@atproto/pds 0.5.12 → 0.5.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (322) hide show
  1. package/CHANGELOG.md +36 -0
  2. package/dist/api/app/bsky/notification/index.d.ts.map +1 -1
  3. package/dist/api/app/bsky/notification/index.js +2 -0
  4. package/dist/api/app/bsky/notification/index.js.map +1 -1
  5. package/dist/api/app/bsky/notification/unregisterPush.d.ts +4 -0
  6. package/dist/api/app/bsky/notification/unregisterPush.d.ts.map +1 -0
  7. package/dist/api/app/bsky/notification/unregisterPush.js +48 -0
  8. package/dist/api/app/bsky/notification/unregisterPush.js.map +1 -0
  9. package/package.json +42 -38
  10. package/build.templates.cjs +0 -22
  11. package/example.env +0 -42
  12. package/jest.config.cjs +0 -27
  13. package/src/account-manager/account-manager.ts +0 -916
  14. package/src/account-manager/db/index.ts +0 -21
  15. package/src/account-manager/db/migrations/001-init.ts +0 -115
  16. package/src/account-manager/db/migrations/002-account-deactivation.ts +0 -17
  17. package/src/account-manager/db/migrations/003-privileged-app-passwords.ts +0 -12
  18. package/src/account-manager/db/migrations/004-oauth.ts +0 -122
  19. package/src/account-manager/db/migrations/005-oauth-account-management.ts +0 -136
  20. package/src/account-manager/db/migrations/006-oauth-permission-sets.ts +0 -20
  21. package/src/account-manager/db/migrations/007-lexicon-failures-index.ts +0 -14
  22. package/src/account-manager/db/migrations/index.ts +0 -17
  23. package/src/account-manager/db/schema/account-device.ts +0 -14
  24. package/src/account-manager/db/schema/account.ts +0 -16
  25. package/src/account-manager/db/schema/actor.ts +0 -17
  26. package/src/account-manager/db/schema/app-password.ts +0 -13
  27. package/src/account-manager/db/schema/authorization-request.ts +0 -30
  28. package/src/account-manager/db/schema/authorized-client.ts +0 -23
  29. package/src/account-manager/db/schema/device.ts +0 -18
  30. package/src/account-manager/db/schema/email-token.ts +0 -19
  31. package/src/account-manager/db/schema/index.ts +0 -43
  32. package/src/account-manager/db/schema/invite-code.ts +0 -24
  33. package/src/account-manager/db/schema/lexicon.ts +0 -15
  34. package/src/account-manager/db/schema/refresh-token.ts +0 -11
  35. package/src/account-manager/db/schema/repo-root.ts +0 -12
  36. package/src/account-manager/db/schema/token.ts +0 -38
  37. package/src/account-manager/db/schema/used-refresh-token.ts +0 -13
  38. package/src/account-manager/helpers/account-device.ts +0 -63
  39. package/src/account-manager/helpers/account.ts +0 -355
  40. package/src/account-manager/helpers/auth.ts +0 -222
  41. package/src/account-manager/helpers/authorization-request.ts +0 -90
  42. package/src/account-manager/helpers/authorized-client.ts +0 -75
  43. package/src/account-manager/helpers/device.ts +0 -47
  44. package/src/account-manager/helpers/email-token.ts +0 -87
  45. package/src/account-manager/helpers/invite.ts +0 -263
  46. package/src/account-manager/helpers/lexicon.ts +0 -67
  47. package/src/account-manager/helpers/password.ts +0 -136
  48. package/src/account-manager/helpers/repo.ts +0 -24
  49. package/src/account-manager/helpers/scrypt.ts +0 -53
  50. package/src/account-manager/helpers/token.ts +0 -158
  51. package/src/account-manager/helpers/used-refresh-token.ts +0 -30
  52. package/src/account-manager/oauth-store.ts +0 -880
  53. package/src/account-manager/scope-reference-getter.ts +0 -106
  54. package/src/actor-store/actor-store-reader.ts +0 -45
  55. package/src/actor-store/actor-store-resources.ts +0 -8
  56. package/src/actor-store/actor-store-transactor.ts +0 -31
  57. package/src/actor-store/actor-store-writer.ts +0 -17
  58. package/src/actor-store/actor-store.ts +0 -210
  59. package/src/actor-store/blob/reader.ts +0 -160
  60. package/src/actor-store/blob/transactor.ts +0 -383
  61. package/src/actor-store/db/index.ts +0 -20
  62. package/src/actor-store/db/migrations/001-init.ts +0 -105
  63. package/src/actor-store/db/migrations/index.ts +0 -5
  64. package/src/actor-store/db/schema/account-pref.ts +0 -11
  65. package/src/actor-store/db/schema/backlink.ts +0 -9
  66. package/src/actor-store/db/schema/blob.ts +0 -14
  67. package/src/actor-store/db/schema/index.ts +0 -23
  68. package/src/actor-store/db/schema/record-blob.ts +0 -8
  69. package/src/actor-store/db/schema/record.ts +0 -14
  70. package/src/actor-store/db/schema/repo-block.ts +0 -10
  71. package/src/actor-store/db/schema/repo-root.ts +0 -10
  72. package/src/actor-store/migrate.ts +0 -39
  73. package/src/actor-store/preference/reader.ts +0 -48
  74. package/src/actor-store/preference/transactor.ts +0 -55
  75. package/src/actor-store/preference/util.ts +0 -39
  76. package/src/actor-store/record/reader.ts +0 -374
  77. package/src/actor-store/record/transactor.ts +0 -111
  78. package/src/actor-store/repo/reader.ts +0 -31
  79. package/src/actor-store/repo/sql-repo-reader.ts +0 -150
  80. package/src/actor-store/repo/sql-repo-transactor.ts +0 -105
  81. package/src/actor-store/repo/transactor.ts +0 -227
  82. package/src/api/app/bsky/actor/getPreferences.ts +0 -57
  83. package/src/api/app/bsky/actor/getProfile.ts +0 -41
  84. package/src/api/app/bsky/actor/getProfiles.ts +0 -51
  85. package/src/api/app/bsky/actor/index.ts +0 -13
  86. package/src/api/app/bsky/actor/putPreferences.ts +0 -62
  87. package/src/api/app/bsky/feed/getActorLikes.ts +0 -63
  88. package/src/api/app/bsky/feed/getAuthorFeed.ts +0 -84
  89. package/src/api/app/bsky/feed/getFeed.ts +0 -47
  90. package/src/api/app/bsky/feed/getPostThread.ts +0 -251
  91. package/src/api/app/bsky/feed/getTimeline.ts +0 -50
  92. package/src/api/app/bsky/feed/index.ts +0 -15
  93. package/src/api/app/bsky/index.ts +0 -11
  94. package/src/api/app/bsky/notification/index.ts +0 -7
  95. package/src/api/app/bsky/notification/registerPush.ts +0 -71
  96. package/src/api/app/bsky/util/resolver.ts +0 -20
  97. package/src/api/com/atproto/admin/deleteAccount.ts +0 -22
  98. package/src/api/com/atproto/admin/disableAccountInvites.ts +0 -18
  99. package/src/api/com/atproto/admin/disableInviteCodes.ts +0 -21
  100. package/src/api/com/atproto/admin/enableAccountInvites.ts +0 -18
  101. package/src/api/com/atproto/admin/getAccountInfo.ts +0 -32
  102. package/src/api/com/atproto/admin/getAccountInfos.ts +0 -34
  103. package/src/api/com/atproto/admin/getInviteCodes.ts +0 -126
  104. package/src/api/com/atproto/admin/getSubjectStatus.ts +0 -76
  105. package/src/api/com/atproto/admin/index.ts +0 -31
  106. package/src/api/com/atproto/admin/sendEmail.ts +0 -47
  107. package/src/api/com/atproto/admin/updateAccountEmail.ts +0 -32
  108. package/src/api/com/atproto/admin/updateAccountHandle.ts +0 -47
  109. package/src/api/com/atproto/admin/updateAccountPassword.ts +0 -34
  110. package/src/api/com/atproto/admin/updateSubjectStatus.ts +0 -68
  111. package/src/api/com/atproto/admin/util.ts +0 -66
  112. package/src/api/com/atproto/identity/getRecommendedDidCredentials.ts +0 -50
  113. package/src/api/com/atproto/identity/index.ts +0 -17
  114. package/src/api/com/atproto/identity/requestPlcOperationSignature.ts +0 -59
  115. package/src/api/com/atproto/identity/resolveHandle.ts +0 -50
  116. package/src/api/com/atproto/identity/signPlcOperation.ts +0 -85
  117. package/src/api/com/atproto/identity/submitPlcOperation.ts +0 -65
  118. package/src/api/com/atproto/identity/updateHandle.ts +0 -66
  119. package/src/api/com/atproto/index.ts +0 -19
  120. package/src/api/com/atproto/moderation/createReport.ts +0 -41
  121. package/src/api/com/atproto/moderation/index.ts +0 -7
  122. package/src/api/com/atproto/repo/applyWrites.ts +0 -226
  123. package/src/api/com/atproto/repo/createRecord.ts +0 -143
  124. package/src/api/com/atproto/repo/deleteRecord.ts +0 -122
  125. package/src/api/com/atproto/repo/describeRepo.ts +0 -43
  126. package/src/api/com/atproto/repo/getRecord.ts +0 -40
  127. package/src/api/com/atproto/repo/importRepo.ts +0 -101
  128. package/src/api/com/atproto/repo/index.ts +0 -25
  129. package/src/api/com/atproto/repo/listMissingBlobs.ts +0 -29
  130. package/src/api/com/atproto/repo/listRecords.ts +0 -36
  131. package/src/api/com/atproto/repo/putRecord.ts +0 -211
  132. package/src/api/com/atproto/repo/uploadBlob.ts +0 -60
  133. package/src/api/com/atproto/server/activateAccount.ts +0 -37
  134. package/src/api/com/atproto/server/checkAccountStatus.ts +0 -51
  135. package/src/api/com/atproto/server/confirmEmail.ts +0 -39
  136. package/src/api/com/atproto/server/createAccount.ts +0 -327
  137. package/src/api/com/atproto/server/createAppPassword.ts +0 -53
  138. package/src/api/com/atproto/server/createInviteCode.ts +0 -38
  139. package/src/api/com/atproto/server/createInviteCodes.ts +0 -42
  140. package/src/api/com/atproto/server/createSession.ts +0 -97
  141. package/src/api/com/atproto/server/deactivateAccount.ts +0 -41
  142. package/src/api/com/atproto/server/deleteAccount.ts +0 -85
  143. package/src/api/com/atproto/server/deleteSession.ts +0 -23
  144. package/src/api/com/atproto/server/describeServer.ts +0 -29
  145. package/src/api/com/atproto/server/getAccountInviteCodes.ts +0 -142
  146. package/src/api/com/atproto/server/getServiceAuth.ts +0 -111
  147. package/src/api/com/atproto/server/getSession.ts +0 -80
  148. package/src/api/com/atproto/server/index.ts +0 -55
  149. package/src/api/com/atproto/server/listAppPasswords.ts +0 -45
  150. package/src/api/com/atproto/server/refreshSession.ts +0 -72
  151. package/src/api/com/atproto/server/requestAccountDelete.ts +0 -66
  152. package/src/api/com/atproto/server/requestEmailConfirmation.ts +0 -68
  153. package/src/api/com/atproto/server/requestEmailUpdate.ts +0 -86
  154. package/src/api/com/atproto/server/requestPasswordReset.ts +0 -52
  155. package/src/api/com/atproto/server/reserveSigningKey.ts +0 -15
  156. package/src/api/com/atproto/server/resetPassword.ts +0 -50
  157. package/src/api/com/atproto/server/revokeAppPassword.ts +0 -42
  158. package/src/api/com/atproto/server/updateEmail.ts +0 -52
  159. package/src/api/com/atproto/server/util.ts +0 -136
  160. package/src/api/com/atproto/sync/deprecated/getCheckout.ts +0 -27
  161. package/src/api/com/atproto/sync/deprecated/getHead.ts +0 -33
  162. package/src/api/com/atproto/sync/getBlob.ts +0 -61
  163. package/src/api/com/atproto/sync/getBlocks.ts +0 -37
  164. package/src/api/com/atproto/sync/getLatestCommit.ts +0 -33
  165. package/src/api/com/atproto/sync/getRecord.ts +0 -49
  166. package/src/api/com/atproto/sync/getRepo.ts +0 -75
  167. package/src/api/com/atproto/sync/getRepoStatus.ts +0 -34
  168. package/src/api/com/atproto/sync/index.ts +0 -27
  169. package/src/api/com/atproto/sync/listBlobs.ts +0 -33
  170. package/src/api/com/atproto/sync/listRepos.ts +0 -74
  171. package/src/api/com/atproto/sync/subscribeRepos.ts +0 -73
  172. package/src/api/com/atproto/sync/util.ts +0 -37
  173. package/src/api/com/atproto/temp/checkSignupQueue.ts +0 -34
  174. package/src/api/com/atproto/temp/index.ts +0 -7
  175. package/src/api/index.ts +0 -10
  176. package/src/api/proxy.ts +0 -44
  177. package/src/app-view.ts +0 -24
  178. package/src/auth-output.ts +0 -52
  179. package/src/auth-routes.ts +0 -64
  180. package/src/auth-scope.ts +0 -40
  181. package/src/auth-verifier.ts +0 -668
  182. package/src/background.ts +0 -65
  183. package/src/basic-routes.ts +0 -52
  184. package/src/bsky-app-view.ts +0 -33
  185. package/src/config/config.ts +0 -553
  186. package/src/config/env.ts +0 -167
  187. package/src/config/index.ts +0 -3
  188. package/src/config/secrets.ts +0 -54
  189. package/src/context.ts +0 -523
  190. package/src/crawlers.ts +0 -46
  191. package/src/db/cast.ts +0 -52
  192. package/src/db/db.ts +0 -140
  193. package/src/db/index.ts +0 -4
  194. package/src/db/migrator.ts +0 -40
  195. package/src/db/pagination.ts +0 -132
  196. package/src/db/tables/moderation.ts +0 -80
  197. package/src/db/util.ts +0 -108
  198. package/src/did-cache/db/index.ts +0 -21
  199. package/src/did-cache/db/migrations.ts +0 -17
  200. package/src/did-cache/db/schema.ts +0 -9
  201. package/src/did-cache/index.ts +0 -131
  202. package/src/disk-blobstore.ts +0 -172
  203. package/src/error.ts +0 -19
  204. package/src/handle/explicit-slurs.ts +0 -22
  205. package/src/handle/index.ts +0 -49
  206. package/src/handle/reserved.ts +0 -1059
  207. package/src/image/image-url-builder.ts +0 -16
  208. package/src/index.ts +0 -189
  209. package/src/lexicons.ts +0 -4
  210. package/src/logger.ts +0 -35
  211. package/src/mailer/index.ts +0 -111
  212. package/src/mailer/moderation.ts +0 -33
  213. package/src/mailer/templates/confirm-email.d.ts +0 -4
  214. package/src/mailer/templates/confirm-email.hbs +0 -158
  215. package/src/mailer/templates/delete-account.d.ts +0 -4
  216. package/src/mailer/templates/delete-account.hbs +0 -156
  217. package/src/mailer/templates/plc-operation.d.ts +0 -4
  218. package/src/mailer/templates/plc-operation.hbs +0 -153
  219. package/src/mailer/templates/reset-password.d.ts +0 -4
  220. package/src/mailer/templates/reset-password.hbs +0 -154
  221. package/src/mailer/templates/update-email.d.ts +0 -4
  222. package/src/mailer/templates/update-email.hbs +0 -153
  223. package/src/mailer/templates.ts +0 -17
  224. package/src/pipethrough.ts +0 -716
  225. package/src/rate-limits.ts +0 -59
  226. package/src/read-after-write/index.ts +0 -3
  227. package/src/read-after-write/types.ts +0 -35
  228. package/src/read-after-write/util.ts +0 -101
  229. package/src/read-after-write/viewer.ts +0 -290
  230. package/src/redis.ts +0 -25
  231. package/src/repo/index.ts +0 -2
  232. package/src/repo/prepare.ts +0 -266
  233. package/src/repo/types.ts +0 -65
  234. package/src/scripts/README.md +0 -40
  235. package/src/scripts/index.ts +0 -20
  236. package/src/scripts/publish-identity.ts +0 -60
  237. package/src/scripts/rebuild-repo.ts +0 -119
  238. package/src/scripts/rotate-keys.ts +0 -146
  239. package/src/scripts/sequencer-recovery/index.ts +0 -23
  240. package/src/scripts/sequencer-recovery/recoverer.ts +0 -297
  241. package/src/scripts/sequencer-recovery/recovery-db.ts +0 -65
  242. package/src/scripts/sequencer-recovery/repair-repos.ts +0 -49
  243. package/src/scripts/sequencer-recovery/user-queues.ts +0 -44
  244. package/src/scripts/util.ts +0 -7
  245. package/src/sequencer/db/index.ts +0 -21
  246. package/src/sequencer/db/migrations/001-init.ts +0 -35
  247. package/src/sequencer/db/migrations/index.ts +0 -5
  248. package/src/sequencer/db/schema.ts +0 -19
  249. package/src/sequencer/events.ts +0 -199
  250. package/src/sequencer/index.ts +0 -3
  251. package/src/sequencer/outbox.ts +0 -123
  252. package/src/sequencer/sequencer.ts +0 -290
  253. package/src/util/compression.ts +0 -16
  254. package/src/util/debug.ts +0 -10
  255. package/src/util/http.ts +0 -31
  256. package/src/util/types.ts +0 -7
  257. package/src/well-known.ts +0 -30
  258. package/test.env +0 -2
  259. package/tests/__snapshots__/takedown-appeal.test.ts.snap +0 -43
  260. package/tests/_oauth_client_assets_middleware.ts +0 -23
  261. package/tests/_puppeteer.ts +0 -147
  262. package/tests/_types.d.ts +0 -16
  263. package/tests/_util.ts +0 -191
  264. package/tests/account-deactivation.test.ts +0 -204
  265. package/tests/account-deletion.test.ts +0 -300
  266. package/tests/account-manager.test.ts +0 -462
  267. package/tests/account-migration.test.ts +0 -221
  268. package/tests/account-status.test.ts +0 -206
  269. package/tests/account.test.ts +0 -595
  270. package/tests/app-passwords.test.ts +0 -262
  271. package/tests/auth.test.ts +0 -405
  272. package/tests/blob-deletes.test.ts +0 -204
  273. package/tests/create-post.test.ts +0 -79
  274. package/tests/crud.test.ts +0 -1595
  275. package/tests/db.test.ts +0 -170
  276. package/tests/email-confirmation.test.ts +0 -227
  277. package/tests/entryway-mock.ts +0 -323
  278. package/tests/entryway.test.ts +0 -145
  279. package/tests/file-uploads.test.ts +0 -301
  280. package/tests/get-service-auth.test.ts +0 -81
  281. package/tests/handle-validation.test.ts +0 -56
  282. package/tests/handles.test.ts +0 -274
  283. package/tests/invite-codes.test.ts +0 -367
  284. package/tests/invites-admin.test.ts +0 -252
  285. package/tests/moderation.test.ts +0 -280
  286. package/tests/moderator-auth.test.ts +0 -177
  287. package/tests/oauth.test.ts +0 -334
  288. package/tests/plc-operations.test.ts +0 -239
  289. package/tests/preferences.test.ts +0 -352
  290. package/tests/proxied/__snapshots__/admin.test.ts.snap +0 -516
  291. package/tests/proxied/__snapshots__/feedgen.test.ts.snap +0 -215
  292. package/tests/proxied/__snapshots__/views.test.ts.snap +0 -4456
  293. package/tests/proxied/admin.test.ts +0 -340
  294. package/tests/proxied/feedgen.test.ts +0 -66
  295. package/tests/proxied/notif.test.ts +0 -85
  296. package/tests/proxied/procedures.test.ts +0 -175
  297. package/tests/proxied/proxy-catchall.test.ts +0 -256
  298. package/tests/proxied/proxy-header.test.ts +0 -239
  299. package/tests/proxied/proxy-oauth-aud.test.ts +0 -182
  300. package/tests/proxied/read-after-write.test.ts +0 -382
  301. package/tests/proxied/views.test.ts +0 -608
  302. package/tests/races.test.ts +0 -89
  303. package/tests/rate-limits.test.ts +0 -70
  304. package/tests/recovery.test.ts +0 -180
  305. package/tests/seeds/basic.ts +0 -165
  306. package/tests/seeds/follows.ts +0 -57
  307. package/tests/seeds/likes.ts +0 -14
  308. package/tests/seeds/reposts.ts +0 -18
  309. package/tests/seeds/thread.ts +0 -40
  310. package/tests/seeds/users-bulk.ts +0 -246
  311. package/tests/seeds/users.ts +0 -67
  312. package/tests/sequencer.test.ts +0 -251
  313. package/tests/server.test.ts +0 -151
  314. package/tests/sync/invertible-ops.test.ts +0 -99
  315. package/tests/sync/list.test.ts +0 -43
  316. package/tests/sync/subscribe-repos.test.ts +0 -672
  317. package/tests/sync/sync.test.ts +0 -316
  318. package/tests/takedown-appeal.test.ts +0 -166
  319. package/tsconfig.build.json +0 -9
  320. package/tsconfig.build.tsbuildinfo +0 -1
  321. package/tsconfig.json +0 -7
  322. package/tsconfig.tests.json +0 -8
@@ -1,256 +0,0 @@
1
- import { once } from 'node:events'
2
- import http from 'node:http'
3
- import { AddressInfo } from 'node:net'
4
- import { setTimeout as sleep } from 'node:timers/promises'
5
- import * as plc from '@did-plc/lib'
6
- import express from 'express'
7
- // eslint-disable-next-line import/default
8
- import httpTerminator from 'http-terminator'
9
- import AtpAgent from '@atproto/api'
10
- import { Keypair } from '@atproto/crypto'
11
- import { TestNetworkNoAppView } from '@atproto/dev-env'
12
- import { LexiconDocument } from '@atproto/lex-document'
13
-
14
- const lexicons = [
15
- {
16
- lexicon: 1,
17
- id: 'com.example.ok',
18
- defs: {
19
- main: {
20
- type: 'query',
21
- output: {
22
- encoding: 'application/json',
23
- schema: { type: 'object', properties: { foo: { type: 'string' } } },
24
- },
25
- },
26
- },
27
- },
28
- {
29
- lexicon: 1,
30
- id: 'com.example.slow',
31
- defs: {
32
- main: {
33
- type: 'query',
34
- output: {
35
- encoding: 'application/json',
36
- schema: { type: 'object', properties: { foo: { type: 'string' } } },
37
- },
38
- },
39
- },
40
- },
41
- {
42
- lexicon: 1,
43
- id: 'com.example.abort',
44
- defs: {
45
- main: {
46
- type: 'query',
47
- output: {
48
- encoding: 'application/json',
49
- schema: { type: 'object', properties: { foo: { type: 'string' } } },
50
- },
51
- },
52
- },
53
- },
54
- {
55
- lexicon: 1,
56
- id: 'com.example.error',
57
- defs: {
58
- main: {
59
- type: 'query',
60
- output: {
61
- encoding: 'application/json',
62
- schema: { type: 'object', properties: { foo: { type: 'string' } } },
63
- },
64
- },
65
- },
66
- },
67
- ] as const satisfies LexiconDocument[]
68
-
69
- describe('proxy header', () => {
70
- let network: TestNetworkNoAppView
71
- let alice: AtpAgent
72
-
73
- let proxyServer: ProxyServer
74
-
75
- beforeAll(async () => {
76
- network = await TestNetworkNoAppView.create({
77
- dbPostgresSchema: 'proxy_catchall',
78
- })
79
-
80
- const serviceId = 'proxy_test'
81
-
82
- proxyServer = await ProxyServer.create(
83
- network.pds.ctx.plcClient,
84
- network.pds.ctx.plcRotationKey,
85
- serviceId,
86
- )
87
-
88
- alice = network.pds.getAgent().withProxy(serviceId, proxyServer.did)
89
-
90
- for (const lex of lexicons) alice.lex.add(lex)
91
-
92
- await alice.createAccount({
93
- email: 'alice@test.com',
94
- handle: 'alice.test',
95
- password: 'alice-pass',
96
- })
97
- await network.processAll()
98
- })
99
-
100
- afterAll(async () => {
101
- await proxyServer?.close()
102
- await network?.close()
103
- })
104
-
105
- it('rejects when upstream unavailable', async () => {
106
- const serviceId = 'foo_bar'
107
-
108
- const proxyServer = await ProxyServer.create(
109
- network.pds.ctx.plcClient,
110
- network.pds.ctx.plcRotationKey,
111
- serviceId,
112
- )
113
-
114
- // Make sure the service is not available
115
- await proxyServer.close()
116
-
117
- const client = alice.withProxy(serviceId, proxyServer.did)
118
- for (const lex of lexicons) client.lex.add(lex)
119
-
120
- await expect(client.call('com.example.ok')).rejects.toThrow(
121
- 'Upstream service unreachable',
122
- )
123
- })
124
-
125
- it('successfully proxies requests', async () => {
126
- await expect(alice.call('com.example.ok')).resolves.toMatchObject({
127
- data: { foo: 'ok' },
128
- success: true,
129
- })
130
- })
131
-
132
- it('handles cancelled upstream requests', async () => {
133
- await expect(alice.call('com.example.abort')).rejects.toThrow('terminated')
134
- })
135
-
136
- it('handles failing upstream requests', async () => {
137
- await expect(alice.call('com.example.error')).rejects.toThrow(
138
- expect.objectContaining({
139
- status: 502,
140
- error: 'FooBar',
141
- message: 'My message',
142
- }),
143
- )
144
- })
145
-
146
- it('handles cancelled downstream requests', async () => {
147
- const ac = new AbortController()
148
-
149
- setTimeout(() => ac.abort(), 20)
150
-
151
- await expect(
152
- alice.call('com.example.slow', {}, undefined, { signal: ac.signal }),
153
- ).rejects.toThrow('This operation was aborted')
154
-
155
- await expect(alice.call('com.example.slow')).resolves.toMatchObject({
156
- data: { foo: 'slow' },
157
- success: true,
158
- })
159
- })
160
- })
161
-
162
- class ProxyServer {
163
- private terminator: httpTerminator.HttpTerminator
164
-
165
- constructor(
166
- server: http.Server,
167
- public did: string,
168
- ) {
169
- this.terminator = httpTerminator.createHttpTerminator({ server })
170
- }
171
-
172
- static async create(
173
- plcClient: plc.Client,
174
- keypair: Keypair,
175
- serviceId: string,
176
- ): Promise<ProxyServer> {
177
- const app = express()
178
-
179
- app.get('/xrpc/com.example.ok', (req, res) => {
180
- res.status(200)
181
- res.setHeader('content-type', 'application/json')
182
- res.send('{"foo":"ok"}')
183
- })
184
-
185
- app.get('/xrpc/com.example.slow', async (req, res) => {
186
- const wait = async (ms: number) => {
187
- if (res.destroyed) return
188
- const ac = new AbortController()
189
- const abort = () => ac.abort()
190
- res.on('close', abort)
191
- try {
192
- await sleep(ms, undefined, { signal: ac.signal })
193
- } finally {
194
- res.off('close', abort)
195
- }
196
- }
197
-
198
- await wait(50)
199
-
200
- res.status(200)
201
- res.setHeader('content-type', 'application/json')
202
- res.flushHeaders()
203
-
204
- await wait(50)
205
-
206
- for (const char of '{"foo":"slow"}') {
207
- res.write(char)
208
- await wait(10)
209
- }
210
-
211
- res.end()
212
- })
213
-
214
- app.get('/xrpc/com.example.abort', async (req, res) => {
215
- res.status(200)
216
- res.setHeader('content-type', 'application/json')
217
- res.write('{"foo"')
218
- await sleep(50)
219
- res.destroy(new Error('abort'))
220
- })
221
-
222
- app.get('/xrpc/com.example.error', async (req, res) => {
223
- res.status(500).json({ error: 'FooBar', message: 'My message' })
224
- })
225
-
226
- const server = app.listen(0)
227
- server.keepAliveTimeout = 30 * 1000
228
- server.headersTimeout = 35 * 1000
229
- await once(server, 'listening')
230
- const { port } = server.address() as AddressInfo
231
-
232
- const plcOp = await plc.signOperation(
233
- {
234
- type: 'plc_operation',
235
- rotationKeys: [keypair.did()],
236
- alsoKnownAs: [],
237
- verificationMethods: {},
238
- services: {
239
- [serviceId]: {
240
- type: 'TestAtprotoService',
241
- endpoint: `http://localhost:${port}`,
242
- },
243
- },
244
- prev: null,
245
- },
246
- keypair,
247
- )
248
- const did = await plc.didForCreateOp(plcOp)
249
- await plcClient.sendOperation(did, plcOp)
250
- return new ProxyServer(server, did)
251
- }
252
-
253
- async close() {
254
- await this.terminator.terminate()
255
- }
256
- }
@@ -1,239 +0,0 @@
1
- import assert from 'node:assert'
2
- import { once } from 'node:events'
3
- import http from 'node:http'
4
- import { AddressInfo } from 'node:net'
5
- import * as plc from '@did-plc/lib'
6
- import express from 'express'
7
- // eslint-disable-next-line import/default
8
- import httpTerminator from 'http-terminator'
9
- import { Keypair } from '@atproto/crypto'
10
- import { SeedClient, TestNetworkNoAppView, usersSeed } from '@atproto/dev-env'
11
- import type { DidString } from '@atproto/syntax'
12
- import { verifyJwt } from '@atproto/xrpc-server'
13
- import { parseProxyHeader } from '../../src/pipethrough.js'
14
-
15
- describe('proxy header', () => {
16
- let network: TestNetworkNoAppView
17
- let sc: SeedClient
18
-
19
- let alice: DidString
20
-
21
- let proxyServer: ProxyServer
22
-
23
- beforeAll(async () => {
24
- network = await TestNetworkNoAppView.create({
25
- dbPostgresSchema: 'proxy_header',
26
- })
27
- sc = network.getSeedClient()
28
- await usersSeed(sc)
29
-
30
- proxyServer = await ProxyServer.create(
31
- network.pds.ctx.plcClient,
32
- network.pds.ctx.plcRotationKey,
33
- 'atproto_test',
34
- )
35
-
36
- alice = sc.dids.alice
37
- await network.processAll()
38
- }, 20_000) // @NOTE seeding can take a while
39
-
40
- afterAll(async () => {
41
- await proxyServer?.close()
42
- await network?.close()
43
- })
44
-
45
- it('parses proxy header', async () => {
46
- expect(parseProxyHeader(network.pds.ctx, `#atproto_test`)).rejects.toThrow(
47
- 'no did specified in proxy header',
48
- )
49
-
50
- expect(
51
- parseProxyHeader(network.pds.ctx, `${proxyServer.did}#atproto_test#foo`),
52
- ).rejects.toThrow('invalid proxy header format')
53
-
54
- expect(
55
- parseProxyHeader(network.pds.ctx, `${proxyServer.did}#atproto_test `),
56
- ).rejects.toThrow('proxy header cannot contain spaces')
57
-
58
- expect(
59
- parseProxyHeader(network.pds.ctx, ` ${proxyServer.did}#atproto_test`),
60
- ).rejects.toThrow('proxy header cannot contain spaces')
61
-
62
- expect(parseProxyHeader(network.pds.ctx, `did:foo#bar`)).rejects.toThrow(
63
- 'Poorly formatted DID: did:foo',
64
- )
65
-
66
- expect(
67
- parseProxyHeader(network.pds.ctx, `did:foo:bar#baz`),
68
- ).rejects.toThrow('Unsupported DID method: did:foo:bar')
69
-
70
- expect(
71
- parseProxyHeader(network.pds.ctx, `did:toString:foo#bar`),
72
- ).rejects.toThrow('Unsupported DID method: did:toString:foo')
73
-
74
- expect(parseProxyHeader(network.pds.ctx, `foo#bar`)).rejects.toThrow(
75
- 'Poorly formatted DID: foo',
76
- )
77
-
78
- expect(
79
- parseProxyHeader(network.pds.ctx, `${proxyServer.did}#atproto_test`),
80
- ).resolves.toEqual({
81
- did: proxyServer.did,
82
- url: proxyServer.url,
83
- serviceId: 'atproto_test',
84
- })
85
- })
86
-
87
- it('proxies requests based on header', async () => {
88
- const path = `/xrpc/app.bsky.actor.getProfile?actor=${alice}`
89
- await fetch(`${network.pds.url}${path}`, {
90
- headers: {
91
- ...sc.getHeaders(alice),
92
- 'atproto-proxy': `${proxyServer.did}#atproto_test`,
93
- },
94
- })
95
- const req = proxyServer.requests.at(-1)
96
- assert(req)
97
- expect(req.url).toEqual(path)
98
- assert(req.auth)
99
- const verified = await verifyJwt(
100
- req.auth.replace('Bearer ', ''),
101
- proxyServer.did,
102
- 'app.bsky.actor.getProfile',
103
- (iss) => network.pds.ctx.idResolver.did.resolveAtprotoKey(iss, true),
104
- )
105
- expect(verified.aud).toBe(proxyServer.did)
106
- expect(verified.iss).toBe(alice)
107
- })
108
-
109
- it('fails on a non-existant did', async () => {
110
- const path = `/xrpc/app.bsky.actor.getProfile?actor=${alice}`
111
- const response = await fetch(`${network.pds.url}${path}`, {
112
- headers: {
113
- ...sc.getHeaders(alice),
114
- 'atproto-proxy': `did:plc:12345678123456781234578#atproto_test`,
115
- },
116
- })
117
-
118
- await expect(response.json()).resolves.toMatchObject({
119
- message: 'could not resolve proxy did',
120
- })
121
-
122
- expect(proxyServer.requests.length).toBe(1)
123
- })
124
-
125
- it('fails when a service is not specified', async () => {
126
- const path = `/xrpc/app.bsky.actor.getProfile?actor=${alice}`
127
- const response = await fetch(`${network.pds.url}${path}`, {
128
- headers: {
129
- ...sc.getHeaders(alice),
130
- 'atproto-proxy': proxyServer.did,
131
- },
132
- })
133
-
134
- await expect(response.json()).resolves.toMatchObject({
135
- message: 'no service id specified in proxy header',
136
- })
137
-
138
- expect(proxyServer.requests.length).toBe(1)
139
- })
140
-
141
- it('fails on a non-existant service', async () => {
142
- const path = `/xrpc/app.bsky.actor.getProfile?actor=${alice}`
143
- const response = await fetch(`${network.pds.url}${path}`, {
144
- headers: {
145
- ...sc.getHeaders(alice),
146
- 'atproto-proxy': `${proxyServer.did}#atproto_bad`,
147
- },
148
- })
149
-
150
- await expect(response.json()).resolves.toMatchObject({
151
- message: 'could not resolve proxy did service url',
152
- })
153
-
154
- expect(proxyServer.requests.length).toBe(1)
155
- })
156
-
157
- it('handles failing manual pipethroughs', async () => {
158
- // This is a PDS endpoint which uses a manual pipethrough() in its handler
159
- const path = '/xrpc/app.bsky.actor.getPreferences'
160
- const res = await fetch(`${network.pds.url}${path}`, {
161
- headers: {
162
- ...sc.getHeaders(alice),
163
- 'atproto-proxy': `${proxyServer.did}#atproto_test`,
164
- },
165
- })
166
- await res.arrayBuffer() // drain
167
- expect(res.status).toBe(501)
168
- })
169
- })
170
-
171
- type ProxyReq = {
172
- url: string
173
- auth: string | undefined
174
- }
175
-
176
- class ProxyServer {
177
- private terminator: httpTerminator.HttpTerminator
178
-
179
- constructor(
180
- server: http.Server,
181
- public url: string,
182
- public did: string,
183
- public requests: ProxyReq[],
184
- ) {
185
- this.terminator = httpTerminator.createHttpTerminator({ server })
186
- }
187
-
188
- static async create(
189
- plcClient: plc.Client,
190
- keypair: Keypair,
191
- serviceId: string,
192
- ): Promise<ProxyServer> {
193
- const requests: ProxyReq[] = []
194
- const app = express()
195
-
196
- // This is a PDS endpoint which uses a manual pipethrough() in its handler
197
- app.get('/xrpc/app.bsky.actor.getPreferences', (req, res) => {
198
- res.sendStatus(501)
199
- })
200
-
201
- app.get('*', (req, res) => {
202
- requests.push({
203
- url: req.url,
204
- auth: req.header('authorization'),
205
- })
206
- res.sendStatus(200)
207
- })
208
-
209
- const server = app.listen(0)
210
- await once(server, 'listening')
211
-
212
- const { port } = server.address() as AddressInfo
213
-
214
- const url = `http://localhost:${port}`
215
- const plcOp = await plc.signOperation(
216
- {
217
- type: 'plc_operation',
218
- rotationKeys: [keypair.did()],
219
- alsoKnownAs: [],
220
- verificationMethods: {},
221
- services: {
222
- [serviceId]: {
223
- type: 'TestAtprotoService',
224
- endpoint: url,
225
- },
226
- },
227
- prev: null,
228
- },
229
- keypair,
230
- )
231
- const did = await plc.didForCreateOp(plcOp)
232
- await plcClient.sendOperation(did, plcOp)
233
- return new ProxyServer(server, url, did, requests)
234
- }
235
-
236
- async close(): Promise<void> {
237
- await this.terminator.terminate()
238
- }
239
- }
@@ -1,182 +0,0 @@
1
- import { once } from 'node:events'
2
- import http from 'node:http'
3
- import { AddressInfo } from 'node:net'
4
- import * as plc from '@did-plc/lib'
5
- import express from 'express'
6
- // eslint-disable-next-line import/default
7
- import httpTerminator from 'http-terminator'
8
- import { Keypair } from '@atproto/crypto'
9
- import { SeedClient, TestNetworkNoAppView, usersSeed } from '@atproto/dev-env'
10
- import { ScopePermissions } from '@atproto/oauth-scopes'
11
- import { DidString } from '@atproto/syntax'
12
- import { AppContext } from '../../src/context.js'
13
- import { proxyHandler } from '../../src/pipethrough.js'
14
-
15
- // Regression test for the OAuth service-proxying audience fix.
16
- //
17
- // Before the fix, proxyHandler passed a bare DID as `aud` to the rpc scope
18
- // check. An OAuth caller granted `rpc:<lxm>?aud=<did>#<serviceId>` (the
19
- // canonical scope shape used in atproto OAuth) had no way to match, so
20
- // proxied calls failed at the scope check. The fix combines the proxied
21
- // service id into the scope-check audience as `<did>#<serviceId>`.
22
- //
23
- // We use a real PDS AppContext (so every field is real-typed). Only the
24
- // `authVerifier.authorization` method is replaced, with a thin stub that
25
- // drives the OAuth path off an `x-test-scope` request header — letting us
26
- // exercise the rpc scope check without minting a real OAuth token. A
27
- // separate express app mounts a fresh proxyHandler against the real ctx
28
- // and forwards to a real upstream ProxyServer.
29
-
30
- describe('proxy oauth audience', () => {
31
- let network: TestNetworkNoAppView
32
- let sc: SeedClient
33
- let alice: string
34
- let upstream: ProxyServer
35
- let terminator: httpTerminator.HttpTerminator
36
- let serverUrl: string
37
-
38
- beforeAll(async () => {
39
- network = await TestNetworkNoAppView.create({
40
- dbPostgresSchema: 'proxy_oauth_aud',
41
- })
42
- sc = network.getSeedClient()
43
- await usersSeed(sc)
44
- alice = sc.dids.alice
45
- upstream = await ProxyServer.create(
46
- network.pds.ctx.plcClient,
47
- network.pds.ctx.plcRotationKey,
48
- 'atproto_test',
49
- )
50
-
51
- // Replace only the `authorization` method on the real AuthVerifier so
52
- // every other ctx field stays real and real-typed. The override's
53
- // signature is constrained by AuthVerifier['authorization']: an OAuth
54
- // shape change in the real verifier breaks the body of this stub at
55
- // compile time.
56
- const stubAuthorization: typeof network.pds.ctx.authVerifier.authorization =
57
- ({ authorize }) => {
58
- return async (ctx) => {
59
- const scopeHeader = ctx.req.headers['x-test-scope'] as
60
- | string
61
- | undefined
62
- const permissions = new ScopePermissions(
63
- scopeHeader?.split(' ') ?? [],
64
- )
65
- await authorize(permissions, ctx)
66
- return {
67
- credentials: {
68
- type: 'oauth',
69
- did: alice as DidString,
70
- permissions,
71
- },
72
- }
73
- }
74
- }
75
- network.pds.ctx.authVerifier.authorization = stubAuthorization
76
-
77
- const app = express()
78
- // dev-env exports AppContext from its built dist/, while we import
79
- // proxyHandler from src/. Cast at this boundary to bridge the two
80
- // identical shapes; downstream behavior is real.
81
- app.all('/xrpc/*', proxyHandler(network.pds.ctx as unknown as AppContext))
82
- app.use(
83
- (
84
- err: Error & { status?: number; statusCode?: number },
85
- _req: express.Request,
86
- res: express.Response,
87
- _next: express.NextFunction,
88
- ) => {
89
- if (res.headersSent) return
90
- res.status(err.status ?? err.statusCode ?? 500).end()
91
- },
92
- )
93
- const server = app.listen(0)
94
- await once(server, 'listening')
95
- terminator = httpTerminator.createHttpTerminator({ server })
96
- serverUrl = `http://localhost:${(server.address() as AddressInfo).port}`
97
- })
98
-
99
- afterAll(async () => {
100
- await Promise.all([
101
- terminator?.terminate(),
102
- upstream?.close(),
103
- network?.close(),
104
- ])
105
- })
106
-
107
- it('matches an OAuth rpc scope granted with combined did#serviceId aud', async () => {
108
- // Pre-fix this would have rejected because the scope check received
109
- // bare-DID aud and never matched the combined-form scope. A 200 here
110
- // implies the scope check ran with combined-form aud.
111
- const res = await fetch(`${serverUrl}/xrpc/app.bsky.feed.getFeed`, {
112
- headers: {
113
- 'atproto-proxy': `${upstream.did}#atproto_test`,
114
- 'x-test-scope': `rpc:app.bsky.feed.getFeed?aud=${encodeURIComponent(`${upstream.did}#atproto_test`)}`,
115
- },
116
- })
117
- expect(res.status).toBe(200)
118
- })
119
-
120
- it('rejects an OAuth rpc scope granted for a different service id', async () => {
121
- // Same DID, different service id — both forms parse as valid scope
122
- // audiences, but the runtime aud (`upstream.did#atproto_test`) doesn't
123
- // match the granted aud (`upstream.did#atproto_other`).
124
- const res = await fetch(`${serverUrl}/xrpc/app.bsky.feed.getFeed`, {
125
- headers: {
126
- 'atproto-proxy': `${upstream.did}#atproto_test`,
127
- 'x-test-scope': `rpc:app.bsky.feed.getFeed?aud=${encodeURIComponent(`${upstream.did}#atproto_other`)}`,
128
- },
129
- })
130
- expect([401, 403]).toContain(res.status)
131
- })
132
- })
133
-
134
- class ProxyServer {
135
- private terminator: httpTerminator.HttpTerminator
136
-
137
- constructor(
138
- server: http.Server,
139
- public url: string,
140
- public did: string,
141
- ) {
142
- this.terminator = httpTerminator.createHttpTerminator({ server })
143
- }
144
-
145
- static async create(
146
- plcClient: plc.Client,
147
- keypair: Keypair,
148
- serviceId: string,
149
- ): Promise<ProxyServer> {
150
- const app = express()
151
- app.all('*', (_req, res) => res.sendStatus(200))
152
-
153
- const server = app.listen(0)
154
- await once(server, 'listening')
155
-
156
- const { port } = server.address() as AddressInfo
157
- const url = `http://localhost:${port}`
158
- const plcOp = await plc.signOperation(
159
- {
160
- type: 'plc_operation',
161
- rotationKeys: [keypair.did()],
162
- alsoKnownAs: [],
163
- verificationMethods: {},
164
- services: {
165
- [serviceId]: {
166
- type: 'TestAtprotoService',
167
- endpoint: url,
168
- },
169
- },
170
- prev: null,
171
- },
172
- keypair,
173
- )
174
- const did = await plc.didForCreateOp(plcOp)
175
- await plcClient.sendOperation(did, plcOp)
176
- return new ProxyServer(server, url, did)
177
- }
178
-
179
- close(): Promise<void> {
180
- return this.terminator.terminate()
181
- }
182
- }