import { db } from '$lib/server/db'; import type { Handle, ServerInit } from '@sveltejs/kit'; import { migrate } from 'drizzle-orm/node-postgres/migrator'; import { env } from '$env/dynamic/private'; import { HOUR } from '@atproto/common'; import { getSessionManager, SessionRestorationError } from '$lib/server/session'; export const init: ServerInit = async () => { // Run Drizzle migrations on server startup await migrate(db, { migrationsFolder: env.MIGRATIONS_FOLDER ?? 'drizzle' }); // Start a background job to clean up state every hour, which is recommended in the oauth docs setInterval(async () => { //TODO prob should do one for the session store as well for expired sessions }, HOUR); // Run every hour }; export const handle: Handle = async ({ event, resolve }) => { const token = event.cookies.get('session') ?? null; if (token === null) { event.locals.session = null; event.locals.atpAgent = null; return resolve(event); } const sessionManager = await getSessionManager(); try { const { atpAgent, did, handle } = await sessionManager.getSessionFromRequest(event); if(atpAgent == null){ event.locals.session = null; event.locals.atpAgent = null; return resolve(event); } // Store atpAgent in locals (server-side only, not serialized) event.locals.atpAgent = atpAgent; // Store only serializable data in session (gets passed to client via load functions) event.locals.session = { did, handle }; } catch (err) { if (err instanceof SessionRestorationError) { //You can propagate this error to the frontend to let your users know their session unexpectedly ended //I opted out of not completely implementing this since everyone may have a different idea of what to do in their apps //For instance I would use the cache to create a flash message that when loaded it deletes and show it on the layout } else { // Unexpected error, re-throw throw err; } event.locals.session = null; event.locals.atpAgent = null; } return resolve(event); };