Superpowered to do lists. No signup required.
zeu.dev
1import { Agent } from "@atproto/api";
2import { atclient } from "$lib/atproto";
3
4import { decryptToString } from "$lib/server/encryption";
5import { decodeBase64, decodeBase64urlIgnorePadding } from "@oslojs/encoding";
6
7import type { Handle } from "@sveltejs/kit";
8import { ENCRYPTION_PASSWORD } from "$env/static/private";
9
10// runs everytime there's a new request
11export const handle: Handle = async ({ event, resolve }) => {
12 const sid = event.cookies.get("sid");
13
14 // if there is a session cookie
15 if (sid) {
16 // if a user is already authed, skip reauthing
17 if (event.locals.user) { return resolve(event); }
18
19 // decrypt session cookie
20 const decoded = decodeBase64urlIgnorePadding(sid);
21 const key = decodeBase64(ENCRYPTION_PASSWORD);
22 const decrypted = await decryptToString(key, decoded);
23
24 // get oauth session from client using decrypted cookie
25 const oauthSession = await atclient.restore(decrypted);
26
27 // set the authed agent
28 const authedAgent = new Agent(oauthSession);
29 if (!event.locals.authedAgent) {
30 event.locals.authedAgent = authedAgent;
31 }
32
33 // set the authed user with decrypted session DID
34 const user = await authedAgent.getProfile({ actor: decrypted });
35 event.locals.user = user.data;
36 }
37
38 return resolve(event);
39}
40
41