Add OAuth tests

.changeset/clever-walls-fold.md

@@ -0,0 +1,7 @@
+---
+"@atproto/oauth-client-browser": patch
+"@atproto/oauth-client": patch
+---
+
+Add `allowHttp` OAuthClient construction option to allow working with "http:" oauth providers (for development & testing purposes).
+

.changeset/eleven-avocados-switch.md

@@ -0,0 +1,5 @@
+---
+"@atproto/oauth-types": minor
+---
+
+Allow oauthIssuerIdentifier to be an "http:" url. Make sure to manually check for "http:" issuers if you don't allow them.

.changeset/gentle-socks-punch.md

@@ -0,0 +1,5 @@
+---
+"@atproto-labs/did-resolver": patch
+---
+
+Add "allowHttp" did:web method option

.changeset/hungry-ways-decide.md

@@ -0,0 +1,5 @@
+---
+"@atproto/oauth-client-node": patch
+---
+
+Bugfix: Prevent accidental override of `NodeOAuthClient` constructor options

.changeset/thirty-jeans-itch.md

@@ -0,0 +1,5 @@
+---
+"@atproto/oauth-types": minor
+---
+
+Remove ALLOW_UNSECURE_ORIGINS constant

.changeset/witty-masks-wave.md

@@ -0,0 +1,5 @@
+---
+"@atproto/oauth-provider": patch
+---
+
+Improve error message when invalid client id used during code exchange

.changeset/young-paws-poke.md

@@ -0,0 +1,5 @@
+---
+"@atproto/oauth-types": patch
+---
+
+Improve typing of oauthIssuerIdentifierSchema

.github/workflows/repo.yaml

@@ -23,6 +23,13 @@ jobs:
         with:
           node-version: 18
           cache: 'pnpm'
+      - name: Get current month
+        run: echo "CURRENT_MONTH=$(date +'%Y-%m')" >> $GITHUB_ENV
+      - uses: actions/cache@v4
+        name: Cache Puppeteer browser binaries
+        with:
+          path: ~/.cache
+          key: ${{ env.CURRENT_MONTH }}-${{ runner.os }}
       - run: pnpm i --frozen-lockfile
       - run: pnpm build
       - uses: actions/upload-artifact@v4
@@ -49,6 +56,13 @@ jobs:
         with:
           node-version: 18
           cache: 'pnpm'
+      - name: Get current month
+        run: echo "CURRENT_MONTH=$(date +'%Y-%m')" >> $GITHUB_ENV
+      - uses: actions/cache@v4
+        name: Cache Puppeteer browser binaries
+        with:
+          path: ~/.cache
+          key: ${{ env.CURRENT_MONTH }}-${{ runner.os }}
       - run: pnpm i --frozen-lockfile
       - uses: actions/download-artifact@v4
         with:
@@ -69,6 +83,13 @@ jobs:
         with:
           node-version: 18
           cache: 'pnpm'
+      - name: Get current month
+        run: echo "CURRENT_MONTH=$(date +'%Y-%m')" >> $GITHUB_ENV
+      - uses: actions/cache@v4
+        name: Cache Puppeteer browser binaries
+        with:
+          path: ~/.cache
+          key: ${{ env.CURRENT_MONTH }}-${{ runner.os }}
       - run: pnpm i --frozen-lockfile
       - uses: actions/download-artifact@v4
         with:

packages/api/jest.config.js

@@ -1,8 +1,7 @@
 /** @type {import('jest').Config} */
 module.exports = {
   displayName: 'API',
-  transform: { '^.+\\.(t|j)s$': '@swc/jest' },
-  transformIgnorePatterns: [`<rootDir>/node_modules/(?!get-port)`],
+  transform: { '^.+\\.ts$': '@swc/jest' },
   testTimeout: 60000,
   setupFiles: ['<rootDir>/../../jest.setup.ts'],
   setupFilesAfterEnv: ['<rootDir>/jest.setup.ts'],

packages/api/package.json

@@ -33,7 +33,6 @@
   },
   "devDependencies": {
     "@atproto/lex-cli": "workspace:^",
-    "get-port": "^6.1.2",
     "jest": "^28.1.2",
     "prettier": "^3.2.5",
     "typescript": "^5.6.2"

packages/api/tests/dispatcher.test.ts

@@ -1,5 +1,5 @@
+import { AddressInfo } from 'node:net'
 import assert from 'assert'
-import getPort from 'get-port'
 import {
   AtpAgent,
   AtpSessionEvent,
@@ -443,8 +443,8 @@ describe('AtpAgent', () => {
 
   describe('App labelers header', () => {
     it('adds the labelers header as expected', async () => {
-      const port = await getPort()
-      const server = await createHeaderEchoServer(port)
+      const server = await createHeaderEchoServer()
+      const port = (server.address() as AddressInfo).port
       const agent = new AtpAgent({ service: `http://localhost:${port}` })
       const agent2 = new AtpAgent({ service: `http://localhost:${port}` })
 
@@ -470,8 +470,8 @@ describe('AtpAgent', () => {
 
   describe('configureLabelers', () => {
     it('adds the labelers header as expected', async () => {
-      const port = await getPort()
-      const server = await createHeaderEchoServer(port)
+      const server = await createHeaderEchoServer()
+      const port = (server.address() as AddressInfo).port
       const agent = new AtpAgent({ service: `http://localhost:${port}` })
 
       agent.configureLabelers(['did:plc:test1'])
@@ -492,8 +492,8 @@ describe('AtpAgent', () => {
 
   describe('configureProxy', () => {
     it('adds the proxy header as expected', async () => {
-      const port = await getPort()
-      const server = await createHeaderEchoServer(port)
+      const server = await createHeaderEchoServer()
+      const port = (server.address() as AddressInfo).port
       const agent = new AtpAgent({ service: `http://localhost:${port}` })
 
       const res1 = await agent.com.atproto.server.describeServer()

packages/api/tests/util/echo-server.ts

@@ -1,21 +1,21 @@
-import http from 'node:http'
+import { once } from 'node:events'
+import { createServer } from 'node:http'
 
-export async function createHeaderEchoServer(port: number) {
-  return new Promise<http.Server>((resolve) => {
-    const server = http.createServer()
-
-    server
-      .on('request', (request, response) => {
-        response.setHeader('content-type', 'application/json')
-        response.end(
-          JSON.stringify({
-            ...request.headers,
-            did: 'did:web:fake.com',
-            availableUserDomains: [],
-          }),
-        )
-      })
-      .on('listening', () => resolve(server))
-      .listen(port)
+export async function createHeaderEchoServer(port: number = 0) {
+  const server = createServer((req, res) => {
+    res.writeHead(200, undefined, { 'content-type': 'application/json' })
+    res.end(
+      JSON.stringify({
+        ...req.headers,
+        did: 'did:web:fake.com',
+        availableUserDomains: [],
+      }),
+    )
   })
+
+  server.listen(port)
+
+  await once(server, 'listening')
+
+  return server
 }

packages/bsky/jest.config.js

@@ -2,7 +2,7 @@
 module.exports = {
   displayName: 'Bsky App View',
   transform: { '^.+\\.(t|j)s$': '@swc/jest' },
-  transformIgnorePatterns: [`<rootDir>/node_modules/(?!get-port)`],
+  transformIgnorePatterns: ['/node_modules/.pnpm/(?!(get-port)@)'],
   testTimeout: 60000,
   setupFiles: ['<rootDir>/../../jest.setup.ts'],
 }

packages/identity/jest.config.js

@@ -2,6 +2,6 @@
 module.exports = {
   displayName: 'Identity',
   transform: { '^.+\\.(t|j)s$': '@swc/jest' },
-  transformIgnorePatterns: [`<rootDir>/node_modules/(?!get-port)`],
+  transformIgnorePatterns: ['/node_modules/.pnpm/(?!(get-port)@)'],
   setupFiles: ['<rootDir>/../../jest.setup.ts'],
 }

packages/internal/did-resolver/src/methods/web.ts

@@ -18,18 +18,31 @@ const fetchSuccessHandler = pipe(
 
 export type DidWebMethodOptions = {
   fetch?: Fetch
+  /** @default true */
+  allowHttp?: boolean
 }
 
 export class DidWebMethod implements DidMethod<'web'> {
   protected readonly fetch: Fetch<unknown>
+  protected readonly allowHttp: boolean
 
-  constructor({ fetch = globalThis.fetch }: DidWebMethodOptions = {}) {
+  constructor({
+    fetch = globalThis.fetch,
+    allowHttp = true,
+  }: DidWebMethodOptions = {}) {
     this.fetch = bindFetch(fetch)
+    this.allowHttp = allowHttp
   }
 
   async resolve(did: Did<'web'>, options?: ResolveDidOptions) {
     const didDocumentUrl = buildDidWebDocumentUrl(did)
 
+    if (!this.allowHttp && didDocumentUrl.protocol === 'http:') {
+      throw new Error(
+        `Cannot resolve DID document for localhost: ${didDocumentUrl}`,
+      )
+    }
+
     // Note we do not explicitly check for "localhost" here. Instead, we rely on
     // the injected 'fetch' function to handle the URL. If the URL is
     // "localhost", or resolves to a private IP address, the fetch function is

packages/lexicon/jest.config.js

@@ -1,7 +1,6 @@
 /** @type {import('jest').Config} */
 module.exports = {
   displayName: 'Lexicon',
-  transform: { '^.+\\.(t|j)s$': '@swc/jest' },
-  transformIgnorePatterns: [`<rootDir>/node_modules/(?!get-port)`],
+  transform: { '^.+\\.ts$': '@swc/jest' },
   setupFiles: ['<rootDir>/../../jest.setup.ts'],
 }

packages/oauth/oauth-client-browser-example/package.json

@@ -0,0 +1,60 @@
+{
+  "name": "@atproto/oauth-client-browser-example",
+  "version": "0.0.0",
+  "license": "MIT",
+  "description": "Example single page application app using ATPROTO OAuth",
+  "keywords": [
+    "example",
+    "spa",
+    "atproto",
+    "oauth",
+    "browser",
+    "client"
+  ],
+  "homepage": "https://atproto.com",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/bluesky-social/atproto",
+    "directory": "packages/oauth/oauth-client-browser"
+  },
+  "type": "commonjs",
+  "exports": {
+    ".": {
+      "default": "./dist/files.json"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "dependencies": {},
+  "devDependencies": {
+    "@atproto-labs/rollup-plugin-bundle-manifest": "workspace:*",
+    "@atproto/api": "workspace:*",
+    "@atproto/oauth-client": "workspace:*",
+    "@atproto/oauth-client-browser": "workspace:*",
+    "@atproto/oauth-types": "workspace:*",
+    "@atproto/xrpc": "workspace:*",
+    "@rollup/plugin-commonjs": "^25.0.7",
+    "@rollup/plugin-json": "^6.1.0",
+    "@rollup/plugin-html": "^1.0.4",
+    "@rollup/plugin-node-resolve": "^15.2.3",
+    "@rollup/plugin-replace": "^5.0.5",
+    "@rollup/plugin-terser": "^0.4.4",
+    "@rollup/plugin-typescript": "^11.1.6",
+    "@types/react": "^18.2.50",
+    "@types/react-dom": "^18.2.18",
+    "autoprefixer": "^10.4.17",
+    "postcss": "^8.4.33",
+    "react": "^18.2.0",
+    "react-dom": "^18.2.0",
+    "rollup": "^4.13.0",
+    "rollup-plugin-postcss": "^4.0.2",
+    "rollup-plugin-serve": "^1.1.1",
+    "tailwindcss": "^3.4.1",
+    "typescript": "^5.6.3"
+  },
+  "scripts": {
+    "build": "rollup --config rollup.config.js",
+    "dev": "rollup --config rollup.config.js --watch"
+  }
+}