knotserver/config: add PLC URL config option #682

closed

opened by

shailpatels.me 1 month ago targeting master from shailpatels.me/core: knotserver_configurable_plc

The knotserver can now use alternative PLCs for DID resolution by setting the env var KNOT_SERVER_PLC_URL. The default identity directory was copied out of the at proto lib and updated to take in a target url for the PLC being used to do this.

options

unified split

Changed files

+34 -7

guard

guard.go

idresolver

resolver.go

knotserver

config

config.go

ingester.go

internal.go

router.go

+1 -1

guard/guard.go

···

       196
       196
        
       }

     

       197
       197
        
       

     

       198
       198
        
       func resolveIdentity(ctx context.Context, l *slog.Logger, didOrHandle string) *identity.Identity {

     

       199
       199
       -
       	resolver := idresolver.DefaultResolver()

     

       199
       199
       +
       	resolver := idresolver.DefaultResolver(identity.DefaultPLCURL)

     

       200
       200
        
       	ident, err := resolver.ResolveIdent(ctx, didOrHandle)

     

       201
       201
        
       	if err != nil {

     

       202
       202
        
       		l.Error("Error resolving handle", "error", err, "handle", didOrHandle)

+28 -2

idresolver/resolver.go

···

       42
       42
        
       	return &base

     

       43
       43
        
       }

     

       44
       44
        
       

     

       45
       45
       +
       func DefaultDirectory(plcUrl string) identity.Directory {

     

       46
       46
       +
       	base := identity.BaseDirectory{

     

       47
       47
       +
       		PLCURL: plcUrl,

     

       48
       48
       +
       		HTTPClient: http.Client{

     

       49
       49
       +
       			Timeout: time.Second * 10,

     

       50
       50
       +
       			Transport: &http.Transport{

     

       51
       51
       +
       				// would want this around 100ms for services doing lots of handle resolution. Impacts PLC connections as well, but not too bad.

     

       52
       52
       +
       				IdleConnTimeout: time.Millisecond * 1000,

     

       53
       53
       +
       				MaxIdleConns:    100,

     

       54
       54
       +
       			},

     

       55
       55
       +
       		},

     

       56
       56
       +
       		Resolver: net.Resolver{

     

       57
       57
       +
       			Dial: func(ctx context.Context, network, address string) (net.Conn, error) {

     

       58
       58
       +
       				d := net.Dialer{Timeout: time.Second * 3}

     

       59
       59
       +
       				return d.DialContext(ctx, network, address)

     

       60
       60
       +
       			},

     

       61
       61
       +
       		},

     

       62
       62
       +
       		TryAuthoritativeDNS: true,

     

       63
       63
       +
       		// primary Bluesky PDS instance only supports HTTP resolution method

     

       64
       64
       +
       		SkipDNSDomainSuffixes: []string{".bsky.social"},

     

       65
       65
       +
       		UserAgent:             "indigo-identity/" + versioninfo.Short(),

     

       66
       66
       +
       	}

     

       67
       67
       +
       	cached := identity.NewCacheDirectory(&base, 250_000, time.Hour*24, time.Minute*2, time.Minute*5)

     

       68
       68
       +
       	return &cached

     

       69
       69
       +
       }

     

       70
       70
       +
       

     

       45
       71
        
       func RedisDirectory(url string) (identity.Directory, error) {

     

       46
       72
        
       	hitTTL := time.Hour * 24

     

       47
       73
        
       	errTTL := time.Second * 30

     
···

       49
       75
        
       	return redisdir.NewRedisDirectory(BaseDirectory(), url, hitTTL, errTTL, invalidHandleTTL, 10000)

     

       50
       76
        
       }

     

       51
       77
        
       

     

       52
       52
       -
       func DefaultResolver() *Resolver {

     

       78
       78
       +
       func DefaultResolver(plcUrl string) *Resolver {

     

       53
       79
        
       	return &Resolver{

     

       54
       54
       -
       		directory: identity.DefaultDirectory(),

     

       80
       80
       +
       		directory: DefaultDirectory(plcUrl),

     

       55
       81
        
       	}

     

       56
       82
        
       }

     

       57
       83

knotserver/config/config.go

···

       22
       22
        
       	JetstreamEndpoint  string `env:"JETSTREAM_ENDPOINT, default=wss://jetstream1.us-west.bsky.network/subscribe"`

     

       23
       23
        
       	Owner              string `env:"OWNER, required"`

     

       24
       24
        
       	LogDids            bool   `env:"LOG_DIDS, default=true"`

     

       25
       25
       +
       	PlcUrl             string `env:"PLC_URL, default=https://plc.directory"`

     

       25
       26
        
       

     

       26
       27
        
       	// This disables signature verification so use with caution.

     

       27
       28
        
       	Dev bool `env:"DEV, default=false"`

+2 -2

knotserver/ingester.go

···

       120
       120
        
       	}

     

       121
       121
        
       

     

       122
       122
        
       	// resolve this aturi to extract the repo record

     

       123
       123
       -
       	resolver := idresolver.DefaultResolver()

     

       123
       123
       +
       	resolver := idresolver.DefaultResolver(h.c.Server.PlcUrl)

     

       124
       124
        
       	ident, err := resolver.ResolveIdent(ctx, repoAt.Authority().String())

     

       125
       125
        
       	if err != nil || ident.Handle.IsInvalidHandle() {

     

       126
       126
        
       		return fmt.Errorf("failed to resolve handle: %w", err)

     
···

       233
       233
        
       		return err

     

       234
       234
        
       	}

     

       235
       235
        
       

     

       236
       236
       -
       	resolver := idresolver.DefaultResolver()

     

       236
       236
       +
       	resolver := idresolver.DefaultResolver(h.c.Server.PlcUrl)

     

       237
       237
        
       

     

       238
       238
        
       	subjectId, err := resolver.ResolveIdent(ctx, record.Subject)

     

       239
       239
        
       	if err != nil || subjectId.Handle.IsInvalidHandle() {

+1 -1

knotserver/internal.go

···

       145
       145
        
       

     

       146
       146
        
       func (h *InternalHandle) replyCompare(line git.PostReceiveLine, repoOwner string, gitRelativeDir string, repoName string, ctx context.Context) ([]string, error) {

     

       147
       147
        
       	l := h.l.With("handler", "replyCompare")

     

       148
       148
       -
       	userIdent, err := idresolver.DefaultResolver().ResolveIdent(ctx, repoOwner)

     

       148
       148
       +
       	userIdent, err := idresolver.DefaultResolver(h.c.Server.PlcUrl).ResolveIdent(ctx, repoOwner)

     

       149
       149
        
       	user := repoOwner

     

       150
       150
        
       	if err != nil {

     

       151
       151
        
       		l.Error("Failed to fetch user identity", "err", err)

+1 -1

knotserver/router.go

···

       36
       36
        
       		l:        log.FromContext(ctx),

     

       37
       37
        
       		jc:       jc,

     

       38
       38
        
       		n:        n,

     

       39
       39
       -
       		resolver: idresolver.DefaultResolver(),

     

       39
       39
       +
       		resolver: idresolver.DefaultResolver(c.Server.PlcUrl),

     

       40
       40
        
       	}

     

       41
       41
        
       

     

       42
       42
        
       	err := e.AddKnot(rbac.ThisServer)