@alteran/astro 0.8.3 → 0.8.5

package/index.js

@@ -3,10 +3,14 @@ import { isAbsolute, relative } from 'node:path';
 import { fileURLToPath } from 'node:url';
 
 const CORE_ROUTES = [
-  { pattern: '/.well-known/atproto-did', entrypoint: './src/pages/.well-known/atproto-did.ts' },
-  { pattern: '/.well-known/did.json', entrypoint: './src/pages/.well-known/did.json.ts' },
-  { pattern: '/.well-known/oauth-authorization-server', entrypoint: './src/pages/.well-known/oauth-authorization-server.ts' },
-  { pattern: '/.well-known/oauth-protected-resource', entrypoint: './src/pages/.well-known/oauth-protected-resource.ts' },
+  { pattern: '/.well-known/atproto-did', entrypoint: './src/entrypoints/well-known/atproto-did.ts' },
+  { pattern: '/.well-known/did.json', entrypoint: './src/entrypoints/well-known/did.json.ts' },
+  { pattern: '/.well-known/oauth-authorization-server', entrypoint: './src/entrypoints/well-known/oauth-authorization-server.ts' },
+  { pattern: '/.well-known/oauth-protected-resource', entrypoint: './src/entrypoints/well-known/oauth-protected-resource.ts' },
+  { pattern: '/well-known/atproto-did', entrypoint: './src/pages/well-known/atproto-did.ts' },
+  { pattern: '/well-known/did.json', entrypoint: './src/pages/well-known/did.json.ts' },
+  { pattern: '/well-known/oauth-authorization-server', entrypoint: './src/pages/well-known/oauth-authorization-server.ts' },
+  { pattern: '/well-known/oauth-protected-resource', entrypoint: './src/pages/well-known/oauth-protected-resource.ts' },
   { pattern: '/health', entrypoint: './src/pages/health.ts' },
   { pattern: '/oauth/authorize', entrypoint: './src/pages/oauth/authorize.ts' },
   { pattern: '/oauth/consent', entrypoint: './src/pages/oauth/consent.ts' },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@alteran/astro",
-  "version": "0.8.3",
+  "version": "0.8.5",
   "description": "Astro integration for running a Cloudflare-hosted Bluesky PDS with Alteran.",
   "module": "index.js",
   "types": "index.d.ts",

package/src/{pages/.well-known → entrypoints/well-known}/atproto-did.ts

@@ -1,5 +1,8 @@
-import type { APIContext } from 'astro';
-import { configuredDid, requestMatchesConfiguredHandle } from '../../lib/public-host';
+import type { APIContext } from "astro";
+import {
+  configuredDid,
+  requestMatchesConfiguredHandle,
+} from "../../lib/public-host";
 
 export const prerender = false;
 
@@ -7,13 +10,13 @@ export async function GET({ locals, request }: APIContext) {
   const { env } = locals.runtime;
 
   if (!await requestMatchesConfiguredHandle(request, env)) {
-    return new Response('NotFound', {
+    return new Response("NotFound", {
       status: 404,
-      headers: { 'Content-Type': 'text/plain' },
+      headers: { "Content-Type": "text/plain" },
     });
   }
 
   return new Response(await configuredDid(env), {
-    headers: { 'Content-Type': 'text/plain' },
+    headers: { "Content-Type": "text/plain" },
   });
 }

package/src/{pages/.well-known → entrypoints/well-known}/did.json.ts

@@ -1,14 +1,14 @@
-import type { APIContext } from 'astro';
-import { errorMessage } from '../../lib/errors';
-import { withCache, CACHE_CONFIGS } from '../../lib/cache';
-import { resolveSecret } from '../../lib/secrets';
-import { Secp256k1Keypair, formatMultikey } from '@atproto/crypto';
+import type { APIContext } from "astro";
+import { errorMessage } from "../../lib/errors";
+import { CACHE_CONFIGS, withCache } from "../../lib/cache";
+import { resolveSecret } from "../../lib/secrets";
+import { formatMultikey, Secp256k1Keypair } from "@atproto/crypto";
 import {
   canonicalPdsOrigin,
   configuredDid,
   configuredHandle,
   validAtprotoHandle,
-} from '../../lib/public-host';
+} from "../../lib/public-host";
 
 export const prerender = false;
 
@@ -28,15 +28,15 @@ export async function GET({ locals, request }: APIContext) {
       try {
         const signingKey = await resolveSecret((env as any).REPO_SIGNING_KEY);
         if (!signingKey) {
-          signingKeyError = 'REPO_SIGNING_KEY not configured';
-          console.warn('did.json: REPO_SIGNING_KEY not configured');
+          signingKeyError = "REPO_SIGNING_KEY not configured";
+          console.warn("did.json: REPO_SIGNING_KEY not configured");
         } else {
           const cleaned = signingKey.trim();
           let kp: Secp256k1Keypair;
           if (/^[0-9a-fA-F]{64}$/.test(cleaned)) {
             kp = await Secp256k1Keypair.import(cleaned);
           } else {
-            const bin = atob(cleaned.replace(/\s+/g, ''));
+            const bin = atob(cleaned.replace(/\s+/g, ""));
             const bytes = new Uint8Array(bin.length);
             for (let i = 0; i < bin.length; i++) bytes[i] = bin.charCodeAt(i);
             kp = await Secp256k1Keypair.import(bytes);
@@ -44,25 +44,27 @@ export async function GET({ locals, request }: APIContext) {
           publicKeyMultibase = formatMultikey(kp.jwtAlg, kp.publicKeyBytes());
         }
       } catch (error) {
-        signingKeyError = `Failed to process REPO_SIGNING_KEY: ${errorMessage(error) || error}`;
-        console.error('did.json: Failed to process REPO_SIGNING_KEY:', error);
+        signingKeyError = `Failed to process REPO_SIGNING_KEY: ${
+          errorMessage(error) || error
+        }`;
+        console.error("did.json: Failed to process REPO_SIGNING_KEY:", error);
       }
 
       const verificationMethods = publicKeyMultibase
         ? [
-            {
-              id: `${did}#atproto`,
-              type: 'Multikey',
-              controller: did,
-              publicKeyMultibase,
-            },
-          ]
+          {
+            id: `${did}#atproto`,
+            type: "Multikey",
+            controller: did,
+            publicKeyMultibase,
+          },
+        ]
         : [];
 
       const didDocument: Record<string, unknown> = {
-        '@context': [
-          'https://www.w3.org/ns/did/v1',
-          'https://w3id.org/security/multikey/v1',
+        "@context": [
+          "https://www.w3.org/ns/did/v1",
+          "https://w3id.org/security/multikey/v1",
         ],
         id: did,
         alsoKnownAs: claimedHandle ? [`at://${claimedHandle}`] : [],
@@ -70,20 +72,20 @@ export async function GET({ locals, request }: APIContext) {
         service: [
           {
             id: `${did}#atproto_pds`,
-            type: 'AtprotoPersonalDataServer',
+            type: "AtprotoPersonalDataServer",
             serviceEndpoint,
           },
         ],
       };
 
       // Add debug info if signing key has issues (only visible in dev/debug)
-      if (signingKeyError && (env as any).ENVIRONMENT !== 'production') {
+      if (signingKeyError && (env as any).ENVIRONMENT !== "production") {
         didDocument._debug = { signingKeyError };
       }
 
       return new Response(JSON.stringify(didDocument, null, 2), {
         headers: {
-          'Content-Type': 'application/json',
+          "Content-Type": "application/json",
         },
       });
     },

package/src/{pages/.well-known → entrypoints/well-known}/oauth-authorization-server.ts

@@ -1,6 +1,6 @@
-import type { APIContext } from 'astro';
-import { withCache, CACHE_CONFIGS } from '../../lib/cache';
-import { publicPdsOrigin } from '../../lib/oauth/consent';
+import type { APIContext } from "astro";
+import { CACHE_CONFIGS, withCache } from "../../lib/cache";
+import { publicPdsOrigin } from "../../lib/oauth/consent";
 
 export const prerender = false;
 
@@ -17,16 +17,16 @@ export async function GET({ locals, request }: APIContext) {
         token_endpoint: `${origin}/oauth/token`,
         jwks_uri: `${origin}/oauth/jwks`,
         revocation_endpoint: `${origin}/oauth/revoke`,
-        scopes_supported: ['atproto', 'transition:generic'],
-        response_types_supported: ['code'],
-        response_modes_supported: ['query'],
-        grant_types_supported: ['authorization_code', 'refresh_token'],
-        code_challenge_methods_supported: ['S256'],
-        token_endpoint_auth_methods_supported: ['none', 'private_key_jwt'],
-        token_endpoint_auth_signing_alg_values_supported: ['ES256'],
-        dpop_signing_alg_values_supported: ['ES256'],
-        subject_types_supported: ['public'],
-        prompt_values_supported: ['none', 'consent', 'login'],
+        scopes_supported: ["atproto", "transition:generic"],
+        response_types_supported: ["code"],
+        response_modes_supported: ["query"],
+        grant_types_supported: ["authorization_code", "refresh_token"],
+        code_challenge_methods_supported: ["S256"],
+        token_endpoint_auth_methods_supported: ["none", "private_key_jwt"],
+        token_endpoint_auth_signing_alg_values_supported: ["ES256"],
+        dpop_signing_alg_values_supported: ["ES256"],
+        subject_types_supported: ["public"],
+        prompt_values_supported: ["none", "consent", "login"],
         require_pushed_authorization_requests: true,
         request_parameter_supported: false,
         request_uri_parameter_supported: true,
@@ -35,7 +35,7 @@ export async function GET({ locals, request }: APIContext) {
         protected_resources: [origin],
       };
       return new Response(JSON.stringify(json, null, 2), {
-        headers: { 'Content-Type': 'application/json' },
+        headers: { "Content-Type": "application/json" },
       });
     },
     CACHE_CONFIGS.WELL_KNOWN,

package/src/{pages/.well-known → entrypoints/well-known}/oauth-protected-resource.ts

@@ -1,6 +1,6 @@
-import type { APIContext } from 'astro';
-import { withCache, CACHE_CONFIGS } from '../../lib/cache';
-import { publicPdsOrigin } from '../../lib/oauth/consent';
+import type { APIContext } from "astro";
+import { CACHE_CONFIGS, withCache } from "../../lib/cache";
+import { publicPdsOrigin } from "../../lib/oauth/consent";
 
 export const prerender = false;
 
@@ -13,12 +13,13 @@ export async function GET({ locals, request }: APIContext) {
       const json = {
         resource: origin,
         authorization_servers: [origin],
-        bearer_methods_supported: ['header'],
-        scopes_supported: ['atproto', 'transition:generic'],
-        resource_documentation: `${origin}/.well-known/oauth-protected-resource`,
+        bearer_methods_supported: ["header"],
+        scopes_supported: ["atproto", "transition:generic"],
+        resource_documentation:
+          `${origin}/.well-known/oauth-protected-resource`,
       };
       return new Response(JSON.stringify(json, null, 2), {
-        headers: { 'Content-Type': 'application/json' },
+        headers: { "Content-Type": "application/json" },
       });
     },
     CACHE_CONFIGS.WELL_KNOWN,

package/src/lib/well-known-redirect.ts

@@ -0,0 +1,9 @@
+export function redirectWellKnownAlias(request: Request): Response | null {
+  const url = new URL(request.url);
+  if (!url.pathname.startsWith("/well-known/")) {
+    return null;
+  }
+
+  url.pathname = `/.${url.pathname.slice(1)}`;
+  return Response.redirect(url, 308);
+}

package/src/pages/well-known/atproto-did.ts

@@ -0,0 +1,9 @@
+import type { APIContext } from "astro";
+import { redirectWellKnownAlias } from "../../lib/well-known-redirect";
+
+export const prerender = false;
+
+export function GET({ request }: APIContext) {
+  return redirectWellKnownAlias(request) ??
+    new Response("NotFound", { status: 404 });
+}

package/src/pages/well-known/did.json.ts

@@ -0,0 +1,9 @@
+import type { APIContext } from "astro";
+import { redirectWellKnownAlias } from "../../lib/well-known-redirect";
+
+export const prerender = false;
+
+export function GET({ request }: APIContext) {
+  return redirectWellKnownAlias(request) ??
+    new Response("NotFound", { status: 404 });
+}

package/src/pages/well-known/oauth-authorization-server.ts

@@ -0,0 +1,9 @@
+import type { APIContext } from "astro";
+import { redirectWellKnownAlias } from "../../lib/well-known-redirect";
+
+export const prerender = false;
+
+export function GET({ request }: APIContext) {
+  return redirectWellKnownAlias(request) ??
+    new Response("NotFound", { status: 404 });
+}

package/src/pages/well-known/oauth-protected-resource.ts

@@ -0,0 +1,9 @@
+import type { APIContext } from "astro";
+import { redirectWellKnownAlias } from "../../lib/well-known-redirect";
+
+export const prerender = false;
+
+export function GET({ request }: APIContext) {
+  return redirectWellKnownAlias(request) ??
+    new Response("NotFound", { status: 404 });
+}