@atproto/pds 0.4.59 → 0.4.61

package/dist/pipethrough.js

@@ -1,234 +1,403 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.parseRes = exports.PROTECTED_METHODS = exports.PRIVILEGED_METHODS = exports.parseProxyRes = exports.pipeProxyRes = exports.makeRequest = exports.parseProxyHeader = exports.formatHeaders = exports.formatUrlAndAud = exports.pipethroughProcedure = exports.pipethrough = exports.proxyHandler = void 0;
-const ui8 = __importStar(require("uint8arrays"));
-const node_net_1 = __importDefault(require("node:net"));
-const node_stream_1 = __importDefault(require("node:stream"));
-const lexicon_1 = require("@atproto/lexicon");
-const xrpc_server_1 = require("@atproto/xrpc-server");
-const xrpc_1 = require("@atproto/xrpc");
+exports.PROTECTED_METHODS = exports.PRIVILEGED_METHODS = exports.asPipeThroughBuffer = exports.bufferUpstreamResponse = exports.isJsonContentType = exports.parseProxyHeader = exports.pipethrough = exports.proxyHandler = void 0;
+const node_stream_1 = require("node:stream");
 const common_1 = require("@atproto/common");
+const xrpc_1 = require("@atproto/xrpc");
+const xrpc_server_1 = require("@atproto/xrpc-server");
 const lexicons_1 = require("./lexicon/lexicons");
 const logger_1 = require("./logger");
 const proxyHandler = (ctx) => {
     const accessStandard = ctx.authVerifier.accessStandard();
     return async (req, res, next) => {
+        // /!\ Hot path
         try {
-            const { url, aud, nsid } = await (0, exports.formatUrlAndAud)(ctx, req);
+            if (req.method !== 'GET' &&
+                req.method !== 'HEAD' &&
+                req.method !== 'POST') {
+                throw new xrpc_server_1.XRPCError(xrpc_1.ResponseType.InvalidRequest, 'XRPC requests only supports GET and POST');
+            }
+            const body = req.method === 'POST' ? req : undefined;
+            if (body != null && !body.readable) {
+                // Body was already consumed by a previous middleware
+                throw new xrpc_server_1.InternalServerError('Request body is not readable');
+            }
+            const lxm = (0, xrpc_server_1.parseReqNsid)(req);
+            if (exports.PROTECTED_METHODS.has(lxm)) {
+                throw new xrpc_server_1.InvalidRequestError('Bad token method', 'InvalidToken');
+            }
             const auth = await accessStandard({ req, res });
-            if (exports.PROTECTED_METHODS.has(nsid) ||
-                (!auth.credentials.isPrivileged && exports.PRIVILEGED_METHODS.has(nsid))) {
+            if (!auth.credentials.isPrivileged && exports.PRIVILEGED_METHODS.has(lxm)) {
                 throw new xrpc_server_1.InvalidRequestError('Bad token method', 'InvalidToken');
             }
-            const headers = await (0, exports.formatHeaders)(ctx, req, {
-                aud,
-                lxm: nsid,
-                requester: auth.credentials.did,
+            const { url: origin, did: aud } = await parseProxyInfo(ctx, req, lxm);
+            const headers = {
+                'accept-encoding': req.headers['accept-encoding'] || 'identity',
+                'accept-language': req.headers['accept-language'],
+                'atproto-accept-labelers': req.headers['atproto-accept-labelers'],
+                'x-bsky-topics': req.headers['x-bsky-topics'],
+                'content-type': body && req.headers['content-type'],
+                'content-encoding': body && req.headers['content-encoding'],
+                'content-length': body && req.headers['content-length'],
+                authorization: auth.credentials.did
+                    ? `Bearer ${await ctx.serviceAuthJwt(auth.credentials.did, aud, lxm)}`
+                    : undefined,
+            };
+            const dispatchOptions = {
+                origin,
+                method: req.method,
+                path: req.originalUrl,
+                body,
+                headers,
+            };
+            await pipethroughStream(ctx, dispatchOptions, (upstream) => {
+                res.status(upstream.statusCode);
+                for (const [name, val] of responseHeaders(upstream.headers)) {
+                    res.setHeader(name, val);
+                }
+                // Note that we should not need to manually handle errors here (e.g. by
+                // destroying the response), as the http server will handle them for us.
+                res.on('error', logResponseError);
+                // Tell undici to write the upstream response directly to the response
+                return res;
             });
-            const body = node_stream_1.default.Readable.toWeb(req);
-            const reqInit = formatReqInit(req, headers, body);
-            const proxyRes = await (0, exports.makeRequest)(url, reqInit);
-            await (0, exports.pipeProxyRes)(proxyRes, res);
         }
         catch (err) {
-            return next(err);
+            next(err);
         }
-        return next();
     };
 };
 exports.proxyHandler = proxyHandler;
-const pipethrough = async (ctx, req, requester, override = {}) => {
-    const { url, aud, nsid } = await (0, exports.formatUrlAndAud)(ctx, req, override.aud);
-    const lxm = override.lxm ?? nsid;
-    const headers = await (0, exports.formatHeaders)(ctx, req, { aud, lxm, requester });
-    const reqInit = formatReqInit(req, headers);
-    const res = await (0, exports.makeRequest)(url, reqInit);
-    return (0, exports.parseProxyRes)(res);
-};
+const ACCEPT_ENCODING_COMPRESSED = [
+    ['gzip', { q: 1.0 }],
+    ['deflate', { q: 0.9 }],
+    ['br', { q: 0.8 }],
+    ['identity', { q: 0.1 }],
+];
+const ACCEPT_ENCODING_UNCOMPRESSED = [
+    ['identity', { q: 1.0 }],
+    ['gzip', { q: 0.3 }],
+    ['deflate', { q: 0.2 }],
+    ['br', { q: 0.1 }],
+];
+async function pipethrough(ctx, req, options) {
+    if (req.method !== 'GET' && req.method !== 'HEAD') {
+        // pipethrough() is used from within xrpcServer handlers, which means that
+        // the request body either has been parsed or is a readable stream that has
+        // been piped for decoding & size limiting. Because of this, forwarding the
+        // request body requires re-encoding it. Since we currently do not use
+        // pipethrough() with procedures, proxying of request body is not
+        // implemented.
+        throw new xrpc_server_1.InternalServerError(`Proxying of ${req.method} requests is not supported`);
+    }
+    const lxm = (0, xrpc_server_1.parseReqNsid)(req);
+    const { url: origin, did: aud } = await parseProxyInfo(ctx, req, lxm);
+    const dispatchOptions = {
+        origin,
+        method: req.method,
+        path: req.originalUrl,
+        headers: {
+            'accept-language': req.headers['accept-language'],
+            'atproto-accept-labelers': req.headers['atproto-accept-labelers'],
+            'x-bsky-topics': req.headers['x-bsky-topics'],
+            // Because we sometimes need to interpret the response (e.g. during
+            // read-after-write, through asPipeThroughBuffer()), we need to ask the
+            // upstream server for an encoding that both the requester and the PDS can
+            // understand. Since we might have to do the decoding ourselves, we will
+            // use our own preferences (and weight) to negotiate the encoding.
+            'accept-encoding': negotiateContentEncoding(req.headers['accept-encoding'], ctx.cfg.proxy.preferCompressed
+                ? ACCEPT_ENCODING_COMPRESSED
+                : ACCEPT_ENCODING_UNCOMPRESSED),
+            authorization: options?.iss
+                ? `Bearer ${await ctx.serviceAuthJwt(options.iss, options.aud ?? aud, options.lxm ?? lxm)}`
+                : undefined,
+        },
+        // Use a high water mark to buffer more data while performing async
+        // operations before this stream is consumed. This is especially useful
+        // while processing read-after-write operations.
+        highWaterMark: 2 * 65536, // twice the default (64KiB)
+    };
+    const { headers, body } = await pipethroughRequest(ctx, dispatchOptions);
+    return {
+        encoding: safeString(headers['content-type']) ?? 'application/json',
+        headers: Object.fromEntries(responseHeaders(headers)),
+        stream: body,
+    };
+}
 exports.pipethrough = pipethrough;
-const pipethroughProcedure = async (ctx, req, requester, body) => {
-    const { url, aud, nsid: lxm } = await (0, exports.formatUrlAndAud)(ctx, req);
-    const headers = await (0, exports.formatHeaders)(ctx, req, { aud, lxm, requester });
-    const encodedBody = body
-        ? new TextEncoder().encode((0, lexicon_1.stringifyLex)(body))
-        : undefined;
-    const reqInit = formatReqInit(req, headers, encodedBody);
-    const res = await (0, exports.makeRequest)(url, reqInit);
-    return (0, exports.parseProxyRes)(res);
-};
-exports.pipethroughProcedure = pipethroughProcedure;
 // Request setup/formatting
 // -------------------
-const REQ_HEADERS_TO_FORWARD = [
-    'accept-language',
-    'content-type',
-    'atproto-accept-labelers',
-    'x-bsky-topics',
-];
-const formatUrlAndAud = async (ctx, req, audOverride) => {
-    const proxyTo = await (0, exports.parseProxyHeader)(ctx, req);
-    const nsid = (0, xrpc_server_1.parseReqNsid)(req);
-    const defaultProxy = defaultService(ctx, nsid);
-    const serviceUrl = proxyTo?.serviceUrl ?? defaultProxy?.url;
-    const aud = audOverride ?? proxyTo?.did ?? defaultProxy?.did;
-    if (!serviceUrl || !aud) {
-        throw new xrpc_server_1.InvalidRequestError(`No service configured for ${req.path}`);
+async function parseProxyInfo(ctx, req, lxm) {
+    // /!\ Hot path
+    const proxyToHeader = req.header('atproto-proxy');
+    if (proxyToHeader)
+        return (0, exports.parseProxyHeader)(ctx, proxyToHeader);
+    const defaultProxy = defaultService(ctx, lxm);
+    if (defaultProxy)
+        return defaultProxy;
+    throw new xrpc_server_1.InvalidRequestError(`No service configured for ${lxm}`);
+}
+const parseProxyHeader = async (
+// Using subset of AppContext for testing purposes
+ctx, proxyTo) => {
+    // /!\ Hot path
+    const hashIndex = proxyTo.indexOf('#');
+    if (hashIndex === 0) {
+        throw new xrpc_server_1.InvalidRequestError('no did specified in proxy header');
     }
-    const url = new URL(req.originalUrl, serviceUrl);
-    if (!ctx.cfg.service.devMode && !isSafeUrl(url)) {
-        throw new xrpc_server_1.InvalidRequestError(`Invalid service url: ${url.toString()}`);
+    if (hashIndex === -1 || hashIndex === proxyTo.length - 1) {
+        throw new xrpc_server_1.InvalidRequestError('no service id specified in proxy header');
     }
-    return { url, aud, nsid };
-};
-exports.formatUrlAndAud = formatUrlAndAud;
-const formatHeaders = async (ctx, req, opts) => {
-    const { aud, lxm, requester } = opts;
-    const headers = requester
-        ? (await ctx.serviceAuthHeaders(requester, aud, lxm)).headers
-        : {};
-    // forward select headers to upstream services
-    for (const header of REQ_HEADERS_TO_FORWARD) {
-        const val = req.headers[header];
-        if (val) {
-            headers[header] = val;
-        }
+    // More than one hash
+    if (proxyTo.indexOf('#', hashIndex + 1) !== -1) {
+        throw new xrpc_server_1.InvalidRequestError('invalid proxy header format');
     }
-    return headers;
-};
-exports.formatHeaders = formatHeaders;
-const formatReqInit = (req, headers, body) => {
-    if (req.method === 'GET') {
-        return {
-            method: 'get',
-            headers,
-        };
-    }
-    else if (req.method === 'HEAD') {
-        return {
-            method: 'head',
-            headers,
-        };
-    }
-    else if (req.method === 'POST') {
-        return {
-            method: 'post',
-            headers,
-            body,
-            duplex: 'half',
-        };
-    }
-    else {
-        throw new xrpc_server_1.InvalidRequestError('Method not found');
-    }
-};
-const parseProxyHeader = async (ctx, req) => {
-    const proxyTo = req.header('atproto-proxy');
-    if (!proxyTo)
-        return;
-    const [did, serviceId] = proxyTo.split('#');
-    if (!serviceId) {
-        throw new xrpc_server_1.InvalidRequestError('no service id specified');
+    // Basic validation
+    if (proxyTo.includes(' ')) {
+        throw new xrpc_server_1.InvalidRequestError('proxy header cannot contain spaces');
     }
+    const did = proxyTo.slice(0, hashIndex);
     const didDoc = await ctx.idResolver.did.resolve(did);
     if (!didDoc) {
         throw new xrpc_server_1.InvalidRequestError('could not resolve proxy did');
     }
-    const serviceUrl = (0, common_1.getServiceEndpoint)(didDoc, { id: `#${serviceId}` });
-    if (!serviceUrl) {
+    const serviceId = proxyTo.slice(hashIndex);
+    const url = (0, common_1.getServiceEndpoint)(didDoc, { id: serviceId });
+    if (!url) {
         throw new xrpc_server_1.InvalidRequestError('could not resolve proxy did service url');
     }
-    return { did, serviceUrl };
+    return { did, url };
 };
 exports.parseProxyHeader = parseProxyHeader;
-// Sending request
-// -------------------
-const makeRequest = async (url, reqInit) => {
-    let res;
-    try {
-        res = await fetch(url, reqInit);
-    }
-    catch (err) {
-        logger_1.httpLogger.warn({ err }, 'pipethrough network error');
-        throw new xrpc_1.XRPCError(xrpc_1.ResponseType.UpstreamFailure);
+/**
+ * Utility function that wraps the undici stream() function and handles request
+ * and response errors by wrapping them in XRPCError instances. This function is
+ * more efficient than "pipethroughRequest" when a writable stream to pipe the
+ * upstream response to is available.
+ */
+async function pipethroughStream(ctx, dispatchOptions, successStreamFactory) {
+    return new Promise((resolve, reject) => {
+        void ctx.proxyAgent
+            .stream(dispatchOptions, (upstream) => {
+            if (upstream.statusCode >= 400) {
+                const passThrough = new node_stream_1.PassThrough();
+                void tryParsingError(upstream.headers, passThrough).then((parsed) => {
+                    const xrpcError = new xrpc_1.XRPCError(upstream.statusCode === 500
+                        ? xrpc_1.ResponseType.UpstreamFailure
+                        : upstream.statusCode, parsed.error, parsed.message, Object.fromEntries(responseHeaders(upstream.headers, false)), { cause: dispatchOptions });
+                    reject(xrpcError);
+                }, reject);
+                return passThrough;
+            }
+            const writable = successStreamFactory(upstream);
+            // As soon as the control was passed to the writable stream (i.e. by
+            // returning the writable hereafter), pipethroughStream() is considered
+            // to have succeeded. Any error occurring while writing upstream data to
+            // the writable stream should be handled through the stream's error
+            // state (i.e. successStreamFactory() must ensure that error events on
+            // the returned writable will be handled).
+            resolve();
+            return writable;
+        })
+            // The following catch block will be triggered with either network errors
+            // or writable stream errors. In the latter case, the promise will already
+            // be resolved, and reject()ing it there after will have no effect. Those
+            // error would still be logged by the successStreamFactory() function.
+            .catch(handleUpstreamRequestError)
+            .catch(reject);
+    });
+}
+/**
+ * Utility function that wraps the undici request() function and handles request
+ * and response errors by wrapping them in XRPCError instances.
+ */
+async function pipethroughRequest(ctx, dispatchOptions) {
+    // HandlerPipeThroughStream requires a readable stream to be returned, so we
+    // use the (less efficient) request() function instead.
+    const upstream = await ctx.proxyAgent
+        .request(dispatchOptions)
+        .catch(handleUpstreamRequestError);
+    if (upstream.statusCode >= 400) {
+        const parsed = await tryParsingError(upstream.headers, upstream.body);
+        // Note "XRPCClientError" is used instead of "XRPCServerError" in order to
+        // allow users of this function to capture & handle these errors (namely in
+        // "app.bsky.feed.getPostThread").
+        throw new xrpc_1.XRPCError(upstream.statusCode === 500
+            ? xrpc_1.ResponseType.UpstreamFailure
+            : upstream.statusCode, parsed.error, parsed.message, Object.fromEntries(responseHeaders(upstream.headers, false)), { cause: dispatchOptions });
     }
-    if (res.status !== xrpc_1.ResponseType.Success) {
-        const arrBuffer = await readArrayBufferRes(res);
-        const ui8Buffer = new Uint8Array(arrBuffer);
-        const errInfo = safeParseJson(ui8.toString(ui8Buffer, 'utf8'));
-        throw new xrpc_1.XRPCError(res.status, safeString(errInfo?.['error']), safeString(errInfo?.['message']), simpleHeaders(res.headers));
+    return upstream;
+}
+function handleUpstreamRequestError(err, message = 'pipethrough network error') {
+    logger_1.httpLogger.warn({ err }, message);
+    throw new xrpc_server_1.XRPCError(xrpc_1.ResponseType.UpstreamFailure, message, undefined, {
+        cause: err,
+    });
+}
+// accept-encoding defaults to "identity with lowest priority"
+const ACCEPT_ENC_DEFAULT = ['identity', { q: 0.001 }];
+const ACCEPT_FORBID_STAR = ['*', { q: 0 }];
+function negotiateContentEncoding(acceptHeader, preferences) {
+    const acceptMap = Object.fromEntries(parseAcceptEncoding(acceptHeader));
+    // Make sure the default (identity) is covered by the preferences
+    if (!preferences.some(coversIdentityAccept)) {
+        preferences = [...preferences, ACCEPT_ENC_DEFAULT];
     }
-    return res;
-};
-exports.makeRequest = makeRequest;
-// Response parsing/forwarding
-// -------------------
-const RES_HEADERS_TO_FORWARD = [
-    'content-type',
-    'content-language',
-    'atproto-repo-rev',
-    'atproto-content-labelers',
-];
-const pipeProxyRes = async (upstreamRes, ownRes) => {
-    for (const headerName of RES_HEADERS_TO_FORWARD) {
-        const headerVal = upstreamRes.headers.get(headerName);
-        if (headerVal) {
-            ownRes.setHeader(headerName, headerVal);
+    const common = preferences.filter(([name]) => {
+        const acceptQ = (acceptMap[name] ?? acceptMap['*'])?.q;
+        // Per HTTP/1.1, "identity" is always acceptable unless explicitly rejected
+        if (name === 'identity') {
+            return acceptQ == null || acceptQ > 0;
+        }
+        else {
+            return acceptQ != null && acceptQ > 0;
         }
+    });
+    // Since "identity" was present in the preferences, a missing "identity" in
+    // the common array means that the client explicitly rejected it. Let's reflect
+    // this by adding it to the common array.
+    if (!common.some(coversIdentityAccept)) {
+        common.push(ACCEPT_FORBID_STAR);
+    }
+    // If no common encodings are acceptable, throw a 406 Not Acceptable error
+    if (!common.some(isAllowedAccept)) {
+        throw new xrpc_server_1.XRPCError(xrpc_1.ResponseType.NotAcceptable, 'this service does not support any of the requested encodings');
+    }
+    return formatAcceptHeader(common);
+}
+function coversIdentityAccept([name]) {
+    return name === 'identity' || name === '*';
+}
+function isAllowedAccept([, flags]) {
+    return flags.q > 0;
+}
+/**
+ * @see {@link https://developer.mozilla.org/en-US/docs/Glossary/Quality_values}
+ */
+function formatAcceptHeader(accept) {
+    return accept.map(formatAcceptPart).join(',');
+}
+function formatAcceptPart([name, flags]) {
+    return `${name};q=${flags.q}`;
+}
+function parseAcceptEncoding(acceptEncodings) {
+    if (!acceptEncodings?.length)
+        return [];
+    return Array.isArray(acceptEncodings)
+        ? acceptEncodings.flatMap(parseAcceptEncoding)
+        : acceptEncodings.split(',').map(parseAcceptEncodingDefinition);
+}
+function parseAcceptEncodingDefinition(def) {
+    const { length, 0: encoding, 1: params } = def.trim().split(';', 3);
+    if (length > 2) {
+        throw new xrpc_server_1.InvalidRequestError(`Invalid accept-encoding: "${def}"`);
     }
-    if (upstreamRes.body) {
-        const contentLength = upstreamRes.headers.get('content-length');
-        const contentEncoding = upstreamRes.headers.get('content-encoding');
-        if (contentLength && (!contentEncoding || contentEncoding === 'identity')) {
-            ownRes.setHeader('content-length', contentLength);
+    if (!encoding || encoding.includes('=')) {
+        throw new xrpc_server_1.InvalidRequestError(`Invalid accept-encoding: "${def}"`);
+    }
+    const flags = { q: 1 };
+    if (length === 2) {
+        const { length, 0: key, 1: value } = params.split('=', 3);
+        if (length !== 2) {
+            throw new xrpc_server_1.InvalidRequestError(`Invalid accept-encoding: "${def}"`);
+        }
+        if (key === 'q' || key === 'Q') {
+            const q = parseFloat(value);
+            if (q === 0 || (Number.isFinite(q) && q <= 1 && q >= 0.001)) {
+                flags.q = q;
+            }
+            else {
+                throw new xrpc_server_1.InvalidRequestError(`Invalid accept-encoding: "${def}"`);
+            }
         }
         else {
-            ownRes.setHeader('transfer-encoding', 'chunked');
+            throw new xrpc_server_1.InvalidRequestError(`Invalid accept-encoding: "${def}"`);
         }
-        ownRes.status(200);
-        const resStream = node_stream_1.default.Readable.fromWeb(upstreamRes.body);
-        await node_stream_1.default.promises.pipeline(resStream, ownRes);
     }
-    else {
-        ownRes.status(200).end();
+    return [encoding.toLowerCase(), flags];
+}
+function isJsonContentType(contentType) {
+    if (!contentType)
+        return undefined;
+    return /application\/(?:\w+\+)?json/i.test(contentType);
+}
+exports.isJsonContentType = isJsonContentType;
+async function tryParsingError(headers, readable) {
+    if (isJsonContentType(headers['content-type']) === false) {
+        // We don't known how to parse non JSON content types so we can discard the
+        // whole response.
+        //
+        // @NOTE we could also simply "drain" the stream here. This would prevent
+        // the upstream HTTP/1.1 connection from getting destroyed (closed). This
+        // would however imply to read the whole upstream response, which would be
+        // costly in terms of bandwidth and I/O processing. It is recommended to use
+        // HTTP/2 to avoid this issue (be able to destroy a single response stream
+        // without resetting the whole connection). This is not expected to happen
+        // too much as 4xx and 5xx responses are expected to be JSON.
+        readable.destroy();
+        return {};
     }
-};
-exports.pipeProxyRes = pipeProxyRes;
-const parseProxyRes = async (res) => {
-    const buffer = await readArrayBufferRes(res);
-    const encoding = res.headers.get('content-type') ?? 'application/json';
-    const resHeaders = RES_HEADERS_TO_FORWARD.reduce((acc, cur) => {
-        acc[cur] = res.headers.get(cur) ?? undefined;
-        return acc;
-    }, {});
-    return { encoding, buffer, headers: (0, common_1.noUndefinedVals)(resHeaders) };
-};
-exports.parseProxyRes = parseProxyRes;
+    try {
+        const buffer = await bufferUpstreamResponse(readable, headers['content-encoding']);
+        const errInfo = JSON.parse(buffer.toString('utf8'));
+        return {
+            error: safeString(errInfo?.['error']),
+            message: safeString(errInfo?.['message']),
+        };
+    }
+    catch (err) {
+        // Failed to read, decode, buffer or parse. No big deal.
+        return {};
+    }
+}
+async function bufferUpstreamResponse(readable, contentEncoding) {
+    try {
+        // Needed for type-safety (should never happen irl)
+        if (Array.isArray(contentEncoding)) {
+            throw new TypeError('upstream service returned multiple content-encoding headers');
+        }
+        return await (0, common_1.streamToNodeBuffer)((0, common_1.decodeStream)(readable, contentEncoding));
+    }
+    catch (err) {
+        if (!readable.destroyed)
+            readable.destroy();
+        throw new xrpc_server_1.XRPCError(xrpc_1.ResponseType.UpstreamFailure, err instanceof TypeError ? err.message : 'unable to decode request body', undefined, { cause: err });
+    }
+}
+exports.bufferUpstreamResponse = bufferUpstreamResponse;
+async function asPipeThroughBuffer(input) {
+    return {
+        buffer: await bufferUpstreamResponse(input.stream, input.headers?.['content-encoding']),
+        headers: (0, common_1.omit)(input.headers, ['content-encoding', 'content-length']),
+        encoding: input.encoding,
+    };
+}
+exports.asPipeThroughBuffer = asPipeThroughBuffer;
+// Response parsing/forwarding
+// -------------------
+const RES_HEADERS_TO_FORWARD = ['atproto-repo-rev', 'atproto-content-labelers'];
+function* responseHeaders(headers, includeContentHeaders = true) {
+    if (includeContentHeaders) {
+        const length = headers['content-length'];
+        if (length)
+            yield ['content-length', length];
+        const encoding = headers['content-encoding'];
+        if (encoding)
+            yield ['content-encoding', encoding];
+        const type = headers['content-type'];
+        if (type)
+            yield ['content-type', type];
+        const language = headers['content-language'];
+        if (language)
+            yield ['content-language', language];
+    }
+    for (let i = 0; i < RES_HEADERS_TO_FORWARD.length; i++) {
+        const name = RES_HEADERS_TO_FORWARD[i];
+        const val = headers[name];
+        if (typeof val === 'string')
+            yield [name, val];
+    }
+}
 // Utils
 // -------------------
 exports.PRIVILEGED_METHODS = new Set([
@@ -292,47 +461,10 @@ const defaultService = (ctx, nsid) => {
             return ctx.cfg.bskyAppView;
     }
 };
-const parseRes = (nsid, res) => {
-    const buffer = new Uint8Array(res.buffer);
-    const json = safeParseJson(ui8.toString(buffer, 'utf8'));
-    const lex = json && (0, lexicon_1.jsonToLex)(json);
-    return lexicons_1.lexicons.assertValidXrpcOutput(nsid, lex);
-};
-exports.parseRes = parseRes;
-const readArrayBufferRes = async (res) => {
-    try {
-        return await res.arrayBuffer();
-    }
-    catch (err) {
-        logger_1.httpLogger.warn({ err }, 'pipethrough network error');
-        throw new xrpc_1.XRPCError(xrpc_1.ResponseType.UpstreamFailure);
-    }
-};
-const isSafeUrl = (url) => {
-    if (url.protocol !== 'https:')
-        return false;
-    if (!url.hostname || url.hostname === 'localhost')
-        return false;
-    if (node_net_1.default.isIP(url.hostname) !== 0)
-        return false;
-    return true;
-};
 const safeString = (str) => {
     return typeof str === 'string' ? str : undefined;
 };
-const safeParseJson = (json) => {
-    try {
-        return JSON.parse(json);
-    }
-    catch {
-        return null;
-    }
-};
-const simpleHeaders = (headers) => {
-    const result = {};
-    for (const [key, val] of headers) {
-        result[key] = val;
-    }
-    return result;
-};
+function logResponseError(err) {
+    logger_1.httpLogger.warn({ err }, 'error forwarding upstream response');
+}
 //# sourceMappingURL=pipethrough.js.map