ai/at
1
0
Fork 0
Code Wiki Activity

fix ozone

Browse Source
This commit is contained in:
syui
2025-12-03 23:11:38 +09:00
parent a837c79f43
commit ce9abf1ef9
12 changed files with 251 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -1,2 +1,4 @@
repos
.claude
deploy.yml
claude.md

2
README.md
View File

@@ -16,7 +16,7 @@
## account
- [ai@syu.is](https://syu.is/profile/did:plc:6qyecktefllvenje24fcxnie)
- [ai@bsky.app](https://bsky.app/profile/did:plc:6qyecktefllvenje24fcxnie)
- [yui@bsky.social](https://bsky.app/profile/did:plc:6qyecktefllvenje24fcxnie)
- https://plc.syu.is/did:plc:6qyecktefllvenje24fcxnie
- https://plc.directory/did:plc:6qyecktefllvenje24fcxnie

38
compose.yml
View File

@@ -110,11 +110,31 @@ services:
env_file:
- ./envs/jetstream
ozone-web:
ozone:
ports:
- 2585:3000
build:
context: ./repos/ozone/
context: ./repos/atproto/
dockerfile: services/ozone/Dockerfile
restart: always
command: node --enable-source-maps api.js
volumes:
- ./data/ozone/:/data/
env_file:
- ./envs/ozone
healthcheck:
test: "wget -q --spider http://localhost:3000/xrpc/_health"
interval: 5s
retries: 20
depends_on:
database:
condition: service_healthy
ozone-web:
ports:
- 2586:3000
build:
context: ./repos/ozone/
restart: always
volumes:
- ./data/ozone/:/data/
@@ -123,17 +143,3 @@ services:
depends_on:
database:
condition: service_healthy
ozone:
build:
context: ./repos/atproto/
dockerfile: services/ozone/Dockerfile
ports:
- 2585:3000
restart: always
command: node --enable-source-maps api.js
volumes:
- ./data/ozone/:/data/
env_file:
- ./envs/ozone

4
envs/ozone
View File

@@ -7,8 +7,8 @@ OZONE_DB_POSTGRES_URL=postgres://postgres:postgres@database/ozone
OZONE_DID_PLC_URL=https://plc.${host}
NEXT_PUBLIC_PLC_DIRECTORY_URL=https://plc.${host}
NEXT_PUBLIC_OZONE_SERVICE_DID=did:web:ozone.${host}
NEXT_PUBLIC_SOCIAL_APP_DOMAIN=mod.${host}
NEXT_PUBLIC_SOCIAL_APP_URL=https://mod.${host}
NEXT_PUBLIC_SOCIAL_APP_DOMAIN=${host}
NEXT_PUBLIC_SOCIAL_APP_URL=https://${host}
OZONE_APPVIEW_DID=did:web:bsky.${host}
OZONE_APPVIEW_URL=https://bsky.${host}
OZONE_APPVIEW_PUSH_EVENTS=false

130
install.zsh
View File

@@ -106,6 +106,8 @@ function at-repos-social-app-avatar-write() {
did_admin=did:plc:6qyecktefllvenje24fcxnie
dt=$d/repos/social-app/src
cd $dt
grep -R syu.is .|cut -d : -f 1|sort -u|xargs sed -i "s/syu.is/${host}/g"
grep -R web.syu.is .|cut -d : -f 1|sort -u|xargs sed -i "s/web.syu.is/web.${host}/g"
f=$dt/lib/constants.ts
sed -i "s#export const BSKY_SERVICE = 'https://bsky.social'#export const BSKY_SERVICE = 'https://${host}'#g" $f
sed -i "s#export const BSKY_SERVICE_DID = 'did:web:bsky.social'#export const BSKY_SERVICE_DID = 'did:web:${host}'#g" $f
@@ -113,51 +115,9 @@ function at-repos-social-app-avatar-write() {
sed -i "s#export const PUBLIC_APPVIEW = 'https://api.bsky.app'#export const PUBLIC_APPVIEW = 'https://bsky.${host}'#g" $f
sed -i "s#export const PUBLIC_APPVIEW_DID = 'did:web:api.bsky.app'#export const PUBLIC_APPVIEW_DID = 'did:web:bsky.${host}'#g" $f
# Disable external services (CORS fix)
f=$dt/state/geolocation/const.ts
curl -sL https://raw.githubusercontent.com/bluesky-social/social-app/refs/heads/main/src/state/geolocation/const.ts -o $f
cat > $f << 'GEOEOF'
import {type GeolocationStatus} from '#/state/geolocation/types'
import {BAPP_CONFIG_DEV_URL, IS_DEV} from '#/env'
import {type Device} from '#/storage'
export const IPCC_URL = `https://bsky.app/ipcc`
// Disabled for self-hosted environment to avoid CORS errors
export const BAPP_CONFIG_URL_PROD = null
export const BAPP_CONFIG_URL = null
export const GEOLOCATION_CONFIG_URL = BAPP_CONFIG_URL
export const DEFAULT_GEOLOCATION_CONFIG: Device['geolocation'] = {
countryCode: undefined,
regionCode: undefined,
ageRestrictedGeos: [],
ageBlockedGeos: [],
}
export const DEFAULT_GEOLOCATION_STATUS: GeolocationStatus = {
countryCode: undefined,
regionCode: undefined,
isAgeRestrictedGeo: false,
isAgeBlockedGeo: false,
}
GEOEOF
# Add null check to geolocation config.ts to prevent fetch(null) errors
f=$dt/state/geolocation/config.ts
curl -sL https://raw.githubusercontent.com/bluesky-social/social-app/refs/heads/main/src/state/geolocation/config.ts -o $f
# Add null check at the beginning of getGeolocationConfig function (after line with 'url: string,')
sed -i "s/): Promise<Device\['geolocation'\]> {/): Promise<Device['geolocation']> {\n if (!url) return undefined/" $f
# Disable Statsig (CORS fix)
f=$dt/lib/statsig/statsig.tsx
sed -i "s#api: 'https://events.bsky.app/v2'#api: '' // Disabled for self-hosted#g" $f
# Disable SDK initialization to prevent statsigapi.net connections
sed -i "s#const SDK_KEY = 'client-SXJakO39w9vIhl3D44u8UupyzFl4oZ2qPIkjwcvuPsV'#const SDK_KEY = '' // Disabled for self-hosted#g" $f
f=$dt/view/icons/Logotype.tsx
o=$d/icons/Logotype.tsx
cp -rf $o $f
f=$dt/view/com/util/UserAvatar.tsx
curl -sL https://raw.githubusercontent.com/bluesky-social/social-app/refs/heads/main/src/view/com/util/UserAvatar.tsx -o $f
sed -i "s#/img/avatar/plain/#https://cdn.web.syu.is/img/avatar/plain/#g" $f
@@ -191,6 +151,16 @@ function at-repos-atproto-service-pds-index-patch() {
popd
}
function at-repos-atproto-oauth-same-site-patch() {
f=$d/repos/atproto/packages/oauth/oauth-provider/src/router/create-authorization-page-middleware.ts
d_=$d/repos/atproto
p_=$d/patching/170-pds-oauth-same-site-fix.patch
echo "applying patch: under ${f} for ${p_}"
pushd ${d_}
patch -p1 < ${p_}
popd
}
function at-repos-social-app-agent-patch() {
f=$d/repos/social-app/src/state/session/agent.ts
p_=$d/patching/8980-social-app-disable-proxy.diff
@@ -211,6 +181,16 @@ function at-repos-social-app-disable-external-services-patch() {
popd
}
function at-repos-social-app-statsig-patch() {
f=$d/repos/social-app/src/lib/statsig/statsig.tsx
p_=$d/patching/disable-statsig-sdk.diff
d_=$d/repos/social-app
echo "applying patch: under ${f} for ${p_}"
pushd ${d_}
patch -p1 < ${p_}
popd
}
function at-repos-social-app-dockerfile-yarn-timeout-patch() {
f=$d/repos/social-app/Dockerfile
p_=$d/patching/140-social-app-yarn-network-timeout.patch
@@ -250,10 +230,52 @@ function at-repos-ozone-patch() {
patch -p1 < ${p_}
popd
p_=$d/patching/130-ozone-skip-did-check.patch
echo "applying patch: under ${d_} for ${p_}"
pushd ${d_}
patch -p1 < ${p_}
popd
p_=$d/patching/150-ozone-plc-fix.patch
echo "applying patch: under ${d_} for ${p_}"
pushd ${d_}
patch -p1 < ${p_}
popd
p_=$d/patching/160-ozone-oauth-redirect-fix.patch
echo "applying patch: under ${d_} for ${p_}"
pushd ${d_}
patch -p1 < ${p_}
popd
p_=$d/patching/121-ozone-constants-fix.patch
echo "applying patch: under ${d_} for ${p_}"
pushd ${d_}
patch -p1 < ${p_} || true
# Replace process.env with env()
sed -i 's/process\.env\.\(NEXT_PUBLIC_[A-Z_]*\)/env('\''\1'\'')/g' lib/constants.ts
sed -i 's/process\.env\.NODE_ENV/env('\''NODE_ENV'\'')/g' lib/constants.ts
# Add missing SOCIAL_APP_DOMAIN constant after SOCIAL_APP_URL
sed -i '/^export const SOCIAL_APP_URL =/,/^$/{ /^$/a\
export const SOCIAL_APP_DOMAIN =\
env('\''NEXT_PUBLIC_SOCIAL_APP_DOMAIN'\'') || '\''bsky.app'\''\
}' lib/constants.ts
# Fix multiline process.env patterns
sed -i '/^export const NEW_ACCOUNT_MARKER_THRESHOLD_IN_DAYS = process\.env$/,/^ : 7$/ {
s/^export const NEW_ACCOUNT_MARKER_THRESHOLD_IN_DAYS = process\.env$/export const NEW_ACCOUNT_MARKER_THRESHOLD_IN_DAYS = env('\''NEXT_PUBLIC_NEW_ACCOUNT_MARKER_THRESHOLD_IN_DAYS'\'')/
/^ \.NEXT_PUBLIC_NEW_ACCOUNT_MARKER_THRESHOLD_IN_DAYS$/d
}' lib/constants.ts
sed -i '/^export const YOUNG_ACCOUNT_MARKER_THRESHOLD_IN_DAYS = process\.env$/,/^ : 30$/ {
s/^export const YOUNG_ACCOUNT_MARKER_THRESHOLD_IN_DAYS = process\.env$/export const YOUNG_ACCOUNT_MARKER_THRESHOLD_IN_DAYS = env('\''NEXT_PUBLIC_YOUNG_ACCOUNT_MARKER_THRESHOLD_IN_DAYS'\'')/
/^ \.NEXT_PUBLIC_YOUNG_ACCOUNT_MARKER_THRESHOLD_IN_DAYS$/d
}' lib/constants.ts
sed -i '/^export const HIGH_PROFILE_FOLLOWER_THRESHOLD = process\.env$/,/^ : Infinity$/ {
s/^export const HIGH_PROFILE_FOLLOWER_THRESHOLD = process\.env$/export const HIGH_PROFILE_FOLLOWER_THRESHOLD = env('\''NEXT_PUBLIC_HIGH_PROFILE_FOLLOWER_THRESHOLD'\'')/
/^ \.NEXT_PUBLIC_HIGH_PROFILE_FOLLOWER_THRESHOLD$/d
}' lib/constants.ts
# Fix parseInt() to handle undefined by adding || ''
sed -i "s/parseInt(env('\([^']*\)'))/parseInt(env('\1') || '0')/g" lib/constants.ts
popd
}
@@ -271,16 +293,17 @@ function at-repos-build-docker-atproto() {
}
function at-repos-push-reset() {
docker restart registry
docker stop registry
docker rm registry
docker volume rm registry-data 2>/dev/null || true
if [ -n "$(docker ps -q -f name=registry)" ]; then
echo "Registry is already running."
docker restart registry
docker stop registry
docker rm registry
docker volume rm registry-data 2>/dev/null || true
fi
docker run -d -p ${dport}:${dport} --name registry \
--restart=always \
-v registry-data:/var/lib/registry \
registry:2
sleep 3
docker run -d -p ${dport}:${dport} --name registry --restart=always registry:2
}
function at-repos-push-docker() {
@@ -289,10 +312,6 @@ function at-repos-push-docker() {
service=${services[$i]}
docker tag at-${service}:latest localhost:${dport}/${service}:latest
docker push localhost:${dport}/${service}:latest
if [ "$service" = "ozone" ];then
docker tag at-${service}:latest localhost:${dport}/${service}-web:latest
docker push localhost:${dport}/${service}-web:latest
fi
done
else
docker tag at-${1}:latest localhost:${dport}/${1}:latest
@@ -313,7 +332,10 @@ case "`cat /etc/hostname`" in
exit
;;
*)
at-repos-push-reset
if [ "$1" = "r" ];then
at-repos-push-reset
exit
fi
at-repos-clone
at-repos-pull
at-repos-social-app-icon
@@ -321,9 +343,11 @@ case "`cat /etc/hostname`" in
at-repos-social-app-avatar-write
at-repos-social-app-agent-patch
at-repos-social-app-disable-external-services-patch
at-repos-social-app-statsig-patch
at-repos-social-app-dockerfile-yarn-timeout-patch
at-repos-atproto-service-bsky-api-patch
at-repos-atproto-service-pds-index-patch
at-repos-atproto-oauth-same-site-patch
at-repos-atproto-service-ozone-api-patch
at-repos-ozone-patch
if [ -n "$1" ];then

95
patching/121-ozone-constants-fix.patch
View File

@@ -1,99 +1,8 @@
--- a/lib/constants.ts
+++ b/lib/constants.ts
@@ -1,29 +1,32 @@
+import { env } from 'next-runtime-env';
@@ -1,3 +1,5 @@
+import { env } from 'next-runtime-env'
+
export const OAUTH_SCOPE = 'atproto transition:generic transition:chat.bsky'
export const OZONE_SERVICE_DID =
- process.env.NEXT_PUBLIC_OZONE_SERVICE_DID || undefined
+ env('NEXT_PUBLIC_OZONE_SERVICE_DID') || undefined
export const OZONE_PUBLIC_URL =
- process.env.NEXT_PUBLIC_OZONE_PUBLIC_URL || undefined
+ env('NEXT_PUBLIC_OZONE_PUBLIC_URL') || undefined
export const PLC_DIRECTORY_URL =
- process.env.NEXT_PUBLIC_PLC_DIRECTORY_URL ||
+ env('NEXT_PUBLIC_PLC_DIRECTORY_URL') ||
(process.env.NODE_ENV === 'development'
? 'http://localhost:2582'
: 'https://plc.directory')
-export const QUEUE_CONFIG = process.env.NEXT_PUBLIC_QUEUE_CONFIG || '{}'
+export const QUEUE_CONFIG = env('NEXT_PUBLIC_QUEUE_CONFIG') || '{}'
-export const QUEUE_SEED = process.env.NEXT_PUBLIC_QUEUE_SEED || ''
+export const QUEUE_SEED = env('NEXT_PUBLIC_QUEUE_SEED') || ''
+export const SOCIAL_APP_DOMAIN = env('NEXT_PUBLIC_SOCIAL_APP_DOMAIN') || 'bsky.app'
export const SOCIAL_APP_URL =
- process.env.NEXT_PUBLIC_SOCIAL_APP_URL ||
+ env('NEXT_PUBLIC_SOCIAL_APP_URL') ||
(process.env.NODE_ENV === 'development'
? 'http://localhost:2584'
- : 'https://bsky.app')
+ : `https://${SOCIAL_APP_DOMAIN}`)
export const HANDLE_RESOLVER_URL =
- process.env.NEXT_PUBLIC_HANDLE_RESOLVER_URL ||
+ env('NEXT_PUBLIC_HANDLE_RESOLVER_URL') ||
(process.env.NODE_ENV === 'development'
? 'http://localhost:2584'
: 'https://api.bsky.app')
@@ -36,25 +39,25 @@
export const NEW_ACCOUNT_MARKER_THRESHOLD_IN_DAYS = process.env
.NEXT_PUBLIC_NEW_ACCOUNT_MARKER_THRESHOLD_IN_DAYS
- ? parseInt(process.env.NEXT_PUBLIC_NEW_ACCOUNT_MARKER_THRESHOLD_IN_DAYS)
+ ? parseInt(env('NEXT_PUBLIC_NEW_ACCOUNT_MARKER_THRESHOLD_IN_DAYS'))
: 7
export const YOUNG_ACCOUNT_MARKER_THRESHOLD_IN_DAYS = process.env
.NEXT_PUBLIC_YOUNG_ACCOUNT_MARKER_THRESHOLD_IN_DAYS
- ? parseInt(process.env.NEXT_PUBLIC_YOUNG_ACCOUNT_MARKER_THRESHOLD_IN_DAYS)
+ ? parseInt(env('NEXT_PUBLIC_YOUNG_ACCOUNT_MARKER_THRESHOLD_IN_DAYS'))
: 30
export const DOMAINS_ALLOWING_EMAIL_COMMUNICATION = (
- process.env.NEXT_PUBLIC_DOMAINS_ALLOWING_EMAIL_COMMUNICATION || ''
+ env('NEXT_PUBLIC_DOMAINS_ALLOWING_EMAIL_COMMUNICATION') || ''
).split(',')
export const HIGH_PROFILE_FOLLOWER_THRESHOLD = process.env
.NEXT_PUBLIC_HIGH_PROFILE_FOLLOWER_THRESHOLD
- ? parseInt(process.env.NEXT_PUBLIC_HIGH_PROFILE_FOLLOWER_THRESHOLD)
+ ? parseInt(env('NEXT_PUBLIC_HIGH_PROFILE_FOLLOWER_THRESHOLD'))
: Infinity
export const FALLBACK_VIDEO_URL = (
- process.env.NEXT_PUBLIC_FALLBACK_VIDEO_URL || ''
+ env('NEXT_PUBLIC_FALLBACK_VIDEO_URL') || ''
).split(':')
// strike to account suspension duration mapping (in hours)
@@ -87,18 +90,18 @@
export const STRIKE_TO_SUSPENSION_DURATION_IN_HOURS =
parseStrikeSuspensionConfig(
- process.env.NEXT_PUBLIC_STRIKE_SUSPENSION_CONFIG || '',
+ env('NEXT_PUBLIC_STRIKE_SUSPENSION_CONFIG') || '',
)
export const AUTOMATED_ACTION_EMAIL_IDS = {
warningWithTakedown:
- process.env.NEXT_PUBLIC_WARNING_WITH_TAKEDOWN_EMAIL_TEMPLATE_ID,
+ env('NEXT_PUBLIC_WARNING_WITH_TAKEDOWN_EMAIL_TEMPLATE_ID'),
suspensionWithTakedown:
- process.env.NEXT_PUBLIC_SUSPENSION_WITH_TAKEDOWN_EMAIL_TEMPLATE_ID,
+ env('NEXT_PUBLIC_SUSPENSION_WITH_TAKEDOWN_EMAIL_TEMPLATE_ID'),
suspensionWithoutTakedown:
- process.env.NEXT_PUBLIC_SUSPENSION_WITHOUT_TAKEDOWN_EMAIL_TEMPLATE_ID,
+ env('NEXT_PUBLIC_SUSPENSION_WITHOUT_TAKEDOWN_EMAIL_TEMPLATE_ID'),
permanentTakedown:
- process.env.NEXT_PUBLIC_PERMANENT_TAKEDOWN_EMAIL_TEMPLATE_ID,
+ env('NEXT_PUBLIC_PERMANENT_TAKEDOWN_EMAIL_TEMPLATE_ID'),
takedownWithoutStrike:
- process.env.NEXT_PUBLIC_TAKEDOWN_WITHOUT_STRIKE_EMAIL_TEMPLATE_ID,
+ env('NEXT_PUBLIC_TAKEDOWN_WITHOUT_STRIKE_EMAIL_TEMPLATE_ID'),
}

17
patching/122-ozone-enable-daemon.diff
View File

@@ -1,5 +1,5 @@
diff --git a/service/index.js b/service/index.js
index 943c281..7721cd9 100644
index d5295a3..7721cd9 100644
--- a/service/index.js
+++ b/service/index.js
@@ -1,5 +1,7 @@
@@ -19,7 +19,7 @@ index 943c281..7721cd9 100644
const pkg = require('@atproto/ozone/package.json')
async function main() {
@@ -16,37 +19,48 @@ async function main() {
@@ -16,30 +19,48 @@ async function main() {
const frontendHandler = frontend.getRequestHandler()
await frontend.prepare()
// backend
@@ -41,19 +41,16 @@ index 943c281..7721cd9 100644
await db.close()
}
- const ozone = await OzoneService.create(config, secrets)
-
+ const server = await ozone.OzoneService.create(config, secrets)
// setup handlers
- ozone.app.get('/.well-known/ozone-metadata.json', (_req, res) => {
+ // setup handlers
+ server.app.get('/.well-known/ozone-metadata.json', (_req, res) => {
return res.json({
- did: ozone.ctx.cfg.service.did,
- url: ozone.ctx.cfg.service.publicUrl,
- publicKey: ozone.ctx.signingKey.did(),
+ return res.json({
+ did: server.ctx.cfg.service.did,
+ url: server.ctx.cfg.service.publicUrl,
+ publicKey: server.ctx.signingKey.did(),
})
})
+ })
+ })
// Note: We must use `use()` here. This should be the last middleware.
- ozone.app.use((req, res) => {
+ server.app.use((req, res) => {

27
patching/130-ozone-skip-did-check.patch Normal file
View File

@@ -0,0 +1,27 @@
--- a/components/shell/ConfigurationFlow.tsx
+++ b/components/shell/ConfigurationFlow.tsx
@@ -97,22 +97,6 @@ export function ConfigurationFlow({
}
if (config.needs.key || config.needs.service) {
- if (authDid !== config.did) {
- return (
- <>
- <ErrorInfo type="warn" className="mt-2">
- {`You're`} logged in as {authIdentifier}. Please login as{' '}
- {config.handle || 'your Ozone service account'} in order to
- configure Ozone.
- </ErrorInfo>
- <Button
- className="w-full mt-2"
- icon={<ArrowLeftOnRectangleIcon />}
- onClick={signOut}
- >
- Restart
- </Button>
- </>
- )
- }
if (config.did.startsWith('did:web:')) {
return (
<>

61
patching/150-ozone-plc-fix.patch Normal file
View File

@@ -0,0 +1,61 @@
diff --git a/components/shell/ConfigurationFlow.tsx b/components/shell/ConfigurationFlow.tsx
index 7280a7b..0bb4e14 100644
--- a/components/shell/ConfigurationFlow.tsx
+++ b/components/shell/ConfigurationFlow.tsx
@@ -97,43 +97,6 @@ export function ConfigurationFlow({
}
if (config.needs.key || config.needs.service) {
- if (authDid !== config.did) {
- return (
- <>
- <ErrorInfo type="warn" className="mt-2">
- {`You're`} logged in as {authIdentifier}. Please login as{' '}
- {config.handle || 'your Ozone service account'} in order to
- configure Ozone.
- </ErrorInfo>
- <Button
- className="w-full mt-2"
- icon={<ArrowLeftOnRectangleIcon />}
- onClick={signOut}
- >
- Restart
- </Button>
- </>
- )
- }
- if (config.did.startsWith('did:web:')) {
- return (
- <>
- <ErrorInfo type="warn" className="mt-2">
- You must configure your identity on your own if {`you're`} using a
- did:web. You will need to add a service with id{' '}
- {`"atproto_labeler"`} and verification method with id{' '}
- {`"atproto_label"`}.
- </ErrorInfo>
- <Button
- className="w-full mt-2"
- icon={<ArrowLeftOnRectangleIcon />}
- onClick={signOut}
- >
- Restart
- </Button>
- </>
- )
- }
if (!config.doc) {
return (
<>
diff --git a/lib/identity.ts b/lib/identity.ts
index a8ec3a7..8e4d171 100644
--- a/lib/identity.ts
+++ b/lib/identity.ts
@@ -83,7 +83,7 @@ export function didDocToData(doc: {
const [, id] = s['id'].split('#')
acc[id] = {
type: s['type'],
- serviceEndpoint: s['serviceEndpoint'],
+ endpoint: s['serviceEndpoint'],
}
}
return acc

13
patching/160-ozone-oauth-redirect-fix.patch Normal file
View File

@@ -0,0 +1,13 @@
diff --git a/app/oauth-client.json/route.ts b/app/oauth-client.json/route.ts
index 4755046..c602676 100644
--- a/app/oauth-client.json/route.ts
+++ b/app/oauth-client.json/route.ts
@@ -20,7 +20,7 @@ export async function GET(request: Request) {
oauthClientMetadataSchema.parse({
client_id: requestUrl.href,
client_uri: new URL('/', requestUrl).href,
- redirect_uris: [new URL('/', requestUrl).href],
+ redirect_uris: [new URL('/oauth/callback', requestUrl).href],
response_types: ['code'],
grant_types: ['authorization_code', 'refresh_token'],
token_endpoint_auth_method: 'none',

13
patching/170-pds-oauth-same-site-fix.patch Normal file
View File

@@ -0,0 +1,13 @@
diff --git a/packages/oauth/oauth-provider/src/router/create-authorization-page-middleware.ts b/packages/oauth/oauth-provider/src/router/create-authorization-page-middleware.ts
index f653b0353..45c45fac1 100644
--- a/packages/oauth/oauth-provider/src/router/create-authorization-page-middleware.ts
+++ b/packages/oauth/oauth-provider/src/router/create-authorization-page-middleware.ts
@@ -53,7 +53,7 @@ export function createAuthorizationPageMiddleware<
res.setHeader('Cache-Control', 'no-store')
res.setHeader('Pragma', 'no-cache')
- validateFetchSite(req, ['cross-site', 'none'])
+ validateFetchSite(req, ['cross-site', 'same-site', 'none'])
validateFetchMode(req, ['navigate'])
validateFetchDest(req, ['document'])
validateOrigin(req, issuerOrigin)

22
patching/disable-statsig-sdk.diff Normal file
View File

@@ -0,0 +1,22 @@
diff --git a/src/lib/statsig/statsig.tsx b/src/lib/statsig/statsig.tsx
index 1234567..89abcdef 100644
--- a/src/lib/statsig/statsig.tsx
+++ b/src/lib/statsig/statsig.tsx
@@ -266,6 +266,7 @@ export async function tryFetchGates(
}
export function initialize() {
+ if (!SDK_KEY) return Promise.resolve()
return Statsig.initialize(SDK_KEY, null, createStatsigOptions([]))
}
@@ -310,6 +311,9 @@ export function Provider({children}: {children: React.ReactNode}) {
return () => clearInterval(id)
}, [handleIntervalTick])
+ if (!SDK_KEY) {
+ return <GateCache.Provider value={gateCache}>{children}</GateCache.Provider>
+ }
return (
<GateCache.Provider value={gateCache}>
<StatsigProvider