@hatk/hatk 0.0.1-alpha.6 → 0.0.1-alpha.61
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapter.d.ts +19 -0
- package/dist/adapter.d.ts.map +1 -0
- package/dist/adapter.js +108 -0
- package/dist/backfill.d.ts +2 -2
- package/dist/backfill.d.ts.map +1 -1
- package/dist/backfill.js +83 -41
- package/dist/car.d.ts +42 -10
- package/dist/car.d.ts.map +1 -1
- package/dist/car.js +154 -14
- package/dist/cli.js +243 -1043
- package/dist/config.d.ts +31 -1
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +40 -9
- package/dist/database/adapter-factory.d.ts +6 -0
- package/dist/database/adapter-factory.d.ts.map +1 -0
- package/dist/database/adapter-factory.js +20 -0
- package/dist/database/adapters/duckdb-search.d.ts +12 -0
- package/dist/database/adapters/duckdb-search.d.ts.map +1 -0
- package/dist/database/adapters/duckdb-search.js +27 -0
- package/dist/database/adapters/duckdb.d.ts +25 -0
- package/dist/database/adapters/duckdb.d.ts.map +1 -0
- package/dist/database/adapters/duckdb.js +161 -0
- package/dist/database/adapters/sqlite-search.d.ts +23 -0
- package/dist/database/adapters/sqlite-search.d.ts.map +1 -0
- package/dist/database/adapters/sqlite-search.js +74 -0
- package/dist/database/adapters/sqlite.d.ts +18 -0
- package/dist/database/adapters/sqlite.d.ts.map +1 -0
- package/dist/database/adapters/sqlite.js +88 -0
- package/dist/{db.d.ts → database/db.d.ts} +57 -6
- package/dist/database/db.d.ts.map +1 -0
- package/dist/{db.js → database/db.js} +730 -549
- package/dist/database/dialect.d.ts +45 -0
- package/dist/database/dialect.d.ts.map +1 -0
- package/dist/database/dialect.js +72 -0
- package/dist/{fts.d.ts → database/fts.d.ts} +7 -0
- package/dist/database/fts.d.ts.map +1 -0
- package/dist/{fts.js → database/fts.js} +116 -32
- package/dist/database/index.d.ts +7 -0
- package/dist/database/index.d.ts.map +1 -0
- package/dist/database/index.js +6 -0
- package/dist/database/ports.d.ts +50 -0
- package/dist/database/ports.d.ts.map +1 -0
- package/dist/database/ports.js +1 -0
- package/dist/{schema.d.ts → database/schema.d.ts} +14 -3
- package/dist/database/schema.d.ts.map +1 -0
- package/dist/{schema.js → database/schema.js} +81 -41
- package/dist/dev-entry.d.ts +8 -0
- package/dist/dev-entry.d.ts.map +1 -0
- package/dist/dev-entry.js +113 -0
- package/dist/feeds.d.ts +12 -8
- package/dist/feeds.d.ts.map +1 -1
- package/dist/feeds.js +51 -6
- package/dist/hooks.d.ts +85 -0
- package/dist/hooks.d.ts.map +1 -0
- package/dist/hooks.js +161 -0
- package/dist/hydrate.d.ts +7 -6
- package/dist/hydrate.d.ts.map +1 -1
- package/dist/hydrate.js +4 -16
- package/dist/indexer.d.ts +23 -0
- package/dist/indexer.d.ts.map +1 -1
- package/dist/indexer.js +181 -34
- package/dist/labels.d.ts +36 -0
- package/dist/labels.d.ts.map +1 -1
- package/dist/labels.js +71 -6
- package/dist/lexicon-resolve.d.ts.map +1 -1
- package/dist/lexicon-resolve.js +27 -112
- package/dist/lexicons/com/atproto/label/defs.json +75 -0
- package/dist/lexicons/com/atproto/moderation/defs.json +30 -0
- package/dist/lexicons/com/atproto/repo/strongRef.json +24 -0
- package/dist/lexicons/dev/hatk/applyWrites.json +87 -0
- package/dist/lexicons/dev/hatk/createRecord.json +40 -0
- package/dist/lexicons/dev/hatk/createReport.json +48 -0
- package/dist/lexicons/dev/hatk/deleteRecord.json +25 -0
- package/dist/lexicons/dev/hatk/describeCollections.json +41 -0
- package/dist/lexicons/dev/hatk/describeFeeds.json +29 -0
- package/dist/lexicons/dev/hatk/describeLabels.json +45 -0
- package/dist/lexicons/dev/hatk/getFeed.json +30 -0
- package/dist/lexicons/dev/hatk/getPreferences.json +19 -0
- package/dist/lexicons/dev/hatk/getRecord.json +26 -0
- package/dist/lexicons/dev/hatk/getRecords.json +32 -0
- package/dist/lexicons/dev/hatk/putPreference.json +28 -0
- package/dist/lexicons/dev/hatk/putRecord.json +41 -0
- package/dist/lexicons/dev/hatk/searchRecords.json +32 -0
- package/dist/lexicons/dev/hatk/uploadBlob.json +23 -0
- package/dist/logger.d.ts +29 -0
- package/dist/logger.d.ts.map +1 -1
- package/dist/logger.js +29 -0
- package/dist/main.js +138 -67
- package/dist/mst.d.ts +18 -1
- package/dist/mst.d.ts.map +1 -1
- package/dist/mst.js +19 -8
- package/dist/oauth/db.d.ts +3 -1
- package/dist/oauth/db.d.ts.map +1 -1
- package/dist/oauth/db.js +48 -19
- package/dist/oauth/server.d.ts +24 -0
- package/dist/oauth/server.d.ts.map +1 -1
- package/dist/oauth/server.js +198 -22
- package/dist/oauth/session.d.ts +11 -0
- package/dist/oauth/session.d.ts.map +1 -0
- package/dist/oauth/session.js +65 -0
- package/dist/opengraph.d.ts +10 -0
- package/dist/opengraph.d.ts.map +1 -1
- package/dist/opengraph.js +80 -40
- package/dist/pds-proxy.d.ts +60 -0
- package/dist/pds-proxy.d.ts.map +1 -0
- package/dist/pds-proxy.js +277 -0
- package/dist/push.d.ts +34 -0
- package/dist/push.d.ts.map +1 -0
- package/dist/push.js +184 -0
- package/dist/renderer.d.ts +27 -0
- package/dist/renderer.d.ts.map +1 -0
- package/dist/renderer.js +46 -0
- package/dist/resolve-hatk.d.ts +6 -0
- package/dist/resolve-hatk.d.ts.map +1 -0
- package/dist/resolve-hatk.js +20 -0
- package/dist/response.d.ts +16 -0
- package/dist/response.d.ts.map +1 -0
- package/dist/response.js +69 -0
- package/dist/scanner.d.ts +21 -0
- package/dist/scanner.d.ts.map +1 -0
- package/dist/scanner.js +88 -0
- package/dist/seed.d.ts +19 -0
- package/dist/seed.d.ts.map +1 -1
- package/dist/seed.js +43 -4
- package/dist/server-init.d.ts +8 -0
- package/dist/server-init.d.ts.map +1 -0
- package/dist/server-init.js +62 -0
- package/dist/server.d.ts +26 -3
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +629 -635
- package/dist/setup.d.ts +28 -1
- package/dist/setup.d.ts.map +1 -1
- package/dist/setup.js +50 -3
- package/dist/templates/feed.tpl +14 -0
- package/dist/templates/hook.tpl +5 -0
- package/dist/templates/label.tpl +15 -0
- package/dist/templates/og.tpl +17 -0
- package/dist/templates/seed.tpl +11 -0
- package/dist/templates/setup.tpl +5 -0
- package/dist/templates/test-feed.tpl +19 -0
- package/dist/templates/test-xrpc.tpl +19 -0
- package/dist/templates/xrpc.tpl +41 -0
- package/dist/test.d.ts +1 -1
- package/dist/test.d.ts.map +1 -1
- package/dist/test.js +39 -32
- package/dist/views.js +1 -1
- package/dist/vite-plugin.d.ts +1 -1
- package/dist/vite-plugin.d.ts.map +1 -1
- package/dist/vite-plugin.js +254 -66
- package/dist/xrpc.d.ts +75 -11
- package/dist/xrpc.d.ts.map +1 -1
- package/dist/xrpc.js +189 -39
- package/package.json +14 -7
- package/public/admin.html +133 -54
- package/dist/db.d.ts.map +0 -1
- package/dist/fts.d.ts.map +0 -1
- package/dist/oauth/hooks.d.ts +0 -10
- package/dist/oauth/hooks.d.ts.map +0 -1
- package/dist/oauth/hooks.js +0 -40
- package/dist/schema.d.ts.map +0 -1
- package/dist/test-browser.d.ts +0 -14
- package/dist/test-browser.d.ts.map +0 -1
- package/dist/test-browser.js +0 -26
package/dist/main.js
CHANGED
|
@@ -1,29 +1,47 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
|
|
2
|
+
var __rewriteRelativeImportExtension = (this && this.__rewriteRelativeImportExtension) || function (path, preserveJsx) {
|
|
3
|
+
if (typeof path === "string" && /^\.\.?\//.test(path)) {
|
|
4
|
+
return path.replace(/\.(tsx)$|((?:\.d)?)((?:\.[^./]+?)?)\.([cm]?)ts$/i, function (m, tsx, d, ext, cm) {
|
|
5
|
+
return tsx ? preserveJsx ? ".jsx" : ".js" : d && (!ext || !cm) ? m : (d + ext + "." + cm.toLowerCase() + "js");
|
|
6
|
+
});
|
|
7
|
+
}
|
|
8
|
+
return path;
|
|
9
|
+
};
|
|
10
|
+
import { mkdirSync, writeFileSync, existsSync } from 'node:fs';
|
|
3
11
|
import { dirname, resolve } from 'node:path';
|
|
12
|
+
import { registerHatkResolveHook } from "./resolve-hatk.js";
|
|
4
13
|
import { log } from "./logger.js";
|
|
5
14
|
import { loadConfig } from "./config.js";
|
|
6
|
-
import { loadLexicons, storeLexicons, discoverCollections,
|
|
15
|
+
import { loadLexicons, storeLexicons, discoverCollections, buildSchemas } from "./database/schema.js";
|
|
7
16
|
import { discoverViews } from "./views.js";
|
|
8
|
-
import { initDatabase, getCursor, querySQL,
|
|
17
|
+
import { initDatabase, getCursor, querySQL, getSqlDialect, getSchemaDump, migrateSchema } from "./database/db.js";
|
|
18
|
+
import { createAdapter } from "./database/adapter-factory.js";
|
|
19
|
+
import { getDialect } from "./database/dialect.js";
|
|
20
|
+
import { setSearchPort } from "./database/fts.js";
|
|
9
21
|
import { initFeeds, listFeeds } from "./feeds.js";
|
|
10
|
-
import { initXrpc, listXrpc, configureRelay } from "./xrpc.js";
|
|
22
|
+
import { initXrpc, listXrpc, configureRelay, configureCdn, configureOAuth, callXrpc } from "./xrpc.js";
|
|
11
23
|
import { initOpengraph } from "./opengraph.js";
|
|
12
24
|
import { initLabels, getLabelDefinitions } from "./labels.js";
|
|
13
25
|
import { startIndexer } from "./indexer.js";
|
|
14
|
-
import { rebuildAllIndexes } from "./fts.js";
|
|
15
|
-
import {
|
|
26
|
+
import { rebuildAllIndexes } from "./database/fts.js";
|
|
27
|
+
import { createHandler, registerCoreHandlers } from "./server.js";
|
|
28
|
+
import { serve } from "./adapter.js";
|
|
16
29
|
import { validateLexicons } from '@bigmoves/lexicon';
|
|
17
30
|
import { relayHttpUrl } from "./config.js";
|
|
18
31
|
import { runBackfill } from "./backfill.js";
|
|
19
32
|
import { initOAuth } from "./oauth/server.js";
|
|
20
|
-
import {
|
|
33
|
+
import { parseSessionCookie, getSessionCookieName } from "./oauth/session.js";
|
|
34
|
+
import { loadOnLoginHook } from "./hooks.js";
|
|
35
|
+
import { initPush, isPushEnabled } from "./push.js";
|
|
21
36
|
import { initSetup } from "./setup.js";
|
|
22
|
-
|
|
37
|
+
import { initServer } from "./server-init.js";
|
|
38
|
+
const configPath = process.argv[2] || 'hatk.config.ts';
|
|
23
39
|
const configDir = dirname(resolve(configPath));
|
|
40
|
+
registerHatkResolveHook();
|
|
24
41
|
// 1. Load config
|
|
25
|
-
const config = loadConfig(configPath);
|
|
42
|
+
const config = await loadConfig(configPath);
|
|
26
43
|
configureRelay(config.relay);
|
|
44
|
+
configureCdn(config.cdn);
|
|
27
45
|
// 2. Load lexicons, validate schemas, and discover collections
|
|
28
46
|
const lexicons = loadLexicons(resolve(configDir, 'lexicons'));
|
|
29
47
|
const lexiconErrors = validateLexicons([...lexicons.values()]);
|
|
@@ -44,44 +62,65 @@ if (collections.length === 0) {
|
|
|
44
62
|
log(`[main] Loaded config: ${collections.length} collections`);
|
|
45
63
|
// Discover view defs from lexicons
|
|
46
64
|
discoverViews();
|
|
47
|
-
|
|
48
|
-
const schemas =
|
|
49
|
-
const
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
uri TEXT PRIMARY KEY,
|
|
56
|
-
cid TEXT,
|
|
57
|
-
did TEXT NOT NULL,
|
|
58
|
-
indexed_at TIMESTAMP NOT NULL,
|
|
59
|
-
data JSON
|
|
60
|
-
);
|
|
61
|
-
CREATE INDEX IF NOT EXISTS idx_${nsid.replace(/\./g, '_')}_indexed ON "${nsid}"(indexed_at DESC);
|
|
62
|
-
CREATE INDEX IF NOT EXISTS idx_${nsid.replace(/\./g, '_')}_author ON "${nsid}"(did);`;
|
|
63
|
-
schemas.push({ collection: nsid, tableName: `"${nsid}"`, columns: [], refColumns: [], children: [], unions: [] });
|
|
64
|
-
ddlStatements.push(genericDDL);
|
|
65
|
-
continue;
|
|
65
|
+
const engineDialect = getDialect(config.databaseEngine);
|
|
66
|
+
const { schemas, ddlStatements } = buildSchemas(lexicons, collections, engineDialect);
|
|
67
|
+
for (const s of schemas) {
|
|
68
|
+
if (s.columns.length === 0) {
|
|
69
|
+
log(`[main] No lexicon found for ${s.collection}, using generic JSON storage`);
|
|
70
|
+
}
|
|
71
|
+
else {
|
|
72
|
+
log(`[main] Schema for ${s.collection}: ${s.columns.length} columns, ${s.unions.length} unions`);
|
|
66
73
|
}
|
|
67
|
-
const schema = generateTableSchema(nsid, lexicon, lexicons);
|
|
68
|
-
schemas.push(schema);
|
|
69
|
-
ddlStatements.push(generateCreateTableSQL(schema));
|
|
70
|
-
log(`[main] Schema for ${nsid}: ${schema.columns.length} columns, ${schema.unions.length} unions`);
|
|
71
74
|
}
|
|
72
|
-
// 3. Ensure data directory exists and initialize
|
|
75
|
+
// 3. Ensure data directory exists and initialize database
|
|
73
76
|
if (config.database !== ':memory:') {
|
|
74
77
|
mkdirSync(dirname(config.database), { recursive: true });
|
|
75
78
|
}
|
|
76
|
-
await
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
//
|
|
81
|
-
await
|
|
79
|
+
const { adapter, searchPort } = await createAdapter(config.databaseEngine);
|
|
80
|
+
setSearchPort(searchPort);
|
|
81
|
+
await initDatabase(adapter, config.database, schemas, ddlStatements);
|
|
82
|
+
log(`[main] Database initialized (${config.databaseEngine}, ${config.database === ':memory:' ? 'in-memory' : config.database})`);
|
|
83
|
+
// Auto-migrate schema if lexicons changed
|
|
84
|
+
const migrationChanges = await migrateSchema(schemas);
|
|
85
|
+
if (migrationChanges.length > 0) {
|
|
86
|
+
log(`[main] Applied ${migrationChanges.length} schema migration(s)`);
|
|
87
|
+
}
|
|
88
|
+
// 3b. Run setup hooks, feeds, xrpc, og, labels
|
|
89
|
+
const serverDir = resolve(configDir, 'server');
|
|
90
|
+
if (existsSync(serverDir)) {
|
|
91
|
+
// New: single server/ directory
|
|
92
|
+
await initServer(serverDir);
|
|
93
|
+
}
|
|
94
|
+
else {
|
|
95
|
+
// Legacy: separate directories
|
|
96
|
+
await initSetup(resolve(configDir, 'setup'));
|
|
97
|
+
await loadOnLoginHook(resolve(configDir, 'hooks'));
|
|
98
|
+
await initFeeds(resolve(configDir, 'feeds'));
|
|
99
|
+
log(`[main] Feeds initialized: ${listFeeds()
|
|
100
|
+
.map((f) => f.name)
|
|
101
|
+
.join(', ') || 'none'}`);
|
|
102
|
+
await initXrpc(resolve(configDir, 'xrpc'));
|
|
103
|
+
log(`[main] XRPC handlers initialized: ${listXrpc().join(', ') || 'none'}`);
|
|
104
|
+
await initOpengraph(resolve(configDir, 'og'));
|
|
105
|
+
log(`[main] OpenGraph initialized`);
|
|
106
|
+
await initLabels(resolve(configDir, 'labels'));
|
|
107
|
+
log(`[main] Labels initialized: ${getLabelDefinitions().length} definitions`);
|
|
108
|
+
}
|
|
109
|
+
// Register built-in dev.hatk.* handlers so callXrpc() can find them
|
|
110
|
+
registerCoreHandlers(collections, config.oauth);
|
|
111
|
+
configureOAuth(config.oauth);
|
|
112
|
+
// Write db/schema.sql (after setup, so setup-created tables are included)
|
|
113
|
+
try {
|
|
114
|
+
const schemaDir = resolve(configDir, 'db');
|
|
115
|
+
mkdirSync(schemaDir, { recursive: true });
|
|
116
|
+
const schemaDump = await getSchemaDump();
|
|
117
|
+
writeFileSync(resolve(schemaDir, 'schema.sql'), `-- This file is auto-generated by hatk on startup. Do not edit.\n-- Database engine: ${config.databaseEngine}\n\n${schemaDump}\n`);
|
|
118
|
+
log(`[main] Schema written to db/schema.sql`);
|
|
119
|
+
}
|
|
120
|
+
catch { }
|
|
82
121
|
// Detect orphaned tables
|
|
83
122
|
try {
|
|
84
|
-
const existingTables = await querySQL(
|
|
123
|
+
const existingTables = (await querySQL(getSqlDialect().listTablesQuery));
|
|
85
124
|
for (const row of existingTables) {
|
|
86
125
|
const tableName = row.table_name;
|
|
87
126
|
const isChildTable = collections.some((c) => tableName.startsWith(c + '__'));
|
|
@@ -91,24 +130,64 @@ try {
|
|
|
91
130
|
}
|
|
92
131
|
}
|
|
93
132
|
catch { }
|
|
94
|
-
// 4. Initialize feeds, xrpc handlers, og, labels from directories
|
|
95
|
-
await initFeeds(resolve(configDir, 'feeds'));
|
|
96
|
-
log(`[main] Feeds initialized: ${listFeeds()
|
|
97
|
-
.map((f) => f.name)
|
|
98
|
-
.join(', ') || 'none'}`);
|
|
99
|
-
await initXrpc(resolve(configDir, 'xrpc'));
|
|
100
|
-
log(`[main] XRPC handlers initialized: ${listXrpc().join(', ') || 'none'}`);
|
|
101
|
-
await initOpengraph(resolve(configDir, 'og'));
|
|
102
|
-
log(`[main] OpenGraph initialized`);
|
|
103
|
-
await initLabels(resolve(configDir, 'labels'));
|
|
104
|
-
log(`[main] Labels initialized: ${getLabelDefinitions().length} definitions`);
|
|
105
133
|
if (config.oauth) {
|
|
106
134
|
await initOAuth(config.oauth, config.plc, config.relay);
|
|
107
135
|
log(`[main] OAuth initialized (issuer: ${config.oauth.issuer})`);
|
|
108
136
|
}
|
|
137
|
+
if (config.push) {
|
|
138
|
+
initPush(config.push, configDir);
|
|
139
|
+
if (isPushEnabled()) {
|
|
140
|
+
log(`[main] Push initialized (APNs bundle: ${config.push.apns.bundleId})`);
|
|
141
|
+
}
|
|
142
|
+
else {
|
|
143
|
+
log(`[main] Push configured but key file missing — push disabled`);
|
|
144
|
+
}
|
|
145
|
+
}
|
|
109
146
|
// 5. Start server immediately (don't wait for backfill)
|
|
110
147
|
const collectionSet = new Set(collections);
|
|
111
|
-
|
|
148
|
+
const backfillOpts = {
|
|
149
|
+
pdsUrl: relayHttpUrl(config.relay),
|
|
150
|
+
plcUrl: config.plc,
|
|
151
|
+
collections: collectionSet,
|
|
152
|
+
config: config.backfill,
|
|
153
|
+
};
|
|
154
|
+
function runBackfillAndRestart() {
|
|
155
|
+
runBackfill(backfillOpts)
|
|
156
|
+
.then(async (recordCount) => {
|
|
157
|
+
log('[main] Backfill complete, building FTS indexes...');
|
|
158
|
+
await rebuildAllIndexes(collections);
|
|
159
|
+
log('[main] FTS indexes ready');
|
|
160
|
+
return recordCount;
|
|
161
|
+
})
|
|
162
|
+
.then((recordCount) => {
|
|
163
|
+
if (recordCount > 0 && !process.env.DEV_MODE) {
|
|
164
|
+
log('[main] Restarting to reclaim memory...');
|
|
165
|
+
process.exit(1);
|
|
166
|
+
}
|
|
167
|
+
})
|
|
168
|
+
.catch((err) => {
|
|
169
|
+
console.error('[main] Backfill error:', err.message);
|
|
170
|
+
});
|
|
171
|
+
}
|
|
172
|
+
const handler = createHandler({
|
|
173
|
+
collections,
|
|
174
|
+
publicDir: config.publicDir,
|
|
175
|
+
oauth: config.oauth,
|
|
176
|
+
admins: config.admins,
|
|
177
|
+
onResync: runBackfillAndRestart,
|
|
178
|
+
});
|
|
179
|
+
globalThis.__hatk_callXrpc = callXrpc;
|
|
180
|
+
globalThis.__hatk_parseSessionCookie = parseSessionCookie;
|
|
181
|
+
globalThis.__hatk_sessionCookieName = getSessionCookieName();
|
|
182
|
+
// Detect SvelteKit build output and use it as fallback handler
|
|
183
|
+
let fallback = undefined;
|
|
184
|
+
const sveltekitHandler = resolve(configDir, 'build', 'handler.js');
|
|
185
|
+
if (existsSync(sveltekitHandler)) {
|
|
186
|
+
const sk = await import(__rewriteRelativeImportExtension(/* @vite-ignore */ sveltekitHandler));
|
|
187
|
+
fallback = sk.handler;
|
|
188
|
+
log(`[main] SvelteKit handler loaded from build/handler.js`);
|
|
189
|
+
}
|
|
190
|
+
serve(handler, config.port, undefined, fallback);
|
|
112
191
|
log(`\nhatk running:`);
|
|
113
192
|
log(` Relay: ${config.relay}`);
|
|
114
193
|
log(` Database: ${config.database}`);
|
|
@@ -121,28 +200,20 @@ log(` Feeds: ${listFeeds()
|
|
|
121
200
|
const cursor = await getCursor('relay');
|
|
122
201
|
startIndexer({
|
|
123
202
|
relayUrl: config.relay,
|
|
203
|
+
plcUrl: config.plc,
|
|
124
204
|
collections: collectionSet,
|
|
125
205
|
signalCollections: config.backfill.signalCollections ? new Set(config.backfill.signalCollections) : undefined,
|
|
126
206
|
pinnedRepos: config.backfill.repos ? new Set(config.backfill.repos) : undefined,
|
|
127
207
|
cursor,
|
|
128
208
|
fetchTimeout: config.backfill.fetchTimeout,
|
|
129
209
|
maxRetries: config.backfill.maxRetries,
|
|
210
|
+
parallelism: config.backfill.parallelism,
|
|
130
211
|
ftsRebuildInterval: config.ftsRebuildInterval,
|
|
131
212
|
});
|
|
132
213
|
// 7. Run backfill in background
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
})
|
|
139
|
-
.then(() => {
|
|
140
|
-
log('[main] Backfill complete, rebuilding FTS indexes...');
|
|
141
|
-
return rebuildAllIndexes(collections);
|
|
142
|
-
})
|
|
143
|
-
.then(() => {
|
|
144
|
-
log('[main] FTS indexes ready');
|
|
145
|
-
})
|
|
146
|
-
.catch((err) => {
|
|
147
|
-
console.error('[main] Backfill error:', err.message);
|
|
214
|
+
runBackfillAndRestart();
|
|
215
|
+
// Graceful shutdown
|
|
216
|
+
process.on('SIGTERM', () => {
|
|
217
|
+
log('[main] Received SIGTERM, shutting down...');
|
|
218
|
+
process.exit(0);
|
|
148
219
|
});
|
package/dist/mst.d.ts
CHANGED
|
@@ -1,6 +1,23 @@
|
|
|
1
|
+
/** A single entry from a Merkle Search Tree — a record path paired with its content CID. */
|
|
1
2
|
export interface MstEntry {
|
|
3
|
+
/** Record path, e.g. "xyz.marketplace.listing/3mfniulnr7c2g" */
|
|
2
4
|
path: string;
|
|
5
|
+
/** CID of the record's CBOR block */
|
|
3
6
|
cid: string;
|
|
4
7
|
}
|
|
5
|
-
|
|
8
|
+
/**
|
|
9
|
+
* Walk an AT Protocol Merkle Search Tree (MST) in key order, yielding every record entry.
|
|
10
|
+
*
|
|
11
|
+
* The MST is a prefix-compressed B+ tree used by AT Protocol repositories to map
|
|
12
|
+
* record paths to CIDs. Each node contains a left subtree pointer, an array of entries
|
|
13
|
+
* (each with a prefix length, key suffix, value CID, and right subtree pointer), and
|
|
14
|
+
* keys are reconstructed by combining the prefix of the previous key with the suffix.
|
|
15
|
+
*
|
|
16
|
+
* @param blocks - Block store that resolves CIDs to raw CBOR bytes
|
|
17
|
+
* @param rootCid - CID of the MST root node
|
|
18
|
+
* @yields {MstEntry} Record entries in lexicographic key order
|
|
19
|
+
*/
|
|
20
|
+
export declare function walkMst(blocks: {
|
|
21
|
+
get(cid: string): Uint8Array | undefined;
|
|
22
|
+
}, rootCid: string): Generator<MstEntry>;
|
|
6
23
|
//# sourceMappingURL=mst.d.ts.map
|
package/dist/mst.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mst.d.ts","sourceRoot":"","sources":["../src/mst.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAA;IACZ,GAAG,EAAE,MAAM,CAAA;CACZ;AAED,
|
|
1
|
+
{"version":3,"file":"mst.d.ts","sourceRoot":"","sources":["../src/mst.ts"],"names":[],"mappings":"AAEA,4FAA4F;AAC5F,MAAM,WAAW,QAAQ;IACvB,gEAAgE;IAChE,IAAI,EAAE,MAAM,CAAA;IACZ,qCAAqC;IACrC,GAAG,EAAE,MAAM,CAAA;CACZ;AAED;;;;;;;;;;;GAWG;AACH,wBAAiB,OAAO,CAAC,MAAM,EAAE;IAAE,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS,CAAA;CAAE,EAAE,OAAO,EAAE,MAAM,GAAG,SAAS,CAAC,QAAQ,CAAC,CA+BnH"}
|
package/dist/mst.js
CHANGED
|
@@ -1,14 +1,26 @@
|
|
|
1
1
|
import { cborDecode } from "./cbor.js";
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
2
|
+
/**
|
|
3
|
+
* Walk an AT Protocol Merkle Search Tree (MST) in key order, yielding every record entry.
|
|
4
|
+
*
|
|
5
|
+
* The MST is a prefix-compressed B+ tree used by AT Protocol repositories to map
|
|
6
|
+
* record paths to CIDs. Each node contains a left subtree pointer, an array of entries
|
|
7
|
+
* (each with a prefix length, key suffix, value CID, and right subtree pointer), and
|
|
8
|
+
* keys are reconstructed by combining the prefix of the previous key with the suffix.
|
|
9
|
+
*
|
|
10
|
+
* @param blocks - Block store that resolves CIDs to raw CBOR bytes
|
|
11
|
+
* @param rootCid - CID of the MST root node
|
|
12
|
+
* @yields {MstEntry} Record entries in lexicographic key order
|
|
13
|
+
*/
|
|
14
|
+
export function* walkMst(blocks, rootCid) {
|
|
15
|
+
/** Recursively visit an MST node, reconstructing full keys from prefix-compressed entries. */
|
|
16
|
+
function* visit(cid, prefix) {
|
|
5
17
|
const data = blocks.get(cid);
|
|
6
18
|
if (!data)
|
|
7
19
|
return prefix;
|
|
8
20
|
const { value: node } = cborDecode(data);
|
|
9
21
|
// Visit left subtree
|
|
10
22
|
if (node.l?.$link)
|
|
11
|
-
visit(node.l.$link, prefix);
|
|
23
|
+
yield* visit(node.l.$link, prefix);
|
|
12
24
|
let lastKey = prefix;
|
|
13
25
|
for (const entry of node.e || []) {
|
|
14
26
|
const keySuffix = entry.k instanceof Uint8Array ? new TextDecoder().decode(entry.k) : entry.k;
|
|
@@ -16,15 +28,14 @@ export function walkMst(blocks, rootCid) {
|
|
|
16
28
|
const fullKey = lastKey.substring(0, prefixLen) + keySuffix;
|
|
17
29
|
lastKey = fullKey;
|
|
18
30
|
if (entry.v?.$link) {
|
|
19
|
-
|
|
31
|
+
yield { path: fullKey, cid: entry.v.$link };
|
|
20
32
|
}
|
|
21
33
|
// Visit right subtree
|
|
22
34
|
if (entry.t?.$link) {
|
|
23
|
-
visit(entry.t.$link, lastKey);
|
|
35
|
+
yield* visit(entry.t.$link, lastKey);
|
|
24
36
|
}
|
|
25
37
|
}
|
|
26
38
|
return lastKey;
|
|
27
39
|
}
|
|
28
|
-
visit(rootCid, '');
|
|
29
|
-
return entries;
|
|
40
|
+
yield* visit(rootCid, '');
|
|
30
41
|
}
|
package/dist/oauth/db.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export declare const OAUTH_DDL = "\nCREATE TABLE IF NOT EXISTS _oauth_keys (\n kid TEXT PRIMARY KEY,\n private_key TEXT NOT NULL,\n public_key TEXT NOT NULL,\n created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP\n);\n\nCREATE TABLE IF NOT EXISTS _oauth_sessions (\n did TEXT PRIMARY KEY,\n pds_endpoint TEXT NOT NULL,\n access_token TEXT NOT NULL,\n refresh_token TEXT,\n dpop_jkt TEXT NOT NULL,\n token_expires_at INTEGER,\n created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,\n updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP\n);\n\nCREATE TABLE IF NOT EXISTS _oauth_requests (\n request_uri TEXT PRIMARY KEY,\n client_id TEXT NOT NULL,\n redirect_uri TEXT NOT NULL,\n scope TEXT,\n state TEXT,\n code_challenge TEXT NOT NULL,\n code_challenge_method TEXT NOT NULL DEFAULT 'S256',\n dpop_jkt TEXT NOT NULL,\n pds_request_uri TEXT,\n pds_auth_server TEXT,\n pds_code_verifier TEXT,\n pds_state TEXT,\n did TEXT,\n login_hint TEXT,\n expires_at INTEGER NOT NULL\n);\n\nCREATE TABLE IF NOT EXISTS _oauth_codes (\n code TEXT PRIMARY KEY,\n request_uri TEXT NOT NULL,\n created_at INTEGER NOT NULL\n);\n\nCREATE TABLE IF NOT EXISTS _oauth_refresh_tokens (\n token TEXT PRIMARY KEY,\n client_id TEXT NOT NULL,\n did TEXT NOT NULL,\n dpop_jkt TEXT NOT NULL,\n scope TEXT,\n created_at INTEGER NOT NULL,\n expires_at INTEGER,\n revoked INTEGER NOT NULL DEFAULT 0\n);\n\nCREATE TABLE IF NOT EXISTS _oauth_dpop_jtis (\n jti TEXT PRIMARY KEY,\n expires_at INTEGER NOT NULL\n);\n";
|
|
1
|
+
export declare const OAUTH_DDL = "\nCREATE TABLE IF NOT EXISTS _oauth_keys (\n kid TEXT PRIMARY KEY,\n private_key TEXT NOT NULL,\n public_key TEXT NOT NULL,\n created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP\n);\n\nCREATE TABLE IF NOT EXISTS _oauth_sessions (\n did TEXT PRIMARY KEY,\n pds_endpoint TEXT NOT NULL,\n pds_auth_server TEXT,\n access_token TEXT NOT NULL,\n refresh_token TEXT,\n dpop_jkt TEXT NOT NULL,\n token_expires_at INTEGER,\n created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,\n updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP\n);\n\nCREATE TABLE IF NOT EXISTS _oauth_requests (\n request_uri TEXT PRIMARY KEY,\n client_id TEXT NOT NULL,\n redirect_uri TEXT NOT NULL,\n scope TEXT,\n state TEXT,\n code_challenge TEXT NOT NULL,\n code_challenge_method TEXT NOT NULL DEFAULT 'S256',\n dpop_jkt TEXT NOT NULL,\n pds_request_uri TEXT,\n pds_auth_server TEXT,\n pds_endpoint TEXT,\n pds_code_verifier TEXT,\n pds_state TEXT,\n did TEXT,\n login_hint TEXT,\n expires_at INTEGER NOT NULL\n);\n\nCREATE TABLE IF NOT EXISTS _oauth_codes (\n code TEXT PRIMARY KEY,\n request_uri TEXT NOT NULL,\n created_at INTEGER NOT NULL\n);\n\nCREATE TABLE IF NOT EXISTS _oauth_refresh_tokens (\n token TEXT PRIMARY KEY,\n client_id TEXT NOT NULL,\n did TEXT NOT NULL,\n dpop_jkt TEXT NOT NULL,\n scope TEXT,\n created_at INTEGER NOT NULL,\n expires_at INTEGER,\n revoked INTEGER NOT NULL DEFAULT 0\n);\n\nCREATE TABLE IF NOT EXISTS _oauth_dpop_jtis (\n jti TEXT PRIMARY KEY,\n expires_at INTEGER NOT NULL\n);\n";
|
|
2
2
|
export declare function getServerKey(kid: string): Promise<{
|
|
3
3
|
privateKey: string;
|
|
4
4
|
publicKey: string;
|
|
@@ -14,6 +14,7 @@ export declare function storeOAuthRequest(requestUri: string, data: {
|
|
|
14
14
|
dpopJkt: string;
|
|
15
15
|
pdsRequestUri?: string;
|
|
16
16
|
pdsAuthServer?: string;
|
|
17
|
+
pdsEndpoint?: string;
|
|
17
18
|
pdsCodeVerifier?: string;
|
|
18
19
|
pdsState?: string;
|
|
19
20
|
did?: string;
|
|
@@ -26,6 +27,7 @@ export declare function storeAuthCode(code: string, requestUri: string): Promise
|
|
|
26
27
|
export declare function consumeAuthCode(code: string): Promise<string | null>;
|
|
27
28
|
export declare function storeSession(did: string, data: {
|
|
28
29
|
pdsEndpoint: string;
|
|
30
|
+
pdsAuthServer?: string;
|
|
29
31
|
accessToken: string;
|
|
30
32
|
refreshToken?: string;
|
|
31
33
|
dpopJkt: string;
|
package/dist/oauth/db.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"db.d.ts","sourceRoot":"","sources":["../../src/oauth/db.ts"],"names":[],"mappings":"AAMA,eAAO,MAAM,SAAS,
|
|
1
|
+
{"version":3,"file":"db.d.ts","sourceRoot":"","sources":["../../src/oauth/db.ts"],"names":[],"mappings":"AAMA,eAAO,MAAM,SAAS,6+CA4DrB,CAAA;AAID,wBAAsB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CAIzG;AAED,wBAAsB,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAMtG;AAID,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE;IACJ,QAAQ,EAAE,MAAM,CAAA;IAChB,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,aAAa,EAAE,MAAM,CAAA;IACrB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,OAAO,EAAE,MAAM,CAAA;IACf,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;CAClB,GACA,OAAO,CAAC,IAAI,CAAC,CAuBf;AAED,wBAAsB,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAM7E;AAED,wBAAsB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAE1E;AAID,wBAAsB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAMnF;AAED,wBAAsB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAK1E;AAID,wBAAsB,YAAY,CAChC,GAAG,EAAE,MAAM,EACX,IAAI,EAAE;IACJ,WAAW,EAAE,MAAM,CAAA;IACnB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,OAAO,EAAE,MAAM,CAAA;IACf,cAAc,CAAC,EAAE,MAAM,CAAA;CACxB,GACA,OAAO,CAAC,IAAI,CAAC,CAMf;AAED,wBAAsB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAGjE;AAED,wBAAsB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAE9D;AAID,wBAAsB,iBAAiB,CACrC,KAAK,EAAE,MAAM,EACb,IAAI,EAAE;IACJ,QAAQ,EAAE,MAAM,CAAA;IAChB,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,GACA,OAAO,CAAC,IAAI,CAAC,CAQf;AAED,wBAAsB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAGxE;AAED,wBAAsB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAErE;AAID,wBAAsB,oBAAoB,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAK3F;AAED,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,IAAI,CAAC,CAQzD"}
|
package/dist/oauth/db.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
// packages/hatk/src/oauth/db.ts
|
|
2
|
-
import { querySQL, runSQL } from "../db.js";
|
|
2
|
+
import { querySQL, runSQL } from "../database/db.js";
|
|
3
3
|
// --- DDL ---
|
|
4
4
|
export const OAUTH_DDL = `
|
|
5
5
|
CREATE TABLE IF NOT EXISTS _oauth_keys (
|
|
@@ -12,6 +12,7 @@ CREATE TABLE IF NOT EXISTS _oauth_keys (
|
|
|
12
12
|
CREATE TABLE IF NOT EXISTS _oauth_sessions (
|
|
13
13
|
did TEXT PRIMARY KEY,
|
|
14
14
|
pds_endpoint TEXT NOT NULL,
|
|
15
|
+
pds_auth_server TEXT,
|
|
15
16
|
access_token TEXT NOT NULL,
|
|
16
17
|
refresh_token TEXT,
|
|
17
18
|
dpop_jkt TEXT NOT NULL,
|
|
@@ -31,6 +32,7 @@ CREATE TABLE IF NOT EXISTS _oauth_requests (
|
|
|
31
32
|
dpop_jkt TEXT NOT NULL,
|
|
32
33
|
pds_request_uri TEXT,
|
|
33
34
|
pds_auth_server TEXT,
|
|
35
|
+
pds_endpoint TEXT,
|
|
34
36
|
pds_code_verifier TEXT,
|
|
35
37
|
pds_state TEXT,
|
|
36
38
|
did TEXT,
|
|
@@ -62,18 +64,39 @@ CREATE TABLE IF NOT EXISTS _oauth_dpop_jtis (
|
|
|
62
64
|
`;
|
|
63
65
|
// --- Key Management ---
|
|
64
66
|
export async function getServerKey(kid) {
|
|
65
|
-
const rows = await querySQL('SELECT private_key, public_key FROM _oauth_keys WHERE kid = $1', [kid]);
|
|
67
|
+
const rows = (await querySQL('SELECT private_key, public_key FROM _oauth_keys WHERE kid = $1', [kid]));
|
|
66
68
|
if (rows.length === 0)
|
|
67
69
|
return null;
|
|
68
70
|
return { privateKey: rows[0].private_key, publicKey: rows[0].public_key };
|
|
69
71
|
}
|
|
70
72
|
export async function storeServerKey(kid, privateKey, publicKey) {
|
|
71
|
-
await runSQL('INSERT OR REPLACE INTO _oauth_keys (kid, private_key, public_key) VALUES ($1, $2, $3)',
|
|
73
|
+
await runSQL('INSERT OR REPLACE INTO _oauth_keys (kid, private_key, public_key) VALUES ($1, $2, $3)', [
|
|
74
|
+
kid,
|
|
75
|
+
privateKey,
|
|
76
|
+
publicKey,
|
|
77
|
+
]);
|
|
72
78
|
}
|
|
73
79
|
// --- OAuth Request Storage ---
|
|
74
80
|
export async function storeOAuthRequest(requestUri, data) {
|
|
75
|
-
await runSQL(`INSERT INTO _oauth_requests (request_uri, client_id, redirect_uri, scope, state, code_challenge, code_challenge_method, dpop_jkt, pds_request_uri, pds_auth_server, pds_code_verifier, pds_state, did, login_hint, expires_at)
|
|
76
|
-
VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15)`,
|
|
81
|
+
await runSQL(`INSERT INTO _oauth_requests (request_uri, client_id, redirect_uri, scope, state, code_challenge, code_challenge_method, dpop_jkt, pds_request_uri, pds_auth_server, pds_endpoint, pds_code_verifier, pds_state, did, login_hint, expires_at)
|
|
82
|
+
VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16)`, [
|
|
83
|
+
requestUri,
|
|
84
|
+
data.clientId,
|
|
85
|
+
data.redirectUri,
|
|
86
|
+
data.scope || null,
|
|
87
|
+
data.state || null,
|
|
88
|
+
data.codeChallenge,
|
|
89
|
+
data.codeChallengeMethod || 'S256',
|
|
90
|
+
data.dpopJkt,
|
|
91
|
+
data.pdsRequestUri || null,
|
|
92
|
+
data.pdsAuthServer || null,
|
|
93
|
+
data.pdsEndpoint || null,
|
|
94
|
+
data.pdsCodeVerifier || null,
|
|
95
|
+
data.pdsState || null,
|
|
96
|
+
data.did || null,
|
|
97
|
+
data.loginHint || null,
|
|
98
|
+
data.expiresAt,
|
|
99
|
+
]);
|
|
77
100
|
}
|
|
78
101
|
export async function getOAuthRequest(requestUri) {
|
|
79
102
|
const rows = await querySQL('SELECT * FROM _oauth_requests WHERE request_uri = $1 AND expires_at > $2', [
|
|
@@ -83,57 +106,63 @@ export async function getOAuthRequest(requestUri) {
|
|
|
83
106
|
return rows.length > 0 ? rows[0] : null;
|
|
84
107
|
}
|
|
85
108
|
export async function deleteOAuthRequest(requestUri) {
|
|
86
|
-
await runSQL('DELETE FROM _oauth_requests WHERE request_uri = $1', requestUri);
|
|
109
|
+
await runSQL('DELETE FROM _oauth_requests WHERE request_uri = $1', [requestUri]);
|
|
87
110
|
}
|
|
88
111
|
// --- Authorization Codes ---
|
|
89
112
|
export async function storeAuthCode(code, requestUri) {
|
|
90
|
-
await runSQL('INSERT INTO _oauth_codes (code, request_uri, created_at) VALUES ($1, $2, $3)',
|
|
113
|
+
await runSQL('INSERT INTO _oauth_codes (code, request_uri, created_at) VALUES ($1, $2, $3)', [
|
|
114
|
+
code,
|
|
115
|
+
requestUri,
|
|
116
|
+
Math.floor(Date.now() / 1000),
|
|
117
|
+
]);
|
|
91
118
|
}
|
|
92
119
|
export async function consumeAuthCode(code) {
|
|
93
|
-
const rows = await querySQL('SELECT request_uri FROM _oauth_codes WHERE code = $1', [code]);
|
|
120
|
+
const rows = (await querySQL('SELECT request_uri FROM _oauth_codes WHERE code = $1', [code]));
|
|
94
121
|
if (rows.length === 0)
|
|
95
122
|
return null;
|
|
96
|
-
await runSQL('DELETE FROM _oauth_codes WHERE code = $1', code);
|
|
123
|
+
await runSQL('DELETE FROM _oauth_codes WHERE code = $1', [code]);
|
|
97
124
|
return rows[0].request_uri;
|
|
98
125
|
}
|
|
99
126
|
// --- Sessions ---
|
|
100
127
|
export async function storeSession(did, data) {
|
|
101
|
-
await runSQL(`INSERT OR REPLACE INTO _oauth_sessions (did, pds_endpoint, access_token, refresh_token, dpop_jkt, token_expires_at, updated_at)
|
|
102
|
-
VALUES ($1,$2,$3,$4,$5,$6,CURRENT_TIMESTAMP)`, did, data.pdsEndpoint, data.accessToken, data.refreshToken || null, data.dpopJkt, data.tokenExpiresAt || null);
|
|
128
|
+
await runSQL(`INSERT OR REPLACE INTO _oauth_sessions (did, pds_endpoint, pds_auth_server, access_token, refresh_token, dpop_jkt, token_expires_at, updated_at)
|
|
129
|
+
VALUES ($1,$2,$3,$4,$5,$6,$7,CURRENT_TIMESTAMP)`, [did, data.pdsEndpoint, data.pdsAuthServer || null, data.accessToken, data.refreshToken || null, data.dpopJkt, data.tokenExpiresAt || null]);
|
|
103
130
|
}
|
|
104
131
|
export async function getSession(did) {
|
|
105
132
|
const rows = await querySQL('SELECT * FROM _oauth_sessions WHERE did = $1', [did]);
|
|
106
133
|
return rows.length > 0 ? rows[0] : null;
|
|
107
134
|
}
|
|
108
135
|
export async function deleteSession(did) {
|
|
109
|
-
await runSQL('DELETE FROM _oauth_sessions WHERE did = $1', did);
|
|
136
|
+
await runSQL('DELETE FROM _oauth_sessions WHERE did = $1', [did]);
|
|
110
137
|
}
|
|
111
138
|
// --- Refresh Tokens ---
|
|
112
139
|
export async function storeRefreshToken(token, data) {
|
|
113
140
|
const now = Math.floor(Date.now() / 1000);
|
|
114
141
|
const expiresAt = data.expiresAt ?? now + 14 * 86400; // 14 days default
|
|
115
142
|
await runSQL(`INSERT INTO _oauth_refresh_tokens (token, client_id, did, dpop_jkt, scope, created_at, expires_at)
|
|
116
|
-
VALUES ($1,$2,$3,$4,$5,$6,$7)`, token, data.clientId, data.did, data.dpopJkt, data.scope || null, now, expiresAt);
|
|
143
|
+
VALUES ($1,$2,$3,$4,$5,$6,$7)`, [token, data.clientId, data.did, data.dpopJkt, data.scope || null, now, expiresAt]);
|
|
117
144
|
}
|
|
118
145
|
export async function getRefreshToken(token) {
|
|
119
146
|
const rows = await querySQL('SELECT * FROM _oauth_refresh_tokens WHERE token = $1', [token]);
|
|
120
147
|
return rows.length > 0 ? rows[0] : null;
|
|
121
148
|
}
|
|
122
149
|
export async function revokeRefreshToken(token) {
|
|
123
|
-
await runSQL('UPDATE _oauth_refresh_tokens SET revoked = 1 WHERE token = $1', token);
|
|
150
|
+
await runSQL('UPDATE _oauth_refresh_tokens SET revoked = 1 WHERE token = $1', [token]);
|
|
124
151
|
}
|
|
125
152
|
// --- DPoP JTI Replay Protection ---
|
|
126
153
|
export async function checkAndStoreDpopJti(jti, expiresAt) {
|
|
127
154
|
const rows = await querySQL('SELECT 1 FROM _oauth_dpop_jtis WHERE jti = $1', [jti]);
|
|
128
155
|
if (rows.length > 0)
|
|
129
156
|
return false;
|
|
130
|
-
await runSQL('INSERT INTO _oauth_dpop_jtis (jti, expires_at) VALUES ($1, $2)', jti, expiresAt);
|
|
157
|
+
await runSQL('INSERT INTO _oauth_dpop_jtis (jti, expires_at) VALUES ($1, $2)', [jti, expiresAt]);
|
|
131
158
|
return true;
|
|
132
159
|
}
|
|
133
160
|
export async function cleanupExpiredOAuth() {
|
|
134
161
|
const now = Math.floor(Date.now() / 1000);
|
|
135
|
-
await runSQL('DELETE FROM _oauth_dpop_jtis WHERE expires_at < $1', now);
|
|
136
|
-
await runSQL('DELETE FROM _oauth_requests WHERE expires_at < $1', now);
|
|
137
|
-
await runSQL('DELETE FROM _oauth_codes WHERE created_at < $1', now - 600);
|
|
138
|
-
await runSQL('DELETE FROM _oauth_refresh_tokens WHERE revoked = 1 OR (expires_at IS NOT NULL AND expires_at < $1)',
|
|
162
|
+
await runSQL('DELETE FROM _oauth_dpop_jtis WHERE expires_at < $1', [now]);
|
|
163
|
+
await runSQL('DELETE FROM _oauth_requests WHERE expires_at < $1', [now]);
|
|
164
|
+
await runSQL('DELETE FROM _oauth_codes WHERE created_at < $1', [now - 600]);
|
|
165
|
+
await runSQL('DELETE FROM _oauth_refresh_tokens WHERE revoked = 1 OR (expires_at IS NOT NULL AND expires_at < $1)', [
|
|
166
|
+
now,
|
|
167
|
+
]);
|
|
139
168
|
}
|
package/dist/oauth/server.d.ts
CHANGED
|
@@ -59,20 +59,44 @@ export declare function getClientMetadata(issuer: string, config: OAuthConfig):
|
|
|
59
59
|
dpop_bound_access_tokens: boolean;
|
|
60
60
|
scope: string;
|
|
61
61
|
};
|
|
62
|
+
/**
|
|
63
|
+
* Handle a Pushed Authorization Request (PAR).
|
|
64
|
+
*
|
|
65
|
+
* Supports account creation via `prompt=create`. When set, `login_hint`
|
|
66
|
+
* is treated as a PDS hostname (e.g. "selfhosted.social" or "localhost:2583")
|
|
67
|
+
* rather than a handle or DID. The auth server is discovered from the PDS's
|
|
68
|
+
* protected resource metadata, and `prompt=create` is forwarded to the PDS
|
|
69
|
+
* PAR so it shows the signup page.
|
|
70
|
+
*
|
|
71
|
+
* For normal login, `login_hint` is a handle or DID as usual.
|
|
72
|
+
*/
|
|
62
73
|
export declare function handlePar(config: OAuthConfig, body: Record<string, string>, dpopHeader: string, requestUrl: string): Promise<{
|
|
63
74
|
request_uri: string;
|
|
64
75
|
expires_in: number;
|
|
65
76
|
}>;
|
|
66
77
|
export declare function buildAuthorizeRedirect(config: OAuthConfig, request: any): string;
|
|
78
|
+
/**
|
|
79
|
+
* Initiate a server-side OAuth login or account creation flow.
|
|
80
|
+
*
|
|
81
|
+
* For account creation, pass `{ prompt: 'create', pds: 'selfhosted.social' }`.
|
|
82
|
+
* The `pds` is a bare hostname; the auth server is discovered from its
|
|
83
|
+
* protected resource metadata.
|
|
84
|
+
*/
|
|
85
|
+
export declare function serverLogin(config: OAuthConfig, handle: string, options?: {
|
|
86
|
+
prompt?: string;
|
|
87
|
+
pds?: string;
|
|
88
|
+
}): Promise<string>;
|
|
67
89
|
export declare function handleCallback(config: OAuthConfig, code: string, state: string | null, iss: string | null): Promise<{
|
|
68
90
|
requestUri: string;
|
|
69
91
|
clientRedirectUri: string;
|
|
70
92
|
clientState: string | null;
|
|
93
|
+
did: string;
|
|
71
94
|
}>;
|
|
72
95
|
export declare function handleToken(config: OAuthConfig, body: Record<string, string>, dpopHeader: string, requestUrl: string): Promise<any>;
|
|
73
96
|
export declare function refreshPdsSession(config: OAuthConfig, session: {
|
|
74
97
|
did: string;
|
|
75
98
|
pds_endpoint: string;
|
|
99
|
+
pds_auth_server?: string;
|
|
76
100
|
refresh_token: string;
|
|
77
101
|
dpop_jkt: string;
|
|
78
102
|
}): Promise<{
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/oauth/server.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/oauth/server.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AA4E/C,wBAAsB,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAsBrG;AAID,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW;;;;;;;;;;;;;;;;;;;EAqBxE;AAED,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW;;;;;EAO/E;AAED,wBAAgB,OAAO;;;;;;;;;;;;;;;;;;;;;;EAWtB;AAED,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW;;;;;;;;;EAcpE;AAID;;;;;;;;;;GAUG;AACH,wBAAsB,SAAS,CAC7B,MAAM,EAAE,WAAW,EACnB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC,CAwKtD;AAID,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,GAAG,MAAM,CAShF;AAID;;;;;;GAMG;AACH,wBAAsB,WAAW,CAC/B,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAC1C,OAAO,CAAC,MAAM,CAAC,CA6HjB;AAID,wBAAsB,cAAc,CAClC,MAAM,EAAE,WAAW,EACnB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GAAG,IAAI,EACpB,GAAG,EAAE,MAAM,GAAG,IAAI,GACjB,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,iBAAiB,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAAC,CA2HrG;AAID,wBAAsB,WAAW,CAC/B,MAAM,EAAE,WAAW,EACnB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,GAAG,CAAC,CAUd;AA0JD,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,WAAW,EACnB,OAAO,EAAE;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAC;IAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GAChH,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CAsEpF;AAID,wBAAsB,YAAY,CAChC,UAAU,EAAE,MAAM,GAAG,IAAI,EACzB,UAAU,EAAE,MAAM,GAAG,IAAI,EACzB,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,MAAM,GACV,OAAO,CAAC;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CA0BjC"}
|