+17

src/Events/TokenRefreshed.php

reviewed

··· 1 1 + <?php 2 2 + 3 3 + namespace SocialDept\AtpClient\Events; 4 4 + 5 5 + use Illuminate\Foundation\Events\Dispatchable; 6 6 + use Illuminate\Queue\SerializesModels; 7 7 + use SocialDept\AtpClient\Data\AccessToken; 8 8 + 9 9 + class TokenRefreshed 10 10 + { 11 11 + use Dispatchable, SerializesModels; 12 12 + 13 13 + public function __construct( 14 14 + public readonly string $identifier, 15 15 + public readonly AccessToken $token, 16 16 + ) {} 17 17 + }

+16

src/Events/TokenRefreshing.php

reviewed

··· 1 1 + <?php 2 2 + 3 3 + namespace SocialDept\AtpClient\Events; 4 4 + 5 5 + use Illuminate\Foundation\Events\Dispatchable; 6 6 + use Illuminate\Queue\SerializesModels; 7 7 + 8 8 + class TokenRefreshing 9 9 + { 10 10 + use Dispatchable, SerializesModels; 11 11 + 12 12 + public function __construct( 13 13 + public readonly string $identifier, 14 14 + public readonly string $refreshToken, 15 15 + ) {} 16 16 + }

+7

src/Exceptions/SessionExpiredException.php

reviewed

··· 1 1 + <?php 2 2 + 3 3 + namespace SocialDept\AtpClient\Exceptions; 4 4 + 5 5 + class SessionExpiredException extends \Exception 6 6 + { 7 7 + }

+60

src/Session/Session.php

reviewed

··· 1 1 + <?php 2 2 + 3 3 + namespace SocialDept\AtpClient\Session; 4 4 + 5 5 + use SocialDept\AtpClient\Data\Credentials; 6 6 + use SocialDept\AtpClient\Data\DPoPKey; 7 7 + 8 8 + class Session 9 9 + { 10 10 + public function __construct( 11 11 + protected Credentials $credentials, 12 12 + protected DPoPKey $dpopKey, 13 13 + protected string $pdsEndpoint, 14 14 + ) {} 15 15 + 16 16 + public function identifier(): string 17 17 + { 18 18 + return $this->credentials->identifier; 19 19 + } 20 20 + 21 21 + public function did(): string 22 22 + { 23 23 + return $this->credentials->did; 24 24 + } 25 25 + 26 26 + public function accessToken(): string 27 27 + { 28 28 + return $this->credentials->accessToken; 29 29 + } 30 30 + 31 31 + public function refreshToken(): string 32 32 + { 33 33 + return $this->credentials->refreshToken; 34 34 + } 35 35 + 36 36 + public function dpopKey(): DPoPKey 37 37 + { 38 38 + return $this->dpopKey; 39 39 + } 40 40 + 41 41 + public function pdsEndpoint(): string 42 42 + { 43 43 + return $this->pdsEndpoint; 44 44 + } 45 45 + 46 46 + public function isExpired(): bool 47 47 + { 48 48 + return $this->credentials->isExpired(); 49 49 + } 50 50 + 51 51 + public function expiresIn(): int 52 52 + { 53 53 + return $this->credentials->expiresIn(); 54 54 + } 55 55 + 56 56 + public function withCredentials(Credentials $credentials): self 57 57 + { 58 58 + return new self($credentials, $this->dpopKey, $this->pdsEndpoint); 59 59 + } 60 60 + }

+140

src/Session/SessionManager.php

reviewed

··· 1 1 + <?php 2 2 + 3 3 + namespace SocialDept\AtpClient\Session; 4 4 + 5 5 + use Illuminate\Http\Client\Factory as HttpClient; 6 6 + use SocialDept\AtpClient\Auth\DPoPKeyManager; 7 7 + use SocialDept\AtpClient\Auth\TokenRefresher; 8 8 + use SocialDept\AtpClient\Contracts\CredentialProvider; 9 9 + use SocialDept\AtpClient\Contracts\KeyStore; 10 10 + use SocialDept\AtpClient\Data\AccessToken; 11 11 + use SocialDept\AtpClient\Events\TokenRefreshed; 12 12 + use SocialDept\AtpClient\Events\TokenRefreshing; 13 13 + use SocialDept\AtpClient\Exceptions\AuthenticationException; 14 14 + use SocialDept\AtpClient\Exceptions\SessionExpiredException; 15 15 + use SocialDept\AtpResolver\Facades\Resolver; 16 16 + 17 17 + class SessionManager 18 18 + { 19 19 + protected array $sessions = []; 20 20 + 21 21 + public function __construct( 22 22 + protected CredentialProvider $credentials, 23 23 + protected TokenRefresher $refresher, 24 24 + protected DPoPKeyManager $dpopManager, 25 25 + protected KeyStore $keyStore, 26 26 + protected HttpClient $http, 27 27 + protected int $refreshThreshold = 300, // 5 minutes 28 28 + ) {} 29 29 + 30 30 + /** 31 31 + * Get or create session for identifier 32 32 + */ 33 33 + public function session(string $identifier): Session 34 34 + { 35 35 + if (! isset($this->sessions[$identifier])) { 36 36 + $this->sessions[$identifier] = $this->createSession($identifier); 37 37 + } 38 38 + 39 39 + return $this->sessions[$identifier]; 40 40 + } 41 41 + 42 42 + /** 43 43 + * Ensure session is valid, refresh if needed 44 44 + */ 45 45 + public function ensureValid(string $identifier): Session 46 46 + { 47 47 + $session = $this->session($identifier); 48 48 + 49 49 + // Check if token needs refresh 50 50 + if ($session->expiresIn() < $this->refreshThreshold) { 51 51 + $session = $this->refreshSession($session); 52 52 + } 53 53 + 54 54 + return $session; 55 55 + } 56 56 + 57 57 + /** 58 58 + * Create session from app password 59 59 + */ 60 60 + public function fromAppPassword( 61 61 + string $identifier, 62 62 + string $password 63 63 + ): Session { 64 64 + $pdsEndpoint = Resolver::resolvePds($identifier); 65 65 + 66 66 + $response = $this->http->post($pdsEndpoint.'/xrpc/com.atproto.server.createSession', [ 67 67 + 'identifier' => $identifier, 68 68 + 'password' => $password, 69 69 + ]); 70 70 + 71 71 + if ($response->failed()) { 72 72 + throw new AuthenticationException('Login failed'); 73 73 + } 74 74 + 75 75 + $token = AccessToken::fromResponse($response->json()); 76 76 + 77 77 + // Store credentials 78 78 + $this->credentials->storeCredentials($identifier, $token); 79 79 + 80 80 + return $this->createSession($identifier); 81 81 + } 82 82 + 83 83 + /** 84 84 + * Create session from credentials 85 85 + */ 86 86 + protected function createSession(string $identifier): Session 87 87 + { 88 88 + $creds = $this->credentials->getCredentials($identifier); 89 89 + 90 90 + if (! $creds) { 91 91 + throw new SessionExpiredException("No credentials found for {$identifier}"); 92 92 + } 93 93 + 94 94 + // Get or create DPoP key 95 95 + $sessionId = 'session_'.hash('sha256', $creds->did); 96 96 + $dpopKey = $this->keyStore->get($sessionId); 97 97 + 98 98 + if (! $dpopKey) { 99 99 + $dpopKey = $this->dpopManager->generateKey($sessionId); 100 100 + } 101 101 + 102 102 + // Resolve PDS endpoint 103 103 + $pdsEndpoint = Resolver::resolvePds($creds->did); 104 104 + 105 105 + return new Session($creds, $dpopKey, $pdsEndpoint); 106 106 + } 107 107 + 108 108 + /** 109 109 + * Refresh session tokens 110 110 + */ 111 111 + protected function refreshSession(Session $session): Session 112 112 + { 113 113 + // Fire event before refresh (allows developers to invalidate old token) 114 114 + event(new TokenRefreshing($session->identifier(), $session->refreshToken())); 115 115 + 116 116 + $newToken = $this->refresher->refresh( 117 117 + refreshToken: $session->refreshToken(), 118 118 + pdsEndpoint: $session->pdsEndpoint(), 119 119 + dpopKey: $session->dpopKey(), 120 120 + ); 121 121 + 122 122 + // Update credentials (CRITICAL: refresh tokens are single-use) 123 123 + $this->credentials->updateCredentials( 124 124 + $session->identifier(), 125 125 + $newToken 126 126 + ); 127 127 + 128 128 + // Fire event after successful refresh 129 129 + event(new TokenRefreshed($session->identifier(), $newToken)); 130 130 + 131 131 + // Update session 132 132 + $newCreds = $this->credentials->getCredentials($session->identifier()); 133 133 + $newSession = $session->withCredentials($newCreds); 134 134 + 135 135 + // Update cached session 136 136 + $this->sessions[$session->identifier()] = $newSession; 137 137 + 138 138 + return $newSession; 139 139 + } 140 140 + }