Fix: reduce number of createSession calls to comply with Bsky rate limits

olafmoriarty · olafmoriarty · commit cc0764c6dbe4 · 2024-09-10T07:44:43.000+02:00
diff --git a/README.md b/README.md
@@ -32,6 +32,10 @@ CREATE TABLE `bbdq` (
   `did` varchar(255) NOT NULL,
   `identifier` varchar(255) NOT NULL,
   `password` varchar(255) NOT NULL,
+  `accessJwt` TEXT NULL,
+  `accessJwt_time` DATETIME NULL,
+  `refreshJwt` TEXT NULL,
+  `refreshJwt_time` DATETIME NULL,
   `iv` varchar(32) NOT NULL,
   `script` mediumtext DEFAULT NULL,
   `language` varchar(2) NOT NULL DEFAULT 'en',
diff --git a/backend/atproto-functions.php b/backend/atproto-functions.php
@@ -15,6 +15,94 @@ function atproto_create_session($provider, $identifier, $password) {
 	]);
 }
 
+function atproto_session($conn, $encryption_key, $id) {
+	$query = 'SELECT id, provider, did, password, iv, accessJwt, TIMESTAMPDIFF(MINUTE, NOW(), IFNULL(accessJwt_time, \'2000-01-01\')) as accessJwt_time_left, refreshJwt, TIMESTAMPDIFF(MINUTE, NOW(), IFNULL(refreshJwt_time, \'2000-01-01\')) as refreshJwt_time_left FROM bbdq WHERE id = ?';
+	
+	$stmt = $conn->prepare($query);
+	$stmt->bind_param('i', $id);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$stmt->close();
+
+	if (!$result->num_rows) {
+		return ['error' => 'NO_SUCH_USER'];
+	}
+
+	$row = $result->fetch_assoc();
+
+	// Is the access token still valid?
+	if ($row['accessJwt_time_left'] > 5) {
+		$access_token = openssl_decrypt($row['accessJwt'], 'aes-256-cbc', $encryption_key, 0, hex2bin($row['iv']));
+
+		return [
+			'accessJwt' => $access_token,
+			'did' => $row['did'],
+		];
+	}
+
+	// If not, do we have a valid refresh token?
+
+	$provider = $row['provider'];
+	if (!$provider) {
+		$provider = 'https://bsky.social';
+	}
+
+	if ($row['refreshJwt_time_left'] > 5) {
+		$refresh_token = openssl_decrypt($row['refreshJwt'], 'aes-256-cbc', $encryption_key, 0, hex2bin($row['iv']));
+
+		// Fetch a new access token
+		$session = fetch( $provider . '/xrpc/com.atproto.server.refreshSession', [
+			'token' => $refresh_token,
+		]);
+
+		if (isset($session['accessJwt'])) {
+			// Save new token to database ...
+
+			// TODO: Check headers for token lifespan instead of assuming two hours
+			$encrypted_access_token = openssl_encrypt($session['accessJwt'], 'aes-256-cbc', $encryption_key, 0, hex2bin($row['iv']));
+			$query = 'UPDATE bbdq SET accessJwt = ?, accessJwt_time = DATE_ADD(NOW(), INTERVAL 2 HOUR) WHERE id = ?';
+			$stmt = $conn->prepare($query);
+			$stmt->bind_param('si', $encrypted_access_token, $id);
+			$stmt->execute();
+			$stmt->close();
+
+			// Return the session
+			return $session;
+		}
+	}
+
+	// No valid tokens found, so let's create a new one.
+	$password = openssl_decrypt($row['password'], 'aes-256-cbc', $encryption_key, 0, hex2bin($row['iv']));
+
+	$session = fetch( $provider . '/xrpc/com.atproto.server.createSession', [
+		'body' => [
+			'identifier' => $row['did'],
+			'password' => $password,
+		],
+	]);
+	
+	if (isset($session['accessJwt'])) {
+		// Save new tokens to database ...
+
+		// TODO: Check headers for token lifespan instead of assuming two hours / two months
+		$encrypted_access_token = openssl_encrypt($session['accessJwt'], 'aes-256-cbc', $encryption_key, 0, hex2bin($row['iv']));
+		$encrypted_refresh_token = openssl_encrypt($session['refreshJwt'], 'aes-256-cbc', $encryption_key, 0, hex2bin($row['iv']));
+		$query = 'UPDATE bbdq SET accessJwt = ?, accessJwt_time = DATE_ADD(NOW(), INTERVAL 2 HOUR), refreshJwt = ?, refreshJwt_time = DATE_ADD(NOW(), INTERVAL 58 DAY) WHERE id = ?';
+		$stmt = $conn->prepare($query);
+		$stmt->bind_param('ssi', $encrypted_access_token, $encrypted_refresh_token, $id);
+		$stmt->execute();
+		$stmt->close();
+
+		// Return the session
+		return $session;
+	}
+
+	// Nothing worked :-(
+	return [
+		'error' => 'Could not create session.',
+	];
+}
+
 // Post thread to bluesky
 function post_bsky_thread($text, $session, $options = []) {
 	
diff --git a/backend/bot.php b/backend/bot.php
@@ -25,9 +25,8 @@ function run_bot() {
 	global $encryption_key;
 
 	$post_length = 300;
-
 	// Get bots
-	$query = 'SELECT id, provider, identifier, did, password, iv, script, msg, actionIfLong, language FROM bbdq WHERE active = 1 AND TIMESTAMPDIFF(MINUTE, lastPost, NOW()) >= minutesBetweenPosts - 2';
+	$query = 'SELECT id, provider, script, msg, actionIfLong, language FROM bbdq WHERE active = 1 AND TIMESTAMPDIFF(MINUTE, lastPost, NOW()) >= minutesBetweenPosts - 2';
 	$stmt = $conn->prepare($query);
 	$stmt->execute();
 	$result = $stmt->get_result();
@@ -62,8 +61,7 @@ function run_bot() {
 			continue;
 		}
 		$provider = $row['provider'] ?: 'https://bsky.social';
-		$password = openssl_decrypt($row['password'], 'aes-256-cbc', $encryption_key, 0, hex2bin($row['iv']));
-		$session = atproto_create_session($provider, $row['did'], $password);
+		$session = atproto_session($conn, $encryption_key, $row['id']);
 		if (isset($session['error'])) {
 			// Wrong bluesky username/password
 			continue;
@@ -97,7 +95,7 @@ function check_replies() {
 	$post_length = 300;
 
 	// Get all active bots
-	$query = 'SELECT id, provider, did, identifier, password, iv, script, reply, actionIfLong, language, lastNotification FROM bbdq WHERE active = 1';
+	$query = 'SELECT id, provider, script, reply, actionIfLong, language, lastNotification FROM bbdq WHERE active = 1';
 	$stmt = $conn->prepare($query);
 	$stmt->execute();
 	$result = $stmt->get_result();
@@ -121,9 +119,7 @@ function check_replies() {
 		// Check for new replies
 		$provider = $row['provider'] ?: 'https://bsky.social';
 
-		$password = openssl_decrypt($row['password'], 'aes-256-cbc', $encryption_key, 0, hex2bin($row['iv']));
-
-		$session = atproto_create_session($provider, $row['did'], $password);
+		$session = atproto_session($conn, $encryption_key, $row['id']);
 		if (isset($session['error'])) {
 			// Wrong bluesky username/password
 			continue;
