npm - @atproto/bsky - Versions diffs - 0.0.67 → 0.0.68 - Mend

@atproto/bsky 0.0.67 → 0.0.68

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,17 @@
 # @atproto/bsky
+## 0.0.68
+### Patch Changes
+- [#2633](https://github.com/bluesky-social/atproto/pull/2633) [`acc9093d2`](https://github.com/bluesky-social/atproto/commit/acc9093d2845eba02b68fb2f9db33e4f1b59bb10) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Obfuscate request headers in logs using utils from @atproto/common
+- Updated dependencies [[`acc9093d2`](https://github.com/bluesky-social/atproto/commit/acc9093d2845eba02b68fb2f9db33e4f1b59bb10)]:
+  - @atproto/common@0.4.1
+  - @atproto/crypto@0.4.0
+  - @atproto/repo@0.4.1
+  - @atproto/xrpc-server@0.5.3
 ## 0.0.67
 ### Patch Changes

package/dist/logger.d.ts CHANGED Viewed

@@ -1,4 +1,6 @@
+/// <reference types="node" />
 /// <reference types="node/http" />
+import { IncomingMessage } from 'node:http';
 import { subsystemLogger } from '@atproto/common';
 export declare const dbLogger: ReturnType<typeof subsystemLogger>;
 export declare const cacheLogger: ReturnType<typeof subsystemLogger>;
@@ -7,5 +9,5 @@ export declare const labelerLogger: ReturnType<typeof subsystemLogger>;
 export declare const hydrationLogger: ReturnType<typeof subsystemLogger>;
 export declare const featureGatesLogger: ReturnType<typeof subsystemLogger>;
 export declare const httpLogger: ReturnType<typeof subsystemLogger>;
-export declare const loggerMiddleware: import("pino-http").HttpLogger<import("http").IncomingMessage, import("http").ServerResponse<import("http").IncomingMessage>, never>;
+export declare const loggerMiddleware: import("pino-http").HttpLogger<IncomingMessage, import("http").ServerResponse<IncomingMessage>, never>;
 //# sourceMappingURL=logger.d.ts.map

package/dist/logger.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":"~~;AAEA~~,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;~~AAEjD~~,eAAO,MAAM,QAAQ,EAAE,UAAU,CAAC,OAAO,eAAe,CAC5B,CAAA;AAC5B,eAAO,MAAM,WAAW,EAAE,UAAU,CAAC,OAAO,eAAe,CAC5B,CAAA;AAC/B,eAAO,MAAM,SAAS,EAAE,UAAU,CAAC,OAAO,eAAe,CAC5B,CAAA;AAC7B,eAAO,MAAM,aAAa,EAAE,UAAU,CAAC,OAAO,eAAe,CAC5B,CAAA;AACjC,eAAO,MAAM,eAAe,EAAE,UAAU,CAAC,OAAO,eAAe,CAC5B,CAAA;AACnC,eAAO,MAAM,kBAAkB,EAAE,UAAU,CAAC,OAAO,eAAe,CAC5B,CAAA;AACtC,eAAO,MAAM,UAAU,EAAE,UAAU,CAAC,OAAO,eAAe,CACjC,CAAA;AAEzB,eAAO,MAAM,gBAAgB,~~sIAM3B~~,CAAA"}
1	+ {"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":";;AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAG3C,OAAO,EAAoB,eAAe,EAAE,MAAM,iBAAiB,CAAA;AAEnE,eAAO,MAAM,QAAQ,EAAE,UAAU,CAAC,OAAO,eAAe,CAC5B,CAAA;AAC5B,eAAO,MAAM,WAAW,EAAE,UAAU,CAAC,OAAO,eAAe,CAC5B,CAAA;AAC/B,eAAO,MAAM,SAAS,EAAE,UAAU,CAAC,OAAO,eAAe,CAC5B,CAAA;AAC7B,eAAO,MAAM,aAAa,EAAE,UAAU,CAAC,OAAO,eAAe,CAC5B,CAAA;AACjC,eAAO,MAAM,eAAe,EAAE,UAAU,CAAC,OAAO,eAAe,CAC5B,CAAA;AACnC,eAAO,MAAM,kBAAkB,EAAE,UAAU,CAAC,OAAO,eAAe,CAC5B,CAAA;AACtC,eAAO,MAAM,UAAU,EAAE,UAAU,CAAC,OAAO,eAAe,CACjC,CAAA;AAEzB,eAAO,MAAM,gBAAgB,wGAa3B,CAAA"}

package/dist/logger.js CHANGED Viewed

@@ -17,82 +17,15 @@ exports.httpLogger = (0, common_1.subsystemLogger)('bsky');
 exports.loggerMiddleware = (0, pino_http_1.default)({
     logger: exports.httpLogger,
     serializers: {
-        err: errSerializer,
-        req: reqSerializer,
+        err: (err) => ({
+            code: err?.['code'],
+            message: err?.['message'],
+        }),
+        req: (req) => {
+            const serialized = pino_1.stdSerializers.req(req);
+            const headers = (0, common_1.obfuscateHeaders)(serialized.headers);
+            return { ...serialized, headers };
+        },
     },
 });
-function errSerializer(err) {
-    return {
-        code: err?.code,
-        message: err?.message,
-    };
-}
-function reqSerializer(req) {
-    const serialized = pino_1.stdSerializers.req(req);
-    serialized.headers = obfuscateHeaders(serialized.headers);
-    return serialized;
-}
-function obfuscateHeaders(headers) {
-    const obfuscatedHeaders = {};
-    for (const key in headers) {
-        if (key.toLowerCase() === 'authorization') {
-            obfuscatedHeaders[key] = obfuscateAuthHeader(headers[key]);
-        }
-        else if (key.toLowerCase() === 'dpop') {
-            obfuscatedHeaders[key] = obfuscateJws(headers[key]) || 'Invalid';
-        }
-        else {
-            obfuscatedHeaders[key] = headers[key];
-        }
-    }
-    return obfuscatedHeaders;
-}
-function obfuscateAuthHeader(authHeader) {
-    // This is a hot path (runs on every request). Avoid using split() or regex.
-    const spaceIdx = authHeader.indexOf(' ');
-    if (spaceIdx === -1)
-        return 'Invalid';
-    const type = authHeader.slice(0, spaceIdx);
-    switch (type.toLowerCase()) {
-        case 'bearer':
-            return `${type} ${obfuscateBearer(authHeader.slice(spaceIdx + 1))}`;
-        case 'dpop':
-            return `${type} ${obfuscateJws(authHeader.slice(spaceIdx + 1)) || 'Invalid'}`;
-        case 'basic':
-            return `${type} ${obfuscateBasic(authHeader.slice(spaceIdx + 1)) || 'Invalid'}`;
-        default:
-            return `Invalid`;
-    }
-}
-function obfuscateBasic(token) {
-    if (!token)
-        return null;
-    const buffer = Buffer.from(token, 'base64');
-    if (!buffer.length)
-        return null; // Buffer.from will silently ignore invalid base64 chars
-    const authHeader = buffer.toString('utf8');
-    const colIdx = authHeader.indexOf(':');
-    if (colIdx === -1)
-        return null;
-    const username = authHeader.slice(0, colIdx);
-    return `${username}:***`;
-}
-function obfuscateBearer(token) {
-    return obfuscateJws(token) || obfuscateToken(token);
-}
-function obfuscateToken(token) {
-    return token ? '***' : '';
-}
-function obfuscateJws(token) {
-    const firstDot = token.indexOf('.');
-    if (firstDot === -1)
-        return null;
-    const secondDot = token.indexOf('.', firstDot + 1);
-    if (secondDot === -1)
-        return null;
-    if (token.indexOf('.', secondDot + 1) !== -1)
-        return null;
-    // Strip the signature
-    return token.slice(0, secondDot) + '.obfuscated';
-}
 //# sourceMappingURL=logger.js.map

package/dist/logger.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"logger.js","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":";;;;;;~~AAAA~~,+BAAqC;AACrC,0DAAgC;AAChC,~~4CAAiD~~;~~AAEpC~~,QAAA,QAAQ,GACnB,IAAA,wBAAe,EAAC,SAAS,CAAC,CAAA;AACf,QAAA,WAAW,GACtB,IAAA,wBAAe,EAAC,YAAY,CAAC,CAAA;AAClB,QAAA,SAAS,GACpB,IAAA,wBAAe,EAAC,UAAU,CAAC,CAAA;AAChB,QAAA,aAAa,GACxB,IAAA,wBAAe,EAAC,cAAc,CAAC,CAAA;AACpB,QAAA,eAAe,GAC1B,IAAA,wBAAe,EAAC,gBAAgB,CAAC,CAAA;AACtB,QAAA,kBAAkB,GAC7B,IAAA,wBAAe,EAAC,mBAAmB,CAAC,CAAA;AACzB,QAAA,UAAU,GACrB,IAAA,wBAAe,EAAC,MAAM,CAAC,CAAA;AAEZ,QAAA,gBAAgB,GAAG,IAAA,mBAAQ,EAAC;IACvC,MAAM,EAAE,kBAAU;IAClB,WAAW,EAAE;QACX,GAAG,EAAE,~~aAAa;QAClB~~,~~GAAG~~,EAAE,~~aAAa;KACnB;CACF~~,CAAC,~~CAAA;AAEF,SAAS,aAAa,~~CAAC~~,GAAQ~~;~~IAC7B~~,~~OAAO;QACL,~~IAAI,EAAE,GAAG,EAAE,~~IAAI;QACf,OAAO,EAAE,GAAG,EAAE,OAAO;KACtB,CAAA;AACH,~~CAAC~~;AAED~~,~~SAAS,aAAa,CAAC,GAAQ;IAC7B,~~MAAM,~~UAAU,GAAG,qBAAc,~~CAAC~~,GAAG,CAAC,GAAG,CAAC,CAAA~~;~~IAC1C~~,~~UAAU,CAAC,~~OAAO,~~GAAG,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;IACzD,OAAO,UAAU,CAAA;AACnB,CAAC;AAED,SAAS,gBAAgB,CAAC,OAA+B;IACvD,MAAM,iBAAiB,GAA2B,~~EAAE,~~CAAA;IACpD,KAAK,MAAM,~~GAAG,~~IAAI,OAAO,~~EAAE,CAAC~~;QAC1B~~,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,eAAe,EAAE,CAAC;YAC1C,iBAAiB,CAAC,GAAG,CAAC,GAAG,mBAAmB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAA;QAC5D,CAAC;aAAM,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,MAAM,EAAE,CAAC;YACxC,iBAAiB,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,SAAS,~~CAAA;QAClE,~~CAAC;~~aAAM~~,CAAC;~~YACN~~,~~iBAAiB,CAAC,~~GAAG,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAA;QACvC,CAAC;IACH,CAAC;IACD,OAAO,iBAAiB,CAAA;AAC1B,CAAC;AAED,SAAS,mBAAmB,CAAC,UAAkB;IAC7C,4EAA4E;IAE5E,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACxC,IAAI,QAAQ,KAAK,CAAC,CAAC;QAAE,OAAO,SAAS,CAAA;IAErC,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,~~QAAQ,~~CAAC,~~CAAA;IAC1C~~,~~QAAQ,IAAI,CAAC,WAAW,~~EAAE,EAAE~~,CAAC~~;~~QAC3B~~,~~KAAK,QAAQ;YACX,OAAO,GAAG,IAAI,IAAI,eAAe,CAAC,UAAU,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,CAAA;QACrE,KAAK,~~MAAM~~;YACT~~,~~OAAO,GAAG,IAAI,IAAI,YAAY,CAAC,~~UAAU,~~CAAC,KAAK,CAAC,QAAQ,~~GAAG,~~CAAC~~,CAAC,~~CAAC,IAAI,SAAS,EAAE,CAAA;QAC/E,KAAK,OAAO;YACV,OAAO,~~GAAG,~~IAAI,IAAI,cAAc,~~CAAC,~~UAAU,CAAC,KAAK,CAAC,QAAQ,~~GAAG,CAAC,~~CAAC,CAAC,IAAI,SAAS,EAAE,~~CAAA;~~QACjF;YACE~~,~~OAAO,SAAS,CAAA;IACpB,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,KAAa;IACnC,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IACvB,~~MAAM,~~MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAA;IAC3C,IAAI,CAAC,MAAM,CAAC,MAAM;QAAE,~~OAAO,~~IAAI,CAAA,CAAC,wDAAwD;IACxF,MAAM,UAAU,~~GAAG,~~MAAM~~,~~CAAC~~,~~QAAQ~~,~~CAAC,MAAM,CAAC,CAAA;IAC1C,MAAM,MAAM,GAAG,~~UAAU,CAAC,OAAO,CAAC,~~GAAG,CAAC,~~CAAA;~~IACtC~~,~~IAAI,MAAM,KAAK,CAAC,CAAC;QAAE,~~OAAO,~~IAAI~~,~~CAAA;IAC9B,MAAM,QAAQ,~~GAAG,UAAU,~~CAAC,KAAK,CAAC,CAAC,~~EAAE,~~MAAM,CAAC,CAAA;IAC5C,~~OAAO,GAAG,QAAQ,MAAM,CAAA;AAC1B,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,OAAO,YAAY,CAAC,KAAK,CAAC,IAAI,cAAc,CAAC,KAAK,CAAC,CAAA;AACrD,CAAC;AAED,SAAS,cAAc,CAAC,KAAa;IACnC,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAA;~~AAC3B~~,CAAC;~~AAED,SAAS,YAAY,CAAC,KAAa~~;~~IACjC~~,~~MAAM,QAAQ,GAAG,KAAK,~~CAAC,~~OAAO,CAAC,GAAG,CAAC,~~CAAA;IACnC,IAAI,QAAQ,KAAK,CAAC,CAAC;QAAE,OAAO,IAAI,CAAA;IAEhC,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,GAAG,CAAC,CAAC,CAAA;IAClD,IAAI,SAAS,KAAK,CAAC,CAAC;QAAE,OAAO,IAAI,CAAA;IAEjC,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;QAAE,OAAO,IAAI,CAAA;IAEzD,sBAAsB;IACtB,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,GAAG,aAAa,CAAA;AAClD,CAAC"}
1	+ {"version":3,"file":"logger.js","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":";;;;;;AACA,+BAAqC;AACrC,0DAAgC;AAChC,4CAAmE;AAEtD,QAAA,QAAQ,GACnB,IAAA,wBAAe,EAAC,SAAS,CAAC,CAAA;AACf,QAAA,WAAW,GACtB,IAAA,wBAAe,EAAC,YAAY,CAAC,CAAA;AAClB,QAAA,SAAS,GACpB,IAAA,wBAAe,EAAC,UAAU,CAAC,CAAA;AAChB,QAAA,aAAa,GACxB,IAAA,wBAAe,EAAC,cAAc,CAAC,CAAA;AACpB,QAAA,eAAe,GAC1B,IAAA,wBAAe,EAAC,gBAAgB,CAAC,CAAA;AACtB,QAAA,kBAAkB,GAC7B,IAAA,wBAAe,EAAC,mBAAmB,CAAC,CAAA;AACzB,QAAA,UAAU,GACrB,IAAA,wBAAe,EAAC,MAAM,CAAC,CAAA;AAEZ,QAAA,gBAAgB,GAAG,IAAA,mBAAQ,EAAC;IACvC,MAAM,EAAE,kBAAU;IAClB,WAAW,EAAE;QACX,GAAG,EAAE,CAAC,GAAY,EAAE,EAAE,CAAC,CAAC;YACtB,IAAI,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC;YACnB,OAAO,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC;SAC1B,CAAC;QACF,GAAG,EAAE,CAAC,GAAoB,EAAE,EAAE;YAC5B,MAAM,UAAU,GAAG,qBAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAC1C,MAAM,OAAO,GAAG,IAAA,yBAAgB,EAAC,UAAU,CAAC,OAAO,CAAC,CAAA;YACpD,OAAO,EAAE,GAAG,UAAU,EAAE,OAAO,EAAE,CAAA;QACnC,CAAC;KACF;CACF,CAAC,CAAA"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/bsky",
-  "version": "0.0.67",
+  "version": "0.0.68",
   "license": "MIT",
   "description": "Reference implementation of app.bsky App View (Bluesky API)",
   "keywords": [
@@ -41,13 +41,13 @@
     "typed-emitter": "^2.1.0",
     "uint8arrays": "3.0.0",
     "@atproto/api": "^0.12.24",
-    "@atproto/common": "^0.4.0",
+    "@atproto/common": "^0.4.1",
     "@atproto/crypto": "^0.4.0",
     "@atproto/identity": "^0.4.0",
     "@atproto/lexicon": "^0.4.0",
-    "@atproto/repo": "^0.4.0",
+    "@atproto/repo": "^0.4.1",
     "@atproto/syntax": "^0.3.0",
-    "@atproto/xrpc-server": "^0.5.2"
+    "@atproto/xrpc-server": "^0.5.3"
   },
   "devDependencies": {
     "@bufbuild/buf": "^1.28.1",
@@ -64,7 +64,7 @@
     "ts-node": "^10.8.2",
     "@atproto/api": "^0.12.24",
     "@atproto/lex-cli": "^0.4.0",
-    "@atproto/pds": "^0.4.40",
+    "@atproto/pds": "^0.4.41",
     "@atproto/xrpc": "^0.5.0"
   },
   "scripts": {

package/src/logger.ts CHANGED Viewed

@@ -1,6 +1,7 @@
+import { IncomingMessage } from 'node:http'
 import { stdSerializers } from 'pino'
 import pinoHttp from 'pino-http'
-import { subsystemLogger } from '@atproto/common'
+import { obfuscateHeaders, subsystemLogger } from '@atproto/common'
 export const dbLogger: ReturnType<typeof subsystemLogger> =
   subsystemLogger('bsky:db')
@@ -20,85 +21,14 @@ export const httpLogger: ReturnType<typeof subsystemLogger> =
 export const loggerMiddleware = pinoHttp({
   logger: httpLogger,
   serializers: {
-    err: errSerializer,
-    req: reqSerializer,
+    err: (err: unknown) => ({
+      code: err?.['code'],
+      message: err?.['message'],
+    }),
+    req: (req: IncomingMessage) => {
+      const serialized = stdSerializers.req(req)
+      const headers = obfuscateHeaders(serialized.headers)
+      return { ...serialized, headers }
+    },
   },
 })
-function errSerializer(err: any) {
-  return {
-    code: err?.code,
-    message: err?.message,
-  }
-}
-function reqSerializer(req: any) {
-  const serialized = stdSerializers.req(req)
-  serialized.headers = obfuscateHeaders(serialized.headers)
-  return serialized
-}
-function obfuscateHeaders(headers: Record<string, string>) {
-  const obfuscatedHeaders: Record<string, string> = {}
-  for (const key in headers) {
-    if (key.toLowerCase() === 'authorization') {
-      obfuscatedHeaders[key] = obfuscateAuthHeader(headers[key])
-    } else if (key.toLowerCase() === 'dpop') {
-      obfuscatedHeaders[key] = obfuscateJws(headers[key]) || 'Invalid'
-    } else {
-      obfuscatedHeaders[key] = headers[key]
-    }
-  }
-  return obfuscatedHeaders
-}
-function obfuscateAuthHeader(authHeader: string): string {
-  // This is a hot path (runs on every request). Avoid using split() or regex.
-  const spaceIdx = authHeader.indexOf(' ')
-  if (spaceIdx === -1) return 'Invalid'
-  const type = authHeader.slice(0, spaceIdx)
-  switch (type.toLowerCase()) {
-    case 'bearer':
-      return `${type} ${obfuscateBearer(authHeader.slice(spaceIdx + 1))}`
-    case 'dpop':
-      return `${type} ${obfuscateJws(authHeader.slice(spaceIdx + 1)) || 'Invalid'}`
-    case 'basic':
-      return `${type} ${obfuscateBasic(authHeader.slice(spaceIdx + 1)) || 'Invalid'}`
-    default:
-      return `Invalid`
-  }
-}
-function obfuscateBasic(token: string): null | string {
-  if (!token) return null
-  const buffer = Buffer.from(token, 'base64')
-  if (!buffer.length) return null // Buffer.from will silently ignore invalid base64 chars
-  const authHeader = buffer.toString('utf8')
-  const colIdx = authHeader.indexOf(':')
-  if (colIdx === -1) return null
-  const username = authHeader.slice(0, colIdx)
-  return `${username}:***`
-}
-function obfuscateBearer(token: string): string {
-  return obfuscateJws(token) || obfuscateToken(token)
-}
-function obfuscateToken(token: string): string {
-  return token ? '***' : ''
-}
-function obfuscateJws(token: string): null | string {
-  const firstDot = token.indexOf('.')
-  if (firstDot === -1) return null
-  const secondDot = token.indexOf('.', firstDot + 1)
-  if (secondDot === -1) return null
-  if (token.indexOf('.', secondDot + 1) !== -1) return null
-  // Strip the signature
-  return token.slice(0, secondDot) + '.obfuscated'
-}