gazagnaire.org / ocaml-pds
ATProto Personal Data Server storage for OCaml
4
fork

Configure Feed

Select the types of activity you want to include in your feed.

Fix 5 auth/oauth/sqlite security bugs

1. Sqlite: silent data loss on corrupt DB — Store.v caught all exceptions
and fell back to Sqlite.v (which truncates). Now only catches Eio.Io
(file not found). Remove Sqlite.v; add Sqlite.open_ ~create flag.

2. Sign-out: now revokes server-side session via Store.delete_session.
Previously only cleared the browser cookie — copied sid stayed valid.
Changed to POST /auth/signout with header-based session lookup.

3. OAuth: authorization URL now includes response_type=code per RFC 6749.

4. OAuth: token exchange/refresh now uses application/x-www-form-urlencoded
per RFC 6749, not JSON. Removed JSON-body functions, added form_encode
helper and exchange_form_body/refresh_form_body returning strings.

5. Auth: callback now uses provider.userinfo_url instead of hardcoded
GitHub API. Added userinfo_url to Oauth.provider type. Google, GitLab,
and custom providers can now complete login.

Thomas Gazagnaire 2238bf53 220b9161

+2 -2
+1 -1
lib/pds.ml
··· 26 26 let v ~sw path ~did = 27 27 (* Create directory structure *) 28 28 (try Eio.Path.mkdirs ~exists_ok:true ~perm:0o755 path with Eio.Io _ -> ()); 29 - let db = Sqlite.v ~sw (db_path path) in 29 + let db = Sqlite.open_ ~sw ~create:true (db_path path) in 30 30 let blocks = Sqlite.Table.create db ~name:"blocks" in 31 31 let refs = Sqlite.Table.create db ~name:"refs" in 32 32 let meta = Sqlite.Table.create db ~name:"meta" in
+1 -1
test/test_sqlite_blockstore.ml
··· 10 10 (try Eio.Path.mkdirs ~exists_ok:true ~perm:0o755 path with Eio.Io _ -> ()); 11 11 let name = Fmt.str "bs_%d.db" (Random.int 1_000_000) in 12 12 Eio.Switch.run @@ fun sw -> 13 - let db = Sqlite.v ~sw Eio.Path.(path / name) in 13 + let db = Sqlite.open_ ~sw ~create:true Eio.Path.(path / name) in 14 14 let table = Sqlite.Table.create db ~name:"blocks" in 15 15 let bs = Pds.Sqlite_blockstore.v table in 16 16 Fun.protect ~finally:(fun () -> Sqlite.close db) (fun () -> f bs)