+2 -11

client.go

reviewed

··· 29 29 return &Client{api: api, did: did} 30 30 } 31 31 32 32 - // DID returns the authenticated user's DID. 33 32 func (c *Client) DID() syntax.DID { return c.did } 34 33 35 34 // APIClient returns the underlying indigo APIClient for advanced usage 36 35 // (custom XRPC calls, service proxying, etc.). 37 36 func (c *Client) APIClient() *atclient.APIClient { return c.api } 38 37 39 39 - // CreateRecord creates a new record with an auto-generated TID key. 40 38 func (c *Client) CreateRecord(ctx context.Context, collection string, record any) (uri, cid string, err error) { 41 39 body := map[string]any{ 42 40 "repo": c.did.String(), ··· 54 52 return result.URI, result.CID, nil 55 53 } 56 54 57 57 - // CreateRecordWithRKey creates a new record with a specific record key. 58 55 func (c *Client) CreateRecordWithRKey(ctx context.Context, collection, rkey string, record any) (uri, cid string, err error) { 59 56 body := map[string]any{ 60 57 "repo": c.did.String(), ··· 92 89 return &Record{URI: result.URI, CID: result.CID, Value: result.Value}, nil 93 90 } 94 91 95 95 - // ListRecords retrieves a single page of records from a collection. 96 96 - // Pass limit <= 0 for the server default (usually 50). Pass empty cursor for the first page. 92 92 + // Pass limit <= 0 for the server default (usually 50). 93 93 + // Pass empty cursor for the first page. 97 94 func (c *Client) ListRecords(ctx context.Context, collection string, limit int, cursor string) (*ListResult, error) { 98 95 params := map[string]any{ 99 96 "repo": c.did.String(), ··· 130 127 return out, nil 131 128 } 132 129 133 133 - // ListAllRecords fetches every record in a collection, handling cursor 134 134 - // pagination automatically. Returns all records at once. 135 130 func (c *Client) ListAllRecords(ctx context.Context, collection string) ([]Record, error) { 136 131 var all []Record 137 132 cursor := "" ··· 157 152 return all, nil 158 153 } 159 154 160 160 - // PutRecord creates or updates a record at a specific record key. 161 155 func (c *Client) PutRecord(ctx context.Context, collection, rkey string, record any) (uri, cid string, err error) { 162 156 body := map[string]any{ 163 157 "repo": c.did.String(), ··· 176 170 return result.URI, result.CID, nil 177 171 } 178 172 179 179 - // DeleteRecord removes a record from the user's repository. 180 173 func (c *Client) DeleteRecord(ctx context.Context, collection, rkey string) error { 181 174 body := map[string]any{ 182 175 "repo": c.did.String(), ··· 191 184 return nil 192 185 } 193 186 194 194 - // UploadBlob uploads a blob to the user's PDS. 195 187 // Data must be at most 1 MB (MaxBlobSize). The mimeType should match the blob content. 196 188 func (c *Client) UploadBlob(ctx context.Context, data []byte, mimeType string) (*BlobRef, error) { 197 189 if len(data) > MaxBlobSize { ··· 235 227 }, nil 236 228 } 237 229 238 238 - // GetBlob downloads a blob from the user's PDS by its CID. 239 230 func (c *Client) GetBlob(ctx context.Context, cid string) ([]byte, error) { 240 231 data, err := atproto.SyncGetBlob(ctx, c.api, cid, c.did.String()) 241 232 if err != nil {

+1

errors.go

reviewed

··· 12 12 13 13 // WrapPDSError inspects an XRPC error for signals that the OAuth grant is no 14 14 // longer valid and, if so, wraps it with ErrSessionExpired. 15 15 + // TODO: handle other common error types 15 16 func WrapPDSError(err error) error { 16 17 if err == nil { 17 18 return nil

+2

go.mod

reviewed

··· 4 4 5 5 require ( 6 6 github.com/bluesky-social/indigo v0.0.0-20260318212431-cbaa83aee9dd 7 7 + github.com/gorilla/websocket v1.5.3 8 8 + github.com/klauspost/compress v1.17.3 7 9 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c 8 10 go.etcd.io/bbolt v1.4.3 9 11 go.opentelemetry.io/otel v1.43.0

+4

go.sum

reviewed

··· 30 30 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= 31 31 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= 32 32 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= 33 33 + github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg= 34 34 + github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= 33 35 github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 h1:HWRh5R2+9EifMyIHV7ZV+MIZqgz+PMpZ14Jynv3O2Zs= 34 36 github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0/go.mod h1:JfhWUomR1baixubs02l85lZYYOm7LV6om4ceouMv45c= 35 37 github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= 36 38 github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= 37 39 github.com/ipfs/go-cid v0.4.1 h1:A/T3qGvxi4kpKWWcPC/PgbvDA2bjVLO7n4UeVwnbs/s= 38 40 github.com/ipfs/go-cid v0.4.1/go.mod h1:uQHwDeX4c6CtyrFwdqyhpNcxVewur1M7l7fNU7LKwZk= 41 41 + github.com/klauspost/compress v1.17.3 h1:qkRjuerhUU1EmXLYGkSH6EZL+vPSxIrYjLNAK4slzwA= 42 42 + github.com/klauspost/compress v1.17.3/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= 39 43 github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM= 40 44 github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= 41 45 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=

+360

jetstream/jetstream.go

reviewed

··· 1 1 + // Package jetstream consumes real-time AT Protocol events from a Jetstream relay. 2 2 + // 3 3 + // Jetstream is a WebSocket-based relay that delivers a filtered stream of AT 4 4 + // Protocol repository events (commits, identity changes, account changes). 5 5 + // This package handles connection management, reconnection with backoff, 6 6 + // endpoint rotation, cursor tracking, and optional zstd decompression. 7 7 + // 8 8 + // Basic usage: 9 9 + // 10 10 + // consumer := jetstream.New(&jetstream.Config{ 11 11 + // WantedCollections: []string{"app.bsky.feed.post"}, 12 12 + // }, func(ctx context.Context, evt *jetstream.Event) error { 13 13 + // fmt.Printf("new post from %s\n", evt.DID) 14 14 + // return nil 15 15 + // }) 16 16 + // consumer.Start(ctx) 17 17 + // defer consumer.Stop() 18 18 + package jetstream 19 19 + 20 20 + import ( 21 21 + "context" 22 22 + "encoding/json" 23 23 + "fmt" 24 24 + "net/url" 25 25 + "sync" 26 26 + "sync/atomic" 27 27 + "time" 28 28 + 29 29 + "github.com/gorilla/websocket" 30 30 + "github.com/klauspost/compress/zstd" 31 31 + ) 32 32 + 33 33 + // DefaultEndpoints are the public Jetstream relay endpoints. 34 34 + var DefaultEndpoints = []string{ 35 35 + "wss://jetstream1.us-east.bsky.network/subscribe", 36 36 + "wss://jetstream2.us-east.bsky.network/subscribe", 37 37 + "wss://jetstream1.us-west.bsky.network/subscribe", 38 38 + "wss://jetstream2.us-west.bsky.network/subscribe", 39 39 + } 40 40 + 41 41 + // Event is a single event from the Jetstream relay. 42 42 + type Event struct { 43 43 + DID string `json:"did"` 44 44 + TimeUS int64 `json:"time_us"` 45 45 + Kind string `json:"kind"` // "commit", "identity", "account" 46 46 + Commit *Commit `json:"commit,omitempty"` 47 47 + } 48 48 + 49 49 + // Commit is the commit payload within an Event. 50 50 + type Commit struct { 51 51 + Rev string `json:"rev"` 52 52 + Operation string `json:"operation"` // "create", "update", "delete" 53 53 + Collection string `json:"collection"` 54 54 + RKey string `json:"rkey"` 55 55 + Record json.RawMessage `json:"record,omitempty"` 56 56 + CID string `json:"cid"` 57 57 + } 58 58 + 59 59 + // Handler is called for each event received from Jetstream. 60 60 + // Returning an error logs a warning but does not stop the consumer. 61 61 + type Handler func(ctx context.Context, event *Event) error 62 62 + 63 63 + // CursorStore persists the Jetstream cursor across restarts. 64 64 + // If nil, the cursor is tracked in memory only (replay from live on restart). 65 65 + type CursorStore interface { 66 66 + GetCursor(ctx context.Context) (int64, error) 67 67 + SetCursor(ctx context.Context, cursor int64) error 68 68 + } 69 69 + 70 70 + // Config configures a Jetstream consumer. 71 71 + type Config struct { 72 72 + // Endpoints is the list of Jetstream WebSocket URLs. Defaults to DefaultEndpoints. 73 73 + Endpoints []string 74 74 + 75 75 + // WantedCollections filters events to specific NSIDs. 76 76 + // Empty means all collections (high volume). 77 77 + WantedCollections []string 78 78 + 79 79 + // Compress enables zstd compression. Disabled by default because Jetstream 80 80 + // uses a custom dictionary incompatible with the standard zstd decoder. 81 81 + Compress bool 82 82 + 83 83 + // CursorStore persists the cursor for resume after restart. 84 84 + // If nil, the consumer starts from live on each restart. 85 85 + CursorStore CursorStore 86 86 + 87 87 + // CursorPersistEvery controls how often the cursor is flushed to CursorStore. 88 88 + // Defaults to every 1000 events. 89 89 + CursorPersistEvery int64 90 90 + 91 91 + // OnConnect is called each time a WebSocket connection is established. 92 92 + OnConnect func() 93 93 + 94 94 + // OnDisconnect is called each time a connection is lost. 95 95 + OnDisconnect func() 96 96 + 97 97 + // OnError is called when the handler returns an error. 98 98 + // If nil, errors are silently dropped (caller should log in the handler). 99 99 + OnError func(err error, event *Event) 100 100 + } 101 101 + 102 102 + func (c *Config) endpoints() []string { 103 103 + if len(c.Endpoints) > 0 { 104 104 + return c.Endpoints 105 105 + } 106 106 + return DefaultEndpoints 107 107 + } 108 108 + 109 109 + func (c *Config) cursorPersistEvery() int64 { 110 110 + if c.CursorPersistEvery > 0 { 111 111 + return c.CursorPersistEvery 112 112 + } 113 113 + return 1000 114 114 + } 115 115 + 116 116 + // Consumer consumes events from a Jetstream relay. 117 117 + type Consumer struct { 118 118 + cfg *Config 119 119 + handler Handler 120 120 + 121 121 + conn *websocket.Conn 122 122 + connMu sync.Mutex 123 123 + currentEndpointIdx int 124 124 + 125 125 + zstdDecoder *zstd.Decoder 126 126 + 127 127 + cursor atomic.Int64 128 128 + eventsReceived atomic.Int64 129 129 + bytesReceived atomic.Int64 130 130 + connected atomic.Bool 131 131 + 132 132 + stopCh chan struct{} 133 133 + wg sync.WaitGroup 134 134 + } 135 135 + 136 136 + // New creates a new Consumer. Call Start to begin consuming events. 137 137 + func New(cfg *Config, handler Handler) *Consumer { 138 138 + decoder, err := zstd.NewReader(nil, zstd.WithDecoderConcurrency(1)) 139 139 + if err != nil { 140 140 + // zstd.NewReader with nil src only fails on bad options 141 141 + panic(fmt.Sprintf("jetstream: create zstd decoder: %v", err)) 142 142 + } 143 143 + 144 144 + c := &Consumer{ 145 145 + cfg: cfg, 146 146 + handler: handler, 147 147 + stopCh: make(chan struct{}), 148 148 + zstdDecoder: decoder, 149 149 + } 150 150 + 151 151 + if cfg.CursorStore != nil { 152 152 + if cursor, err := cfg.CursorStore.GetCursor(context.Background()); err == nil && cursor > 0 { 153 153 + c.cursor.Store(cursor) 154 154 + } 155 155 + } 156 156 + 157 157 + return c 158 158 + } 159 159 + 160 160 + // Start begins consuming events in a background goroutine. 161 161 + func (c *Consumer) Start(ctx context.Context) { 162 162 + c.wg.Add(1) 163 163 + go func() { 164 164 + defer c.wg.Done() 165 165 + c.run(ctx) 166 166 + }() 167 167 + } 168 168 + 169 169 + // Stop gracefully shuts down the consumer and waits for it to finish. 170 170 + func (c *Consumer) Stop() { 171 171 + close(c.stopCh) 172 172 + c.connMu.Lock() 173 173 + if c.conn != nil { 174 174 + c.conn.Close() 175 175 + } 176 176 + c.connMu.Unlock() 177 177 + c.wg.Wait() 178 178 + c.zstdDecoder.Close() 179 179 + } 180 180 + 181 181 + // IsConnected reports whether the consumer is currently connected. 182 182 + func (c *Consumer) IsConnected() bool { 183 183 + return c.connected.Load() 184 184 + } 185 185 + 186 186 + // Stats returns cumulative event and byte counts since Start was called. 187 187 + func (c *Consumer) Stats() (eventsReceived, bytesReceived int64) { 188 188 + return c.eventsReceived.Load(), c.bytesReceived.Load() 189 189 + } 190 190 + 191 191 + func (c *Consumer) run(ctx context.Context) { 192 192 + backoff := time.Second 193 193 + const maxBackoff = 30 * time.Second 194 194 + 195 195 + for { 196 196 + select { 197 197 + case <-ctx.Done(): 198 198 + return 199 199 + case <-c.stopCh: 200 200 + return 201 201 + default: 202 202 + } 203 203 + 204 204 + endpoints := c.cfg.endpoints() 205 205 + endpoint := endpoints[c.currentEndpointIdx] 206 206 + 207 207 + if err := c.connectAndConsume(ctx, endpoint); err != nil { 208 208 + c.connected.Store(false) 209 209 + if c.cfg.OnDisconnect != nil { 210 210 + c.cfg.OnDisconnect() 211 211 + } 212 212 + 213 213 + // Rotate to next endpoint 214 214 + c.currentEndpointIdx = (c.currentEndpointIdx + 1) % len(endpoints) 215 215 + 216 216 + select { 217 217 + case <-ctx.Done(): 218 218 + return 219 219 + case <-c.stopCh: 220 220 + return 221 221 + case <-time.After(backoff): 222 222 + } 223 223 + 224 224 + backoff *= 2 225 225 + if backoff > maxBackoff { 226 226 + backoff = maxBackoff 227 227 + } 228 228 + } else { 229 229 + backoff = time.Second 230 230 + } 231 231 + } 232 232 + } 233 233 + 234 234 + func (c *Consumer) connectAndConsume(ctx context.Context, endpoint string) error { 235 235 + wsURL, err := c.buildURL(endpoint) 236 236 + if err != nil { 237 237 + return fmt.Errorf("build URL: %w", err) 238 238 + } 239 239 + 240 240 + dialer := websocket.Dialer{HandshakeTimeout: 10 * time.Second} 241 241 + conn, _, err := dialer.DialContext(ctx, wsURL, nil) 242 242 + if err != nil { 243 243 + return fmt.Errorf("dial: %w", err) 244 244 + } 245 245 + 246 246 + c.connMu.Lock() 247 247 + c.conn = conn 248 248 + c.connMu.Unlock() 249 249 + 250 250 + c.connected.Store(true) 251 251 + if c.cfg.OnConnect != nil { 252 252 + c.cfg.OnConnect() 253 253 + } 254 254 + 255 255 + defer func() { 256 256 + c.connMu.Lock() 257 257 + if c.conn != nil { 258 258 + c.conn.Close() 259 259 + c.conn = nil 260 260 + } 261 261 + c.connMu.Unlock() 262 262 + c.connected.Store(false) 263 263 + }() 264 264 + 265 265 + for { 266 266 + select { 267 267 + case <-ctx.Done(): 268 268 + return ctx.Err() 269 269 + case <-c.stopCh: 270 270 + return nil 271 271 + default: 272 272 + } 273 273 + 274 274 + conn.SetReadDeadline(time.Now().Add(60 * time.Second)) 275 275 + 276 276 + _, msg, err := conn.ReadMessage() 277 277 + if err != nil { 278 278 + return fmt.Errorf("read: %w", err) 279 279 + } 280 280 + 281 281 + c.bytesReceived.Add(int64(len(msg))) 282 282 + 283 283 + if err := c.process(ctx, msg); err != nil { 284 284 + if c.cfg.OnError != nil { 285 285 + // We don't have the event here since parsing may have failed, 286 286 + // pass nil to signal a parse/process error 287 287 + c.cfg.OnError(err, nil) 288 288 + } 289 289 + } 290 290 + } 291 291 + } 292 292 + 293 293 + func (c *Consumer) buildURL(endpoint string) (string, error) { 294 294 + u, err := url.Parse(endpoint) 295 295 + if err != nil { 296 296 + return "", err 297 297 + } 298 298 + 299 299 + q := u.Query() 300 300 + for _, coll := range c.cfg.WantedCollections { 301 301 + q.Add("wantedCollections", coll) 302 302 + } 303 303 + if c.cfg.Compress { 304 304 + q.Set("compress", "true") 305 305 + } 306 306 + if cursor := c.cursor.Load(); cursor > 0 { 307 307 + // Rewind 5 seconds to cover any gaps at reconnect 308 308 + rewind := cursor - (5 * time.Second.Microseconds()) 309 309 + q.Set("cursor", fmt.Sprintf("%d", rewind)) 310 310 + } 311 311 + 312 312 + u.RawQuery = q.Encode() 313 313 + return u.String(), nil 314 314 + } 315 315 + 316 316 + func (c *Consumer) process(ctx context.Context, data []byte) error { 317 317 + // Decompress if enabled and data has zstd magic bytes 318 318 + if c.cfg.Compress { 319 319 + if len(data) >= 4 && data[0] == 0x28 && data[1] == 0xB5 && data[2] == 0x2F && data[3] == 0xFD { 320 320 + decompressed, err := c.zstdDecoder.DecodeAll(data, nil) 321 321 + if err != nil { 322 322 + return fmt.Errorf("decompress: %w", err) 323 323 + } 324 324 + data = decompressed 325 325 + } else if len(data) > 0 && data[0] != '{' { 326 326 + // Try anyway in case magic bytes differ 327 327 + if decompressed, err := c.zstdDecoder.DecodeAll(data, nil); err == nil { 328 328 + data = decompressed 329 329 + } 330 330 + } 331 331 + } 332 332 + 333 333 + var event Event 334 334 + if err := json.Unmarshal(data, &event); err != nil { 335 335 + return fmt.Errorf("unmarshal event: %w", err) 336 336 + } 337 337 + 338 338 + c.eventsReceived.Add(1) 339 339 + 340 340 + if event.TimeUS > 0 { 341 341 + c.cursor.Store(event.TimeUS) 342 342 + 343 343 + if c.cfg.CursorStore != nil && c.eventsReceived.Load()%c.cfg.cursorPersistEvery() == 0 { 344 344 + if err := c.cfg.CursorStore.SetCursor(ctx, event.TimeUS); err != nil { 345 345 + // Non-fatal: log via OnError if configured 346 346 + if c.cfg.OnError != nil { 347 347 + c.cfg.OnError(fmt.Errorf("persist cursor: %w", err), nil) 348 348 + } 349 349 + } 350 350 + } 351 351 + } 352 352 + 353 353 + if err := c.handler(ctx, &event); err != nil { 354 354 + if c.cfg.OnError != nil { 355 355 + c.cfg.OnError(err, &event) 356 356 + } 357 357 + } 358 358 + 359 359 + return nil 360 360 + }

+143

jetstream/jetstream_test.go

reviewed

··· 1 1 + package jetstream 2 2 + 3 3 + import ( 4 4 + "context" 5 5 + "encoding/json" 6 6 + "testing" 7 7 + ) 8 8 + 9 9 + func TestNew(t *testing.T) { 10 10 + c := New(&Config{ 11 11 + WantedCollections: []string{"app.bsky.feed.post"}, 12 12 + }, func(ctx context.Context, evt *Event) error { 13 13 + return nil 14 14 + }) 15 15 + if c == nil { 16 16 + t.Fatal("expected non-nil consumer") 17 17 + } 18 18 + if c.IsConnected() { 19 19 + t.Fatal("should not be connected before Start") 20 20 + } 21 21 + } 22 22 + 23 23 + func TestConfig_Defaults(t *testing.T) { 24 24 + cfg := &Config{} 25 25 + if eps := cfg.endpoints(); len(eps) == 0 { 26 26 + t.Fatal("expected default endpoints") 27 27 + } 28 28 + if cfg.cursorPersistEvery() != 1000 { 29 29 + t.Fatalf("expected 1000, got %d", cfg.cursorPersistEvery()) 30 30 + } 31 31 + } 32 32 + 33 33 + func TestConfig_CustomEndpoints(t *testing.T) { 34 34 + cfg := &Config{Endpoints: []string{"wss://custom.example.com/subscribe"}} 35 35 + eps := cfg.endpoints() 36 36 + if len(eps) != 1 || eps[0] != "wss://custom.example.com/subscribe" { 37 37 + t.Fatalf("unexpected endpoints: %v", eps) 38 38 + } 39 39 + } 40 40 + 41 41 + func TestBuildURL_Collections(t *testing.T) { 42 42 + c := New(&Config{ 43 43 + Endpoints: []string{"wss://jetstream1.us-east.bsky.network/subscribe"}, 44 44 + WantedCollections: []string{"app.bsky.feed.post", "app.bsky.feed.like"}, 45 45 + }, func(ctx context.Context, evt *Event) error { return nil }) 46 46 + 47 47 + u, err := c.buildURL("wss://jetstream1.us-east.bsky.network/subscribe") 48 48 + if err != nil { 49 49 + t.Fatal(err) 50 50 + } 51 51 + if u == "" { 52 52 + t.Fatal("expected non-empty URL") 53 53 + } 54 54 + // Should contain wantedCollections params 55 55 + if !contains(u, "wantedCollections=app.bsky.feed.post") { 56 56 + t.Errorf("URL missing wantedCollections: %s", u) 57 57 + } 58 58 + } 59 59 + 60 60 + func TestBuildURL_Cursor(t *testing.T) { 61 61 + c := New(&Config{ 62 62 + Endpoints: []string{"wss://jetstream1.us-east.bsky.network/subscribe"}, 63 63 + }, func(ctx context.Context, evt *Event) error { return nil }) 64 64 + 65 65 + c.cursor.Store(1000000) 66 66 + u, err := c.buildURL("wss://jetstream1.us-east.bsky.network/subscribe") 67 67 + if err != nil { 68 68 + t.Fatal(err) 69 69 + } 70 70 + if !contains(u, "cursor=") { 71 71 + t.Errorf("URL missing cursor: %s", u) 72 72 + } 73 73 + } 74 74 + 75 75 + func TestProcess_ValidEvent(t *testing.T) { 76 76 + var received *Event 77 77 + c := New(&Config{}, func(ctx context.Context, evt *Event) error { 78 78 + received = evt 79 79 + return nil 80 80 + }) 81 81 + 82 82 + evt := Event{ 83 83 + DID: "did:plc:test", 84 84 + TimeUS: 1234567890, 85 85 + Kind: "commit", 86 86 + Commit: &Commit{ 87 87 + Operation: "create", 88 88 + Collection: "app.bsky.feed.post", 89 89 + RKey: "abc123", 90 90 + }, 91 91 + } 92 92 + data, _ := json.Marshal(evt) 93 93 + 94 94 + if err := c.process(context.Background(), data); err != nil { 95 95 + t.Fatal(err) 96 96 + } 97 97 + if received == nil { 98 98 + t.Fatal("expected handler to be called") 99 99 + } 100 100 + if received.DID != "did:plc:test" { 101 101 + t.Fatalf("got DID %q", received.DID) 102 102 + } 103 103 + } 104 104 + 105 105 + func TestProcess_UpdatesCursor(t *testing.T) { 106 106 + c := New(&Config{}, func(ctx context.Context, evt *Event) error { return nil }) 107 107 + 108 108 + data, _ := json.Marshal(Event{DID: "did:plc:test", TimeUS: 9999999}) 109 109 + c.process(context.Background(), data) 110 110 + 111 111 + if c.cursor.Load() != 9999999 { 112 112 + t.Fatalf("cursor not updated: %d", c.cursor.Load()) 113 113 + } 114 114 + } 115 115 + 116 116 + func TestProcess_InvalidJSON(t *testing.T) { 117 117 + c := New(&Config{}, func(ctx context.Context, evt *Event) error { return nil }) 118 118 + err := c.process(context.Background(), []byte("{bad json")) 119 119 + if err == nil { 120 120 + t.Fatal("expected error for invalid JSON") 121 121 + } 122 122 + } 123 123 + 124 124 + func TestStats(t *testing.T) { 125 125 + c := New(&Config{}, func(ctx context.Context, evt *Event) error { return nil }) 126 126 + evts, bytes := c.Stats() 127 127 + if evts != 0 || bytes != 0 { 128 128 + t.Fatalf("expected zero stats, got events=%d bytes=%d", evts, bytes) 129 129 + } 130 130 + } 131 131 + 132 132 + func contains(s, substr string) bool { 133 133 + return len(s) >= len(substr) && (s == substr || len(s) > 0 && containsStr(s, substr)) 134 134 + } 135 135 + 136 136 + func containsStr(s, substr string) bool { 137 137 + for i := 0; i <= len(s)-len(substr); i++ { 138 138 + if s[i:i+len(substr)] == substr { 139 139 + return true 140 140 + } 141 141 + } 142 142 + return false 143 143 + }

+1 -2

oauth.go

reviewed

··· 98 98 // LoginCLI runs a complete loopback OAuth flow for CLI applications. 99 99 // It opens the user's browser, starts a temporary HTTP server to receive the 100 100 // callback, and blocks until authentication completes. 101 101 + // TODO: should this be part of the library? probably not? (removeds `browser` dep) 101 102 func (a *OAuthApp) LoginCLI(ctx context.Context, handle string) (*SessionInfo, error) { 102 103 authURL, err := a.app.StartAuthFlow(ctx, handle) 103 104 if err != nil { ··· 182 183 return meta 183 184 } 184 185 185 185 - // Store returns the underlying session store, useful for implementing 186 186 - // features like "list all sessions" or session cleanup. 187 186 func (a *OAuthApp) Store() oauth.ClientAuthStore { 188 187 return a.app.Store 189 188 }

+49 -54

oauth_test.go

reviewed

··· 6 6 "github.com/bluesky-social/indigo/atproto/auth/oauth" 7 7 ) 8 8 9 9 - func TestNewOAuthApp_Localhost(t *testing.T) { 10 10 - app, err := NewOAuthApp(OAuthConfig{ 11 11 - ClientID: "", 12 12 - RedirectURI: "http://127.0.0.1:12345/callback", 13 13 - Scopes: []string{"atproto"}, 14 14 - Store: oauth.NewMemStore(), 15 15 - }) 16 16 - if err != nil { 17 17 - t.Fatal(err) 9 9 + func TestNewOAuthApp(t *testing.T) { 10 10 + tests := []struct { 11 11 + name string 12 12 + config OAuthConfig 13 13 + }{ 14 14 + { 15 15 + name: "localhost IP", 16 16 + config: OAuthConfig{ 17 17 + ClientID: "", 18 18 + RedirectURI: "http://127.0.0.1:12345/callback", 19 19 + Scopes: []string{"atproto"}, 20 20 + Store: oauth.NewMemStore(), 21 21 + }, 22 22 + }, 23 23 + { 24 24 + name: "localhost prefix", 25 25 + config: OAuthConfig{ 26 26 + ClientID: "http://localhost:8080", 27 27 + RedirectURI: "http://localhost:8080/oauth/callback", 28 28 + Scopes: []string{"atproto"}, 29 29 + Store: oauth.NewMemStore(), 30 30 + }, 31 31 + }, 32 32 + { 33 33 + name: "public client", 34 34 + config: OAuthConfig{ 35 35 + ClientID: "https://example.com/client-metadata.json", 36 36 + RedirectURI: "https://example.com/oauth/callback", 37 37 + Scopes: ScopesForCollections("x.y.bean"), 38 38 + Store: oauth.NewMemStore(), 39 39 + }, 40 40 + }, 41 41 + { 42 42 + name: "nil store", 43 43 + config: OAuthConfig{ 44 44 + RedirectURI: "http://127.0.0.1:12345/callback", 45 45 + Scopes: []string{"atproto"}, 46 46 + }, 47 47 + }, 18 48 } 19 19 - if app == nil { 20 20 - t.Fatal("expected non-nil app") 21 21 - } 22 22 - } 23 23 - 24 24 - func TestNewOAuthApp_LocalhostPrefix(t *testing.T) { 25 25 - app, err := NewOAuthApp(OAuthConfig{ 26 26 - ClientID: "http://localhost:8080", 27 27 - RedirectURI: "http://localhost:8080/oauth/callback", 28 28 - Scopes: []string{"atproto"}, 29 29 - Store: oauth.NewMemStore(), 30 30 - }) 31 31 - if err != nil { 32 32 - t.Fatal(err) 33 33 - } 34 34 - if app == nil { 35 35 - t.Fatal("expected non-nil app") 36 36 - } 37 37 - } 38 38 - 39 39 - func TestNewOAuthApp_Public(t *testing.T) { 40 40 - app, err := NewOAuthApp(OAuthConfig{ 41 41 - ClientID: "https://example.com/client-metadata.json", 42 42 - RedirectURI: "https://example.com/oauth/callback", 43 43 - Scopes: ScopesForCollections("x.y.bean"), 44 44 - Store: oauth.NewMemStore(), 45 45 - }) 46 46 - if err != nil { 47 47 - t.Fatal(err) 48 48 - } 49 49 - if app == nil { 50 50 - t.Fatal("expected non-nil app") 51 51 - } 52 52 - } 53 53 - 54 54 - func TestNewOAuthApp_NilStore(t *testing.T) { 55 55 - app, err := NewOAuthApp(OAuthConfig{ 56 56 - RedirectURI: "http://127.0.0.1:12345/callback", 57 57 - Scopes: []string{"atproto"}, 58 58 - }) 59 59 - if err != nil { 60 60 - t.Fatal(err) 61 61 - } 62 62 - if app == nil { 63 63 - t.Fatal("expected non-nil app") 49 49 + for _, tc := range tests { 50 50 + t.Run(tc.name, func(t *testing.T) { 51 51 + app, err := NewOAuthApp(tc.config) 52 52 + if err != nil { 53 53 + t.Fatal(err) 54 54 + } 55 55 + if app == nil { 56 56 + t.Fatal("expected non-nil app") 57 57 + } 58 58 + }) 64 59 } 65 60 } 66 61

+304

public.go

reviewed

··· 1 1 + package atp 2 2 + 3 3 + import ( 4 4 + "context" 5 5 + "encoding/json" 6 6 + "errors" 7 7 + "fmt" 8 8 + "net" 9 9 + "net/http" 10 10 + "net/url" 11 11 + "slices" 12 12 + "strings" 13 13 + "sync" 14 14 + "time" 15 15 + ) 16 16 + 17 17 + const ( 18 18 + // PublicAPIBase is the Bluesky public API endpoint used for profile and handle lookups. 19 19 + PublicAPIBase = "https://public.api.bsky.app" 20 20 + 21 21 + // PLCDirectory is used to resolve did:plc identifiers to DID documents. 22 22 + PLCDirectory = "https://plc.directory" 23 23 + ) 24 24 + 25 25 + // ErrSSRFBlocked is returned when a request is blocked due to a private/internal destination. 26 26 + var ErrSSRFBlocked = errors.New("request blocked: potential SSRF detected") 27 27 + 28 28 + // PublicClient provides unauthenticated read access to public AT Protocol APIs. 29 29 + // Use this to resolve handles, look up profiles, and read public records without 30 30 + // requiring an OAuth session. 31 31 + type PublicClient struct { 32 32 + httpClient *http.Client 33 33 + pdsCache map[string]string 34 34 + pdsCacheMu sync.RWMutex 35 35 + } 36 36 + 37 37 + // NewPublicClient creates a PublicClient with a 30-second timeout. 38 38 + // To add OTel instrumentation, use NewPublicClientWithHTTP and pass an 39 39 + // otelhttp-wrapped transport. 40 40 + func NewPublicClient() *PublicClient { 41 41 + return NewPublicClientWithHTTP(&http.Client{ 42 42 + Timeout: 30 * time.Second, 43 43 + }) 44 44 + } 45 45 + 46 46 + // NewPublicClientWithHTTP creates a PublicClient using the provided http.Client. 47 47 + // This lets callers inject custom transports (e.g. with OTel or rate limiting). 48 48 + func NewPublicClientWithHTTP(hc *http.Client) *PublicClient { 49 49 + return &PublicClient{ 50 50 + httpClient: hc, 51 51 + pdsCache: make(map[string]string), 52 52 + } 53 53 + } 54 54 + 55 55 + // ResolveHandle resolves an AT Protocol handle to a DID string. 56 56 + func (c *PublicClient) ResolveHandle(ctx context.Context, handle string) (string, error) { 57 57 + reqURL := fmt.Sprintf("%s/xrpc/com.atproto.identity.resolveHandle?handle=%s", 58 58 + PublicAPIBase, url.QueryEscape(handle)) 59 59 + 60 60 + req, err := http.NewRequestWithContext(ctx, "GET", reqURL, nil) 61 61 + if err != nil { 62 62 + return "", fmt.Errorf("build request: %w", err) 63 63 + } 64 64 + 65 65 + resp, err := c.httpClient.Do(req) 66 66 + if err != nil { 67 67 + return "", fmt.Errorf("resolve handle: %w", err) 68 68 + } 69 69 + defer resp.Body.Close() 70 70 + 71 71 + if resp.StatusCode == http.StatusNotFound { 72 72 + return "", fmt.Errorf("handle not found: %s", handle) 73 73 + } 74 74 + if resp.StatusCode != http.StatusOK { 75 75 + return "", fmt.Errorf("resolve handle: HTTP %d", resp.StatusCode) 76 76 + } 77 77 + 78 78 + var result struct { 79 79 + DID string `json:"did"` 80 80 + } 81 81 + if err := json.NewDecoder(resp.Body).Decode(&result); err != nil { 82 82 + return "", fmt.Errorf("decode response: %w", err) 83 83 + } 84 84 + return result.DID, nil 85 85 + } 86 86 + 87 87 + // GetPDSEndpoint resolves a DID to the user's PDS base URL. 88 88 + // Results are cached in-memory for the lifetime of the client. 89 89 + func (c *PublicClient) GetPDSEndpoint(ctx context.Context, did string) (string, error) { 90 90 + c.pdsCacheMu.RLock() 91 91 + if pds, ok := c.pdsCache[did]; ok { 92 92 + c.pdsCacheMu.RUnlock() 93 93 + return pds, nil 94 94 + } 95 95 + c.pdsCacheMu.RUnlock() 96 96 + 97 97 + var pdsEndpoint string 98 98 + 99 99 + switch { 100 100 + case strings.HasPrefix(did, "did:plc:"): 101 101 + reqURL := fmt.Sprintf("%s/%s", PLCDirectory, did) 102 102 + req, err := http.NewRequestWithContext(ctx, "GET", reqURL, nil) 103 103 + if err != nil { 104 104 + return "", fmt.Errorf("build request: %w", err) 105 105 + } 106 106 + resp, err := c.httpClient.Do(req) 107 107 + if err != nil { 108 108 + return "", fmt.Errorf("fetch DID document: %w", err) 109 109 + } 110 110 + defer resp.Body.Close() 111 111 + 112 112 + if resp.StatusCode != http.StatusOK { 113 113 + return "", fmt.Errorf("DID resolution: HTTP %d", resp.StatusCode) 114 114 + } 115 115 + 116 116 + var didDoc struct { 117 117 + Service []struct { 118 118 + ID string `json:"id"` 119 119 + Type string `json:"type"` 120 120 + ServiceEndpoint string `json:"serviceEndpoint"` 121 121 + } `json:"service"` 122 122 + } 123 123 + if err := json.NewDecoder(resp.Body).Decode(&didDoc); err != nil { 124 124 + return "", fmt.Errorf("decode DID document: %w", err) 125 125 + } 126 126 + for _, svc := range didDoc.Service { 127 127 + if svc.ID == "#atproto_pds" || svc.Type == "AtprotoPersonalDataServer" { 128 128 + pdsEndpoint = svc.ServiceEndpoint 129 129 + break 130 130 + } 131 131 + } 132 132 + 133 133 + case strings.HasPrefix(did, "did:web:"): 134 134 + domain := strings.TrimPrefix(did, "did:web:") 135 135 + domain = strings.ReplaceAll(domain, "%3A", ":") 136 136 + if idx := strings.Index(domain, "/"); idx != -1 { 137 137 + domain = domain[:idx] 138 138 + } 139 139 + host := domain 140 140 + if h, _, err := net.SplitHostPort(domain); err == nil { 141 141 + host = h 142 142 + } 143 143 + if err := validateDomain(host); err != nil { 144 144 + return "", err 145 145 + } 146 146 + pdsEndpoint = "https://" + domain 147 147 + } 148 148 + 149 149 + if pdsEndpoint == "" { 150 150 + return "", fmt.Errorf("could not resolve PDS endpoint for %s", did) 151 151 + } 152 152 + 153 153 + c.pdsCacheMu.Lock() 154 154 + c.pdsCache[did] = pdsEndpoint 155 155 + c.pdsCacheMu.Unlock() 156 156 + 157 157 + return pdsEndpoint, nil 158 158 + } 159 159 + 160 160 + // PublicProfile is a user's public profile as returned by the Bluesky public API. 161 161 + type PublicProfile struct { 162 162 + DID string `json:"did"` 163 163 + Handle string `json:"handle"` 164 164 + DisplayName *string `json:"displayName,omitempty"` 165 165 + Avatar *string `json:"avatar,omitempty"` 166 166 + } 167 167 + 168 168 + // GetProfile fetches a user's public profile by DID or handle. 169 169 + func (c *PublicClient) GetProfile(ctx context.Context, actor string) (*PublicProfile, error) { 170 170 + reqURL := fmt.Sprintf("%s/xrpc/app.bsky.actor.getProfile?actor=%s", 171 171 + PublicAPIBase, url.QueryEscape(actor)) 172 172 + 173 173 + req, err := http.NewRequestWithContext(ctx, "GET", reqURL, nil) 174 174 + if err != nil { 175 175 + return nil, fmt.Errorf("build request: %w", err) 176 176 + } 177 177 + 178 178 + resp, err := c.httpClient.Do(req) 179 179 + if err != nil { 180 180 + return nil, fmt.Errorf("fetch profile: %w", err) 181 181 + } 182 182 + defer resp.Body.Close() 183 183 + 184 184 + if resp.StatusCode != http.StatusOK { 185 185 + return nil, fmt.Errorf("get profile: HTTP %d", resp.StatusCode) 186 186 + } 187 187 + 188 188 + var profile PublicProfile 189 189 + if err := json.NewDecoder(resp.Body).Decode(&profile); err != nil { 190 190 + return nil, fmt.Errorf("decode profile: %w", err) 191 191 + } 192 192 + return &profile, nil 193 193 + } 194 194 + 195 195 + // ListPublicRecords fetches up to limit records from a public collection. 196 196 + // Queries the user's PDS directly, so it works with any collection NSID. 197 197 + func (c *PublicClient) ListPublicRecords(ctx context.Context, did, collection string, limit int) ([]Record, error) { 198 198 + pdsEndpoint, err := c.GetPDSEndpoint(ctx, did) 199 199 + if err != nil { 200 200 + return nil, fmt.Errorf("resolve PDS: %w", err) 201 201 + } 202 202 + 203 203 + reqURL := fmt.Sprintf("%s/xrpc/com.atproto.repo.listRecords?repo=%s&collection=%s&limit=%d", 204 204 + pdsEndpoint, url.QueryEscape(did), url.QueryEscape(collection), limit) 205 205 + 206 206 + req, err := http.NewRequestWithContext(ctx, "GET", reqURL, nil) 207 207 + if err != nil { 208 208 + return nil, fmt.Errorf("build request: %w", err) 209 209 + } 210 210 + 211 211 + resp, err := c.httpClient.Do(req) 212 212 + if err != nil { 213 213 + return nil, fmt.Errorf("list records: %w", err) 214 214 + } 215 215 + defer resp.Body.Close() 216 216 + 217 217 + if resp.StatusCode != http.StatusOK { 218 218 + return nil, fmt.Errorf("list records: HTTP %d", resp.StatusCode) 219 219 + } 220 220 + 221 221 + var result struct { 222 222 + Records []struct { 223 223 + URI string `json:"uri"` 224 224 + CID string `json:"cid"` 225 225 + Value map[string]any `json:"value"` 226 226 + } `json:"records"` 227 227 + } 228 228 + if err := json.NewDecoder(resp.Body).Decode(&result); err != nil { 229 229 + return nil, fmt.Errorf("decode records: %w", err) 230 230 + } 231 231 + 232 232 + records := make([]Record, len(result.Records)) 233 233 + for i, r := range result.Records { 234 234 + records[i] = Record{URI: r.URI, CID: r.CID, Value: r.Value} 235 235 + } 236 236 + return records, nil 237 237 + } 238 238 + 239 239 + // GetPublicRecord fetches a single public record from a user's PDS. 240 240 + func (c *PublicClient) GetPublicRecord(ctx context.Context, did, collection, rkey string) (*Record, error) { 241 241 + pdsEndpoint, err := c.GetPDSEndpoint(ctx, did) 242 242 + if err != nil { 243 243 + return nil, fmt.Errorf("resolve PDS: %w", err) 244 244 + } 245 245 + 246 246 + reqURL := fmt.Sprintf("%s/xrpc/com.atproto.repo.getRecord?repo=%s&collection=%s&rkey=%s", 247 247 + pdsEndpoint, url.QueryEscape(did), url.QueryEscape(collection), url.QueryEscape(rkey)) 248 248 + 249 249 + req, err := http.NewRequestWithContext(ctx, "GET", reqURL, nil) 250 250 + if err != nil { 251 251 + return nil, fmt.Errorf("build request: %w", err) 252 252 + } 253 253 + 254 254 + resp, err := c.httpClient.Do(req) 255 255 + if err != nil { 256 256 + return nil, fmt.Errorf("get record: %w", err) 257 257 + } 258 258 + defer resp.Body.Close() 259 259 + 260 260 + if resp.StatusCode != http.StatusOK { 261 261 + return nil, fmt.Errorf("get record: HTTP %d", resp.StatusCode) 262 262 + } 263 263 + 264 264 + var r struct { 265 265 + URI string `json:"uri"` 266 266 + CID string `json:"cid"` 267 267 + Value map[string]any `json:"value"` 268 268 + } 269 269 + if err := json.NewDecoder(resp.Body).Decode(&r); err != nil { 270 270 + return nil, fmt.Errorf("decode record: %w", err) 271 271 + } 272 272 + return &Record{URI: r.URI, CID: r.CID, Value: r.Value}, nil 273 273 + } 274 274 + 275 275 + // isPrivateIP reports whether ip is in a private/reserved range. 276 276 + func isPrivateIP(ip net.IP) bool { 277 277 + return ip.IsLoopback() || 278 278 + ip.IsLinkLocalUnicast() || 279 279 + ip.IsLinkLocalMulticast() || 280 280 + ip.IsPrivate() || 281 281 + ip.IsUnspecified() || 282 282 + ip.Equal(net.ParseIP("169.254.169.254")) // cloud metadata 283 283 + } 284 284 + 285 285 + // validateDomain blocks requests to private/internal hosts. 286 286 + func validateDomain(domain string) error { 287 287 + if domain == "localhost" || strings.HasSuffix(domain, ".local") { 288 288 + return ErrSSRFBlocked 289 289 + } 290 290 + if ip := net.ParseIP(domain); ip != nil { 291 291 + if isPrivateIP(ip) { 292 292 + return ErrSSRFBlocked 293 293 + } 294 294 + return nil 295 295 + } 296 296 + ips, err := net.LookupIP(domain) 297 297 + if err != nil { 298 298 + return nil // let the HTTP request fail naturally 299 299 + } 300 300 + if slices.ContainsFunc(ips, isPrivateIP) { 301 301 + return ErrSSRFBlocked 302 302 + } 303 303 + return nil 304 304 + }

+62

public_test.go

reviewed

··· 1 1 + package atp 2 2 + 3 3 + import ( 4 4 + "net" 5 5 + "testing" 6 6 + ) 7 7 + 8 8 + func TestIsPrivateIP(t *testing.T) { 9 9 + cases := []struct { 10 10 + ip string 11 11 + private bool 12 12 + }{ 13 13 + {"127.0.0.1", true}, 14 14 + {"::1", true}, 15 15 + {"10.0.0.1", true}, 16 16 + {"172.16.0.1", true}, 17 17 + {"192.168.1.1", true}, 18 18 + {"169.254.169.254", true}, 19 19 + {"0.0.0.0", true}, 20 20 + {"8.8.8.8", false}, 21 21 + {"1.1.1.1", false}, 22 22 + } 23 23 + 24 24 + for _, tc := range cases { 25 25 + ip := net.ParseIP(tc.ip) 26 26 + got := isPrivateIP(ip) 27 27 + if got != tc.private { 28 28 + t.Errorf("isPrivateIP(%s) = %v, want %v", tc.ip, got, tc.private) 29 29 + } 30 30 + } 31 31 + } 32 32 + 33 33 + func TestValidateDomain_Localhost(t *testing.T) { 34 34 + if err := validateDomain("localhost"); err != ErrSSRFBlocked { 35 35 + t.Fatalf("expected ErrSSRFBlocked for localhost, got %v", err) 36 36 + } 37 37 + } 38 38 + 39 39 + func TestValidateDomain_DotLocal(t *testing.T) { 40 40 + if err := validateDomain("internal.local"); err != ErrSSRFBlocked { 41 41 + t.Fatalf("expected ErrSSRFBlocked for .local domain, got %v", err) 42 42 + } 43 43 + } 44 44 + 45 45 + func TestValidateDomain_PrivateIP(t *testing.T) { 46 46 + if err := validateDomain("192.168.1.1"); err != ErrSSRFBlocked { 47 47 + t.Fatalf("expected ErrSSRFBlocked for private IP, got %v", err) 48 48 + } 49 49 + } 50 50 + 51 51 + func TestValidateDomain_MetadataIP(t *testing.T) { 52 52 + if err := validateDomain("169.254.169.254"); err != ErrSSRFBlocked { 53 53 + t.Fatalf("expected ErrSSRFBlocked for metadata IP, got %v", err) 54 54 + } 55 55 + } 56 56 + 57 57 + func TestNewPublicClient(t *testing.T) { 58 58 + c := NewPublicClient() 59 59 + if c == nil { 60 60 + t.Fatal("expected non-nil client") 61 61 + } 62 62 + }

-1

record.go

reviewed

··· 1 1 package atp 2 2 3 3 - // Record represents a single record returned from a PDS. 4 3 type Record struct { 5 4 URI string 6 5 CID string

+2

scopes.go

reviewed

··· 6 6 // 7 7 // ScopesForCollections("x.y.bean", "x.y.brew") 8 8 // // => ["atproto", "repo:x.y.bean", "repo:x.y.brew"] 9 9 + // 10 10 + // TODO: add support for collections and more granular control than just full rw 9 11 func ScopesForCollections(collections ...string) []string { 10 12 scopes := make([]string, 0, 1+len(collections)) 11 13 scopes = append(scopes, "atproto")

+22 -11

scopes_test.go

reviewed

··· 6 6 ) 7 7 8 8 func TestScopesForCollections(t *testing.T) { 9 9 - got := ScopesForCollections("social.arabica.alpha.bean", "social.arabica.alpha.brew") 10 10 - want := []string{"atproto", "repo:social.arabica.alpha.bean", "repo:social.arabica.alpha.brew"} 11 11 - if !slices.Equal(got, want) { 12 12 - t.Fatalf("got %v, want %v", got, want) 9 9 + tests := []struct { 10 10 + name string 11 11 + collections []string 12 12 + want []string 13 13 + }{ 14 14 + { 15 15 + name: "no collections", 16 16 + collections: nil, 17 17 + want: []string{"atproto"}, 18 18 + }, 19 19 + { 20 20 + name: "multiple collections", 21 21 + collections: []string{"social.arabica.alpha.bean", "social.arabica.alpha.brew"}, 22 22 + want: []string{"atproto", "repo:social.arabica.alpha.bean", "repo:social.arabica.alpha.brew"}, 23 23 + }, 13 24 } 14 14 - } 15 15 - 16 16 - func TestScopesForCollections_Empty(t *testing.T) { 17 17 - got := ScopesForCollections() 18 18 - want := []string{"atproto"} 19 19 - if !slices.Equal(got, want) { 20 20 - t.Fatalf("got %v, want %v", got, want) 25 25 + for _, tc := range tests { 26 26 + t.Run(tc.name, func(t *testing.T) { 27 27 + got := ScopesForCollections(tc.collections...) 28 28 + if !slices.Equal(got, tc.want) { 29 29 + t.Fatalf("got %v, want %v", got, tc.want) 30 30 + } 31 31 + }) 21 32 } 22 33 } 23 34

+2 -1

tracing/tracing.go

reviewed

··· 24 24 25 25 // Init creates and registers a tracer provider with an OTLP HTTP exporter. 26 26 // It reads OTEL_EXPORTER_OTLP_ENDPOINT (default: localhost:4318). 27 27 - // The serviceName appears in your tracing backend (e.g. "arabica", "solanum"). 27 27 + // The serviceName appears in your tracing backend (e.g. "arabica"). 28 28 // Returns the provider so the caller can defer provider.Shutdown(ctx). 29 29 + // TODO: allow grpc exporting to port 4317 29 30 func Init(ctx context.Context, serviceName string) (*sdktrace.TracerProvider, error) { 30 31 endpoint := os.Getenv("OTEL_EXPORTER_OTLP_ENDPOINT") 31 32 if endpoint == "" {

+21 -20

tracing/tracing_test.go

reviewed

··· 7 7 "go.opentelemetry.io/otel/trace" 8 8 ) 9 9 10 10 - func TestBoltSpan_NoParent(t *testing.T) { 10 10 + func TestSpan_NoParent(t *testing.T) { 11 11 ctx := context.Background() 12 12 - // Without a parent span, should return a no-op span 13 13 - _, span := BoltSpan(ctx, "GetSession", "oauth_sessions") 14 14 - if span.SpanContext().IsValid() { 15 15 - t.Fatal("expected no-op span without parent") 12 12 + tests := []struct { 13 13 + name string 14 14 + fn func(context.Context) (context.Context, trace.Span) 15 15 + }{ 16 16 + {"bolt", func(ctx context.Context) (context.Context, trace.Span) { 17 17 + return BoltSpan(ctx, "GetSession", "oauth_sessions") 18 18 + }}, 19 19 + {"sqlite", func(ctx context.Context) (context.Context, trace.Span) { 20 20 + return SqliteSpan(ctx, "query", "records") 21 21 + }}, 22 22 + {"pds", func(ctx context.Context) (context.Context, trace.Span) { 23 23 + return PdsSpan(ctx, "createRecord", "x.y.z", "did:plc:test") 24 24 + }}, 16 25 } 17 17 - } 18 18 - 19 19 - func TestSqliteSpan_NoParent(t *testing.T) { 20 20 - ctx := context.Background() 21 21 - _, span := SqliteSpan(ctx, "query", "records") 22 22 - if span.SpanContext().IsValid() { 23 23 - t.Fatal("expected no-op span without parent") 24 24 - } 25 25 - } 26 26 - 27 27 - func TestPdsSpan_NoParent(t *testing.T) { 28 28 - ctx := context.Background() 29 29 - _, span := PdsSpan(ctx, "createRecord", "x.y.z", "did:plc:test") 30 30 - if span.SpanContext().IsValid() { 31 31 - t.Fatal("expected no-op span without parent") 26 26 + for _, tc := range tests { 27 27 + t.Run(tc.name, func(t *testing.T) { 28 28 + _, span := tc.fn(ctx) 29 29 + if span.SpanContext().IsValid() { 30 30 + t.Fatal("expected no-op span without parent") 31 31 + } 32 32 + }) 32 33 } 33 34 } 34 35

+1

uri.go

reviewed

··· 7 7 ) 8 8 9 9 func BuildATURI(did, collection, rkey string) string { 10 10 + // TODO: add validation on each param (maybe just call ParseATURI?) 10 11 return fmt.Sprintf("at://%s/%s/%s", did, collection, rkey) 11 12 } 12 13

+50 -21

uri_test.go

reviewed

··· 11 11 } 12 12 13 13 func TestParseATURI(t *testing.T) { 14 14 - did, collection, rkey, err := ParseATURI("at://did:plc:abc/app.bsky.feed.post/3jxy") 15 15 - if err != nil { 16 16 - t.Fatal(err) 14 14 + tests := []struct { 15 15 + name string 16 16 + input string 17 17 + wantDID string 18 18 + wantColl string 19 19 + wantRKey string 20 20 + wantErr bool 21 21 + }{ 22 22 + { 23 23 + name: "valid URI", 24 24 + input: "at://did:plc:abc/app.bsky.feed.post/3jxy", 25 25 + wantDID: "did:plc:abc", 26 26 + wantColl: "app.bsky.feed.post", 27 27 + wantRKey: "3jxy", 28 28 + }, 29 29 + { 30 30 + name: "invalid URI", 31 31 + input: "not-a-uri", 32 32 + wantErr: true, 33 33 + }, 17 34 } 18 18 - if did != "did:plc:abc" || collection != "app.bsky.feed.post" || rkey != "3jxy" { 19 19 - t.Fatalf("got did=%q collection=%q rkey=%q", did, collection, rkey) 20 20 - } 21 21 - } 22 22 - 23 23 - func TestParseATURI_Invalid(t *testing.T) { 24 24 - _, _, _, err := ParseATURI("not-a-uri") 25 25 - if err == nil { 26 26 - t.Fatal("expected error for invalid URI") 35 35 + for _, tc := range tests { 36 36 + t.Run(tc.name, func(t *testing.T) { 37 37 + did, collection, rkey, err := ParseATURI(tc.input) 38 38 + if tc.wantErr { 39 39 + if err == nil { 40 40 + t.Fatal("expected error for invalid URI") 41 41 + } 42 42 + return 43 43 + } 44 44 + if err != nil { 45 45 + t.Fatal(err) 46 46 + } 47 47 + if did != tc.wantDID || collection != tc.wantColl || rkey != tc.wantRKey { 48 48 + t.Fatalf("got did=%q collection=%q rkey=%q", did, collection, rkey) 49 49 + } 50 50 + }) 27 51 } 28 52 } 29 53 30 54 func TestRKeyFromURI(t *testing.T) { 31 31 - got := RKeyFromURI("at://did:plc:abc/app.bsky.feed.post/3jxy") 32 32 - if got != "3jxy" { 33 33 - t.Fatalf("got %q, want %q", got, "3jxy") 55 55 + tests := []struct { 56 56 + name string 57 57 + input string 58 58 + want string 59 59 + }{ 60 60 + {"valid URI", "at://did:plc:abc/app.bsky.feed.post/3jxy", "3jxy"}, 61 61 + {"invalid URI", "garbage", ""}, 34 62 } 35 35 - } 36 36 - 37 37 - func TestRKeyFromURI_Invalid(t *testing.T) { 38 38 - got := RKeyFromURI("garbage") 39 39 - if got != "" { 40 40 - t.Fatalf("expected empty string for invalid URI, got %q", got) 63 63 + for _, tc := range tests { 64 64 + t.Run(tc.name, func(t *testing.T) { 65 65 + got := RKeyFromURI(tc.input) 66 66 + if got != tc.want { 67 67 + t.Fatalf("got %q, want %q", got, tc.want) 68 68 + } 69 69 + }) 41 70 } 42 71 }