandleFunc("/move", service.HandleMove) 765 765 766 + // Pre-register OAuth callback route (will be populated by auto-registration) 767 + var oauthCallbackHandler http.HandlerFunc 768 + mux.HandleFunc("/auth/oauth/callback", func(w http.ResponseWriter, r *http.Request) { 769 + if oauthCallbackHandler != nil { 770 + oauthCallbackHandler(w, r) 771 + } else { 772 + http.Error(w, "OAuth callback not initialized", http.StatusServiceUnavailable) 773 + } 774 + }) 775 + 766 776 // OAuth client metadata endpoint for ATProto OAuth 767 777 // The hold service serves its metadata at /client-metadata.json 768 778 // This is referenced by its client ID URL ··· 823 833 824 834 // Auto-register if owner DID is set (now that server is running) 825 835 if cfg.Registration.OwnerDID != "" { 826 - if err := service.AutoRegister(); err != nil { 836 + if err := service.AutoRegister(&oauthCallbackHandler); err != nil { 827 837 log.Printf("WARNING: Auto-registration failed: %v", err) 828 838 log.Printf("You can register manually later using the /register endpoint") 829 839 } else { ··· 974 984 975 985 // AutoRegister registers this hold service in the owner's PDS 976 986 // Checks if already registered first, then does OAuth if needed 977 - func (s *HoldService) AutoRegister() error { 987 + func (s *HoldService) AutoRegister(callbackHandler *http.HandlerFunc) error { 978 988 reg := &s.config.Registration 979 989 publicURL := s.config.Server.PublicURL 980 990 ··· 1033 1043 log.Printf("Starting OAuth registration for hold service") 1034 1044 log.Printf("Public URL: %s", publicURL) 1035 1045 1036 - return s.registerWithOAuth(publicURL, handle, reg.OwnerDID, pdsEndpoint) 1046 + return s.registerWithOAuth(publicURL, handle, reg.OwnerDID, pdsEndpoint, callbackHandler) 1037 1047 } 1038 1048 1039 1049 // registerWithOAuth performs OAuth flow and registers the hold 1040 - func (s *HoldService) registerWithOAuth(publicURL, handle, did, pdsEndpoint string) error { 1050 + func (s *HoldService) registerWithOAuth(publicURL, handle, did, pdsEndpoint string, callbackHandler *http.HandlerFunc) error { 1041 1051 // Define the scopes we need for hold registration 1042 1052 holdScopes := []string{ 1043 1053 "atproto", ··· 1078 1088 handle, 1079 1089 holdScopes, // Pass hold-specific scopes 1080 1090 func(handler http.HandlerFunc) error { 1081 - // Register callback on existing server (persistent server pattern) 1082 - http.HandleFunc("/auth/oauth/callback", handler) 1091 + // Populate the pre-registered callback handler 1092 + *callbackHandler = handler 1083 1093 return nil 1084 1094 }, 1085 1095 func(authURL string) error {