npm - @alteran/astro - Versions diffs - 0.1.8 → 0.1.10 - Mend

@alteran/astro 0.1.8 → 0.1.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/index.js +55 -0
package/package.json +1 -1
package/src/_worker.ts +2 -1
package/src/entrypoints/server.ts +19 -0
package/src/lib/jwt.ts +18 -5
package/src/lib/secrets.ts +50 -2
package/types/env.d.ts +3 -2

package/index.js CHANGED Viewed

@@ -62,6 +62,7 @@ export default function alteran(options = {}) {
   const middlewareEntrypoint = resolvePackagePath('./src/middleware.ts');
   const serverEntrypoint = resolvePackagePath('./src/_worker.ts');
+  const cloudflareServerAdapter = resolvePackagePath('./src/entrypoints/server.ts');
   const routes = CORE_ROUTES.slice();
   if (includeRootEndpoint) {
@@ -79,6 +80,60 @@ export default function alteran(options = {}) {
           updateConfig({ output: 'server' });
         }
+        const existingAlias = config.vite?.resolve?.alias ?? [];
+        const aliasArray = Array.isArray(existingAlias)
+          ? existingAlias.slice()
+          : Object.entries(existingAlias).map(([find, replacement]) => ({ find, replacement }));
+        const hasCloudflareAlias = aliasArray.some(
+          (entry) => entry && entry.find === '@astrojs/cloudflare/entrypoints/server.js'
+        );
+        if (!hasCloudflareAlias) {
+          aliasArray.push({
+            find: '@astrojs/cloudflare/entrypoints/server.js',
+            replacement: cloudflareServerAdapter,
+          });
+        }
+        const vitePlugins = Array.isArray(config.vite?.plugins)
+          ? config.vite.plugins.slice().filter(Boolean)
+          : [];
+        vitePlugins.push({
+          name: 'alteran-sequencer-export',
+          enforce: 'post',
+          apply: 'build',
+          transform(code, id) {
+            if (!id.includes('@astrojs-ssr-virtual-entry')) return null;
+            if (!code.includes('const _exports = createExports')) return null;
+            if (code.includes("const Sequencer = _exports['Sequencer'];")) return null;
+            const replacedInit = code.replace(
+              'const __astrojsSsrVirtualEntry = _exports.default;',
+              "const Sequencer = _exports['Sequencer'];\nconst __astrojsSsrVirtualEntry = _exports.default;"
+            );
+            if (replacedInit === code) return null;
+            const replacedExport = replacedInit.replace(
+              'export { __astrojsSsrVirtualEntry as default, pageMap };',
+              'export { Sequencer, __astrojsSsrVirtualEntry as default, pageMap };'
+            );
+            return { code: replacedExport, map: null };
+          },
+        });
+        updateConfig({
+          vite: {
+            resolve: {
+              alias: aliasArray,
+            },
+            plugins: vitePlugins,
+          },
+        });
         if (injectServerEntry) {
           if (config.build?.serverEntry && config.build.serverEntry !== serverEntrypoint) {
             logger.info(

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@alteran/astro",
-  "version": "0.1.8",
+  "version": "0.1.10",
   "description": "Astro integration for running a Cloudflare-hosted Bluesky PDS with Alteran.",
   "module": "index.js",
   "types": "index.d.ts",

package/src/_worker.ts CHANGED Viewed

@@ -1,7 +1,8 @@
 import { createPdsFetchHandler } from './worker/runtime';
+import { Sequencer } from './worker/sequencer';
 const fetch = createPdsFetchHandler();
 export default { fetch };
-export { Sequencer } from './worker/sequencer';
+export { Sequencer };

package/src/entrypoints/server.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import type { SSRManifest } from 'astro';
+import { App } from 'astro/app';
+import { handle } from '@astrojs/cloudflare/handler';
+import { Sequencer } from '../worker/sequencer';
+export function createExports(manifest: SSRManifest) {
+  const app = new App(manifest);
+  const fetch = async (request: Request, env: unknown, context: unknown) => {
+    // Delegate to the Cloudflare adapter handler while preserving Alteran additions.
+    return await handle(manifest, app, request, env as any, context as any);
+  };
+  return {
+    default: { fetch },
+    Sequencer,
+  };
+}
+export { Sequencer };

package/src/lib/jwt.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import type { Env } from '../env';
+import { getRuntimeString } from './secrets';
 export interface JwtClaims {
   sub: string; // DID
@@ -31,7 +32,14 @@ export async function signJwt(env: Env, claims: JwtClaims, kind: 'access' | 'ref
   if (claims.scope) payload.scope = claims.scope;
   if (claims.jti) payload.jti = claims.jti;
-  const secret = kind === 'access' ? (env.ACCESS_TOKEN_SECRET ?? 'dev-access') : (env.REFRESH_TOKEN_SECRET ?? 'dev-refresh');
+  const secret = await getRuntimeString(
+    env,
+    kind === 'access' ? 'ACCESS_TOKEN_SECRET' : 'REFRESH_TOKEN_SECRET',
+    kind === 'access' ? 'dev-access' : 'dev-refresh'
+  );
+  if (!secret) {
+    throw new Error(`Missing ${kind === 'access' ? 'ACCESS_TOKEN_SECRET' : 'REFRESH_TOKEN_SECRET'}`);
+  }
   const algorithm = (env.JWT_ALGORITHM as string | undefined) ?? 'HS256';
   if (algorithm === 'EdDSA') {
@@ -50,7 +58,12 @@ export async function verifyJwt(env: Env, token: string): Promise<{ valid: boole
   let ok = false;
   if (header.alg === 'HS256' && header.typ === 'JWT') {
-    const secret = (payload.t === 'refresh') ? (env.REFRESH_TOKEN_SECRET ?? 'dev-refresh') : (env.ACCESS_TOKEN_SECRET ?? 'dev-access');
+    const secret = await getRuntimeString(
+      env,
+      payload.t === 'refresh' ? 'REFRESH_TOKEN_SECRET' : 'ACCESS_TOKEN_SECRET',
+      payload.t === 'refresh' ? 'dev-refresh' : 'dev-access'
+    );
+    if (!secret) return null;
     ok = await hmacJwtVerify(parts[0] + '.' + parts[1], parts[2], secret);
   } else if (header.alg === 'EdDSA' && header.typ === 'JWT') {
     ok = await eddsaJwtVerify(parts[0] + '.' + parts[1], parts[2], env);
@@ -90,9 +103,9 @@ async function eddsaJwtSign(payload: any, env: Env): Promise<string> {
   const data = `${h}.${p}`;
   // Import Ed25519 private key from env
-  const keyData = env.JWT_ED25519_PRIVATE_KEY as string | undefined;
+  const keyData = await getRuntimeString(env, 'REPO_SIGNING_KEY');
   if (!keyData) {
-    throw new Error('JWT_ED25519_PRIVATE_KEY not configured');
+    throw new Error('REPO_SIGNING_KEY not configured for EdDSA JWTs');
   }
   // Decode base64 private key
@@ -114,7 +127,7 @@ async function eddsaJwtVerify(data: string, sigB64: string, env: Env): Promise<b
   const enc = new TextEncoder();
   // Import Ed25519 public key from env
-  const keyData = env.JWT_ED25519_PUBLIC_KEY as string | undefined;
+  const keyData = await getRuntimeString(env, 'REPO_SIGNING_PUBLIC_KEY');
   if (!keyData) {
     return false;
   }

package/src/lib/secrets.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+import { setGetEnv } from 'astro/env/setup';
 import type { Env } from '../env';
 import type { SecretsStoreSecret } from '../../types/env';
@@ -9,8 +10,6 @@ const SECRET_KEYS = [
   'REFRESH_TOKEN_SECRET',
   'REPO_SIGNING_KEY',
   'REPO_SIGNING_PUBLIC_KEY',
-  'JWT_ED25519_PRIVATE_KEY',
-  'JWT_ED25519_PUBLIC_KEY',
 ] as const satisfies readonly (keyof Env)[];
 function isSecretStoreBinding(value: unknown): value is SecretsStoreSecret {
@@ -42,6 +41,55 @@ export async function resolveEnvSecrets<E extends Env>(env: E): Promise<E> {
     })
   );
+  setGetEnv((key) => {
+    const local = resolved[key];
+    if (typeof local === 'string') return local;
+    if (typeof local === 'number' || typeof local === 'boolean') return String(local);
+    const fallback = process.env[key];
+    return typeof fallback === 'string' ? fallback : undefined;
+  });
   return resolved as E;
 }
+type AstroGetSecret = (key: string) => string | undefined;
+let astroGetSecret: AstroGetSecret | null | undefined;
+async function loadAstroGetSecret(): Promise<AstroGetSecret | null> {
+  if (astroGetSecret !== undefined) return astroGetSecret;
+  try {
+    const mod = await import('astro:env/server');
+    astroGetSecret = mod.getSecret as AstroGetSecret;
+  } catch {
+    astroGetSecret = null;
+  }
+  return astroGetSecret;
+}
+export async function getRuntimeString<K extends keyof Env>(
+  env: Env,
+  key: K,
+  fallback?: string
+): Promise<string | undefined> {
+  const current = env[key];
+  if (typeof current === 'string' && current !== '') {
+    return current;
+  }
+  const secretFn = await loadAstroGetSecret();
+  if (secretFn) {
+    try {
+      const value = secretFn(String(key));
+      if (typeof value === 'string' && value !== '') {
+        return value;
+      }
+    } catch (error) {
+      if (fallback === undefined) {
+        throw error;
+      }
+    }
+  }
+  return fallback;
+}

package/types/env.d.ts CHANGED Viewed

@@ -24,6 +24,7 @@ declare global {
     PDS_HANDLE?: string | SecretsStoreSecret;
     PDS_DID?: string | SecretsStoreSecret;
     PDS_HOSTNAME?: string;
+    PDS_ALLOWED_MIME?: string;
     USER_PASSWORD?: string | SecretsStoreSecret;
     PDS_MAX_BLOB_SIZE?: string;
     ACCESS_TOKEN_SECRET?: string | SecretsStoreSecret;
@@ -31,13 +32,13 @@ declare global {
     PDS_ACCESS_TTL_SEC?: string;
     PDS_REFRESH_TTL_SEC?: string;
     JWT_ALGORITHM?: string;
-    JWT_ED25519_PRIVATE_KEY?: string | SecretsStoreSecret;
-    JWT_ED25519_PUBLIC_KEY?: string | SecretsStoreSecret;
     REPO_SIGNING_KEY?: string | SecretsStoreSecret;
     REPO_SIGNING_PUBLIC_KEY?: string | SecretsStoreSecret;
     PDS_RATE_LIMIT_PER_MIN?: string;
     PDS_MAX_JSON_BYTES?: string;
     PDS_CORS_ORIGIN?: string;
+    PDS_SEQ_WINDOW?: string;
+    ENVIRONMENT?: string;
   }
   namespace App {