blue_factory 0.1.3 → 0.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c1a078159ccaad626c030e20a9ad18e1a408cc8897c27cddb9773c1bd1a6295c
-  data.tar.gz: b7c45df10d3419f21745b760b586fe21e1eb262e9a12c72a5282e3ca0616eace
+  metadata.gz: de68a9c6f0b159edc06d950cb3ad558537273ce95637a3c2b2ab183f0eeb52d9
+  data.tar.gz: 609d5127c0ee34fbc19bca7b3cb37b01cbde365e05f24699e8cd4b0bd226d340
 SHA512:
-  metadata.gz: 3347004aff37324480e13d2c1a21b85f737a9ab8898d874ecf26dad6f1b8f74ffa621ca24d4d76098be1479e145c08745d8c86a5cfcab68e66c8148bd6f76a8c
-  data.tar.gz: 15fd3de8b85ecb2175c3d3ede61b73257bac08e849935ad42aad6b428d70c1fbe1fbec970887db354a6fea8f36fa93851f2909452497cc33f50419bff4cd1bea
+  metadata.gz: 25dee3b63c24fc48fce4b4aaa04ac8113c92e35df6464b8357053ef422fba14181c2cd3d7e26894fcbb14e736b029b2e5a3f45940d93fc294ddcbc52519f49bf
+  data.tar.gz: bad39da56a7a4cec3217dbf507197dc23c2951e855d8501bb89babe8a0966e3809065cbf9a0e1c7c038c77e0d5764a04feb8e6815c931962d40cd1bb29d5c391

data/CHANGELOG.md

@@ -1,3 +1,11 @@
+## [0.1.5] - 2025-03-20
+
+- added support for feed content mode field (video feeds)
+
+## [0.1.4] - 2023-08-19
+
+- implemented partial authentication, without signature verification (`enable_unsafe_auth` option)
+
 ## [0.1.3] - 2023-07-27
 
 - fixed incorrect response when reaching the end of the feed

data/README.md

@@ -1,6 +1,9 @@
 # BlueFactory 🏭
 
-A Ruby gem for hosting custom feeds for Bluesky
+A Ruby gem for hosting custom feeds for Bluesky.
+
+> [!NOTE]
+> ATProto Ruby gems collection: [skyfall](https://github.com/mackuba/skyfall) | [blue_factory](https://github.com/mackuba/blue_factory) | [minisky](https://github.com/mackuba/minisky) | [didkit](https://github.com/mackuba/didkit)
 
 
 ## What does it do
@@ -40,7 +43,8 @@ BlueFactory.add_feed 'starwars', StarWarsFeed.new
 
 The `get_posts` method of the feed object should:
 
-- accept a single `params` argument which is a hash with fields: `:feed`, `:cursor` and `:limit` (the last two are optional)
+- accept a `params` argument which is a hash with fields: `:feed`, `:cursor` and `:limit` (the last two are optional)
+- optionally, accept a second `current_user` argument which is a string with the authenticated user's DID (depends on authentication config - [see below](#authentication))
 - return a hash with two fields: `:cursor` and `:posts`
 
 The `:feed` is the `at://` URI of the feed. The `:cursor` param, if included, should be a cursor returned by your feed from one of the previous requests, so it should be in the format used by the same function - but anyone can call the endpoint with any params, so you should validate it. The cursor is used for pagination to provide more pages further down in the feed (the first request to load the top of the feed doesn't include a cursor).
@@ -59,7 +63,7 @@ An example implementation could look like this:
 require 'time'
 
 class StarWarsFeed
-  def get_posts(params)
+  def get_posts(params, current_user = nil)
     limit = check_query_limit(params)
     query = Post.select('uri, time').order('time DESC').limit(limit)
 
@@ -122,7 +126,71 @@ server {
 }
 ```
 
-### Additional configuration & customizing
+## Authentication
+
+Feeds are authenticated using a technology called [JSON Web Tokens](https://jwt.io). If a user is logged in, when they open, refresh or scroll down a feed in their app, requests are made to the feed service from the Bluesky network's IP address with user's authentication token in the `Authorization` HTTP header. (This is not the same kind of token as the access token that you use to make API calls - it does not let you perform any actions on user's behalf.)
+
+At the moment, Blue Factory handles authentication in a very simplified way - it extracts the user's DID from the authentication header, but it does not verify the signature. This means that anyone with some programming knowledge can trivially prepare a fake token and make requests to the `getFeedSkeleton` endpoint as a different user.
+
+As such, this authentication should not be used for anything critical. It may be used for things like logging, analytics, or as "security by obscurity" to just discourage others from accessing the feed in the app. You can also use this to build personalized feeds, as long as it's not a problem that the user DID may be fake.
+
+To use this simple authentication, set the `enable_unsafe_auth` option:
+
+```rb
+BlueFactory.set :enable_unsafe_auth, true
+```
+
+The user's DID extracted from the token is passed as a second argument to `#get_posts`. You may, for example, return an empty list when the user is not authorized to use it:
+
+```rb
+class HiddenFeed
+  def get_posts(params, current_user)
+    if AUTHORIZED_USERS.include?(current_user)
+      # ...
+    else
+      { posts: [] }
+    end
+  end
+end
+```
+
+Alternatively, you can raise a `BlueFactory::AuthorizationError` with an optional custom message. This will return a 401 status response to the Bluesky app, which will make it display the pink error banner in the app:
+
+```rb
+class HiddenFeed
+  def get_posts(params, current_user)
+    if AUTHORIZED_USERS.include?(current_user)
+      # ...
+    else
+      raise BlueFactory::AuthorizationError, "You shall not pass!"
+    end
+  end
+end
+```
+
+<p><img width="400" src="https://github.com/mackuba/blue_factory/assets/28465/9197c0ec-9302-4ca0-b06c-3fce2e0fa4f4"></p>
+
+
+### Unauthenticated access
+
+Please note that the `current_user` may be nil - this will happen if the authentication header is not set at all. Since the [bsky.app](https://bsky.app) website is now open to the public and can be accessed without authentication, people can also access your feeds without being logged in.
+
+If you want the feed to only be available to logged in users (even if it's a non-personalized feed), simply raise an `AuthorizationError` if `current_user` is nil:
+
+```rb
+class RestrictedFeed
+  def get_posts(params, current_user)
+    if current_user.nil?
+      raise BlueFactory::AuthorizationError, "Log in to see this feed"
+    end
+
+    # ...
+  end
+end
+```
+
+
+## Additional configuration & customizing
 
 You can use the [Sinatra API](https://sinatrarb.com/intro.html#configuration) to do any additional configuration, like changing the server port, enabling/disabling logging and so on.
 
@@ -156,6 +224,7 @@ To publish the feed, you will need to provide some additional info about the fee
 - `display_name` (required) - the publicly visible name of your feed, e.g. "WWDC 23" (should be something short)
 - `description` (optional) - a longer (~1-2 lines) description of what the feed does, displayed on the feed page as the "bio"
 - `avatar_file` (optional) - path to an avatar image from the project's root (PNG or JPG)
+- `content_mode` (optional) - return `:video` to create a video feed
 
 When you're ready, run the rake task passing the feed key (you will be asked for the uploader account's password):
 
@@ -163,9 +232,12 @@ When you're ready, run the rake task passing the feed key (you will be asked for
 bundle exec rake bluesky:publish KEY=wwdc
 ```
 
+For non-Bluesky PDSes, you need to also add an env var `SERVER_URL=https://your.pds.host`.
+
+
 ## Credits
 
-Copyright © 2023 Kuba Suder ([@mackuba.eu](https://bsky.app/profile/mackuba.eu)).
+Copyright © 2025 Kuba Suder ([@mackuba.eu](https://bsky.app/profile/mackuba.eu)).
 
 The code is available under the terms of the [zlib license](https://choosealicense.com/licenses/zlib/) (permissive, similar to MIT).
 

data/lib/blue_factory/configuration.rb

@@ -13,7 +13,7 @@ module BlueFactory
     (ENV['APP_ENV'] || ENV['RACK_ENV'] || :development).to_sym
   end
 
-  configurable :publisher_did, :hostname, :validate_responses
+  configurable :publisher_did, :hostname, :validate_responses, :enable_unsafe_auth
 
   set :validate_responses, (environment != :production)
 end

data/lib/blue_factory/errors.rb

@@ -1,4 +1,13 @@
 module BlueFactory
+  class AuthorizationError < StandardError
+    attr_reader :error_type
+
+    def initialize(message = "Authentication required", error_type = nil)
+      super(message)
+      @error_type = error_type
+    end
+  end
+
   class InvalidKeyError < StandardError
   end
 
@@ -13,4 +22,7 @@ module BlueFactory
 
   class InvalidResponseError < StandardError
   end
+
+  class UnsupportedAlgorithmError < StandardError
+  end
 end

data/lib/blue_factory/server.rb

@@ -1,3 +1,4 @@
+require 'base64'
 require 'json'
 require 'sinatra/base'
 
@@ -12,7 +13,6 @@ module BlueFactory
       disable :static
       enable :quiet
       enable :logging
-      set :default_content_type, 'application/json'
       settings.add_charset << 'application/json'
     end
 
@@ -25,14 +25,60 @@ module BlueFactory
         'at://' + config.publisher_did + '/' + FEED_GENERATOR_TYPE + '/' + key
       end
 
-      def json(data)
+      def json_response(data)
+        content_type :json
         JSON.generate(data)
       end
 
+      alias json json_response
+
       def json_error(name, message, status: 400)
+        content_type :json
         [status, JSON.generate({ error: name, message: message })]
       end
 
+      def get_feed
+        if params[:feed].to_s.empty?
+          raise InvalidResponseError, "Error: Params must have the property \"feed\""
+        end
+
+        if params[:feed] !~ %r(^at://[\w\-\.\:]+/[\w\.]+/[\w\.\-]+$)
+          raise InvalidResponseError, "Error: feed must be a valid at-uri"
+        end
+
+        feed_key = params[:feed].split('/').last
+        feed = config.get_feed(feed_key)
+
+        if feed.nil? || feed_uri(feed_key) != params[:feed]
+          raise UnsupportedAlgorithmError, "Unsupported algorithm"
+        end
+
+        feed
+      end
+
+      def parse_did_from_token
+        auth = env['HTTP_AUTHORIZATION']
+
+        if auth.to_s.strip.empty?
+          return nil
+        end
+
+        if !auth.start_with?('Bearer ')
+          raise AuthorizationError, "Unsupported authorization method"
+        end
+
+        token = auth.gsub(/^Bearer /, '')
+        parts = token.split('.')
+        raise AuthorizationError.new("Invalid JWT format", "BadJwt") unless parts.length == 3
+
+        begin
+          payload = JSON.parse(Base64.decode64(parts[1]))
+          payload['iss']
+        rescue StandardError => e
+          raise AuthorizationError.new("Invalid JWT format", "BadJwt")
+        end
+      end
+
       def validate_response(response)
         cursor = response[:cursor]
         raise InvalidResponseError, ":cursor key is missing" unless response.has_key?(:cursor)
@@ -50,46 +96,44 @@ module BlueFactory
     end
 
     get '/xrpc/app.bsky.feed.getFeedSkeleton' do
-      if params[:feed].to_s.empty?
-        return json_error("InvalidRequest", "Error: Params must have the property \"feed\"")
-      end
-
-      if params[:feed] !~ %r(^at://[\w\-\.\:]+/[\w\.]+/[\w\.\-]+$)
-        return json_error("InvalidRequest", "Error: feed must be a valid at-uri")
-      end
-
-      feed_key = params[:feed].split('/').last
-      feed = config.get_feed(feed_key)
-
-      if feed.nil? || feed_uri(feed_key) != params[:feed]
-        return json_error("UnsupportedAlgorithm", "Unsupported algorithm")
-      end
-
       begin
-        response = feed.get_posts(params.slice(:feed, :cursor, :limit))
+        feed = get_feed
+        args = params.slice(:feed, :cursor, :limit)
+
+        if config.enable_unsafe_auth
+          did = parse_did_from_token
+          response = feed.get_posts(args, did)
+        else
+          response = feed.get_posts(args)
+        end
+
         validate_response(response) if config.validate_responses
 
         output = {}
         output[:feed] = response[:posts].map { |s| { post: s }}
         output[:cursor] = response[:cursor] if response[:cursor]
 
-        return json(output)
+        return json_response(output)
       rescue InvalidRequestError => e
         return json_error(e.error_type || "InvalidRequest", e.message)
+      rescue AuthorizationError => e
+        return json_error(e.error_type || "AuthenticationRequired", e.message, status: 401)
+      rescue UnsupportedAlgorithmError => e
+        return json_error("UnsupportedAlgorithm", e.message)
       rescue InvalidResponseError => e
         return json_error("InvalidResponse", e.message)
       end
     end
 
     get '/xrpc/app.bsky.feed.describeFeedGenerator' do
-      return json({
+      return json_response({
         did: config.service_did,
         feeds: config.feed_keys.map { |f| { uri: feed_uri(f) }}
       })
     end
 
     get '/.well-known/did.json' do
-      return json({
+      return json_response({
         '@context': ['https://www.w3.org/ns/did/v1'],
         id: config.service_did,
         service: [

data/lib/blue_factory/tasks/publish.rake

@@ -40,6 +40,18 @@ namespace :bluesky do
       feed_description = feed.description
     end
 
+    if feed.respond_to?(:content_mode)
+      case feed.content_mode
+      when nil, :unspecified
+        feed_content_mode = "app.bsky.feed.defs#contentModeUnspecified"
+      when :video
+        feed_content_mode = "app.bsky.feed.defs#contentModeVideo"
+      else
+        puts "Invalid content mode: #{feed.content_mode.inspect}. Accepted values: :video, :unspecified, nil."
+        exit 1
+      end
+    end
+
     if feed.respond_to?(:avatar_file) && feed.avatar_file.to_s.strip != ''
       avatar_file = feed.avatar_file
 
@@ -87,6 +99,7 @@ namespace :bluesky do
     }
 
     record[:avatar] = avatar_ref if avatar_ref
+    record[:contentMode] = feed_content_mode if feed_content_mode
 
     json = BlueFactory::Net.post_request(server, 'com.atproto.repo.putRecord', {
       repo: BlueFactory.publisher_did,

data/lib/blue_factory/version.rb

@@ -1,3 +1,3 @@
 module BlueFactory
-  VERSION = "0.1.3"
+  VERSION = "0.1.5"
 end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: blue_factory
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.1.5
 platform: ruby
 authors:
 - Kuba Suder
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-07-27 00:00:00.000000000 Z
+date: 2025-03-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sinatra
@@ -56,7 +55,6 @@ metadata:
   bug_tracker_uri: https://github.com/mackuba/blue_factory/issues
   changelog_uri: https://github.com/mackuba/blue_factory/blob/master/CHANGELOG.md
   source_code_uri: https://github.com/mackuba/blue_factory
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -71,8 +69,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
-signing_key:
+rubygems_version: 3.6.5
 specification_version: 4
 summary: A Ruby gem for hosting custom feeds for Bluesky
 test_files: []