+8 -3

src/auth/middleware.rs

reviewed

··· 34 34 self.client_key.as_deref() 35 35 } 36 36 37 37 - /// Test-only constructor. 38 38 - #[cfg(test)] 39 39 - pub fn new_for_test(did: String) -> Self { 37 37 + /// Create claims for an internal call (e.g. Lua xrpc lib) with no client key. 38 38 + pub fn internal(did: String) -> Self { 40 39 Self { 41 40 did, 42 41 client_key: None, 43 42 } 43 43 + } 44 44 + 45 45 + /// Test-only constructor. 46 46 + #[cfg(test)] 47 47 + pub fn new_for_test(did: String) -> Self { 48 48 + Self::internal(did) 44 49 } 45 50 } 46 51

+55

src/lua/execute.rs

reviewed

··· 163 163 return Err(AppError::Internal(error_message)); 164 164 } 165 165 166 166 + if let Err(e) = 167 167 + super::xrpc_api::register_xrpc_api(&lua, state_arc.clone(), Some(claims.did().to_string())) 168 168 + { 169 169 + let error_message = format!("failed to register xrpc API: {e}"); 170 170 + log_event( 171 171 + &state.db, 172 172 + EventLog { 173 173 + event_type: "script.error".to_string(), 174 174 + severity: Severity::Error, 175 175 + actor_did: Some(claims.did().to_string()), 176 176 + subject: Some(method.to_string()), 177 177 + detail: serde_json::json!({ 178 178 + "error": error_message, 179 179 + "script_source": script_source, 180 180 + "input": input_json, 181 181 + "caller_did": claims.did(), 182 182 + "method": method, 183 183 + "duration_ms": start.elapsed().as_millis() as u64, 184 184 + }), 185 185 + }, 186 186 + backend, 187 187 + ) 188 188 + .await; 189 189 + return Err(AppError::Internal(error_message)); 190 190 + } 191 191 + 166 192 if let Err(e) = atproto_api::register_atproto_api(&lua, state_arc.clone(), Some(claims.did())) { 167 193 let error_message = format!("failed to register atproto API: {e}"); 168 194 log_event( ··· 520 546 return Err(AppError::Internal(error_message)); 521 547 } 522 548 549 549 + if let Err(e) = super::xrpc_api::register_xrpc_api( 550 550 + &lua, 551 551 + state_arc.clone(), 552 552 + claims.map(|c| c.did().to_string()), 553 553 + ) { 554 554 + let error_message = format!("failed to register xrpc API: {e}"); 555 555 + log_event( 556 556 + &state.db, 557 557 + EventLog { 558 558 + event_type: "script.error".to_string(), 559 559 + severity: Severity::Error, 560 560 + actor_did: None, 561 561 + subject: Some(method.to_string()), 562 562 + detail: serde_json::json!({ 563 563 + "error": error_message, 564 564 + "script_source": script_source, 565 565 + "method": method, 566 566 + "duration_ms": start.elapsed().as_millis() as u64, 567 567 + }), 568 568 + }, 569 569 + backend, 570 570 + ) 571 571 + .await; 572 572 + return Err(AppError::Internal(error_message)); 573 573 + } 574 574 + 523 575 if let Err(e) = atproto_api::register_atproto_api(&lua, state_arc, claims.map(|c| c.did())) { 524 576 let error_message = format!("failed to register atproto API: {e}"); 525 577 log_event( ··· 890 942 891 943 http_api::register_http_api(&lua, state_arc.clone()) 892 944 .map_err(|e| format!("failed to register http API: {e}"))?; 945 945 + 946 946 + super::xrpc_api::register_xrpc_api(&lua, state_arc.clone(), Some(event.did.to_string())) 947 947 + .map_err(|e| format!("failed to register xrpc API: {e}"))?; 893 948 894 949 atproto_api::register_atproto_api(&lua, state_arc, None) 895 950 .map_err(|e| format!("failed to register atproto API: {e}"))?;

+1

src/lua/mod.rs

reviewed

··· 6 6 mod record; 7 7 pub(crate) mod sandbox; 8 8 mod tid; 9 9 + mod xrpc_api; 9 10 10 11 pub(crate) use execute::{ 11 12 HookEvent, execute_hook_script, execute_procedure_script, execute_query_script,

+660

src/lua/xrpc_api.rs

reviewed

··· 1 1 + use axum::response::Response; 2 2 + use http_body_util::BodyExt; 3 3 + use mlua::{Lua, LuaSerdeExt, Result as LuaResult}; 4 4 + use serde_json::Value; 5 5 + use std::collections::HashMap; 6 6 + use std::sync::Arc; 7 7 + 8 8 + use crate::AppState; 9 9 + use crate::auth::Claims; 10 10 + use crate::lexicon::LexiconType; 11 11 + use crate::xrpc; 12 12 + 13 13 + /// Convert an axum Response into a Lua table with `{ status, body }`. 14 14 + async fn response_to_lua_table(lua: &Lua, response: Response) -> LuaResult<mlua::Table> { 15 15 + let status = response.status().as_u16(); 16 16 + let body_bytes = response 17 17 + .into_body() 18 18 + .collect() 19 19 + .await 20 20 + .map_err(|e| mlua::Error::runtime(format!("failed to read response body: {e}")))? 21 21 + .to_bytes(); 22 22 + let body = String::from_utf8_lossy(&body_bytes).to_string(); 23 23 + 24 24 + let table = lua.create_table()?; 25 25 + table.set("status", status)?; 26 26 + table.set("body", body)?; 27 27 + Ok(table) 28 28 + } 29 29 + 30 30 + /// Convert an Option<mlua::Table> of params into a HashMap<String, Value>. 31 31 + fn lua_table_to_params(lua: &Lua, table: Option<mlua::Table>) -> LuaResult<HashMap<String, Value>> { 32 32 + match table { 33 33 + Some(t) => { 34 34 + let value: Value = lua.from_value(mlua::Value::Table(t))?; 35 35 + match value { 36 36 + Value::Object(map) => Ok(map.into_iter().collect()), 37 37 + _ => Ok(HashMap::new()), 38 38 + } 39 39 + } 40 40 + None => Ok(HashMap::new()), 41 41 + } 42 42 + } 43 43 + 44 44 + pub fn register_xrpc_api( 45 45 + lua: &Lua, 46 46 + state: Arc<AppState>, 47 47 + caller_did: Option<String>, 48 48 + ) -> LuaResult<()> { 49 49 + let xrpc_table = lua.create_table()?; 50 50 + 51 51 + // xrpc.query(method, params?) 52 52 + { 53 53 + let state = state.clone(); 54 54 + let caller_did = caller_did.clone(); 55 55 + let func = lua.create_async_function( 56 56 + move |lua, (method, params): (String, Option<mlua::Table>)| { 57 57 + let state = state.clone(); 58 58 + let caller_did = caller_did.clone(); 59 59 + async move { 60 60 + let mut params = lua_table_to_params(&lua, params)?; 61 61 + let claims = caller_did.map(Claims::internal); 62 62 + 63 63 + let response = 64 64 + execute_local_query(&state, &method, &mut params, claims.as_ref()) 65 65 + .await 66 66 + .map_err(|e| mlua::Error::runtime(format!("xrpc query failed: {e}")))?; 67 67 + 68 68 + response_to_lua_table(&lua, response).await 69 69 + } 70 70 + }, 71 71 + )?; 72 72 + xrpc_table.set("query", func)?; 73 73 + } 74 74 + 75 75 + // xrpc.procedure(method, input, params?) 76 76 + { 77 77 + let state = state.clone(); 78 78 + let caller_did = caller_did.clone(); 79 79 + let func = lua.create_async_function( 80 80 + move |lua, (method, input, params): (String, mlua::Value, Option<mlua::Table>)| { 81 81 + let state = state.clone(); 82 82 + let caller_did = caller_did.clone(); 83 83 + async move { 84 84 + let mut params = lua_table_to_params(&lua, params)?; 85 85 + let input: Value = lua.from_value(input)?; 86 86 + let claims = caller_did.clone().map(Claims::internal).ok_or_else(|| { 87 87 + mlua::Error::runtime( 88 88 + "xrpc.procedure requires authentication (no caller_did)", 89 89 + ) 90 90 + })?; 91 91 + 92 92 + let response = 93 93 + execute_local_procedure(&state, &method, &claims, &input, &mut params) 94 94 + .await 95 95 + .map_err(|e| { 96 96 + mlua::Error::runtime(format!("xrpc procedure failed: {e}")) 97 97 + })?; 98 98 + 99 99 + response_to_lua_table(&lua, response).await 100 100 + } 101 101 + }, 102 102 + )?; 103 103 + xrpc_table.set("procedure", func)?; 104 104 + } 105 105 + 106 106 + lua.globals().set("xrpc", xrpc_table)?; 107 107 + Ok(()) 108 108 + } 109 109 + 110 110 + /// Execute a query XRPC — local handler if known, proxy if not. 111 111 + async fn execute_local_query( 112 112 + state: &AppState, 113 113 + method: &str, 114 114 + params: &mut HashMap<String, Value>, 115 115 + claims: Option<&Claims>, 116 116 + ) -> Result<Response, crate::error::AppError> { 117 117 + let lexicon = state.lexicons.get(method).await; 118 118 + 119 119 + match lexicon { 120 120 + Some(lex) => { 121 121 + if lex.lexicon_type != LexiconType::Query { 122 122 + return Err(crate::error::AppError::BadRequest(format!( 123 123 + "{method} is not a query endpoint" 124 124 + ))); 125 125 + } 126 126 + if let Some(ref param_schema) = lex.parameters { 127 127 + xrpc::coerce_params(params, param_schema); 128 128 + } 129 129 + xrpc::query::handle_query(state, method, params, &lex, claims).await 130 130 + } 131 131 + None => { 132 132 + let query_string = params_to_query_string(params); 133 133 + xrpc::proxy_to_authority(state, method, &query_string, None).await 134 134 + } 135 135 + } 136 136 + } 137 137 + 138 138 + /// Build a query string from a params HashMap (used by proxy path). 139 139 + fn params_to_query_string(params: &HashMap<String, Value>) -> String { 140 140 + params 141 141 + .iter() 142 142 + .map(|(k, v)| { 143 143 + let val = match v { 144 144 + Value::String(s) => s.clone(), 145 145 + other => other.to_string(), 146 146 + }; 147 147 + format!("{}={}", urlencoding::encode(k), urlencoding::encode(&val)) 148 148 + }) 149 149 + .collect::<Vec<_>>() 150 150 + .join("&") 151 151 + } 152 152 + 153 153 + /// Execute a procedure XRPC — local handler if known, proxy if not. 154 154 + async fn execute_local_procedure( 155 155 + state: &AppState, 156 156 + method: &str, 157 157 + claims: &Claims, 158 158 + input: &Value, 159 159 + params: &mut HashMap<String, Value>, 160 160 + ) -> Result<Response, crate::error::AppError> { 161 161 + let lexicon = state.lexicons.get(method).await; 162 162 + 163 163 + match lexicon { 164 164 + Some(lex) => { 165 165 + if lex.lexicon_type != LexiconType::Procedure { 166 166 + return Err(crate::error::AppError::BadRequest(format!( 167 167 + "{method} is not a procedure endpoint" 168 168 + ))); 169 169 + } 170 170 + if let Some(ref param_schema) = lex.parameters { 171 171 + xrpc::coerce_params(params, param_schema); 172 172 + } 173 173 + xrpc::procedure::handle_procedure(state, method, claims, input, params, &lex).await 174 174 + } 175 175 + None => { 176 176 + let query_string = params_to_query_string(params); 177 177 + xrpc::proxy_to_authority(state, method, &query_string, Some(input)).await 178 178 + } 179 179 + } 180 180 + } 181 181 + 182 182 + #[cfg(test)] 183 183 + mod tests { 184 184 + use super::*; 185 185 + use crate::config::Config; 186 186 + use crate::db::DatabaseBackend; 187 187 + use crate::lexicon::{LexiconRegistry, LexiconType, ParsedLexicon, ProcedureAction}; 188 188 + use crate::lua::sandbox; 189 189 + use mlua::LuaSerdeExt; 190 190 + use serde_json::json; 191 191 + use tokio::sync::watch; 192 192 + 193 193 + fn test_state() -> AppState { 194 194 + let config = Config { 195 195 + host: "127.0.0.1".into(), 196 196 + port: 3000, 197 197 + database_url: String::new(), 198 198 + database_backend: DatabaseBackend::Sqlite, 199 199 + public_url: String::new(), 200 200 + session_secret: "test-secret".into(), 201 201 + jetstream_url: String::new(), 202 202 + relay_url: String::new(), 203 203 + plc_url: String::new(), 204 204 + static_dir: String::new(), 205 205 + event_log_retention_days: 30, 206 206 + app_name: None, 207 207 + logo_uri: None, 208 208 + tos_uri: None, 209 209 + policy_uri: None, 210 210 + token_encryption_key: None, 211 211 + default_rate_limit_capacity: 100, 212 212 + default_rate_limit_refill_rate: 2.0, 213 213 + }; 214 214 + let (tx, _) = watch::channel(vec![]); 215 215 + let (labeler_tx, _) = watch::channel(()); 216 216 + sqlx::any::install_default_drivers(); 217 217 + let test_db = sqlx::AnyPool::connect_lazy("sqlite::memory:").unwrap(); 218 218 + let atrium_http = std::sync::Arc::new(atrium_oauth::DefaultHttpClient::default()); 219 219 + let did_resolver = atrium_identity::did::CommonDidResolver::new( 220 220 + atrium_identity::did::CommonDidResolverConfig { 221 221 + plc_directory_url: "https://plc.directory".into(), 222 222 + http_client: std::sync::Arc::clone(&atrium_http), 223 223 + }, 224 224 + ); 225 225 + let handle_resolver = atrium_identity::handle::AtprotoHandleResolver::new( 226 226 + atrium_identity::handle::AtprotoHandleResolverConfig { 227 227 + dns_txt_resolver: crate::dns::NativeDnsResolver::new(), 228 228 + http_client: atrium_http, 229 229 + }, 230 230 + ); 231 231 + let oauth = atrium_oauth::OAuthClient::new(atrium_oauth::OAuthClientConfig { 232 232 + client_metadata: atrium_oauth::AtprotoLocalhostClientMetadata { 233 233 + redirect_uris: Some(vec!["http://127.0.0.1:0/auth/callback".into()]), 234 234 + scopes: Some(vec![atrium_oauth::Scope::Known( 235 235 + atrium_oauth::KnownScope::Atproto, 236 236 + )]), 237 237 + }, 238 238 + keys: None, 239 239 + state_store: crate::auth::oauth_store::DbStateStore::new( 240 240 + test_db.clone(), 241 241 + DatabaseBackend::Sqlite, 242 242 + ), 243 243 + session_store: crate::auth::oauth_store::DbSessionStore::new( 244 244 + test_db.clone(), 245 245 + DatabaseBackend::Sqlite, 246 246 + ), 247 247 + resolver: atrium_oauth::OAuthResolverConfig { 248 248 + did_resolver, 249 249 + handle_resolver, 250 250 + authorization_server_metadata: Default::default(), 251 251 + protected_resource_metadata: Default::default(), 252 252 + }, 253 253 + }) 254 254 + .expect("Failed to create test OAuth client"); 255 255 + AppState { 256 256 + config, 257 257 + http: reqwest::Client::new(), 258 258 + db: test_db.clone(), 259 259 + db_backend: DatabaseBackend::Sqlite, 260 260 + lexicons: LexiconRegistry::new(), 261 261 + collections_tx: tx, 262 262 + labeler_subscriptions_tx: labeler_tx, 263 263 + rate_limiter: crate::rate_limit::RateLimiter::new( 264 264 + false, 265 265 + crate::rate_limit::RateLimitConfig { 266 266 + capacity: 100, 267 267 + refill_rate: 2.0, 268 268 + default_query_cost: 1, 269 269 + default_procedure_cost: 1, 270 270 + default_proxy_cost: 1, 271 271 + }, 272 272 + ), 273 273 + oauth: std::sync::Arc::new(crate::auth::OAuthClientRegistry::new(std::sync::Arc::new( 274 274 + oauth, 275 275 + ))), 276 276 + oauth_state_store: crate::auth::oauth_store::DbStateStore::new( 277 277 + test_db.clone(), 278 278 + DatabaseBackend::Sqlite, 279 279 + ), 280 280 + cookie_key: axum_extra::extract::cookie::Key::derive_from( 281 281 + b"test-secret-for-tests-only-not-production", 282 282 + ), 283 283 + plugin_registry: std::sync::Arc::new(crate::plugin::PluginRegistry::new()), 284 284 + wasm_runtime: std::sync::Arc::new( 285 285 + crate::plugin::WasmRuntime::new().expect("wasm runtime"), 286 286 + ), 287 287 + attestation_signer: None, 288 288 + } 289 289 + } 290 290 + 291 291 + fn make_query_lexicon(id: &str, script: Option<&str>) -> ParsedLexicon { 292 292 + ParsedLexicon { 293 293 + id: id.to_string(), 294 294 + lexicon_type: LexiconType::Query, 295 295 + record_key: None, 296 296 + parameters: None, 297 297 + input: None, 298 298 + output: None, 299 299 + record_schema: None, 300 300 + raw: json!({}), 301 301 + revision: 1, 302 302 + target_collection: None, 303 303 + action: ProcedureAction::Create, 304 304 + script: script.map(|s| s.to_string()), 305 305 + index_hook: None, 306 306 + token_cost: None, 307 307 + } 308 308 + } 309 309 + 310 310 + fn make_procedure_lexicon(id: &str, script: Option<&str>) -> ParsedLexicon { 311 311 + ParsedLexicon { 312 312 + id: id.to_string(), 313 313 + lexicon_type: LexiconType::Procedure, 314 314 + record_key: None, 315 315 + parameters: None, 316 316 + input: None, 317 317 + output: None, 318 318 + record_schema: None, 319 319 + raw: json!({}), 320 320 + revision: 1, 321 321 + target_collection: None, 322 322 + action: ProcedureAction::Create, 323 323 + script: script.map(|s| s.to_string()), 324 324 + index_hook: None, 325 325 + token_cost: None, 326 326 + } 327 327 + } 328 328 + 329 329 + // ----------------------------------------------------------------------- 330 330 + // Registration 331 331 + // ----------------------------------------------------------------------- 332 332 + 333 333 + #[tokio::test] 334 334 + async fn register_xrpc_api_creates_global() { 335 335 + let state = Arc::new(test_state()); 336 336 + let lua = sandbox::create_sandbox().unwrap(); 337 337 + register_xrpc_api(&lua, state, Some("did:plc:test".into())).unwrap(); 338 338 + 339 339 + let xrpc: mlua::Table = lua.globals().get("xrpc").unwrap(); 340 340 + assert!(xrpc.get::<mlua::Function>("query").is_ok()); 341 341 + assert!(xrpc.get::<mlua::Function>("procedure").is_ok()); 342 342 + } 343 343 + 344 344 + #[tokio::test] 345 345 + async fn register_xrpc_api_without_caller_did() { 346 346 + let state = Arc::new(test_state()); 347 347 + let lua = sandbox::create_sandbox().unwrap(); 348 348 + register_xrpc_api(&lua, state, None).unwrap(); 349 349 + 350 350 + let xrpc: mlua::Table = lua.globals().get("xrpc").unwrap(); 351 351 + assert!(xrpc.get::<mlua::Function>("query").is_ok()); 352 352 + assert!(xrpc.get::<mlua::Function>("procedure").is_ok()); 353 353 + } 354 354 + 355 355 + // ----------------------------------------------------------------------- 356 356 + // lua_table_to_params 357 357 + // ----------------------------------------------------------------------- 358 358 + 359 359 + #[test] 360 360 + fn lua_table_to_params_none_returns_empty() { 361 361 + let lua = sandbox::create_sandbox().unwrap(); 362 362 + let result = lua_table_to_params(&lua, None).unwrap(); 363 363 + assert!(result.is_empty()); 364 364 + } 365 365 + 366 366 + #[test] 367 367 + fn lua_table_to_params_converts_string_values() { 368 368 + let lua = sandbox::create_sandbox().unwrap(); 369 369 + let table = lua.create_table().unwrap(); 370 370 + table.set("handle", "user.bsky.social").unwrap(); 371 371 + table.set("limit", 10).unwrap(); 372 372 + 373 373 + let result = lua_table_to_params(&lua, Some(table)).unwrap(); 374 374 + assert_eq!(result.get("handle").unwrap(), "user.bsky.social"); 375 375 + assert_eq!(result.get("limit").unwrap(), 10); 376 376 + } 377 377 + 378 378 + // ----------------------------------------------------------------------- 379 379 + // params_to_query_string 380 380 + // ----------------------------------------------------------------------- 381 381 + 382 382 + #[test] 383 383 + fn params_to_query_string_empty() { 384 384 + let params = HashMap::new(); 385 385 + assert_eq!(params_to_query_string(&params), ""); 386 386 + } 387 387 + 388 388 + #[test] 389 389 + fn params_to_query_string_encodes_values() { 390 390 + let mut params = HashMap::new(); 391 391 + params.insert("handle".into(), Value::String("user.bsky.social".into())); 392 392 + let qs = params_to_query_string(&params); 393 393 + assert!(qs.contains("handle=user.bsky.social")); 394 394 + } 395 395 + 396 396 + #[test] 397 397 + fn params_to_query_string_url_encodes_special_chars() { 398 398 + let mut params = HashMap::new(); 399 399 + params.insert( 400 400 + "uri".into(), 401 401 + Value::String("at://did:plc:abc/col/rkey".into()), 402 402 + ); 403 403 + let qs = params_to_query_string(&params); 404 404 + assert!(qs.contains("uri=at%3A%2F%2Fdid%3Aplc%3Aabc%2Fcol%2Frkey")); 405 405 + } 406 406 + 407 407 + // ----------------------------------------------------------------------- 408 408 + // execute_local_query 409 409 + // ----------------------------------------------------------------------- 410 410 + 411 411 + #[tokio::test] 412 412 + async fn query_local_script_returns_json() { 413 413 + let state = test_state(); 414 414 + 415 415 + // Register a scripted query that returns a static response 416 416 + let lexicon = make_query_lexicon( 417 417 + "test.echo", 418 418 + Some(r#"function handle() return { greeting = "hello" } end"#), 419 419 + ); 420 420 + state.lexicons.upsert(lexicon).await; 421 421 + 422 422 + let mut params = HashMap::new(); 423 423 + let result = execute_local_query(&state, "test.echo", &mut params, None).await; 424 424 + assert!(result.is_ok(), "expected Ok, got: {:?}", result.err()); 425 425 + 426 426 + let response = result.unwrap(); 427 427 + assert_eq!(response.status(), 200); 428 428 + 429 429 + let body = response.into_body().collect().await.unwrap().to_bytes(); 430 430 + let json: Value = serde_json::from_slice(&body).unwrap(); 431 431 + assert_eq!(json["greeting"], "hello"); 432 432 + } 433 433 + 434 434 + #[tokio::test] 435 435 + async fn query_local_script_receives_params() { 436 436 + let state = test_state(); 437 437 + 438 438 + let lexicon = make_query_lexicon( 439 439 + "test.greet", 440 440 + Some(r#"function handle() return { greeting = "hello " .. params.name } end"#), 441 441 + ); 442 442 + state.lexicons.upsert(lexicon).await; 443 443 + 444 444 + let mut params = HashMap::new(); 445 445 + params.insert("name".into(), Value::String("world".into())); 446 446 + let result = execute_local_query(&state, "test.greet", &mut params, None).await; 447 447 + assert!(result.is_ok()); 448 448 + 449 449 + let body = result 450 450 + .unwrap() 451 451 + .into_body() 452 452 + .collect() 453 453 + .await 454 454 + .unwrap() 455 455 + .to_bytes(); 456 456 + let json: Value = serde_json::from_slice(&body).unwrap(); 457 457 + assert_eq!(json["greeting"], "hello world"); 458 458 + } 459 459 + 460 460 + #[tokio::test] 461 461 + async fn query_local_script_receives_caller_did() { 462 462 + let state = test_state(); 463 463 + 464 464 + let lexicon = make_query_lexicon( 465 465 + "test.whoami", 466 466 + Some( 467 467 + r#"function handle() 468 468 + return { did = caller_did or "anonymous" } 469 469 + end"#, 470 470 + ), 471 471 + ); 472 472 + state.lexicons.upsert(lexicon).await; 473 473 + 474 474 + // With caller_did 475 475 + let claims = Claims::internal("did:plc:testuser".into()); 476 476 + let mut params = HashMap::new(); 477 477 + let result = execute_local_query(&state, "test.whoami", &mut params, Some(&claims)).await; 478 478 + assert!(result.is_ok()); 479 479 + let body = result 480 480 + .unwrap() 481 481 + .into_body() 482 482 + .collect() 483 483 + .await 484 484 + .unwrap() 485 485 + .to_bytes(); 486 486 + let json: Value = serde_json::from_slice(&body).unwrap(); 487 487 + assert_eq!(json["did"], "did:plc:testuser"); 488 488 + 489 489 + // Without caller_did 490 490 + let mut params = HashMap::new(); 491 491 + let result = execute_local_query(&state, "test.whoami", &mut params, None).await; 492 492 + assert!(result.is_ok()); 493 493 + let body = result 494 494 + .unwrap() 495 495 + .into_body() 496 496 + .collect() 497 497 + .await 498 498 + .unwrap() 499 499 + .to_bytes(); 500 500 + let json: Value = serde_json::from_slice(&body).unwrap(); 501 501 + assert_eq!(json["did"], "anonymous"); 502 502 + } 503 503 + 504 504 + #[tokio::test] 505 505 + async fn query_rejects_procedure_lexicon() { 506 506 + let state = test_state(); 507 507 + 508 508 + let lexicon = make_procedure_lexicon("test.create", None); 509 509 + state.lexicons.upsert(lexicon).await; 510 510 + 511 511 + let mut params = HashMap::new(); 512 512 + let result = execute_local_query(&state, "test.create", &mut params, None).await; 513 513 + assert!(result.is_err()); 514 514 + let err = format!("{:?}", result.unwrap_err()); 515 515 + assert!(err.contains("not a query endpoint"), "got: {err}"); 516 516 + } 517 517 + 518 518 + #[tokio::test] 519 519 + async fn procedure_rejects_query_lexicon() { 520 520 + let state = test_state(); 521 521 + 522 522 + let lexicon = make_query_lexicon("test.echo", Some("function handle() end")); 523 523 + state.lexicons.upsert(lexicon).await; 524 524 + 525 525 + let claims = Claims::internal("did:plc:test".into()); 526 526 + let mut params = HashMap::new(); 527 527 + let result = 528 528 + execute_local_procedure(&state, "test.echo", &claims, &json!({}), &mut params).await; 529 529 + assert!(result.is_err()); 530 530 + let err = format!("{:?}", result.unwrap_err()); 531 531 + assert!(err.contains("not a procedure endpoint"), "got: {err}"); 532 532 + } 533 533 + 534 534 + // ----------------------------------------------------------------------- 535 535 + // Lua integration: xrpc.query from within a script 536 536 + // ----------------------------------------------------------------------- 537 537 + 538 538 + #[tokio::test] 539 539 + async fn lua_script_calls_xrpc_query() { 540 540 + let state = test_state(); 541 541 + 542 542 + // Register a simple query that the outer script will call 543 543 + let inner_lexicon = make_query_lexicon( 544 544 + "test.inner", 545 545 + Some(r#"function handle() return { value = 42 } end"#), 546 546 + ); 547 547 + state.lexicons.upsert(inner_lexicon).await; 548 548 + 549 549 + let state_arc = Arc::new(state); 550 550 + let lua = sandbox::create_sandbox().unwrap(); 551 551 + 552 552 + register_xrpc_api(&lua, state_arc, None).unwrap(); 553 553 + 554 554 + // Script that calls xrpc.query and parses the result 555 555 + lua.load( 556 556 + r#" 557 557 + function handle() 558 558 + local resp = xrpc.query("test.inner") 559 559 + local data = json.decode(resp.body) 560 560 + return { status = resp.status, inner_value = data.value } 561 561 + end 562 562 + "#, 563 563 + ) 564 564 + .exec() 565 565 + .unwrap(); 566 566 + 567 567 + // Register json global for the script 568 568 + let json_table = lua.create_table().unwrap(); 569 569 + let decode = lua 570 570 + .create_function(|lua, s: String| { 571 571 + let val: Value = serde_json::from_str(&s) 572 572 + .map_err(|e| mlua::Error::runtime(format!("json decode: {e}")))?; 573 573 + lua.to_value(&val) 574 574 + }) 575 575 + .unwrap(); 576 576 + json_table.set("decode", decode).unwrap(); 577 577 + lua.globals().set("json", json_table).unwrap(); 578 578 + 579 579 + let handle: mlua::Function = lua.globals().get("handle").unwrap(); 580 580 + let result: mlua::Value = handle.call_async(()).await.unwrap(); 581 581 + let json_result: Value = lua.from_value(result).unwrap(); 582 582 + 583 583 + assert_eq!(json_result["status"], 200); 584 584 + assert_eq!(json_result["inner_value"], 42); 585 585 + } 586 586 + 587 587 + // ----------------------------------------------------------------------- 588 588 + // Lua integration: xrpc.procedure requires caller_did 589 589 + // ----------------------------------------------------------------------- 590 590 + 591 591 + #[tokio::test] 592 592 + async fn lua_xrpc_procedure_fails_without_caller_did() { 593 593 + let state = test_state(); 594 594 + let state_arc = Arc::new(state); 595 595 + let lua = sandbox::create_sandbox().unwrap(); 596 596 + 597 597 + // Register with no caller_did 598 598 + register_xrpc_api(&lua, state_arc, None).unwrap(); 599 599 + 600 600 + lua.load( 601 601 + r#" 602 602 + function handle() 603 603 + return xrpc.procedure("test.something", {}) 604 604 + end 605 605 + "#, 606 606 + ) 607 607 + .exec() 608 608 + .unwrap(); 609 609 + 610 610 + let handle: mlua::Function = lua.globals().get("handle").unwrap(); 611 611 + let result: Result<mlua::Value, _> = handle.call_async(()).await; 612 612 + assert!(result.is_err()); 613 613 + let err = result.unwrap_err().to_string(); 614 614 + assert!( 615 615 + err.contains("requires authentication"), 616 616 + "expected auth error, got: {err}" 617 617 + ); 618 618 + } 619 619 + 620 620 + // ----------------------------------------------------------------------- 621 621 + // response_to_lua_table 622 622 + // ----------------------------------------------------------------------- 623 623 + 624 624 + #[tokio::test] 625 625 + async fn response_to_lua_table_converts_correctly() { 626 626 + let lua = sandbox::create_sandbox().unwrap(); 627 627 + let response = axum::response::Response::builder() 628 628 + .status(200) 629 629 + .body(axum::body::Body::from(r#"{"ok":true}"#)) 630 630 + .unwrap(); 631 631 + 632 632 + let table = response_to_lua_table(&lua, response).await.unwrap(); 633 633 + assert_eq!(table.get::<u16>("status").unwrap(), 200); 634 634 + assert_eq!(table.get::<String>("body").unwrap(), r#"{"ok":true}"#); 635 635 + } 636 636 + 637 637 + #[tokio::test] 638 638 + async fn response_to_lua_table_preserves_error_status() { 639 639 + let lua = sandbox::create_sandbox().unwrap(); 640 640 + let response = axum::response::Response::builder() 641 641 + .status(404) 642 642 + .body(axum::body::Body::from("not found")) 643 643 + .unwrap(); 644 644 + 645 645 + let table = response_to_lua_table(&lua, response).await.unwrap(); 646 646 + assert_eq!(table.get::<u16>("status").unwrap(), 404); 647 647 + assert_eq!(table.get::<String>("body").unwrap(), "not found"); 648 648 + } 649 649 + 650 650 + // ----------------------------------------------------------------------- 651 651 + // Claims::internal 652 652 + // ----------------------------------------------------------------------- 653 653 + 654 654 + #[test] 655 655 + fn claims_internal_has_no_client_key() { 656 656 + let claims = Claims::internal("did:plc:test".into()); 657 657 + assert_eq!(claims.did(), "did:plc:test"); 658 658 + assert!(claims.client_key().is_none()); 659 659 + } 660 660 + }

+5 -5

src/xrpc/mod.rs

reviewed

··· 1 1 - mod procedure; 2 2 - mod query; 1 1 + pub(crate) mod procedure; 2 2 + pub(crate) mod query; 3 3 4 4 use axum::Json; 5 5 use axum::body::Body; ··· 19 19 20 20 /// Parse a raw query string into a map where repeated keys become JSON arrays. 21 21 /// Single-value keys remain as JSON strings for backward compatibility. 22 22 - fn parse_query_params(query: &str) -> HashMap<String, Value> { 22 22 + pub(crate) fn parse_query_params(query: &str) -> HashMap<String, Value> { 23 23 let mut multi: HashMap<String, Vec<String>> = HashMap::new(); 24 24 for pair in query.split('&') { 25 25 if pair.is_empty() { ··· 54 54 /// HTTP query params arrive as strings. Without this, Lua scripts receive 55 55 /// `"25"` (a string) for `params.limit`, which Postgres rejects when used 56 56 /// in LIMIT (`argument of LIMIT must be type bigint, not type text`). 57 57 - fn coerce_params(params: &mut HashMap<String, Value>, parameters: &Value) { 57 57 + pub(crate) fn coerce_params(params: &mut HashMap<String, Value>, parameters: &Value) { 58 58 let properties = match parameters.get("properties").and_then(|p| p.as_object()) { 59 59 Some(p) => p, 60 60 None => return, ··· 98 98 } 99 99 100 100 /// Proxy an unrecognized XRPC method to its home AppView resolved via DNS. 101 101 - async fn proxy_to_authority( 101 101 + pub(crate) async fn proxy_to_authority( 102 102 state: &AppState, 103 103 method: &str, 104 104 query_string: &str,

+1 -1

src/xrpc/procedure.rs

reviewed

··· 10 10 use crate::record_refs::sync_refs; 11 11 use crate::repo; 12 12 13 13 - pub(super) async fn handle_procedure( 13 13 + pub(crate) async fn handle_procedure( 14 14 state: &AppState, 15 15 method: &str, 16 16 claims: &Claims,

+1 -1

src/xrpc/query.rs

reviewed

··· 8 8 use crate::db::adapt_sql; 9 9 use crate::error::AppError; 10 10 11 11 - pub(super) async fn handle_query( 11 11 + pub(crate) async fn handle_query( 12 12 state: &AppState, 13 13 method: &str, 14 14 params: &HashMap<String, Value>,