From 5f3c91b63b79255188e7e3eab173d0586a736bfc Mon Sep 17 00:00:00 2001 From: dholms Date: Tue, 5 Mar 2024 13:58:18 -0600 Subject: [PATCH 1/6] fix url check --- packages/pds/src/pipethrough.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/pds/src/pipethrough.ts b/packages/pds/src/pipethrough.ts index 595584b9388..a33e719eda8 100644 --- a/packages/pds/src/pipethrough.ts +++ b/packages/pds/src/pipethrough.ts @@ -154,7 +154,7 @@ export const doProxy = async (url: URL, reqInit: RequestInit) => { const isSafeUrl = (url: URL) => { if (url.protocol !== 'https:') return false if (!url.hostname || url.hostname === 'localhost') return false - if (net.isIP(url.hostname) === 0) return false + if (net.isIP(url.hostname) !== 0) return false return true } From 037f163cdb9dffb418a8363b3c7d3551fd2eebf4 Mon Sep 17 00:00:00 2001 From: dholms Date: Tue, 5 Mar 2024 15:32:30 -0600 Subject: [PATCH 2/6] better error handling for get account infos --- packages/ozone/src/mod-service/views.ts | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/packages/ozone/src/mod-service/views.ts b/packages/ozone/src/mod-service/views.ts index 498091a8bd0..f65fd68b480 100644 --- a/packages/ozone/src/mod-service/views.ts +++ b/packages/ozone/src/mod-service/views.ts @@ -25,6 +25,7 @@ import { import { REASONOTHER } from '../lexicon/types/com/atproto/moderation/defs' import { subjectFromEventRow, subjectFromStatusRow } from './subject' import { formatLabel } from './util' +import { httpLogger as log } from '../logger' export type AuthHeaders = { headers: { @@ -43,15 +44,20 @@ export class ModerationViews { if (dids.length === 0) return new Map() const auth = await this.appviewAuth() if (!auth) return new Map() - const res = await this.appviewAgent.api.com.atproto.admin.getAccountInfos( - { - dids: dedupeStrs(dids), - }, - auth, - ) - return res.data.infos.reduce((acc, cur) => { - return acc.set(cur.did, cur) - }, new Map()) + try { + const res = await this.appviewAgent.api.com.atproto.admin.getAccountInfos( + { + dids: dedupeStrs(dids), + }, + auth, + ) + return res.data.infos.reduce((acc, cur) => { + return acc.set(cur.did, cur) + }, new Map()) + } catch (err) { + log.error({ err, dids }, 'failed to resolve account infos from appview') + return new Map() + } } async repos(dids: string[]): Promise> { From fc1c40dff8bb14d8a6cfbba7a0b18a8efaa76057 Mon Sep 17 00:00:00 2001 From: dholms Date: Tue, 5 Mar 2024 15:33:12 -0600 Subject: [PATCH 3/6] fix labeler service id --- packages/bsky/src/auth-verifier.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/bsky/src/auth-verifier.ts b/packages/bsky/src/auth-verifier.ts index b305aad1ef1..2936b1cd28b 100644 --- a/packages/bsky/src/auth-verifier.ts +++ b/packages/bsky/src/auth-verifier.ts @@ -211,7 +211,7 @@ export class AuthVerifier { } const [did, serviceId] = iss.split('#') const keyId = - serviceId === 'atproto-labeler' ? 'atproto-label' : 'atproto' + serviceId === 'atproto_labeler' ? 'atproto_label' : 'atproto' let identity: GetIdentityByDidResponse try { identity = await this.dataplane.getIdentityByDid({ did }) From 5e1c5fd7d3d7acebbf5c03d9a765f6f45082469c Mon Sep 17 00:00:00 2001 From: dholms Date: Tue, 5 Mar 2024 15:50:18 -0600 Subject: [PATCH 4/6] fix iss on auth headers --- packages/ozone/src/context.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/ozone/src/context.ts b/packages/ozone/src/context.ts index db8d123d5e0..e7168881bac 100644 --- a/packages/ozone/src/context.ts +++ b/packages/ozone/src/context.ts @@ -55,7 +55,7 @@ export class AppContext { const createAuthHeaders = (aud: string) => createServiceAuthHeaders({ - iss: cfg.service.did, + iss: `${cfg.service.did}#atproto_labeler`, aud, keypair: signingKey, }) From 82acea2356fc21a7cb180d9813b6bf7014a92448 Mon Sep 17 00:00:00 2001 From: dholms Date: Tue, 5 Mar 2024 15:58:58 -0600 Subject: [PATCH 5/6] fix dev-env ozone did --- packages/dev-env/src/ozone.ts | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/packages/dev-env/src/ozone.ts b/packages/dev-env/src/ozone.ts index 278ad8d2b2b..27e240b0518 100644 --- a/packages/dev-env/src/ozone.ts +++ b/packages/dev-env/src/ozone.ts @@ -3,7 +3,7 @@ import * as ui8 from 'uint8arrays' import * as ozone from '@atproto/ozone' import { AtpAgent } from '@atproto/api' import { Secp256k1Keypair } from '@atproto/crypto' -import { Client as PlcClient } from '@did-plc/lib' +import * as plc from '@did-plc/lib' import { OzoneConfig } from './types' import { ADMIN_PASSWORD, MOD_PASSWORD, TRIAGE_PASSWORD } from './const' @@ -21,18 +21,32 @@ export class TestOzone { const signingKeyHex = ui8.toString(await serviceKeypair.export(), 'hex') let serverDid = config.serverDid if (!serverDid) { - const plcClient = new PlcClient(config.plcUrl) - serverDid = await plcClient.createDid({ - signingKey: serviceKeypair.did(), - rotationKeys: [serviceKeypair.did()], - handle: 'ozone.test', - pds: `https://pds.invalid`, - signer: serviceKeypair, - }) + const plcClient = new plc.Client(config.plcUrl) + const plcOp = await plc.signOperation( + { + type: 'plc_operation', + alsoKnownAs: [], + rotationKeys: [serviceKeypair.did()], + verificationMethods: { + atproto_label: serviceKeypair.did(), + }, + services: { + atproto_labeler: { + type: 'AtprotoLabeler', + endpoint: 'https://ozone.public.url', + }, + }, + prev: null, + }, + serviceKeypair, + ) + serverDid = await plc.didForCreateOp(plcOp) + await plcClient.sendOperation(serverDid, plcOp) } const port = config.port || (await getPort()) const url = `http://localhost:${port}` + const env: ozone.OzoneEnvironment = { devMode: true, version: '0.0.0', From 4c7db5cc644a91f092cccbc95d895e9080100106 Mon Sep 17 00:00:00 2001 From: dholms Date: Tue, 5 Mar 2024 16:15:10 -0600 Subject: [PATCH 6/6] fix tests & another jwt issuer --- packages/dev-env/src/network.ts | 11 ++----- packages/dev-env/src/ozone.ts | 52 +++++++++++++++++++-------------- packages/ozone/src/context.ts | 2 +- 3 files changed, 33 insertions(+), 32 deletions(-) diff --git a/packages/dev-env/src/network.ts b/packages/dev-env/src/network.ts index c90e2c181f5..06fbd780060 100644 --- a/packages/dev-env/src/network.ts +++ b/packages/dev-env/src/network.ts @@ -3,12 +3,11 @@ import * as uint8arrays from 'uint8arrays' import getPort from 'get-port' import { wait } from '@atproto/common-web' import { createServiceJwt } from '@atproto/xrpc-server' -import { Client as PlcClient } from '@did-plc/lib' import { TestServerParams } from './types' import { TestPlc } from './plc' import { TestPds } from './pds' import { TestBsky } from './bsky' -import { TestOzone } from './ozone' +import { TestOzone, createOzoneDid } from './ozone' import { mockNetworkUtilities } from './util' import { TestNetworkNoAppView } from './network-no-appview' import { Secp256k1Keypair } from '@atproto/crypto' @@ -43,13 +42,7 @@ export class TestNetwork extends TestNetworkNoAppView { const ozonePort = params.ozone?.port ?? (await getPort()) const ozoneKey = await Secp256k1Keypair.create({ exportable: true }) - const ozoneDid = await new PlcClient(plc.url).createDid({ - signingKey: ozoneKey.did(), - rotationKeys: [ozoneKey.did()], - handle: 'ozone.test', - pds: `http://pds.invalid`, - signer: ozoneKey, - }) + const ozoneDid = await createOzoneDid(plc.url, ozoneKey) const bsky = await TestBsky.create({ port: bskyPort, diff --git a/packages/dev-env/src/ozone.ts b/packages/dev-env/src/ozone.ts index 27e240b0518..d06e45eba13 100644 --- a/packages/dev-env/src/ozone.ts +++ b/packages/dev-env/src/ozone.ts @@ -2,7 +2,7 @@ import getPort from 'get-port' import * as ui8 from 'uint8arrays' import * as ozone from '@atproto/ozone' import { AtpAgent } from '@atproto/api' -import { Secp256k1Keypair } from '@atproto/crypto' +import { Keypair, Secp256k1Keypair } from '@atproto/crypto' import * as plc from '@did-plc/lib' import { OzoneConfig } from './types' import { ADMIN_PASSWORD, MOD_PASSWORD, TRIAGE_PASSWORD } from './const' @@ -21,27 +21,7 @@ export class TestOzone { const signingKeyHex = ui8.toString(await serviceKeypair.export(), 'hex') let serverDid = config.serverDid if (!serverDid) { - const plcClient = new plc.Client(config.plcUrl) - const plcOp = await plc.signOperation( - { - type: 'plc_operation', - alsoKnownAs: [], - rotationKeys: [serviceKeypair.did()], - verificationMethods: { - atproto_label: serviceKeypair.did(), - }, - services: { - atproto_labeler: { - type: 'AtprotoLabeler', - endpoint: 'https://ozone.public.url', - }, - }, - prev: null, - }, - serviceKeypair, - ) - serverDid = await plc.didForCreateOp(plcOp) - await plcClient.sendOperation(serverDid, plcOp) + serverDid = await createOzoneDid(config.plcUrl, serviceKeypair) } const port = config.port || (await getPort()) @@ -130,3 +110,31 @@ export class TestOzone { await this.server.destroy() } } + +export const createOzoneDid = async ( + plcUrl: string, + keypair: Keypair, +): Promise => { + const plcClient = new plc.Client(plcUrl) + const plcOp = await plc.signOperation( + { + type: 'plc_operation', + alsoKnownAs: [], + rotationKeys: [keypair.did()], + verificationMethods: { + atproto_label: keypair.did(), + }, + services: { + atproto_labeler: { + type: 'AtprotoLabeler', + endpoint: 'https://ozone.public.url', + }, + }, + prev: null, + }, + keypair, + ) + const did = await plc.didForCreateOp(plcOp) + await plcClient.sendOperation(did, plcOp) + return did +} diff --git a/packages/ozone/src/context.ts b/packages/ozone/src/context.ts index e7168881bac..5205e54f848 100644 --- a/packages/ozone/src/context.ts +++ b/packages/ozone/src/context.ts @@ -172,7 +172,7 @@ export class AppContext { } async serviceAuthHeaders(aud: string) { - const iss = this.cfg.service.did + const iss = `${this.cfg.service.did}#atproto_labeler` return createServiceAuthHeaders({ iss, aud,