@atproto/pds 0.4.58 → 0.4.60

package/dist/pipethrough.js

@@ -1,234 +1,371 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.parseRes = exports.PROTECTED_METHODS = exports.PRIVILEGED_METHODS = exports.parseProxyRes = exports.pipeProxyRes = exports.makeRequest = exports.parseProxyHeader = exports.formatHeaders = exports.formatUrlAndAud = exports.pipethroughProcedure = exports.pipethrough = exports.proxyHandler = void 0;
-const ui8 = __importStar(require("uint8arrays"));
-const node_net_1 = __importDefault(require("node:net"));
-const node_stream_1 = __importDefault(require("node:stream"));
-const lexicon_1 = require("@atproto/lexicon");
-const xrpc_server_1 = require("@atproto/xrpc-server");
-const xrpc_1 = require("@atproto/xrpc");
+exports.PROTECTED_METHODS = exports.PRIVILEGED_METHODS = exports.asPipeThroughBuffer = exports.bufferUpstreamResponse = exports.isJsonContentType = exports.parseProxyHeader = exports.pipethrough = exports.proxyHandler = void 0;
+const node_stream_1 = require("node:stream");
 const common_1 = require("@atproto/common");
+const xrpc_1 = require("@atproto/xrpc");
+const xrpc_server_1 = require("@atproto/xrpc-server");
 const lexicons_1 = require("./lexicon/lexicons");
 const logger_1 = require("./logger");
 const proxyHandler = (ctx) => {
     const accessStandard = ctx.authVerifier.accessStandard();
     return async (req, res, next) => {
+        // /!\ Hot path
         try {
-            const { url, aud, nsid } = await (0, exports.formatUrlAndAud)(ctx, req);
+            if (req.method !== 'GET' &&
+                req.method !== 'HEAD' &&
+                req.method !== 'POST') {
+                throw new xrpc_server_1.XRPCError(xrpc_1.ResponseType.InvalidRequest, 'XRPC requests only supports GET and POST');
+            }
+            const body = req.method === 'POST' ? req : undefined;
+            if (body != null && !body.readable) {
+                // Body was already consumed by a previous middleware
+                throw new xrpc_server_1.InternalServerError('Request body is not readable');
+            }
+            const lxm = (0, xrpc_server_1.parseReqNsid)(req);
+            if (exports.PROTECTED_METHODS.has(lxm)) {
+                throw new xrpc_server_1.InvalidRequestError('Bad token method', 'InvalidToken');
+            }
             const auth = await accessStandard({ req, res });
-            if (exports.PROTECTED_METHODS.has(nsid) ||
-                (!auth.credentials.isPrivileged && exports.PRIVILEGED_METHODS.has(nsid))) {
+            if (!auth.credentials.isPrivileged && exports.PRIVILEGED_METHODS.has(lxm)) {
                 throw new xrpc_server_1.InvalidRequestError('Bad token method', 'InvalidToken');
             }
-            const headers = await (0, exports.formatHeaders)(ctx, req, {
-                aud,
-                lxm: nsid,
-                requester: auth.credentials.did,
+            const { url: origin, did: aud } = await parseProxyInfo(ctx, req, lxm);
+            const headers = {
+                'accept-encoding': req.headers['accept-encoding'],
+                'accept-language': req.headers['accept-language'],
+                'atproto-accept-labelers': req.headers['atproto-accept-labelers'],
+                'x-bsky-topics': req.headers['x-bsky-topics'],
+                'content-type': body && req.headers['content-type'],
+                'content-encoding': body && req.headers['content-encoding'],
+                'content-length': body && req.headers['content-length'],
+                authorization: auth.credentials.did
+                    ? `Bearer ${await ctx.serviceAuthJwt(auth.credentials.did, aud, lxm)}`
+                    : undefined,
+            };
+            const dispatchOptions = {
+                origin,
+                method: req.method,
+                path: req.originalUrl,
+                body,
+                headers,
+            };
+            await pipethroughStream(ctx, dispatchOptions, (upstream) => {
+                res.status(upstream.statusCode);
+                for (const [name, val] of responseHeaders(upstream.headers)) {
+                    res.setHeader(name, val);
+                }
+                // Note that we should not need to manually handle errors here (e.g. by
+                // destroying the response), as the http server will handle them for us.
+                res.on('error', logResponseError);
+                // Tell undici to write the upstream response directly to the response
+                return res;
             });
-            const body = node_stream_1.default.Readable.toWeb(req);
-            const reqInit = formatReqInit(req, headers, body);
-            const proxyRes = await (0, exports.makeRequest)(url, reqInit);
-            await (0, exports.pipeProxyRes)(proxyRes, res);
         }
         catch (err) {
-            return next(err);
+            next(err);
         }
-        return next();
     };
 };
 exports.proxyHandler = proxyHandler;
-const pipethrough = async (ctx, req, requester, override = {}) => {
-    const { url, aud, nsid } = await (0, exports.formatUrlAndAud)(ctx, req, override.aud);
-    const lxm = override.lxm ?? nsid;
-    const headers = await (0, exports.formatHeaders)(ctx, req, { aud, lxm, requester });
-    const reqInit = formatReqInit(req, headers);
-    const res = await (0, exports.makeRequest)(url, reqInit);
-    return (0, exports.parseProxyRes)(res);
-};
+// List of content encodings that are supported by the PDS. Because proxying
+// occurs between data centers, where connectivity is supposedly stable & good,
+// and because payloads are small, we prefer encoding that are fast (gzip,
+// deflate, identity) over heavier encodings (Brotli). Upstream servers should
+// be configured to prefer any encoding over identity in case of big,
+// uncompressed payloads.
+const SUPPORTED_ENCODINGS = [
+    ['gzip', { q: '1.0' }],
+    ['deflate', { q: '0.9' }],
+    ['identity', { q: '0.3' }],
+    ['br', { q: '0.1' }],
+];
+async function pipethrough(ctx, req, options) {
+    if (req.method !== 'GET' && req.method !== 'HEAD') {
+        // pipethrough() is used from within xrpcServer handlers, which means that
+        // the request body either has been parsed or is a readable stream that has
+        // been piped for decoding & size limiting. Because of this, forwarding the
+        // request body requires re-encoding it. Since we currently do not use
+        // pipethrough() with procedures, proxying of request body is not
+        // implemented.
+        throw new xrpc_server_1.InternalServerError(`Proxying of ${req.method} requests is not supported`);
+    }
+    const lxm = (0, xrpc_server_1.parseReqNsid)(req);
+    const { url: origin, did: aud } = await parseProxyInfo(ctx, req, lxm);
+    // Because we sometimes need to interpret the response (e.g. during
+    // read-after-write, through asPipeThroughBuffer()), we need to ask the
+    // upstream server for an encoding that both the requester and the PDS can
+    // understand.
+    const acceptEncoding = negotiateAccept(req.headers['accept-encoding'], SUPPORTED_ENCODINGS);
+    const headers = {
+        'accept-language': req.headers['accept-language'],
+        'atproto-accept-labelers': req.headers['atproto-accept-labelers'],
+        'x-bsky-topics': req.headers['x-bsky-topics'],
+        'accept-encoding': `${formatAccepted(acceptEncoding)}, *;q=0`, // Reject anything else (q=0)
+        authorization: options?.iss
+            ? `Bearer ${await ctx.serviceAuthJwt(options.iss, options.aud ?? aud, options.lxm ?? lxm)}`
+            : undefined,
+    };
+    const dispatchOptions = {
+        origin,
+        method: req.method,
+        path: req.originalUrl,
+        headers,
+        // Use a high water mark to buffer more data while performing async
+        // operations before this stream is consumed. This is especially useful
+        // while processing read-after-write operations.
+        highWaterMark: 2 * 65536, // twice the default (64KiB)
+    };
+    const upstream = await pipethroughRequest(ctx, dispatchOptions);
+    return {
+        stream: upstream.body,
+        headers: Object.fromEntries(responseHeaders(upstream.headers)),
+        encoding: safeString(upstream.headers['content-type']) ?? 'application/json',
+    };
+}
 exports.pipethrough = pipethrough;
-const pipethroughProcedure = async (ctx, req, requester, body) => {
-    const { url, aud, nsid: lxm } = await (0, exports.formatUrlAndAud)(ctx, req);
-    const headers = await (0, exports.formatHeaders)(ctx, req, { aud, lxm, requester });
-    const encodedBody = body
-        ? new TextEncoder().encode((0, lexicon_1.stringifyLex)(body))
-        : undefined;
-    const reqInit = formatReqInit(req, headers, encodedBody);
-    const res = await (0, exports.makeRequest)(url, reqInit);
-    return (0, exports.parseProxyRes)(res);
-};
-exports.pipethroughProcedure = pipethroughProcedure;
 // Request setup/formatting
 // -------------------
-const REQ_HEADERS_TO_FORWARD = [
-    'accept-language',
-    'content-type',
-    'atproto-accept-labelers',
-    'x-bsky-topics',
-];
-const formatUrlAndAud = async (ctx, req, audOverride) => {
-    const proxyTo = await (0, exports.parseProxyHeader)(ctx, req);
-    const nsid = (0, xrpc_server_1.parseReqNsid)(req);
-    const defaultProxy = defaultService(ctx, nsid);
-    const serviceUrl = proxyTo?.serviceUrl ?? defaultProxy?.url;
-    const aud = audOverride ?? proxyTo?.did ?? defaultProxy?.did;
-    if (!serviceUrl || !aud) {
-        throw new xrpc_server_1.InvalidRequestError(`No service configured for ${req.path}`);
+async function parseProxyInfo(ctx, req, lxm) {
+    // /!\ Hot path
+    const proxyToHeader = req.header('atproto-proxy');
+    if (proxyToHeader)
+        return (0, exports.parseProxyHeader)(ctx, proxyToHeader);
+    const defaultProxy = defaultService(ctx, lxm);
+    if (defaultProxy)
+        return defaultProxy;
+    throw new xrpc_server_1.InvalidRequestError(`No service configured for ${lxm}`);
+}
+const parseProxyHeader = async (
+// Using subset of AppContext for testing purposes
+ctx, proxyTo) => {
+    // /!\ Hot path
+    const hashIndex = proxyTo.indexOf('#');
+    if (hashIndex === 0) {
+        throw new xrpc_server_1.InvalidRequestError('no did specified in proxy header');
     }
-    const url = new URL(req.originalUrl, serviceUrl);
-    if (!ctx.cfg.service.devMode && !isSafeUrl(url)) {
-        throw new xrpc_server_1.InvalidRequestError(`Invalid service url: ${url.toString()}`);
+    if (hashIndex === -1 || hashIndex === proxyTo.length - 1) {
+        throw new xrpc_server_1.InvalidRequestError('no service id specified in proxy header');
     }
-    return { url, aud, nsid };
-};
-exports.formatUrlAndAud = formatUrlAndAud;
-const formatHeaders = async (ctx, req, opts) => {
-    const { aud, lxm, requester } = opts;
-    const headers = requester
-        ? (await ctx.serviceAuthHeaders(requester, aud, lxm)).headers
-        : {};
-    // forward select headers to upstream services
-    for (const header of REQ_HEADERS_TO_FORWARD) {
-        const val = req.headers[header];
-        if (val) {
-            headers[header] = val;
-        }
+    // More than one hash
+    if (proxyTo.indexOf('#', hashIndex + 1) !== -1) {
+        throw new xrpc_server_1.InvalidRequestError('invalid proxy header format');
     }
-    return headers;
-};
-exports.formatHeaders = formatHeaders;
-const formatReqInit = (req, headers, body) => {
-    if (req.method === 'GET') {
-        return {
-            method: 'get',
-            headers,
-        };
-    }
-    else if (req.method === 'HEAD') {
-        return {
-            method: 'head',
-            headers,
-        };
-    }
-    else if (req.method === 'POST') {
-        return {
-            method: 'post',
-            headers,
-            body,
-            duplex: 'half',
-        };
-    }
-    else {
-        throw new xrpc_server_1.InvalidRequestError('Method not found');
-    }
-};
-const parseProxyHeader = async (ctx, req) => {
-    const proxyTo = req.header('atproto-proxy');
-    if (!proxyTo)
-        return;
-    const [did, serviceId] = proxyTo.split('#');
-    if (!serviceId) {
-        throw new xrpc_server_1.InvalidRequestError('no service id specified');
+    // Basic validation
+    if (proxyTo.includes(' ')) {
+        throw new xrpc_server_1.InvalidRequestError('proxy header cannot contain spaces');
     }
+    const did = proxyTo.slice(0, hashIndex);
     const didDoc = await ctx.idResolver.did.resolve(did);
     if (!didDoc) {
         throw new xrpc_server_1.InvalidRequestError('could not resolve proxy did');
     }
-    const serviceUrl = (0, common_1.getServiceEndpoint)(didDoc, { id: `#${serviceId}` });
-    if (!serviceUrl) {
+    const serviceId = proxyTo.slice(hashIndex);
+    const url = (0, common_1.getServiceEndpoint)(didDoc, { id: serviceId });
+    if (!url) {
         throw new xrpc_server_1.InvalidRequestError('could not resolve proxy did service url');
     }
-    return { did, serviceUrl };
+    return { did, url };
 };
 exports.parseProxyHeader = parseProxyHeader;
-// Sending request
-// -------------------
-const makeRequest = async (url, reqInit) => {
-    let res;
+/**
+ * Utility function that wraps the undici stream() function and handles request
+ * and response errors by wrapping them in XRPCError instances. This function is
+ * more efficient than "pipethroughRequest" when a writable stream to pipe the
+ * upstream response to is available.
+ */
+async function pipethroughStream(ctx, dispatchOptions, successStreamFactory) {
+    return new Promise((resolve, reject) => {
+        void ctx.proxyAgent
+            .stream(dispatchOptions, (upstream) => {
+            if (upstream.statusCode >= 400) {
+                const passThrough = new node_stream_1.PassThrough();
+                void tryParsingError(upstream.headers, passThrough).then((parsed) => {
+                    const xrpcError = new xrpc_1.XRPCError(upstream.statusCode === 500
+                        ? xrpc_1.ResponseType.UpstreamFailure
+                        : upstream.statusCode, parsed.error, parsed.message, Object.fromEntries(responseHeaders(upstream.headers, false)), { cause: dispatchOptions });
+                    reject(xrpcError);
+                }, reject);
+                return passThrough;
+            }
+            const writable = successStreamFactory(upstream);
+            // As soon as the control was passed to the writable stream (i.e. by
+            // returning the writable hereafter), pipethroughStream() is considered
+            // to have succeeded. Any error occurring while writing upstream data to
+            // the writable stream should be handled through the stream's error
+            // state (i.e. successStreamFactory() must ensure that error events on
+            // the returned writable will be handled).
+            resolve();
+            return writable;
+        })
+            // The following catch block will be triggered with either network errors
+            // or writable stream errors. In the latter case, the promise will already
+            // be resolved, and reject()ing it there after will have no effect. Those
+            // error would still be logged by the successStreamFactory() function.
+            .catch(handleUpstreamRequestError)
+            .catch(reject);
+    });
+}
+/**
+ * Utility function that wraps the undici request() function and handles request
+ * and response errors by wrapping them in XRPCError instances.
+ */
+async function pipethroughRequest(ctx, dispatchOptions) {
+    // HandlerPipeThroughStream requires a readable stream to be returned, so we
+    // use the (less efficient) request() function instead.
+    const upstream = await ctx.proxyAgent
+        .request(dispatchOptions)
+        .catch(handleUpstreamRequestError);
+    if (upstream.statusCode >= 400) {
+        const parsed = await tryParsingError(upstream.headers, upstream.body);
+        // Note "XRPCClientError" is used instead of "XRPCServerError" in order to
+        // allow users of this function to capture & handle these errors (namely in
+        // "app.bsky.feed.getPostThread").
+        throw new xrpc_1.XRPCError(upstream.statusCode === 500
+            ? xrpc_1.ResponseType.UpstreamFailure
+            : upstream.statusCode, parsed.error, parsed.message, Object.fromEntries(responseHeaders(upstream.headers, false)), { cause: dispatchOptions });
+    }
+    return upstream;
+}
+function handleUpstreamRequestError(err, message = 'pipethrough network error') {
+    logger_1.httpLogger.warn({ err }, message);
+    throw new xrpc_server_1.XRPCError(xrpc_1.ResponseType.UpstreamFailure, message, undefined, {
+        cause: err,
+    });
+}
+function negotiateAccept(acceptHeader, supported) {
+    // Optimization: if no accept-encoding header is present, skip negotiation
+    if (!acceptHeader?.length) {
+        return supported;
+    }
+    const acceptNames = extractAcceptedNames(acceptHeader);
+    const common = acceptNames.includes('*')
+        ? supported
+        : supported.filter(nameIncludedIn, acceptNames);
+    // There must be at least one common encoding with a non-zero q value
+    if (!common.some(isNotRejected)) {
+        throw new xrpc_server_1.XRPCError(xrpc_1.ResponseType.NotAcceptable, 'this service does not support any of the requested encodings');
+    }
+    return common;
+}
+function formatAccepted(accept) {
+    return accept.map(formatEncodingDev).join(', ');
+}
+function formatEncodingDev([enc, flags]) {
+    let ret = enc;
+    for (const name in flags)
+        ret += `;${name}=${flags[name]}`;
+    return ret;
+}
+function nameIncludedIn(accept) {
+    return this.includes(accept[0]);
+}
+function isNotRejected(accept) {
+    return accept[1]['q'] !== '0';
+}
+function extractAcceptedNames(acceptHeader) {
+    if (!acceptHeader?.length) {
+        return ['*'];
+    }
+    return Array.isArray(acceptHeader)
+        ? acceptHeader.flatMap(extractAcceptedNames)
+        : acceptHeader.split(',').map(extractAcceptedName).filter(isNonNullable);
+}
+function extractAcceptedName(def) {
+    // No need to fully parse since we only care about allowed values
+    const parts = def.split(';');
+    if (parts.some(isQzero))
+        return undefined;
+    return parts[0].trim();
+}
+function isQzero(def) {
+    return def.trim() === 'q=0';
+}
+function isNonNullable(val) {
+    return val != null;
+}
+function isJsonContentType(contentType) {
+    if (contentType == null)
+        return undefined;
+    return /application\/(?:\w+\+)?json/i.test(contentType);
+}
+exports.isJsonContentType = isJsonContentType;
+async function tryParsingError(headers, readable) {
+    if (isJsonContentType(headers['content-type']) === false) {
+        // We don't known how to parse non JSON content types so we can discard the
+        // whole response.
+        //
+        // @NOTE we could also simply "drain" the stream here. This would prevent
+        // the upstream HTTP/1.1 connection from getting destroyed (closed). This
+        // would however imply to read the whole upstream response, which would be
+        // costly in terms of bandwidth and I/O processing. It is recommended to use
+        // HTTP/2 to avoid this issue (be able to destroy a single response stream
+        // without resetting the whole connection). This is not expected to happen
+        // too much as 4xx and 5xx responses are expected to be JSON.
+        readable.destroy();
+        return {};
+    }
     try {
-        res = await fetch(url, reqInit);
+        const buffer = await bufferUpstreamResponse(readable, headers['content-encoding']);
+        const errInfo = JSON.parse(buffer.toString('utf8'));
+        return {
+            error: safeString(errInfo?.['error']),
+            message: safeString(errInfo?.['message']),
+        };
     }
     catch (err) {
-        logger_1.httpLogger.warn({ err }, 'pipethrough network error');
-        throw new xrpc_1.XRPCError(xrpc_1.ResponseType.UpstreamFailure);
+        // Failed to read, decode, buffer or parse. No big deal.
+        return {};
     }
-    if (res.status !== xrpc_1.ResponseType.Success) {
-        const arrBuffer = await readArrayBufferRes(res);
-        const ui8Buffer = new Uint8Array(arrBuffer);
-        const errInfo = safeParseJson(ui8.toString(ui8Buffer, 'utf8'));
-        throw new xrpc_1.XRPCError(res.status, safeString(errInfo?.['error']), safeString(errInfo?.['message']), simpleHeaders(res.headers));
+}
+async function bufferUpstreamResponse(readable, contentEncoding) {
+    try {
+        // Needed for type-safety (should never happen irl)
+        if (Array.isArray(contentEncoding)) {
+            throw new TypeError('upstream service returned multiple content-encoding headers');
+        }
+        return await (0, common_1.streamToNodeBuffer)((0, common_1.decodeStream)(readable, contentEncoding));
     }
-    return res;
-};
-exports.makeRequest = makeRequest;
+    catch (err) {
+        if (!readable.destroyed)
+            readable.destroy();
+        throw new xrpc_server_1.XRPCError(xrpc_1.ResponseType.UpstreamFailure, err instanceof TypeError ? err.message : 'unable to decode request body', undefined, { cause: err });
+    }
+}
+exports.bufferUpstreamResponse = bufferUpstreamResponse;
+async function asPipeThroughBuffer(input) {
+    return {
+        buffer: await bufferUpstreamResponse(input.stream, input.headers?.['content-encoding']),
+        headers: (0, common_1.omit)(input.headers, ['content-encoding', 'content-length']),
+        encoding: input.encoding,
+    };
+}
+exports.asPipeThroughBuffer = asPipeThroughBuffer;
 // Response parsing/forwarding
 // -------------------
-const RES_HEADERS_TO_FORWARD = [
-    'content-type',
-    'content-language',
-    'atproto-repo-rev',
-    'atproto-content-labelers',
-];
-const pipeProxyRes = async (upstreamRes, ownRes) => {
-    for (const headerName of RES_HEADERS_TO_FORWARD) {
-        const headerVal = upstreamRes.headers.get(headerName);
-        if (headerVal) {
-            ownRes.setHeader(headerName, headerVal);
-        }
-    }
-    if (upstreamRes.body) {
-        const contentLength = upstreamRes.headers.get('content-length');
-        const contentEncoding = upstreamRes.headers.get('content-encoding');
-        if (contentLength && (!contentEncoding || contentEncoding === 'identity')) {
-            ownRes.setHeader('content-length', contentLength);
-        }
-        else {
-            ownRes.setHeader('transfer-encoding', 'chunked');
-        }
-        ownRes.status(200);
-        const resStream = node_stream_1.default.Readable.fromWeb(upstreamRes.body);
-        await node_stream_1.default.promises.pipeline(resStream, ownRes);
+const RES_HEADERS_TO_FORWARD = ['atproto-repo-rev', 'atproto-content-labelers'];
+function* responseHeaders(headers, includeContentHeaders = true) {
+    if (includeContentHeaders) {
+        const length = headers['content-length'];
+        if (length)
+            yield ['content-length', length];
+        const encoding = headers['content-encoding'];
+        if (encoding)
+            yield ['content-encoding', encoding];
+        const type = headers['content-type'];
+        if (type)
+            yield ['content-type', type];
+        const language = headers['content-language'];
+        if (language)
+            yield ['content-language', language];
     }
-    else {
-        ownRes.status(200).end();
+    for (let i = 0; i < RES_HEADERS_TO_FORWARD.length; i++) {
+        const name = RES_HEADERS_TO_FORWARD[i];
+        const val = headers[name];
+        if (typeof val === 'string')
+            yield [name, val];
     }
-};
-exports.pipeProxyRes = pipeProxyRes;
-const parseProxyRes = async (res) => {
-    const buffer = await readArrayBufferRes(res);
-    const encoding = res.headers.get('content-type') ?? 'application/json';
-    const resHeaders = RES_HEADERS_TO_FORWARD.reduce((acc, cur) => {
-        acc[cur] = res.headers.get(cur) ?? undefined;
-        return acc;
-    }, {});
-    return { encoding, buffer, headers: (0, common_1.noUndefinedVals)(resHeaders) };
-};
-exports.parseProxyRes = parseProxyRes;
+}
 // Utils
 // -------------------
 exports.PRIVILEGED_METHODS = new Set([
@@ -292,47 +429,10 @@ const defaultService = (ctx, nsid) => {
             return ctx.cfg.bskyAppView;
     }
 };
-const parseRes = (nsid, res) => {
-    const buffer = new Uint8Array(res.buffer);
-    const json = safeParseJson(ui8.toString(buffer, 'utf8'));
-    const lex = json && (0, lexicon_1.jsonToLex)(json);
-    return lexicons_1.lexicons.assertValidXrpcOutput(nsid, lex);
-};
-exports.parseRes = parseRes;
-const readArrayBufferRes = async (res) => {
-    try {
-        return await res.arrayBuffer();
-    }
-    catch (err) {
-        logger_1.httpLogger.warn({ err }, 'pipethrough network error');
-        throw new xrpc_1.XRPCError(xrpc_1.ResponseType.UpstreamFailure);
-    }
-};
-const isSafeUrl = (url) => {
-    if (url.protocol !== 'https:')
-        return false;
-    if (!url.hostname || url.hostname === 'localhost')
-        return false;
-    if (node_net_1.default.isIP(url.hostname) !== 0)
-        return false;
-    return true;
-};
 const safeString = (str) => {
     return typeof str === 'string' ? str : undefined;
 };
-const safeParseJson = (json) => {
-    try {
-        return JSON.parse(json);
-    }
-    catch {
-        return null;
-    }
-};
-const simpleHeaders = (headers) => {
-    const result = {};
-    for (const [key, val] of headers) {
-        result[key] = val;
-    }
-    return result;
-};
+function logResponseError(err) {
+    logger_1.httpLogger.warn({ err }, 'error forwarding upstream response');
+}
 //# sourceMappingURL=pipethrough.js.map