@atproto/pds 0.5.12 → 0.5.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (326) hide show
  1. package/CHANGELOG.md +53 -0
  2. package/dist/api/app/bsky/notification/index.d.ts.map +1 -1
  3. package/dist/api/app/bsky/notification/index.js +2 -0
  4. package/dist/api/app/bsky/notification/index.js.map +1 -1
  5. package/dist/api/app/bsky/notification/unregisterPush.d.ts +4 -0
  6. package/dist/api/app/bsky/notification/unregisterPush.d.ts.map +1 -0
  7. package/dist/api/app/bsky/notification/unregisterPush.js +48 -0
  8. package/dist/api/app/bsky/notification/unregisterPush.js.map +1 -0
  9. package/dist/lexicons/app/bsky/actor/defs.defs.d.ts +6 -0
  10. package/dist/lexicons/app/bsky/actor/defs.defs.d.ts.map +1 -1
  11. package/dist/lexicons/app/bsky/actor/defs.defs.js +1 -0
  12. package/dist/lexicons/app/bsky/actor/defs.defs.js.map +1 -1
  13. package/package.json +42 -38
  14. package/build.templates.cjs +0 -22
  15. package/example.env +0 -42
  16. package/jest.config.cjs +0 -27
  17. package/src/account-manager/account-manager.ts +0 -916
  18. package/src/account-manager/db/index.ts +0 -21
  19. package/src/account-manager/db/migrations/001-init.ts +0 -115
  20. package/src/account-manager/db/migrations/002-account-deactivation.ts +0 -17
  21. package/src/account-manager/db/migrations/003-privileged-app-passwords.ts +0 -12
  22. package/src/account-manager/db/migrations/004-oauth.ts +0 -122
  23. package/src/account-manager/db/migrations/005-oauth-account-management.ts +0 -136
  24. package/src/account-manager/db/migrations/006-oauth-permission-sets.ts +0 -20
  25. package/src/account-manager/db/migrations/007-lexicon-failures-index.ts +0 -14
  26. package/src/account-manager/db/migrations/index.ts +0 -17
  27. package/src/account-manager/db/schema/account-device.ts +0 -14
  28. package/src/account-manager/db/schema/account.ts +0 -16
  29. package/src/account-manager/db/schema/actor.ts +0 -17
  30. package/src/account-manager/db/schema/app-password.ts +0 -13
  31. package/src/account-manager/db/schema/authorization-request.ts +0 -30
  32. package/src/account-manager/db/schema/authorized-client.ts +0 -23
  33. package/src/account-manager/db/schema/device.ts +0 -18
  34. package/src/account-manager/db/schema/email-token.ts +0 -19
  35. package/src/account-manager/db/schema/index.ts +0 -43
  36. package/src/account-manager/db/schema/invite-code.ts +0 -24
  37. package/src/account-manager/db/schema/lexicon.ts +0 -15
  38. package/src/account-manager/db/schema/refresh-token.ts +0 -11
  39. package/src/account-manager/db/schema/repo-root.ts +0 -12
  40. package/src/account-manager/db/schema/token.ts +0 -38
  41. package/src/account-manager/db/schema/used-refresh-token.ts +0 -13
  42. package/src/account-manager/helpers/account-device.ts +0 -63
  43. package/src/account-manager/helpers/account.ts +0 -355
  44. package/src/account-manager/helpers/auth.ts +0 -222
  45. package/src/account-manager/helpers/authorization-request.ts +0 -90
  46. package/src/account-manager/helpers/authorized-client.ts +0 -75
  47. package/src/account-manager/helpers/device.ts +0 -47
  48. package/src/account-manager/helpers/email-token.ts +0 -87
  49. package/src/account-manager/helpers/invite.ts +0 -263
  50. package/src/account-manager/helpers/lexicon.ts +0 -67
  51. package/src/account-manager/helpers/password.ts +0 -136
  52. package/src/account-manager/helpers/repo.ts +0 -24
  53. package/src/account-manager/helpers/scrypt.ts +0 -53
  54. package/src/account-manager/helpers/token.ts +0 -158
  55. package/src/account-manager/helpers/used-refresh-token.ts +0 -30
  56. package/src/account-manager/oauth-store.ts +0 -880
  57. package/src/account-manager/scope-reference-getter.ts +0 -106
  58. package/src/actor-store/actor-store-reader.ts +0 -45
  59. package/src/actor-store/actor-store-resources.ts +0 -8
  60. package/src/actor-store/actor-store-transactor.ts +0 -31
  61. package/src/actor-store/actor-store-writer.ts +0 -17
  62. package/src/actor-store/actor-store.ts +0 -210
  63. package/src/actor-store/blob/reader.ts +0 -160
  64. package/src/actor-store/blob/transactor.ts +0 -383
  65. package/src/actor-store/db/index.ts +0 -20
  66. package/src/actor-store/db/migrations/001-init.ts +0 -105
  67. package/src/actor-store/db/migrations/index.ts +0 -5
  68. package/src/actor-store/db/schema/account-pref.ts +0 -11
  69. package/src/actor-store/db/schema/backlink.ts +0 -9
  70. package/src/actor-store/db/schema/blob.ts +0 -14
  71. package/src/actor-store/db/schema/index.ts +0 -23
  72. package/src/actor-store/db/schema/record-blob.ts +0 -8
  73. package/src/actor-store/db/schema/record.ts +0 -14
  74. package/src/actor-store/db/schema/repo-block.ts +0 -10
  75. package/src/actor-store/db/schema/repo-root.ts +0 -10
  76. package/src/actor-store/migrate.ts +0 -39
  77. package/src/actor-store/preference/reader.ts +0 -48
  78. package/src/actor-store/preference/transactor.ts +0 -55
  79. package/src/actor-store/preference/util.ts +0 -39
  80. package/src/actor-store/record/reader.ts +0 -374
  81. package/src/actor-store/record/transactor.ts +0 -111
  82. package/src/actor-store/repo/reader.ts +0 -31
  83. package/src/actor-store/repo/sql-repo-reader.ts +0 -150
  84. package/src/actor-store/repo/sql-repo-transactor.ts +0 -105
  85. package/src/actor-store/repo/transactor.ts +0 -227
  86. package/src/api/app/bsky/actor/getPreferences.ts +0 -57
  87. package/src/api/app/bsky/actor/getProfile.ts +0 -41
  88. package/src/api/app/bsky/actor/getProfiles.ts +0 -51
  89. package/src/api/app/bsky/actor/index.ts +0 -13
  90. package/src/api/app/bsky/actor/putPreferences.ts +0 -62
  91. package/src/api/app/bsky/feed/getActorLikes.ts +0 -63
  92. package/src/api/app/bsky/feed/getAuthorFeed.ts +0 -84
  93. package/src/api/app/bsky/feed/getFeed.ts +0 -47
  94. package/src/api/app/bsky/feed/getPostThread.ts +0 -251
  95. package/src/api/app/bsky/feed/getTimeline.ts +0 -50
  96. package/src/api/app/bsky/feed/index.ts +0 -15
  97. package/src/api/app/bsky/index.ts +0 -11
  98. package/src/api/app/bsky/notification/index.ts +0 -7
  99. package/src/api/app/bsky/notification/registerPush.ts +0 -71
  100. package/src/api/app/bsky/util/resolver.ts +0 -20
  101. package/src/api/com/atproto/admin/deleteAccount.ts +0 -22
  102. package/src/api/com/atproto/admin/disableAccountInvites.ts +0 -18
  103. package/src/api/com/atproto/admin/disableInviteCodes.ts +0 -21
  104. package/src/api/com/atproto/admin/enableAccountInvites.ts +0 -18
  105. package/src/api/com/atproto/admin/getAccountInfo.ts +0 -32
  106. package/src/api/com/atproto/admin/getAccountInfos.ts +0 -34
  107. package/src/api/com/atproto/admin/getInviteCodes.ts +0 -126
  108. package/src/api/com/atproto/admin/getSubjectStatus.ts +0 -76
  109. package/src/api/com/atproto/admin/index.ts +0 -31
  110. package/src/api/com/atproto/admin/sendEmail.ts +0 -47
  111. package/src/api/com/atproto/admin/updateAccountEmail.ts +0 -32
  112. package/src/api/com/atproto/admin/updateAccountHandle.ts +0 -47
  113. package/src/api/com/atproto/admin/updateAccountPassword.ts +0 -34
  114. package/src/api/com/atproto/admin/updateSubjectStatus.ts +0 -68
  115. package/src/api/com/atproto/admin/util.ts +0 -66
  116. package/src/api/com/atproto/identity/getRecommendedDidCredentials.ts +0 -50
  117. package/src/api/com/atproto/identity/index.ts +0 -17
  118. package/src/api/com/atproto/identity/requestPlcOperationSignature.ts +0 -59
  119. package/src/api/com/atproto/identity/resolveHandle.ts +0 -50
  120. package/src/api/com/atproto/identity/signPlcOperation.ts +0 -85
  121. package/src/api/com/atproto/identity/submitPlcOperation.ts +0 -65
  122. package/src/api/com/atproto/identity/updateHandle.ts +0 -66
  123. package/src/api/com/atproto/index.ts +0 -19
  124. package/src/api/com/atproto/moderation/createReport.ts +0 -41
  125. package/src/api/com/atproto/moderation/index.ts +0 -7
  126. package/src/api/com/atproto/repo/applyWrites.ts +0 -226
  127. package/src/api/com/atproto/repo/createRecord.ts +0 -143
  128. package/src/api/com/atproto/repo/deleteRecord.ts +0 -122
  129. package/src/api/com/atproto/repo/describeRepo.ts +0 -43
  130. package/src/api/com/atproto/repo/getRecord.ts +0 -40
  131. package/src/api/com/atproto/repo/importRepo.ts +0 -101
  132. package/src/api/com/atproto/repo/index.ts +0 -25
  133. package/src/api/com/atproto/repo/listMissingBlobs.ts +0 -29
  134. package/src/api/com/atproto/repo/listRecords.ts +0 -36
  135. package/src/api/com/atproto/repo/putRecord.ts +0 -211
  136. package/src/api/com/atproto/repo/uploadBlob.ts +0 -60
  137. package/src/api/com/atproto/server/activateAccount.ts +0 -37
  138. package/src/api/com/atproto/server/checkAccountStatus.ts +0 -51
  139. package/src/api/com/atproto/server/confirmEmail.ts +0 -39
  140. package/src/api/com/atproto/server/createAccount.ts +0 -327
  141. package/src/api/com/atproto/server/createAppPassword.ts +0 -53
  142. package/src/api/com/atproto/server/createInviteCode.ts +0 -38
  143. package/src/api/com/atproto/server/createInviteCodes.ts +0 -42
  144. package/src/api/com/atproto/server/createSession.ts +0 -97
  145. package/src/api/com/atproto/server/deactivateAccount.ts +0 -41
  146. package/src/api/com/atproto/server/deleteAccount.ts +0 -85
  147. package/src/api/com/atproto/server/deleteSession.ts +0 -23
  148. package/src/api/com/atproto/server/describeServer.ts +0 -29
  149. package/src/api/com/atproto/server/getAccountInviteCodes.ts +0 -142
  150. package/src/api/com/atproto/server/getServiceAuth.ts +0 -111
  151. package/src/api/com/atproto/server/getSession.ts +0 -80
  152. package/src/api/com/atproto/server/index.ts +0 -55
  153. package/src/api/com/atproto/server/listAppPasswords.ts +0 -45
  154. package/src/api/com/atproto/server/refreshSession.ts +0 -72
  155. package/src/api/com/atproto/server/requestAccountDelete.ts +0 -66
  156. package/src/api/com/atproto/server/requestEmailConfirmation.ts +0 -68
  157. package/src/api/com/atproto/server/requestEmailUpdate.ts +0 -86
  158. package/src/api/com/atproto/server/requestPasswordReset.ts +0 -52
  159. package/src/api/com/atproto/server/reserveSigningKey.ts +0 -15
  160. package/src/api/com/atproto/server/resetPassword.ts +0 -50
  161. package/src/api/com/atproto/server/revokeAppPassword.ts +0 -42
  162. package/src/api/com/atproto/server/updateEmail.ts +0 -52
  163. package/src/api/com/atproto/server/util.ts +0 -136
  164. package/src/api/com/atproto/sync/deprecated/getCheckout.ts +0 -27
  165. package/src/api/com/atproto/sync/deprecated/getHead.ts +0 -33
  166. package/src/api/com/atproto/sync/getBlob.ts +0 -61
  167. package/src/api/com/atproto/sync/getBlocks.ts +0 -37
  168. package/src/api/com/atproto/sync/getLatestCommit.ts +0 -33
  169. package/src/api/com/atproto/sync/getRecord.ts +0 -49
  170. package/src/api/com/atproto/sync/getRepo.ts +0 -75
  171. package/src/api/com/atproto/sync/getRepoStatus.ts +0 -34
  172. package/src/api/com/atproto/sync/index.ts +0 -27
  173. package/src/api/com/atproto/sync/listBlobs.ts +0 -33
  174. package/src/api/com/atproto/sync/listRepos.ts +0 -74
  175. package/src/api/com/atproto/sync/subscribeRepos.ts +0 -73
  176. package/src/api/com/atproto/sync/util.ts +0 -37
  177. package/src/api/com/atproto/temp/checkSignupQueue.ts +0 -34
  178. package/src/api/com/atproto/temp/index.ts +0 -7
  179. package/src/api/index.ts +0 -10
  180. package/src/api/proxy.ts +0 -44
  181. package/src/app-view.ts +0 -24
  182. package/src/auth-output.ts +0 -52
  183. package/src/auth-routes.ts +0 -64
  184. package/src/auth-scope.ts +0 -40
  185. package/src/auth-verifier.ts +0 -668
  186. package/src/background.ts +0 -65
  187. package/src/basic-routes.ts +0 -52
  188. package/src/bsky-app-view.ts +0 -33
  189. package/src/config/config.ts +0 -553
  190. package/src/config/env.ts +0 -167
  191. package/src/config/index.ts +0 -3
  192. package/src/config/secrets.ts +0 -54
  193. package/src/context.ts +0 -523
  194. package/src/crawlers.ts +0 -46
  195. package/src/db/cast.ts +0 -52
  196. package/src/db/db.ts +0 -140
  197. package/src/db/index.ts +0 -4
  198. package/src/db/migrator.ts +0 -40
  199. package/src/db/pagination.ts +0 -132
  200. package/src/db/tables/moderation.ts +0 -80
  201. package/src/db/util.ts +0 -108
  202. package/src/did-cache/db/index.ts +0 -21
  203. package/src/did-cache/db/migrations.ts +0 -17
  204. package/src/did-cache/db/schema.ts +0 -9
  205. package/src/did-cache/index.ts +0 -131
  206. package/src/disk-blobstore.ts +0 -172
  207. package/src/error.ts +0 -19
  208. package/src/handle/explicit-slurs.ts +0 -22
  209. package/src/handle/index.ts +0 -49
  210. package/src/handle/reserved.ts +0 -1059
  211. package/src/image/image-url-builder.ts +0 -16
  212. package/src/index.ts +0 -189
  213. package/src/lexicons.ts +0 -4
  214. package/src/logger.ts +0 -35
  215. package/src/mailer/index.ts +0 -111
  216. package/src/mailer/moderation.ts +0 -33
  217. package/src/mailer/templates/confirm-email.d.ts +0 -4
  218. package/src/mailer/templates/confirm-email.hbs +0 -158
  219. package/src/mailer/templates/delete-account.d.ts +0 -4
  220. package/src/mailer/templates/delete-account.hbs +0 -156
  221. package/src/mailer/templates/plc-operation.d.ts +0 -4
  222. package/src/mailer/templates/plc-operation.hbs +0 -153
  223. package/src/mailer/templates/reset-password.d.ts +0 -4
  224. package/src/mailer/templates/reset-password.hbs +0 -154
  225. package/src/mailer/templates/update-email.d.ts +0 -4
  226. package/src/mailer/templates/update-email.hbs +0 -153
  227. package/src/mailer/templates.ts +0 -17
  228. package/src/pipethrough.ts +0 -716
  229. package/src/rate-limits.ts +0 -59
  230. package/src/read-after-write/index.ts +0 -3
  231. package/src/read-after-write/types.ts +0 -35
  232. package/src/read-after-write/util.ts +0 -101
  233. package/src/read-after-write/viewer.ts +0 -290
  234. package/src/redis.ts +0 -25
  235. package/src/repo/index.ts +0 -2
  236. package/src/repo/prepare.ts +0 -266
  237. package/src/repo/types.ts +0 -65
  238. package/src/scripts/README.md +0 -40
  239. package/src/scripts/index.ts +0 -20
  240. package/src/scripts/publish-identity.ts +0 -60
  241. package/src/scripts/rebuild-repo.ts +0 -119
  242. package/src/scripts/rotate-keys.ts +0 -146
  243. package/src/scripts/sequencer-recovery/index.ts +0 -23
  244. package/src/scripts/sequencer-recovery/recoverer.ts +0 -297
  245. package/src/scripts/sequencer-recovery/recovery-db.ts +0 -65
  246. package/src/scripts/sequencer-recovery/repair-repos.ts +0 -49
  247. package/src/scripts/sequencer-recovery/user-queues.ts +0 -44
  248. package/src/scripts/util.ts +0 -7
  249. package/src/sequencer/db/index.ts +0 -21
  250. package/src/sequencer/db/migrations/001-init.ts +0 -35
  251. package/src/sequencer/db/migrations/index.ts +0 -5
  252. package/src/sequencer/db/schema.ts +0 -19
  253. package/src/sequencer/events.ts +0 -199
  254. package/src/sequencer/index.ts +0 -3
  255. package/src/sequencer/outbox.ts +0 -123
  256. package/src/sequencer/sequencer.ts +0 -290
  257. package/src/util/compression.ts +0 -16
  258. package/src/util/debug.ts +0 -10
  259. package/src/util/http.ts +0 -31
  260. package/src/util/types.ts +0 -7
  261. package/src/well-known.ts +0 -30
  262. package/test.env +0 -2
  263. package/tests/__snapshots__/takedown-appeal.test.ts.snap +0 -43
  264. package/tests/_oauth_client_assets_middleware.ts +0 -23
  265. package/tests/_puppeteer.ts +0 -147
  266. package/tests/_types.d.ts +0 -16
  267. package/tests/_util.ts +0 -191
  268. package/tests/account-deactivation.test.ts +0 -204
  269. package/tests/account-deletion.test.ts +0 -300
  270. package/tests/account-manager.test.ts +0 -462
  271. package/tests/account-migration.test.ts +0 -221
  272. package/tests/account-status.test.ts +0 -206
  273. package/tests/account.test.ts +0 -595
  274. package/tests/app-passwords.test.ts +0 -262
  275. package/tests/auth.test.ts +0 -405
  276. package/tests/blob-deletes.test.ts +0 -204
  277. package/tests/create-post.test.ts +0 -79
  278. package/tests/crud.test.ts +0 -1595
  279. package/tests/db.test.ts +0 -170
  280. package/tests/email-confirmation.test.ts +0 -227
  281. package/tests/entryway-mock.ts +0 -323
  282. package/tests/entryway.test.ts +0 -145
  283. package/tests/file-uploads.test.ts +0 -301
  284. package/tests/get-service-auth.test.ts +0 -81
  285. package/tests/handle-validation.test.ts +0 -56
  286. package/tests/handles.test.ts +0 -274
  287. package/tests/invite-codes.test.ts +0 -367
  288. package/tests/invites-admin.test.ts +0 -252
  289. package/tests/moderation.test.ts +0 -280
  290. package/tests/moderator-auth.test.ts +0 -177
  291. package/tests/oauth.test.ts +0 -334
  292. package/tests/plc-operations.test.ts +0 -239
  293. package/tests/preferences.test.ts +0 -352
  294. package/tests/proxied/__snapshots__/admin.test.ts.snap +0 -516
  295. package/tests/proxied/__snapshots__/feedgen.test.ts.snap +0 -215
  296. package/tests/proxied/__snapshots__/views.test.ts.snap +0 -4456
  297. package/tests/proxied/admin.test.ts +0 -340
  298. package/tests/proxied/feedgen.test.ts +0 -66
  299. package/tests/proxied/notif.test.ts +0 -85
  300. package/tests/proxied/procedures.test.ts +0 -175
  301. package/tests/proxied/proxy-catchall.test.ts +0 -256
  302. package/tests/proxied/proxy-header.test.ts +0 -239
  303. package/tests/proxied/proxy-oauth-aud.test.ts +0 -182
  304. package/tests/proxied/read-after-write.test.ts +0 -382
  305. package/tests/proxied/views.test.ts +0 -608
  306. package/tests/races.test.ts +0 -89
  307. package/tests/rate-limits.test.ts +0 -70
  308. package/tests/recovery.test.ts +0 -180
  309. package/tests/seeds/basic.ts +0 -165
  310. package/tests/seeds/follows.ts +0 -57
  311. package/tests/seeds/likes.ts +0 -14
  312. package/tests/seeds/reposts.ts +0 -18
  313. package/tests/seeds/thread.ts +0 -40
  314. package/tests/seeds/users-bulk.ts +0 -246
  315. package/tests/seeds/users.ts +0 -67
  316. package/tests/sequencer.test.ts +0 -251
  317. package/tests/server.test.ts +0 -151
  318. package/tests/sync/invertible-ops.test.ts +0 -99
  319. package/tests/sync/list.test.ts +0 -43
  320. package/tests/sync/subscribe-repos.test.ts +0 -672
  321. package/tests/sync/sync.test.ts +0 -316
  322. package/tests/takedown-appeal.test.ts +0 -166
  323. package/tsconfig.build.json +0 -9
  324. package/tsconfig.build.tsbuildinfo +0 -1
  325. package/tsconfig.json +0 -7
  326. package/tsconfig.tests.json +0 -8
@@ -1,256 +0,0 @@
1
- import { once } from 'node:events'
2
- import http from 'node:http'
3
- import { AddressInfo } from 'node:net'
4
- import { setTimeout as sleep } from 'node:timers/promises'
5
- import * as plc from '@did-plc/lib'
6
- import express from 'express'
7
- // eslint-disable-next-line import/default
8
- import httpTerminator from 'http-terminator'
9
- import AtpAgent from '@atproto/api'
10
- import { Keypair } from '@atproto/crypto'
11
- import { TestNetworkNoAppView } from '@atproto/dev-env'
12
- import { LexiconDocument } from '@atproto/lex-document'
13
-
14
- const lexicons = [
15
- {
16
- lexicon: 1,
17
- id: 'com.example.ok',
18
- defs: {
19
- main: {
20
- type: 'query',
21
- output: {
22
- encoding: 'application/json',
23
- schema: { type: 'object', properties: { foo: { type: 'string' } } },
24
- },
25
- },
26
- },
27
- },
28
- {
29
- lexicon: 1,
30
- id: 'com.example.slow',
31
- defs: {
32
- main: {
33
- type: 'query',
34
- output: {
35
- encoding: 'application/json',
36
- schema: { type: 'object', properties: { foo: { type: 'string' } } },
37
- },
38
- },
39
- },
40
- },
41
- {
42
- lexicon: 1,
43
- id: 'com.example.abort',
44
- defs: {
45
- main: {
46
- type: 'query',
47
- output: {
48
- encoding: 'application/json',
49
- schema: { type: 'object', properties: { foo: { type: 'string' } } },
50
- },
51
- },
52
- },
53
- },
54
- {
55
- lexicon: 1,
56
- id: 'com.example.error',
57
- defs: {
58
- main: {
59
- type: 'query',
60
- output: {
61
- encoding: 'application/json',
62
- schema: { type: 'object', properties: { foo: { type: 'string' } } },
63
- },
64
- },
65
- },
66
- },
67
- ] as const satisfies LexiconDocument[]
68
-
69
- describe('proxy header', () => {
70
- let network: TestNetworkNoAppView
71
- let alice: AtpAgent
72
-
73
- let proxyServer: ProxyServer
74
-
75
- beforeAll(async () => {
76
- network = await TestNetworkNoAppView.create({
77
- dbPostgresSchema: 'proxy_catchall',
78
- })
79
-
80
- const serviceId = 'proxy_test'
81
-
82
- proxyServer = await ProxyServer.create(
83
- network.pds.ctx.plcClient,
84
- network.pds.ctx.plcRotationKey,
85
- serviceId,
86
- )
87
-
88
- alice = network.pds.getAgent().withProxy(serviceId, proxyServer.did)
89
-
90
- for (const lex of lexicons) alice.lex.add(lex)
91
-
92
- await alice.createAccount({
93
- email: 'alice@test.com',
94
- handle: 'alice.test',
95
- password: 'alice-pass',
96
- })
97
- await network.processAll()
98
- })
99
-
100
- afterAll(async () => {
101
- await proxyServer?.close()
102
- await network?.close()
103
- })
104
-
105
- it('rejects when upstream unavailable', async () => {
106
- const serviceId = 'foo_bar'
107
-
108
- const proxyServer = await ProxyServer.create(
109
- network.pds.ctx.plcClient,
110
- network.pds.ctx.plcRotationKey,
111
- serviceId,
112
- )
113
-
114
- // Make sure the service is not available
115
- await proxyServer.close()
116
-
117
- const client = alice.withProxy(serviceId, proxyServer.did)
118
- for (const lex of lexicons) client.lex.add(lex)
119
-
120
- await expect(client.call('com.example.ok')).rejects.toThrow(
121
- 'Upstream service unreachable',
122
- )
123
- })
124
-
125
- it('successfully proxies requests', async () => {
126
- await expect(alice.call('com.example.ok')).resolves.toMatchObject({
127
- data: { foo: 'ok' },
128
- success: true,
129
- })
130
- })
131
-
132
- it('handles cancelled upstream requests', async () => {
133
- await expect(alice.call('com.example.abort')).rejects.toThrow('terminated')
134
- })
135
-
136
- it('handles failing upstream requests', async () => {
137
- await expect(alice.call('com.example.error')).rejects.toThrow(
138
- expect.objectContaining({
139
- status: 502,
140
- error: 'FooBar',
141
- message: 'My message',
142
- }),
143
- )
144
- })
145
-
146
- it('handles cancelled downstream requests', async () => {
147
- const ac = new AbortController()
148
-
149
- setTimeout(() => ac.abort(), 20)
150
-
151
- await expect(
152
- alice.call('com.example.slow', {}, undefined, { signal: ac.signal }),
153
- ).rejects.toThrow('This operation was aborted')
154
-
155
- await expect(alice.call('com.example.slow')).resolves.toMatchObject({
156
- data: { foo: 'slow' },
157
- success: true,
158
- })
159
- })
160
- })
161
-
162
- class ProxyServer {
163
- private terminator: httpTerminator.HttpTerminator
164
-
165
- constructor(
166
- server: http.Server,
167
- public did: string,
168
- ) {
169
- this.terminator = httpTerminator.createHttpTerminator({ server })
170
- }
171
-
172
- static async create(
173
- plcClient: plc.Client,
174
- keypair: Keypair,
175
- serviceId: string,
176
- ): Promise<ProxyServer> {
177
- const app = express()
178
-
179
- app.get('/xrpc/com.example.ok', (req, res) => {
180
- res.status(200)
181
- res.setHeader('content-type', 'application/json')
182
- res.send('{"foo":"ok"}')
183
- })
184
-
185
- app.get('/xrpc/com.example.slow', async (req, res) => {
186
- const wait = async (ms: number) => {
187
- if (res.destroyed) return
188
- const ac = new AbortController()
189
- const abort = () => ac.abort()
190
- res.on('close', abort)
191
- try {
192
- await sleep(ms, undefined, { signal: ac.signal })
193
- } finally {
194
- res.off('close', abort)
195
- }
196
- }
197
-
198
- await wait(50)
199
-
200
- res.status(200)
201
- res.setHeader('content-type', 'application/json')
202
- res.flushHeaders()
203
-
204
- await wait(50)
205
-
206
- for (const char of '{"foo":"slow"}') {
207
- res.write(char)
208
- await wait(10)
209
- }
210
-
211
- res.end()
212
- })
213
-
214
- app.get('/xrpc/com.example.abort', async (req, res) => {
215
- res.status(200)
216
- res.setHeader('content-type', 'application/json')
217
- res.write('{"foo"')
218
- await sleep(50)
219
- res.destroy(new Error('abort'))
220
- })
221
-
222
- app.get('/xrpc/com.example.error', async (req, res) => {
223
- res.status(500).json({ error: 'FooBar', message: 'My message' })
224
- })
225
-
226
- const server = app.listen(0)
227
- server.keepAliveTimeout = 30 * 1000
228
- server.headersTimeout = 35 * 1000
229
- await once(server, 'listening')
230
- const { port } = server.address() as AddressInfo
231
-
232
- const plcOp = await plc.signOperation(
233
- {
234
- type: 'plc_operation',
235
- rotationKeys: [keypair.did()],
236
- alsoKnownAs: [],
237
- verificationMethods: {},
238
- services: {
239
- [serviceId]: {
240
- type: 'TestAtprotoService',
241
- endpoint: `http://localhost:${port}`,
242
- },
243
- },
244
- prev: null,
245
- },
246
- keypair,
247
- )
248
- const did = await plc.didForCreateOp(plcOp)
249
- await plcClient.sendOperation(did, plcOp)
250
- return new ProxyServer(server, did)
251
- }
252
-
253
- async close() {
254
- await this.terminator.terminate()
255
- }
256
- }
@@ -1,239 +0,0 @@
1
- import assert from 'node:assert'
2
- import { once } from 'node:events'
3
- import http from 'node:http'
4
- import { AddressInfo } from 'node:net'
5
- import * as plc from '@did-plc/lib'
6
- import express from 'express'
7
- // eslint-disable-next-line import/default
8
- import httpTerminator from 'http-terminator'
9
- import { Keypair } from '@atproto/crypto'
10
- import { SeedClient, TestNetworkNoAppView, usersSeed } from '@atproto/dev-env'
11
- import type { DidString } from '@atproto/syntax'
12
- import { verifyJwt } from '@atproto/xrpc-server'
13
- import { parseProxyHeader } from '../../src/pipethrough.js'
14
-
15
- describe('proxy header', () => {
16
- let network: TestNetworkNoAppView
17
- let sc: SeedClient
18
-
19
- let alice: DidString
20
-
21
- let proxyServer: ProxyServer
22
-
23
- beforeAll(async () => {
24
- network = await TestNetworkNoAppView.create({
25
- dbPostgresSchema: 'proxy_header',
26
- })
27
- sc = network.getSeedClient()
28
- await usersSeed(sc)
29
-
30
- proxyServer = await ProxyServer.create(
31
- network.pds.ctx.plcClient,
32
- network.pds.ctx.plcRotationKey,
33
- 'atproto_test',
34
- )
35
-
36
- alice = sc.dids.alice
37
- await network.processAll()
38
- }, 20_000) // @NOTE seeding can take a while
39
-
40
- afterAll(async () => {
41
- await proxyServer?.close()
42
- await network?.close()
43
- })
44
-
45
- it('parses proxy header', async () => {
46
- expect(parseProxyHeader(network.pds.ctx, `#atproto_test`)).rejects.toThrow(
47
- 'no did specified in proxy header',
48
- )
49
-
50
- expect(
51
- parseProxyHeader(network.pds.ctx, `${proxyServer.did}#atproto_test#foo`),
52
- ).rejects.toThrow('invalid proxy header format')
53
-
54
- expect(
55
- parseProxyHeader(network.pds.ctx, `${proxyServer.did}#atproto_test `),
56
- ).rejects.toThrow('proxy header cannot contain spaces')
57
-
58
- expect(
59
- parseProxyHeader(network.pds.ctx, ` ${proxyServer.did}#atproto_test`),
60
- ).rejects.toThrow('proxy header cannot contain spaces')
61
-
62
- expect(parseProxyHeader(network.pds.ctx, `did:foo#bar`)).rejects.toThrow(
63
- 'Poorly formatted DID: did:foo',
64
- )
65
-
66
- expect(
67
- parseProxyHeader(network.pds.ctx, `did:foo:bar#baz`),
68
- ).rejects.toThrow('Unsupported DID method: did:foo:bar')
69
-
70
- expect(
71
- parseProxyHeader(network.pds.ctx, `did:toString:foo#bar`),
72
- ).rejects.toThrow('Unsupported DID method: did:toString:foo')
73
-
74
- expect(parseProxyHeader(network.pds.ctx, `foo#bar`)).rejects.toThrow(
75
- 'Poorly formatted DID: foo',
76
- )
77
-
78
- expect(
79
- parseProxyHeader(network.pds.ctx, `${proxyServer.did}#atproto_test`),
80
- ).resolves.toEqual({
81
- did: proxyServer.did,
82
- url: proxyServer.url,
83
- serviceId: 'atproto_test',
84
- })
85
- })
86
-
87
- it('proxies requests based on header', async () => {
88
- const path = `/xrpc/app.bsky.actor.getProfile?actor=${alice}`
89
- await fetch(`${network.pds.url}${path}`, {
90
- headers: {
91
- ...sc.getHeaders(alice),
92
- 'atproto-proxy': `${proxyServer.did}#atproto_test`,
93
- },
94
- })
95
- const req = proxyServer.requests.at(-1)
96
- assert(req)
97
- expect(req.url).toEqual(path)
98
- assert(req.auth)
99
- const verified = await verifyJwt(
100
- req.auth.replace('Bearer ', ''),
101
- proxyServer.did,
102
- 'app.bsky.actor.getProfile',
103
- (iss) => network.pds.ctx.idResolver.did.resolveAtprotoKey(iss, true),
104
- )
105
- expect(verified.aud).toBe(proxyServer.did)
106
- expect(verified.iss).toBe(alice)
107
- })
108
-
109
- it('fails on a non-existant did', async () => {
110
- const path = `/xrpc/app.bsky.actor.getProfile?actor=${alice}`
111
- const response = await fetch(`${network.pds.url}${path}`, {
112
- headers: {
113
- ...sc.getHeaders(alice),
114
- 'atproto-proxy': `did:plc:12345678123456781234578#atproto_test`,
115
- },
116
- })
117
-
118
- await expect(response.json()).resolves.toMatchObject({
119
- message: 'could not resolve proxy did',
120
- })
121
-
122
- expect(proxyServer.requests.length).toBe(1)
123
- })
124
-
125
- it('fails when a service is not specified', async () => {
126
- const path = `/xrpc/app.bsky.actor.getProfile?actor=${alice}`
127
- const response = await fetch(`${network.pds.url}${path}`, {
128
- headers: {
129
- ...sc.getHeaders(alice),
130
- 'atproto-proxy': proxyServer.did,
131
- },
132
- })
133
-
134
- await expect(response.json()).resolves.toMatchObject({
135
- message: 'no service id specified in proxy header',
136
- })
137
-
138
- expect(proxyServer.requests.length).toBe(1)
139
- })
140
-
141
- it('fails on a non-existant service', async () => {
142
- const path = `/xrpc/app.bsky.actor.getProfile?actor=${alice}`
143
- const response = await fetch(`${network.pds.url}${path}`, {
144
- headers: {
145
- ...sc.getHeaders(alice),
146
- 'atproto-proxy': `${proxyServer.did}#atproto_bad`,
147
- },
148
- })
149
-
150
- await expect(response.json()).resolves.toMatchObject({
151
- message: 'could not resolve proxy did service url',
152
- })
153
-
154
- expect(proxyServer.requests.length).toBe(1)
155
- })
156
-
157
- it('handles failing manual pipethroughs', async () => {
158
- // This is a PDS endpoint which uses a manual pipethrough() in its handler
159
- const path = '/xrpc/app.bsky.actor.getPreferences'
160
- const res = await fetch(`${network.pds.url}${path}`, {
161
- headers: {
162
- ...sc.getHeaders(alice),
163
- 'atproto-proxy': `${proxyServer.did}#atproto_test`,
164
- },
165
- })
166
- await res.arrayBuffer() // drain
167
- expect(res.status).toBe(501)
168
- })
169
- })
170
-
171
- type ProxyReq = {
172
- url: string
173
- auth: string | undefined
174
- }
175
-
176
- class ProxyServer {
177
- private terminator: httpTerminator.HttpTerminator
178
-
179
- constructor(
180
- server: http.Server,
181
- public url: string,
182
- public did: string,
183
- public requests: ProxyReq[],
184
- ) {
185
- this.terminator = httpTerminator.createHttpTerminator({ server })
186
- }
187
-
188
- static async create(
189
- plcClient: plc.Client,
190
- keypair: Keypair,
191
- serviceId: string,
192
- ): Promise<ProxyServer> {
193
- const requests: ProxyReq[] = []
194
- const app = express()
195
-
196
- // This is a PDS endpoint which uses a manual pipethrough() in its handler
197
- app.get('/xrpc/app.bsky.actor.getPreferences', (req, res) => {
198
- res.sendStatus(501)
199
- })
200
-
201
- app.get('*', (req, res) => {
202
- requests.push({
203
- url: req.url,
204
- auth: req.header('authorization'),
205
- })
206
- res.sendStatus(200)
207
- })
208
-
209
- const server = app.listen(0)
210
- await once(server, 'listening')
211
-
212
- const { port } = server.address() as AddressInfo
213
-
214
- const url = `http://localhost:${port}`
215
- const plcOp = await plc.signOperation(
216
- {
217
- type: 'plc_operation',
218
- rotationKeys: [keypair.did()],
219
- alsoKnownAs: [],
220
- verificationMethods: {},
221
- services: {
222
- [serviceId]: {
223
- type: 'TestAtprotoService',
224
- endpoint: url,
225
- },
226
- },
227
- prev: null,
228
- },
229
- keypair,
230
- )
231
- const did = await plc.didForCreateOp(plcOp)
232
- await plcClient.sendOperation(did, plcOp)
233
- return new ProxyServer(server, url, did, requests)
234
- }
235
-
236
- async close(): Promise<void> {
237
- await this.terminator.terminate()
238
- }
239
- }
@@ -1,182 +0,0 @@
1
- import { once } from 'node:events'
2
- import http from 'node:http'
3
- import { AddressInfo } from 'node:net'
4
- import * as plc from '@did-plc/lib'
5
- import express from 'express'
6
- // eslint-disable-next-line import/default
7
- import httpTerminator from 'http-terminator'
8
- import { Keypair } from '@atproto/crypto'
9
- import { SeedClient, TestNetworkNoAppView, usersSeed } from '@atproto/dev-env'
10
- import { ScopePermissions } from '@atproto/oauth-scopes'
11
- import { DidString } from '@atproto/syntax'
12
- import { AppContext } from '../../src/context.js'
13
- import { proxyHandler } from '../../src/pipethrough.js'
14
-
15
- // Regression test for the OAuth service-proxying audience fix.
16
- //
17
- // Before the fix, proxyHandler passed a bare DID as `aud` to the rpc scope
18
- // check. An OAuth caller granted `rpc:<lxm>?aud=<did>#<serviceId>` (the
19
- // canonical scope shape used in atproto OAuth) had no way to match, so
20
- // proxied calls failed at the scope check. The fix combines the proxied
21
- // service id into the scope-check audience as `<did>#<serviceId>`.
22
- //
23
- // We use a real PDS AppContext (so every field is real-typed). Only the
24
- // `authVerifier.authorization` method is replaced, with a thin stub that
25
- // drives the OAuth path off an `x-test-scope` request header — letting us
26
- // exercise the rpc scope check without minting a real OAuth token. A
27
- // separate express app mounts a fresh proxyHandler against the real ctx
28
- // and forwards to a real upstream ProxyServer.
29
-
30
- describe('proxy oauth audience', () => {
31
- let network: TestNetworkNoAppView
32
- let sc: SeedClient
33
- let alice: string
34
- let upstream: ProxyServer
35
- let terminator: httpTerminator.HttpTerminator
36
- let serverUrl: string
37
-
38
- beforeAll(async () => {
39
- network = await TestNetworkNoAppView.create({
40
- dbPostgresSchema: 'proxy_oauth_aud',
41
- })
42
- sc = network.getSeedClient()
43
- await usersSeed(sc)
44
- alice = sc.dids.alice
45
- upstream = await ProxyServer.create(
46
- network.pds.ctx.plcClient,
47
- network.pds.ctx.plcRotationKey,
48
- 'atproto_test',
49
- )
50
-
51
- // Replace only the `authorization` method on the real AuthVerifier so
52
- // every other ctx field stays real and real-typed. The override's
53
- // signature is constrained by AuthVerifier['authorization']: an OAuth
54
- // shape change in the real verifier breaks the body of this stub at
55
- // compile time.
56
- const stubAuthorization: typeof network.pds.ctx.authVerifier.authorization =
57
- ({ authorize }) => {
58
- return async (ctx) => {
59
- const scopeHeader = ctx.req.headers['x-test-scope'] as
60
- | string
61
- | undefined
62
- const permissions = new ScopePermissions(
63
- scopeHeader?.split(' ') ?? [],
64
- )
65
- await authorize(permissions, ctx)
66
- return {
67
- credentials: {
68
- type: 'oauth',
69
- did: alice as DidString,
70
- permissions,
71
- },
72
- }
73
- }
74
- }
75
- network.pds.ctx.authVerifier.authorization = stubAuthorization
76
-
77
- const app = express()
78
- // dev-env exports AppContext from its built dist/, while we import
79
- // proxyHandler from src/. Cast at this boundary to bridge the two
80
- // identical shapes; downstream behavior is real.
81
- app.all('/xrpc/*', proxyHandler(network.pds.ctx as unknown as AppContext))
82
- app.use(
83
- (
84
- err: Error & { status?: number; statusCode?: number },
85
- _req: express.Request,
86
- res: express.Response,
87
- _next: express.NextFunction,
88
- ) => {
89
- if (res.headersSent) return
90
- res.status(err.status ?? err.statusCode ?? 500).end()
91
- },
92
- )
93
- const server = app.listen(0)
94
- await once(server, 'listening')
95
- terminator = httpTerminator.createHttpTerminator({ server })
96
- serverUrl = `http://localhost:${(server.address() as AddressInfo).port}`
97
- })
98
-
99
- afterAll(async () => {
100
- await Promise.all([
101
- terminator?.terminate(),
102
- upstream?.close(),
103
- network?.close(),
104
- ])
105
- })
106
-
107
- it('matches an OAuth rpc scope granted with combined did#serviceId aud', async () => {
108
- // Pre-fix this would have rejected because the scope check received
109
- // bare-DID aud and never matched the combined-form scope. A 200 here
110
- // implies the scope check ran with combined-form aud.
111
- const res = await fetch(`${serverUrl}/xrpc/app.bsky.feed.getFeed`, {
112
- headers: {
113
- 'atproto-proxy': `${upstream.did}#atproto_test`,
114
- 'x-test-scope': `rpc:app.bsky.feed.getFeed?aud=${encodeURIComponent(`${upstream.did}#atproto_test`)}`,
115
- },
116
- })
117
- expect(res.status).toBe(200)
118
- })
119
-
120
- it('rejects an OAuth rpc scope granted for a different service id', async () => {
121
- // Same DID, different service id — both forms parse as valid scope
122
- // audiences, but the runtime aud (`upstream.did#atproto_test`) doesn't
123
- // match the granted aud (`upstream.did#atproto_other`).
124
- const res = await fetch(`${serverUrl}/xrpc/app.bsky.feed.getFeed`, {
125
- headers: {
126
- 'atproto-proxy': `${upstream.did}#atproto_test`,
127
- 'x-test-scope': `rpc:app.bsky.feed.getFeed?aud=${encodeURIComponent(`${upstream.did}#atproto_other`)}`,
128
- },
129
- })
130
- expect([401, 403]).toContain(res.status)
131
- })
132
- })
133
-
134
- class ProxyServer {
135
- private terminator: httpTerminator.HttpTerminator
136
-
137
- constructor(
138
- server: http.Server,
139
- public url: string,
140
- public did: string,
141
- ) {
142
- this.terminator = httpTerminator.createHttpTerminator({ server })
143
- }
144
-
145
- static async create(
146
- plcClient: plc.Client,
147
- keypair: Keypair,
148
- serviceId: string,
149
- ): Promise<ProxyServer> {
150
- const app = express()
151
- app.all('*', (_req, res) => res.sendStatus(200))
152
-
153
- const server = app.listen(0)
154
- await once(server, 'listening')
155
-
156
- const { port } = server.address() as AddressInfo
157
- const url = `http://localhost:${port}`
158
- const plcOp = await plc.signOperation(
159
- {
160
- type: 'plc_operation',
161
- rotationKeys: [keypair.did()],
162
- alsoKnownAs: [],
163
- verificationMethods: {},
164
- services: {
165
- [serviceId]: {
166
- type: 'TestAtprotoService',
167
- endpoint: url,
168
- },
169
- },
170
- prev: null,
171
- },
172
- keypair,
173
- )
174
- const did = await plc.didForCreateOp(plcOp)
175
- await plcClient.sendOperation(did, plcOp)
176
- return new ProxyServer(server, url, did)
177
- }
178
-
179
- close(): Promise<void> {
180
- return this.terminator.terminate()
181
- }
182
- }