update usage of xrpc-server to check bound service auth
This commit is contained in:
parent
3e3f846a9c
commit
33116e3ceb
@ -17,7 +17,7 @@
|
|||||||
"@atproto/lexicon": "^0.2.2",
|
"@atproto/lexicon": "^0.2.2",
|
||||||
"@atproto/repo": "^0.3.2",
|
"@atproto/repo": "^0.3.2",
|
||||||
"@atproto/syntax": "^0.1.2",
|
"@atproto/syntax": "^0.1.2",
|
||||||
"@atproto/xrpc-server": "^0.3.2",
|
"@atproto/xrpc-server": "^0.6.0",
|
||||||
"better-sqlite3": "^8.3.0",
|
"better-sqlite3": "^8.3.0",
|
||||||
"dotenv": "^16.0.3",
|
"dotenv": "^16.0.3",
|
||||||
"express": "^4.18.2",
|
"express": "^4.18.2",
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
import express from 'express'
|
import express from 'express'
|
||||||
import { verifyJwt, AuthRequiredError } from '@atproto/xrpc-server'
|
import { verifyJwt, AuthRequiredError, parseReqNsid } from '@atproto/xrpc-server'
|
||||||
import { DidResolver } from '@atproto/identity'
|
import { DidResolver } from '@atproto/identity'
|
||||||
|
|
||||||
export const validateAuth = async (
|
export const validateAuth = async (
|
||||||
@ -12,7 +12,9 @@ export const validateAuth = async (
|
|||||||
throw new AuthRequiredError()
|
throw new AuthRequiredError()
|
||||||
}
|
}
|
||||||
const jwt = authorization.replace('Bearer ', '').trim()
|
const jwt = authorization.replace('Bearer ', '').trim()
|
||||||
return verifyJwt(jwt, serviceDid, async (did: string) => {
|
const nsid = parseReqNsid(req)
|
||||||
|
const parsed = await verifyJwt(jwt, serviceDid, nsid, async (did: string) => {
|
||||||
return didResolver.resolveAtprotoKey(did)
|
return didResolver.resolveAtprotoKey(did)
|
||||||
})
|
})
|
||||||
|
return parsed.iss
|
||||||
}
|
}
|
||||||
|
121
yarn.lock
121
yarn.lock
@ -25,6 +25,16 @@
|
|||||||
uint8arrays "3.0.0"
|
uint8arrays "3.0.0"
|
||||||
zod "^3.21.4"
|
zod "^3.21.4"
|
||||||
|
|
||||||
|
"@atproto/common-web@^0.3.0":
|
||||||
|
version "0.3.0"
|
||||||
|
resolved "https://registry.yarnpkg.com/@atproto/common-web/-/common-web-0.3.0.tgz#36da8c2c31d8cf8a140c3c8f03223319bf4430bb"
|
||||||
|
integrity sha512-67VnV6JJyX+ZWyjV7xFQMypAgDmjVaR9ZCuU/QW+mqlqI7fex2uL4Fv+7/jHadgzhuJHVd6OHOvNn0wR5WZYtA==
|
||||||
|
dependencies:
|
||||||
|
graphemer "^1.4.0"
|
||||||
|
multiformats "^9.9.0"
|
||||||
|
uint8arrays "3.0.0"
|
||||||
|
zod "^3.21.4"
|
||||||
|
|
||||||
"@atproto/common@^0.3.1":
|
"@atproto/common@^0.3.1":
|
||||||
version "0.3.1"
|
version "0.3.1"
|
||||||
resolved "https://registry.yarnpkg.com/@atproto/common/-/common-0.3.1.tgz#ee131c170bdb564ed4f9692db0a80ada825220c7"
|
resolved "https://registry.yarnpkg.com/@atproto/common/-/common-0.3.1.tgz#ee131c170bdb564ed4f9692db0a80ada825220c7"
|
||||||
@ -38,6 +48,18 @@
|
|||||||
pino "^8.15.0"
|
pino "^8.15.0"
|
||||||
zod "3.21.4"
|
zod "3.21.4"
|
||||||
|
|
||||||
|
"@atproto/common@^0.4.1":
|
||||||
|
version "0.4.1"
|
||||||
|
resolved "https://registry.yarnpkg.com/@atproto/common/-/common-0.4.1.tgz#ca6fce47001ce8d031acd3fb4942fbfd81f72c43"
|
||||||
|
integrity sha512-uL7kQIcBTbvkBDNfxMXL6lBH4fO2DQpHd2BryJxMtbw/4iEPKe9xBYApwECHhEIk9+zhhpTRZ15FJ3gxTXN82Q==
|
||||||
|
dependencies:
|
||||||
|
"@atproto/common-web" "^0.3.0"
|
||||||
|
"@ipld/dag-cbor" "^7.0.3"
|
||||||
|
cbor-x "^1.5.1"
|
||||||
|
iso-datestring-validator "^2.2.2"
|
||||||
|
multiformats "^9.9.0"
|
||||||
|
pino "^8.21.0"
|
||||||
|
|
||||||
"@atproto/crypto@^0.2.2":
|
"@atproto/crypto@^0.2.2":
|
||||||
version "0.2.2"
|
version "0.2.2"
|
||||||
resolved "https://registry.yarnpkg.com/@atproto/crypto/-/crypto-0.2.2.tgz#9832dda885512a36401d24f95990489f521593ef"
|
resolved "https://registry.yarnpkg.com/@atproto/crypto/-/crypto-0.2.2.tgz#9832dda885512a36401d24f95990489f521593ef"
|
||||||
@ -47,6 +69,15 @@
|
|||||||
"@noble/hashes" "^1.3.1"
|
"@noble/hashes" "^1.3.1"
|
||||||
uint8arrays "3.0.0"
|
uint8arrays "3.0.0"
|
||||||
|
|
||||||
|
"@atproto/crypto@^0.4.0":
|
||||||
|
version "0.4.0"
|
||||||
|
resolved "https://registry.yarnpkg.com/@atproto/crypto/-/crypto-0.4.0.tgz#dcdd6bf5ba98261ae0ff3b96d7b8695c1ef788e6"
|
||||||
|
integrity sha512-Kj/4VgJ7hzzXvE42L0rjzP6lM0tai+OfPnP1rxJ+UZg/YUDtuewL4uapnVoWXvlNceKgaLZH98g5n9gXBVTe5Q==
|
||||||
|
dependencies:
|
||||||
|
"@noble/curves" "^1.1.0"
|
||||||
|
"@noble/hashes" "^1.3.1"
|
||||||
|
uint8arrays "3.0.0"
|
||||||
|
|
||||||
"@atproto/identity@^0.2.1":
|
"@atproto/identity@^0.2.1":
|
||||||
version "0.2.1"
|
version "0.2.1"
|
||||||
resolved "https://registry.yarnpkg.com/@atproto/identity/-/identity-0.2.1.tgz#8203ba53a25c3300d1aec0c28eb10a106919b410"
|
resolved "https://registry.yarnpkg.com/@atproto/identity/-/identity-0.2.1.tgz#8203ba53a25c3300d1aec0c28eb10a106919b410"
|
||||||
@ -68,6 +99,17 @@
|
|||||||
multiformats "^9.9.0"
|
multiformats "^9.9.0"
|
||||||
zod "^3.21.4"
|
zod "^3.21.4"
|
||||||
|
|
||||||
|
"@atproto/lexicon@^0.4.0":
|
||||||
|
version "0.4.0"
|
||||||
|
resolved "https://registry.yarnpkg.com/@atproto/lexicon/-/lexicon-0.4.0.tgz#63e8829945d80c25524882caa8ed27b1151cc576"
|
||||||
|
integrity sha512-RvCBKdSI4M8qWm5uTNz1z3R2yIvIhmOsMuleOj8YR6BwRD+QbtUBy3l+xQ7iXf4M5fdfJFxaUNa6Ty0iRwdKqQ==
|
||||||
|
dependencies:
|
||||||
|
"@atproto/common-web" "^0.3.0"
|
||||||
|
"@atproto/syntax" "^0.3.0"
|
||||||
|
iso-datestring-validator "^2.2.2"
|
||||||
|
multiformats "^9.9.0"
|
||||||
|
zod "^3.21.4"
|
||||||
|
|
||||||
"@atproto/repo@^0.3.2":
|
"@atproto/repo@^0.3.2":
|
||||||
version "0.3.2"
|
version "0.3.2"
|
||||||
resolved "https://registry.yarnpkg.com/@atproto/repo/-/repo-0.3.2.tgz#46cd9f8a16b82de7fda6760e611999a9d42f5545"
|
resolved "https://registry.yarnpkg.com/@atproto/repo/-/repo-0.3.2.tgz#46cd9f8a16b82de7fda6760e611999a9d42f5545"
|
||||||
@ -92,14 +134,20 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
"@atproto/common-web" "^0.2.1"
|
"@atproto/common-web" "^0.2.1"
|
||||||
|
|
||||||
"@atproto/xrpc-server@^0.3.2":
|
"@atproto/syntax@^0.3.0":
|
||||||
version "0.3.2"
|
version "0.3.0"
|
||||||
resolved "https://registry.yarnpkg.com/@atproto/xrpc-server/-/xrpc-server-0.3.2.tgz#85bc901991c3de896d463c0cd1d396ab1c772387"
|
resolved "https://registry.yarnpkg.com/@atproto/syntax/-/syntax-0.3.0.tgz#fafa2dbea9add37253005cb663e7373e05e618b3"
|
||||||
integrity sha512-aracV1+1t88AU+zN/RTmZGvvjlMiNIooLotz23FvD4qoiUSx6KxrTwttHZdw5ZJE14XTDR1D9brpyvdCJHsKNA==
|
integrity sha512-Weq0ZBxffGHDXHl9U7BQc2BFJi/e23AL+k+i5+D9hUq/bzT4yjGsrCejkjq0xt82xXDjmhhvQSZ0LqxyZ5woxA==
|
||||||
|
|
||||||
|
"@atproto/xrpc-server@^0.6.0":
|
||||||
|
version "0.6.0"
|
||||||
|
resolved "https://registry.yarnpkg.com/@atproto/xrpc-server/-/xrpc-server-0.6.0.tgz#00ce91af703287d8a93ea46b20aa18debee0aa24"
|
||||||
|
integrity sha512-c0UhLQIjkVGxcRIbWLEjJsW0NzKs9uIIUYQWJ27zUUAet5tzgYOyTDuZ5v8FvAJ4wkfJUIZH2GazqxrQDW4G3g==
|
||||||
dependencies:
|
dependencies:
|
||||||
"@atproto/common" "^0.3.1"
|
"@atproto/common" "^0.4.1"
|
||||||
"@atproto/crypto" "^0.2.2"
|
"@atproto/crypto" "^0.4.0"
|
||||||
"@atproto/lexicon" "^0.2.2"
|
"@atproto/lexicon" "^0.4.0"
|
||||||
|
"@atproto/xrpc" "^0.5.0"
|
||||||
cbor-x "^1.5.1"
|
cbor-x "^1.5.1"
|
||||||
express "^4.17.2"
|
express "^4.17.2"
|
||||||
http-errors "^2.0.0"
|
http-errors "^2.0.0"
|
||||||
@ -107,7 +155,7 @@
|
|||||||
rate-limiter-flexible "^2.4.1"
|
rate-limiter-flexible "^2.4.1"
|
||||||
uint8arrays "3.0.0"
|
uint8arrays "3.0.0"
|
||||||
ws "^8.12.0"
|
ws "^8.12.0"
|
||||||
zod "^3.21.4"
|
zod "^3.23.8"
|
||||||
|
|
||||||
"@atproto/xrpc@^0.3.2":
|
"@atproto/xrpc@^0.3.2":
|
||||||
version "0.3.2"
|
version "0.3.2"
|
||||||
@ -117,6 +165,14 @@
|
|||||||
"@atproto/lexicon" "^0.2.2"
|
"@atproto/lexicon" "^0.2.2"
|
||||||
zod "^3.21.4"
|
zod "^3.21.4"
|
||||||
|
|
||||||
|
"@atproto/xrpc@^0.5.0":
|
||||||
|
version "0.5.0"
|
||||||
|
resolved "https://registry.yarnpkg.com/@atproto/xrpc/-/xrpc-0.5.0.tgz#dacbfd8f7b13f0ab5bd56f8fdd4b460e132a6032"
|
||||||
|
integrity sha512-swu+wyOLvYW4l3n+VAuJbHcPcES+tin2Lsrp8Bw5aIXIICiuFn1YMFlwK9JwVUzTH21Py1s1nHEjr4CJeElJog==
|
||||||
|
dependencies:
|
||||||
|
"@atproto/lexicon" "^0.4.0"
|
||||||
|
zod "^3.21.4"
|
||||||
|
|
||||||
"@cbor-extract/cbor-extract-darwin-arm64@2.1.1":
|
"@cbor-extract/cbor-extract-darwin-arm64@2.1.1":
|
||||||
version "2.1.1"
|
version "2.1.1"
|
||||||
resolved "https://registry.npmjs.org/@cbor-extract/cbor-extract-darwin-arm64/-/cbor-extract-darwin-arm64-2.1.1.tgz"
|
resolved "https://registry.npmjs.org/@cbor-extract/cbor-extract-darwin-arm64/-/cbor-extract-darwin-arm64-2.1.1.tgz"
|
||||||
@ -887,6 +943,14 @@ path-to-regexp@0.1.7:
|
|||||||
resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz"
|
resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz"
|
||||||
integrity sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ==
|
integrity sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ==
|
||||||
|
|
||||||
|
pino-abstract-transport@^1.2.0:
|
||||||
|
version "1.2.0"
|
||||||
|
resolved "https://registry.yarnpkg.com/pino-abstract-transport/-/pino-abstract-transport-1.2.0.tgz#97f9f2631931e242da531b5c66d3079c12c9d1b5"
|
||||||
|
integrity sha512-Guhh8EZfPCfH+PMXAb6rKOjGQEoy0xlAIn+irODG5kgfYV+BQ0rGYYWTIel3P5mmyXqkYkPmdIkywsn6QKUR1Q==
|
||||||
|
dependencies:
|
||||||
|
readable-stream "^4.0.0"
|
||||||
|
split2 "^4.0.0"
|
||||||
|
|
||||||
pino-abstract-transport@v1.1.0:
|
pino-abstract-transport@v1.1.0:
|
||||||
version "1.1.0"
|
version "1.1.0"
|
||||||
resolved "https://registry.yarnpkg.com/pino-abstract-transport/-/pino-abstract-transport-1.1.0.tgz#083d98f966262164504afb989bccd05f665937a8"
|
resolved "https://registry.yarnpkg.com/pino-abstract-transport/-/pino-abstract-transport-1.1.0.tgz#083d98f966262164504afb989bccd05f665937a8"
|
||||||
@ -917,6 +981,23 @@ pino@^8.15.0:
|
|||||||
sonic-boom "^3.1.0"
|
sonic-boom "^3.1.0"
|
||||||
thread-stream "^2.0.0"
|
thread-stream "^2.0.0"
|
||||||
|
|
||||||
|
pino@^8.21.0:
|
||||||
|
version "8.21.0"
|
||||||
|
resolved "https://registry.yarnpkg.com/pino/-/pino-8.21.0.tgz#e1207f3675a2722940d62da79a7a55a98409f00d"
|
||||||
|
integrity sha512-ip4qdzjkAyDDZklUaZkcRFb2iA118H9SgRh8yzTkSQK8HilsOJF7rSY8HoW5+I0M46AZgX/pxbprf2vvzQCE0Q==
|
||||||
|
dependencies:
|
||||||
|
atomic-sleep "^1.0.0"
|
||||||
|
fast-redact "^3.1.1"
|
||||||
|
on-exit-leak-free "^2.1.0"
|
||||||
|
pino-abstract-transport "^1.2.0"
|
||||||
|
pino-std-serializers "^6.0.0"
|
||||||
|
process-warning "^3.0.0"
|
||||||
|
quick-format-unescaped "^4.0.3"
|
||||||
|
real-require "^0.2.0"
|
||||||
|
safe-stable-stringify "^2.3.1"
|
||||||
|
sonic-boom "^3.7.0"
|
||||||
|
thread-stream "^2.6.0"
|
||||||
|
|
||||||
prebuild-install@^7.1.0:
|
prebuild-install@^7.1.0:
|
||||||
version "7.1.1"
|
version "7.1.1"
|
||||||
resolved "https://registry.npmjs.org/prebuild-install/-/prebuild-install-7.1.1.tgz"
|
resolved "https://registry.npmjs.org/prebuild-install/-/prebuild-install-7.1.1.tgz"
|
||||||
@ -940,6 +1021,11 @@ process-warning@^2.0.0:
|
|||||||
resolved "https://registry.npmjs.org/process-warning/-/process-warning-2.2.0.tgz"
|
resolved "https://registry.npmjs.org/process-warning/-/process-warning-2.2.0.tgz"
|
||||||
integrity sha512-/1WZ8+VQjR6avWOgHeEPd7SDQmFQ1B5mC1eRXsCm5TarlNmx/wCsa5GEaxGm05BORRtyG/Ex/3xq3TuRvq57qg==
|
integrity sha512-/1WZ8+VQjR6avWOgHeEPd7SDQmFQ1B5mC1eRXsCm5TarlNmx/wCsa5GEaxGm05BORRtyG/Ex/3xq3TuRvq57qg==
|
||||||
|
|
||||||
|
process-warning@^3.0.0:
|
||||||
|
version "3.0.0"
|
||||||
|
resolved "https://registry.yarnpkg.com/process-warning/-/process-warning-3.0.0.tgz#96e5b88884187a1dce6f5c3166d611132058710b"
|
||||||
|
integrity sha512-mqn0kFRl0EoqhnL0GQ0veqFHyIN1yig9RHh/InzORTUiZHFRAur+aMtRkELNwGs9aNwKS6tg/An4NYBPGwvtzQ==
|
||||||
|
|
||||||
process@^0.11.10:
|
process@^0.11.10:
|
||||||
version "0.11.10"
|
version "0.11.10"
|
||||||
resolved "https://registry.npmjs.org/process/-/process-0.11.10.tgz"
|
resolved "https://registry.npmjs.org/process/-/process-0.11.10.tgz"
|
||||||
@ -1120,6 +1206,13 @@ sonic-boom@^3.1.0:
|
|||||||
dependencies:
|
dependencies:
|
||||||
atomic-sleep "^1.0.0"
|
atomic-sleep "^1.0.0"
|
||||||
|
|
||||||
|
sonic-boom@^3.7.0:
|
||||||
|
version "3.8.1"
|
||||||
|
resolved "https://registry.yarnpkg.com/sonic-boom/-/sonic-boom-3.8.1.tgz#d5ba8c4e26d6176c9a1d14d549d9ff579a163422"
|
||||||
|
integrity sha512-y4Z8LCDBuum+PBP3lSV7RHrXscqksve/bi0as7mhwVnBW+/wUqKT/2Kb7um8yqcFy0duYbbPxzt89Zy2nOCaxg==
|
||||||
|
dependencies:
|
||||||
|
atomic-sleep "^1.0.0"
|
||||||
|
|
||||||
split2@^4.0.0:
|
split2@^4.0.0:
|
||||||
version "4.2.0"
|
version "4.2.0"
|
||||||
resolved "https://registry.npmjs.org/split2/-/split2-4.2.0.tgz"
|
resolved "https://registry.npmjs.org/split2/-/split2-4.2.0.tgz"
|
||||||
@ -1170,6 +1263,13 @@ thread-stream@^2.0.0:
|
|||||||
dependencies:
|
dependencies:
|
||||||
real-require "^0.2.0"
|
real-require "^0.2.0"
|
||||||
|
|
||||||
|
thread-stream@^2.6.0:
|
||||||
|
version "2.7.0"
|
||||||
|
resolved "https://registry.yarnpkg.com/thread-stream/-/thread-stream-2.7.0.tgz#d8a8e1b3fd538a6cca8ce69dbe5d3d097b601e11"
|
||||||
|
integrity sha512-qQiRWsU/wvNolI6tbbCKd9iKaTnCXsTwVxhhKM6nctPdujTyztjlbUkUTUymidWcMnZ5pWR0ej4a0tjsW021vw==
|
||||||
|
dependencies:
|
||||||
|
real-require "^0.2.0"
|
||||||
|
|
||||||
tlds@^1.234.0:
|
tlds@^1.234.0:
|
||||||
version "1.238.0"
|
version "1.238.0"
|
||||||
resolved "https://registry.yarnpkg.com/tlds/-/tlds-1.238.0.tgz#ffe7c19c8940c35b497cda187a6927f9450325a4"
|
resolved "https://registry.yarnpkg.com/tlds/-/tlds-1.238.0.tgz#ffe7c19c8940c35b497cda187a6927f9450325a4"
|
||||||
@ -1297,3 +1397,8 @@ zod@^3.21.4:
|
|||||||
version "3.22.2"
|
version "3.22.2"
|
||||||
resolved "https://registry.yarnpkg.com/zod/-/zod-3.22.2.tgz#3add8c682b7077c05ac6f979fea6998b573e157b"
|
resolved "https://registry.yarnpkg.com/zod/-/zod-3.22.2.tgz#3add8c682b7077c05ac6f979fea6998b573e157b"
|
||||||
integrity sha512-wvWkphh5WQsJbVk1tbx1l1Ly4yg+XecD+Mq280uBGt9wa5BKSWf4Mhp6GmrkPixhMxmabYY7RbzlwVP32pbGCg==
|
integrity sha512-wvWkphh5WQsJbVk1tbx1l1Ly4yg+XecD+Mq280uBGt9wa5BKSWf4Mhp6GmrkPixhMxmabYY7RbzlwVP32pbGCg==
|
||||||
|
|
||||||
|
zod@^3.23.8:
|
||||||
|
version "3.23.8"
|
||||||
|
resolved "https://registry.yarnpkg.com/zod/-/zod-3.23.8.tgz#e37b957b5d52079769fb8097099b592f0ef4067d"
|
||||||
|
integrity sha512-XBx9AXhXktjUqnepgTiE5flcKIYWi/rme0Eaj+5Y0lftuGBq+jyRu/md4WnuxqgP1ubdpNCsYEYPxrzVHD8d6g==
|
||||||
|
Loading…
Reference in New Issue
Block a user