@atproto/bsky 0.0.10 → 0.0.12

package/src/api/app/bsky/notification/listNotifications.ts

@@ -53,10 +53,6 @@ const skeleton = async (
   }
   let notifBuilder = db.db
     .selectFrom('notification as notif')
-    .innerJoin('record', 'record.uri', 'notif.recordUri')
-    .innerJoin('actor as author', 'author.did', 'notif.author')
-    .where(notSoftDeletedClause(ref('record')))
-    .where(notSoftDeletedClause(ref('author')))
     .where('notif.did', '=', viewer)
     .where((clause) =>
       clause
@@ -69,16 +65,12 @@ const skeleton = async (
         ),
     )
     .select([
+      'notif.author as authorDid',
       'notif.recordUri as uri',
       'notif.recordCid as cid',
-      'author.did as authorDid',
-      'author.handle as authorHandle',
-      'author.indexedAt as authorIndexedAt',
-      'author.takedownId as authorTakedownId',
       'notif.reason as reason',
       'notif.reasonSubject as reasonSubject',
       'notif.sortAt as indexedAt',
-      'record.json as recordJson',
     ])
 
   const keyset = new NotifsKeyset(ref('notif.sortAt'), ref('notif.recordCid'))
@@ -86,6 +78,7 @@ const skeleton = async (
     cursor,
     limit,
     keyset,
+    tryIndex: true,
   })
 
   const actorStateQuery = db.db
@@ -107,17 +100,18 @@ const skeleton = async (
 }
 
 const hydration = async (state: SkeletonState, ctx: Context) => {
-  const { graphService, actorService, labelService } = ctx
+  const { graphService, actorService, labelService, db } = ctx
   const { params, notifs } = state
   const { viewer } = params
   const dids = notifs.map((notif) => notif.authorDid)
   const uris = notifs.map((notif) => notif.uri)
-  const [actors, labels, bam] = await Promise.all([
+  const [actors, records, labels, bam] = await Promise.all([
     actorService.views.profiles(dids, viewer),
+    getRecordMap(db, uris),
     labelService.getLabelsForUris(uris),
     graphService.getBlockAndMuteState(dids.map((did) => [viewer, did])),
   ])
-  return { ...state, actors, labels, bam }
+  return { ...state, actors, records, labels, bam }
 }
 
 const noBlockOrMutes = (state: HydrationState) => {
@@ -131,11 +125,11 @@ const noBlockOrMutes = (state: HydrationState) => {
 }
 
 const presentation = (state: HydrationState) => {
-  const { notifs, cursor, actors, labels, lastSeenNotifs } = state
+  const { notifs, cursor, actors, records, labels, lastSeenNotifs } = state
   const notifications = mapDefined(notifs, (notif) => {
     const author = actors[notif.authorDid]
-    if (!author) return undefined
-    const record = jsonStringToLex(notif.recordJson) as Record<string, unknown>
+    const record = records[notif.uri]
+    if (!author || !record) return undefined
     const recordLabels = labels[notif.uri] ?? []
     const recordSelfLabels = getSelfLabels({
       uri: notif.uri,
@@ -157,6 +151,24 @@ const presentation = (state: HydrationState) => {
   return { notifications, cursor }
 }
 
+const getRecordMap = async (
+  db: Database,
+  uris: string[],
+): Promise<RecordMap> => {
+  if (!uris.length) return {}
+  const { ref } = db.db.dynamic
+  const recordRows = await db.db
+    .selectFrom('record')
+    .select(['uri', 'json'])
+    .where('uri', 'in', uris)
+    .where(notSoftDeletedClause(ref('record')))
+    .execute()
+  return recordRows.reduce((acc, { uri, json }) => {
+    acc[uri] = jsonStringToLex(json) as Record<string, unknown>
+    return acc
+  }, {} as RecordMap)
+}
+
 type Context = {
   db: Database
   actorService: ActorService
@@ -178,20 +190,19 @@ type SkeletonState = {
 type HydrationState = SkeletonState & {
   bam: BlockAndMuteState
   actors: ActorInfoMap
+  records: RecordMap
   labels: Labels
 }
 
+type RecordMap = { [uri: string]: Record<string, unknown> }
+
 type NotifRow = {
-  indexedAt: string
-  cid: string
-  uri: string
   authorDid: string
-  authorHandle: string | null
-  authorIndexedAt: string
-  authorTakedownId: number | null
+  uri: string
+  cid: string
   reason: string
   reasonSubject: string | null
-  recordJson: string
+  indexedAt: string
 }
 
 class NotifsKeyset extends TimeCidKeyset<NotifRow> {

package/src/api/com/atproto/admin/getModerationAction.ts

@@ -1,17 +1,43 @@
 import { Server } from '../../../../lexicon'
 import AppContext from '../../../../context'
+import { addAccountInfoToRepoView, getPdsAccountInfo } from './util'
+import {
+  isRecordView,
+  isRepoView,
+} from '../../../../lexicon/types/com/atproto/admin/defs'
 
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.admin.getModerationAction({
     auth: ctx.roleVerifier,
-    handler: async ({ params }) => {
+    handler: async ({ params, auth }) => {
       const { id } = params
       const db = ctx.db.getPrimary()
       const moderationService = ctx.services.moderation(db)
       const result = await moderationService.getActionOrThrow(id)
+
+      const [action, accountInfo] = await Promise.all([
+        moderationService.views.actionDetail(result),
+        getPdsAccountInfo(ctx, result.subjectDid),
+      ])
+
+      // add in pds account info if available
+      if (isRepoView(action.subject)) {
+        action.subject = addAccountInfoToRepoView(
+          action.subject,
+          accountInfo,
+          auth.credentials.moderator,
+        )
+      } else if (isRecordView(action.subject)) {
+        action.subject.repo = addAccountInfoToRepoView(
+          action.subject.repo,
+          accountInfo,
+          auth.credentials.moderator,
+        )
+      }
+
       return {
         encoding: 'application/json',
-        body: await moderationService.views.actionDetail(result),
+        body: action,
       }
     },
   })

package/src/api/com/atproto/admin/getModerationReport.ts

@@ -1,17 +1,42 @@
 import { Server } from '../../../../lexicon'
 import AppContext from '../../../../context'
+import {
+  isRecordView,
+  isRepoView,
+} from '../../../../lexicon/types/com/atproto/admin/defs'
+import { addAccountInfoToRepoView, getPdsAccountInfo } from './util'
 
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.admin.getModerationReport({
     auth: ctx.roleVerifier,
-    handler: async ({ params }) => {
+    handler: async ({ params, auth }) => {
       const { id } = params
       const db = ctx.db.getPrimary()
       const moderationService = ctx.services.moderation(db)
       const result = await moderationService.getReportOrThrow(id)
+      const [report, accountInfo] = await Promise.all([
+        moderationService.views.reportDetail(result),
+        getPdsAccountInfo(ctx, result.subjectDid),
+      ])
+
+      // add in pds account info if available
+      if (isRepoView(report.subject)) {
+        report.subject = addAccountInfoToRepoView(
+          report.subject,
+          accountInfo,
+          auth.credentials.moderator,
+        )
+      } else if (isRecordView(report.subject)) {
+        report.subject.repo = addAccountInfoToRepoView(
+          report.subject.repo,
+          accountInfo,
+          auth.credentials.moderator,
+        )
+      }
+
       return {
         encoding: 'application/json',
-        body: await moderationService.views.reportDetail(result),
+        body: report,
       }
     },
   })

package/src/api/com/atproto/admin/getRecord.ts

@@ -1,11 +1,12 @@
 import { InvalidRequestError } from '@atproto/xrpc-server'
 import { Server } from '../../../../lexicon'
 import AppContext from '../../../../context'
+import { addAccountInfoToRepoView, getPdsAccountInfo } from './util'
 
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.admin.getRecord({
     auth: ctx.roleVerifier,
-    handler: async ({ params }) => {
+    handler: async ({ params, auth }) => {
       const { uri, cid } = params
       const db = ctx.db.getPrimary()
       const result = await db.db
@@ -17,9 +18,20 @@ export default function (server: Server, ctx: AppContext) {
       if (!result) {
         throw new InvalidRequestError('Record not found', 'RecordNotFound')
       }
+      const [record, accountInfo] = await Promise.all([
+        ctx.services.moderation(db).views.recordDetail(result),
+        getPdsAccountInfo(ctx, result.did),
+      ])
+
+      record.repo = addAccountInfoToRepoView(
+        record.repo,
+        accountInfo,
+        auth.credentials.moderator,
+      )
+
       return {
         encoding: 'application/json',
-        body: await ctx.services.moderation(db).views.recordDetail(result),
+        body: record,
       }
     },
   })

package/src/api/com/atproto/admin/getRepo.ts

@@ -1,20 +1,31 @@
 import { InvalidRequestError } from '@atproto/xrpc-server'
 import { Server } from '../../../../lexicon'
 import AppContext from '../../../../context'
+import { addAccountInfoToRepoViewDetail, getPdsAccountInfo } from './util'
 
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.admin.getRepo({
     auth: ctx.roleVerifier,
-    handler: async ({ params }) => {
+    handler: async ({ params, auth }) => {
       const { did } = params
       const db = ctx.db.getPrimary()
       const result = await ctx.services.actor(db).getActor(did, true)
       if (!result) {
         throw new InvalidRequestError('Repo not found', 'RepoNotFound')
       }
+      const [partialRepo, accountInfo] = await Promise.all([
+        ctx.services.moderation(db).views.repoDetail(result),
+        getPdsAccountInfo(ctx, result.did),
+      ])
+
+      const repo = addAccountInfoToRepoViewDetail(
+        partialRepo,
+        accountInfo,
+        auth.credentials.moderator,
+      )
       return {
         encoding: 'application/json',
-        body: await ctx.services.moderation(db).views.repoDetail(result),
+        body: repo,
       }
     },
   })

package/src/api/com/atproto/admin/reverseModerationAction.ts

@@ -1,4 +1,8 @@
-import { AuthRequiredError, InvalidRequestError } from '@atproto/xrpc-server'
+import {
+  AuthRequiredError,
+  InvalidRequestError,
+  UpstreamFailureError,
+} from '@atproto/xrpc-server'
 import {
   ACKNOWLEDGE,
   ESCALATE,
@@ -6,6 +10,7 @@ import {
 } from '../../../../lexicon/types/com/atproto/admin/defs'
 import { Server } from '../../../../lexicon'
 import AppContext from '../../../../context'
+import { retryHttp } from '../../../../util/retry'
 
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.admin.reverseModerationAction({
@@ -16,7 +21,7 @@ export default function (server: Server, ctx: AppContext) {
       const moderationService = ctx.services.moderation(db)
       const { id, createdBy, reason } = input.body
 
-      const moderationAction = await db.transaction(async (dbTxn) => {
+      const { result, restored } = await db.transaction(async (dbTxn) => {
         const moderationTxn = ctx.services.moderation(dbTxn)
         const labelTxn = ctx.services.label(dbTxn)
         const now = new Date()
@@ -53,7 +58,7 @@ export default function (server: Server, ctx: AppContext) {
           )
         }
 
-        const result = await moderationTxn.revertAction({
+        const { result, restored } = await moderationTxn.revertAction({
           id,
           createdAt: now,
           createdBy,
@@ -77,12 +82,33 @@ export default function (server: Server, ctx: AppContext) {
           { create, negate },
         )
 
-        return result
+        return { result, restored }
       })
 
+      if (restored) {
+        const { did, subjects } = restored
+        const agent = await ctx.pdsAdminAgent(did)
+        const results = await Promise.allSettled(
+          subjects.map((subject) =>
+            retryHttp(() =>
+              agent.api.com.atproto.admin.updateSubjectStatus({
+                subject,
+                takedown: {
+                  applied: false,
+                },
+              }),
+            ),
+          ),
+        )
+        const hadFailure = results.some((r) => r.status === 'rejected')
+        if (hadFailure) {
+          throw new UpstreamFailureError('failed to revert action on PDS')
+        }
+      }
+
       return {
         encoding: 'application/json',
-        body: await moderationService.views.action(moderationAction),
+        body: await moderationService.views.action(result),
       }
     },
   })

package/src/api/com/atproto/admin/searchRepos.ts

@@ -1,4 +1,3 @@
-import { InvalidRequestError } from '@atproto/xrpc-server'
 import { Server } from '../../../../lexicon'
 import AppContext from '../../../../context'
 
@@ -8,23 +7,18 @@ export default function (server: Server, ctx: AppContext) {
     handler: async ({ params }) => {
       const db = ctx.db.getPrimary()
       const moderationService = ctx.services.moderation(db)
-      const { invitedBy } = params
-      if (invitedBy) {
-        throw new InvalidRequestError('The invitedBy parameter is unsupported')
-      }
+      const { limit, cursor } = params
       // prefer new 'q' query param over deprecated 'term'
-      const { q } = params
-      if (q) {
-        params.term = q
-      }
+      const query = params.q ?? params.term
 
-      const { results, cursor } = await ctx.services
+      const { results, cursor: resCursor } = await ctx.services
         .actor(db)
-        .getSearchResults({ ...params, includeSoftDeleted: true })
+        .getSearchResults({ query, limit, cursor, includeSoftDeleted: true })
+
       return {
         encoding: 'application/json',
         body: {
-          cursor,
+          cursor: resCursor,
           repos: await moderationService.views.repo(results),
         },
       }

package/src/api/com/atproto/admin/takeModerationAction.ts

@@ -1,6 +1,10 @@
 import { CID } from 'multiformats/cid'
 import { AtUri } from '@atproto/syntax'
-import { AuthRequiredError, InvalidRequestError } from '@atproto/xrpc-server'
+import {
+  AuthRequiredError,
+  InvalidRequestError,
+  UpstreamFailureError,
+} from '@atproto/xrpc-server'
 import { Server } from '../../../../lexicon'
 import AppContext from '../../../../context'
 import {
@@ -9,6 +13,8 @@ import {
   TAKEDOWN,
 } from '../../../../lexicon/types/com/atproto/admin/defs'
 import { getSubject, getAction } from '../moderation/util'
+import { TakedownSubjects } from '../../../../services/moderation'
+import { retryHttp } from '../../../../util/retry'
 
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.admin.takeModerationAction({
@@ -52,7 +58,7 @@ export default function (server: Server, ctx: AppContext) {
 
       validateLabels([...(createLabelVals ?? []), ...(negateLabelVals ?? [])])
 
-      const moderationAction = await db.transaction(async (dbTxn) => {
+      const { result, takenDown } = await db.transaction(async (dbTxn) => {
         const moderationTxn = ctx.services.moderation(dbTxn)
         const labelTxn = ctx.services.label(dbTxn)
 
@@ -67,13 +73,15 @@ export default function (server: Server, ctx: AppContext) {
           durationInHours,
         })
 
+        let takenDown: TakedownSubjects | undefined
+
         if (
           result.action === TAKEDOWN &&
           result.subjectType === 'com.atproto.admin.defs#repoRef' &&
           result.subjectDid
         ) {
           // No credentials to revoke on appview
-          await moderationTxn.takedownRepo({
+          takenDown = await moderationTxn.takedownRepo({
             takedownId: result.id,
             did: result.subjectDid,
           })
@@ -82,11 +90,13 @@ export default function (server: Server, ctx: AppContext) {
         if (
           result.action === TAKEDOWN &&
           result.subjectType === 'com.atproto.repo.strongRef' &&
-          result.subjectUri
+          result.subjectUri &&
+          result.subjectCid
         ) {
-          await moderationTxn.takedownRecord({
+          takenDown = await moderationTxn.takedownRecord({
             takedownId: result.id,
             uri: new AtUri(result.subjectUri),
+            cid: CID.parse(result.subjectCid),
             blobCids: subjectBlobCids?.map((cid) => CID.parse(cid)) ?? [],
           })
         }
@@ -98,12 +108,36 @@ export default function (server: Server, ctx: AppContext) {
           { create: createLabelVals, negate: negateLabelVals },
         )
 
-        return result
+        return { result, takenDown }
       })
 
+      if (takenDown) {
+        const { did, subjects } = takenDown
+        if (did && subjects.length > 0) {
+          const agent = await ctx.pdsAdminAgent(did)
+          const results = await Promise.allSettled(
+            subjects.map((subject) =>
+              retryHttp(() =>
+                agent.api.com.atproto.admin.updateSubjectStatus({
+                  subject,
+                  takedown: {
+                    applied: true,
+                    ref: result.id.toString(),
+                  },
+                }),
+              ),
+            ),
+          )
+          const hadFailure = results.some((r) => r.status === 'rejected')
+          if (hadFailure) {
+            throw new UpstreamFailureError('failed to apply action on PDS')
+          }
+        }
+      }
+
       return {
         encoding: 'application/json',
-        body: await moderationService.views.action(moderationAction),
+        body: await moderationService.views.action(result),
       }
     },
   })

package/src/api/com/atproto/admin/util.ts

@@ -0,0 +1,50 @@
+import AppContext from '../../../../context'
+import {
+  RepoView,
+  RepoViewDetail,
+  AccountView,
+} from '../../../../lexicon/types/com/atproto/admin/defs'
+
+export const getPdsAccountInfo = async (
+  ctx: AppContext,
+  did: string,
+): Promise<AccountView | null> => {
+  try {
+    const agent = await ctx.pdsAdminAgent(did)
+    const res = await agent.api.com.atproto.admin.getAccountInfo({ did })
+    return res.data
+  } catch (err) {
+    return null
+  }
+}
+
+export const addAccountInfoToRepoViewDetail = (
+  repoView: RepoViewDetail,
+  accountInfo: AccountView | null,
+  includeEmail = false,
+): RepoViewDetail => {
+  if (!accountInfo) return repoView
+  return {
+    ...repoView,
+    email: includeEmail ? accountInfo.email : undefined,
+    invitedBy: accountInfo.invitedBy,
+    invitesDisabled: accountInfo.invitesDisabled,
+    inviteNote: accountInfo.inviteNote,
+    invites: accountInfo.invites,
+  }
+}
+
+export const addAccountInfoToRepoView = (
+  repoView: RepoView,
+  accountInfo: AccountView | null,
+  includeEmail = false,
+): RepoView => {
+  if (!accountInfo) return repoView
+  return {
+    ...repoView,
+    email: includeEmail ? accountInfo.email : undefined,
+    invitedBy: accountInfo.invitedBy,
+    invitesDisabled: accountInfo.invitesDisabled,
+    inviteNote: accountInfo.inviteNote,
+  }
+}

package/src/api/well-known.ts

@@ -12,6 +12,14 @@ export const createRouter = (ctx: AppContext): express.Router => {
     res.json({
       '@context': ['https://www.w3.org/ns/did/v1'],
       id: ctx.cfg.serverDid,
+      verificationMethod: [
+        {
+          id: `${ctx.cfg.serverDid}#atproto`,
+          type: 'Multikey',
+          controller: ctx.cfg.serverDid,
+          publicKeyMultibase: ctx.signingKey.did().replace('did:key:', ''),
+        },
+      ],
       service: [
         {
           id: '#bsky_notif',

package/src/auth.ts

@@ -14,11 +14,18 @@ export const authVerifier =
     if (!jwtStr) {
       throw new AuthRequiredError('missing jwt', 'MissingJwt')
     }
-    const did = await verifyJwt(jwtStr, opts.aud, async (did: string) => {
-      const atprotoData = await idResolver.did.resolveAtprotoData(did)
-      return atprotoData.signingKey
-    })
-    return { credentials: { did }, artifacts: { aud: opts.aud } }
+    const payload = await verifyJwt(
+      jwtStr,
+      opts.aud,
+      async (did, forceRefresh) => {
+        const atprotoData = await idResolver.did.resolveAtprotoData(
+          did,
+          forceRefresh,
+        )
+        return atprotoData.signingKey
+      },
+    )
+    return { credentials: { did: payload.iss }, artifacts: { aud: opts.aud } }
   }
 
 export const authOptionalVerifier =

package/src/auto-moderator/index.ts

@@ -271,6 +271,7 @@ export class AutoModerator {
         await modSrvc.takedownRecord({
           takedownId: action.id,
           uri: uri,
+          cid: recordCid,
           blobCids: takedownCids,
         })
       })

package/src/config.ts

@@ -18,6 +18,7 @@ export interface ServerConfigValues {
   handleResolveNameservers?: string[]
   imgUriEndpoint?: string
   blobCacheLocation?: string
+  searchEndpoint?: string
   labelerDid: string
   adminPassword: string
   moderatorPassword?: string
@@ -51,6 +52,7 @@ export class ServerConfig {
       : []
     const imgUriEndpoint = process.env.IMG_URI_ENDPOINT
     const blobCacheLocation = process.env.BLOB_CACHE_LOC
+    const searchEndpoint = process.env.SEARCH_ENDPOINT
     const dbPrimaryPostgresUrl =
       overrides?.dbPrimaryPostgresUrl || process.env.DB_PRIMARY_POSTGRES_URL
     let dbReplicaPostgresUrls = overrides?.dbReplicaPostgresUrls
@@ -97,6 +99,7 @@ export class ServerConfig {
       handleResolveNameservers,
       imgUriEndpoint,
       blobCacheLocation,
+      searchEndpoint,
       labelerDid,
       adminPassword,
       moderatorPassword,
@@ -183,6 +186,10 @@ export class ServerConfig {
     return this.cfg.blobCacheLocation
   }
 
+  get searchEndpoint() {
+    return this.cfg.searchEndpoint
+  }
+
   get labelerDid() {
     return this.cfg.labelerDid
   }