evan.jarrett.net / at-container-registry
A container registry that uses the AT Protocol for manifest storage and S3 for blob storage. atcr.io
docker container atproto go
80
fork

Configure Feed

Select the types of activity you want to include in your feed.

more oauth fixes for hold and appview

Evan Jarrett eab91882 34ace405

+32 -6
+16
cmd/appview/serve.go
··· 3 3 import ( 4 4 "context" 5 5 "database/sql" 6 + "encoding/json" 6 7 "fmt" 7 8 "html/template" 8 9 "net/http" ··· 201 202 mux.HandleFunc("/auth/oauth/authorize", oauthServer.ServeAuthorize) 202 203 mux.HandleFunc("/auth/oauth/callback", oauthServer.ServeCallback) 203 204 205 + // OAuth client metadata endpoint 206 + mux.HandleFunc("/client-metadata.json", func(w http.ResponseWriter, r *http.Request) { 207 + // Get the client config from the OAuth app 208 + config := oauth.NewClientConfig(baseURL) 209 + metadata := config.ClientMetadata() 210 + 211 + // Serve as JSON 212 + w.Header().Set("Content-Type", "application/json") 213 + w.Header().Set("Access-Control-Allow-Origin", "*") 214 + if err := json.NewEncoder(w).Encode(metadata); err != nil { 215 + http.Error(w, "Failed to encode metadata", http.StatusInternalServerError) 216 + } 217 + }) 218 + 204 219 // Note: Indigo handles OAuth state cleanup internally via its store 205 220 206 221 // Mount auth endpoints if enabled ··· 227 242 fmt.Printf(" - Device Auth: /auth/device/token\n") 228 243 fmt.Printf(" - OAuth: /auth/oauth/authorize\n") 229 244 fmt.Printf(" - OAuth: /auth/oauth/callback\n") 245 + fmt.Printf(" - OAuth Meta: /client-metadata.json\n") 230 246 } 231 247 232 248 // Create HTTP server
+16 -6
cmd/hold/main.go
··· 763 763 mux.HandleFunc("/put-presigned-url", service.HandlePutPresignedURL) 764 764 mux.HandleFunc("/move", service.HandleMove) 765 765 766 + // Pre-register OAuth callback route (will be populated by auto-registration) 767 + var oauthCallbackHandler http.HandlerFunc 768 + mux.HandleFunc("/auth/oauth/callback", func(w http.ResponseWriter, r *http.Request) { 769 + if oauthCallbackHandler != nil { 770 + oauthCallbackHandler(w, r) 771 + } else { 772 + http.Error(w, "OAuth callback not initialized", http.StatusServiceUnavailable) 773 + } 774 + }) 775 + 766 776 // OAuth client metadata endpoint for ATProto OAuth 767 777 // The hold service serves its metadata at /client-metadata.json 768 778 // This is referenced by its client ID URL ··· 823 833 824 834 // Auto-register if owner DID is set (now that server is running) 825 835 if cfg.Registration.OwnerDID != "" { 826 - if err := service.AutoRegister(); err != nil { 836 + if err := service.AutoRegister(&oauthCallbackHandler); err != nil { 827 837 log.Printf("WARNING: Auto-registration failed: %v", err) 828 838 log.Printf("You can register manually later using the /register endpoint") 829 839 } else { ··· 974 984 975 985 // AutoRegister registers this hold service in the owner's PDS 976 986 // Checks if already registered first, then does OAuth if needed 977 - func (s *HoldService) AutoRegister() error { 987 + func (s *HoldService) AutoRegister(callbackHandler *http.HandlerFunc) error { 978 988 reg := &s.config.Registration 979 989 publicURL := s.config.Server.PublicURL 980 990 ··· 1033 1043 log.Printf("Starting OAuth registration for hold service") 1034 1044 log.Printf("Public URL: %s", publicURL) 1035 1045 1036 - return s.registerWithOAuth(publicURL, handle, reg.OwnerDID, pdsEndpoint) 1046 + return s.registerWithOAuth(publicURL, handle, reg.OwnerDID, pdsEndpoint, callbackHandler) 1037 1047 } 1038 1048 1039 1049 // registerWithOAuth performs OAuth flow and registers the hold 1040 - func (s *HoldService) registerWithOAuth(publicURL, handle, did, pdsEndpoint string) error { 1050 + func (s *HoldService) registerWithOAuth(publicURL, handle, did, pdsEndpoint string, callbackHandler *http.HandlerFunc) error { 1041 1051 // Define the scopes we need for hold registration 1042 1052 holdScopes := []string{ 1043 1053 "atproto", ··· 1078 1088 handle, 1079 1089 holdScopes, // Pass hold-specific scopes 1080 1090 func(handler http.HandlerFunc) error { 1081 - // Register callback on existing server (persistent server pattern) 1082 - http.HandleFunc("/auth/oauth/callback", handler) 1091 + // Populate the pre-registered callback handler 1092 + *callbackHandler = handler 1083 1093 return nil 1084 1094 }, 1085 1095 func(authURL string) error {