[pull] main from jsr-io:main

.github/workflows/sync-license-data.yml

@@ -51,7 +51,7 @@ jobs:
 
       - name: Create Pull Request
         if: steps.check-changes.outputs.changes == 'true'
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v8
         with:
           commit-message: |
             feat: update SPDX license data

.github/workflows/sync-types.yml

@@ -0,0 +1,61 @@
+name: Sync Deno & web types
+
+on:
+  schedule:
+    - cron: "0 6 1 * *"
+  workflow_dispatch:
+
+jobs:
+  sync-types:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Deno
+        uses: denoland/setup-deno@v2
+
+      - name: Deno types
+        run: deno task tools:deno_symbols
+
+      - name: Update MDN
+        run: deno update @mdn/browser-compat-data
+
+      - name: Web types
+        run: deno task tools:web_symbols
+
+      - name: Check for changes
+        id: check-changes
+        run: |
+          git add api/src/api/docs/deno_types.json api/src/api/docs/web_builtins.json
+          if git diff --cached --quiet; then
+            echo "changes=false" >> $GITHUB_OUTPUT
+          else
+            echo "changes=true" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Stage remaining files
+        run: git add deno.json deno.lock
+
+      - name: Create Pull Request
+        if: steps.check-changes.outputs.changes == 'true'
+        uses: peter-evans/create-pull-request@v8
+        with:
+          commit-message: |
+            chore: update Deno & web types
+
+            Automated update of Deno types and web types.
+          title: "chore: update Deno & web types"
+          body: |
+            ## Summary
+
+            This PR updates the Deno types with the latest CLI version, and the web types with the latest @mdn/browser-compat-data version.
+
+            ### Automation
+            This PR was created automatically by the monthly sync workflow.
+          branch: update-types
+          delete-branch: true

api/src/api/mod.rs

@@ -2,7 +2,7 @@
 mod admin;
 mod authorization;
 mod errors;
-mod package;
+pub mod package;
 mod publishing_task;
 mod scope;
 mod self_user;

api/src/api/package.rs

@@ -118,7 +118,7 @@ use super::ApiUpdatePackageGithubRepositoryRequest;
 use super::ApiUpdatePackageRequest;
 use super::ApiUpdatePackageVersionRequest;
 
-const MAX_PUBLISH_TARBALL_SIZE: u64 = 20 * 1024 * 1024; // 20mb
+pub const MAX_PUBLISH_TARBALL_SIZE: u64 = 20 * 1024 * 1024; // 20mb
 
 pub struct PublishQueue(pub Option<gcp::Queue>);
 

api/src/db/database.rs

@@ -3480,6 +3480,20 @@ impl Database {
       .await
   }
 
+  #[instrument(name = "Database::delete_expired_oauth_states", skip(self), err)]
+  pub async fn delete_expired_oauth_states(
+    &self,
+    older_than: DateTime<Utc>,
+  ) -> Result<u64> {
+    let result = sqlx::query!(
+      "DELETE FROM oauth_states WHERE created_at < $1",
+      older_than
+    )
+    .execute(&self.pool)
+    .await?;
+    Ok(result.rows_affected())
+  }
+
   #[instrument(name = "Database::insert_oauth_state", skip(
     self,
     new_oauth_state

api/src/publish.rs

@@ -455,6 +455,7 @@ async fn upload_npm_version_manifest(
 pub mod tests {
   use super::*;
   use crate::api::ApiPublishingTask;
+  use crate::api::package::MAX_PUBLISH_TARBALL_SIZE;
   use crate::db::CreatePackageResult;
   use crate::db::CreatePublishingTaskResult;
   use crate::db::NewPublishingTask;
@@ -615,7 +616,7 @@ pub mod tests {
 
   #[tokio::test]
   async fn payload_too_large() {
-    let body = Body::from(vec![0; 999999999]);
+    let body = Body::from(vec![0; MAX_PUBLISH_TARBALL_SIZE as usize + 10]);
 
     let mut t = TestSetup::new().await;
     let mut resp = t
@@ -638,7 +639,7 @@ pub mod tests {
   async fn payload_too_large_stream() {
     // Convert the Vec<u8> into a hyper Body with chunked transfer encoding
     let body = Body::wrap_stream(tokio_stream::once(Ok::<_, std::io::Error>(
-      vec![0; 999999999],
+      vec![0; MAX_PUBLISH_TARBALL_SIZE as usize + 10],
     )));
 
     let mut t = TestSetup::new().await;

api/src/tasks.rs

@@ -1,6 +1,7 @@
 // Copyright 2024 the JSR authors. All rights reserved. MIT license.
 use bytes::Bytes;
 use chrono::DateTime;
+use chrono::Duration;
 use chrono::Utc;
 use deno_semver::StackString;
 use deno_semver::VersionReq;
@@ -74,6 +75,10 @@ pub fn tasks_router() -> Router<Body, ApiError> {
       "/scrape_download_counts",
       util::json(scrape_download_counts_handler),
     )
+    .post(
+      "/clean_oauth_states",
+      util::json(clean_oauth_states_handler),
+    )
     .build()
     .unwrap()
 }
@@ -475,6 +480,15 @@ ORDER BY
   Ok(())
 }
 
+#[instrument(name = "POST /tasks/clean_oauth_states", skip(req), err)]
+pub async fn clean_oauth_states_handler(req: Request<Body>) -> ApiResult<()> {
+  let db = req.data::<Database>().unwrap().clone();
+  let cutoff = Utc::now() - Duration::hours(1);
+  let deleted = db.delete_expired_oauth_states(cutoff).await?;
+  tracing::info!(deleted, "cleaned up expired oauth states");
+  Ok(())
+}
+
 async fn insert_analytics_download_entries(
   db: &Database,
   records: Vec<cloudflare::DownloadRecord>,

api/src/util.rs

@@ -504,6 +504,8 @@ pub mod test {
   use crate::util::LicenseStore;
 
   static SERVERS_STARTED: std::sync::OnceLock<()> = std::sync::OnceLock::new();
+  static LICENSE_STORE: std::sync::OnceLock<LicenseStore> =
+    std::sync::OnceLock::new();
 
   static TEST_INSTANCE_COUNTER: std::sync::atomic::AtomicU64 =
     std::sync::atomic::AtomicU64::new(0);
@@ -676,7 +678,8 @@ pub mod test {
 
       db.add_bad_word_for_test("somebadword").await.unwrap();
 
-      let license_store = super::license_store();
+      let license_store =
+        LICENSE_STORE.get_or_init(super::license_store).clone();
 
       let router = crate::main_router(MainRouterOptions {
         database: db,

terraform/scheduler.tf

@@ -14,6 +14,21 @@ resource "google_cloud_scheduler_job" "npm_tarball_rebuild_missing" {
   }
 }
 
+resource "google_cloud_scheduler_job" "clean_oauth_states" {
+  name        = "clean-oauth-states"
+  description = "Delete expired OAuth states older than 1 hour."
+  schedule    = "0 0 * * *"
+  region      = "us-central1"
+
+  http_target {
+    http_method = "POST"
+    uri         = "${google_cloud_run_v2_service.registry_api_tasks.uri}/tasks/clean_oauth_states"
+    oidc_token {
+      service_account_email = google_service_account.task_dispatcher.email
+    }
+  }
+}
+
 resource "google_cloud_scheduler_job" "scrape_download_counts" {
   name        = "scrape-download-counts"
   description = "Scrape download counts from BigQuery & Analytics Engine and insert them into Postgres."