@alteran/astro 0.3.7 → 0.3.9

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@alteran/astro",
-  "version": "0.3.7",
+  "version": "0.3.9",
   "description": "Astro integration for running a Cloudflare-hosted Bluesky PDS with Alteran.",
   "module": "index.js",
   "types": "index.d.ts",

package/src/lib/appview.ts

@@ -350,22 +350,34 @@ export interface ProxyAppViewOptions {
 }
 
 export async function proxyAppView({ request, env, lxm, fallback }: ProxyAppViewOptions): Promise<Response> {
+  console.log('proxyAppView called:', { lxm, url: request.url });
+
   const config = getAppViewConfig(env);
   if (!config) {
+    console.log('proxyAppView: No appview config, using fallback');
     return fallback ? await fallback() : new Response('AppView not configured', { status: 501 });
   }
 
+  console.log('proxyAppView: AppView config found:', { url: config.url, did: config.did });
+
   const auth = await authenticateRequest(request, env);
-  if (!auth) return unauthorized();
+  if (!auth) {
+    console.log('proxyAppView: Authentication failed');
+    return unauthorized();
+  }
 
   if (!auth.claims.sub) {
+    console.log('proxyAppView: No subject in auth claims');
     return new Response(JSON.stringify({ error: 'InvalidToken' }), {
       status: 401,
       headers: { 'Content-Type': 'application/json' },
     });
   }
 
+  console.log('proxyAppView: Authenticated as', auth.claims.sub);
+
   if (PROTECTED_METHODS.has(lxm)) {
+    console.log('proxyAppView: Method is protected, cannot proxy');
     return new Response(
       JSON.stringify({ error: 'InvalidToken', message: 'method cannot be proxied' }),
       {
@@ -377,6 +389,7 @@ export async function proxyAppView({ request, env, lxm, fallback }: ProxyAppView
 
   const scope = resolveAuthScope(auth.claims.scope);
   if (scope === TAKENDOWN_SCOPE) {
+    console.log('proxyAppView: Account is takendown');
     return new Response(JSON.stringify({ error: 'AccountTakendown' }), {
       status: 403,
       headers: { 'Content-Type': 'application/json' },
@@ -384,6 +397,7 @@ export async function proxyAppView({ request, env, lxm, fallback }: ProxyAppView
   }
 
   if (!PRIVILEGED_SCOPES.has(scope) && PRIVILEGED_METHODS.has(lxm)) {
+    console.log('proxyAppView: Insufficient privileges for method');
     return new Response(JSON.stringify({ error: 'InvalidToken' }), {
       status: 401,
       headers: { 'Content-Type': 'application/json' },
@@ -393,6 +407,7 @@ export async function proxyAppView({ request, env, lxm, fallback }: ProxyAppView
   let target: ProxyTarget = { did: config.did, url: config.url };
   const proxyHeader = request.headers.get('atproto-proxy');
   if (proxyHeader) {
+    console.log('proxyAppView: Resolving proxy header:', proxyHeader);
     try {
       target = await resolveProxyTarget(env, proxyHeader, config);
     } catch (error) {
@@ -414,6 +429,8 @@ export async function proxyAppView({ request, env, lxm, fallback }: ProxyAppView
   upstreamUrl.search = originalUrl.search;
   upstreamUrl.hash = '';
 
+  console.log('proxyAppView: Proxying to', upstreamUrl.toString());
+
   const headers = new Headers();
   for (const header of FORWARDED_HEADERS) {
     const value = request.headers.get(header);
@@ -422,10 +439,13 @@ export async function proxyAppView({ request, env, lxm, fallback }: ProxyAppView
 
   let serviceJwt: string;
   try {
+    console.log('proxyAppView: Creating service JWT for', { iss: auth.claims.sub, aud: target.did, lxm });
     serviceJwt = await createServiceJwt(env, auth.claims.sub, target.did, lxm);
+    console.log('proxyAppView: Service JWT created successfully');
   } catch (error) {
     console.error('AppView service token error:', error);
     if (fallback) {
+      console.log('proxyAppView: Using fallback due to JWT error');
       return fallback();
     }
     return new Response(JSON.stringify({ error: 'ServiceAuthUnavailable' }), {
@@ -438,6 +458,7 @@ export async function proxyAppView({ request, env, lxm, fallback }: ProxyAppView
 
   const method = request.method.toUpperCase();
   if (method !== 'GET' && method !== 'HEAD' && method !== 'POST') {
+    console.log('proxyAppView: Method not allowed:', method);
     return new Response(JSON.stringify({ error: 'MethodNotAllowed' }), {
       status: 405,
       headers: {
@@ -469,7 +490,9 @@ export async function proxyAppView({ request, env, lxm, fallback }: ProxyAppView
       (init as any).duplex = 'half';
     }
 
+    console.log('proxyAppView: Fetching upstream');
     const upstream = await fetch(upstreamUrl.toString(), init);
+    console.log('proxyAppView: Upstream response:', { status: upstream.status, statusText: upstream.statusText });
 
     const responseHeaders = new Headers(upstream.headers);
     return new Response(upstream.body, {
@@ -480,6 +503,7 @@ export async function proxyAppView({ request, env, lxm, fallback }: ProxyAppView
   } catch (error) {
     console.error('AppView proxy error:', error);
     if (fallback) {
+      console.log('proxyAppView: Using fallback due to upstream error');
       return fallback();
     }
     return new Response(JSON.stringify({ error: 'UpstreamUnavailable' }), {

package/src/pages/xrpc/app.bsky.actor.getProfile.ts

@@ -10,25 +10,40 @@ export async function GET({ locals, request }: APIContext) {
   const { env } = locals.runtime;
   if (!(await isAuthorized(request, env))) return unauthorized();
 
-  return proxyAppView({
-    request,
-    env,
-    lxm: 'app.bsky.actor.getProfile',
-    fallback: async () => {
-      const url = new URL(request.url);
-      const identifier = url.searchParams.get('actor');
-      const actor = await getPrimaryActor(env);
-      if (!matchesPrimaryActor(identifier, actor)) {
-        return new Response(JSON.stringify({ error: 'ProfileNotFound' }), { status: 404 });
-      }
-      const profile = buildProfileViewDetailed(actor, {
-        followers: 0,
-        follows: 0,
-        posts: await countPosts(env),
-      });
-      return new Response(JSON.stringify(profile), {
-        headers: { 'Content-Type': 'application/json' },
-      });
-    },
-  });
+  try {
+    return await proxyAppView({
+      request,
+      env,
+      lxm: 'app.bsky.actor.getProfile',
+      fallback: async () => {
+        console.log('app.bsky.actor.getProfile: Using fallback');
+        const url = new URL(request.url);
+        const identifier = url.searchParams.get('actor');
+        const actor = await getPrimaryActor(env);
+        console.log('app.bsky.actor.getProfile: actor', { did: actor.did, handle: actor.handle, identifier });
+        if (!matchesPrimaryActor(identifier, actor)) {
+          console.log('app.bsky.actor.getProfile: identifier does not match actor');
+          return new Response(JSON.stringify({ error: 'ProfileNotFound' }), {
+            status: 404,
+            headers: { 'Content-Type': 'application/json' }
+          });
+        }
+        const profile = buildProfileViewDetailed(actor, {
+          followers: 0,
+          follows: 0,
+          posts: await countPosts(env),
+        });
+        console.log('app.bsky.actor.getProfile: returning profile', profile);
+        return new Response(JSON.stringify(profile), {
+          headers: { 'Content-Type': 'application/json' },
+        });
+      },
+    });
+  } catch (error) {
+    console.error('app.bsky.actor.getProfile error:', error);
+    return new Response(JSON.stringify({ error: 'InternalServerError', message: String(error) }), {
+      status: 500,
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
 }

package/src/pages/xrpc/app.bsky.actor.getProfiles.ts

@@ -14,13 +14,22 @@ export async function GET({ locals, request }: APIContext) {
   const { env } = locals.runtime;
   if (!(await isAuthorized(request, env))) return unauthorized();
 
+  // Some clients call with an empty actors list; upstream returns 400.
+  // For UX parity, treat missing/empty as an empty result set.
+  const url = new URL(request.url);
+  const requestedActors = url.searchParams.getAll('actors');
+  if (requestedActors.length === 0) {
+    return new Response(JSON.stringify({ profiles: [] }), {
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
+
   return proxyAppView({
     request,
     env,
     lxm: 'app.bsky.actor.getProfiles',
     fallback: async () => {
-      const url = new URL(request.url);
-      const actors = url.searchParams.getAll('actors');
+      const actors = requestedActors;
       const actor = await getPrimaryActor(env);
       const posts = await countPosts(env);
 

package/src/pages/xrpc/app.bsky.feed.getSuggestedFeeds.ts

@@ -0,0 +1,23 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+// Implements: app.bsky.feed.getSuggestedFeeds (proxy-only)
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.feed.getSuggestedFeeds',
+    fallback: async () => {
+      return new Response(JSON.stringify({ feeds: [] }), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    },
+  });
+}
+

package/src/pages/xrpc/app.bsky.feed.getTimeline.ts

@@ -9,27 +9,39 @@ export async function GET({ locals, request }: APIContext) {
   const { env } = locals.runtime;
   if (!(await isAuthorized(request, env))) return unauthorized();
 
-  return proxyAppView({
-    request,
-    env,
-    lxm: 'app.bsky.feed.getTimeline',
-    fallback: async () => {
-      const url = new URL(request.url);
-      const cursor = url.searchParams.get('cursor') ?? undefined;
-      const limitParam = Number.parseInt(url.searchParams.get('limit') ?? '', 10);
-      const limitInput = Number.isFinite(limitParam) ? limitParam : 50;
-      const limit = Math.max(1, Math.min(limitInput, 100));
+  try {
+    return await proxyAppView({
+      request,
+      env,
+      lxm: 'app.bsky.feed.getTimeline',
+      fallback: async () => {
+        console.log('app.bsky.feed.getTimeline: Using fallback');
+        const url = new URL(request.url);
+        const cursor = url.searchParams.get('cursor') ?? undefined;
+        const limitParam = Number.parseInt(url.searchParams.get('limit') ?? '', 10);
+        const limitInput = Number.isFinite(limitParam) ? limitParam : 50;
+        const limit = Math.max(1, Math.min(limitInput, 100));
 
-      const posts = await listPosts(env, limit, cursor);
-      const feed = await buildFeedViewPosts(env, posts);
-      const nextCursor = posts.length === limit ? String(posts[posts.length - 1].rowid) : undefined;
+        console.log('app.bsky.feed.getTimeline: fetching posts', { limit, cursor });
+        const posts = await listPosts(env, limit, cursor);
+        console.log('app.bsky.feed.getTimeline: found posts', posts.length);
+        const feed = await buildFeedViewPosts(env, posts);
+        const nextCursor = posts.length === limit ? String(posts[posts.length - 1].rowid) : undefined;
 
-      const payload: Record<string, unknown> = { feed };
-      if (nextCursor) payload.cursor = nextCursor;
+        const payload: Record<string, unknown> = { feed };
+        if (nextCursor) payload.cursor = nextCursor;
 
-      return new Response(JSON.stringify(payload), {
-        headers: { 'Content-Type': 'application/json' },
-      });
-    },
-  });
+        console.log('app.bsky.feed.getTimeline: returning feed', { feedLength: feed.length, nextCursor });
+        return new Response(JSON.stringify(payload), {
+          headers: { 'Content-Type': 'application/json' },
+        });
+      },
+    });
+  } catch (error) {
+    console.error('app.bsky.feed.getTimeline error:', error);
+    return new Response(JSON.stringify({ error: 'InternalServerError', message: String(error) }), {
+      status: 500,
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
 }

package/src/pages/xrpc/app.bsky.unspecced.getSuggestedFeeds.ts

@@ -0,0 +1,23 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+// Implements: app.bsky.unspecced.getSuggestedFeeds (proxy-only)
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.unspecced.getSuggestedFeeds',
+    fallback: async () => {
+      return new Response(JSON.stringify({ feeds: [] }), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    },
+  });
+}
+

package/src/worker/sequencer.ts

@@ -238,9 +238,6 @@ export class Sequencer {
     const pair = new WebSocketPair();
     const [client, server] = Object.values(pair);
     const id = crypto.randomUUID();
-    const ws = server as unknown as WebSocket;
-
-    ws.accept();
 
     // Parse cursor parameter
     const cursorParam = url.searchParams.get('cursor');
@@ -250,57 +247,30 @@ export class Sequencer {
     if (cursor > this.nextSeq - 1) {
       // Future cursor error
       const err = checkCursor(cursor, this.nextSeq - 1) ?? createErrorFrame('FutureCursor', 'Cursor is ahead of current sequence').toFramedBytes();
-      ws.send(err);
-      ws.close(1008, 'FutureCursor');
+      server.send(err);
+      server.close(1008, 'FutureCursor');
       return new Response(null, { status: 101, webSocket: client });
     }
 
-    const clientObj: Client = { webSocket: ws, id, cursor };
+    // CRITICAL: Use Cloudflare's hibernatable WebSocket API
+    // This keeps the connection alive even after the response is returned
+    // Without this, the WebSocket closes immediately when the worker context ends
+    this.state.acceptWebSocket(server as any, [id, cursor.toString()]);
+
+    const clientObj: Client = { webSocket: server as unknown as WebSocket, id, cursor };
     this.clients.set(id, clientObj);
 
     // Send #info frame on connection
     const infoFrame = createInfoFrame('com.atproto.sync.subscribeRepos', 'Connected to PDS firehose');
     try {
-      ws.send(infoFrame.toFramedBytes());
+      server.send(infoFrame.toFramedBytes());
     } catch (error) {
       console.error('Failed to send info frame:', error);
     }
 
-    // Keep the connection alive to avoid intermediary idle timeouts (e.g., CF edge)
-    // Send a lightweight #info heartbeat every ~25s. Most clients ignore unknown #info
-    // messages; this is safe and keeps the socket active.
-    const keepalive = setInterval(() => {
-      try {
-        const ka = createInfoFrame('keepalive', 'ping');
-        ws.send(ka.toFramedBytes());
-      } catch {}
-    }, 25_000);
-
-    // Set up event handlers
-    ws.addEventListener('message', (evt) => {
-      try {
-        const data = typeof evt.data === 'string' ? evt.data : '';
-        if (data === 'ping') {
-          ws.send('pong');
-        }
-      } catch (error) {
-        console.error('WebSocket message error:', error);
-      }
-    });
-
-    ws.addEventListener('close', () => {
-      this.clients.delete(id);
-      clearInterval(keepalive);
-    });
-
-    ws.addEventListener('error', () => {
-      this.clients.delete(id);
-      clearInterval(keepalive);
-    });
-
     // Replay buffered events if cursor provided
     if (cursor > 0) {
-      await this.replayFromCursor(ws, cursor);
+      await this.replayFromCursor(server as unknown as WebSocket, cursor);
     }
 
     return new Response(null, { status: 101, webSocket: client });
@@ -572,4 +542,52 @@ export class Sequencer {
       droppedFrames: this.droppedFrameCount,
     };
   }
+
+  /**
+   * WebSocket hibernation handler: called when a message is received
+   * This is required for Cloudflare's hibernatable WebSocket API
+   */
+  async webSocketMessage(ws: WebSocket, message: string | ArrayBuffer): Promise<void> {
+    // Find client by WebSocket instance
+    const client = Array.from(this.clients.values()).find((c) => c.webSocket === ws);
+    if (!client) {
+      console.warn('Received message from unknown WebSocket');
+      return;
+    }
+
+    try {
+      const data = typeof message === 'string' ? message : new TextDecoder().decode(message);
+      if (data === 'ping') {
+        ws.send('pong');
+      }
+    } catch (error) {
+      console.error('WebSocket message error:', error);
+    }
+  }
+
+  /**
+   * WebSocket hibernation handler: called when connection closes
+   * This is required for Cloudflare's hibernatable WebSocket API
+   */
+  async webSocketClose(ws: WebSocket, code: number, reason: string, wasClean: boolean): Promise<void> {
+    // Find and remove client
+    const entry = Array.from(this.clients.entries()).find(([_, c]) => c.webSocket === ws);
+    if (entry) {
+      this.clients.delete(entry[0]);
+      console.log(`Client ${entry[0]} disconnected: code=${code} reason="${reason}" clean=${wasClean}`);
+    }
+  }
+
+  /**
+   * WebSocket hibernation handler: called when an error occurs
+   * This is required for Cloudflare's hibernatable WebSocket API
+   */
+  async webSocketError(ws: WebSocket, error: unknown): Promise<void> {
+    // Find and remove client
+    const entry = Array.from(this.clients.entries()).find(([_, c]) => c.webSocket === ws);
+    if (entry) {
+      this.clients.delete(entry[0]);
+      console.error(`Client ${entry[0]} error:`, error);
+    }
+  }
 }