diff --git a/packages/bsky/package.json b/packages/bsky/package.json index 9940457c926..40ec26e304b 100644 --- a/packages/bsky/package.json +++ b/packages/bsky/package.json @@ -34,10 +34,10 @@ "@atproto/api": "workspace:^", "@atproto/common": "workspace:^", "@atproto/crypto": "workspace:^", - "@atproto/syntax": "workspace:^", "@atproto/identity": "workspace:^", "@atproto/lexicon": "workspace:^", "@atproto/repo": "workspace:^", + "@atproto/syntax": "workspace:^", "@atproto/xrpc-server": "workspace:^", "@did-plc/lib": "^0.0.1", "@isaacs/ttlcache": "^1.4.1", @@ -49,6 +49,7 @@ "http-errors": "^2.0.0", "http-terminator": "^3.2.0", "ioredis": "^5.3.2", + "jose": "^5.0.1", "kysely": "^0.22.0", "multiformats": "^9.9.0", "p-queue": "^6.6.2", diff --git a/packages/bsky/src/logger.ts b/packages/bsky/src/logger.ts index d6fad590eef..19d8eb0230e 100644 --- a/packages/bsky/src/logger.ts +++ b/packages/bsky/src/logger.ts @@ -1,5 +1,8 @@ +import pino from 'pino' import pinoHttp from 'pino-http' +import * as jose from 'jose' import { subsystemLogger } from '@atproto/common' +import { parseBasicAuth } from './auth' export const dbLogger: ReturnType = subsystemLogger('bsky:db') @@ -21,5 +24,34 @@ export const loggerMiddleware = pinoHttp({ message: err?.message, } }, + req: (req) => { + const serialized = pino.stdSerializers.req(req) + const authHeader = serialized.headers.authorization || '' + let auth: string | undefined = undefined + if (authHeader.startsWith('Bearer ')) { + const token = authHeader.slice('Bearer '.length) + const { iss } = jose.decodeJwt(token) + if (iss) { + auth = 'Bearer ' + iss + } else { + auth = 'Bearer Invalid' + } + } + if (authHeader.startsWith('Basic ')) { + const parsed = parseBasicAuth(authHeader) + if (!parsed) { + auth = 'Basic Invalid' + } else { + auth = 'Basic ' + parsed.username + } + } + return { + ...serialized, + headers: { + ...serialized.headers, + authorization: auth, + }, + } + }, }, }) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 860cce537ad..52f7b4821a5 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -219,6 +219,9 @@ importers: ioredis: specifier: ^5.3.2 version: 5.3.2 + jose: + specifier: ^5.0.1 + version: 5.1.3 kysely: specifier: ^0.22.0 version: 0.22.0 @@ -401,7 +404,7 @@ importers: devDependencies: ts-node: specifier: ^10.8.1 - version: 10.8.2(@swc/core@1.3.42)(@types/node@20.10.4)(typescript@5.3.3) + version: 10.8.2(@swc/core@1.3.42)(@types/node@18.17.8)(typescript@4.8.4) packages/identity: dependencies: @@ -782,7 +785,7 @@ importers: version: 4.20.0 opentelemetry-plugin-better-sqlite3: specifier: ^1.1.0 - version: 1.1.0(better-sqlite3@9.2.2) + version: 1.1.0(better-sqlite3@7.6.2) packages: @@ -5587,12 +5590,6 @@ packages: /@types/node@18.17.8: resolution: {integrity: sha512-Av/7MqX/iNKwT9Tr60V85NqMnsmh8ilfJoBlIVibkXfitk9Q22D9Y5mSpm+FvG5DET7EbVfB40bOiLzKgYFgPw==} - /@types/node@20.10.4: - resolution: {integrity: sha512-D08YG6rr8X90YB56tSIuBaddy/UXAA9RKJoFvrsnogAum/0pmjkgi4+2nx96A330FmioegBWmEYQ+syqCFaveg==} - dependencies: - undici-types: 5.26.5 - dev: true - /@types/nodemailer@6.4.6: resolution: {integrity: sha512-pD6fL5GQtUKvD2WnPmg5bC2e8kWCAPDwMPmHe/ohQbW+Dy0EcHgZ2oCSuPlWNqk74LS5BVMig1SymQbFMPPK3w==} dependencies: @@ -6200,14 +6197,6 @@ packages: bindings: 1.5.0 prebuild-install: 7.1.1 - /better-sqlite3@9.2.2: - resolution: {integrity: sha512-qwjWB46il0lsDkeB4rSRI96HyDQr8sxeu1MkBVLMrwusq1KRu4Bpt1TMI+8zIJkDUtZ3umjAkaEjIlokZKWCQw==} - requiresBuild: true - dependencies: - bindings: 1.5.0 - prebuild-install: 7.1.1 - dev: false - /big-integer@1.6.51: resolution: {integrity: sha512-GPEid2Y9QU1Exl1rpO9B2IPJGHPSupF5GnVIP0blYvNOMer2bTvSWs1jGOUg04hTmu67nmLsQ9TBo1puaotBHg==} engines: {node: '>=0.6'} @@ -9626,7 +9615,7 @@ packages: mimic-fn: 2.1.0 dev: true - /opentelemetry-plugin-better-sqlite3@1.1.0(better-sqlite3@9.2.2): + /opentelemetry-plugin-better-sqlite3@1.1.0(better-sqlite3@7.6.2): resolution: {integrity: sha512-yd+mgaB5W5JxzcQt9TvX1VIrusqtbbeuxSoZ6KQe4Ra0J/Kqkp6kz7dg0VQUU5+cenOWkza6xtvsT0KGXI03HA==} peerDependencies: better-sqlite3: ^7.1.1 || ^8.0.0 || ^9.0.0 @@ -9635,7 +9624,7 @@ packages: '@opentelemetry/core': 1.18.1(@opentelemetry/api@1.7.0) '@opentelemetry/instrumentation': 0.44.0(@opentelemetry/api@1.7.0) '@opentelemetry/semantic-conventions': 1.18.1 - better-sqlite3: 9.2.2 + better-sqlite3: 7.6.2 transitivePeerDependencies: - supports-color dev: false @@ -11012,7 +11001,7 @@ packages: yn: 3.1.1 dev: true - /ts-node@10.8.2(@swc/core@1.3.42)(@types/node@20.10.4)(typescript@5.3.3): + /ts-node@10.8.2(@swc/core@1.3.42)(@types/node@18.17.8)(typescript@4.8.4): resolution: {integrity: sha512-LYdGnoGddf1D6v8REPtIH+5iq/gTDuZqv2/UJUU7tKjuEU8xVZorBM+buCGNjj+pGEud+sOoM4CX3/YzINpENA==} hasBin: true peerDependencies: @@ -11032,14 +11021,14 @@ packages: '@tsconfig/node12': 1.0.11 '@tsconfig/node14': 1.0.3 '@tsconfig/node16': 1.0.4 - '@types/node': 20.10.4 + '@types/node': 18.17.8 acorn: 8.10.0 acorn-walk: 8.2.0 arg: 4.1.3 create-require: 1.1.1 diff: 4.0.2 make-error: 1.3.6 - typescript: 5.3.3 + typescript: 4.8.4 v8-compile-cache-lib: 3.0.1 yn: 3.1.1 dev: true @@ -11181,12 +11170,6 @@ packages: hasBin: true dev: true - /typescript@5.3.3: - resolution: {integrity: sha512-pXWcraxM0uxAS+tN0AG/BF2TyqmHO014Z070UsJ+pFvYuRSq8KH8DmWpnbXe0pEPDHXZV3FcAbJkijJ5oNEnWw==} - engines: {node: '>=14.17'} - hasBin: true - dev: true - /uglify-js@3.17.4: resolution: {integrity: sha512-T9q82TJI9e/C1TAxYvfb16xO120tMVFZrGA3f9/P4424DNu6ypK103y0GPFVa17yotwSyZW5iYXgjYHkGrJW/g==} engines: {node: '>=0.8.0'} @@ -11208,10 +11191,6 @@ packages: which-boxed-primitive: 1.0.2 dev: true - /undici-types@5.26.5: - resolution: {integrity: sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==} - dev: true - /unicode-canonical-property-names-ecmascript@2.0.0: resolution: {integrity: sha512-yY5PpDlfVIU5+y/BSCxAJRBIS1Zc2dDG3Ujq+sR0U+JjUevW2JhocOF+soROYDSaAezOzOKuyyixhD6mBknSmQ==} engines: {node: '>=4'}