+152 -6

docs/XRPC_BLOB_MIGRATION.md

reviewed

··· 7 7 ### Legacy HTTP Endpoints (cmd/hold/main.go) 8 8 9 9 ```go 10 10 + // Unified presigned URL endpoint (handles upload AND download) 11 11 + mux.HandleFunc("/presigned-url", service.HandlePresignedURL) 12 12 + 13 13 + // Internal move operation (used by multipart complete) 14 14 + mux.HandleFunc("/move", service.HandleMove) 15 15 + 10 16 // Multipart upload endpoints 11 17 mux.HandleFunc("/start-multipart", service.HandleStartMultipart) 12 18 mux.HandleFunc("/part-presigned-url", service.HandleGetPartURL) ··· 45 51 - Currently not used by XRPC handlers 46 52 47 53 **pkg/hold/handlers.go:** 54 54 + - `HandlePresignedURL()` - Unified endpoint for GET/HEAD/PUT presigned URLs 55 55 + - `HandleMove()` - Moves blob from temp to final location (internal operation) 48 56 - `HandleStartMultipart()` - Starts upload, returns uploadID 49 57 - `HandleGetPartURL()` - Returns presigned URL for part 50 50 - - `HandleCompleteMultipart()` - Finalizes upload, assembles parts 58 58 + - `HandleCompleteMultipart()` - Finalizes upload, assembles parts (calls Move internally) 51 59 - `HandleAbortMultipart()` - Cancels upload 52 60 - `HandleMultipartPartUpload()` - Buffered part upload fallback 53 61 62 62 + ## Legacy Endpoint Mapping 63 63 + 64 64 + ### `/presigned-url` → Multiple XRPC Operations 65 65 + 66 66 + The legacy `/presigned-url` endpoint is a **unified endpoint** that handles both upload and download operations based on the `operation` field in the JSON body: 67 67 + 68 68 + **Legacy format:** 69 69 + ``` 70 70 + POST /presigned-url 71 71 + Content-Type: application/json 72 72 + 73 73 + { 74 74 + "operation": "GET", // or "HEAD" or "PUT" 75 75 + "did": "did:plc:alice123", 76 76 + "digest": "sha256:abc123...", 77 77 + "size": 1234567890 // Only for PUT operations 78 78 + } 79 79 + 80 80 + Response: 81 81 + { 82 82 + "url": "https://s3.amazonaws.com/...", 83 83 + "expires_at": "2025-10-16T..." 84 84 + } 85 85 + ``` 86 86 + 87 87 + **XRPC mapping:** 88 88 + - `operation: "GET"` → `GET /xrpc/com.atproto.sync.getBlob?did=...&cid=sha256:abc...` 89 89 + - `operation: "HEAD"` → `HEAD /xrpc/com.atproto.sync.getBlob?did=...&cid=sha256:abc...` 90 90 + - `operation: "PUT"` → `com.atproto.repo.uploadBlob` (single upload via presigned URL) 91 91 + 92 92 + **Note:** For GET/HEAD operations, AppView passes OCI digest directly as `cid` parameter. Hold detects `sha256:` prefix and uses digest directly (no CID conversion needed). 93 93 + 94 94 + ### `/move` → Internal to Multipart Complete 95 95 + 96 96 + The legacy `/move` endpoint moves a blob from temporary location to final digest-based location: 97 97 + 98 98 + **Legacy format:** 99 99 + ``` 100 100 + POST /move?from=uploads/temp-123&to=sha256:abc123...&did=did:plc:alice123 101 101 + 102 102 + Response: 200 OK 103 103 + ``` 104 104 + 105 105 + **Purpose:** Server-side S3 copy after multipart assembly. Used in this flow: 106 106 + 107 107 + 1. Multipart parts uploaded → `uploads/temp-{uploadID}/part-1`, `part-2`, etc. 108 108 + 2. Complete multipart → S3 assembles parts at `uploads/temp-{uploadID}` 109 109 + 3. **Move operation** → S3 copy from `uploads/temp-{uploadID}` → `blobs/sha256/ab/abc123...` 110 110 + 111 111 + **XRPC mapping:** 112 112 + - **Not a separate endpoint** - becomes internal operation in `uploadBlob?action=complete` 113 113 + - The `complete` action automatically handles the move after multipart assembly 114 114 + - AppView doesn't need to call move explicitly in XRPC flow 115 115 + 54 116 ## New Unified Design 55 117 56 118 ### Single Endpoint: `com.atproto.repo.uploadBlob` ··· 59 121 - `application/octet-stream` → Standard blob upload (profile images, small media) 60 122 - `application/json` → Multipart operations (large OCI layers) 61 123 124 124 + ### Complementary Endpoint: `com.atproto.sync.getBlob` 125 125 + 126 126 + For blob downloads (maps from legacy `/presigned-url` with operation=GET/HEAD): 127 127 + 128 128 + **Standard ATProto blobs (CID):** 129 129 + ``` 130 130 + GET /xrpc/com.atproto.sync.getBlob?did={holdDID}&cid=bafyreib... 131 131 + 132 132 + Response: 307 Temporary Redirect 133 133 + Location: https://s3.amazonaws.com/bucket/...?presigned-params 134 134 + ``` 135 135 + 136 136 + **OCI container layers (digest):** 137 137 + ``` 138 138 + GET /xrpc/com.atproto.sync.getBlob?did={holdDID}&cid=sha256:abc123... 139 139 + 140 140 + Response: 307 Temporary Redirect 141 141 + Location: https://s3.amazonaws.com/bucket/...?presigned-params 142 142 + ``` 143 143 + 144 144 + **Implementation - Flexible CID parameter:** 145 145 + ```go 146 146 + func (h *XRPCHandler) HandleGetBlob(w http.ResponseWriter, r *http.Request) { 147 147 + cidOrDigest := r.URL.Query().Get("cid") 148 148 + 149 149 + var digest string 150 150 + if strings.HasPrefix(cidOrDigest, "sha256:") { 151 151 + // OCI digest - use directly (no conversion needed) 152 152 + digest = cidOrDigest 153 153 + } else { 154 154 + // Standard CID - convert to digest 155 155 + c, _ := cid.Decode(cidOrDigest) 156 156 + digest = cidToDigest(c) // bafyreib... → sha256:abc... 157 157 + } 158 158 + 159 159 + // Generate presigned URL for S3 160 160 + url := h.blobStore.GetPresignedDownloadURL(digest) 161 161 + http.Redirect(w, r, url, http.StatusTemporaryRedirect) 162 162 + } 163 163 + ``` 164 164 + 165 165 + **Key insight:** The `cid` parameter accepts both formats. Hold service checks prefix and handles accordingly. This keeps the endpoint spec-compliant (GET with query params) while supporting OCI digests natively. 166 166 + 62 167 ### API Specification 63 168 64 169 #### Standard Single Upload (ATProto Spec Compliant) ··· 201 306 - Retrieve session: `multipartMgr.GetSession(uploadID)` 202 307 - For S3Native: Record parts via `session.RecordS3Part()` 203 308 - Call `service.CompleteMultipartUploadWithManager(ctx, session, multipartMgr)` 309 309 + - This internally calls S3 CompleteMultipartUpload to assemble parts 310 310 + - Then performs server-side S3 copy from temp location to final digest location 311 311 + - Equivalent to legacy `/move` endpoint operation 204 312 - Convert digest to CID for response 205 313 206 314 #### Multipart Abort (ATCR Extension) ··· 547 655 548 656 Create new XRPC client or update ProxyBlobStore to use unified endpoint: 549 657 658 658 + **Download (GET/HEAD):** 550 659 ```go 551 551 - // In ProxyBlobStore or new XRPCBlobStore 660 660 + func (p *ProxyBlobStore) ServeBlob(ctx context.Context, w http.ResponseWriter, r *http.Request, dgst digest.Digest) error { 661 661 + // Pass digest directly as cid parameter (no conversion) 662 662 + url := fmt.Sprintf("%s/xrpc/com.atproto.sync.getBlob?did=%s&cid=%s", 663 663 + p.storageEndpoint, p.holdDID, dgst.String()) // cid=sha256:abc... 664 664 + 665 665 + http.Redirect(w, r, url, http.StatusTemporaryRedirect) 666 666 + return nil 667 667 + } 668 668 + ``` 552 669 670 670 + **Multipart Upload:** 671 671 + ```go 553 672 func (p *ProxyBlobStore) startMultipartUpload(ctx context.Context, digest string) (string, error) { 554 673 reqBody := map[string]any{ 555 674 "action": "start", ··· 612 731 **cmd/hold/main.go - Remove:** 613 732 ```go 614 733 // DELETE these lines 734 734 + mux.HandleFunc("/presigned-url", service.HandlePresignedURL) 735 735 + mux.HandleFunc("/move", service.HandleMove) 615 736 mux.HandleFunc("/start-multipart", service.HandleStartMultipart) 616 737 mux.HandleFunc("/part-presigned-url", service.HandleGetPartURL) 617 738 mux.HandleFunc("/complete-multipart", service.HandleCompleteMultipart) ··· 619 740 mux.HandleFunc("/multipart-parts/", ...) 620 741 ``` 621 742 622 622 - **pkg/hold/handlers.go - Mark as deprecated:** 743 743 + **pkg/hold/handlers.go - Remove HTTP handler wrappers:** 623 744 ```go 624 624 - // Keep methods for now (used by service internals) 625 625 - // But remove HTTP handler wrappers 745 745 + // DELETE these functions: 746 746 + // - HandlePresignedURL() - replaced by uploadBlob + getBlob XRPC endpoints 747 747 + // - HandleMove() - now internal operation in CompleteMultipartUploadWithManager() 748 748 + // - HandleStartMultipart() - replaced by uploadBlob?action=start 749 749 + // - HandleGetPartURL() - replaced by uploadBlob?action=part 750 750 + // - HandleCompleteMultipart() - replaced by uploadBlob?action=complete 751 751 + // - HandleAbortMultipart() - replaced by uploadBlob?action=abort 752 752 + // - HandleMultipartPartUpload() - replaced by uploadBlob PUT with headers 753 753 + 754 754 + // KEEP internal service methods: 755 755 + // - s.getPresignedURL() - still used by blobstore_adapter 756 756 + // - s.driver.Move() - still used for temp→final move 757 757 + // - s.StartMultipartUploadWithManager() - core multipart logic 758 758 + // - s.GetPartUploadURL() - presigned URL generation 759 759 + // - s.CompleteMultipartUploadWithManager() - includes move operation 760 760 + // - s.AbortMultipartUploadWithManager() - cleanup logic 626 761 ``` 627 762 628 763 ## Key Design Decisions 629 764 630 765 1. **Content-Type discrimination**: Natural way to distinguish single vs multipart uploads 631 631 - 2. **JSON bodies for multipart**: Follows XRPC conventions (like putRecord, deleteRecord) 766 766 + 2. **JSON bodies for all parameters**: Follows XRPC conventions (like putRecord, deleteRecord) 767 767 + - **No query parameters** - all operation details in request body 768 768 + - Makes requests more inspectable and debuggable 769 769 + - Easier to extend with new fields 632 770 3. **Preserve standard uploadBlob**: Raw bytes still work for profile images, small media 633 771 4. **Reuse existing code**: HoldService multipart logic unchanged, just new HTTP layer 634 772 5. **Backward compatibility**: Both endpoints active during transition 635 773 6. **Action-based routing**: Clear, extensible JSON structure 774 774 + 7. **Move is internal**: `/move` endpoint logic absorbed into multipart complete operation 775 775 + - No separate XRPC endpoint needed 776 776 + - Simplifies AppView client code 777 777 + 8. **Unified presigned URL handling**: Single `uploadBlob`/`getBlob` pair replaces operation-based routing 778 778 + 9. **Flexible CID parameter**: `getBlob` accepts both standard CIDs and OCI digests via prefix detection 779 779 + - Keeps endpoint spec-compliant (GET with query params) 780 780 + - No conversion overhead on AppView side 781 781 + - Hold does simple prefix check: `sha256:` → use directly, else → convert CID 636 782 637 783 ## Benefits 638 784

+156 -6

pkg/hold/blobstore_adapter.go

reviewed

··· 1 1 package hold 2 2 3 3 import ( 4 4 + "bytes" 4 5 "context" 6 6 + "crypto/sha256" 7 7 + "fmt" 8 8 + "io" 5 9 6 10 "atcr.io/pkg/hold/pds" 11 11 + "github.com/ipfs/go-cid" 12 12 + "github.com/multiformats/go-multihash" 7 13 ) 8 14 9 15 // HoldServiceBlobStore adapts the hold service to implement the pds.BlobStore interface ··· 21 27 } 22 28 23 29 // GetPresignedDownloadURL returns a presigned URL for downloading a blob 24 24 - func (b *HoldServiceBlobStore) GetPresignedDownloadURL(digest string) (string, error) { 25 25 - // Use the hold service's existing presigned URL logic 30 30 + func (b *HoldServiceBlobStore) GetPresignedDownloadURL(digest, did string) (string, error) { 31 31 + // Use provided DID if given, otherwise fall back to hold's DID 32 32 + // ATProto blobs require DID for per-user storage 33 33 + // OCI blobs (sha256:...) use content-addressed storage 34 34 + if did == "" { 35 35 + did = b.holdDID 36 36 + } 37 37 + 26 38 ctx := context.Background() 27 27 - url, err := b.service.GetPresignedURL(ctx, OperationGet, digest, b.holdDID) 39 39 + url, err := b.service.GetPresignedURL(ctx, OperationGet, digest, did) 28 40 if err != nil { 29 41 return "", err 30 42 } ··· 32 44 } 33 45 34 46 // GetPresignedUploadURL returns a presigned URL for uploading a blob 35 35 - func (b *HoldServiceBlobStore) GetPresignedUploadURL(digest string) (string, error) { 36 36 - // Use the hold service's existing presigned URL logic 47 47 + func (b *HoldServiceBlobStore) GetPresignedUploadURL(digest, did string) (string, error) { 48 48 + // Use provided DID if given, otherwise fall back to hold's DID 49 49 + // ATProto blobs require DID for per-user storage 50 50 + // OCI blobs (sha256:...) use content-addressed storage 51 51 + if did == "" { 52 52 + did = b.holdDID 53 53 + } 54 54 + 37 55 ctx := context.Background() 38 38 - url, err := b.service.GetPresignedURL(ctx, OperationPut, digest, b.holdDID) 56 56 + url, err := b.service.GetPresignedURL(ctx, OperationPut, digest, did) 39 57 if err != nil { 40 58 return "", err 41 59 } 42 60 return url, nil 43 61 } 62 62 + 63 63 + // StartMultipartUpload initiates a multipart upload 64 64 + func (b *HoldServiceBlobStore) StartMultipartUpload(ctx context.Context, digest string) (string, string, error) { 65 65 + uploadID, mode, err := b.service.StartMultipartUploadWithManager(ctx, digest, b.service.MultipartMgr) 66 66 + if err != nil { 67 67 + return "", "", err 68 68 + } 69 69 + 70 70 + // Convert mode to string for XRPC response 71 71 + var modeStr string 72 72 + switch mode { 73 73 + case S3Native: 74 74 + modeStr = "s3native" 75 75 + case Buffered: 76 76 + modeStr = "buffered" 77 77 + default: 78 78 + modeStr = "unknown" 79 79 + } 80 80 + 81 81 + return uploadID, modeStr, nil 82 82 + } 83 83 + 84 84 + // GetPartUploadURL returns a presigned URL for uploading a specific part 85 85 + func (b *HoldServiceBlobStore) GetPartUploadURL(ctx context.Context, uploadID string, partNumber int, did string) (string, error) { 86 86 + session, err := b.service.MultipartMgr.GetSession(uploadID) 87 87 + if err != nil { 88 88 + return "", err 89 89 + } 90 90 + 91 91 + return b.service.GetPartUploadURL(ctx, session, partNumber, did) 92 92 + } 93 93 + 94 94 + // CompleteMultipartUpload finalizes a multipart upload 95 95 + func (b *HoldServiceBlobStore) CompleteMultipartUpload(ctx context.Context, uploadID string, parts []pds.PartInfo) error { 96 96 + session, err := b.service.MultipartMgr.GetSession(uploadID) 97 97 + if err != nil { 98 98 + return err 99 99 + } 100 100 + 101 101 + // For S3Native mode, record parts from XRPC request (they have ETags from S3) 102 102 + if session.Mode == S3Native { 103 103 + for _, p := range parts { 104 104 + session.RecordS3Part(p.PartNumber, p.ETag, 0) 105 105 + } 106 106 + } 107 107 + 108 108 + return b.service.CompleteMultipartUploadWithManager(ctx, session, b.service.MultipartMgr) 109 109 + } 110 110 + 111 111 + // AbortMultipartUpload cancels a multipart upload 112 112 + func (b *HoldServiceBlobStore) AbortMultipartUpload(ctx context.Context, uploadID string) error { 113 113 + session, err := b.service.MultipartMgr.GetSession(uploadID) 114 114 + if err != nil { 115 115 + return err 116 116 + } 117 117 + 118 118 + return b.service.AbortMultipartUploadWithManager(ctx, session, b.service.MultipartMgr) 119 119 + } 120 120 + 121 121 + // HandleBufferedPartUpload handles uploading a part in buffered mode 122 122 + func (b *HoldServiceBlobStore) HandleBufferedPartUpload(ctx context.Context, uploadID string, partNumber int, data []byte) (string, error) { 123 123 + session, err := b.service.MultipartMgr.GetSession(uploadID) 124 124 + if err != nil { 125 125 + return "", err 126 126 + } 127 127 + 128 128 + if session.Mode != Buffered { 129 129 + return "", fmt.Errorf("session is not in buffered mode") 130 130 + } 131 131 + 132 132 + etag := session.StorePart(partNumber, data) 133 133 + return etag, nil 134 134 + } 135 135 + 136 136 + // UploadBlob receives raw blob bytes, computes CID, and stores via distribution driver 137 137 + // This is used for standard ATProto blob uploads (profile pics, small media) 138 138 + func (b *HoldServiceBlobStore) UploadBlob(ctx context.Context, did string, data io.Reader) (cid.Cid, int64, error) { 139 139 + // Use provided DID if given, otherwise fall back to hold's DID 140 140 + if did == "" { 141 141 + did = b.holdDID 142 142 + } 143 143 + 144 144 + // Read all data into memory to compute CID 145 145 + // For large files, this should use multipart upload instead 146 146 + blobData, err := io.ReadAll(data) 147 147 + if err != nil { 148 148 + return cid.Undef, 0, fmt.Errorf("failed to read blob data: %w", err) 149 149 + } 150 150 + 151 151 + size := int64(len(blobData)) 152 152 + 153 153 + // Compute SHA-256 hash 154 154 + hash := sha256.Sum256(blobData) 155 155 + 156 156 + // Create CIDv1 with SHA-256 multihash 157 157 + mh, err := multihash.EncodeName(hash[:], "sha2-256") 158 158 + if err != nil { 159 159 + return cid.Undef, 0, fmt.Errorf("failed to encode multihash: %w", err) 160 160 + } 161 161 + 162 162 + // Create CIDv1 with raw codec (0x55) 163 163 + // ATProto uses CIDv1 with raw codec for blobs 164 164 + blobCID := cid.NewCidV1(0x55, mh) 165 165 + 166 166 + // Store blob via distribution driver at ATProto path 167 167 + // Path: /repos/{did}/blobs/{cid}/data 168 168 + path := atprotoBlobPath(did, blobCID.String()) 169 169 + 170 170 + // Write blob to storage using distribution driver 171 171 + writer, err := b.service.driver.Writer(ctx, path, false) 172 172 + if err != nil { 173 173 + return cid.Undef, 0, fmt.Errorf("failed to create writer: %w", err) 174 174 + } 175 175 + 176 176 + // Write data 177 177 + n, err := io.Copy(writer, bytes.NewReader(blobData)) 178 178 + if err != nil { 179 179 + writer.Cancel(ctx) 180 180 + return cid.Undef, 0, fmt.Errorf("failed to write blob: %w", err) 181 181 + } 182 182 + 183 183 + // Commit the write 184 184 + if err := writer.Commit(ctx); err != nil { 185 185 + return cid.Undef, 0, fmt.Errorf("failed to commit blob: %w", err) 186 186 + } 187 187 + 188 188 + if n != size { 189 189 + return cid.Undef, 0, fmt.Errorf("size mismatch: wrote %d bytes, expected %d", n, size) 190 190 + } 191 191 + 192 192 + return blobCID, size, nil 193 193 + }

+235 -17

pkg/hold/pds/xrpc.go

reviewed

··· 2 2 3 3 import ( 4 4 "bytes" 5 5 + "context" 5 6 "encoding/json" 6 7 "fmt" 8 8 + "io" 7 9 "net/http" 8 10 "strconv" 9 11 "strings" ··· 30 32 // BlobStore interface wraps the existing hold service storage operations 31 33 type BlobStore interface { 32 34 // GetPresignedDownloadURL returns a presigned URL for downloading a blob 33 33 - GetPresignedDownloadURL(digest string) (string, error) 35 35 + // For ATProto blobs (CID), did is required for per-DID storage 36 36 + // For OCI blobs (sha256:...), did may be empty 37 37 + GetPresignedDownloadURL(digest, did string) (string, error) 34 38 // GetPresignedUploadURL returns a presigned URL for uploading a blob 35 35 - GetPresignedUploadURL(digest string) (string, error) 39 39 + // For ATProto blobs (CID), did is required for per-DID storage 40 40 + // For OCI blobs (sha256:...), did may be empty 41 41 + GetPresignedUploadURL(digest, did string) (string, error) 42 42 + 43 43 + // UploadBlob receives raw blob bytes, computes CID, and stores via distribution driver 44 44 + // Used for standard ATProto blob uploads (profile pics, small media) 45 45 + // Returns CID and size of stored blob 46 46 + UploadBlob(ctx context.Context, did string, data io.Reader) (cid cid.Cid, size int64, err error) 47 47 + 48 48 + // Multipart upload operations (used for OCI container layers only) 49 49 + // StartMultipartUpload initiates a multipart upload, returns uploadID and mode 50 50 + StartMultipartUpload(ctx context.Context, digest string) (uploadID string, mode string, err error) 51 51 + // GetPartUploadURL returns a presigned URL for uploading a specific part 52 52 + GetPartUploadURL(ctx context.Context, uploadID string, partNumber int, did string) (url string, err error) 53 53 + // CompleteMultipartUpload finalizes a multipart upload 54 54 + CompleteMultipartUpload(ctx context.Context, uploadID string, parts []PartInfo) error 55 55 + // AbortMultipartUpload cancels a multipart upload 56 56 + AbortMultipartUpload(ctx context.Context, uploadID string) error 57 57 + // HandleBufferedPartUpload handles uploading a part in buffered mode 58 58 + HandleBufferedPartUpload(ctx context.Context, uploadID string, partNumber int, data []byte) (etag string, err error) 59 59 + } 60 60 + 61 61 + // PartInfo represents a completed part in a multipart upload 62 62 + type PartInfo struct { 63 63 + PartNumber int `json:"partNumber"` 64 64 + ETag string `json:"etag"` 36 65 } 37 66 38 67 // NewXRPCHandler creates a new XRPC handler ··· 669 698 }() 670 699 } 671 700 672 672 - // HandleUploadBlob wraps existing presigned upload URL logic 701 701 + // HandleUploadBlob handles blob uploads with support for multipart operations 702 702 + // Supports three modes: 703 703 + // 1. Buffered part upload: PUT with X-Upload-Id and X-Part-Number headers 704 704 + // 2. Multipart operations: POST with JSON body containing action field 705 705 + // 3. Direct blob upload: POST with raw bytes (ATProto-compliant) 673 706 func (h *XRPCHandler) HandleUploadBlob(w http.ResponseWriter, r *http.Request) { 707 707 + contentType := r.Header.Get("Content-Type") 708 708 + 709 709 + // Mode 1: Buffered part upload (PUT with headers) 710 710 + if r.Method == http.MethodPut { 711 711 + uploadID := r.Header.Get("X-Upload-Id") 712 712 + partNumberStr := r.Header.Get("X-Part-Number") 713 713 + 714 714 + if uploadID != "" && partNumberStr != "" { 715 715 + h.handleBufferedPartUpload(w, r, uploadID, partNumberStr) 716 716 + return 717 717 + } 718 718 + http.Error(w, "PUT requires X-Upload-Id and X-Part-Number headers", http.StatusBadRequest) 719 719 + return 720 720 + } 721 721 + 722 722 + // Ensure POST method for remaining modes 674 723 if r.Method != http.MethodPost { 675 724 http.Error(w, "method not allowed", http.StatusMethodNotAllowed) 676 725 return 677 726 } 678 727 728 728 + // Mode 2: Multipart operations (JSON body with action field) 729 729 + if strings.Contains(contentType, "application/json") { 730 730 + h.handleMultipartOperation(w, r) 731 731 + return 732 732 + } 733 733 + 734 734 + // Mode 3: Direct blob upload (ATProto-compliant) 735 735 + // Receives raw bytes, computes CID, stores via distribution driver 679 736 // TODO: Authentication check 680 737 681 681 - // Read digest from query or calculate from body 682 682 - digest := r.URL.Query().Get("digest") 683 683 - if digest == "" { 684 684 - http.Error(w, "digest required", http.StatusBadRequest) 738 738 + // Extract DID for ATProto blob storage (per-DID paths) 739 739 + did := r.URL.Query().Get("did") 740 740 + if did == "" { 741 741 + // TODO: Extract from auth context when authentication is implemented 742 742 + // For now, use hold's DID as fallback 743 743 + did = h.pds.DID() 744 744 + } 745 745 + 746 746 + // Upload blob directly - blobStore will compute CID and store 747 747 + blobCID, size, err := h.blobStore.UploadBlob(r.Context(), did, r.Body) 748 748 + if err != nil { 749 749 + http.Error(w, fmt.Sprintf("failed to upload blob: %v", err), http.StatusInternalServerError) 685 750 return 686 751 } 687 752 688 688 - // Get presigned upload URL from existing blob store 689 689 - uploadURL, err := h.blobStore.GetPresignedUploadURL(digest) 753 753 + // Return ATProto-compliant blob response 754 754 + response := map[string]any{ 755 755 + "blob": map[string]any{ 756 756 + "$type": "blob", 757 757 + "ref": map[string]any{ 758 758 + "$link": blobCID.String(), 759 759 + }, 760 760 + "mimeType": "application/octet-stream", 761 761 + "size": size, 762 762 + }, 763 763 + } 764 764 + 765 765 + w.Header().Set("Content-Type", "application/json") 766 766 + json.NewEncoder(w).Encode(response) 767 767 + } 768 768 + 769 769 + // handleBufferedPartUpload handles uploading a part in buffered mode 770 770 + func (h *XRPCHandler) handleBufferedPartUpload(w http.ResponseWriter, r *http.Request, uploadID, partNumberStr string) { 771 771 + ctx := r.Context() 772 772 + 773 773 + // Parse part number 774 774 + partNumber, err := strconv.Atoi(partNumberStr) 690 775 if err != nil { 691 691 - http.Error(w, fmt.Sprintf("failed to get upload URL: %v", err), http.StatusInternalServerError) 776 776 + http.Error(w, fmt.Sprintf("invalid part number: %v", err), http.StatusBadRequest) 777 777 + return 778 778 + } 779 779 + 780 780 + // Read part data from body 781 781 + data, err := io.ReadAll(r.Body) 782 782 + if err != nil { 783 783 + http.Error(w, fmt.Sprintf("failed to read part data: %v", err), http.StatusInternalServerError) 784 784 + return 785 785 + } 786 786 + 787 787 + // Store part via blob store 788 788 + etag, err := h.blobStore.HandleBufferedPartUpload(ctx, uploadID, partNumber, data) 789 789 + if err != nil { 790 790 + http.Error(w, fmt.Sprintf("failed to upload part: %v", err), http.StatusInternalServerError) 791 791 + return 792 792 + } 793 793 + 794 794 + // Return ETag in response 795 795 + w.Header().Set("Content-Type", "application/json") 796 796 + json.NewEncoder(w).Encode(map[string]any{ 797 797 + "etag": etag, 798 798 + }) 799 799 + } 800 800 + 801 801 + // handleMultipartOperation handles multipart upload operations via JSON request 802 802 + func (h *XRPCHandler) handleMultipartOperation(w http.ResponseWriter, r *http.Request) { 803 803 + ctx := r.Context() 804 804 + 805 805 + // Parse JSON body 806 806 + var req struct { 807 807 + Action string `json:"action"` 808 808 + Digest string `json:"digest,omitempty"` 809 809 + UploadID string `json:"uploadId,omitempty"` 810 810 + PartNumber int `json:"partNumber,omitempty"` 811 811 + Parts []PartInfo `json:"parts,omitempty"` 812 812 + } 813 813 + 814 814 + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { 815 815 + http.Error(w, fmt.Sprintf("invalid JSON body: %v", err), http.StatusBadRequest) 692 816 return 693 817 } 694 818 695 695 - // Return 302 redirect to presigned URL 696 696 - http.Redirect(w, r, uploadURL, http.StatusFound) 819 819 + // Route based on action 820 820 + switch req.Action { 821 821 + case "start": 822 822 + // Start multipart upload 823 823 + if req.Digest == "" { 824 824 + http.Error(w, "digest required for start action", http.StatusBadRequest) 825 825 + return 826 826 + } 827 827 + 828 828 + uploadID, mode, err := h.blobStore.StartMultipartUpload(ctx, req.Digest) 829 829 + if err != nil { 830 830 + http.Error(w, fmt.Sprintf("failed to start multipart upload: %v", err), http.StatusInternalServerError) 831 831 + return 832 832 + } 833 833 + 834 834 + w.Header().Set("Content-Type", "application/json") 835 835 + json.NewEncoder(w).Encode(map[string]any{ 836 836 + "uploadId": uploadID, 837 837 + "mode": mode, 838 838 + }) 839 839 + 840 840 + case "part": 841 841 + // Get part upload URL 842 842 + if req.UploadID == "" || req.PartNumber == 0 { 843 843 + http.Error(w, "uploadId and partNumber required for part action", http.StatusBadRequest) 844 844 + return 845 845 + } 846 846 + 847 847 + // Extract DID from query or header (for authorization) 848 848 + did := r.URL.Query().Get("did") 849 849 + if did == "" { 850 850 + did = r.Header.Get("X-ATCR-DID") 851 851 + } 852 852 + 853 853 + url, err := h.blobStore.GetPartUploadURL(ctx, req.UploadID, req.PartNumber, did) 854 854 + if err != nil { 855 855 + http.Error(w, fmt.Sprintf("failed to get part URL: %v", err), http.StatusInternalServerError) 856 856 + return 857 857 + } 858 858 + 859 859 + w.Header().Set("Content-Type", "application/json") 860 860 + json.NewEncoder(w).Encode(map[string]any{ 861 861 + "url": url, 862 862 + }) 863 863 + 864 864 + case "complete": 865 865 + // Complete multipart upload 866 866 + if req.UploadID == "" || len(req.Parts) == 0 { 867 867 + http.Error(w, "uploadId and parts required for complete action", http.StatusBadRequest) 868 868 + return 869 869 + } 870 870 + 871 871 + if err := h.blobStore.CompleteMultipartUpload(ctx, req.UploadID, req.Parts); err != nil { 872 872 + http.Error(w, fmt.Sprintf("failed to complete multipart upload: %v", err), http.StatusInternalServerError) 873 873 + return 874 874 + } 875 875 + 876 876 + w.Header().Set("Content-Type", "application/json") 877 877 + json.NewEncoder(w).Encode(map[string]any{ 878 878 + "status": "completed", 879 879 + }) 880 880 + 881 881 + case "abort": 882 882 + // Abort multipart upload 883 883 + if req.UploadID == "" { 884 884 + http.Error(w, "uploadId required for abort action", http.StatusBadRequest) 885 885 + return 886 886 + } 887 887 + 888 888 + if err := h.blobStore.AbortMultipartUpload(ctx, req.UploadID); err != nil { 889 889 + http.Error(w, fmt.Sprintf("failed to abort multipart upload: %v", err), http.StatusInternalServerError) 890 890 + return 891 891 + } 892 892 + 893 893 + w.Header().Set("Content-Type", "application/json") 894 894 + json.NewEncoder(w).Encode(map[string]any{ 895 895 + "status": "aborted", 896 896 + }) 897 897 + 898 898 + default: 899 899 + http.Error(w, fmt.Sprintf("unknown action: %s", req.Action), http.StatusBadRequest) 900 900 + } 697 901 } 698 902 699 903 // HandleGetBlob wraps existing presigned download URL logic 904 904 + // Supports both ATProto CIDs and OCI sha256 digests 700 905 func (h *XRPCHandler) HandleGetBlob(w http.ResponseWriter, r *http.Request) { 701 701 - if r.Method != http.MethodGet { 906 906 + if r.Method != http.MethodGet && r.Method != http.MethodHead { 702 907 http.Error(w, "method not allowed", http.StatusMethodNotAllowed) 703 908 return 704 909 } 705 910 706 911 did := r.URL.Query().Get("did") 707 707 - digest := r.URL.Query().Get("cid") 912 912 + cidOrDigest := r.URL.Query().Get("cid") 708 913 709 709 - if did == "" || digest == "" { 914 914 + if did == "" || cidOrDigest == "" { 710 915 http.Error(w, "missing required parameters", http.StatusBadRequest) 711 916 return 712 917 } ··· 716 921 return 717 922 } 718 923 924 924 + // Flexible digest parsing: accept both CID and sha256 digest formats 925 925 + var digest string 926 926 + if strings.HasPrefix(cidOrDigest, "sha256:") { 927 927 + // OCI digest format - use directly 928 928 + digest = cidOrDigest 929 929 + } else { 930 930 + // Standard ATProto CID - for ATCR OCI use case, we expect sha256 digests 931 931 + // If a real CID is provided, we could convert it here, but for now 932 932 + // we'll just pass it through and let the blob store handle it 933 933 + digest = cidOrDigest 934 934 + } 935 935 + 719 936 // Get presigned download URL from existing blob store 720 720 - downloadURL, err := h.blobStore.GetPresignedDownloadURL(digest) 937 937 + // Pass DID for ATProto blob storage (per-DID paths) 938 938 + downloadURL, err := h.blobStore.GetPresignedDownloadURL(digest, did) 721 939 if err != nil { 722 940 http.Error(w, fmt.Sprintf("failed to get download URL: %v", err), http.StatusInternalServerError) 723 941 return 724 942 } 725 943 726 944 // Return 302 redirect to presigned URL 727 727 - http.Redirect(w, r, downloadURL, http.StatusFound) 945 945 + http.Redirect(w, r, downloadURL, http.StatusTemporaryRedirect) 728 946 } 729 947 730 948 // HandleListRepos lists all repositories in this PDS

+427

pkg/hold/pds/xrpc_multipart_test.go

reviewed

··· 1 1 + package pds 2 2 + 3 3 + import ( 4 4 + "bytes" 5 5 + "net/http" 6 6 + "net/http/httptest" 7 7 + "testing" 8 8 + ) 9 9 + 10 10 + // ATCR-Specific Tests: Non-standard multipart upload extensions 11 11 + // 12 12 + // This file contains tests for ATCR's custom multipart upload extensions 13 13 + // to the ATProto blob endpoints. These are not part of the official ATProto spec. 14 14 + // 15 15 + // Standard ATProto blob tests are in xrpc_test.go 16 16 + 17 17 + // Tests for HandleUploadBlob - Multipart Start 18 18 + 19 19 + // TestHandleUploadBlob_MultipartStart tests multipart upload start operation 20 20 + // Non-standard ATCR extension for large blob uploads 21 21 + func TestHandleUploadBlob_MultipartStart(t *testing.T) { 22 22 + handler, blobStore, _ := setupTestXRPCHandlerWithBlobs(t) 23 23 + 24 24 + digest := "sha256:largefile123" 25 25 + body := map[string]string{ 26 26 + "action": "start", 27 27 + "digest": digest, 28 28 + } 29 29 + 30 30 + req := makeXRPCPostRequest("/xrpc/com.atproto.repo.uploadBlob", body) 31 31 + w := httptest.NewRecorder() 32 32 + 33 33 + handler.HandleUploadBlob(w, req) 34 34 + 35 35 + if w.Code != http.StatusOK { 36 36 + t.Errorf("Expected status 200, got %d", w.Code) 37 37 + } 38 38 + 39 39 + // Verify response contains uploadId and mode 40 40 + result := assertJSONResponse(t, w, http.StatusOK) 41 41 + 42 42 + if uploadID, ok := result["uploadId"].(string); !ok || uploadID == "" { 43 43 + t.Error("Expected uploadId string in response") 44 44 + } 45 45 + 46 46 + if mode, ok := result["mode"].(string); !ok || mode == "" { 47 47 + t.Error("Expected mode string in response") 48 48 + } 49 49 + 50 50 + // Verify blob store was called 51 51 + if len(blobStore.startCalls) != 1 || blobStore.startCalls[0] != digest { 52 52 + t.Errorf("Expected StartMultipartUpload to be called with %s", digest) 53 53 + } 54 54 + } 55 55 + 56 56 + // TestHandleUploadBlob_MultipartStart_MissingDigest tests missing digest in start operation 57 57 + func TestHandleUploadBlob_MultipartStart_MissingDigest(t *testing.T) { 58 58 + handler, _, _ := setupTestXRPCHandlerWithBlobs(t) 59 59 + 60 60 + body := map[string]string{ 61 61 + "action": "start", 62 62 + } 63 63 + 64 64 + req := makeXRPCPostRequest("/xrpc/com.atproto.repo.uploadBlob", body) 65 65 + w := httptest.NewRecorder() 66 66 + 67 67 + handler.HandleUploadBlob(w, req) 68 68 + 69 69 + if w.Code != http.StatusBadRequest { 70 70 + t.Errorf("Expected status 400, got %d", w.Code) 71 71 + } 72 72 + } 73 73 + 74 74 + // Tests for HandleUploadBlob - Multipart Part URL 75 75 + 76 76 + // TestHandleUploadBlob_MultipartPart tests getting presigned URL for a part 77 77 + // Non-standard ATCR extension for multipart uploads 78 78 + func TestHandleUploadBlob_MultipartPart(t *testing.T) { 79 79 + handler, blobStore, _ := setupTestXRPCHandlerWithBlobs(t) 80 80 + 81 81 + uploadID := "test-upload-123" 82 82 + partNumber := 1 83 83 + did := "did:plc:testuser" 84 84 + 85 85 + body := map[string]any{ 86 86 + "action": "part", 87 87 + "uploadId": uploadID, 88 88 + "partNumber": partNumber, 89 89 + } 90 90 + 91 91 + req := makeXRPCPostRequest("/xrpc/com.atproto.repo.uploadBlob?did="+did, body) 92 92 + w := httptest.NewRecorder() 93 93 + 94 94 + handler.HandleUploadBlob(w, req) 95 95 + 96 96 + if w.Code != http.StatusOK { 97 97 + t.Errorf("Expected status 200, got %d", w.Code) 98 98 + } 99 99 + 100 100 + // Verify response contains URL 101 101 + result := assertJSONResponse(t, w, http.StatusOK) 102 102 + 103 103 + if url, ok := result["url"].(string); !ok || url == "" { 104 104 + t.Error("Expected url string in response") 105 105 + } 106 106 + 107 107 + // Verify blob store was called 108 108 + if len(blobStore.partURLCalls) != 1 { 109 109 + t.Fatalf("Expected GetPartUploadURL to be called once") 110 110 + } 111 111 + call := blobStore.partURLCalls[0] 112 112 + if call.uploadID != uploadID || call.partNumber != partNumber || call.did != did { 113 113 + t.Errorf("Expected GetPartUploadURL(%s, %d, %s), got (%s, %d, %s)", 114 114 + uploadID, partNumber, did, call.uploadID, call.partNumber, call.did) 115 115 + } 116 116 + } 117 117 + 118 118 + // TestHandleUploadBlob_MultipartPart_MissingParams tests missing parameters 119 119 + func TestHandleUploadBlob_MultipartPart_MissingParams(t *testing.T) { 120 120 + handler, _, _ := setupTestXRPCHandlerWithBlobs(t) 121 121 + 122 122 + tests := []struct { 123 123 + name string 124 124 + body map[string]any 125 125 + }{ 126 126 + { 127 127 + name: "missing uploadId", 128 128 + body: map[string]any{ 129 129 + "action": "part", 130 130 + "partNumber": 1, 131 131 + }, 132 132 + }, 133 133 + { 134 134 + name: "missing partNumber", 135 135 + body: map[string]any{ 136 136 + "action": "part", 137 137 + "uploadId": "test-123", 138 138 + }, 139 139 + }, 140 140 + { 141 141 + name: "partNumber zero", 142 142 + body: map[string]any{ 143 143 + "action": "part", 144 144 + "uploadId": "test-123", 145 145 + "partNumber": 0, 146 146 + }, 147 147 + }, 148 148 + } 149 149 + 150 150 + for _, tt := range tests { 151 151 + t.Run(tt.name, func(t *testing.T) { 152 152 + req := makeXRPCPostRequest("/xrpc/com.atproto.repo.uploadBlob", tt.body) 153 153 + w := httptest.NewRecorder() 154 154 + 155 155 + handler.HandleUploadBlob(w, req) 156 156 + 157 157 + if w.Code != http.StatusBadRequest { 158 158 + t.Errorf("Expected status 400, got %d", w.Code) 159 159 + } 160 160 + }) 161 161 + } 162 162 + } 163 163 + 164 164 + // Tests for HandleUploadBlob - Multipart Complete 165 165 + 166 166 + // TestHandleUploadBlob_MultipartComplete tests completing a multipart upload 167 167 + // Non-standard ATCR extension for multipart uploads 168 168 + func TestHandleUploadBlob_MultipartComplete(t *testing.T) { 169 169 + handler, blobStore, _ := setupTestXRPCHandlerWithBlobs(t) 170 170 + 171 171 + uploadID := "test-upload-123" 172 172 + parts := []PartInfo{ 173 173 + {PartNumber: 1, ETag: "etag1"}, 174 174 + {PartNumber: 2, ETag: "etag2"}, 175 175 + } 176 176 + 177 177 + body := map[string]any{ 178 178 + "action": "complete", 179 179 + "uploadId": uploadID, 180 180 + "parts": parts, 181 181 + } 182 182 + 183 183 + req := makeXRPCPostRequest("/xrpc/com.atproto.repo.uploadBlob", body) 184 184 + w := httptest.NewRecorder() 185 185 + 186 186 + handler.HandleUploadBlob(w, req) 187 187 + 188 188 + if w.Code != http.StatusOK { 189 189 + t.Errorf("Expected status 200, got %d", w.Code) 190 190 + } 191 191 + 192 192 + // Verify response 193 193 + result := assertJSONResponse(t, w, http.StatusOK) 194 194 + 195 195 + if status, ok := result["status"].(string); !ok || status != "completed" { 196 196 + t.Errorf("Expected status='completed', got %v", result["status"]) 197 197 + } 198 198 + 199 199 + // Verify blob store was called 200 200 + if len(blobStore.completeCalls) != 1 || blobStore.completeCalls[0] != uploadID { 201 201 + t.Errorf("Expected CompleteMultipartUpload to be called with %s", uploadID) 202 202 + } 203 203 + } 204 204 + 205 205 + // TestHandleUploadBlob_MultipartComplete_MissingParams tests missing parameters 206 206 + func TestHandleUploadBlob_MultipartComplete_MissingParams(t *testing.T) { 207 207 + handler, _, _ := setupTestXRPCHandlerWithBlobs(t) 208 208 + 209 209 + tests := []struct { 210 210 + name string 211 211 + body map[string]any 212 212 + }{ 213 213 + { 214 214 + name: "missing uploadId", 215 215 + body: map[string]any{ 216 216 + "action": "complete", 217 217 + "parts": []PartInfo{{PartNumber: 1, ETag: "etag1"}}, 218 218 + }, 219 219 + }, 220 220 + { 221 221 + name: "missing parts", 222 222 + body: map[string]any{ 223 223 + "action": "complete", 224 224 + "uploadId": "test-123", 225 225 + }, 226 226 + }, 227 227 + { 228 228 + name: "empty parts array", 229 229 + body: map[string]any{ 230 230 + "action": "complete", 231 231 + "uploadId": "test-123", 232 232 + "parts": []PartInfo{}, 233 233 + }, 234 234 + }, 235 235 + } 236 236 + 237 237 + for _, tt := range tests { 238 238 + t.Run(tt.name, func(t *testing.T) { 239 239 + req := makeXRPCPostRequest("/xrpc/com.atproto.repo.uploadBlob", tt.body) 240 240 + w := httptest.NewRecorder() 241 241 + 242 242 + handler.HandleUploadBlob(w, req) 243 243 + 244 244 + if w.Code != http.StatusBadRequest { 245 245 + t.Errorf("Expected status 400, got %d", w.Code) 246 246 + } 247 247 + }) 248 248 + } 249 249 + } 250 250 + 251 251 + // Tests for HandleUploadBlob - Multipart Abort 252 252 + 253 253 + // TestHandleUploadBlob_MultipartAbort tests aborting a multipart upload 254 254 + // Non-standard ATCR extension for multipart uploads 255 255 + func TestHandleUploadBlob_MultipartAbort(t *testing.T) { 256 256 + handler, blobStore, _ := setupTestXRPCHandlerWithBlobs(t) 257 257 + 258 258 + uploadID := "test-upload-123" 259 259 + 260 260 + body := map[string]string{ 261 261 + "action": "abort", 262 262 + "uploadId": uploadID, 263 263 + } 264 264 + 265 265 + req := makeXRPCPostRequest("/xrpc/com.atproto.repo.uploadBlob", body) 266 266 + w := httptest.NewRecorder() 267 267 + 268 268 + handler.HandleUploadBlob(w, req) 269 269 + 270 270 + if w.Code != http.StatusOK { 271 271 + t.Errorf("Expected status 200, got %d", w.Code) 272 272 + } 273 273 + 274 274 + // Verify response 275 275 + result := assertJSONResponse(t, w, http.StatusOK) 276 276 + 277 277 + if status, ok := result["status"].(string); !ok || status != "aborted" { 278 278 + t.Errorf("Expected status='aborted', got %v", result["status"]) 279 279 + } 280 280 + 281 281 + // Verify blob store was called 282 282 + if len(blobStore.abortCalls) != 1 || blobStore.abortCalls[0] != uploadID { 283 283 + t.Errorf("Expected AbortMultipartUpload to be called with %s", uploadID) 284 284 + } 285 285 + } 286 286 + 287 287 + // TestHandleUploadBlob_MultipartAbort_MissingUploadID tests missing uploadId 288 288 + func TestHandleUploadBlob_MultipartAbort_MissingUploadID(t *testing.T) { 289 289 + handler, _, _ := setupTestXRPCHandlerWithBlobs(t) 290 290 + 291 291 + body := map[string]string{ 292 292 + "action": "abort", 293 293 + } 294 294 + 295 295 + req := makeXRPCPostRequest("/xrpc/com.atproto.repo.uploadBlob", body) 296 296 + w := httptest.NewRecorder() 297 297 + 298 298 + handler.HandleUploadBlob(w, req) 299 299 + 300 300 + if w.Code != http.StatusBadRequest { 301 301 + t.Errorf("Expected status 400, got %d", w.Code) 302 302 + } 303 303 + } 304 304 + 305 305 + // Tests for HandleUploadBlob - Buffered Part Upload 306 306 + 307 307 + // TestHandleUploadBlob_BufferedPartUpload tests uploading a part in buffered mode 308 308 + // Non-standard ATCR extension for multipart uploads without S3 presigned URLs 309 309 + func TestHandleUploadBlob_BufferedPartUpload(t *testing.T) { 310 310 + handler, blobStore, _ := setupTestXRPCHandlerWithBlobs(t) 311 311 + 312 312 + uploadID := "test-upload-123" 313 313 + partNumber := "1" 314 314 + data := []byte("test data for part 1") 315 315 + 316 316 + req := httptest.NewRequest(http.MethodPut, "/xrpc/com.atproto.repo.uploadBlob", bytes.NewReader(data)) 317 317 + req.Header.Set("X-Upload-Id", uploadID) 318 318 + req.Header.Set("X-Part-Number", partNumber) 319 319 + w := httptest.NewRecorder() 320 320 + 321 321 + handler.HandleUploadBlob(w, req) 322 322 + 323 323 + if w.Code != http.StatusOK { 324 324 + t.Errorf("Expected status 200, got %d", w.Code) 325 325 + } 326 326 + 327 327 + // Verify response contains ETag 328 328 + result := assertJSONResponse(t, w, http.StatusOK) 329 329 + 330 330 + if etag, ok := result["etag"].(string); !ok || etag == "" { 331 331 + t.Error("Expected etag string in response") 332 332 + } 333 333 + 334 334 + // Verify blob store was called 335 335 + if len(blobStore.partUploadCalls) != 1 { 336 336 + t.Fatalf("Expected HandleBufferedPartUpload to be called once") 337 337 + } 338 338 + call := blobStore.partUploadCalls[0] 339 339 + if call.uploadID != uploadID || call.partNumber != 1 || call.dataSize != len(data) { 340 340 + t.Errorf("Expected HandleBufferedPartUpload(%s, 1, %d bytes), got (%s, %d, %d bytes)", 341 341 + uploadID, len(data), call.uploadID, call.partNumber, call.dataSize) 342 342 + } 343 343 + } 344 344 + 345 345 + // TestHandleUploadBlob_BufferedPartUpload_MissingHeaders tests missing required headers 346 346 + func TestHandleUploadBlob_BufferedPartUpload_MissingHeaders(t *testing.T) { 347 347 + handler, _, _ := setupTestXRPCHandlerWithBlobs(t) 348 348 + 349 349 + tests := []struct { 350 350 + name string 351 351 + uploadID string 352 352 + partNumber string 353 353 + setUploadID bool 354 354 + setPartNumber bool 355 355 + }{ 356 356 + { 357 357 + name: "missing both headers", 358 358 + setUploadID: false, 359 359 + setPartNumber: false, 360 360 + }, 361 361 + { 362 362 + name: "missing X-Part-Number", 363 363 + uploadID: "test-123", 364 364 + setUploadID: true, 365 365 + setPartNumber: false, 366 366 + }, 367 367 + { 368 368 + name: "missing X-Upload-Id", 369 369 + partNumber: "1", 370 370 + setUploadID: false, 371 371 + setPartNumber: true, 372 372 + }, 373 373 + } 374 374 + 375 375 + for _, tt := range tests { 376 376 + t.Run(tt.name, func(t *testing.T) { 377 377 + req := httptest.NewRequest(http.MethodPut, "/xrpc/com.atproto.repo.uploadBlob", bytes.NewReader([]byte("data"))) 378 378 + if tt.setUploadID { 379 379 + req.Header.Set("X-Upload-Id", tt.uploadID) 380 380 + } 381 381 + if tt.setPartNumber { 382 382 + req.Header.Set("X-Part-Number", tt.partNumber) 383 383 + } 384 384 + w := httptest.NewRecorder() 385 385 + 386 386 + handler.HandleUploadBlob(w, req) 387 387 + 388 388 + if w.Code != http.StatusBadRequest { 389 389 + t.Errorf("Expected status 400, got %d", w.Code) 390 390 + } 391 391 + }) 392 392 + } 393 393 + } 394 394 + 395 395 + // TestHandleUploadBlob_BufferedPartUpload_InvalidPartNumber tests invalid part number 396 396 + func TestHandleUploadBlob_BufferedPartUpload_InvalidPartNumber(t *testing.T) { 397 397 + handler, _, _ := setupTestXRPCHandlerWithBlobs(t) 398 398 + 399 399 + req := httptest.NewRequest(http.MethodPut, "/xrpc/com.atproto.repo.uploadBlob", bytes.NewReader([]byte("data"))) 400 400 + req.Header.Set("X-Upload-Id", "test-123") 401 401 + req.Header.Set("X-Part-Number", "not-a-number") 402 402 + w := httptest.NewRecorder() 403 403 + 404 404 + handler.HandleUploadBlob(w, req) 405 405 + 406 406 + if w.Code != http.StatusBadRequest { 407 407 + t.Errorf("Expected status 400 for invalid part number, got %d", w.Code) 408 408 + } 409 409 + } 410 410 + 411 411 + // TestHandleUploadBlob_UnknownAction tests unknown action value 412 412 + func TestHandleUploadBlob_UnknownAction(t *testing.T) { 413 413 + handler, _, _ := setupTestXRPCHandlerWithBlobs(t) 414 414 + 415 415 + body := map[string]string{ 416 416 + "action": "invalid", 417 417 + } 418 418 + 419 419 + req := makeXRPCPostRequest("/xrpc/com.atproto.repo.uploadBlob", body) 420 420 + w := httptest.NewRecorder() 421 421 + 422 422 + handler.HandleUploadBlob(w, req) 423 423 + 424 424 + if w.Code != http.StatusBadRequest { 425 425 + t.Errorf("Expected status 400 for unknown action, got %d", w.Code) 426 426 + } 427 427 + }

+459

pkg/hold/pds/xrpc_test.go

reviewed

··· 4 4 "bytes" 5 5 "context" 6 6 "encoding/json" 7 7 + "fmt" 7 8 "io" 8 9 "net/http" 9 10 "net/http/httptest" ··· 13 14 "testing" 14 15 15 16 "atcr.io/pkg/atproto" 17 17 + "github.com/ipfs/go-cid" 16 18 ) 17 19 18 20 // Test helpers ··· 1316 1318 t.Errorf("Expected DID string, got %s", body) 1317 1319 } 1318 1320 } 1321 1321 + 1322 1322 + // Mock BlobStore for testing blob endpoints 1323 1323 + 1324 1324 + // mockBlobStore implements BlobStore interface for testing 1325 1325 + type mockBlobStore struct { 1326 1326 + // Control behavior 1327 1327 + downloadURLError error 1328 1328 + uploadURLError error 1329 1329 + uploadBlobError error 1330 1330 + startError error 1331 1331 + partURLError error 1332 1332 + completeError error 1333 1333 + abortError error 1334 1334 + partUploadError error 1335 1335 + 1336 1336 + // Track calls 1337 1337 + downloadCalls []string // Track digests requested for download 1338 1338 + uploadCalls []string // Track digests requested for upload 1339 1339 + uploadBlobCalls []uploadBlobCall // Track direct blob uploads 1340 1340 + startCalls []string // Track digests for multipart start 1341 1341 + partURLCalls []partURLCall 1342 1342 + completeCalls []string 1343 1343 + abortCalls []string 1344 1344 + partUploadCalls []partUploadCall 1345 1345 + } 1346 1346 + 1347 1347 + type uploadBlobCall struct { 1348 1348 + did string 1349 1349 + dataSize int 1350 1350 + } 1351 1351 + 1352 1352 + type partURLCall struct { 1353 1353 + uploadID string 1354 1354 + partNumber int 1355 1355 + did string 1356 1356 + } 1357 1357 + 1358 1358 + type partUploadCall struct { 1359 1359 + uploadID string 1360 1360 + partNumber int 1361 1361 + dataSize int 1362 1362 + } 1363 1363 + 1364 1364 + func newMockBlobStore() *mockBlobStore { 1365 1365 + return &mockBlobStore{ 1366 1366 + downloadCalls: []string{}, 1367 1367 + uploadCalls: []string{}, 1368 1368 + uploadBlobCalls: []uploadBlobCall{}, 1369 1369 + startCalls: []string{}, 1370 1370 + partURLCalls: []partURLCall{}, 1371 1371 + completeCalls: []string{}, 1372 1372 + abortCalls: []string{}, 1373 1373 + partUploadCalls: []partUploadCall{}, 1374 1374 + } 1375 1375 + } 1376 1376 + 1377 1377 + func (m *mockBlobStore) GetPresignedDownloadURL(digest, did string) (string, error) { 1378 1378 + m.downloadCalls = append(m.downloadCalls, digest) 1379 1379 + if m.downloadURLError != nil { 1380 1380 + return "", m.downloadURLError 1381 1381 + } 1382 1382 + return "https://s3.example.com/download/" + digest, nil 1383 1383 + } 1384 1384 + 1385 1385 + func (m *mockBlobStore) GetPresignedUploadURL(digest, did string) (string, error) { 1386 1386 + m.uploadCalls = append(m.uploadCalls, digest) 1387 1387 + if m.uploadURLError != nil { 1388 1388 + return "", m.uploadURLError 1389 1389 + } 1390 1390 + return "https://s3.example.com/upload/" + digest, nil 1391 1391 + } 1392 1392 + 1393 1393 + func (m *mockBlobStore) UploadBlob(ctx context.Context, did string, data io.Reader) (cid.Cid, int64, error) { 1394 1394 + // Read data to get size 1395 1395 + blobData, err := io.ReadAll(data) 1396 1396 + if err != nil { 1397 1397 + return cid.Undef, 0, err 1398 1398 + } 1399 1399 + 1400 1400 + m.uploadBlobCalls = append(m.uploadBlobCalls, uploadBlobCall{ 1401 1401 + did: did, 1402 1402 + dataSize: len(blobData), 1403 1403 + }) 1404 1404 + 1405 1405 + if m.uploadBlobError != nil { 1406 1406 + return cid.Undef, 0, m.uploadBlobError 1407 1407 + } 1408 1408 + 1409 1409 + // Return a test CID (just use a fixed one for testing) 1410 1410 + testCID, _ := cid.Decode("bafkreihdwdcefgh4dqkjv67uzcmw7ojee6xedzdetojuzjevtenxquvyku") 1411 1411 + return testCID, int64(len(blobData)), nil 1412 1412 + } 1413 1413 + 1414 1414 + func (m *mockBlobStore) StartMultipartUpload(ctx context.Context, digest string) (string, string, error) { 1415 1415 + m.startCalls = append(m.startCalls, digest) 1416 1416 + if m.startError != nil { 1417 1417 + return "", "", m.startError 1418 1418 + } 1419 1419 + return "test-upload-id", "s3native", nil 1420 1420 + } 1421 1421 + 1422 1422 + func (m *mockBlobStore) GetPartUploadURL(ctx context.Context, uploadID string, partNumber int, did string) (string, error) { 1423 1423 + m.partURLCalls = append(m.partURLCalls, partURLCall{uploadID, partNumber, did}) 1424 1424 + if m.partURLError != nil { 1425 1425 + return "", m.partURLError 1426 1426 + } 1427 1427 + return "https://s3.example.com/part/" + uploadID, nil 1428 1428 + } 1429 1429 + 1430 1430 + func (m *mockBlobStore) CompleteMultipartUpload(ctx context.Context, uploadID string, parts []PartInfo) error { 1431 1431 + m.completeCalls = append(m.completeCalls, uploadID) 1432 1432 + if m.completeError != nil { 1433 1433 + return m.completeError 1434 1434 + } 1435 1435 + return nil 1436 1436 + } 1437 1437 + 1438 1438 + func (m *mockBlobStore) AbortMultipartUpload(ctx context.Context, uploadID string) error { 1439 1439 + m.abortCalls = append(m.abortCalls, uploadID) 1440 1440 + if m.abortError != nil { 1441 1441 + return m.abortError 1442 1442 + } 1443 1443 + return nil 1444 1444 + } 1445 1445 + 1446 1446 + func (m *mockBlobStore) HandleBufferedPartUpload(ctx context.Context, uploadID string, partNumber int, data []byte) (string, error) { 1447 1447 + m.partUploadCalls = append(m.partUploadCalls, partUploadCall{uploadID, partNumber, len(data)}) 1448 1448 + if m.partUploadError != nil { 1449 1449 + return "", m.partUploadError 1450 1450 + } 1451 1451 + return "test-etag-" + uploadID, nil 1452 1452 + } 1453 1453 + 1454 1454 + // setupTestXRPCHandlerWithBlobs creates handler with mock blob store 1455 1455 + func setupTestXRPCHandlerWithBlobs(t *testing.T) (*XRPCHandler, *mockBlobStore, context.Context) { 1456 1456 + t.Helper() 1457 1457 + 1458 1458 + ctx := context.Background() 1459 1459 + tmpDir := t.TempDir() 1460 1460 + 1461 1461 + dbPath := filepath.Join(tmpDir, "pds.db") 1462 1462 + keyPath := filepath.Join(tmpDir, "signing-key") 1463 1463 + 1464 1464 + pds, err := NewHoldPDS(ctx, "did:web:hold.example.com", "https://hold.example.com", dbPath, keyPath) 1465 1465 + if err != nil { 1466 1466 + t.Fatalf("Failed to create test PDS: %v", err) 1467 1467 + } 1468 1468 + 1469 1469 + // Bootstrap with a test owner, suppressing stdout to avoid log spam 1470 1470 + ownerDID := "did:plc:testowner123" 1471 1471 + 1472 1472 + // Redirect stdout to suppress bootstrap logging 1473 1473 + oldStdout := os.Stdout 1474 1474 + r, w, _ := os.Pipe() 1475 1475 + os.Stdout = w 1476 1476 + 1477 1477 + err = pds.Bootstrap(ctx, ownerDID, true, false) 1478 1478 + 1479 1479 + // Restore stdout 1480 1480 + w.Close() 1481 1481 + os.Stdout = oldStdout 1482 1482 + io.ReadAll(r) // Drain the pipe 1483 1483 + 1484 1484 + if err != nil { 1485 1485 + t.Fatalf("Failed to bootstrap PDS: %v", err) 1486 1486 + } 1487 1487 + 1488 1488 + // Create mock blob store 1489 1489 + blobStore := newMockBlobStore() 1490 1490 + 1491 1491 + // Create XRPC handler with mock blob store 1492 1492 + handler := NewXRPCHandler(pds, "https://hold.example.com", blobStore, nil) 1493 1493 + 1494 1494 + return handler, blobStore, ctx 1495 1495 + } 1496 1496 + 1497 1497 + // Tests for HandleUploadBlob 1498 1498 + 1499 1499 + // TestHandleUploadBlob tests com.atproto.repo.uploadBlob with direct upload 1500 1500 + // Spec: https://docs.bsky.app/docs/api/com-atproto-repo-upload-blob 1501 1501 + func TestHandleUploadBlob(t *testing.T) { 1502 1502 + handler, blobStore, _ := setupTestXRPCHandlerWithBlobs(t) 1503 1503 + 1504 1504 + // Test data - a simple text blob 1505 1505 + blobData := []byte("Hello, ATProto!") 1506 1506 + 1507 1507 + // Test standard single blob upload (POST with raw bytes) 1508 1508 + req := httptest.NewRequest(http.MethodPost, "/xrpc/com.atproto.repo.uploadBlob", bytes.NewReader(blobData)) 1509 1509 + req.Header.Set("Content-Type", "application/octet-stream") 1510 1510 + w := httptest.NewRecorder() 1511 1511 + 1512 1512 + handler.HandleUploadBlob(w, req) 1513 1513 + 1514 1514 + // Should return 200 OK with blob metadata 1515 1515 + if w.Code != http.StatusOK { 1516 1516 + t.Errorf("Expected status 200 OK, got %d", w.Code) 1517 1517 + } 1518 1518 + 1519 1519 + // Verify response contains blob metadata 1520 1520 + result := assertJSONResponse(t, w, http.StatusOK) 1521 1521 + 1522 1522 + blob, ok := result["blob"].(map[string]any) 1523 1523 + if !ok { 1524 1524 + t.Fatal("Expected blob object in response") 1525 1525 + } 1526 1526 + 1527 1527 + if blobType, ok := blob["$type"].(string); !ok || blobType != "blob" { 1528 1528 + t.Errorf("Expected $type='blob', got %v", blob["$type"]) 1529 1529 + } 1530 1530 + 1531 1531 + ref, ok := blob["ref"].(map[string]any) 1532 1532 + if !ok { 1533 1533 + t.Fatal("Expected ref object in blob") 1534 1534 + } 1535 1535 + 1536 1536 + if link, ok := ref["$link"].(string); !ok || link == "" { 1537 1537 + t.Error("Expected $link (CID) in ref") 1538 1538 + } 1539 1539 + 1540 1540 + if size, ok := blob["size"].(float64); !ok || int(size) != len(blobData) { 1541 1541 + t.Errorf("Expected size=%d, got %v", len(blobData), blob["size"]) 1542 1542 + } 1543 1543 + 1544 1544 + // Verify blob store was called 1545 1545 + if len(blobStore.uploadBlobCalls) != 1 { 1546 1546 + t.Errorf("Expected UploadBlob to be called once, got %d calls", len(blobStore.uploadBlobCalls)) 1547 1547 + } 1548 1548 + 1549 1549 + if blobStore.uploadBlobCalls[0].dataSize != len(blobData) { 1550 1550 + t.Errorf("Expected UploadBlob to receive %d bytes, got %d", len(blobData), blobStore.uploadBlobCalls[0].dataSize) 1551 1551 + } 1552 1552 + } 1553 1553 + 1554 1554 + // TestHandleUploadBlob_EmptyBody tests empty blob upload 1555 1555 + // Spec: https://docs.bsky.app/docs/api/com-atproto-repo-upload-blob 1556 1556 + func TestHandleUploadBlob_EmptyBody(t *testing.T) { 1557 1557 + handler, blobStore, _ := setupTestXRPCHandlerWithBlobs(t) 1558 1558 + 1559 1559 + // Empty blob should succeed (edge case) 1560 1560 + req := httptest.NewRequest(http.MethodPost, "/xrpc/com.atproto.repo.uploadBlob", bytes.NewReader([]byte{})) 1561 1561 + req.Header.Set("Content-Type", "application/octet-stream") 1562 1562 + w := httptest.NewRecorder() 1563 1563 + 1564 1564 + handler.HandleUploadBlob(w, req) 1565 1565 + 1566 1566 + // Should succeed with empty blob 1567 1567 + if w.Code != http.StatusOK { 1568 1568 + t.Errorf("Expected status 200, got %d", w.Code) 1569 1569 + } 1570 1570 + 1571 1571 + // Verify blob store was called with 0 bytes 1572 1572 + if len(blobStore.uploadBlobCalls) != 1 || blobStore.uploadBlobCalls[0].dataSize != 0 { 1573 1573 + t.Errorf("Expected UploadBlob with 0 bytes") 1574 1574 + } 1575 1575 + } 1576 1576 + 1577 1577 + // TestHandleUploadBlob_MethodNotAllowed tests wrong HTTP method 1578 1578 + // Spec: https://docs.bsky.app/docs/api/com-atproto-repo-upload-blob 1579 1579 + func TestHandleUploadBlob_MethodNotAllowed(t *testing.T) { 1580 1580 + handler, _, _ := setupTestXRPCHandlerWithBlobs(t) 1581 1581 + 1582 1582 + // GET is not allowed for upload (only POST and PUT) 1583 1583 + req := httptest.NewRequest(http.MethodGet, "/xrpc/com.atproto.repo.uploadBlob", bytes.NewReader([]byte("test"))) 1584 1584 + w := httptest.NewRecorder() 1585 1585 + 1586 1586 + handler.HandleUploadBlob(w, req) 1587 1587 + 1588 1588 + if w.Code != http.StatusMethodNotAllowed { 1589 1589 + t.Errorf("Expected status 405, got %d", w.Code) 1590 1590 + } 1591 1591 + } 1592 1592 + 1593 1593 + // TestHandleUploadBlob_BlobStoreError tests blob store returning error 1594 1594 + // Spec: https://docs.bsky.app/docs/api/com-atproto-repo-upload-blob 1595 1595 + func TestHandleUploadBlob_BlobStoreError(t *testing.T) { 1596 1596 + handler, blobStore, _ := setupTestXRPCHandlerWithBlobs(t) 1597 1597 + 1598 1598 + // Configure mock to return error 1599 1599 + blobStore.uploadBlobError = fmt.Errorf("storage driver unavailable") 1600 1600 + 1601 1601 + req := httptest.NewRequest(http.MethodPost, "/xrpc/com.atproto.repo.uploadBlob", bytes.NewReader([]byte("test data"))) 1602 1602 + req.Header.Set("Content-Type", "application/octet-stream") 1603 1603 + w := httptest.NewRecorder() 1604 1604 + 1605 1605 + handler.HandleUploadBlob(w, req) 1606 1606 + 1607 1607 + if w.Code != http.StatusInternalServerError { 1608 1608 + t.Errorf("Expected status 500, got %d", w.Code) 1609 1609 + } 1610 1610 + } 1611 1611 + 1612 1612 + // Tests for HandleGetBlob 1613 1613 + 1614 1614 + // TestHandleGetBlob tests com.atproto.sync.getBlob 1615 1615 + // Spec: https://docs.bsky.app/docs/api/com-atproto-sync-get-blob 1616 1616 + func TestHandleGetBlob(t *testing.T) { 1617 1617 + handler, blobStore, _ := setupTestXRPCHandlerWithBlobs(t) 1618 1618 + 1619 1619 + holdDID := "did:web:hold.example.com" 1620 1620 + cid := "bafyreib2rxk3rkhh5ylyxj3x3gathxt3s32qvwj2lf3qg4kmzr6b7teqke" 1621 1621 + 1622 1622 + req := makeXRPCGetRequest("/xrpc/com.atproto.sync.getBlob", map[string]string{ 1623 1623 + "did": holdDID, 1624 1624 + "cid": cid, 1625 1625 + }) 1626 1626 + w := httptest.NewRecorder() 1627 1627 + 1628 1628 + handler.HandleGetBlob(w, req) 1629 1629 + 1630 1630 + // Should redirect to presigned download URL (307 Temporary Redirect) 1631 1631 + if w.Code != http.StatusTemporaryRedirect { 1632 1632 + t.Errorf("Expected status 307 (Temporary Redirect), got %d", w.Code) 1633 1633 + } 1634 1634 + 1635 1635 + location := w.Header().Get("Location") 1636 1636 + expectedURL := "https://s3.example.com/download/" + cid 1637 1637 + if location != expectedURL { 1638 1638 + t.Errorf("Expected redirect to %s, got %s", expectedURL, location) 1639 1639 + } 1640 1640 + 1641 1641 + // Verify blob store was called 1642 1642 + if len(blobStore.downloadCalls) != 1 || blobStore.downloadCalls[0] != cid { 1643 1643 + t.Errorf("Expected GetPresignedDownloadURL to be called with %s", cid) 1644 1644 + } 1645 1645 + } 1646 1646 + 1647 1647 + // TestHandleGetBlob_SHA256Digest tests getBlob with OCI sha256 digest format 1648 1648 + // Spec: https://docs.bsky.app/docs/api/com-atproto-sync-get-blob 1649 1649 + func TestHandleGetBlob_SHA256Digest(t *testing.T) { 1650 1650 + handler, blobStore, _ := setupTestXRPCHandlerWithBlobs(t) 1651 1651 + 1652 1652 + holdDID := "did:web:hold.example.com" 1653 1653 + digest := "sha256:abc123def456" // OCI digest format 1654 1654 + 1655 1655 + req := makeXRPCGetRequest("/xrpc/com.atproto.sync.getBlob", map[string]string{ 1656 1656 + "did": holdDID, 1657 1657 + "cid": digest, 1658 1658 + }) 1659 1659 + w := httptest.NewRecorder() 1660 1660 + 1661 1661 + handler.HandleGetBlob(w, req) 1662 1662 + 1663 1663 + // Should redirect to presigned download URL 1664 1664 + if w.Code != http.StatusTemporaryRedirect { 1665 1665 + t.Errorf("Expected status 307, got %d", w.Code) 1666 1666 + } 1667 1667 + 1668 1668 + // Verify blob store received the sha256 digest 1669 1669 + if len(blobStore.downloadCalls) != 1 || blobStore.downloadCalls[0] != digest { 1670 1670 + t.Errorf("Expected GetPresignedDownloadURL to be called with %s, got %v", digest, blobStore.downloadCalls) 1671 1671 + } 1672 1672 + } 1673 1673 + 1674 1674 + // TestHandleGetBlob_HeadMethod tests HEAD request support 1675 1675 + // Spec: https://docs.bsky.app/docs/api/com-atproto-sync-get-blob 1676 1676 + func TestHandleGetBlob_HeadMethod(t *testing.T) { 1677 1677 + handler, blobStore, _ := setupTestXRPCHandlerWithBlobs(t) 1678 1678 + 1679 1679 + holdDID := "did:web:hold.example.com" 1680 1680 + cid := "bafyreib2rxk3rkhh5ylyxj3x3gathxt3s32qvwj2lf3qg4kmzr6b7teqke" 1681 1681 + 1682 1682 + // Use HEAD instead of GET 1683 1683 + req := httptest.NewRequest(http.MethodHead, "/xrpc/com.atproto.sync.getBlob?did="+holdDID+"&cid="+cid, nil) 1684 1684 + w := httptest.NewRecorder() 1685 1685 + 1686 1686 + handler.HandleGetBlob(w, req) 1687 1687 + 1688 1688 + // Should still redirect 1689 1689 + if w.Code != http.StatusTemporaryRedirect { 1690 1690 + t.Errorf("Expected status 307 for HEAD request, got %d", w.Code) 1691 1691 + } 1692 1692 + 1693 1693 + // Verify blob store was called 1694 1694 + if len(blobStore.downloadCalls) != 1 { 1695 1695 + t.Errorf("Expected GetPresignedDownloadURL to be called for HEAD request") 1696 1696 + } 1697 1697 + } 1698 1698 + 1699 1699 + // TestHandleGetBlob_MissingParameters tests missing required parameters 1700 1700 + // Spec: https://docs.bsky.app/docs/api/com-atproto-sync-get-blob 1701 1701 + func TestHandleGetBlob_MissingParameters(t *testing.T) { 1702 1702 + handler, _, _ := setupTestXRPCHandlerWithBlobs(t) 1703 1703 + 1704 1704 + tests := []struct { 1705 1705 + name string 1706 1706 + params map[string]string 1707 1707 + }{ 1708 1708 + { 1709 1709 + name: "missing all params", 1710 1710 + params: map[string]string{}, 1711 1711 + }, 1712 1712 + { 1713 1713 + name: "missing cid", 1714 1714 + params: map[string]string{ 1715 1715 + "did": "did:web:hold.example.com", 1716 1716 + }, 1717 1717 + }, 1718 1718 + { 1719 1719 + name: "missing did", 1720 1720 + params: map[string]string{ 1721 1721 + "cid": "bafyreib2rxk3rkhh5ylyxj3x3gathxt3s32qvwj2lf3qg4kmzr6b7teqke", 1722 1722 + }, 1723 1723 + }, 1724 1724 + } 1725 1725 + 1726 1726 + for _, tt := range tests { 1727 1727 + t.Run(tt.name, func(t *testing.T) { 1728 1728 + req := makeXRPCGetRequest("/xrpc/com.atproto.sync.getBlob", tt.params) 1729 1729 + w := httptest.NewRecorder() 1730 1730 + 1731 1731 + handler.HandleGetBlob(w, req) 1732 1732 + 1733 1733 + if w.Code != http.StatusBadRequest { 1734 1734 + t.Errorf("Expected status 400, got %d", w.Code) 1735 1735 + } 1736 1736 + }) 1737 1737 + } 1738 1738 + } 1739 1739 + 1740 1740 + // TestHandleGetBlob_InvalidDID tests invalid DID 1741 1741 + // Spec: https://docs.bsky.app/docs/api/com-atproto-sync-get-blob 1742 1742 + func TestHandleGetBlob_InvalidDID(t *testing.T) { 1743 1743 + handler, _, _ := setupTestXRPCHandlerWithBlobs(t) 1744 1744 + 1745 1745 + req := makeXRPCGetRequest("/xrpc/com.atproto.sync.getBlob", map[string]string{ 1746 1746 + "did": "did:plc:wrongdid", 1747 1747 + "cid": "bafyreib2rxk3rkhh5ylyxj3x3gathxt3s32qvwj2lf3qg4kmzr6b7teqke", 1748 1748 + }) 1749 1749 + w := httptest.NewRecorder() 1750 1750 + 1751 1751 + handler.HandleGetBlob(w, req) 1752 1752 + 1753 1753 + if w.Code != http.StatusBadRequest { 1754 1754 + t.Errorf("Expected status 400 for invalid DID, got %d", w.Code) 1755 1755 + } 1756 1756 + } 1757 1757 + 1758 1758 + // TestHandleGetBlob_BlobStoreError tests blob store returning error 1759 1759 + // Spec: https://docs.bsky.app/docs/api/com-atproto-sync-get-blob 1760 1760 + func TestHandleGetBlob_BlobStoreError(t *testing.T) { 1761 1761 + handler, blobStore, _ := setupTestXRPCHandlerWithBlobs(t) 1762 1762 + 1763 1763 + // Configure mock to return error 1764 1764 + blobStore.downloadURLError = fmt.Errorf("blob not found in S3") 1765 1765 + 1766 1766 + req := makeXRPCGetRequest("/xrpc/com.atproto.sync.getBlob", map[string]string{ 1767 1767 + "did": "did:web:hold.example.com", 1768 1768 + "cid": "bafyreib2rxk3rkhh5ylyxj3x3gathxt3s32qvwj2lf3qg4kmzr6b7teqke", 1769 1769 + }) 1770 1770 + w := httptest.NewRecorder() 1771 1771 + 1772 1772 + handler.HandleGetBlob(w, req) 1773 1773 + 1774 1774 + if w.Code != http.StatusInternalServerError { 1775 1775 + t.Errorf("Expected status 500, got %d", w.Code) 1776 1776 + } 1777 1777 + }

+26 -1

pkg/hold/storage.go

reviewed

··· 11 11 "github.com/aws/aws-sdk-go/service/s3" 12 12 ) 13 13 14 14 + // atprotoBlobPath creates a per-DID storage path for ATProto blobs 15 15 + // ATProto spec stores blobs as: /repos/{did}/blobs/{cid}/data 16 16 + // This provides data sovereignty - each user's blobs are isolated 17 17 + func atprotoBlobPath(did, cid string) string { 18 18 + // Clean DID for filesystem safety (replace : with -) 19 19 + safeDID := strings.ReplaceAll(did, ":", "-") 20 20 + return fmt.Sprintf("/repos/%s/blobs/%s/data", safeDID, cid) 21 21 + } 22 22 + 14 23 // blobPath converts a digest (e.g., "sha256:abc123...") or temp path to a storage path 15 24 // Distribution stores blobs as: /docker/registry/v2/blobs/{algorithm}/{xx}/{hash}/data 16 25 // where xx is the first 2 characters of the hash for directory sharding 17 26 // NOTE: Path must start with / for filesystem driver 27 27 + // This is used for OCI container layers (content-addressed, globally deduplicated) 18 28 func blobPath(digest string) string { 19 29 // Handle temp paths (start with uploads/temp-) 20 30 if strings.HasPrefix(digest, "uploads/temp-") { ··· 40 50 } 41 51 42 52 // getPresignedURL generates a presigned URL for GET, HEAD, or PUT operations 53 53 + // Distinguishes between ATProto blobs (per-DID) and OCI blobs (content-addressed) 43 54 func (s *HoldService) getPresignedURL(ctx context.Context, operation PresignedURLOperation, digest string, did string) (string, error) { 44 44 - path := blobPath(digest) 55 55 + var path string 56 56 + 57 57 + // Determine blob type and construct appropriate path 58 58 + if strings.HasPrefix(digest, "sha256:") || strings.HasPrefix(digest, "uploads/") { 59 59 + // OCI container layer (sha256 digest or temp upload path) 60 60 + // Use content-addressed storage (globally deduplicated) 61 61 + path = blobPath(digest) 62 62 + } else { 63 63 + // ATProto blob (CID format like bafyreib...) 64 64 + // Use per-DID storage for data sovereignty 65 65 + if did == "" { 66 66 + return "", fmt.Errorf("DID required for ATProto blob storage") 67 67 + } 68 68 + path = atprotoBlobPath(did, digest) 69 69 + } 45 70 46 71 // Check blob exists for GET/HEAD operations (not for PUT since blob doesn't exist yet) 47 72 if operation == OperationGet || operation == OperationHead {