@atproto/bsky 0.0.15 → 0.0.16

package/src/api/com/atproto/admin/emitModerationEvent.ts

@@ -0,0 +1,220 @@
+import { CID } from 'multiformats/cid'
+import { AtUri } from '@atproto/syntax'
+import {
+  AuthRequiredError,
+  InvalidRequestError,
+  UpstreamFailureError,
+} from '@atproto/xrpc-server'
+import { Server } from '../../../../lexicon'
+import AppContext from '../../../../context'
+import { getSubject } from '../moderation/util'
+import {
+  isModEventLabel,
+  isModEventReverseTakedown,
+  isModEventTakedown,
+} from '../../../../lexicon/types/com/atproto/admin/defs'
+import { TakedownSubjects } from '../../../../services/moderation'
+import { retryHttp } from '../../../../util/retry'
+
+export default function (server: Server, ctx: AppContext) {
+  server.com.atproto.admin.emitModerationEvent({
+    auth: ctx.roleVerifier,
+    handler: async ({ input, auth }) => {
+      const access = auth.credentials
+      const db = ctx.db.getPrimary()
+      const moderationService = ctx.services.moderation(db)
+      const { subject, createdBy, subjectBlobCids, event } = input.body
+      const isTakedownEvent = isModEventTakedown(event)
+      const isReverseTakedownEvent = isModEventReverseTakedown(event)
+      const isLabelEvent = isModEventLabel(event)
+
+      // apply access rules
+
+      // if less than moderator access then can not takedown an account
+      if (!access.moderator && isTakedownEvent && 'did' in subject) {
+        throw new AuthRequiredError(
+          'Must be a full moderator to perform an account takedown',
+        )
+      }
+      // if less than moderator access then can only take ack and escalation actions
+      if (!access.moderator && (isTakedownEvent || isReverseTakedownEvent)) {
+        throw new AuthRequiredError(
+          'Must be a full moderator to take this type of action',
+        )
+      }
+      // if less than moderator access then can not apply labels
+      if (!access.moderator && isLabelEvent) {
+        throw new AuthRequiredError('Must be a full moderator to label content')
+      }
+
+      if (isLabelEvent) {
+        validateLabels([
+          ...(event.createLabelVals ?? []),
+          ...(event.negateLabelVals ?? []),
+        ])
+      }
+
+      const subjectInfo = getSubject(subject)
+
+      if (isTakedownEvent || isReverseTakedownEvent) {
+        const isSubjectTakendown = await moderationService.isSubjectTakendown(
+          subjectInfo,
+        )
+
+        if (isSubjectTakendown && isTakedownEvent) {
+          throw new InvalidRequestError(`Subject is already taken down`)
+        }
+
+        if (!isSubjectTakendown && isReverseTakedownEvent) {
+          throw new InvalidRequestError(`Subject is not taken down`)
+        }
+      }
+
+      const { result: moderationEvent, takenDown } = await db.transaction(
+        async (dbTxn) => {
+          const moderationTxn = ctx.services.moderation(dbTxn)
+          const labelTxn = ctx.services.label(dbTxn)
+
+          const result = await moderationTxn.logEvent({
+            event,
+            subject: subjectInfo,
+            subjectBlobCids:
+              subjectBlobCids?.map((cid) => CID.parse(cid)) ?? [],
+            createdBy,
+          })
+
+          let takenDown: TakedownSubjects | undefined
+
+          if (
+            result.subjectType === 'com.atproto.admin.defs#repoRef' &&
+            result.subjectDid
+          ) {
+            // No credentials to revoke on appview
+            if (isTakedownEvent) {
+              takenDown = await moderationTxn.takedownRepo({
+                takedownId: result.id,
+                did: result.subjectDid,
+              })
+            }
+
+            if (isReverseTakedownEvent) {
+              await moderationTxn.reverseTakedownRepo({
+                did: result.subjectDid,
+              })
+              takenDown = {
+                subjects: [
+                  {
+                    $type: 'com.atproto.admin.defs#repoRef',
+                    did: result.subjectDid,
+                  },
+                ],
+                did: result.subjectDid,
+              }
+            }
+          }
+
+          if (
+            result.subjectType === 'com.atproto.repo.strongRef' &&
+            result.subjectUri
+          ) {
+            const blobCids = subjectBlobCids?.map((cid) => CID.parse(cid)) ?? []
+            if (isTakedownEvent) {
+              takenDown = await moderationTxn.takedownRecord({
+                takedownId: result.id,
+                uri: new AtUri(result.subjectUri),
+                // TODO: I think this will always be available for strongRefs?
+                cid: CID.parse(result.subjectCid as string),
+                blobCids,
+              })
+            }
+
+            if (isReverseTakedownEvent) {
+              await moderationTxn.reverseTakedownRecord({
+                uri: new AtUri(result.subjectUri),
+              })
+              takenDown = {
+                did: result.subjectDid,
+                subjects: [
+                  {
+                    $type: 'com.atproto.repo.strongRef',
+                    uri: result.subjectUri,
+                    cid: result.subjectCid ?? '',
+                  },
+                  ...blobCids.map((cid) => ({
+                    $type: 'com.atproto.admin.defs#repoBlobRef',
+                    did: result.subjectDid,
+                    cid: cid.toString(),
+                    recordUri: result.subjectUri,
+                  })),
+                ],
+              }
+            }
+          }
+
+          if (isLabelEvent) {
+            await labelTxn.formatAndCreate(
+              ctx.cfg.labelerDid,
+              result.subjectUri ?? result.subjectDid,
+              result.subjectCid,
+              {
+                create: result.createLabelVals?.length
+                  ? result.createLabelVals.split(' ')
+                  : undefined,
+                negate: result.negateLabelVals?.length
+                  ? result.negateLabelVals.split(' ')
+                  : undefined,
+              },
+            )
+          }
+
+          return { result, takenDown }
+        },
+      )
+
+      if (takenDown && ctx.moderationPushAgent) {
+        const { did, subjects } = takenDown
+        if (did && subjects.length > 0) {
+          const agent = ctx.moderationPushAgent
+          const results = await Promise.allSettled(
+            subjects.map((subject) =>
+              retryHttp(() =>
+                agent.api.com.atproto.admin.updateSubjectStatus({
+                  subject,
+                  takedown: isTakedownEvent
+                    ? {
+                        applied: true,
+                        ref: moderationEvent.id.toString(),
+                      }
+                    : {
+                        applied: false,
+                      },
+                }),
+              ),
+            ),
+          )
+          const hadFailure = results.some((r) => r.status === 'rejected')
+          if (hadFailure) {
+            throw new UpstreamFailureError('failed to apply action on PDS')
+          }
+        }
+      }
+
+      return {
+        encoding: 'application/json',
+        body: await moderationService.views.event(moderationEvent),
+      }
+    },
+  })
+}
+
+const validateLabels = (labels: string[]) => {
+  for (const label of labels) {
+    for (const char of badChars) {
+      if (label.includes(char)) {
+        throw new InvalidRequestError(`Invalid label: ${label}`)
+      }
+    }
+  }
+}
+
+const badChars = [' ', ',', ';', `'`, `"`]

package/src/api/com/atproto/admin/{getModerationActions.ts → getModerationEvent.ts}

@@ -2,23 +2,17 @@ import { Server } from '../../../../lexicon'
 import AppContext from '../../../../context'
 
 export default function (server: Server, ctx: AppContext) {
-  server.com.atproto.admin.getModerationActions({
+  server.com.atproto.admin.getModerationEvent({
     auth: ctx.roleVerifier,
     handler: async ({ params }) => {
-      const { subject, limit = 50, cursor } = params
+      const { id } = params
       const db = ctx.db.getPrimary()
       const moderationService = ctx.services.moderation(db)
-      const results = await moderationService.getActions({
-        subject,
-        limit,
-        cursor,
-      })
+      const event = await moderationService.getEventOrThrow(id)
+      const eventDetail = await moderationService.views.eventDetail(event)
       return {
         encoding: 'application/json',
-        body: {
-          cursor: results.at(-1)?.id.toString() ?? undefined,
-          actions: await moderationService.views.action(results),
-        },
+        body: eventDetail,
       }
     },
   })

package/src/api/com/atproto/admin/getRecord.ts

@@ -18,6 +18,7 @@ export default function (server: Server, ctx: AppContext) {
       if (!result) {
         throw new InvalidRequestError('Record not found', 'RecordNotFound')
       }
+
       const [record, accountInfo] = await Promise.all([
         ctx.services.moderation(db).views.recordDetail(result),
         getPdsAccountInfo(ctx, result.did),

package/src/api/com/atproto/admin/{getModerationReports.ts → queryModerationEvents.ts}

@@ -1,39 +1,36 @@
 import { Server } from '../../../../lexicon'
 import AppContext from '../../../../context'
+import { getEventType } from '../moderation/util'
 
 export default function (server: Server, ctx: AppContext) {
-  server.com.atproto.admin.getModerationReports({
+  server.com.atproto.admin.queryModerationEvents({
     auth: ctx.roleVerifier,
     handler: async ({ params }) => {
       const {
         subject,
-        resolved,
-        actionType,
         limit = 50,
         cursor,
-        ignoreSubjects,
-        reverse = false,
-        reporters = [],
-        actionedBy,
+        sortDirection = 'desc',
+        types,
+        includeAllUserRecords = false,
+        createdBy,
       } = params
       const db = ctx.db.getPrimary()
       const moderationService = ctx.services.moderation(db)
-      const results = await moderationService.getReports({
+      const results = await moderationService.getEvents({
+        types: types?.length ? types.map(getEventType) : [],
         subject,
-        resolved,
-        actionType,
+        createdBy,
         limit,
         cursor,
-        ignoreSubjects,
-        reverse,
-        reporters,
-        actionedBy,
+        sortDirection,
+        includeAllUserRecords,
       })
       return {
         encoding: 'application/json',
         body: {
-          cursor: results.at(-1)?.id.toString() ?? undefined,
-          reports: await moderationService.views.report(results),
+          cursor: results.cursor,
+          events: await moderationService.views.event(results.events),
         },
       }
     },

package/src/api/com/atproto/admin/queryModerationStatuses.ts

@@ -0,0 +1,55 @@
+import { Server } from '../../../../lexicon'
+import AppContext from '../../../../context'
+import { getReviewState } from '../moderation/util'
+
+export default function (server: Server, ctx: AppContext) {
+  server.com.atproto.admin.queryModerationStatuses({
+    auth: ctx.roleVerifier,
+    handler: async ({ params }) => {
+      const {
+        subject,
+        takendown,
+        reviewState,
+        reviewedAfter,
+        reviewedBefore,
+        reportedAfter,
+        reportedBefore,
+        ignoreSubjects,
+        lastReviewedBy,
+        sortDirection = 'desc',
+        sortField = 'lastReportedAt',
+        includeMuted = false,
+        limit = 50,
+        cursor,
+      } = params
+      const db = ctx.db.getPrimary()
+      const moderationService = ctx.services.moderation(db)
+      const results = await moderationService.getSubjectStatuses({
+        reviewState: getReviewState(reviewState),
+        subject,
+        takendown,
+        reviewedAfter,
+        reviewedBefore,
+        reportedAfter,
+        reportedBefore,
+        includeMuted,
+        ignoreSubjects,
+        sortDirection,
+        lastReviewedBy,
+        sortField,
+        limit,
+        cursor,
+      })
+      const subjectStatuses = moderationService.views.subjectStatus(
+        results.statuses,
+      )
+      return {
+        encoding: 'application/json',
+        body: {
+          cursor: results.cursor,
+          subjectStatuses,
+        },
+      }
+    },
+  })
+}

package/src/api/com/atproto/moderation/createReport.ts

@@ -22,15 +22,17 @@ export default function (server: Server, ctx: AppContext) {
         }
       }
 
-      const moderationService = ctx.services.moderation(db)
-
-      const report = await moderationService.report({
-        reasonType: getReasonType(reasonType),
-        reason,
-        subject: getSubject(subject),
-        reportedBy: requester || ctx.cfg.serverDid,
+      const report = await db.transaction(async (dbTxn) => {
+        const moderationTxn = ctx.services.moderation(dbTxn)
+        return moderationTxn.report({
+          reasonType: getReasonType(reasonType),
+          reason,
+          subject: getSubject(subject),
+          reportedBy: requester || ctx.cfg.serverDid,
+        })
       })
 
+      const moderationService = ctx.services.moderation(db)
       return {
         encoding: 'application/json',
         body: moderationService.views.reportPublic(report),

package/src/api/com/atproto/moderation/util.ts

@@ -1,16 +1,8 @@
 import { CID } from 'multiformats/cid'
 import { InvalidRequestError } from '@atproto/xrpc-server'
 import { AtUri } from '@atproto/syntax'
-import { ModerationAction } from '../../../../db/tables/moderation'
-import { ModerationReport } from '../../../../db/tables/moderation'
 import { InputSchema as ReportInput } from '../../../../lexicon/types/com/atproto/moderation/createReport'
-import { InputSchema as ActionInput } from '../../../../lexicon/types/com/atproto/admin/takeModerationAction'
-import {
-  ACKNOWLEDGE,
-  FLAG,
-  TAKEDOWN,
-  ESCALATE,
-} from '../../../../lexicon/types/com/atproto/admin/defs'
+import { InputSchema as ActionInput } from '../../../../lexicon/types/com/atproto/admin/emitModerationEvent'
 import {
   REASONOTHER,
   REASONSPAM,
@@ -19,6 +11,13 @@ import {
   REASONSEXUAL,
   REASONVIOLATION,
 } from '../../../../lexicon/types/com/atproto/moderation/defs'
+import {
+  REVIEWCLOSED,
+  REVIEWESCALATED,
+  REVIEWOPEN,
+} from '../../../../lexicon/types/com/atproto/admin/defs'
+import { ModerationEvent } from '../../../../db/tables/moderation'
+import { ModerationSubjectStatusRow } from '../../../../services/moderation/types'
 
 type SubjectInput = ReportInput['subject'] | ActionInput['subject']
 
@@ -34,8 +33,9 @@ export const getSubject = (subject: SubjectInput) => {
     typeof subject.uri === 'string' &&
     typeof subject.cid === 'string'
   ) {
+    const uri = new AtUri(subject.uri)
     return {
-      uri: new AtUri(subject.uri),
+      uri,
       cid: CID.parse(subject.cid),
     }
   }
@@ -44,23 +44,28 @@ export const getSubject = (subject: SubjectInput) => {
 
 export const getReasonType = (reasonType: ReportInput['reasonType']) => {
   if (reasonTypes.has(reasonType)) {
-    return reasonType as ModerationReport['reasonType']
+    return reasonType as NonNullable<ModerationEvent['meta']>['reportType']
   }
   throw new InvalidRequestError('Invalid reason type')
 }
 
-export const getAction = (action: ActionInput['action']) => {
-  if (
-    action === TAKEDOWN ||
-    action === FLAG ||
-    action === ACKNOWLEDGE ||
-    action === ESCALATE
-  ) {
-    return action as ModerationAction['action']
+export const getEventType = (type: string) => {
+  if (eventTypes.has(type)) {
+    return type as ModerationEvent['action']
   }
-  throw new InvalidRequestError('Invalid action')
+  throw new InvalidRequestError('Invalid event type')
 }
 
+export const getReviewState = (reviewState?: string) => {
+  if (!reviewState) return undefined
+  if (reviewStates.has(reviewState)) {
+    return reviewState as ModerationSubjectStatusRow['reviewState']
+  }
+  throw new InvalidRequestError('Invalid review state')
+}
+
+const reviewStates = new Set([REVIEWCLOSED, REVIEWESCALATED, REVIEWOPEN])
+
 const reasonTypes = new Set([
   REASONOTHER,
   REASONSPAM,
@@ -69,3 +74,16 @@ const reasonTypes = new Set([
   REASONSEXUAL,
   REASONVIOLATION,
 ])
+
+const eventTypes = new Set([
+  'com.atproto.admin.defs#modEventTakedown',
+  'com.atproto.admin.defs#modEventAcknowledge',
+  'com.atproto.admin.defs#modEventEscalate',
+  'com.atproto.admin.defs#modEventComment',
+  'com.atproto.admin.defs#modEventLabel',
+  'com.atproto.admin.defs#modEventReport',
+  'com.atproto.admin.defs#modEventMute',
+  'com.atproto.admin.defs#modEventUnmute',
+  'com.atproto.admin.defs#modEventReverseTakedown',
+  'com.atproto.admin.defs#modEventEmail',
+])

package/src/api/index.ts

@@ -41,18 +41,15 @@ import registerPush from './app/bsky/notification/registerPush'
 import getPopularFeedGenerators from './app/bsky/unspecced/getPopularFeedGenerators'
 import getTimelineSkeleton from './app/bsky/unspecced/getTimelineSkeleton'
 import createReport from './com/atproto/moderation/createReport'
-import resolveModerationReports from './com/atproto/admin/resolveModerationReports'
-import reverseModerationAction from './com/atproto/admin/reverseModerationAction'
-import takeModerationAction from './com/atproto/admin/takeModerationAction'
+import emitModerationEvent from './com/atproto/admin/emitModerationEvent'
 import searchRepos from './com/atproto/admin/searchRepos'
 import adminGetRecord from './com/atproto/admin/getRecord'
 import getRepo from './com/atproto/admin/getRepo'
-import getModerationAction from './com/atproto/admin/getModerationAction'
-import getModerationActions from './com/atproto/admin/getModerationActions'
-import getModerationReport from './com/atproto/admin/getModerationReport'
-import getModerationReports from './com/atproto/admin/getModerationReports'
+import queryModerationStatuses from './com/atproto/admin/queryModerationStatuses'
 import resolveHandle from './com/atproto/identity/resolveHandle'
 import getRecord from './com/atproto/repo/getRecord'
+import queryModerationEvents from './com/atproto/admin/queryModerationEvents'
+import getModerationEvent from './com/atproto/admin/getModerationEvent'
 import fetchLabels from './com/atproto/temp/fetchLabels'
 
 export * as health from './health'
@@ -105,16 +102,13 @@ export default function (server: Server, ctx: AppContext) {
   getTimelineSkeleton(server, ctx)
   // com.atproto
   createReport(server, ctx)
-  resolveModerationReports(server, ctx)
-  reverseModerationAction(server, ctx)
-  takeModerationAction(server, ctx)
+  emitModerationEvent(server, ctx)
   searchRepos(server, ctx)
   adminGetRecord(server, ctx)
   getRepo(server, ctx)
-  getModerationAction(server, ctx)
-  getModerationActions(server, ctx)
-  getModerationReport(server, ctx)
-  getModerationReports(server, ctx)
+  getModerationEvent(server, ctx)
+  queryModerationEvents(server, ctx)
+  queryModerationStatuses(server, ctx)
   resolveHandle(server, ctx)
   getRecord(server, ctx)
   fetchLabels(server, ctx)

package/src/auth.ts

@@ -7,35 +7,43 @@ import { ServerConfig } from './config'
 const BASIC = 'Basic '
 const BEARER = 'Bearer '
 
-export const authVerifier =
-  (idResolver: IdResolver, opts: { aud: string | null }) =>
-  async (reqCtx: { req: express.Request; res: express.Response }) => {
+export const authVerifier = (
+  idResolver: IdResolver,
+  opts: { aud: string | null },
+) => {
+  const getSigningKey = async (
+    did: string,
+    forceRefresh: boolean,
+  ): Promise<string> => {
+    const atprotoData = await idResolver.did.resolveAtprotoData(
+      did,
+      forceRefresh,
+    )
+    return atprotoData.signingKey
+  }
+
+  return async (reqCtx: { req: express.Request; res: express.Response }) => {
     const jwtStr = getJwtStrFromReq(reqCtx.req)
     if (!jwtStr) {
       throw new AuthRequiredError('missing jwt', 'MissingJwt')
     }
-    const payload = await verifyJwt(
-      jwtStr,
-      opts.aud,
-      async (did, forceRefresh) => {
-        const atprotoData = await idResolver.did.resolveAtprotoData(
-          did,
-          forceRefresh,
-        )
-        return atprotoData.signingKey
-      },
-    )
+    const payload = await verifyJwt(jwtStr, opts.aud, getSigningKey)
     return { credentials: { did: payload.iss }, artifacts: { aud: opts.aud } }
   }
+}
 
-export const authOptionalVerifier =
-  (idResolver: IdResolver, opts: { aud: string | null }) =>
-  async (reqCtx: { req: express.Request; res: express.Response }) => {
+export const authOptionalVerifier = (
+  idResolver: IdResolver,
+  opts: { aud: string | null },
+) => {
+  const verifyAccess = authVerifier(idResolver, opts)
+  return async (reqCtx: { req: express.Request; res: express.Response }) => {
     if (!reqCtx.req.headers.authorization) {
       return { credentials: { did: null } }
     }
-    return authVerifier(idResolver, opts)(reqCtx)
+    return verifyAccess(reqCtx)
   }
+}
 
 export const authOptionalAccessOrRoleVerifier = (
   idResolver: IdResolver,
@@ -127,9 +135,9 @@ export const buildBasicAuth = (username: string, password: string): string => {
 }
 
 export const getJwtStrFromReq = (req: express.Request): string | null => {
-  const { authorization = '' } = req.headers
-  if (!authorization.startsWith(BEARER)) {
+  const { authorization } = req.headers
+  if (!authorization?.startsWith(BEARER)) {
     return null
   }
-  return authorization.replace(BEARER, '').trim()
+  return authorization.slice(BEARER.length).trim()
 }