commit 6278b02a90900853383cfa1f448daa7988846240 · nekomimi.pet/wisp.place-monorepo

+2 -2

src/lib/db.test.ts

···

       66
        
       		// Now try to claim it with testDid1 - should fail

     

       67
        
       		try {

     

       68
        
       			await claimCustomDomain(testDid1, testDomain, hash3)

     

       69
       -
       			expect.fail('Should have thrown an error when trying to claim a verified domain')

     

       70
        
       		} catch (err) {

     

       71
       -
       			expect(err.message).toBe('conflict')

     

       72
        
       		}

     

       73
        
       

     

       74
        
       		// Verify the domain is still owned by testDid2 and verified

···

       66
        
       		// Now try to claim it with testDid1 - should fail

     

       67
        
       		try {

     

       68
        
       			await claimCustomDomain(testDid1, testDomain, hash3)

     

       69
       +
       			expect('Should have thrown an error when trying to claim a verified domain').fail()

     

       70
        
       		} catch (err) {

     

       71
       +
       			expect((err as Error).message).toBe('conflict')

     

       72
        
       		}

     

       73
        
       

     

       74
        
       		// Verify the domain is still owned by testDid2 and verified

+1 -242

src/lib/db.ts

···

       1
       -
       import { NodeOAuthClient, type ClientMetadata } from "@atproto/oauth-client-node";

     

       2
        
       import { SQL } from "bun";

     

       3
       -
       import { JoseKey } from "@atproto/jwk-jose";

     

       4
        
       import { BASE_HOST } from "./constants";

     

       5
        
       

     

       6
        
       export const db = new SQL(

     
···

       221
        
           return rows[0] ?? null;

     

       222
        
       };

     

       223
        
       

     

       224
       -
       export const getAllWispDomains = async (did: string) => {

     

       225
        
           const rows = await db`SELECT domain, rkey FROM domains WHERE did = ${did} ORDER BY created_at ASC`;

     

       226
        
           return rows;

     

       227
        
       };

     
···

       338
        
       

     

       339
        
       export const deleteWispDomain = async (domain: string): Promise<void> => {

     

       340
        
           await db`DELETE FROM domains WHERE domain = ${domain}`;

     

       341
       -
       };

     

       342
       -
       

     

       343
       -
       // Session timeout configuration (30 days in seconds)

     

       344
       -
       const SESSION_TIMEOUT = 30 * 24 * 60 * 60; // 2592000 seconds

     

       345
       -
       // OAuth state timeout (1 hour in seconds)

     

       346
       -
       const STATE_TIMEOUT = 60 * 60; // 3600 seconds

     

       347
       -
       

     

       348
       -
       const stateStore = {

     

       349
       -
           async set(key: string, data: any) {

     

       350
       -
               const expiresAt = Math.floor(Date.now() / 1000) + STATE_TIMEOUT;

     

       351
       -
               await db`

     

       352
       -
                   INSERT INTO oauth_states (key, data, created_at, expires_at)

     

       353
       -
                   VALUES (${key}, ${JSON.stringify(data)}, EXTRACT(EPOCH FROM NOW()), ${expiresAt})

     

       354
       -
                   ON CONFLICT (key) DO UPDATE SET data = EXCLUDED.data, expires_at = ${expiresAt}

     

       355
       -
               `;

     

       356
       -
           },

     

       357
       -
           async get(key: string) {

     

       358
       -
               const now = Math.floor(Date.now() / 1000);

     

       359
       -
               const result = await db`

     

       360
       -
                   SELECT data, expires_at

     

       361
       -
                   FROM oauth_states

     

       362
       -
                   WHERE key = ${key}

     

       363
       -
               `;

     

       364
       -
               if (!result[0]) return undefined;

     

       365
       -
       

     

       366
       -
               // Check if expired

     

       367
       -
               const expiresAt = Number(result[0].expires_at);

     

       368
       -
               if (expiresAt && now > expiresAt) {

     

       369
       -
                   await db`DELETE FROM oauth_states WHERE key = ${key}`;

     

       370
       -
                   return undefined;

     

       371
       -
               }

     

       372
       -
       

     

       373
       -
               return JSON.parse(result[0].data);

     

       374
       -
           },

     

       375
       -
           async del(key: string) {

     

       376
       -
               await db`DELETE FROM oauth_states WHERE key = ${key}`;

     

       377
       -
           }

     

       378
       -
       };

     

       379
       -
       

     

       380
       -
       const sessionStore = {

     

       381
       -
           async set(sub: string, data: any) {

     

       382
       -
               const expiresAt = Math.floor(Date.now() / 1000) + SESSION_TIMEOUT;

     

       383
       -
               await db`

     

       384
       -
                   INSERT INTO oauth_sessions (sub, data, updated_at, expires_at)

     

       385
       -
                   VALUES (${sub}, ${JSON.stringify(data)}, EXTRACT(EPOCH FROM NOW()), ${expiresAt})

     

       386
       -
                   ON CONFLICT (sub) DO UPDATE SET

     

       387
       -
                       data = EXCLUDED.data,

     

       388
       -
                       updated_at = EXTRACT(EPOCH FROM NOW()),

     

       389
       -
                       expires_at = ${expiresAt}

     

       390
       -
               `;

     

       391
       -
           },

     

       392
       -
           async get(sub: string) {

     

       393
       -
               const now = Math.floor(Date.now() / 1000);

     

       394
       -
               const result = await db`

     

       395
       -
                   SELECT data, expires_at

     

       396
       -
                   FROM oauth_sessions

     

       397
       -
                   WHERE sub = ${sub}

     

       398
       -
               `;

     

       399
       -
               if (!result[0]) return undefined;

     

       400
       -
       

     

       401
       -
               // Check if expired

     

       402
       -
               const expiresAt = Number(result[0].expires_at);

     

       403
       -
               if (expiresAt && now > expiresAt) {

     

       404
       -
                   console.log('[sessionStore] Session expired, deleting', sub);

     

       405
       -
                   await db`DELETE FROM oauth_sessions WHERE sub = ${sub}`;

     

       406
       -
                   return undefined;

     

       407
       -
               }

     

       408
       -
       

     

       409
       -
               return JSON.parse(result[0].data);

     

       410
       -
           },

     

       411
       -
           async del(sub: string) {

     

       412
       -
               await db`DELETE FROM oauth_sessions WHERE sub = ${sub}`;

     

       413
       -
           }

     

       414
       -
       };

     

       415
       -
       

     

       416
       -
       export { sessionStore };

     

       417
       -
       

     

       418
       -
       // Cleanup expired sessions and states

     

       419
       -
       export const cleanupExpiredSessions = async () => {

     

       420
       -
           const now = Math.floor(Date.now() / 1000);

     

       421
       -
           try {

     

       422
       -
               const sessionsDeleted = await db`

     

       423
       -
                   DELETE FROM oauth_sessions WHERE expires_at < ${now}

     

       424
       -
               `;

     

       425
       -
               const statesDeleted = await db`

     

       426
       -
                   DELETE FROM oauth_states WHERE expires_at IS NOT NULL AND expires_at < ${now}

     

       427
       -
               `;

     

       428
       -
               console.log(`[Cleanup] Deleted ${sessionsDeleted.length} expired sessions and ${statesDeleted.length} expired states`);

     

       429
       -
               return { sessions: sessionsDeleted.length, states: statesDeleted.length };

     

       430
       -
           } catch (err) {

     

       431
       -
               console.error('[Cleanup] Failed to cleanup expired data:', err);

     

       432
       -
               return { sessions: 0, states: 0 };

     

       433
       -
           }

     

       434
       -
       };

     

       435
       -
       

     

       436
       -
       export const createClientMetadata = (config: { domain: `http://${string}` | `https://${string}`, clientName: string }): ClientMetadata => {

     

       437
       -
           const isLocalDev = process.env.LOCAL_DEV === 'true';

     

       438
       -
       

     

       439
       -
           if (isLocalDev) {

     

       440
       -
               // Loopback client for local development

     

       441
       -
               // For loopback, scopes and redirect_uri must be in client_id query string

     

       442
       -
               const redirectUri = 'http://127.0.0.1:8000/api/auth/callback';

     

       443
       -
               const scope = 'atproto transition:generic';

     

       444
       -
               const params = new URLSearchParams();

     

       445
       -
               params.append('redirect_uri', redirectUri);

     

       446
       -
               params.append('scope', scope);

     

       447
       -
       

     

       448
       -
               return {

     

       449
       -
                   client_id: `http://localhost?${params.toString()}`,

     

       450
       -
                   client_name: config.clientName,

     

       451
       -
                   client_uri: config.domain,

     

       452
       -
                   redirect_uris: [redirectUri],

     

       453
       -
                   grant_types: ['authorization_code', 'refresh_token'],

     

       454
       -
                   response_types: ['code'],

     

       455
       -
                   application_type: 'web',

     

       456
       -
                   token_endpoint_auth_method: 'none',

     

       457
       -
                   scope: scope,

     

       458
       -
                   dpop_bound_access_tokens: false,

     

       459
       -
                   subject_type: 'public'

     

       460
       -
               };

     

       461
       -
           }

     

       462
       -
       

     

       463
       -
           // Production client with private_key_jwt

     

       464
       -
           return {

     

       465
       -
               client_id: `${config.domain}/client-metadata.json`,

     

       466
       -
               client_name: config.clientName,

     

       467
       -
               client_uri: config.domain,

     

       468
       -
               logo_uri: `${config.domain}/logo.png`,

     

       469
       -
               tos_uri: `${config.domain}/tos`,

     

       470
       -
               policy_uri: `${config.domain}/policy`,

     

       471
       -
               redirect_uris: [`${config.domain}/api/auth/callback`],

     

       472
       -
               grant_types: ['authorization_code', 'refresh_token'],

     

       473
       -
               response_types: ['code'],

     

       474
       -
               application_type: 'web',

     

       475
       -
               token_endpoint_auth_method: 'private_key_jwt',

     

       476
       -
               token_endpoint_auth_signing_alg: "ES256",

     

       477
       -
               scope: "atproto transition:generic",

     

       478
       -
               dpop_bound_access_tokens: true,

     

       479
       -
               jwks_uri: `${config.domain}/jwks.json`,

     

       480
       -
               subject_type: 'public',

     

       481
       -
               authorization_signed_response_alg: 'ES256'

     

       482
       -
           };

     

       483
       -
       };

     

       484
       -
       

     

       485
       -
       const persistKey = async (key: JoseKey) => {

     

       486
       -
           const priv = key.privateJwk;

     

       487
       -
           if (!priv) return;

     

       488
       -
           const kid = key.kid ?? crypto.randomUUID();

     

       489
       -
           await db`

     

       490
       -
               INSERT INTO oauth_keys (kid, jwk, created_at)

     

       491
       -
               VALUES (${kid}, ${JSON.stringify(priv)}, EXTRACT(EPOCH FROM NOW()))

     

       492
       -
               ON CONFLICT (kid) DO UPDATE SET jwk = EXCLUDED.jwk

     

       493
       -
           `;

     

       494
       -
       };

     

       495
       -
       

     

       496
       -
       const loadPersistedKeys = async (): Promise<JoseKey[]> => {

     

       497
       -
           const rows = await db`SELECT kid, jwk, created_at FROM oauth_keys ORDER BY kid`;

     

       498
       -
           const keys: JoseKey[] = [];

     

       499
       -
           for (const row of rows) {

     

       500
       -
               try {

     

       501
       -
                   const obj = JSON.parse(row.jwk);

     

       502
       -
                   const key = await JoseKey.fromImportable(obj as any, (obj as any).kid);

     

       503
       -
                   keys.push(key);

     

       504
       -
               } catch (err) {

     

       505
       -
                   console.error('Could not parse stored JWK', err);

     

       506
       -
               }

     

       507
       -
           }

     

       508
       -
           return keys;

     

       509
       -
       };

     

       510
       -
       

     

       511
       -
       const ensureKeys = async (): Promise<JoseKey[]> => {

     

       512
       -
           let keys = await loadPersistedKeys();

     

       513
       -
           const needed: string[] = [];

     

       514
       -
           for (let i = 1; i <= 3; i++) {

     

       515
       -
               const kid = `key${i}`;

     

       516
       -
               if (!keys.some(k => k.kid === kid)) needed.push(kid);

     

       517
       -
           }

     

       518
       -
           for (const kid of needed) {

     

       519
       -
               const newKey = await JoseKey.generate(['ES256'], kid);

     

       520
       -
               await persistKey(newKey);

     

       521
       -
               keys.push(newKey);

     

       522
       -
           }

     

       523
       -
           keys.sort((a, b) => (a.kid ?? '').localeCompare(b.kid ?? ''));

     

       524
       -
           return keys;

     

       525
       -
       };

     

       526
       -
       

     

       527
       -
       // Load keys from database every time (stateless - safe for horizontal scaling)

     

       528
       -
       export const getCurrentKeys = async (): Promise<JoseKey[]> => {

     

       529
       -
           return await loadPersistedKeys();

     

       530
       -
       };

     

       531
       -
       

     

       532
       -
       // Key rotation - rotate keys older than 30 days (monthly rotation)

     

       533
       -
       const KEY_MAX_AGE = 30 * 24 * 60 * 60; // 30 days in seconds

     

       534
       -
       

     

       535
       -
       export const rotateKeysIfNeeded = async (): Promise<boolean> => {

     

       536
       -
           const now = Math.floor(Date.now() / 1000);

     

       537
       -
           const cutoffTime = now - KEY_MAX_AGE;

     

       538
       -
       

     

       539
       -
           try {

     

       540
       -
               // Find keys older than 30 days

     

       541
       -
               const oldKeys = await db`

     

       542
       -
                   SELECT kid, created_at FROM oauth_keys

     

       543
       -
                   WHERE created_at IS NOT NULL AND created_at < ${cutoffTime}

     

       544
       -
                   ORDER BY created_at ASC

     

       545
       -
               `;

     

       546
       -
       

     

       547
       -
               if (oldKeys.length === 0) {

     

       548
       -
                   console.log('[KeyRotation] No keys need rotation');

     

       549
       -
                   return false;

     

       550
       -
               }

     

       551
       -
       

     

       552
       -
               console.log(`[KeyRotation] Found ${oldKeys.length} key(s) older than 30 days, rotating oldest key`);

     

       553
       -
       

     

       554
       -
               // Rotate the oldest key

     

       555
       -
               const oldestKey = oldKeys[0];

     

       556
       -
               const oldKid = oldestKey.kid;

     

       557
       -
       

     

       558
       -
               // Generate new key with same kid

     

       559
       -
               const newKey = await JoseKey.generate(['ES256'], oldKid);

     

       560
       -
               await persistKey(newKey);

     

       561
       -
       

     

       562
       -
               console.log(`[KeyRotation] Rotated key ${oldKid}`);

     

       563
       -
       

     

       564
       -
               return true;

     

       565
       -
           } catch (err) {

     

       566
       -
               console.error('[KeyRotation] Failed to rotate keys:', err);

     

       567
       -
               return false;

     

       568
       -
           }

     

       569
       -
       };

     

       570
       -
       

     

       571
       -
       export const getOAuthClient = async (config: { domain: `http://${string}` | `https://${string}`, clientName: string }) => {

     

       572
       -
           const keys = await ensureKeys();

     

       573
       -
       

     

       574
       -
           return new NodeOAuthClient({

     

       575
       -
               clientMetadata: createClientMetadata(config),

     

       576
       -
               keyset: keys,

     

       577
       -
               stateStore,

     

       578
       -
               sessionStore

     

       579
       -
           });

     

       580
        
       };

     

       581
        
       

     

       582
        
       export const getCustomDomainsByDid = async (did: string) => {

···

       0
        
       
     

       1
        
       import { SQL } from "bun";

     

       0
        
       
     

       2
        
       import { BASE_HOST } from "./constants";

     

       3
        
       

     

       4
        
       export const db = new SQL(

     
···

       219
        
           return rows[0] ?? null;

     

       220
        
       };

     

       221
        
       

     

       222
       +
       export const getAllWispDomains = async (did: string): Promise<Array<{ domain: string; rkey: string | null }>> => {

     

       223
        
           const rows = await db`SELECT domain, rkey FROM domains WHERE did = ${did} ORDER BY created_at ASC`;

     

       224
        
           return rows;

     

       225
        
       };

     
···

       336
        
       

     

       337
        
       export const deleteWispDomain = async (domain: string): Promise<void> => {

     

       338
        
           await db`DELETE FROM domains WHERE domain = ${domain}`;

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       339
        
       };

     

       340
        
       

     

       341
        
       export const getCustomDomainsByDid = async (did: string) => {

+4 -3

src/lib/oauth-client.ts

···

       126
        
                   token_endpoint_auth_method: 'none',

     

       127
        
                   scope: scope,

     

       128
        
                   dpop_bound_access_tokens: false,

     

       129
       -
                   subject_type: 'public'

     

       130
       -
               };

     

       0
        
       
     

       131
        
           }

     

       132
        
       

     

       133
        
           // Production client with private_key_jwt

     
···

       149
        
               jwks_uri: `${config.domain}/jwks.json`,

     

       150
        
               subject_type: 'public',

     

       151
        
               authorization_signed_response_alg: 'ES256'

     

       152
       -
           };

     

       153
        
       };

     

       154
        
       

     

       155
        
       const persistKey = async (key: JoseKey) => {

···

       126
        
                   token_endpoint_auth_method: 'none',

     

       127
        
                   scope: scope,

     

       128
        
                   dpop_bound_access_tokens: false,

     

       129
       +
                   subject_type: 'public',

     

       130
       +
                   authorization_signed_response_alg: 'ES256'

     

       131
       +
               } as ClientMetadata;

     

       132
        
           }

     

       133
        
       

     

       134
        
           // Production client with private_key_jwt

     
···

       150
        
               jwks_uri: `${config.domain}/jwks.json`,

     

       151
        
               subject_type: 'public',

     

       152
        
               authorization_signed_response_alg: 'ES256'

     

       153
       +
           } as ClientMetadata;

     

       154
        
       };

     

       155
        
       

     

       156
        
       const persistKey = async (key: JoseKey) => {

+12 -12

src/lib/wisp-utils.test.ts

···

       22
        
       function createMockBlobRef(mimeType: string, size: number): BlobRef {

     

       23
        
       	// Create a properly formatted CID

     

       24
        
       	const cid = CID.parse(TEST_CID_STRING)

     

       25
       -
       	return new BlobRef(cid, mimeType, size)

     

       26
        
       }

     

       27
        
       

     

       28
        
       describe('shouldCompressFile', () => {

     
···

       727
        
       describe('extractBlobMap', () => {

     

       728
        
       	test('should extract blob map from flat directory structure', () => {

     

       729
        
       		const mockCid = CID.parse(TEST_CID_STRING)

     

       730
       -
       		const mockBlob = new BlobRef(mockCid, 'text/html', 100)

     

       731
        
       

     

       732
        
       		const directory: Directory = {

     

       733
        
       			$type: 'place.wisp.fs#directory',

     
···

       758
        
       		const mockCid1 = CID.parse(TEST_CID_STRING)

     

       759
        
       		const mockCid2 = CID.parse('bafkreiabaduc3573q6snt2xgxzpglwuaojkzflocncrh2vj5j3jykdpqhi')

     

       760
        
       

     

       761
       -
       		const mockBlob1 = new BlobRef(mockCid1, 'text/html', 100)

     

       762
       -
       		const mockBlob2 = new BlobRef(mockCid2, 'text/css', 50)

     

       763
        
       

     

       764
        
       		const directory: Directory = {

     

       765
        
       			$type: 'place.wisp.fs#directory',

     
···

       805
        
       

     

       806
        
       	test('should handle deeply nested directory structures', () => {

     

       807
        
       		const mockCid = CID.parse(TEST_CID_STRING)

     

       808
       -
       		const mockBlob = new BlobRef(mockCid, 'text/javascript', 200)

     

       809
        
       

     

       810
        
       		const directory: Directory = {

     

       811
        
       			$type: 'place.wisp.fs#directory',

     
···

       863
        
       		// This test verifies the fix: AT Protocol SDK returns BlobRef instances,

     

       864
        
       		// not plain objects with $type and $link properties

     

       865
        
       		const mockCid = CID.parse(TEST_CID_STRING)

     

       866
       -
       		const mockBlob = new BlobRef(mockCid, 'application/octet-stream', 500)

     

       867
        
       

     

       868
        
       		const directory: Directory = {

     

       869
        
       			$type: 'place.wisp.fs#directory',

     
···

       892
        
       		const mockCid2 = CID.parse('bafkreiabaduc3573q6snt2xgxzpglwuaojkzflocncrh2vj5j3jykdpqhi')

     

       893
        
       		const mockCid3 = CID.parse('bafkreieb3ixgchss44kw7xiavnkns47emdfsqbhcdfluo3p6n3o53fl3vq')

     

       894
        
       

     

       895
       -
       		const mockBlob1 = new BlobRef(mockCid1, 'image/png', 1000)

     

       896
       -
       		const mockBlob2 = new BlobRef(mockCid2, 'image/png', 2000)

     

       897
       -
       		const mockBlob3 = new BlobRef(mockCid3, 'image/png', 3000)

     

       898
        
       

     

       899
        
       		const directory: Directory = {

     

       900
        
       			$type: 'place.wisp.fs#directory',

     
···

       958
        
       					node: {

     

       959
        
       						$type: 'place.wisp.fs#file',

     

       960
        
       						type: 'file',

     

       961
       -
       						blob: new BlobRef(mockCid1, 'text/html', 100),

     

       962
        
       					},

     

       963
        
       				},

     

       964
        
       				{

     
···

       972
        
       								node: {

     

       973
        
       									$type: 'place.wisp.fs#file',

     

       974
        
       									type: 'file',

     

       975
       -
       									blob: new BlobRef(mockCid2, 'text/css', 50),

     

       976
        
       								},

     

       977
        
       							},

     

       978
        
       						],

     
···

       983
        
       					node: {

     

       984
        
       						$type: 'place.wisp.fs#file',

     

       985
        
       						type: 'file',

     

       986
       -
       						blob: new BlobRef(mockCid3, 'text/markdown', 200),

     

       987
        
       					},

     

       988
        
       				},

     

       989
        
       			],

···

       22
        
       function createMockBlobRef(mimeType: string, size: number): BlobRef {

     

       23
        
       	// Create a properly formatted CID

     

       24
        
       	const cid = CID.parse(TEST_CID_STRING)

     

       25
       +
       	return new BlobRef(cid as any, mimeType, size)

     

       26
        
       }

     

       27
        
       

     

       28
        
       describe('shouldCompressFile', () => {

     
···

       727
        
       describe('extractBlobMap', () => {

     

       728
        
       	test('should extract blob map from flat directory structure', () => {

     

       729
        
       		const mockCid = CID.parse(TEST_CID_STRING)

     

       730
       +
       		const mockBlob = new BlobRef(mockCid as any, 'text/html', 100)

     

       731
        
       

     

       732
        
       		const directory: Directory = {

     

       733
        
       			$type: 'place.wisp.fs#directory',

     
···

       758
        
       		const mockCid1 = CID.parse(TEST_CID_STRING)

     

       759
        
       		const mockCid2 = CID.parse('bafkreiabaduc3573q6snt2xgxzpglwuaojkzflocncrh2vj5j3jykdpqhi')

     

       760
        
       

     

       761
       +
       		const mockBlob1 = new BlobRef(mockCid1 as any, 'text/html', 100)

     

       762
       +
       		const mockBlob2 = new BlobRef(mockCid2 as any, 'text/css', 50)

     

       763
        
       

     

       764
        
       		const directory: Directory = {

     

       765
        
       			$type: 'place.wisp.fs#directory',

     
···

       805
        
       

     

       806
        
       	test('should handle deeply nested directory structures', () => {

     

       807
        
       		const mockCid = CID.parse(TEST_CID_STRING)

     

       808
       +
       		const mockBlob = new BlobRef(mockCid as any, 'text/javascript', 200)

     

       809
        
       

     

       810
        
       		const directory: Directory = {

     

       811
        
       			$type: 'place.wisp.fs#directory',

     
···

       863
        
       		// This test verifies the fix: AT Protocol SDK returns BlobRef instances,

     

       864
        
       		// not plain objects with $type and $link properties

     

       865
        
       		const mockCid = CID.parse(TEST_CID_STRING)

     

       866
       +
       		const mockBlob = new BlobRef(mockCid as any, 'application/octet-stream', 500)

     

       867
        
       

     

       868
        
       		const directory: Directory = {

     

       869
        
       			$type: 'place.wisp.fs#directory',

     
···

       892
        
       		const mockCid2 = CID.parse('bafkreiabaduc3573q6snt2xgxzpglwuaojkzflocncrh2vj5j3jykdpqhi')

     

       893
        
       		const mockCid3 = CID.parse('bafkreieb3ixgchss44kw7xiavnkns47emdfsqbhcdfluo3p6n3o53fl3vq')

     

       894
        
       

     

       895
       +
       		const mockBlob1 = new BlobRef(mockCid1 as any, 'image/png', 1000)

     

       896
       +
       		const mockBlob2 = new BlobRef(mockCid2 as any, 'image/png', 2000)

     

       897
       +
       		const mockBlob3 = new BlobRef(mockCid3 as any, 'image/png', 3000)

     

       898
        
       

     

       899
        
       		const directory: Directory = {

     

       900
        
       			$type: 'place.wisp.fs#directory',

     
···

       958
        
       					node: {

     

       959
        
       						$type: 'place.wisp.fs#file',

     

       960
        
       						type: 'file',

     

       961
       +
       						blob: new BlobRef(mockCid1 as any, 'text/html', 100),

     

       962
        
       					},

     

       963
        
       				},

     

       964
        
       				{

     
···

       972
        
       								node: {

     

       973
        
       									$type: 'place.wisp.fs#file',

     

       974
        
       									type: 'file',

     

       975
       +
       									blob: new BlobRef(mockCid2 as any, 'text/css', 50),

     

       976
        
       								},

     

       977
        
       							},

     

       978
        
       						],

     
···

       983
        
       					node: {

     

       984
        
       						$type: 'place.wisp.fs#file',

     

       985
        
       						type: 'file',

     

       986
       +
       						blob: new BlobRef(mockCid3 as any, 'text/markdown', 200),

     

       987
        
       					},

     

       988
        
       				},

     

       989
        
       			],

+4 -1

src/lib/wisp-utils.ts

···

       446
        
       				const remainingPath = pathParts.slice(1).join('/');

     

       447
        
       				return {

     

       448
        
       					name: entry.name,

     

       449
       -
       					node: replaceDirectoryWithSubfs(entry.node as Directory, remainingPath, subfsUri)

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       450
        
       				};

     

       451
        
       			}

     

       452
        
       		}

···

       446
        
       				const remainingPath = pathParts.slice(1).join('/');

     

       447
        
       				return {

     

       448
        
       					name: entry.name,

     

       449
       +
       					node: {

     

       450
       +
       						...replaceDirectoryWithSubfs(entry.node as Directory, remainingPath, subfsUri),

     

       451
       +
       						$type: 'place.wisp.fs#directory' as const

     

       452
       +
       					}

     

       453
        
       				};

     

       454
        
       			}

     

       455
        
       		}

+2 -2

src/routes/auth.ts

···

       51
        
       			})

     

       52
        
       

     

       53
        
       			// Sync sites from PDS to database cache

     

       54
       -
       			logger.debug('[Auth] Syncing sites from PDS for', session.did)

     

       55
        
       			try {

     

       56
        
       				const syncResult = await syncSitesFromPDS(session.did, session)

     

       57
        
       				logger.debug(`[Auth] Sync complete: ${syncResult.synced} sites synced`)

     
···

       92
        
       			if (did && typeof did === 'string') {

     

       93
        
       				try {

     

       94
        
       					await client.revoke(did)

     

       95
       -
       					logger.debug('[Auth] Revoked OAuth session for', did)

     

       96
        
       				} catch (err) {

     

       97
        
       					logger.error('[Auth] Failed to revoke session', err)

     

       98
        
       					// Continue with logout even if revoke fails

···

       51
        
       			})

     

       52
        
       

     

       53
        
       			// Sync sites from PDS to database cache

     

       54
       +
       			logger.debug('[Auth] Syncing sites from PDS for', session.did as any)

     

       55
        
       			try {

     

       56
        
       				const syncResult = await syncSitesFromPDS(session.did, session)

     

       57
        
       				logger.debug(`[Auth] Sync complete: ${syncResult.synced} sites synced`)

     
···

       92
        
       			if (did && typeof did === 'string') {

     

       93
        
       				try {

     

       94
        
       					await client.revoke(did)

     

       95
       +
       					logger.debug('[Auth] Revoked OAuth session for', did as any)

     

       96
        
       				} catch (err) {

     

       97
        
       					logger.error('[Auth] Failed to revoke session', err)

     

       98
        
       					// Continue with logout even if revoke fails

+1 -1

src/routes/domain.ts

···

       362
        
       					});

     

       363
        
       				} catch (err) {

     

       364
        
       					// Record might not exist in PDS, continue anyway

     

       365
       -
       					logger.warn('[Domain] Could not delete wisp domain from PDS', err);

     

       366
        
       				}

     

       367
        
       

     

       368
        
       				return { success: true };

···

       362
        
       					});

     

       363
        
       				} catch (err) {

     

       364
        
       					// Record might not exist in PDS, continue anyway

     

       365
       +
       					logger.warn('[Domain] Could not delete wisp domain from PDS', err as any);

     

       366
        
       				}

     

       367
        
       

     

       368
        
       				return { success: true };