Commits
Signed-off-by: Will <did:plc:dadhhalkfcq3gucaq25hjqon>
Signed-off-by: Will <did:plc:dadhhalkfcq3gucaq25hjqon>
Signed-off-by: Will <did:plc:dadhhalkfcq3gucaq25hjqon>
Signed-off-by: Will <did:plc:dadhhalkfcq3gucaq25hjqon>
Signed-off-by: Will <did:plc:dadhhalkfcq3gucaq25hjqon>
* feat: account switcher
* fix(account-switch): merge redirect query params safely
Parse redirect targets and query_params with net/url, then merge into a single encoded query string to avoid malformed URLs when next already has a query or query_params starts with ?.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* perf(session): avoid duplicate account lookups
Reuse a single session-account fetch path for signin/account/oauth authorize flows by returning both the active repo and account list from one helper.
This removes repeated per-account queries on page render while preserving existing behavior.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix(auth): distinguish unauthenticated vs backend session errors
Introduce ErrSessionUnauthenticated and treat only that case as a signin redirect.
Return server errors for account/session lookup failures in account and oauth authorize/revoke flows so backend issues are not masked as re-login prompts.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix(pr-review): address remaining account/oath review issues
Populate authorize/account template render data for all paths, harden account switch against cross-site POSTs, and apply consistent account session cookie options on save.
Also fix pointer-to-range-variable in session account lookup.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix(pr-review): resolve remaining template/session threads
Use explicit .Repo.Did in account switcher templates to avoid ambiguous embedded Did fields in RepoActor.
Reuse the already-loaded session in oauth authorize by adding a helper variant that accepts an existing session instead of re-fetching it.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Will Andrews <will7989@hotmail.com>
Signed-off-by: Will Andrews <will7989@hotmail.com>
* build(docker): create alpine based image
* docs(readme): use alpine-based docker image
* Switch to the new repo lib
* Fix nil pointer
* caching
* clean
* fix: empty array nil
* use make for array init
---------
Co-authored-by: Hailey <me@haileyok.com>
Instead of returning an error when encountering an empty or invalid CID,
log the error and continue processing the remaining blobs.
* feat: log level configuration
Add a new `--log-level` flag to configure the logging level for the
server. The flag accepts values: debug, info, warn, and error. The
default log level is set to info. The log level is passed to the server
and used to filter log messages based on the configured level.
* fix: log level arg
* feat: configurable session cookie key
* chore: fmt
Signed-off-by: Will Andrews <will7989@hotmail.com>
Co-authored-by: Scan <103391616+scanash00@users.noreply.github.com>
Bumps [github.com/lestrrat-go/jwx/v2](https://github.com/lestrrat-go/jwx) from 2.0.12 to 2.0.21.
- [Release notes](https://github.com/lestrrat-go/jwx/releases)
- [Changelog](https://github.com/lestrrat-go/jwx/blob/v2.0.21/Changes)
- [Commits](https://github.com/lestrrat-go/jwx/compare/v2.0.12...v2.0.21)
---
updated-dependencies:
- dependency-name: github.com/lestrrat-go/jwx/v2
dependency-version: 2.0.21
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.5.0 to 5.5.4.
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v5.5.0...v5.5.4)
---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
dependency-version: 5.5.4
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Will Andrews <did:plc:dadhhalkfcq3gucaq25hjqon>
Signed-off-by: Will Andrews <did:plc:dadhhalkfcq3gucaq25hjqon>
Signed-off-by: Will Andrews <did:plc:dadhhalkfcq3gucaq25hjqon>
Signed-off-by: Will Andrews <did:plc:dadhhalkfcq3gucaq25hjqon>
Signed-off-by: Will Andrews <did:plc:dadhhalkfcq3gucaq25hjqon>
* cleanup logger usages and add some metrics
* add some basic metrics
* implement queryLabels
* add a COCOON_REQUIRE_INVITE env to make invite codes be able to not be required (still required by default)
* handle handles for http requests and stuff
This prevents a potential, although unlikely, issue where an account is left in an invalid state due to one or more delete operations failing. This would prevent a user from being able to delete their account on the network without manual intervention.
* feat: implement listMissingBlobs endpoint properly
* fix: properly extract blobs using atdata.ExtractBlobs
* actually fully functional now :p
* feat: complete and make reserveSigningKey, fix getServiceAuth based on atproto spec and mark it as done in the readme
* implement deleteAccount
* requestAccountDelete was also added
* THIS should actually fix it
* fix: update DPoP error handling to set WWW-Authenticate header
* Add COCOON_S3_CDN_URL for direct S3 blob redirects instead of proxying through the PDS
* This should be the last fix for this issue hopefully
* fix response so it gets a new access token after the token expires
* init
* implement listmissingblobs
* Update README to mark listMissingBlobs as completed
* e
* Update README.md
Co-authored-by: hailey <hailey@blueskyweb.xyz>
---------
Co-authored-by: hailey <hailey@blueskyweb.xyz>
Signed-off-by: Will <did:plc:dadhhalkfcq3gucaq25hjqon>
* feat: account switcher
* fix(account-switch): merge redirect query params safely
Parse redirect targets and query_params with net/url, then merge into a single encoded query string to avoid malformed URLs when next already has a query or query_params starts with ?.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* perf(session): avoid duplicate account lookups
Reuse a single session-account fetch path for signin/account/oauth authorize flows by returning both the active repo and account list from one helper.
This removes repeated per-account queries on page render while preserving existing behavior.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix(auth): distinguish unauthenticated vs backend session errors
Introduce ErrSessionUnauthenticated and treat only that case as a signin redirect.
Return server errors for account/session lookup failures in account and oauth authorize/revoke flows so backend issues are not masked as re-login prompts.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix(pr-review): address remaining account/oath review issues
Populate authorize/account template render data for all paths, harden account switch against cross-site POSTs, and apply consistent account session cookie options on save.
Also fix pointer-to-range-variable in session account lookup.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix(pr-review): resolve remaining template/session threads
Use explicit .Repo.Did in account switcher templates to avoid ambiguous embedded Did fields in RepoActor.
Reuse the already-loaded session in oauth authorize by adding a helper variant that accepts an existing session instead of re-fetching it.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat: log level configuration
Add a new `--log-level` flag to configure the logging level for the
server. The flag accepts values: debug, info, warn, and error. The
default log level is set to info. The log level is passed to the server
and used to filter log messages based on the configured level.
* fix: log level arg
Bumps [github.com/lestrrat-go/jwx/v2](https://github.com/lestrrat-go/jwx) from 2.0.12 to 2.0.21.
- [Release notes](https://github.com/lestrrat-go/jwx/releases)
- [Changelog](https://github.com/lestrrat-go/jwx/blob/v2.0.21/Changes)
- [Commits](https://github.com/lestrrat-go/jwx/compare/v2.0.12...v2.0.21)
---
updated-dependencies:
- dependency-name: github.com/lestrrat-go/jwx/v2
dependency-version: 2.0.21
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.5.0 to 5.5.4.
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v5.5.0...v5.5.4)
---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
dependency-version: 5.5.4
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: implement listMissingBlobs endpoint properly
* fix: properly extract blobs using atdata.ExtractBlobs
* actually fully functional now :p
* feat: complete and make reserveSigningKey, fix getServiceAuth based on atproto spec and mark it as done in the readme
* implement deleteAccount
* requestAccountDelete was also added
* THIS should actually fix it
* fix: update DPoP error handling to set WWW-Authenticate header
* Add COCOON_S3_CDN_URL for direct S3 blob redirects instead of proxying through the PDS
* This should be the last fix for this issue hopefully
* fix response so it gets a new access token after the token expires