* Add "jwtAlg" option to verifySignature() function
* Verify service JWT header values. Add iat claim to service JWT
* Allow missing 'typ' claim in service auth jwt
* Add, and verify, a "typ" header to access and refresh tokens
* tidy
* Properly identify JWT typ missmatch
* tidy
* exclude known invalid "typ" from service auth headers
* tidy
* tidy changeset
---------
Co-authored-by: devin ivy <devinivy@gmail.com>
* Update lex
* Codegen
* Set up StatSig
* Integrate new implementation into old endpoint
* Add todo to crypto module
* Format
* Specify StatSig env
* Downgrade pnpm to match CI, bump lock
* Catch StatSig errors
* Use sep env
* Reset lockfile
* Re-add new dep using correct pnpm version
* tidy
* Integrate into AppContext and lifecycle
* Use camelCase
* Switcheroo
Co-authored-by: devin ivy <devinivy@gmail.com>
* Init prior to server listen start
* Move test env check up to server config
* Add logger and log
* Better comment
---------
Co-authored-by: devin ivy <devinivy@gmail.com>
* cleanup repeat process all
* wip
* skip actor search test
* skip actor search test
* tweak processAll
* decrease wait to 1 sec
* repo_blob -> record_blob
* simplify backlink linkTo
* return repo_root to one row
* sequence before updating repo_root
* invite code forUser -> forAccount
* ipld_block -> repo_block
* use lru-cache fetchMethod
* move did_cache to own db
* better error handling on did cache
* drop did_handle
* fix sequencer wait time
* debug
* debug
* more debug
* check something
* fix bday paradox
* fix bday paradox
* tidy up pds service auth
* rm skipped test
* retry http
* tidy
* improve fanout error handling
* fix test
* return signing key in did-web
* more tests
* tidy serivce auth checks
* user_account -> account
* remove inviteNote
* keypair per repo
* use an lru cache for keypairs as well
* clean up repo
* wip
* wrap up accoutn manager
* tidy
* tidy
* fix tests
* fix disabled codes
* fix appview tests
* add note
* set pragmas
* tidy account manager getDb
* rename pref transactor
* user pref -> account pref
* handle blob imports
* tidy imports
* add reserveSigningKey
* wip transferAccount
* clean up transferAccount
* tests
* tidy
* tidy
* configure entryway url on pds
* handle entryway in pds admin endpoints
* make importRepo temp
* fix imports
* make email optional on pds when using entryway
* handle diffs
* handle pds entryway usage for server, identity, admin endpoints
* pds support for credentials from entryway
* setup pds tests w/ entryway service
* tidy
* tidy
* update entryway version
* wip
* test handle updates w/ entryway
* split account table into two
* tidy
* tweak scripts
* tidy tests
* tidy
* better config for actorstore & dbs
* clean up cfg more
* reorg actorstore fs layout
* handle erros on actor db create
* pr tidy & fix accoutn deletion test
* pr feedback
* fix bad merge
* unskip test
* fix subscribe repos tests
* tidy repo root tables
* tidy
* fix tests
* tidy delete tokens
* tidy account getters
* tidy
* bulk deletesg
* increase chunk size
* handle racing refreshes
* wip
* fix auth test
* invert import flow
* clean up actor store on create account failure
* tweak sequencer
* prevent invite code races on createAccount
* rm note
* add back in race protection on getAccountInviteCodes
* start feature branch
* deleted app migration table
* patch up new auth test
* rm note
* g
* create accoutn delegated from entryway
* tidy
* fix test
* change plcOp type to unknown
* small fixes
* sync up w entryway branch
* Use proper error when authed account is not found (#1799)
provide proper error when account not found in access-takedown check
* build branch
* build on ghcr
* tweak service file
* tweak service file
* change where we save reserved keys
* no tmp dir in blobstore either
* fix blobstore temp location again
* handle repeat record_blobs
* create account before submitting plc op & undo if fail
* small tweak
* limit the number of local records
* push out empty commit on transfer
* fix issue with record_blob
* add push blob endpoint
* Set and validate token audiences on pds v2 (#1793)
set and validate token audience on pds v2
* merge
* include entryway did on tests
* build branch
* fix cache issue
* xrpc server blob limit
* put correct bytes
* add auth to routes
* handle quarantining/unquarantining a blob that does not exist
* tidy
* fix transfer tests
* fix email request routes for entryway
* PDS v2 entryway account deletion (#1819)
* add admin lexicon for account deletion
* implement admin account deletion endpoint
* fix entryway proxying on account email checks
* proxy to entryway for acct deletion
* read-after-write sanity check
* tweak
* wip
* finish refactor
* fix test schema
* application retry logic for busy
* pr feedback
* rm lru-cache
* fix test pg schema
* fix transfer test
* Sqlite instrumentation for pds v2 (#1838)
* sqlite instrumentation
* build
* remove build
* dont reimport blobs
* send ticks during import
* close on error
* catch handle validation error
* add log
* fix test
* return emailConfirmedAt on getAccountInfo
* Upgrade sharp on pds v2 (#1863)
upgrade sharp to 0.32.6
* read all bytes before parsing car
* Async car reader (#1867)
* asynchronously read in car
* dont buffer car
* tweak
* Gracefully handle indexing of invalid records (#1853)
* gracefully handle indexing of invalid records
* fix repo tests
* Fix role auth for access-or-role verifier, getBlob check on actor takedowns (#1869)
fix role auth for access-or-role verifier, fix getBlob actor takedown check
* better cleanup of actor-stores
* add ability to not ensure leaves
* tidy
* allow did:web transfer
* Migration utility for actor-store (#1873)
beginnings of helper for migrating all actors
Co-authored-by: Devin Ivy <devinivy@gmail.com>
* base case for findBlobRefs
* App-level retries for sqlite on pds (#1871)
* revamp retry helper to be more flexible re: backoff strategies
* sqlite timeout helper
* ensure sqlite wal on db creation/migration rather than every open
* layer retries for sqlite on writes outside transactions on pds
* tidy
* fix up lockfile
* tidy
* fix lex codegen
* fix timing bug in threadgate test
* No-op update handling (#1916)
do no produce commits on no-op updates
* Retry on all SQLITE_BUSY error codes (#1917)
retry on all sqlite_busy error codes
* Pds v2 ensure sqlite ready (#1918)
ensure sqlite is ready before making queries
* try something
* tidy
* dont build branch
---------
Co-authored-by: Devin Ivy <devinivy@gmail.com>
* bust key cache when verifying service auth
* unit tests for xrpc auth
* fix
* support option for verifying non-low-s signatures
* fix verifyJwt tests
* initial interop-test-files
* crypto: switch signature-fixtures.json to a symlink
* syntax: test against interop files
* prettier
* Update interop-test-files/README.md
Co-authored-by: Eric Bailey <git@esb.lol>
* disable prettier on test vectors
---------
Co-authored-by: Eric Bailey <git@esb.lol>
Co-authored-by: dholms <dtholmgren@gmail.com>
* use pnpm
* fix dependency issues, replace yarn and lerna scripts
* remove the main/dist scripts
* update Dockerfiles
* use pnpm
* fix dependency issues, replace yarn and lerna scripts
* remove the main/dist scripts
* update Dockerfiles
* update bin script
* remove unused zod dep
* fix type errors in pds
* add types prop to packages
* remove unused, bump lock
* fix test running
* build before test
* fix pino types
* format
* pds depends on dev-env in test
* refer to src instead of built packages
* pds relies on bsky in test too
* remove yarn.lock
* add -r flag to root test
* test push to aws
* remove docker test
* add publishConfig to new package
* move services to top level dir
(cherry picked from commit f5012bec33435a4473e9960066807623334f3aff)
* update workflow paths
(cherry picked from commit 5c70f0176d381ca35d6be10cfa173e22373a5b5d)
* add main-to-dist script
* use script in all packages, remove old Dockerfiles
* remove old bsky service
* remove newline
* test container builds
* Revert "test container builds"
This reverts commit c228611f5e8e1624d4b124be4976c49590130f43.
* remove unused config
* test build containers
* pnpm in syntax
* bump dd-trace
* shamefully hoist
* even more shame
* hoist, externalize deps
* clean install for prod and smaller containers
* dont build branches
---------
Co-authored-by: dholms <dtholmgren@gmail.com>
* identity: parse support for newer DID document format (Multikey)
* identity: lint fixes
* identity: DID doc parsing allow full DID URL in service 'id'
* add parse/format multikey methods
---------
Co-authored-by: dholms <dtholmgren@gmail.com>
* setup redis infra for appview indexer
* barebones bsky ingester
* add ioredis to bsky
* remove some indexer functionality from bsky api
* setup for bsky indexer
* tidy
* tidy, observe basic pipeline functioning
* process messages on bsky indexer pipeline, tidy tests and lifecycle
* trim partitions when moving cursor
* simplify config for partitions
* misc fixes for redis setup in bsky tests, add namespacing
* fix pds proxy tests
* remove cursor state from indexer partitions, simplify ingester state
* tidy
* utils for testing w/ multiple indexers, fix off-by-one xtrim
* test reingesting
* test indexer repartitioning
* add entrypoints for bsky ingester and indexer, fix db schema config, api entrypoint name, tidy
* setup and test bsky ingester backpressure, add config
* tidy
* add missing test file
* tidy redis calls, add redis sentinel config
* tidy/test some utils used in bsky pipeline
* tidy bsky pipeline tests, move helpers into dev-env
* fix pds crud test
* support redis host and password config
* better loggin/observability in ingester and indexer, make build
* add bsky ingester initial cursor config
* temporarily remove migrations from indexer/ingester
* allow ingester to batch
* packages/pg becomes packages/dev-infra with some cleanup (#1402)
* packages/dev-infra/
* Extract packages/dev-infra/_common.sh and use it
* Use period instead of source because of /bin/sh
* add docs for redis test script
* fix repartition test
* add logs to debug ci
* simplify repartitioning test, remove ci logs
---------
Co-authored-by: Jerry Chen <jerry@redelm.net>
* use for no key update
* use a tx advisory lock for repo updates
* skip tests for sqlite
* move check of commit swap on rebase
* do lock before formatting rebase
* hash schema in for lock id
* no tx lock in sqlite
* move rebase formatting to tx
* move dialect check
* rm log
* make the lock ids a bit safer
* change how we do lock id
* refactor id generator
* remove webcrypto, upgrade @noble/curves, normalize p256 interface
* cleanup
* Test vectors for secp and p256 signature verification (#737)
Add test vectors for secp and p256 signature verification
* fix up test vectors
* add explicit test vectors for high-s signatures
* tidy json to pass verify check
---------
Co-authored-by: devin ivy <devinivy@gmail.com>
* fix up a couple of tsc errors in app view merge
* wip
* simple proxy
* use dev-env for appview tests
* process all in blob resolver
* another test fix
* wip
* copy proxied tests & add mutes to getFollows/getFollowers
* tidy & add mutes to likes
* more routes + getAuthorFeed tests
* more testing
* tests for feed views
* thread testing
* finished tests for threads
* temporarily skip some tests
* cleaning up & updating test names
* separate db schema for appview
* rearrange
* typo
* add notifications
* re-enable notifs on pds appview
* update schemas
* updated some bsky snaps
* wip
* refactor did-resolver
* clean up deps
* some fixups + caching utilities
* fix up & move to appCtx
* neat its working
* update bsky tests to new auth
* rm unused pds config var
* tidy
* check exp in seconds
* cache dids in postgres
* add migration & did-cache
* start tests
* couple helpers around cache invalidation
* fix expired check
* wip
* change cache semantics
* did cache testing
* do some cache revalidation in indexing
* fix config
* fix issue w did-resolver test-env prototype
* use map instead of record
* stale + expired
* tests
* clear entry method
* fix up build
* expired dids
* clear missing dids
* better verify payload
* bump test timeout
* fix notifs test
* fix up proxied actor search tests
* update snaps to include labels
* fix dev env
* fix up moderation route auth
* fix more auth headers
* fix auth on getPosts
* increase jest timeouts
* fix snaps
* Init pulling bsky app view from pds package into its own package, remove sqlite db dialect
* Cull bsky config, services, auth, etc.
* Sweep app view xrpc methods, tidy deps, add storage back for img server
* Run repo subscription on bsky app view
* Collapse db migrations down for bsky app view
* Tidy app view bin
* Remove mute functionality from app view, delegate to pds
* Initial tidy/culling of bsky app view tests
* Passing bsky app view db, server, and repo subscription tests
* Passing bsky app view duplicate-records tests
* Bsky app view test tidy/cull
* In bsky app view replace repo_root, ipld_block, did_handle with actor and record tables. Remove assertions/confirmations.
* Update bsky impl for simpler actor and record tables, removed asserion/confirmations. Skip indexing unknown collections.
* Setup actor handles by did in bsky app view
* Passing indexing tests on bsky app view
* Passing image tests on bsky app view
* Fix bsky actor reindexing, support custom lock id for testing repo subs
* Sweep bsky view tests, misc tests, passing
* Tidy bsky deps
* Include did in resized image uris
* Update bsky image process server to use getBlob
* Update image server tests, misc fixes
* Implement bsky blob resolver
* Wire local image processing server to local blob resolver, test blob resolver
* Tidy
* Tidy
* Tidy
* Tidy app view init
* Fix handle resolution, tidy
* Add utils for partitioning indexing by did
* Update repo sub to parallelize work per repo
* Dep tidy
* Tidy bsky tests for updated repo sub destroy()
* Update thead indexing to handle out-of-order posts
* Sketch out strategy in bsky for handling too-big commits
* Set content-type on sync.getBlob
* Add logging for failed transmissions in bsky blob resolver
* Tidy
* Tidy bsky repo indexing and supporting repo interfaces
* Sort in app view based on combo of creation and indexing times
* Fix types
* Add retry utils to bsky
* Add retries to http requests made by bsky
* Test repo indexing
* Update bsky db/model for lex refactor
* Update bsky lexicons for lex refactor
* Update bsky actor service for lex refactor
* Update bsky feed service for lex refactor
* Update bsky indexing service for lex refactor
* Update bsky repo subscription for lex refactor
* Tidy bsky repo sub
* Add unspecced endpoints to bsky app view, update entrypoint
* Update bsky xrpc utils for lex refactor
* Update bsky xrpc methods for lex refactor
* Update bsky test seeds for lex refactor, tidy api entrypoint
* Update bsky non-view tests for lex refactor
* Update bsky likes view test for lex refactor, minor fix
* Update bsky author feed tests for lex refactor, minor test util fix
* Update bsky follow, profile, repost, search view tests for lex refactor
* Update bsky timeline view tests for lex refactor
* Replace bsky out-of-order thread indexing logic
* Update bsky thread view tests for lex refactor, general test tidying
* Handle rebases and too-big commits in repo subscription, tracking commit data cid
* Tidy
* Ensure did resolver reports "not found" only when positively not found
* Handle tombstones and handle updates in bsky
* Test indexing handle updates and did tombstones
* Support cors on bsky
* Allow app view to serve most routes unauthed
* Tests for bsky unauthed views
* Tidy bsky service entrypoint and dockerfile
* Remove unused storage interfaces from bsky
* Bsky entrypoint and dockerfile fixes, tidy
* Add workflow for bsky build to aws
* Use more standard db env variables, make migration creds optional
* Make bsky repo subscription optional
* Fix lex->json serialization in bsky
* Split bsky actor sync state into its own table
* Skip invalid records on indexing full repo, tidy
* Tidy
* Leader test timing
* Tidy/lint
* Fix bsky config overrides
* remove return in test
* couple of fixups in other pacakges
* Add dummy checks to declaration and follow app migrations, remove paranoid join
* update db nsid migration
* Ensure there are writes in follow app migration
* Add dumy check to votes-to-likes app migration, tidy
* Ensure there are writes in vote-to-like app migration
* update migration name
* pr feedback
* count utf8 & grapheme length
* add maxUtf8
* siwtch max semantics
* plural
* update post schema
* added bytes & cid refs
* add ipld<>json
* fixin up a could tings
* Add app.bsky.richtext.facet, replace post entities with facets
* plural actors
* wip
* Setup backlinks table on pds
* wip
* send & recieve cids/bytes with xrpc
* Track backlinks when indexing records on pds
* handle ipld vals in xrpc server
* added cids & bytes to codegen
* In createRecord, add deletions to avoid duplicate likes/follows/reposts
* Tests and fixes for prevention of dupe follows, likes, reposts
* Backlink migration tidy
* cleanup dag json parser
* Fix dupe backlink inserts
* Tidy
* blob refs + codegen
* Make profile displayName optional
* Test view and updateProfile for empty display name
* working into pds
* Make aggregate counts optional on post and profile views
* Make viewer state optional on post view for consistency
* Remove deprecated myState field on profile view
* Tidy repo method descriptions
* tests & types & fixes
* Implementation and tests for putRecord
* Remove updateProfile method
* Update repo service so that head can be taken for update externally
* Lex updates for compare-and-swap records/commits
* Add error to lex for bad repo compare-and-swaps
* Improve update-at-head thru repo service
* common package
* Implement and test compare-and-swaps on repo write methods
* Use lex discriminator for applyWrites
* Remove post entity/facet index
* Update lex descriptions to clarify repo write semantics
* Make deleteRecord idempotent w/ tests
* cleanup
* fix things up
* adding more formats
* tests
* updating schema
* Only generate tid rkeys on pds, support literal rkeys on client
* Add backlink indexes
* Update format of post embed views, fix external uri validation
* fixing up tests
* Include embeds on record embeds
* cleanup
* Notify users when they are quoted
* Remove determineRkey indirection
* fix api tests
* support concatenated cbor
* integrating to server
* re-enable tests
* fix up tests
* Thread compare-and-swaps down into repo service rather than use pinned storage
* Tidy
* Update packages/common/tests/ipld-multi.test.ts
Co-authored-by: devin ivy <devinivy@gmail.com>
* Update packages/lexicon/src/validators/formats.ts
Co-authored-by: devin ivy <devinivy@gmail.com>
* pr feedback
* pr feedback
* Add postgres-specific migration path for missing profile display names
* Tidy/clarify deep embeds
* Tidy
* rm unused escape
* decrease crud race count
* update subscribeRepos lexicon
* Fix applyWrite lexicon re: collection fields
* sign post event type
* update cids & bytes json encoding
* update lex blob & cid-link types
* updated codegen & pds
* number -> float
* missed a couple
* remove old image constraints
* pr feedback + descripts
* no hardcoded port numbers
* remove separate tooLarge evt
* fix dumb build error
* fixin gup lex + xrpc server
* better parsing of message types
* dont mutate body in subscription
* bugfix in subscription
* rm commented out code
* init feature branch
* undo
* Remove old lexicons
* Remove creator from profile view
* wip
* rework seqs
* fixed up tests
* bug fixing
* sequence handles & notify in dbTxn
* tidy
* update lex to include times
* test syncing handle changes
* one more fix
* handle too big evts
* dont thread sequencer through everything
* Split common into server vs web-friendly versions
* Make lexicon, identifier web-safe using common-web
* Switch api package to be a browser build, fix identifier package for browser bundling
* Fix pds and repo for lexicon package changes, tidy
* Make common-web a browser build, tidy
* fixing up deps
* fix up test
* turn off caching in actions
* Standardize repo write interfaces around repo input
* Update repo write endpoints for repo input field
* Remove scene follows during app migration
* API package updates (#712)
* Add bsky agent and various sugars to the api package
* Add richtext library to api package
* Update richtext to use facets and deprecate entities
* Update richtext to use utf8 indices
* Richtext converts deprecated entity indices from utf16 locations to utf8 locations
* Add note about encodings in the lexicon
* Add RichText facet detection
* Remove dead code
* Add deprecation notices to lexicons
* Usability improvements to RichText
* Update the api package readme
* Add RichText#detectFacetsWithoutResolution
* Add upsertProfile to bsky-agent
* Update packages/pds/src/api/com/atproto/repo/applyWrites.ts
Co-authored-by: devin ivy <devinivy@gmail.com>
* pr feedback
* fix flaky timing streaming tests
* simplify emptyPromise
* fixed up open handles
* fix missed repo syntax
* fix error in test from fkey constraint
* fix another api agent bug
* Embed consistency, add complex record embed
* Tidy embed lex descriptions
* rename pg schemas
* use swc for jest
* fix up deps
* cleanup
* Update pds indexing, views, tests for complex record embeds
* fixing up profile view semantics
* wip
* update snaps
* Rename embed.complexRecord to embed.recordWithMedia
* Tidy aroud record w/ media embeds
* Add grapheme utilities to api RichText (#720)
Co-authored-by: dholms <dtholmgren@gmail.com>
* Fix: app.bsky.feed.getPostThread#... to app.bsky.feed.defs#... (#726)
* Update bskyagent to use repo param
* Minor typing fix
* Add exports to api package: blobref & lex/json converters (#727)
* Add exports to api package: BlobRef & lex/json converters
* Add an example react-native fetch handler
* Switch all lingering references of recordRef to strongRef
* Update lexicon for richtext facets to have multiple features, byte slice rather than text slice
* Implement multi-feature richtext facets on pds
* Update api package to use updated richtext facets
* Minor fixes to admin repo/record views
* Fix app migration exports, remove old app migration
* Fix: sort richtext facets so they can render correctly
* Disable app migration dummy checks that don't work on live deploy
* Optimize lex de/serialization using simple checks
* Tidy comment typos
* App migration to cleanup notifications for likes, follows, old scene notifs
* Fix notification reason for change from vote to like
---------
Co-authored-by: Devin Ivy <devinivy@gmail.com>
Co-authored-by: Paul Frazee <pfrazee@gmail.com>
* Enable all modules to be built shallowly, externalizing their deps
* Setup shallow builds to modify package.json main
* Hoist update-main-to-dist to separate call, fix lex-cli and plc shallow builds
* Generate sourcemaps during build
* Tidy
* Hoist new build deps up to root
* scene creation w unique handles
* wip
* user_dids -> did_handle
* invites -> assertion/confirmation
* do all the ops on scene create
* start tests + bug fixin
* user can make requests on behalf of scene
* accepting invites
* fix schema names
* get scene profiles
* return actor type in getProfile
* scene views test
* notifications test
* patch up a few db things
* rework handle & email noramlization
* codegen createscene errors
