diff --git a/.gitignore b/.gitignore index bcb2719..0efae0e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ repos .claude +deploy.yml +claude.md diff --git a/README.md b/README.md index a6bab35..c12b9bf 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ ## account - [ai@syu.is](https://syu.is/profile/did:plc:6qyecktefllvenje24fcxnie) -- [ai@bsky.app](https://bsky.app/profile/did:plc:6qyecktefllvenje24fcxnie) +- [yui@bsky.social](https://bsky.app/profile/did:plc:6qyecktefllvenje24fcxnie) - https://plc.syu.is/did:plc:6qyecktefllvenje24fcxnie - https://plc.directory/did:plc:6qyecktefllvenje24fcxnie diff --git a/compose.yml b/compose.yml index 22fda73..54a8957 100644 --- a/compose.yml +++ b/compose.yml @@ -110,11 +110,31 @@ services: env_file: - ./envs/jetstream - ozone-web: + ozone: + ports: + - 2585:3000 build: - context: ./repos/ozone/ + context: ./repos/atproto/ + dockerfile: services/ozone/Dockerfile + restart: always + command: node --enable-source-maps api.js + volumes: + - ./data/ozone/:/data/ + env_file: + - ./envs/ozone + healthcheck: + test: "wget -q --spider http://localhost:3000/xrpc/_health" + interval: 5s + retries: 20 + depends_on: + database: + condition: service_healthy + + ozone-web: ports: - 2586:3000 + build: + context: ./repos/ozone/ restart: always volumes: - ./data/ozone/:/data/ @@ -123,17 +143,3 @@ services: depends_on: database: condition: service_healthy - - ozone: - build: - context: ./repos/atproto/ - dockerfile: services/ozone/Dockerfile - ports: - - 2585:3000 - restart: always - command: node --enable-source-maps api.js - volumes: - - ./data/ozone/:/data/ - env_file: - - ./envs/ozone - diff --git a/envs/ozone b/envs/ozone index 72e89eb..ff08655 100644 --- a/envs/ozone +++ b/envs/ozone @@ -7,8 +7,8 @@ OZONE_DB_POSTGRES_URL=postgres://postgres:postgres@database/ozone OZONE_DID_PLC_URL=https://plc.${host} NEXT_PUBLIC_PLC_DIRECTORY_URL=https://plc.${host} NEXT_PUBLIC_OZONE_SERVICE_DID=did:web:ozone.${host} -NEXT_PUBLIC_SOCIAL_APP_DOMAIN=mod.${host} -NEXT_PUBLIC_SOCIAL_APP_URL=https://mod.${host} +NEXT_PUBLIC_SOCIAL_APP_DOMAIN=${host} +NEXT_PUBLIC_SOCIAL_APP_URL=https://${host} OZONE_APPVIEW_DID=did:web:bsky.${host} OZONE_APPVIEW_URL=https://bsky.${host} OZONE_APPVIEW_PUSH_EVENTS=false diff --git a/install.zsh b/install.zsh index 2053bb9..89834ea 100755 --- a/install.zsh +++ b/install.zsh @@ -59,7 +59,7 @@ function at-repos-clone() { echo $repo if [ ! -d $d/repos/${repo##*/} ];then git clone $repo - + fi done if [ ! -f $d/repos/feed-generator/Dockerfile ] && [ -f $d/docker/feed/Dockerfile ];then @@ -106,6 +106,8 @@ function at-repos-social-app-avatar-write() { did_admin=did:plc:6qyecktefllvenje24fcxnie dt=$d/repos/social-app/src cd $dt + grep -R syu.is .|cut -d : -f 1|sort -u|xargs sed -i "s/syu.is/${host}/g" + grep -R web.syu.is .|cut -d : -f 1|sort -u|xargs sed -i "s/web.syu.is/web.${host}/g" f=$dt/lib/constants.ts sed -i "s#export const BSKY_SERVICE = 'https://bsky.social'#export const BSKY_SERVICE = 'https://${host}'#g" $f sed -i "s#export const BSKY_SERVICE_DID = 'did:web:bsky.social'#export const BSKY_SERVICE_DID = 'did:web:${host}'#g" $f @@ -113,51 +115,9 @@ function at-repos-social-app-avatar-write() { sed -i "s#export const PUBLIC_APPVIEW = 'https://api.bsky.app'#export const PUBLIC_APPVIEW = 'https://bsky.${host}'#g" $f sed -i "s#export const PUBLIC_APPVIEW_DID = 'did:web:api.bsky.app'#export const PUBLIC_APPVIEW_DID = 'did:web:bsky.${host}'#g" $f - # Disable external services (CORS fix) - f=$dt/state/geolocation/const.ts - curl -sL https://raw.githubusercontent.com/bluesky-social/social-app/refs/heads/main/src/state/geolocation/const.ts -o $f - cat > $f << 'GEOEOF' -import {type GeolocationStatus} from '#/state/geolocation/types' -import {BAPP_CONFIG_DEV_URL, IS_DEV} from '#/env' -import {type Device} from '#/storage' - -export const IPCC_URL = `https://bsky.app/ipcc` -// Disabled for self-hosted environment to avoid CORS errors -export const BAPP_CONFIG_URL_PROD = null -export const BAPP_CONFIG_URL = null -export const GEOLOCATION_CONFIG_URL = BAPP_CONFIG_URL - -export const DEFAULT_GEOLOCATION_CONFIG: Device['geolocation'] = { - countryCode: undefined, - regionCode: undefined, - ageRestrictedGeos: [], - ageBlockedGeos: [], -} - -export const DEFAULT_GEOLOCATION_STATUS: GeolocationStatus = { - countryCode: undefined, - regionCode: undefined, - isAgeRestrictedGeo: false, - isAgeBlockedGeo: false, -} -GEOEOF - - # Add null check to geolocation config.ts to prevent fetch(null) errors - f=$dt/state/geolocation/config.ts - curl -sL https://raw.githubusercontent.com/bluesky-social/social-app/refs/heads/main/src/state/geolocation/config.ts -o $f - # Add null check at the beginning of getGeolocationConfig function (after line with 'url: string,') - sed -i "s/): Promise {/): Promise {\n if (!url) return undefined/" $f - - # Disable Statsig (CORS fix) - f=$dt/lib/statsig/statsig.tsx - sed -i "s#api: 'https://events.bsky.app/v2'#api: '' // Disabled for self-hosted#g" $f - # Disable SDK initialization to prevent statsigapi.net connections - sed -i "s#const SDK_KEY = 'client-SXJakO39w9vIhl3D44u8UupyzFl4oZ2qPIkjwcvuPsV'#const SDK_KEY = '' // Disabled for self-hosted#g" $f - f=$dt/view/icons/Logotype.tsx o=$d/icons/Logotype.tsx cp -rf $o $f - f=$dt/view/com/util/UserAvatar.tsx curl -sL https://raw.githubusercontent.com/bluesky-social/social-app/refs/heads/main/src/view/com/util/UserAvatar.tsx -o $f sed -i "s#/img/avatar/plain/#https://cdn.web.syu.is/img/avatar/plain/#g" $f @@ -191,6 +151,16 @@ function at-repos-atproto-service-pds-index-patch() { popd } +function at-repos-atproto-oauth-same-site-patch() { + f=$d/repos/atproto/packages/oauth/oauth-provider/src/router/create-authorization-page-middleware.ts + d_=$d/repos/atproto + p_=$d/patching/170-pds-oauth-same-site-fix.patch + echo "applying patch: under ${f} for ${p_}" + pushd ${d_} + patch -p1 < ${p_} + popd +} + function at-repos-social-app-agent-patch() { f=$d/repos/social-app/src/state/session/agent.ts p_=$d/patching/8980-social-app-disable-proxy.diff @@ -211,6 +181,16 @@ function at-repos-social-app-disable-external-services-patch() { popd } +function at-repos-social-app-statsig-patch() { + f=$d/repos/social-app/src/lib/statsig/statsig.tsx + p_=$d/patching/disable-statsig-sdk.diff + d_=$d/repos/social-app + echo "applying patch: under ${f} for ${p_}" + pushd ${d_} + patch -p1 < ${p_} + popd +} + function at-repos-social-app-dockerfile-yarn-timeout-patch() { f=$d/repos/social-app/Dockerfile p_=$d/patching/140-social-app-yarn-network-timeout.patch @@ -250,10 +230,52 @@ function at-repos-ozone-patch() { patch -p1 < ${p_} popd + p_=$d/patching/130-ozone-skip-did-check.patch + echo "applying patch: under ${d_} for ${p_}" + pushd ${d_} + patch -p1 < ${p_} + popd + + p_=$d/patching/150-ozone-plc-fix.patch + echo "applying patch: under ${d_} for ${p_}" + pushd ${d_} + patch -p1 < ${p_} + popd + + p_=$d/patching/160-ozone-oauth-redirect-fix.patch + echo "applying patch: under ${d_} for ${p_}" + pushd ${d_} + patch -p1 < ${p_} + popd + p_=$d/patching/121-ozone-constants-fix.patch echo "applying patch: under ${d_} for ${p_}" pushd ${d_} patch -p1 < ${p_} || true + # Replace process.env with env() + sed -i 's/process\.env\.\(NEXT_PUBLIC_[A-Z_]*\)/env('\''\1'\'')/g' lib/constants.ts + sed -i 's/process\.env\.NODE_ENV/env('\''NODE_ENV'\'')/g' lib/constants.ts + # Add missing SOCIAL_APP_DOMAIN constant after SOCIAL_APP_URL + sed -i '/^export const SOCIAL_APP_URL =/,/^$/{ /^$/a\ +export const SOCIAL_APP_DOMAIN =\ + env('\''NEXT_PUBLIC_SOCIAL_APP_DOMAIN'\'') || '\''bsky.app'\''\ + + }' lib/constants.ts + # Fix multiline process.env patterns + sed -i '/^export const NEW_ACCOUNT_MARKER_THRESHOLD_IN_DAYS = process\.env$/,/^ : 7$/ { + s/^export const NEW_ACCOUNT_MARKER_THRESHOLD_IN_DAYS = process\.env$/export const NEW_ACCOUNT_MARKER_THRESHOLD_IN_DAYS = env('\''NEXT_PUBLIC_NEW_ACCOUNT_MARKER_THRESHOLD_IN_DAYS'\'')/ + /^ \.NEXT_PUBLIC_NEW_ACCOUNT_MARKER_THRESHOLD_IN_DAYS$/d + }' lib/constants.ts + sed -i '/^export const YOUNG_ACCOUNT_MARKER_THRESHOLD_IN_DAYS = process\.env$/,/^ : 30$/ { + s/^export const YOUNG_ACCOUNT_MARKER_THRESHOLD_IN_DAYS = process\.env$/export const YOUNG_ACCOUNT_MARKER_THRESHOLD_IN_DAYS = env('\''NEXT_PUBLIC_YOUNG_ACCOUNT_MARKER_THRESHOLD_IN_DAYS'\'')/ + /^ \.NEXT_PUBLIC_YOUNG_ACCOUNT_MARKER_THRESHOLD_IN_DAYS$/d + }' lib/constants.ts + sed -i '/^export const HIGH_PROFILE_FOLLOWER_THRESHOLD = process\.env$/,/^ : Infinity$/ { + s/^export const HIGH_PROFILE_FOLLOWER_THRESHOLD = process\.env$/export const HIGH_PROFILE_FOLLOWER_THRESHOLD = env('\''NEXT_PUBLIC_HIGH_PROFILE_FOLLOWER_THRESHOLD'\'')/ + /^ \.NEXT_PUBLIC_HIGH_PROFILE_FOLLOWER_THRESHOLD$/d + }' lib/constants.ts + # Fix parseInt() to handle undefined by adding || '' + sed -i "s/parseInt(env('\([^']*\)'))/parseInt(env('\1') || '0')/g" lib/constants.ts popd } @@ -271,16 +293,17 @@ function at-repos-build-docker-atproto() { } function at-repos-push-reset() { - docker restart registry - docker stop registry - docker rm registry - docker volume rm registry-data 2>/dev/null || true + if [ -n "$(docker ps -q -f name=registry)" ]; then + echo "Registry is already running." + docker restart registry + docker stop registry + docker rm registry + docker volume rm registry-data 2>/dev/null || true + fi docker run -d -p ${dport}:${dport} --name registry \ --restart=always \ -v registry-data:/var/lib/registry \ registry:2 - sleep 3 - docker run -d -p ${dport}:${dport} --name registry --restart=always registry:2 } function at-repos-push-docker() { @@ -289,10 +312,6 @@ function at-repos-push-docker() { service=${services[$i]} docker tag at-${service}:latest localhost:${dport}/${service}:latest docker push localhost:${dport}/${service}:latest - if [ "$service" = "ozone" ];then - docker tag at-${service}:latest localhost:${dport}/${service}-web:latest - docker push localhost:${dport}/${service}-web:latest - fi done else docker tag at-${1}:latest localhost:${dport}/${1}:latest @@ -313,7 +332,10 @@ case "`cat /etc/hostname`" in exit ;; *) - at-repos-push-reset + if [ "$1" = "r" ];then + at-repos-push-reset + exit + fi at-repos-clone at-repos-pull at-repos-social-app-icon @@ -321,9 +343,11 @@ case "`cat /etc/hostname`" in at-repos-social-app-avatar-write at-repos-social-app-agent-patch at-repos-social-app-disable-external-services-patch + at-repos-social-app-statsig-patch at-repos-social-app-dockerfile-yarn-timeout-patch at-repos-atproto-service-bsky-api-patch at-repos-atproto-service-pds-index-patch + at-repos-atproto-oauth-same-site-patch at-repos-atproto-service-ozone-api-patch at-repos-ozone-patch if [ -n "$1" ];then diff --git a/patching/121-ozone-constants-fix.patch b/patching/121-ozone-constants-fix.patch index 42ba11d..b490101 100644 --- a/patching/121-ozone-constants-fix.patch +++ b/patching/121-ozone-constants-fix.patch @@ -1,99 +1,8 @@ --- a/lib/constants.ts +++ b/lib/constants.ts -@@ -1,29 +1,32 @@ -+import { env } from 'next-runtime-env'; +@@ -1,3 +1,5 @@ ++import { env } from 'next-runtime-env' + export const OAUTH_SCOPE = 'atproto transition:generic transition:chat.bsky' - + export const OZONE_SERVICE_DID = -- process.env.NEXT_PUBLIC_OZONE_SERVICE_DID || undefined -+ env('NEXT_PUBLIC_OZONE_SERVICE_DID') || undefined - - export const OZONE_PUBLIC_URL = -- process.env.NEXT_PUBLIC_OZONE_PUBLIC_URL || undefined -+ env('NEXT_PUBLIC_OZONE_PUBLIC_URL') || undefined - - export const PLC_DIRECTORY_URL = -- process.env.NEXT_PUBLIC_PLC_DIRECTORY_URL || -+ env('NEXT_PUBLIC_PLC_DIRECTORY_URL') || - (process.env.NODE_ENV === 'development' - ? 'http://localhost:2582' - : 'https://plc.directory') - --export const QUEUE_CONFIG = process.env.NEXT_PUBLIC_QUEUE_CONFIG || '{}' -+export const QUEUE_CONFIG = env('NEXT_PUBLIC_QUEUE_CONFIG') || '{}' - --export const QUEUE_SEED = process.env.NEXT_PUBLIC_QUEUE_SEED || '' -+export const QUEUE_SEED = env('NEXT_PUBLIC_QUEUE_SEED') || '' - -+export const SOCIAL_APP_DOMAIN = env('NEXT_PUBLIC_SOCIAL_APP_DOMAIN') || 'bsky.app' - export const SOCIAL_APP_URL = -- process.env.NEXT_PUBLIC_SOCIAL_APP_URL || -+ env('NEXT_PUBLIC_SOCIAL_APP_URL') || - (process.env.NODE_ENV === 'development' - ? 'http://localhost:2584' -- : 'https://bsky.app') -+ : `https://${SOCIAL_APP_DOMAIN}`) - - export const HANDLE_RESOLVER_URL = -- process.env.NEXT_PUBLIC_HANDLE_RESOLVER_URL || -+ env('NEXT_PUBLIC_HANDLE_RESOLVER_URL') || - (process.env.NODE_ENV === 'development' - ? 'http://localhost:2584' - : 'https://api.bsky.app') -@@ -36,25 +39,25 @@ - - export const NEW_ACCOUNT_MARKER_THRESHOLD_IN_DAYS = process.env - .NEXT_PUBLIC_NEW_ACCOUNT_MARKER_THRESHOLD_IN_DAYS -- ? parseInt(process.env.NEXT_PUBLIC_NEW_ACCOUNT_MARKER_THRESHOLD_IN_DAYS) -+ ? parseInt(env('NEXT_PUBLIC_NEW_ACCOUNT_MARKER_THRESHOLD_IN_DAYS')) - : 7 - - export const YOUNG_ACCOUNT_MARKER_THRESHOLD_IN_DAYS = process.env - .NEXT_PUBLIC_YOUNG_ACCOUNT_MARKER_THRESHOLD_IN_DAYS -- ? parseInt(process.env.NEXT_PUBLIC_YOUNG_ACCOUNT_MARKER_THRESHOLD_IN_DAYS) -+ ? parseInt(env('NEXT_PUBLIC_YOUNG_ACCOUNT_MARKER_THRESHOLD_IN_DAYS')) - : 30 - - export const DOMAINS_ALLOWING_EMAIL_COMMUNICATION = ( -- process.env.NEXT_PUBLIC_DOMAINS_ALLOWING_EMAIL_COMMUNICATION || '' -+ env('NEXT_PUBLIC_DOMAINS_ALLOWING_EMAIL_COMMUNICATION') || '' - ).split(',') - - export const HIGH_PROFILE_FOLLOWER_THRESHOLD = process.env - .NEXT_PUBLIC_HIGH_PROFILE_FOLLOWER_THRESHOLD -- ? parseInt(process.env.NEXT_PUBLIC_HIGH_PROFILE_FOLLOWER_THRESHOLD) -+ ? parseInt(env('NEXT_PUBLIC_HIGH_PROFILE_FOLLOWER_THRESHOLD')) - : Infinity - - export const FALLBACK_VIDEO_URL = ( -- process.env.NEXT_PUBLIC_FALLBACK_VIDEO_URL || '' -+ env('NEXT_PUBLIC_FALLBACK_VIDEO_URL') || '' - ).split(':') - - // strike to account suspension duration mapping (in hours) -@@ -87,18 +90,18 @@ - - export const STRIKE_TO_SUSPENSION_DURATION_IN_HOURS = - parseStrikeSuspensionConfig( -- process.env.NEXT_PUBLIC_STRIKE_SUSPENSION_CONFIG || '', -+ env('NEXT_PUBLIC_STRIKE_SUSPENSION_CONFIG') || '', - ) - - export const AUTOMATED_ACTION_EMAIL_IDS = { - warningWithTakedown: -- process.env.NEXT_PUBLIC_WARNING_WITH_TAKEDOWN_EMAIL_TEMPLATE_ID, -+ env('NEXT_PUBLIC_WARNING_WITH_TAKEDOWN_EMAIL_TEMPLATE_ID'), - suspensionWithTakedown: -- process.env.NEXT_PUBLIC_SUSPENSION_WITH_TAKEDOWN_EMAIL_TEMPLATE_ID, -+ env('NEXT_PUBLIC_SUSPENSION_WITH_TAKEDOWN_EMAIL_TEMPLATE_ID'), - suspensionWithoutTakedown: -- process.env.NEXT_PUBLIC_SUSPENSION_WITHOUT_TAKEDOWN_EMAIL_TEMPLATE_ID, -+ env('NEXT_PUBLIC_SUSPENSION_WITHOUT_TAKEDOWN_EMAIL_TEMPLATE_ID'), - permanentTakedown: -- process.env.NEXT_PUBLIC_PERMANENT_TAKEDOWN_EMAIL_TEMPLATE_ID, -+ env('NEXT_PUBLIC_PERMANENT_TAKEDOWN_EMAIL_TEMPLATE_ID'), - takedownWithoutStrike: -- process.env.NEXT_PUBLIC_TAKEDOWN_WITHOUT_STRIKE_EMAIL_TEMPLATE_ID, -+ env('NEXT_PUBLIC_TAKEDOWN_WITHOUT_STRIKE_EMAIL_TEMPLATE_ID'), - } diff --git a/patching/122-ozone-enable-daemon.diff b/patching/122-ozone-enable-daemon.diff index 3b783df..7734758 100644 --- a/patching/122-ozone-enable-daemon.diff +++ b/patching/122-ozone-enable-daemon.diff @@ -1,5 +1,5 @@ diff --git a/service/index.js b/service/index.js -index 943c281..7721cd9 100644 +index d5295a3..7721cd9 100644 --- a/service/index.js +++ b/service/index.js @@ -1,5 +1,7 @@ @@ -19,7 +19,7 @@ index 943c281..7721cd9 100644 const pkg = require('@atproto/ozone/package.json') async function main() { -@@ -16,37 +19,48 @@ async function main() { +@@ -16,30 +19,48 @@ async function main() { const frontendHandler = frontend.getRequestHandler() await frontend.prepare() // backend @@ -41,19 +41,16 @@ index 943c281..7721cd9 100644 await db.close() } - const ozone = await OzoneService.create(config, secrets) +- + const server = await ozone.OzoneService.create(config, secrets) - // setup handlers -- ozone.app.get('/.well-known/ozone-metadata.json', (_req, res) => { ++ // setup handlers + server.app.get('/.well-known/ozone-metadata.json', (_req, res) => { - return res.json({ -- did: ozone.ctx.cfg.service.did, -- url: ozone.ctx.cfg.service.publicUrl, -- publicKey: ozone.ctx.signingKey.did(), ++ return res.json({ + did: server.ctx.cfg.service.did, + url: server.ctx.cfg.service.publicUrl, + publicKey: server.ctx.signingKey.did(), - }) - }) ++ }) ++ }) // Note: We must use `use()` here. This should be the last middleware. - ozone.app.use((req, res) => { + server.app.use((req, res) => { diff --git a/patching/130-ozone-skip-did-check.patch b/patching/130-ozone-skip-did-check.patch new file mode 100644 index 0000000..e829a07 --- /dev/null +++ b/patching/130-ozone-skip-did-check.patch @@ -0,0 +1,27 @@ +--- a/components/shell/ConfigurationFlow.tsx ++++ b/components/shell/ConfigurationFlow.tsx +@@ -97,22 +97,6 @@ export function ConfigurationFlow({ + } + + if (config.needs.key || config.needs.service) { +- if (authDid !== config.did) { +- return ( +- <> +- +- {`You're`} logged in as {authIdentifier}. Please login as{' '} +- {config.handle || 'your Ozone service account'} in order to +- configure Ozone. +- +- +- +- ) +- } + if (config.did.startsWith('did:web:')) { + return ( + <> diff --git a/patching/150-ozone-plc-fix.patch b/patching/150-ozone-plc-fix.patch new file mode 100644 index 0000000..e20e004 --- /dev/null +++ b/patching/150-ozone-plc-fix.patch @@ -0,0 +1,61 @@ +diff --git a/components/shell/ConfigurationFlow.tsx b/components/shell/ConfigurationFlow.tsx +index 7280a7b..0bb4e14 100644 +--- a/components/shell/ConfigurationFlow.tsx ++++ b/components/shell/ConfigurationFlow.tsx +@@ -97,43 +97,6 @@ export function ConfigurationFlow({ + } + + if (config.needs.key || config.needs.service) { +- if (authDid !== config.did) { +- return ( +- <> +- +- {`You're`} logged in as {authIdentifier}. Please login as{' '} +- {config.handle || 'your Ozone service account'} in order to +- configure Ozone. +- +- +- +- ) +- } +- if (config.did.startsWith('did:web:')) { +- return ( +- <> +- +- You must configure your identity on your own if {`you're`} using a +- did:web. You will need to add a service with id{' '} +- {`"atproto_labeler"`} and verification method with id{' '} +- {`"atproto_label"`}. +- +- +- +- ) +- } + if (!config.doc) { + return ( + <> +diff --git a/lib/identity.ts b/lib/identity.ts +index a8ec3a7..8e4d171 100644 +--- a/lib/identity.ts ++++ b/lib/identity.ts +@@ -83,7 +83,7 @@ export function didDocToData(doc: { + const [, id] = s['id'].split('#') + acc[id] = { + type: s['type'], +- serviceEndpoint: s['serviceEndpoint'], ++ endpoint: s['serviceEndpoint'], + } + } + return acc diff --git a/patching/160-ozone-oauth-redirect-fix.patch b/patching/160-ozone-oauth-redirect-fix.patch new file mode 100644 index 0000000..675ac11 --- /dev/null +++ b/patching/160-ozone-oauth-redirect-fix.patch @@ -0,0 +1,13 @@ +diff --git a/app/oauth-client.json/route.ts b/app/oauth-client.json/route.ts +index 4755046..c602676 100644 +--- a/app/oauth-client.json/route.ts ++++ b/app/oauth-client.json/route.ts +@@ -20,7 +20,7 @@ export async function GET(request: Request) { + oauthClientMetadataSchema.parse({ + client_id: requestUrl.href, + client_uri: new URL('/', requestUrl).href, +- redirect_uris: [new URL('/', requestUrl).href], ++ redirect_uris: [new URL('/oauth/callback', requestUrl).href], + response_types: ['code'], + grant_types: ['authorization_code', 'refresh_token'], + token_endpoint_auth_method: 'none', diff --git a/patching/170-pds-oauth-same-site-fix.patch b/patching/170-pds-oauth-same-site-fix.patch new file mode 100644 index 0000000..b836b59 --- /dev/null +++ b/patching/170-pds-oauth-same-site-fix.patch @@ -0,0 +1,13 @@ +diff --git a/packages/oauth/oauth-provider/src/router/create-authorization-page-middleware.ts b/packages/oauth/oauth-provider/src/router/create-authorization-page-middleware.ts +index f653b0353..45c45fac1 100644 +--- a/packages/oauth/oauth-provider/src/router/create-authorization-page-middleware.ts ++++ b/packages/oauth/oauth-provider/src/router/create-authorization-page-middleware.ts +@@ -53,7 +53,7 @@ export function createAuthorizationPageMiddleware< + res.setHeader('Cache-Control', 'no-store') + res.setHeader('Pragma', 'no-cache') + +- validateFetchSite(req, ['cross-site', 'none']) ++ validateFetchSite(req, ['cross-site', 'same-site', 'none']) + validateFetchMode(req, ['navigate']) + validateFetchDest(req, ['document']) + validateOrigin(req, issuerOrigin) diff --git a/patching/disable-statsig-sdk.diff b/patching/disable-statsig-sdk.diff new file mode 100644 index 0000000..869b4cd --- /dev/null +++ b/patching/disable-statsig-sdk.diff @@ -0,0 +1,22 @@ +diff --git a/src/lib/statsig/statsig.tsx b/src/lib/statsig/statsig.tsx +index 1234567..89abcdef 100644 +--- a/src/lib/statsig/statsig.tsx ++++ b/src/lib/statsig/statsig.tsx +@@ -266,6 +266,7 @@ export async function tryFetchGates( + } + + export function initialize() { ++ if (!SDK_KEY) return Promise.resolve() + return Statsig.initialize(SDK_KEY, null, createStatsigOptions([])) + } + +@@ -310,6 +311,9 @@ export function Provider({children}: {children: React.ReactNode}) { + return () => clearInterval(id) + }, [handleIntervalTick]) + ++ if (!SDK_KEY) { ++ return {children} ++ } + return ( + +