From 355fc45316cc88f54f8c802f5cb734d81060075f Mon Sep 17 00:00:00 2001 From: Julien Calixte Date: Tue, 5 May 2026 14:07:31 +0200 Subject: [PATCH] refactor(scripts): switch webhooks:all to api fetch Hits GET /admin/webhooks instead of opening the local SQLite directly, so the task can be run from a developer laptop without ssh or file access to the server. Drops the FFI/read/write task permissions in favour of net/env. --- deno.json | 2 +- scripts/list-all-webhooks.ts | 61 +++++++++++++++++++++++++----------- 2 files changed, 43 insertions(+), 20 deletions(-) diff --git a/deno.json b/deno.json index 97fba00..c5ab1de 100644 --- a/deno.json +++ b/deno.json @@ -6,7 +6,7 @@ "server:prod": "deno run --allow-net --allow-read --allow-write --allow-env --allow-ffi --unstable-ffi server.ts", "migrate": "deno run --allow-net --allow-read --allow-write --allow-env --allow-ffi --unstable-ffi src/migrations/init.ts", "webhooks": "deno run --allow-net --allow-env scripts/manage-webhooks.ts", - "webhooks:all": "deno run --allow-read --allow-write --allow-env --allow-ffi --unstable-ffi scripts/list-all-webhooks.ts" + "webhooks:all": "deno run --allow-net --allow-env scripts/list-all-webhooks.ts" }, "imports": { "@db/sqlite": "jsr:@db/sqlite@^0.13.0", diff --git a/scripts/list-all-webhooks.ts b/scripts/list-all-webhooks.ts index 4c84ef8..46fa027 100644 --- a/scripts/list-all-webhooks.ts +++ b/scripts/list-all-webhooks.ts @@ -1,29 +1,52 @@ -// Admin: list every webhook subscription from the local SQLite, across all -// DIDs. Talks to the database directly — does NOT go through the API. +// Admin: list every webhook subscription via the Remanso API. Requires the +// authenticated DID to be in the server-side ADMIN_DIDS allowlist. // // deno task webhooks:all // -// Reads SQLITE_PATH (defaults to "notes.db"). The `token` column is -// intentionally excluded from the output — it is a write-only secret. +// Inputs (env or flag, env preferred): +// ATPROTO_HANDLE / --handle e.g. alice.eurosky.social +// ATPROTO_APP_PASSWORD / --app-password app password (NOT your account password) +// REMANSO_API / --api default: https://api.remanso.space -import { Database } from "@db/sqlite"; +const HELP = ` +Usage: + deno task webhooks:all -type WebhookRow = { - id: number; - did: string; - method: string; - url: string; - verb: string; +Inputs (env or flag, env preferred): + ATPROTO_HANDLE / --handle your AT Protocol handle + ATPROTO_APP_PASSWORD / --app-password app password (NOT your account password) + REMANSO_API / --api default: https://api.remanso.space +`; + +import { parseArgs, sessionFromFlagsOrEnv } from "./_atproto-session.ts"; + +const die = (msg: string): never => { + console.error(`error: ${msg}`); + console.error(HELP); + Deno.exit(1); }; -const path = Deno.env.get("SQLITE_PATH") ?? "notes.db"; -const db = new Database(path); +const main = async () => { + const flags = parseArgs(Deno.args); + if (flags.help === "true" || flags.h === "true") { + console.log(HELP); + Deno.exit(0); + } -const rows = db.prepare( - "SELECT id, did, method, url, verb FROM webhook_subscription ORDER BY did, id", -).all(); + const { session, api } = await sessionFromFlagsOrEnv(flags).catch( + (e: Error) => die(e.message), + ); -console.log(JSON.stringify(rows, null, 2)); -console.error(`[done] ${rows.length} subscription(s) at ${path}`); + const res = await fetch(`${api}/admin/webhooks`, { + headers: { "Authorization": `Bearer ${session.accessJwt}` }, + }); + if (!res.ok) { + console.error(`list-all failed (${res.status}): ${await res.text()}`); + Deno.exit(1); + } + const rows = await res.json(); + console.log(JSON.stringify(rows, null, 2)); + console.error(`[done] ${rows.length} subscription(s) at ${api}`); +}; -db.close(); +await main();