hailey.at / cocoon
An atproto PDS written in Go
fork atom

Fix proxying getFeed to issue a token for the feed generator (#38)

Ed Costello 5a6fbfab 64fa62eb

options
unified split
Changed files
+50 -1
server
handle_proxy.go
handle_proxy_get_feed.go
server.go
+14 -1
server/handle_proxy.go 
···

       
96

       
96

       
 

       



     

       
97

       
97

       
 

       
		encheader := strings.TrimRight(base64.RawURLEncoding.EncodeToString(hj), "=")


     

       
98

       
98

       
 

       



     

       

       
99

       
+

       
		// When proxying app.bsky.feed.getFeed the token is actually issued for the


     

       

       
100

       
+

       
		// underlying feed generator and the app view passes it on. This allows the


     

       

       
101

       
+

       
		// getFeed implementation to pass in the desired lxm and aud for the token


     

       

       
102

       
+

       
		// and then just delegate to the general proxying logic


     

       

       
103

       
+

       
		lxm, proxyTokenLxmExists := e.Get("proxyTokenLxm").(string)


     

       

       
104

       
+

       
		if !proxyTokenLxmExists || lxm == "" {


     

       

       
105

       
+

       
			lxm = pts[2]


     

       

       
106

       
+

       
		}


     

       

       
107

       
+

       
		aud, proxyTokenAudExists := e.Get("proxyTokenAud").(string)


     

       

       
108

       
+

       
		if !proxyTokenAudExists || aud == "" {


     

       

       
109

       
+

       
			aud = svcDid


     

       

       
110

       
+

       
		}


     

       

       
111

       
+

       



     

       
99

       
112

       
 

       
		payload := map[string]any{


     

       
100

       
113

       
 

       
			"iss": repo.Repo.Did,


     

       
101

       
114

       
 

       
			"aud": svcDid,


     

       
102

       

       
-

       
			"lxm": pts[2],


     

       

       
115

       
+

       
			"lxm": lxm,


     

       
103

       
116

       
 

       
			"jti": uuid.NewString(),


     

       
104

       
117

       
 

       
			"exp": time.Now().Add(1 * time.Minute).UTC().Unix(),


     

       
105

       
118

       
 

       
		}
+35
server/handle_proxy_get_feed.go 
···

       

       
1

       
+

       
package server


     

       

       
2

       
+

       



     

       

       
3

       
+

       
import (


     

       

       
4

       
+

       
	"github.com/Azure/go-autorest/autorest/to"


     

       

       
5

       
+

       
	"github.com/bluesky-social/indigo/api/atproto"


     

       

       
6

       
+

       
	"github.com/bluesky-social/indigo/api/bsky"


     

       

       
7

       
+

       
	"github.com/bluesky-social/indigo/atproto/syntax"


     

       

       
8

       
+

       
	"github.com/bluesky-social/indigo/xrpc"


     

       

       
9

       
+

       
	"github.com/haileyok/cocoon/internal/helpers"


     

       

       
10

       
+

       
	"github.com/labstack/echo/v4"


     

       

       
11

       
+

       
)


     

       

       
12

       
+

       



     

       

       
13

       
+

       
func (s *Server) handleProxyBskyFeedGetFeed(e echo.Context) error {


     

       

       
14

       
+

       
	feedUri, err := syntax.ParseATURI(e.QueryParam("feed"))


     

       

       
15

       
+

       
	if err != nil {


     

       

       
16

       
+

       
		return helpers.InputError(e, to.StringPtr("invalid feed uri"))


     

       

       
17

       
+

       
	}


     

       

       
18

       
+

       



     

       

       
19

       
+

       
	appViewEndpoint, _, err := s.getAtprotoProxyEndpointFromRequest(e)


     

       

       
20

       
+

       
	if err != nil {


     

       

       
21

       
+

       
		e.Logger().Error("could not get atproto proxy", "error", err)


     

       

       
22

       
+

       
		return helpers.ServerError(e, nil)


     

       

       
23

       
+

       
	}


     

       

       
24

       
+

       



     

       

       
25

       
+

       
	appViewClient := xrpc.Client{


     

       

       
26

       
+

       
		Host: appViewEndpoint,


     

       

       
27

       
+

       
	}


     

       

       
28

       
+

       
	feedRecord, err := atproto.RepoGetRecord(e.Request().Context(), &appViewClient, "", feedUri.Collection().String(), feedUri.Authority().String(), feedUri.RecordKey().String())


     

       

       
29

       
+

       
	feedGeneratorDid := feedRecord.Value.Val.(*bsky.FeedGenerator).Did


     

       

       
30

       
+

       



     

       

       
31

       
+

       
	e.Set("proxyTokenLxm", "app.bsky.feed.getFeedSkeleton")


     

       

       
32

       
+

       
	e.Set("proxyTokenAud", feedGeneratorDid)


     

       

       
33

       
+

       



     

       

       
34

       
+

       
	return s.handleProxy(e)


     

       

       
35

       
+

       
}
+1
server/server.go 
···

       
486

       
486

       
 

       
	// stupid silly endpoints


     

       
487

       
487

       
 

       
	s.echo.GET("/xrpc/app.bsky.actor.getPreferences", s.handleActorGetPreferences, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)


     

       
488

       
488

       
 

       
	s.echo.POST("/xrpc/app.bsky.actor.putPreferences", s.handleActorPutPreferences, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)


     

       

       
489

       
+

       
	s.echo.GET("/xrpc/app.bsky.feed.getFeed", s.handleProxyBskyFeedGetFeed, s.handleLegacySessionMiddleware, s.handleOauthSessionMiddleware)


     

       
489

       
490

       
 

       



     

       
490

       
491

       
 

       
	// admin routes


     

       
491

       
492

       
 

       
	s.echo.POST("/xrpc/com.atproto.server.createInviteCode", s.handleCreateInviteCode, s.handleAdminMiddleware)