@powersync/service-core 0.15.0 → 0.16.1

package/src/routes/endpoints/admin.ts

@@ -1,4 +1,4 @@
-import { errors, router, schema } from '@powersync/lib-services-framework';
+import { ErrorCode, errors, router, schema } from '@powersync/lib-services-framework';
 import { SqlSyncRules, StaticSchema } from '@powersync/service-sync-rules';
 import { internal_routes } from '@powersync/service-types';
 
@@ -120,9 +120,9 @@ export const reprocess = routeDefinition({
 
     const active = await activeBucketStorage.getActiveSyncRules(apiHandler.getParseSyncRulesOptions());
     if (active == null) {
-      throw new errors.JourneyError({
+      throw new errors.ServiceError({
         status: 422,
-        code: 'NO_SYNC_RULES',
+        code: ErrorCode.PSYNC_S4104,
         description: 'No active sync rules'
       });
     }

package/src/routes/endpoints/socket-route.ts

@@ -1,4 +1,4 @@
-import { errors, logger, schema } from '@powersync/lib-services-framework';
+import { ErrorCode, errors, logger, schema } from '@powersync/lib-services-framework';
 import { RequestParameters } from '@powersync/service-sync-rules';
 import { serialize } from 'bson';
 
@@ -34,9 +34,9 @@ export const syncStreamReactive: SocketRouteGenerator = (router) =>
 
       if (routerEngine!.closed) {
         responder.onError(
-          new errors.JourneyError({
+          new errors.ServiceError({
             status: 503,
-            code: 'SERVICE_UNAVAILABLE',
+            code: ErrorCode.PSYNC_S2003,
             description: 'Service temporarily unavailable'
           })
         );
@@ -53,9 +53,9 @@ export const syncStreamReactive: SocketRouteGenerator = (router) =>
       const cp = await activeBucketStorage.getActiveCheckpoint();
       if (!cp.hasSyncRules()) {
         responder.onError(
-          new errors.JourneyError({
+          new errors.ServiceError({
             status: 500,
-            code: 'NO_SYNC_RULES',
+            code: ErrorCode.PSYNC_S2302,
             description: 'No sync rules available'
           })
         );

package/src/routes/endpoints/sync-rules.ts

@@ -1,4 +1,4 @@
-import { errors, router, schema } from '@powersync/lib-services-framework';
+import { ErrorCode, errors, router, schema } from '@powersync/lib-services-framework';
 import { SqlSyncRules, SyncRulesErrors } from '@powersync/service-sync-rules';
 import type { FastifyPluginAsync } from 'fastify';
 import * as t from 'ts-codec';
@@ -43,9 +43,9 @@ export const deploySyncRules = routeDefinition({
 
     if (service_context.configuration.sync_rules.present) {
       // If sync rules are configured via the config, disable deploy via the API.
-      throw new errors.JourneyError({
+      throw new errors.ServiceError({
         status: 422,
-        code: 'API_DISABLED',
+        code: ErrorCode.PSYNC_S4105,
         description: 'Sync rules API disabled',
         details: 'Use the management API to deploy sync rules'
       });
@@ -60,9 +60,9 @@ export const deploySyncRules = routeDefinition({
         schema: undefined
       });
     } catch (e) {
-      throw new errors.JourneyError({
+      throw new errors.ServiceError({
         status: 422,
-        code: 'INVALID_SYNC_RULES',
+        code: ErrorCode.PSYNC_R0001,
         description: 'Sync rules parsing failed',
         details: e.message
       });
@@ -112,9 +112,9 @@ export const currentSyncRules = routeDefinition({
 
     const sync_rules = await activeBucketStorage.getActiveSyncRulesContent();
     if (!sync_rules) {
-      throw new errors.JourneyError({
+      throw new errors.ServiceError({
         status: 422,
-        code: 'NO_SYNC_RULES',
+        code: ErrorCode.PSYNC_S4104,
         description: 'No active sync rules'
       });
     }
@@ -159,9 +159,9 @@ export const reprocessSyncRules = routeDefinition({
     const apiHandler = payload.context.service_context.routerEngine!.getAPI();
     const sync_rules = await activeBucketStorage.getActiveSyncRules(apiHandler.getParseSyncRulesOptions());
     if (sync_rules == null) {
-      throw new errors.JourneyError({
+      throw new errors.ServiceError({
         status: 422,
-        code: 'NO_SYNC_RULES',
+        code: ErrorCode.PSYNC_S4104,
         description: 'No active sync rules'
       });
     }

package/src/routes/endpoints/sync-stream.ts

@@ -1,4 +1,4 @@
-import { errors, logger, router, schema } from '@powersync/lib-services-framework';
+import { ErrorCode, errors, logger, router, schema } from '@powersync/lib-services-framework';
 import { RequestParameters } from '@powersync/service-sync-rules';
 import { Readable } from 'stream';
 
@@ -26,9 +26,9 @@ export const syncStreamed = routeDefinition({
     const clientId = payload.params.client_id;
 
     if (routerEngine!.closed) {
-      throw new errors.JourneyError({
+      throw new errors.ServiceError({
         status: 503,
-        code: 'SERVICE_UNAVAILABLE',
+        code: ErrorCode.PSYNC_S2003,
         description: 'Service temporarily unavailable'
       });
     }
@@ -39,9 +39,9 @@ export const syncStreamed = routeDefinition({
     // Sanity check before we start the stream
     const cp = await storageEngine.activeBucketStorage.getActiveCheckpoint();
     if (!cp.hasSyncRules()) {
-      throw new errors.JourneyError({
+      throw new errors.ServiceError({
         status: 500,
-        code: 'NO_SYNC_RULES',
+        code: ErrorCode.PSYNC_S2302,
         description: 'No sync rules available'
       });
     }

package/src/routes/route-register.ts

@@ -62,16 +62,16 @@ export function registerFastifyRoutes(
               });
             }
           } catch (ex) {
-            const journeyError = errors.JourneyError.isJourneyError(ex) ? ex : new errors.InternalServerError(ex);
-            logger.error(`Request failed`, journeyError);
+            const serviceError = errors.asServiceError(ex);
+            logger.error(`Request failed`, serviceError);
 
             response = new router.RouterResponse({
-              status: journeyError.errorData.status || 500,
+              status: serviceError.errorData.status || 500,
               headers: {
                 'Content-Type': 'application/json'
               },
               data: {
-                error: journeyError.errorData
+                error: serviceError.errorData
               }
             });
           }

package/src/util/config/compound-config-collector.ts

@@ -1,4 +1,4 @@
-import { logger } from '@powersync/lib-services-framework';
+import { logger, LookupOptions } from '@powersync/lib-services-framework';
 import { configFile } from '@powersync/service-types';
 import * as auth from '../../auth/auth-index.js';
 import { ConfigCollector } from './collectors/config-collector.js';
@@ -91,12 +91,23 @@ export class CompoundConfigCollector {
       jwks_uris = [jwks_uris];
     }
 
+    let jwksLookup: LookupOptions = {
+      reject_ip_ranges: []
+    };
+
+    if (baseConfig.client_auth?.jwks_reject_ip_ranges != null) {
+      jwksLookup = {
+        reject_ip_ranges: baseConfig.client_auth?.jwks_reject_ip_ranges
+      };
+    }
+    if (baseConfig.client_auth?.block_local_jwks) {
+      // Deprecated - recommend method is to use jwks_reject_ip_ranges
+      jwksLookup.reject_ip_ranges.push('local');
+      jwksLookup.reject_ipv6 = true;
+    }
+
     for (let uri of jwks_uris) {
-      collectors.add(
-        new auth.CachedKeyCollector(
-          new auth.RemoteJWKSCollector(uri, { block_local_ip: !!baseConfig.client_auth?.block_local_jwks })
-        )
-      );
+      collectors.add(new auth.CachedKeyCollector(new auth.RemoteJWKSCollector(uri, { lookupOptions: jwksLookup })));
     }
 
     const baseDevKey = (baseConfig.client_auth?.jwks?.keys ?? []).find((key) => key.kid == POWERSYNC_DEV_KID);
@@ -121,9 +132,6 @@ export class CompoundConfigCollector {
       api_tokens: baseConfig.api?.tokens ?? [],
       dev: {
         demo_auth: baseConfig.dev?.demo_auth ?? false,
-        demo_client: baseConfig.dev?.demo_client ?? false,
-        demo_password: baseConfig.dev?.demo_password,
-        crud_api: baseConfig.dev?.crud_api ?? false,
         dev_key: devKey
       },
       port: baseConfig.port ?? 8080,

package/src/util/config/types.ts

@@ -34,9 +34,6 @@ export type ResolvedPowerSyncConfig = {
   storage: configFile.GenericStorageConfig;
   dev: {
     demo_auth: boolean;
-    demo_password?: string;
-    crud_api: boolean;
-    demo_client: boolean;
     /**
      * Only present when demo_auth == true
      */

package/src/util/utils.ts

@@ -7,6 +7,7 @@ import { BucketChecksum, OpId, OplogEntry } from './protocol-types.js';
 import * as storage from '../storage/storage-index.js';
 
 import { PartialChecksum } from '../storage/ChecksumCache.js';
+import { ServiceAssertionError } from '@powersync/lib-services-framework';
 
 export type ChecksumMap = Map<string, BucketChecksum>;
 
@@ -34,7 +35,7 @@ export function timestampToOpId(ts: bigint): OpId {
   // Dynamic values are passed in in some cases, so we make extra sure that the
   // number is a bigint and not number or Long.
   if (typeof ts != 'bigint') {
-    throw new Error(`bigint expected, got: ${ts} (${typeof ts})`);
+    throw new ServiceAssertionError(`bigint expected, got: ${ts} (${typeof ts})`);
   }
   return ts.toString(10);
 }

package/test/src/auth.test.ts

@@ -284,11 +284,23 @@ describe('JWT Auth', () => {
     expect(errors).toEqual([]);
     expect(keys.length).toBeGreaterThanOrEqual(1);
 
-    // The localhost hostname fails to resolve correctly on MacOS https://github.com/nodejs/help/issues/2163
-    const invalid = new RemoteJWKSCollector('https://127.0.0.1/.well-known/jwks.json', {
-      block_local_ip: true
+    // Domain names are resolved when retrieving keys
+    const invalid = new RemoteJWKSCollector('https://localhost/.well-known/jwks.json', {
+      lookupOptions: {
+        reject_ip_ranges: ['local']
+      }
     });
     expect(invalid.getKeys()).rejects.toThrow('IPs in this range are not supported');
+
+    // IPS throw an error immediately
+    expect(
+      () =>
+        new RemoteJWKSCollector('https://127.0.0.1/.well-known/jwks.json', {
+          lookupOptions: {
+            reject_ip_ranges: ['local']
+          }
+        })
+    ).toThrowError('IPs in this range are not supported');
   });
 
   test('http not blocking local IPs', async () => {
@@ -301,10 +313,13 @@ describe('JWT Auth', () => {
     expect(errors).toEqual([]);
     expect(keys.length).toBeGreaterThanOrEqual(1);
 
-    // The localhost hostname fails to resolve correctly on MacOS https://github.com/nodejs/help/issues/2163
     const invalid = new RemoteJWKSCollector('https://127.0.0.1/.well-known/jwks.json');
     // Should try and fetch
-    expect(invalid.getKeys()).rejects.toThrow('ECONNREFUSED');
+    expect(invalid.getKeys()).rejects.toThrow();
+
+    const invalid2 = new RemoteJWKSCollector('https://localhost/.well-known/jwks.json');
+    // Should try and fetch
+    expect(invalid2.getKeys()).rejects.toThrow();
   });
 
   test('caching', async () => {