# Tinychat client

This is the main tinychat web interface people interact with:

- auth using atproto OAuth
- manage session to provide authenticated agent to talk to atproto

App setup

In [None]:
//| export

import { Hono } from "hono";
import { HTTPException } from "hono/http-exception";
import { logger } from "hono/logger";
import { getIronSession, IronSession } from "iron-session";
import { createMiddleware } from "hono/factory";
import { getOAuthClient  } from "tinychat/oauth.ts";

export type Session = {
  did: string | undefined;
  // testing purposes
  t: string | undefined;
};

export type AppContext = {
  session: IronSession<Session>;
};

declare module "hono" {
  interface ContextVariableMap {
    ctx: AppContext;
  }
}

export type HonoServer = Hono<{
  Variables: {
    ctx: AppContext;
  };
}>;
export const app = new Hono();

app.use("*", logger());

Hono {
  get: [36m[Function (anonymous)][39m,
  post: [36m[Function (anonymous)][39m,
  put: [36m[Function (anonymous)][39m,
  delete: [36m[Function (anonymous)][39m,
  options: [36m[Function (anonymous)][39m,
  patch: [36m[Function (anonymous)][39m,
  all: [36m[Function (anonymous)][39m,
  on: [36m[Function (anonymous)][39m,
  use: [36m[Function (anonymous)][39m,
  router: SmartRouter { name: [32m"SmartRouter"[39m },
  getPath: [36m[Function: getPath][39m,
  _basePath: [32m"/"[39m,
  routes: [ { path: [32m"/*"[39m, method: [32m"ALL"[39m, handler: [36m[AsyncFunction: logger][39m } ],
  errorHandler: [36m[Function: errorHandler][39m,
  onError: [36m[Function: onError][39m,
  notFound: [36m[Function: notFound][39m,
  fetch: [36m[Function: fetch][39m,
  request: [36m[Function: request][39m,
  fire: [36m[Function: fire][39m
}

## Context + Session management

Connect [iron-router](https://github.com/vvo/iron-session) for cookie based
session management. Using Nick's
[bookhive](https://github.com/nperez0111/bookhive/blob/main/src/index.ts) for
inspiration.

In [None]:
//| export

app.use(
  "*",
  createMiddleware(async (c, next) => {
    if (!Deno.env.get("SESSION_COOKIE_KEY")) {
      throw new Error("SESSION_COOKIE_KEY is not set");
    }

    const session = await getIronSession<Session>(c.req.raw, c.res, {
      cookieName: "sid",
      password: Deno.env.get("SESSION_COOKIE_KEY")!,
      cookieOptions: {
        httpOnly: Deno.env.get("SESSION_COOKIE_ALLOW_INSECURE") ? false : true,
        secure: true, // set this to false in local (non-HTTPS) development
        sameSite: "lax", // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#lax
        path: "/",
      },
    });
    c.set("ctx", { session });
    await next();
  }),
);

Hono {
  get: [36m[Function (anonymous)][39m,
  post: [36m[Function (anonymous)][39m,
  put: [36m[Function (anonymous)][39m,
  delete: [36m[Function (anonymous)][39m,
  options: [36m[Function (anonymous)][39m,
  patch: [36m[Function (anonymous)][39m,
  all: [36m[Function (anonymous)][39m,
  on: [36m[Function (anonymous)][39m,
  use: [36m[Function (anonymous)][39m,
  router: SmartRouter { name: [32m"SmartRouter"[39m },
  getPath: [36m[Function: getPath][39m,
  _basePath: [32m"/"[39m,
  routes: [
    { path: [32m"/*"[39m, method: [32m"ALL"[39m, handler: [36m[AsyncFunction: logger][39m },
    { path: [32m"/*"[39m, method: [32m"ALL"[39m, handler: [36m[AsyncFunction (anonymous)][39m }
  ],
  errorHandler: [36m[Function: errorHandler][39m,
  onError: [36m[Function: onError][39m,
  notFound: [36m[Function: notFound][39m,
  fetch: [36m[Function: fetch][39m,
  request: [36m[Function: request][39m,
  fire: [36m[Function: fire][39m
}

In [None]:
//| export

app.get("/health", (c) => c.json({ status: "ok", t: c.var.ctx.session.t }));
app.get("/set-session-t", async (c) => {
  c.var.ctx.session.t = "foo";
  await c.var.ctx.session.save();
  return c.json({ status: "ok", t: c.var.ctx.session.t });
});

Hono {
  get: [36m[Function (anonymous)][39m,
  post: [36m[Function (anonymous)][39m,
  put: [36m[Function (anonymous)][39m,
  delete: [36m[Function (anonymous)][39m,
  options: [36m[Function (anonymous)][39m,
  patch: [36m[Function (anonymous)][39m,
  all: [36m[Function (anonymous)][39m,
  on: [36m[Function (anonymous)][39m,
  use: [36m[Function (anonymous)][39m,
  router: SmartRouter { name: [32m"SmartRouter"[39m },
  getPath: [36m[Function: getPath][39m,
  _basePath: [32m"/"[39m,
  routes: [
    { path: [32m"/*"[39m, method: [32m"ALL"[39m, handler: [36m[AsyncFunction: logger][39m },
    { path: [32m"/*"[39m, method: [32m"ALL"[39m, handler: [36m[AsyncFunction (anonymous)][39m },
    { path: [32m"/health"[39m, method: [32m"GET"[39m, handler: [36m[Function (anonymous)][39m },
    {
      path: [32m"/set-session-t"[39m,
      method: [32m"GET"[39m,
      handler: [36m[AsyncFunction (anonymous)][39m
    }
  ],
  errorHandler: [36m[Function

## Connect authentication

Auth is done using Atproto OAuth client

In [None]:
//| export

const oauthClient = getOAuthClient();

app.get("/client-metadata.json", (c) =>
  c.json(oauthClient.clientMetadata)
);

app.get("/oauth/callback", async (c) => {
  const { session } = c.var.ctx;
  const params = new URLSearchParams(c.req.url.split("?")[1]);
  const { session: oauthSession } = await oauthClient.callback(params);
  session.did = oauthSession.did;
  await session.save();
  return c.redirect("/");
});

app.post("/login", async (c) => {
  try {
    const body = await c.req.parseBody();
    // @ts-ignore it's a string, yo
    const handle: string | undefined = body?.handle;
    
    if (!handle) {
      throw new HTTPException(400, { message: "Missing handle" });
    }

    const url = await oauthClient.authorize(handle, {
      scope: "atproto transition:generic",
    });

    return c.redirect(url.toString());
  } catch (e) {
    console.error(e);
    return c.json({ error: "Internal server error" }, 500);
  }
});

/*
import { Hono } from "hono";
import { logger } from "hono/logger";
import { Agent } from "@atproto/api";
import { TID } from "@atproto/common";

const app = new Hono();
const oauthClient = getOAuthClient();

app.use("*", logger());
app.get("/client-metadata.json", async (c) => {
  return c.json(oauthClient.clientMetadata);
});

app.get("/oauth/callback", async (c) => {
  const params = new URLSearchParams(c.req.url.split("?")[1]);

  const { session } = await oauthClient.callback(params);

  console.log("session", session);

  const oauthSession = await oauthClient.restore(session.did);

  console.log("oauth session", oauthSession);

  
  const agent = new Agent(oauthSession);

  console.log(
    await agent.com.atproto.repo.getRecord({
      repo: agent.assertDid, // The user
      collection: "app.bsky.actor.profile", // The collection
      rkey: "self", // The record key
    })
  );
const rkey = TID.nextStr();

  console.log(
    

// Write the 
await agent.com.atproto.repo.putRecord({
  repo: agent.assertDid,                 // The user
  collection: 'xyz.statusphere.status',  // The collection
  rkey,                                  // The record key
  record: {                              // The record value
    status: "👍",
    createdAt: new Date().toISOString()
  }
})
  );

  return c.redirect("/");
});

app.get("/login", async (c) => {
  const url = await oauthClient.authorize("callmephilip.com", {
    scope: "atproto transition:generic",
  });
  return c.redirect(url.toString());
});

*/


Hono {
  get: [36m[Function (anonymous)][39m,
  post: [36m[Function (anonymous)][39m,
  put: [36m[Function (anonymous)][39m,
  delete: [36m[Function (anonymous)][39m,
  options: [36m[Function (anonymous)][39m,
  patch: [36m[Function (anonymous)][39m,
  all: [36m[Function (anonymous)][39m,
  on: [36m[Function (anonymous)][39m,
  use: [36m[Function (anonymous)][39m,
  router: SmartRouter { name: [32m"SmartRouter"[39m },
  getPath: [36m[Function: getPath][39m,
  _basePath: [32m"/"[39m,
  routes: [
    { path: [32m"/*"[39m, method: [32m"ALL"[39m, handler: [36m[AsyncFunction: logger][39m },
    { path: [32m"/*"[39m, method: [32m"ALL"[39m, handler: [36m[AsyncFunction (anonymous)][39m },
    { path: [32m"/health"[39m, method: [32m"GET"[39m, handler: [36m[Function (anonymous)][39m },
    {
      path: [32m"/set-session-t"[39m,
      method: [32m"GET"[39m,
      handler: [36m[AsyncFunction (anonymous)][39m
    },
    {
      path: [32m"/client-me

## Test app instance

It seems like cookies need to be managed manually:
`https://www.answeroverflow.com/m/1285290790863769643`

TODO: proper types for test client - see https://hono.dev/docs/guides/rpc#client

In [None]:
import { testClient } from "hono/testing";
import { assertEquals, assert } from "asserts";

Deno.test("/health", async () => {
  // @ts-ignore cannot figure out type of test client
  const res = await testClient(app).health.$get();
  assertEquals(await res.json(), { status: "ok" });
});

Deno.test("/set-session-t", async () => {
  // @ts-ignore cannot figure out type of test client
  const r1 = await testClient(app)["set-session-t"].$get();
  assertEquals(await r1.json(), { status: "ok", t: "foo" });
  assert(r1.headers.get("set-cookie"));
  // @ts-ignore cannot figure out type of test client
  const r2 = await testClient(app)["health"].$get(
    {},
    {
      headers: {
        Cookie: r1.headers.get("set-cookie"),
      },
    }
  );
  assertEquals(await r2.json(), { status: "ok", t: "foo" });
});

// TODO: figure out if how to test loin flow
// Deno.test("/login", async () => {
  // @ts-ignore cannot figure out type of test client
  // const r = await testClient(app).login.$post({
  //   form: {
  //     handle: "callmephilip.com",
  //   },
  // });
  // await r.json()
// });