std.pub#

A minimal web UI for managing standard.site publications and documents in a Bluesky PDS.

Project Structure#

src/
  server.ts         - Main Hono server entry point
  lib/
    oauth.ts        - ATProto OAuth client setup with SQLite persistence
    session.ts      - Session management
  routes/
    auth.ts         - Authentication routes (login, callback, logout)
    publication.ts  - Publication CRUD routes
    documents.ts    - Document CRUD routes
  views/
    home.ts         - Home page view
    layouts/
      main.ts       - Main layout template
public/
  styles.css        - Application styles
data/
  oauth.db          - SQLite database for OAuth state and sessions
  private-key.json  - ES256 private key for confidential client auth

Running#

# Development with hot reload
bun run dev

# Production
bun run start

Environment Variables#

• PORT - Server port (default: 8000)
• PUBLIC_URL - Public URL for OAuth callbacks (MUST be HTTPS without custom port for production)
• DATA_DIR - Directory for persistent data (default: ./data)

ATProto OAuth Implementation#

This app is a confidential client using:

• ES256 key for client authentication (stored in data/private-key.json)
• SQLite for session and state persistence
• DPoP bound access tokens
• PAR (Pushed Authorization Requests)

OAuth Endpoints#

• GET /client-metadata.json - OAuth client metadata
• GET /jwks.json - JSON Web Key Set for client authentication
• GET /auth/login - Login form
• POST /auth/login - Initiate OAuth flow
• GET /auth/callback - OAuth callback handler
• GET /auth/logout - Logout and revoke session

ATProto Collections#

• site.standard.publication - Blog/publication metadata
• site.standard.document - Individual documents/posts

Key Dependencies#

• hono - Web framework
• @atproto/oauth-client-node - ATProto OAuth (production-ready)
• @atproto/api - ATProto API client
• @atproto/jwk-jose - ES256 key generation and management
• bun:sqlite - SQLite for session persistence