WIP! A BB-style forum, on the ATmosphere!
We're still working... we'll be back soon when we have something to show off!
node
typescript
hono
htmx
atproto
1import { Hono } from "hono";
2
3/**
4 * POST /logout → calls AppView logout, clears cookie, redirects to /
5 */
6export function createAuthRoutes(appviewUrl: string) {
7 return new Hono()
8 /**
9 * POST /logout — logout should be a POST (not a link) to prevent CSRF.
10 *
11 * Calls AppView's logout endpoint to revoke tokens and clean up the
12 * server-side session, then clears the cookie on the web UI's domain and
13 * redirects to the homepage.
14 */
15 .post("/logout", async (c) => {
16 const cookieHeader = c.req.header("cookie") ?? "";
17
18 try {
19 const logoutRes = await fetch(`${appviewUrl}/api/auth/logout`, {
20 headers: { Cookie: cookieHeader },
21 });
22
23 if (!logoutRes.ok) {
24 console.error("Auth proxy: AppView logout returned non-ok status", {
25 operation: "POST /logout",
26 status: logoutRes.status,
27 });
28 }
29 } catch (error) {
30 if (
31 error instanceof TypeError ||
32 error instanceof ReferenceError ||
33 error instanceof SyntaxError
34 ) {
35 throw error; // Re-throw programming errors — don't hide code bugs
36 }
37 console.error("Auth proxy: Failed to call AppView logout", {
38 operation: "POST /logout",
39 error: error instanceof Error ? error.message : String(error),
40 });
41 // Continue — still clear local cookie
42 }
43
44 const headers = new Headers();
45 headers.set(
46 "set-cookie",
47 "atbb_session=; Path=/; HttpOnly; Max-Age=0; SameSite=Lax"
48 );
49 headers.set("location", "/");
50
51 return new Response(null, { status: 303, headers });
52 });
53}