Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PDS proxy to appview performance #2773

Merged
merged 6 commits into from
Sep 6, 2024
Merged

PDS proxy to appview performance #2773

merged 6 commits into from
Sep 6, 2024

Conversation

dholms
Copy link
Collaborator

@dholms dholms commented Sep 1, 2024
edited
Loading

Introduces a temporary measure where a PDS can proxy directly through to the appview without signing a service auth header. This is mean to reduce load on Bluesky PDS instances, and is not intended to be implemented by other Appviews in the network. While this is a bit awkward, it is directionally aligned with possible plans to have the client talk directly to the Appview.

@dholms dholms changed the title Bsky performance tweaks Bsky performance Sep 1, 2024
devinivy
devinivy reviewed Sep 3, 2024
View reviewed changes
packages/bsky/tests/entryway-auth.test.ts
return nodeCrypto.createPrivateKey(privKeyEncoded)
}

describe('entryway auth', () => {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Testing expiration could be nice too!

matthieusieben
matthieusieben reviewed Sep 5, 2024
View reviewed changes
packages/bsky/src/auth-verifier.ts
}

const res = await jose
.jwtVerify(token, this.entrywayJwtPublicKey)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For good measure, we should ensure that the right issuer is used, even if this should already be covered by the fact that entrywayJwtPublicKey is specific to entryway.

Maybe the payload's iss can be used to determine if this method should be used (in standardOptionalParameterized)

Suggested change
.jwtVerify(token, this.entrywayJwtPublicKey)
.jwtVerify(token, this.entrywayJwtPublicKey, { iss: ... })

@devinivy devinivy marked this pull request as ready for review September 6, 2024 04:40
@dholms dholms changed the title Bsky performance PDS proxy to appview performance Sep 6, 2024
@dholms dholms merged commit 6c1ec14 into main Sep 6, 2024
11 checks passed
@dholms dholms deleted the bsky-tweaks branch September 6, 2024 23:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthieusieben matthieusieben matthieusieben left review comments

@Vincentroland Vincentroland Vincentroland approved these changes

@devinivy devinivy devinivy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dholms @matthieusieben @devinivy @Vincentroland