src/routes/wisp.ts at 267837e1c6e6c9a7a47dbf124169302225e249ef · nekomimi.pet/wisp.place-monorepo

Monorepo for wisp.place. A static site hosting service built on top of the AT Protocol. wisp.place
wisp.place-monorepo / src / routes / wisp.ts
at 267837e1c6e6c9a7a47dbf124169302225e249ef 16 kB view raw
  1import { Elysia } from 'elysia'
  2import { requireAuth, type AuthenticatedContext } from '../lib/wisp-auth'
  3import { NodeOAuthClient } from '@atproto/oauth-client-node'
  4import { Agent } from '@atproto/api'
  5import {
  6	type UploadedFile,
  7	type FileUploadResult,
  8	processUploadedFiles,
  9	createManifest,
 10	updateFileBlobs,
 11	shouldCompressFile,
 12	compressFile,
 13	computeCID,
 14	extractBlobMap
 15} from '../lib/wisp-utils'
 16import { upsertSite } from '../lib/db'
 17import { logger } from '../lib/observability'
 18import { validateRecord } from '../lexicons/types/place/wisp/fs'
 19import { MAX_SITE_SIZE, MAX_FILE_SIZE, MAX_FILE_COUNT } from '../lib/constants'
 20
 21function isValidSiteName(siteName: string): boolean {
 22	if (!siteName || typeof siteName !== 'string') return false;
 23
 24	// Length check (AT Protocol rkey limit)
 25	if (siteName.length < 1 || siteName.length > 512) return false;
 26
 27	// Check for path traversal
 28	if (siteName === '.' || siteName === '..') return false;
 29	if (siteName.includes('/') || siteName.includes('\\')) return false;
 30	if (siteName.includes('\0')) return false;
 31
 32	// AT Protocol rkey format: alphanumeric, dots, dashes, underscores, tildes, colons
 33	// Based on NSID format rules
 34	const validRkeyPattern = /^[a-zA-Z0-9._~:-]+$/;
 35	if (!validRkeyPattern.test(siteName)) return false;
 36
 37	return true;
 38}
 39
 40export const wispRoutes = (client: NodeOAuthClient, cookieSecret: string) =>
 41	new Elysia({
 42		prefix: '/wisp',
 43		cookie: {
 44			secrets: cookieSecret,
 45			sign: ['did']
 46		}
 47	})
 48		.derive(async ({ cookie }) => {
 49			const auth = await requireAuth(client, cookie)
 50			return { auth }
 51		})
 52		.post(
 53			'/upload-files',
 54			async ({ body, auth }) => {
 55				const { siteName, files } = body as {
 56					siteName: string;
 57					files: File | File[]
 58				};
 59
 60				console.log('=== UPLOAD FILES START ===');
 61				console.log('Site name:', siteName);
 62				console.log('Files received:', Array.isArray(files) ? files.length : 'single file');
 63
 64				try {
 65					if (!siteName) {
 66						throw new Error('Site name is required')
 67					}
 68
 69					if (!isValidSiteName(siteName)) {
 70						throw new Error('Invalid site name: must be 1-512 characters and contain only alphanumeric, dots, dashes, underscores, tildes, and colons')
 71					}
 72
 73					// Check if files were provided
 74					const hasFiles = files && (Array.isArray(files) ? files.length > 0 : !!files);
 75
 76					if (!hasFiles) {
 77						// Create agent with OAuth session
 78						const agent = new Agent((url, init) => auth.session.fetchHandler(url, init))
 79
 80						// Create empty manifest
 81						const emptyManifest = {
 82							$type: 'place.wisp.fs',
 83							site: siteName,
 84							root: {
 85								type: 'directory',
 86								entries: []
 87							},
 88							fileCount: 0,
 89							createdAt: new Date().toISOString()
 90						};
 91
 92						// Validate the manifest
 93						const validationResult = validateRecord(emptyManifest);
 94						if (!validationResult.success) {
 95							throw new Error(`Invalid manifest: ${validationResult.error?.message || 'Validation failed'}`);
 96						}
 97
 98						// Use site name as rkey
 99						const rkey = siteName;
100
101						const record = await agent.com.atproto.repo.putRecord({
102							repo: auth.did,
103							collection: 'place.wisp.fs',
104							rkey: rkey,
105							record: emptyManifest
106						});
107
108						await upsertSite(auth.did, rkey, siteName);
109
110						return {
111							success: true,
112							uri: record.data.uri,
113							cid: record.data.cid,
114							fileCount: 0,
115							siteName
116						};
117					}
118
119					// Create agent with OAuth session
120					const agent = new Agent((url, init) => auth.session.fetchHandler(url, init))
121					console.log('Agent created for DID:', auth.did);
122
123					// Try to fetch existing record to enable incremental updates
124					let existingBlobMap = new Map<string, { blobRef: any; cid: string }>();
125					console.log('Attempting to fetch existing record...');
126					try {
127						const rkey = siteName;
128						const existingRecord = await agent.com.atproto.repo.getRecord({
129							repo: auth.did,
130							collection: 'place.wisp.fs',
131							rkey: rkey
132						});
133						console.log('Existing record found!');
134
135						if (existingRecord.data.value && typeof existingRecord.data.value === 'object' && 'root' in existingRecord.data.value) {
136							const manifest = existingRecord.data.value as any;
137							existingBlobMap = extractBlobMap(manifest.root);
138							console.log(`Found existing manifest with ${existingBlobMap.size} files for incremental update`);
139							logger.info(`Found existing manifest with ${existingBlobMap.size} files for incremental update`);
140						}
141					} catch (error: any) {
142						console.log('No existing record found or error:', error?.message || error);
143						// Record doesn't exist yet, this is a new site
144						if (error?.status !== 400 && error?.error !== 'RecordNotFound') {
145							logger.warn('Failed to fetch existing record, proceeding with full upload', error);
146						}
147					}
148
149					// Convert File objects to UploadedFile format
150					// Elysia gives us File objects directly, handle both single file and array
151					const fileArray = Array.isArray(files) ? files : [files];
152					const uploadedFiles: UploadedFile[] = [];
153					const skippedFiles: Array<{ name: string; reason: string }> = [];
154
155					console.log('Processing files, count:', fileArray.length);
156
157					for (let i = 0; i < fileArray.length; i++) {
158						const file = fileArray[i];
159						console.log(`Processing file ${i + 1}/${fileArray.length}:`, file.name, file.size, 'bytes');
160
161						// Skip files that are too large (limit to 100MB per file)
162						const maxSize = MAX_FILE_SIZE; // 100MB
163						if (file.size > maxSize) {
164							skippedFiles.push({
165								name: file.name,
166								reason: `file too large (${(file.size / 1024 / 1024).toFixed(2)}MB, max 100MB)`
167							});
168							continue;
169						}
170
171						const arrayBuffer = await file.arrayBuffer();
172						const originalContent = Buffer.from(arrayBuffer);
173						const originalMimeType = file.type || 'application/octet-stream';
174
175						// Compress and base64 encode ALL files
176						const compressedContent = compressFile(originalContent);
177						// Base64 encode the gzipped content to prevent PDS content sniffing
178						// Convert base64 string to bytes using binary encoding (each char becomes exactly one byte)
179						// This is what PDS receives and computes CID on
180						const base64Content = Buffer.from(compressedContent.toString('base64'), 'binary');
181						const compressionRatio = (compressedContent.length / originalContent.length * 100).toFixed(1);
182						console.log(`Compressing ${file.name}: ${originalContent.length} -> ${compressedContent.length} bytes (${compressionRatio}%), base64: ${base64Content.length} bytes`);
183						logger.info(`Compressing ${file.name}: ${originalContent.length} -> ${compressedContent.length} bytes (${compressionRatio}%), base64: ${base64Content.length} bytes`);
184
185						uploadedFiles.push({
186							name: file.name,
187							content: base64Content, // This is the gzipped+base64 content that will be uploaded and CID-computed
188							mimeType: originalMimeType,
189							size: base64Content.length,
190							compressed: true,
191							originalMimeType
192						});
193					}
194
195					// Check total size limit (300MB)
196					const totalSize = uploadedFiles.reduce((sum, file) => sum + file.size, 0);
197					const maxTotalSize = MAX_SITE_SIZE; // 300MB
198
199					if (totalSize > maxTotalSize) {
200						throw new Error(`Total upload size ${(totalSize / 1024 / 1024).toFixed(2)}MB exceeds 300MB limit`);
201					}
202
203					// Check file count limit (2000 files)
204					if (uploadedFiles.length > MAX_FILE_COUNT) {
205						throw new Error(`File count ${uploadedFiles.length} exceeds ${MAX_FILE_COUNT} files limit`);
206					}
207
208					if (uploadedFiles.length === 0) {
209
210						// Create empty manifest
211						const emptyManifest = {
212							$type: 'place.wisp.fs',
213							site: siteName,
214							root: {
215								type: 'directory',
216								entries: []
217							},
218							fileCount: 0,
219							createdAt: new Date().toISOString()
220						};
221
222						// Validate the manifest
223						const validationResult = validateRecord(emptyManifest);
224						if (!validationResult.success) {
225							throw new Error(`Invalid manifest: ${validationResult.error?.message || 'Validation failed'}`);
226						}
227
228						// Use site name as rkey
229						const rkey = siteName;
230
231						const record = await agent.com.atproto.repo.putRecord({
232							repo: auth.did,
233							collection: 'place.wisp.fs',
234							rkey: rkey,
235							record: emptyManifest
236						});
237
238						await upsertSite(auth.did, rkey, siteName);
239
240						return {
241							success: true,
242							uri: record.data.uri,
243							cid: record.data.cid,
244							fileCount: 0,
245							siteName,
246							skippedFiles,
247							message: 'Site created but no valid web files were found to upload'
248						};
249					}
250
251					// Process files into directory structure
252					console.log('Processing uploaded files into directory structure...');
253					console.log('uploadedFiles array length:', uploadedFiles.length);
254					console.log('uploadedFiles contents:', uploadedFiles.map((f, i) => `${i}: ${f?.name || 'UNDEFINED'}`));
255
256					// Filter out any undefined/null/invalid entries (defensive)
257					const validUploadedFiles = uploadedFiles.filter((f, i) => {
258						if (!f) {
259							console.error(`Filtering out undefined/null file at index ${i}`);
260							return false;
261						}
262						if (!f.name) {
263							console.error(`Filtering out file with no name at index ${i}:`, f);
264							return false;
265						}
266						if (!f.content) {
267							console.error(`Filtering out file with no content at index ${i}:`, f.name);
268							return false;
269						}
270						return true;
271					});
272					if (validUploadedFiles.length !== uploadedFiles.length) {
273						console.warn(`Filtered out ${uploadedFiles.length - validUploadedFiles.length} invalid files`);
274					}
275					console.log('validUploadedFiles length:', validUploadedFiles.length);
276
277					const { directory, fileCount } = processUploadedFiles(validUploadedFiles);
278					console.log('Directory structure created, file count:', fileCount);
279
280					// Upload files as blobs in parallel (or reuse existing blobs with matching CIDs)
281					console.log('Starting blob upload/reuse phase...');
282					// For compressed files, we upload as octet-stream and store the original MIME type in metadata
283					// For text/html files, we also use octet-stream as a workaround for PDS image pipeline issues
284					const uploadPromises = validUploadedFiles.map(async (file, i) => {
285						try {
286							// Skip undefined files (shouldn't happen after filter, but defensive)
287							if (!file || !file.name) {
288								console.error(`ERROR: Undefined file at index ${i} in validUploadedFiles!`);
289								throw new Error(`Undefined file at index ${i}`);
290							}
291
292							// Compute CID for this file to check if it already exists
293							// Note: file.content is already gzipped+base64 encoded
294							const fileCID = computeCID(file.content);
295
296							// Normalize the file path for comparison (remove base folder prefix like "cobblemon/")
297							const normalizedPath = file.name.replace(/^[^\/]*\//, '');
298
299							// Check if we have an existing blob with the same CID
300							// Try both the normalized path and the full path
301							const existingBlob = existingBlobMap.get(normalizedPath) || existingBlobMap.get(file.name);
302
303							if (existingBlob && existingBlob.cid === fileCID) {
304								// Reuse existing blob - no need to upload
305								logger.info(`[File Upload] Reusing existing blob for: ${file.name} (CID: ${fileCID})`);
306
307								return {
308									result: {
309										hash: existingBlob.cid,
310										blobRef: existingBlob.blobRef,
311										...(file.compressed && {
312											encoding: 'gzip' as const,
313											mimeType: file.originalMimeType || file.mimeType,
314											base64: true
315										})
316									},
317									filePath: file.name,
318									sentMimeType: file.mimeType,
319									returnedMimeType: existingBlob.blobRef.mimeType,
320									reused: true
321								};
322							}
323
324							// File is new or changed - upload it
325							// If compressed, always upload as octet-stream
326							// Otherwise, workaround: PDS incorrectly processes text/html through image pipeline
327							const uploadMimeType = file.compressed || file.mimeType.startsWith('text/html')
328								? 'application/octet-stream'
329								: file.mimeType;
330
331							const compressionInfo = file.compressed ? ' (gzipped)' : '';
332							logger.info(`[File Upload] Uploading new/changed file: ${file.name} (original: ${file.mimeType}, sending as: ${uploadMimeType}, ${file.size} bytes${compressionInfo}, CID: ${fileCID})`);
333
334							const uploadResult = await agent.com.atproto.repo.uploadBlob(
335								file.content,
336								{
337									encoding: uploadMimeType
338								}
339							);
340
341							const returnedBlobRef = uploadResult.data.blob;
342
343							// Use the blob ref exactly as returned from PDS
344							return {
345								result: {
346									hash: returnedBlobRef.ref.toString(),
347									blobRef: returnedBlobRef,
348									...(file.compressed && {
349										encoding: 'gzip' as const,
350										mimeType: file.originalMimeType || file.mimeType,
351										base64: true
352									})
353								},
354								filePath: file.name,
355								sentMimeType: file.mimeType,
356								returnedMimeType: returnedBlobRef.mimeType,
357								reused: false
358							};
359						} catch (uploadError) {
360							logger.error('Upload failed for file', uploadError);
361							throw uploadError;
362						}
363					});
364
365					// Wait for all uploads to complete
366					const uploadedBlobs = await Promise.all(uploadPromises);
367
368					// Count reused vs uploaded blobs
369					const reusedCount = uploadedBlobs.filter(b => (b as any).reused).length;
370					const uploadedCount = uploadedBlobs.filter(b => !(b as any).reused).length;
371					console.log(`Blob statistics: ${reusedCount} reused, ${uploadedCount} uploaded, ${uploadedBlobs.length} total`);
372					logger.info(`Blob statistics: ${reusedCount} reused, ${uploadedCount} uploaded, ${uploadedBlobs.length} total`);
373
374					// Extract results and file paths in correct order
375					const uploadResults: FileUploadResult[] = uploadedBlobs.map(blob => blob.result);
376					const filePaths: string[] = uploadedBlobs.map(blob => blob.filePath);
377
378					// Update directory with file blobs
379					console.log('Updating directory with blob references...');
380					const updatedDirectory = updateFileBlobs(directory, uploadResults, filePaths);
381
382					// Create manifest
383					console.log('Creating manifest...');
384					const manifest = createManifest(siteName, updatedDirectory, fileCount);
385					console.log('Manifest created successfully');
386
387					// Use site name as rkey
388					const rkey = siteName;
389
390					let record;
391					try {
392						console.log('Putting record to PDS with rkey:', rkey);
393						record = await agent.com.atproto.repo.putRecord({
394							repo: auth.did,
395							collection: 'place.wisp.fs',
396							rkey: rkey,
397							record: manifest
398						});
399						console.log('Record successfully created on PDS:', record.data.uri);
400					} catch (putRecordError: any) {
401						console.error('FAILED to create record on PDS:', putRecordError);
402						logger.error('Failed to create record on PDS', putRecordError);
403
404						throw putRecordError;
405					}
406
407					// Store site in database cache
408					await upsertSite(auth.did, rkey, siteName);
409
410					const result = {
411						success: true,
412						uri: record.data.uri,
413						cid: record.data.cid,
414						fileCount,
415						siteName,
416						skippedFiles,
417						uploadedCount: validUploadedFiles.length
418					};
419
420					console.log('=== UPLOAD FILES COMPLETE ===');
421					return result;
422				} catch (error) {
423					console.error('=== UPLOAD ERROR ===');
424					console.error('Error details:', error);
425					console.error('Stack trace:', error instanceof Error ? error.stack : 'N/A');
426					logger.error('Upload error', error, {
427						message: error instanceof Error ? error.message : 'Unknown error',
428						name: error instanceof Error ? error.name : undefined
429					});
430					throw new Error(`Failed to upload files: ${error instanceof Error ? error.message : 'Unknown error'}`);
431				}
432			}
433		)