* Properly validate JWK `htu` claim by enforcing URL without query or fragment
* type fix
* Return DPoP validation result from `authenticateRequest`
* Log clients using invalid "htu" claim in DPoP proof
* review comments
* fix lint
* tidy
* rename dpop result to dpop proof
Currently, the `lingui extract` command is being run as part of the `build` and `dev` commands. This causes very large diffs in PRs, even when no change are made to `.po` files.
With this change, only running `pnpm i18n` (from the root folder), or `pnpm i18n:extract` (from ui libs that support it) will cause the PO files to be re-computed.
* Adds "password reset" during OAuth flows
* Adds "Sign up" during OAuth flows
* Adds support for multiple languages in the OAuth flow
* Adds "fr" translation for the OAuth flow
Co-authored-by: devin ivy <devinivy@gmail.com>
Co-authored-by: Eric Bailey <git@esb.lol>
* Add linting rule to sort imports
* remove spacing between import groups
* changeset
* changeset
* prettier config fine tuning
* forbid use of deprecated imports
* tidy
* use corepack, specify package manager, add nvmrc
* rm version in github action
---------
Co-authored-by: Samuel Newman <10959775+mozzius@users.noreply.github.com>
* chore(deps): update zod
* chore(deps): update pino to match entryway version
* chore(tsconfig): remove truncation of types through noErrorTruncation
* add support for DPoP token type when logging
* fix(bsky): JSON.parse does not return value of type JSON
* fix(pds): add res property to ReqCtx
* fix(pds): properly type getPreferences return value
* chore(tsconfig): disable noFallthroughCasesInSwitch
* refactor(pds): move tracer config in own file
* feat(dev-env): start with "pnpm dev"
* feat(oauth): add oauth provider & client libs
* feat(pds): add oauth provider
* chore: changeset
* feat: various fixes and improvements
* chore(deps): update better-sqlite3 to version 10.0.0 for node 22 compatibility
* chore(deps): drop unused tslib
* fix(did): normalize service IDs before looking for duplicates
* fix(did): avoid minor type casting
* fix(did): improve argument validation
* fix(fetch): explicit use of negation around number comparison
* fix(oauth-provider): improve argument validation
* feat(did): add ATPROTO specific "isAtprotoDidWeb" method
* feat(rollup-plugin-bundle-manifest): add readme
* feat(lint): add eqeqeq rule (only allow == and != with null)
* fix(oauth-client-browser): typo in gitignore
* fix(oauth-provider): properly name error class file
* fix(oauth-provider): remove un-necessary useMemo
* fix(did-resolver): properly build did:web document url
* fix(did-resolver): remove unused types
* fix(fetch): remove unused utils
* fix(pds): remove unused script and dependency
* fix(oauth-provider): simplify isSubPath util
* fix(oauth-provider): add InvalidRedirectUriError static constructor
* fix(jwk): improve JWT validation to provide better error messages and distinguish between signed and unsigned tokens
* fix(pds): use "debug" log level for fetch method
* fix(pds): allow access tokens to contain an unknown "typ" claim (with the exception of "dpop+jwt")
* fix(jwk): remove un-necessary code
* fix(pds): account for whitespace chars when checking JSON
* fix(pds): remove oauth specific config
* fix(pds): run all write queries through transaction or executeWithRetry
fix(pds): remove outdated comments
fix(pds): rename used_refresh_token columns & added primary key
fix(pds): run cleanup task through backgroundQueue
fix(pds): add device.id foreign key to device_account
fix(pds): add comment on cleanup of used_refresh_token
fix(pds): add primary key on device_account
* fix(oauth-provider:time): simplify constantTime util
* fix(pds): rename disableSsrf into disableSsrfProtection
* fix(oauth-client-react-native): remove incomplete package
* refactor(pds): remove status & active from ActorAccount
* fix(pds): invalidate all oauth tokens on takedown
* fix(oauth-provider): enforce token expiry
* fix(pds): properly support deactivated accounts
* perf(pds:db): allow transaction function to be sync
* refactor(psq:account-manager): expose only query builders & data transformations utils from helpers
* fix(oauth-provider): imports from self
* fix(ci): add nested packages to build artifacts
* style(fetch): rename TODO into @TODO
* style(rollup-plugin-bundle-manifest): remove "TODO" from comment
* style(oauth-client): rename TODO into @TODO
* style(oauth-provider): rename TODO into @TODO
* refactor(oauth-client): remove "OAuth" prefix from types
* fix(oauth-client-browser): better type SessionListener
* style(oauth): rename TODO into @TODO
* fix(oauth-provider): enforce provider max session age
* fix(oauth-provider): check authentication parameters against all client metadata
* fix(api): tests
* fix(pds): remove .js from imports for tests
* fix(pds): change account status to match tests
* chore(deps): make all packages depend on the same zod version
* fix(common-web): remove un-necessary binding of Checkable to "zod"
* refactor(jwk): infer jwt schema from refinement definition
* fix(handle-resolver): allow resolution errors to propagate
docs(handle-resolver): better handling of DNS resolution errors
fix(handle-resolver): properly handle DOH responses
* fix(did): service endpoint arrays must contain "one or more" element
* refactor(pipe): simplify implementation
* fix(pds): add missing DB indexes
* feat(oauth): Resolve Authorization Server URI through Protected Resource Metadata
* style:(oauth-client): import order
* docs(oauth-provider:redirect-uri): add reference url
* feat(oauth): implement "OAuth Client ID Metadata Document" from draft-parecki-oauth-client-id-metadata-document-latest internet draft
* feat(oauth-client): backport changes from feat-oauth-client
* docs(simple-store): improve comments
* feat(lexicons): add iterable capabilities
* fix(pds): type error in dev mode
* feat(oauth-provider): improved error reporting
* fix(oauth-types): allow insecure issuer during tests
* fix(xrpc-server): allow upload of empty files
* fix: lint
* feat(fetch): keep request reference in errors
feat(fetch): utilities improvements
* fix(pds): allow more than one session token per user
* feat(ozone): improve env validation error messages
* fix(oauth-client): account for DPoP when checking for invalid_token errors
* fixup! feat(fetch): keep request reference in errors feat(fetch): utilities improvements
* fixup! feat(fetch): keep request reference in errors feat(fetch): utilities improvements
* fix(oauth): various validation fixes
feat(oauth): share client_id validation and parsing utilities between client & provider
* feat(dev-env): fix ozone port number
* fix(fetch-node): prevent fetch against invalid domain names
* fix(oauth-provider): add typings for psl dep
* feat(jwk): make type def compatible with TS 4.x
* fix(oauth): fixed various spec compliance
fix(oauth): return "sub" in refresh token response
fix(oauth): limit token validity for third party clients
fix(oauth): hide client image when not trusted
* fix(oauth): lint
* pds: switch changeset to patch, no breaking changes
* changeset and config for new oauth deps
---------
Co-authored-by: Devin Ivy <devinivy@gmail.com>
* add changesets
* clean up scripts
* remove test changeset
* only build containers on push to production, clean up other workflows
* keep building from main
* remove production branch for now
* use pnpm
* fix dependency issues, replace yarn and lerna scripts
* remove the main/dist scripts
* update Dockerfiles
* use pnpm
* fix dependency issues, replace yarn and lerna scripts
* remove the main/dist scripts
* update Dockerfiles
* update bin script
* remove unused zod dep
* fix type errors in pds
* add types prop to packages
* remove unused, bump lock
* fix test running
* build before test
* fix pino types
* format
* pds depends on dev-env in test
* refer to src instead of built packages
* pds relies on bsky in test too
* remove yarn.lock
* add -r flag to root test
* test push to aws
* remove docker test
* add publishConfig to new package
* move services to top level dir
(cherry picked from commit f5012bec33435a4473e9960066807623334f3aff)
* update workflow paths
(cherry picked from commit 5c70f0176d381ca35d6be10cfa173e22373a5b5d)
* add main-to-dist script
* use script in all packages, remove old Dockerfiles
* remove old bsky service
* remove newline
* test container builds
* Revert "test container builds"
This reverts commit c228611f5e8e1624d4b124be4976c49590130f43.
* remove unused config
* test build containers
* pnpm in syntax
* bump dd-trace
* shamefully hoist
* even more shame
* hoist, externalize deps
* clean install for prod and smaller containers
* dont build branches
---------
Co-authored-by: dholms <dtholmgren@gmail.com>
* setup redis infra for appview indexer
* barebones bsky ingester
* add ioredis to bsky
* remove some indexer functionality from bsky api
* setup for bsky indexer
* tidy
* tidy, observe basic pipeline functioning
* process messages on bsky indexer pipeline, tidy tests and lifecycle
* trim partitions when moving cursor
* simplify config for partitions
* misc fixes for redis setup in bsky tests, add namespacing
* fix pds proxy tests
* remove cursor state from indexer partitions, simplify ingester state
* tidy
* utils for testing w/ multiple indexers, fix off-by-one xtrim
* test reingesting
* test indexer repartitioning
* add entrypoints for bsky ingester and indexer, fix db schema config, api entrypoint name, tidy
* setup and test bsky ingester backpressure, add config
* tidy
* add missing test file
* tidy redis calls, add redis sentinel config
* tidy/test some utils used in bsky pipeline
* tidy bsky pipeline tests, move helpers into dev-env
* fix pds crud test
* support redis host and password config
* better loggin/observability in ingester and indexer, make build
* add bsky ingester initial cursor config
* temporarily remove migrations from indexer/ingester
* allow ingester to batch
* packages/pg becomes packages/dev-infra with some cleanup (#1402)
* packages/dev-infra/
* Extract packages/dev-infra/_common.sh and use it
* Use period instead of source because of /bin/sh
* add docs for redis test script
* fix repartition test
* add logs to debug ci
* simplify repartitioning test, remove ci logs
---------
Co-authored-by: Jerry Chen <jerry@redelm.net>
* integrating new plc lib
* patching up did-resolver
* buffing up pds tests
* didResolver on ctx & plc in postgres
* bring dev env up to date
* re-add extension for linting
* tidy
* use current env vars
* pr feedback
* Setup interface for image processing
* Implement getInfo() on SharpImageProcessor
* Reorganize pds image processing code
* Implement initial resize() on SharpImageProcessor
* Test sharp image processor, apply a couple fixes
* Tidy
* Implement initial pds image uri builder/signer/verifier
* Initial implementation of image processing server
* Update node types for node v18
* Add disk caching to pds image service
* Test pds image process caching, tidy
* Move pds image processor away from an interface
* Add sharp to pds build externals
* Move away from xrpc-server errors to http-errors for pds image server
* Tidy pds image exports
* Tidy
* Enable all modules to be built shallowly, externalizing their deps
* Setup shallow builds to modify package.json main
* Hoist update-main-to-dist to separate call, fix lex-cli and plc shallow builds
* Generate sourcemaps during build
* Tidy
* Hoist new build deps up to root
* Rename ADX to ATP
* Remove old docs (now in atproto website repo)
* Update readme
* Update README.md
Co-authored-by: devin ivy <devinivy@gmail.com>
* A couple of @ -> AT
Co-authored-by: devin ivy <devinivy@gmail.com>
* kysely interfaces
* migrated record plugins
* db types + notifications
* index record emthods on db
* Convert author feed to kysely
* rest of db index
* Convert home feed to kysely
* Remove references to sqlite3 package
* Convert liked by view to kysely
* create tables
* Convert notif count view to kysely
* move scrypt to own file
* Fix typo
* Convert notifs view to kysely
* Convert post thread to kysely
* Convert profile view to kysely
* accounts tests passing!
* Convert reposted by view to kysely
* Convert followers view to kysely
* Convert follows view to kysely
* Convert notifs last seen to kysely
* Tidy
* Re-enable social methods
* Minor tidy of author and home feed queries
* Tidying and minor fixes for pds view queries
* fix up crud, disabled PUTs for now
* Fix profile view, use nulls in table interfaces
* Fix pds follow/follower views, remove special db date logic
* Fix pds notification count view
* Fix pds feed views, reposted by join
* Remove typeorm from server
Co-authored-by: Devin Ivy <devinivy@gmail.com>
* ensure we understand the key type a user is rotating to
* race condition test
* handle username/pds with or without https://
* fix a quick types issue
* adding logging
* fix better-sqlite3 build issues
* bring did-resolver up to date w plc
* fix pds tests for plc
* validate the signatures
add the id to the did doc
pid from sha256 of oragin doc
added the tick to diffs extractor
added the key authorisation
add lots of types
add routes for calling the aic
refactor to jest based repo structure
* WIP
* migrate the tests
* more test fixes
* test.
* replace snake case with camel case
* moved to use isolated server for aic
* remove the aic test from the PDS
* clean up some changes outside the aic folder
* fix CaS for saving ticks
* rearange the folder
* missed one
* cleaned up aic package.json
* broken build
* test passing
* prettier
* pid tests refactor
* fix eslint/prettier setup, add eslint-config-prettier
* misc linting and style tweaks in aic
* minor touchups to aic sign/verify
* tidy error-handling in aic
* tidy-up crypto init in aic
* add aic route for getting a did doc, update /tick routes
* knex -> typeorm
* refactor crypto
* error handling & dependencies
* switching op model & some other cleanup
* change db to use operations
* add cid references to ops & ensure no branching in DB tx
* cleaning up
* rotues
* working on client & tests
* document & oepration tests
* server tests
* cleanup
* remove lobby page & static
* formatting did documents
* aic/pch -> plc
* fixing up some doc semantics
* tooling/test server
* added recovery window
* tx mutex
* test on document formatting
* take validate op out of write tx
* error handling
* readme
* couple bug fixes
* quick readme edit
Co-authored-by: Aaron Goldman <aaron@aarons-mbp.lan>
Co-authored-by: Aaron D Goldman <aaron@blueskyweb.xyz>
Co-authored-by: Devin Ivy <devin@bigroomstudios.com>
Matthieu Sieben
bnewbold
Samuel Newman
devin ivy
Eric Bailey
Daniel Holmgren
Gabe
Harlan T Wood
Paul Frazee