@atproto/bsky 0.0.172 → 0.0.174

package/dist/lexicon/types/app/bsky/unspecced/checkHandleAvailability.d.ts

@@ -0,0 +1,58 @@
+/**
+ * GENERATED CODE - DO NOT MODIFY
+ */
+import { type ValidationResult } from '@atproto/lexicon';
+import { type $Typed } from '../../../../util';
+export type QueryParams = {
+    /** Tentative handle. Will be checked for availability or used to build handle suggestions. */
+    handle: string;
+    /** User-provided email. Might be used to build handle suggestions. */
+    email?: string;
+    /** User-provided birth date. Might be used to build handle suggestions. */
+    birthDate?: string;
+};
+export type InputSchema = undefined;
+export interface OutputSchema {
+    /** Echo of the input handle. */
+    handle: string;
+    result: $Typed<ResultAvailable> | $Typed<ResultUnavailable> | {
+        $type: string;
+    };
+}
+export type HandlerInput = void;
+export interface HandlerSuccess {
+    encoding: 'application/json';
+    body: OutputSchema;
+    headers?: {
+        [key: string]: string;
+    };
+}
+export interface HandlerError {
+    status: number;
+    message?: string;
+    error?: 'InvalidEmail';
+}
+export type HandlerOutput = HandlerError | HandlerSuccess;
+/** Indicates the provided handle is available. */
+export interface ResultAvailable {
+    $type?: 'app.bsky.unspecced.checkHandleAvailability#resultAvailable';
+}
+export declare function isResultAvailable<V>(v: V): v is import("../../../../util").$TypedObject<V, "app.bsky.unspecced.checkHandleAvailability", "resultAvailable">;
+export declare function validateResultAvailable<V>(v: V): ValidationResult<ResultAvailable & V>;
+/** Indicates the provided handle is unavailable and gives suggestions of available handles. */
+export interface ResultUnavailable {
+    $type?: 'app.bsky.unspecced.checkHandleAvailability#resultUnavailable';
+    /** List of suggested handles based on the provided inputs. */
+    suggestions: Suggestion[];
+}
+export declare function isResultUnavailable<V>(v: V): v is import("../../../../util").$TypedObject<V, "app.bsky.unspecced.checkHandleAvailability", "resultUnavailable">;
+export declare function validateResultUnavailable<V>(v: V): ValidationResult<ResultUnavailable & V>;
+export interface Suggestion {
+    $type?: 'app.bsky.unspecced.checkHandleAvailability#suggestion';
+    handle: string;
+    /** Method used to build this suggestion. Should be considered opaque to clients. Can be used for metrics. */
+    method: string;
+}
+export declare function isSuggestion<V>(v: V): v is import("../../../../util").$TypedObject<V, "app.bsky.unspecced.checkHandleAvailability", "suggestion">;
+export declare function validateSuggestion<V>(v: V): ValidationResult<Suggestion & V>;
+//# sourceMappingURL=checkHandleAvailability.d.ts.map

package/dist/lexicon/types/app/bsky/unspecced/checkHandleAvailability.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"checkHandleAvailability.d.ts","sourceRoot":"","sources":["../../../../../../src/lexicon/types/app/bsky/unspecced/checkHandleAvailability.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,KAAK,gBAAgB,EAAW,MAAM,kBAAkB,CAAA;AAGjE,OAAO,EACL,KAAK,MAAM,EAGZ,MAAM,kBAAkB,CAAA;AAMzB,MAAM,MAAM,WAAW,GAAG;IACxB,8FAA8F;IAC9F,MAAM,EAAE,MAAM,CAAA;IACd,sEAAsE;IACtE,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,2EAA2E;IAC3E,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,CAAA;AACD,MAAM,MAAM,WAAW,GAAG,SAAS,CAAA;AAEnC,MAAM,WAAW,YAAY;IAC3B,gCAAgC;IAChC,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EACF,MAAM,CAAC,eAAe,CAAC,GACvB,MAAM,CAAC,iBAAiB,CAAC,GACzB;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,CAAA;CACtB;AAED,MAAM,MAAM,YAAY,GAAG,IAAI,CAAA;AAE/B,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,kBAAkB,CAAA;IAC5B,IAAI,EAAE,YAAY,CAAA;IAClB,OAAO,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAA;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,KAAK,CAAC,EAAE,cAAc,CAAA;CACvB;AAED,MAAM,MAAM,aAAa,GAAG,YAAY,GAAG,cAAc,CAAA;AAEzD,kDAAkD;AAClD,MAAM,WAAW,eAAe;IAC9B,KAAK,CAAC,EAAE,4DAA4D,CAAA;CACrE;AAID,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,oHAExC;AAED,wBAAgB,uBAAuB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,yCAE9C;AAED,+FAA+F;AAC/F,MAAM,WAAW,iBAAiB;IAChC,KAAK,CAAC,EAAE,8DAA8D,CAAA;IACtE,8DAA8D;IAC9D,WAAW,EAAE,UAAU,EAAE,CAAA;CAC1B;AAID,wBAAgB,mBAAmB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,sHAE1C;AAED,wBAAgB,yBAAyB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,2CAEhD;AAED,MAAM,WAAW,UAAU;IACzB,KAAK,CAAC,EAAE,uDAAuD,CAAA;IAC/D,MAAM,EAAE,MAAM,CAAA;IACd,6GAA6G;IAC7G,MAAM,EAAE,MAAM,CAAA;CACf;AAID,wBAAgB,YAAY,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,+GAEnC;AAED,wBAAgB,kBAAkB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,oCAEzC"}

package/dist/lexicon/types/app/bsky/unspecced/checkHandleAvailability.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isResultAvailable = isResultAvailable;
+exports.validateResultAvailable = validateResultAvailable;
+exports.isResultUnavailable = isResultUnavailable;
+exports.validateResultUnavailable = validateResultUnavailable;
+exports.isSuggestion = isSuggestion;
+exports.validateSuggestion = validateSuggestion;
+const lexicons_1 = require("../../../../lexicons");
+const util_1 = require("../../../../util");
+const is$typed = util_1.is$typed, validate = lexicons_1.validate;
+const id = 'app.bsky.unspecced.checkHandleAvailability';
+const hashResultAvailable = 'resultAvailable';
+function isResultAvailable(v) {
+    return is$typed(v, id, hashResultAvailable);
+}
+function validateResultAvailable(v) {
+    return validate(v, id, hashResultAvailable);
+}
+const hashResultUnavailable = 'resultUnavailable';
+function isResultUnavailable(v) {
+    return is$typed(v, id, hashResultUnavailable);
+}
+function validateResultUnavailable(v) {
+    return validate(v, id, hashResultUnavailable);
+}
+const hashSuggestion = 'suggestion';
+function isSuggestion(v) {
+    return is$typed(v, id, hashSuggestion);
+}
+function validateSuggestion(v) {
+    return validate(v, id, hashSuggestion);
+}
+//# sourceMappingURL=checkHandleAvailability.js.map

package/dist/lexicon/types/app/bsky/unspecced/checkHandleAvailability.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"checkHandleAvailability.js","sourceRoot":"","sources":["../../../../../../src/lexicon/types/app/bsky/unspecced/checkHandleAvailability.ts"],"names":[],"mappings":";;AA0DA,8CAEC;AAED,0DAEC;AAWD,kDAEC;AAED,8DAEC;AAWD,oCAEC;AAED,gDAEC;AA7FD,mDAA4D;AAC5D,2CAIyB;AAEzB,MAAM,QAAQ,GAAG,eAAS,EACxB,QAAQ,GAAG,mBAAS,CAAA;AACtB,MAAM,EAAE,GAAG,4CAA4C,CAAA;AA0CvD,MAAM,mBAAmB,GAAG,iBAAiB,CAAA;AAE7C,SAAgB,iBAAiB,CAAI,CAAI;IACvC,OAAO,QAAQ,CAAC,CAAC,EAAE,EAAE,EAAE,mBAAmB,CAAC,CAAA;AAC7C,CAAC;AAED,SAAgB,uBAAuB,CAAI,CAAI;IAC7C,OAAO,QAAQ,CAAsB,CAAC,EAAE,EAAE,EAAE,mBAAmB,CAAC,CAAA;AAClE,CAAC;AASD,MAAM,qBAAqB,GAAG,mBAAmB,CAAA;AAEjD,SAAgB,mBAAmB,CAAI,CAAI;IACzC,OAAO,QAAQ,CAAC,CAAC,EAAE,EAAE,EAAE,qBAAqB,CAAC,CAAA;AAC/C,CAAC;AAED,SAAgB,yBAAyB,CAAI,CAAI;IAC/C,OAAO,QAAQ,CAAwB,CAAC,EAAE,EAAE,EAAE,qBAAqB,CAAC,CAAA;AACtE,CAAC;AASD,MAAM,cAAc,GAAG,YAAY,CAAA;AAEnC,SAAgB,YAAY,CAAI,CAAI;IAClC,OAAO,QAAQ,CAAC,CAAC,EAAE,EAAE,EAAE,cAAc,CAAC,CAAA;AACxC,CAAC;AAED,SAAgB,kBAAkB,CAAI,CAAI;IACxC,OAAO,QAAQ,CAAiB,CAAC,EAAE,EAAE,EAAE,cAAc,CAAC,CAAA;AACxD,CAAC"}

package/dist/lexicon/types/app/bsky/unspecced/initAgeAssurance.d.ts

@@ -23,6 +23,7 @@ export interface HandlerSuccess {
 export interface HandlerError {
     status: number;
     message?: string;
+    error?: 'InvalidEmail' | 'DidTooLong' | 'InvalidInitiation';
 }
 export type HandlerOutput = HandlerError | HandlerSuccess;
 //# sourceMappingURL=initAgeAssurance.d.ts.map

package/dist/lexicon/types/app/bsky/unspecced/initAgeAssurance.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"initAgeAssurance.d.ts","sourceRoot":"","sources":["../../../../../../src/lexicon/types/app/bsky/unspecced/initAgeAssurance.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,KAAK,oBAAoB,MAAM,WAAW,CAAA;AAMtD,MAAM,MAAM,WAAW,GAAG,EAAE,CAAA;AAE5B,MAAM,WAAW,WAAW;IAC1B,kEAAkE;IAClE,KAAK,EAAE,MAAM,CAAA;IACb,oFAAoF;IACpF,QAAQ,EAAE,MAAM,CAAA;IAChB,yDAAyD;IACzD,WAAW,EAAE,MAAM,CAAA;CACpB;AAED,MAAM,MAAM,YAAY,GAAG,oBAAoB,CAAC,iBAAiB,CAAA;AAEjE,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,kBAAkB,CAAA;IAC5B,IAAI,EAAE,WAAW,CAAA;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,kBAAkB,CAAA;IAC5B,IAAI,EAAE,YAAY,CAAA;IAClB,OAAO,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAA;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,MAAM,aAAa,GAAG,YAAY,GAAG,cAAc,CAAA"}
+{"version":3,"file":"initAgeAssurance.d.ts","sourceRoot":"","sources":["../../../../../../src/lexicon/types/app/bsky/unspecced/initAgeAssurance.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,KAAK,oBAAoB,MAAM,WAAW,CAAA;AAMtD,MAAM,MAAM,WAAW,GAAG,EAAE,CAAA;AAE5B,MAAM,WAAW,WAAW;IAC1B,kEAAkE;IAClE,KAAK,EAAE,MAAM,CAAA;IACb,oFAAoF;IACpF,QAAQ,EAAE,MAAM,CAAA;IAChB,yDAAyD;IACzD,WAAW,EAAE,MAAM,CAAA;CACpB;AAED,MAAM,MAAM,YAAY,GAAG,oBAAoB,CAAC,iBAAiB,CAAA;AAEjE,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,kBAAkB,CAAA;IAC5B,IAAI,EAAE,WAAW,CAAA;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,kBAAkB,CAAA;IAC5B,IAAI,EAAE,YAAY,CAAA;IAClB,OAAO,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAA;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,KAAK,CAAC,EAAE,cAAc,GAAG,YAAY,GAAG,mBAAmB,CAAA;CAC5D;AAED,MAAM,MAAM,aAAa,GAAG,YAAY,GAAG,cAAc,CAAA"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/bsky",
-  "version": "0.0.172",
+  "version": "0.0.174",
   "license": "MIT",
   "description": "Reference implementation of app.bsky App View (Bluesky API)",
   "keywords": [
@@ -37,6 +37,7 @@
     "jose": "^5.0.1",
     "key-encoder": "^2.0.3",
     "kysely": "^0.22.0",
+    "leo-profanity": "^1.8.0",
     "multiformats": "^9.9.0",
     "murmurhash": "^2.0.1",
     "p-queue": "^6.6.2",
@@ -52,16 +53,16 @@
     "zod": "3.23.8",
     "@atproto-labs/fetch-node": "0.1.9",
     "@atproto-labs/xrpc-utils": "0.0.17",
-    "@atproto/api": "^0.15.26",
     "@atproto/common": "^0.4.11",
     "@atproto/crypto": "^0.4.4",
     "@atproto/did": "^0.1.5",
     "@atproto/identity": "^0.4.8",
     "@atproto/lexicon": "^0.4.12",
-    "@atproto/repo": "^0.8.5",
     "@atproto/sync": "^0.1.29",
     "@atproto/syntax": "^0.4.0",
-    "@atproto/xrpc-server": "^0.9.0"
+    "@atproto/repo": "^0.8.5",
+    "@atproto/xrpc-server": "^0.9.0",
+    "@atproto/api": "^0.15.27"
   },
   "devDependencies": {
     "@bufbuild/buf": "^1.28.1",
@@ -76,9 +77,9 @@
     "jest": "^28.1.2",
     "ts-node": "^10.8.2",
     "typescript": "^5.6.3",
-    "@atproto/api": "^0.15.26",
+    "@atproto/api": "^0.15.27",
     "@atproto/lex-cli": "^0.9.0",
-    "@atproto/pds": "^0.4.161",
+    "@atproto/pds": "^0.4.162",
     "@atproto/xrpc": "^0.7.1"
   },
   "scripts": {

package/src/api/app/bsky/unspecced/checkHandleAvailability.ts

@@ -0,0 +1,291 @@
+import { isEmailValid } from '@hapi/address'
+import filter from 'leo-profanity'
+import * as ident from '@atproto/syntax'
+import { InvalidRequestError } from '@atproto/xrpc-server'
+import { AppContext } from '../../../../context'
+import { Server } from '../../../../lexicon'
+import {
+  QueryParams,
+  Suggestion,
+} from '../../../../lexicon/types/app/bsky/unspecced/checkHandleAvailability'
+
+// THIS IS A TEMPORARY UNSPECCED ROUTE
+export default function (server: Server, ctx: AppContext) {
+  server.app.bsky.unspecced.checkHandleAvailability({
+    handler: async ({ params }) => {
+      const { birthDate, email, handle } = validateParams(params)
+
+      if (isSlur(handle)) {
+        return {
+          encoding: 'application/json',
+          body: {
+            handle,
+            result: {
+              $type:
+                'app.bsky.unspecced.checkHandleAvailability#resultUnavailable',
+              suggestions: [],
+            },
+          },
+        }
+      }
+
+      const [did] = await ctx.hydrator.actor.getDids([handle], {
+        lookupUnidirectional: true,
+      })
+      if (!did) {
+        return {
+          encoding: 'application/json',
+          body: {
+            handle,
+            result: {
+              $type:
+                'app.bsky.unspecced.checkHandleAvailability#resultAvailable',
+            },
+          },
+        }
+      }
+
+      const suggestions = await getSuggestions(ctx, handle, email, birthDate)
+
+      return {
+        encoding: 'application/json',
+        body: {
+          handle,
+          result: {
+            $type:
+              'app.bsky.unspecced.checkHandleAvailability#resultUnavailable',
+            suggestions,
+          },
+        },
+      }
+    },
+  })
+}
+
+const validateParams = (params: QueryParams) => {
+  const { email } = params
+  if (email && !isEmailValid(email)) {
+    throw new InvalidRequestError('Invalid email address.', 'InvalidEmail')
+  }
+
+  return {
+    birthDate: params.birthDate,
+    email,
+    handle: ident.normalizeHandle(params.handle),
+  }
+}
+
+const uniqueSuggestions = (suggestions: Suggestion[]): Suggestion[] =>
+  suggestions.filter((s0, i, ss) => {
+    return ss.findIndex((s1) => s0.handle === s1.handle) === i
+  })
+
+/** Gets the target number of suggestions, ensuring uniqueness and availability. */
+const getSuggestions = async (
+  ctx: AppContext,
+  tentativeHandle: string,
+  email: string | undefined,
+  birthDate: string | undefined,
+): Promise<Suggestion[]> => {
+  const [subdomain, ...rest] = tentativeHandle.split('.')
+  const domain = rest.join('.')
+
+  let suggestions: Suggestion[] = []
+
+  const want = 5
+  let attempt = 0
+
+  const deterministic = await availableSuggestions(
+    ctx,
+    deterministicSuggestions(subdomain, email, birthDate),
+    tentativeHandle,
+    domain,
+  )
+  suggestions.push(...deterministic)
+
+  while (suggestions.length < want && attempt < 3) {
+    const random = await availableSuggestions(
+      ctx,
+      randomSuggestions(subdomain),
+      tentativeHandle,
+      domain,
+    )
+    suggestions.push(...random)
+
+    suggestions = uniqueSuggestions([...suggestions, ...random])
+    attempt++
+  }
+
+  return suggestions.slice(0, want)
+}
+
+type IntermediateSuggestion = {
+  subdomain: string
+  method: string
+}
+
+const availableSuggestions = async (
+  ctx: AppContext,
+  suggestions: IntermediateSuggestion[],
+  tentativeHandle: string,
+  domain: string,
+): Promise<Suggestion[]> => {
+  const join = (subdomain: string, domain: string) => `${subdomain}.${domain}`
+
+  const validSuggestions = suggestions
+    .filter((s) => {
+      // @TODO: from a magic number in the PDS code.
+      if (s.subdomain.length < 3) return false
+
+      // @TODO: from a magic number in the PDS code.
+      if (s.subdomain.length > 18) return false
+
+      const handle = join(s.subdomain, domain)
+      // @TODO: from a magic number in the entryway code.
+      if (handle.length > 30) return false
+
+      // Only valid, and not the tentative one.
+      return ident.isValidHandle(handle) && handle !== tentativeHandle
+    })
+    .map(
+      (s): Suggestion => ({
+        handle: join(s.subdomain, domain),
+        method: s.method,
+      }),
+    )
+
+  const dids = await ctx.hydrator.actor.getDids(
+    validSuggestions.map((s) => s.handle),
+    {
+      lookupUnidirectional: true,
+    },
+  )
+  return validSuggestions.filter((_, i) => !dids[i])
+}
+
+const deterministicSuggestions = (
+  subdomain: string,
+  email: string | undefined,
+  birthDate: string | undefined,
+): IntermediateSuggestion[] => {
+  const localPart = email
+    ?.split('@')[0]
+    .toLowerCase()
+    .replace('.', '-')
+    .replace(/[^a-zA-Z0-9-]/g, '')
+  const year = getYear(birthDate)
+
+  return [
+    ...suggestAppendDigits('handle_yob', subdomain, year),
+    ...suggestValue('email', localPart),
+    ...suggestAppendDigits('email_yob', localPart, year),
+  ]
+}
+
+const randomSuggestions = (subdomain: string): IntermediateSuggestion[] => [
+  ...suggestHyphens('hyphen', subdomain),
+  ...suggestAppendRandomDigits('random_digits', subdomain),
+]
+
+const avoidDigits = ['69']
+
+const getYear = (d: string | undefined): string | undefined => {
+  if (!d) return undefined
+
+  const date = new Date(d)
+  if (isNaN(date.getTime())) return undefined
+
+  const year = date.getFullYear().toString().slice(-2)
+  return avoidDigits.includes(year) ? undefined : year
+}
+
+const suggestValue = (
+  method: string,
+  s: string | undefined,
+): IntermediateSuggestion[] => {
+  if (!s) return []
+  return [{ subdomain: `${s}`, method }]
+}
+
+const suggestAppendDigits = (
+  method: string,
+  s: string | undefined,
+  d: string | undefined,
+): IntermediateSuggestion[] => {
+  if (!s || !d) return []
+
+  // If s already ends in digits, add an hyphen before appending the number.
+  const separator = /\d$/.test(s) ? '-' : ''
+  return [{ subdomain: `${s}${separator}${d}`, method }]
+}
+
+const suggestAppendRandomDigits = (
+  method: string,
+  s: string,
+): IntermediateSuggestion[] => {
+  const ss: IntermediateSuggestion[] = []
+  const want = 2
+  let got = 0
+  while (got < want) {
+    const randomDigits = Math.floor(Math.random() * 100).toString()
+    if (avoidDigits.includes(randomDigits)) continue
+    ss.push(...suggestAppendDigits(method, s, randomDigits))
+    got++
+  }
+  return ss
+}
+
+const suggestHyphens = (
+  method: string,
+  s: string,
+): IntermediateSuggestion[] => {
+  const ss: IntermediateSuggestion[] = []
+  // 2 suggestions or less, if the string is too short.
+  const want = Math.min(Math.floor(s.length / 2), 2)
+  let got = 0
+
+  while (got < want) {
+    // Exclude first and last character to avoid leading/trailing hyphens.
+    for (let i = 1; i < s.length && got < want; i++) {
+      // Randomly skip some combinations.
+      if (Math.random() > 0.5) continue
+
+      const left = s.slice(0, i)
+      const right = s.slice(i)
+      if (isSlur(left) || isSlur(right)) {
+        // Skip but count to avoid infinite loop.
+        got++
+        continue
+      }
+      ss.push({ subdomain: `${left}-${right}`, method })
+      got++
+    }
+  }
+
+  return ss
+}
+
+// regexes taken from: https://github.com/Blank-Cheque/Slurs
+/* eslint-disable no-misleading-character-class */
+const explicitSlurRegexes = [
+  /\b[cĆćĈĉČčĊċÇçḈḉȻȼꞒꞓꟄꞔƇƈɕ][hĤĥȞȟḦḧḢḣḨḩḤḥḪḫH̱ẖĦħⱧⱨꞪɦꞕΗНн][iÍíi̇́Ììi̇̀ĬĭÎîǏǐÏïḮḯĨĩi̇̃ĮįĮ́į̇́Į̃į̇̃ĪīĪ̀ī̀ỈỉȈȉI̋i̋ȊȋỊịꞼꞽḬḭƗɨᶖİiIıＩｉ1lĺľļḷḹl̃ḽḻłŀƚꝉⱡɫɬꞎꬷꬸꬹᶅɭȴＬｌ][nŃńǸǹŇňÑñṄṅŅņṆṇṊṋṈṉN̈n̈ƝɲŊŋꞐꞑꞤꞥᵰᶇɳȵꬻꬼИиПпＮｎ][kḰḱǨǩĶķḲḳḴḵƘƙⱩⱪᶄꝀꝁꝂꝃꝄꝅꞢꞣ][sŚśṤṥŜŝŠšṦṧṠṡŞşṢṣṨṩȘșS̩s̩ꞨꞩⱾȿꟅʂᶊᵴ]?\b/,
+  /\b[cĆćĈĉČčĊċÇçḈḉȻȼꞒꞓꟄꞔƇƈɕ][ÓóÒòŎŏÔôỐốỒồỖỗỔổǑǒÖöȪȫŐőÕõṌṍṎṏȬȭȮȯO͘o͘ȰȱØøǾǿǪǫǬǭŌōṒṓṐṑỎỏȌȍȎȏƠơỚớỜờỠỡỞởỢợỌọỘộO̩o̩Ò̩ò̩Ó̩ó̩ƟɵꝊꝋꝌꝍⱺＯｏ0]{2}[nŃńǸǹŇňÑñṄṅŅņṆṇṊṋṈṉN̈n̈ƝɲŊŋꞐꞑꞤꞥᵰᶇɳȵꬻꬼИиПпＮｎ][sŚśṤṥŜŝŠšṦṧṠṡŞşṢṣṨṩȘșS̩s̩ꞨꞩⱾȿꟅʂᶊᵴ]?\b/,
+  /\b[fḞḟƑƒꞘꞙᵮᶂ][aÁáÀàĂăẮắẰằẴẵẲẳÂâẤấẦầẪẫẨẩǍǎÅåǺǻÄäǞǟÃãȦȧǠǡĄąĄ́ą́Ą̃ą̃ĀāĀ̀ā̀ẢảȀȁA̋a̋ȂȃẠạẶặẬậḀḁȺⱥꞺꞻᶏẚＡａ@4][gǴǵĞğĜĝǦǧĠġG̃g̃ĢģḠḡǤǥꞠꞡƓɠᶃꬶＧｇqꝖꝗꝘꝙɋʠ]{1,2}([ÓóÒòŎŏÔôỐốỒồỖỗỔổǑǒÖöȪȫŐőÕõṌṍṎṏȬȭȮȯO͘o͘ȰȱØøǾǿǪǫǬǭŌōṒṓṐṑỎỏȌȍȎȏƠơỚớỜờỠỡỞởỢợỌọỘộO̩o̩Ò̩ò̩Ó̩ó̩ƟɵꝊꝋꝌꝍⱺＯｏ0e3ЄєЕеÉéÈèĔĕÊêẾếỀềỄễỂểÊ̄ê̄Ê̌ê̌ĚěËëẼẽĖėĖ́ė́Ė̃ė̃ȨȩḜḝĘęĘ́ę́Ę̃ę̃ĒēḖḗḔḕẺẻȄȅE̋e̋ȆȇẸẹỆệḘḙḚḛɆɇE̩e̩È̩è̩É̩é̩ᶒⱸꬴꬳＥｅiÍíi̇́Ììi̇̀ĬĭÎîǏǐÏïḮḯĨĩi̇̃ĮįĮ́į̇́Į̃į̇̃ĪīĪ̀ī̀ỈỉȈȉI̋i̋ȊȋỊịꞼꞽḬḭƗɨᶖİiIıＩｉ1lĺľļḷḹl̃ḽḻłŀƚꝉⱡɫɬꞎꬷꬸꬹᶅɭȴＬｌ][tŤťṪṫŢţṬṭȚțṰṱṮṯŦŧȾⱦƬƭƮʈT̈ẗᵵƫȶ]{1,2}([rŔŕŘřṘṙŖŗȐȑȒȓṚṛṜṝṞṟR̃r̃ɌɍꞦꞧⱤɽᵲᶉꭉ][yÝýỲỳŶŷY̊ẙŸÿỸỹẎẏȲȳỶỷỴỵɎɏƳƴỾỿ]|[rŔŕŘřṘṙŖŗȐȑȒȓṚṛṜṝṞṟR̃r̃ɌɍꞦꞧⱤɽᵲᶉꭉ][iÍíi̇́Ììi̇̀ĬĭÎîǏǐÏïḮḯĨĩi̇̃ĮįĮ́į̇́Į̃į̇̃ĪīĪ̀ī̀ỈỉȈȉI̋i̋ȊȋỊịꞼꞽḬḭƗɨᶖİiIıＩｉ1lĺľļḷḹl̃ḽḻłŀƚꝉⱡɫɬꞎꬷꬸꬹᶅɭȴＬｌ][e3ЄєЕеÉéÈèĔĕÊêẾếỀềỄễỂểÊ̄ê̄Ê̌ê̌ĚěËëẼẽĖėĖ́ė́Ė̃ė̃ȨȩḜḝĘęĘ́ę́Ę̃ę̃ĒēḖḗḔḕẺẻȄȅE̋e̋ȆȇẸẹỆệḘḙḚḛɆɇE̩e̩È̩è̩É̩é̩ᶒⱸꬴꬳＥｅ])?)?[sŚśṤṥŜŝŠšṦṧṠṡŞşṢṣṨṩȘșS̩s̩ꞨꞩⱾȿꟅʂᶊᵴ]?\b/,
+  /\b[kḰḱǨǩĶķḲḳḴḵƘƙⱩⱪᶄꝀꝁꝂꝃꝄꝅꞢꞣ][iÍíi̇́Ììi̇̀ĬĭÎîǏǐÏïḮḯĨĩi̇̃ĮįĮ́į̇́Į̃į̇̃ĪīĪ̀ī̀ỈỉȈȉI̋i̋ȊȋỊịꞼꞽḬḭƗɨᶖİiIıＩｉ1lĺľļḷḹl̃ḽḻłŀƚꝉⱡɫɬꞎꬷꬸꬹᶅɭȴＬｌyÝýỲỳŶŷY̊ẙŸÿỸỹẎẏȲȳỶỷỴỵɎɏƳƴỾỿ][kḰḱǨǩĶķḲḳḴḵƘƙⱩⱪᶄꝀꝁꝂꝃꝄꝅꞢꞣ][e3ЄєЕеÉéÈèĔĕÊêẾếỀềỄễỂểÊ̄ê̄Ê̌ê̌ĚěËëẼẽĖėĖ́ė́Ė̃ė̃ȨȩḜḝĘęĘ́ę́Ę̃ę̃ĒēḖḗḔḕẺẻȄȅE̋e̋ȆȇẸẹỆệḘḙḚḛɆɇE̩e̩È̩è̩É̩é̩ᶒⱸꬴꬳＥｅ]([rŔŕŘřṘṙŖŗȐȑȒȓṚṛṜṝṞṟR̃r̃ɌɍꞦꞧⱤɽᵲᶉꭉ][yÝýỲỳŶŷY̊ẙŸÿỸỹẎẏȲȳỶỷỴỵɎɏƳƴỾỿ]|[rŔŕŘřṘṙŖŗȐȑȒȓṚṛṜṝṞṟR̃r̃ɌɍꞦꞧⱤɽᵲᶉꭉ][iÍíi̇́Ììi̇̀ĬĭÎîǏǐÏïḮḯĨĩi̇̃ĮįĮ́į̇́Į̃į̇̃ĪīĪ̀ī̀ỈỉȈȉI̋i̋ȊȋỊịꞼꞽḬḭƗɨᶖİiIıＩｉ1lĺľļḷḹl̃ḽḻłŀƚꝉⱡɫɬꞎꬷꬸꬹᶅɭȴＬｌ][e3ЄєЕеÉéÈèĔĕÊêẾếỀềỄễỂểÊ̄ê̄Ê̌ê̌ĚěËëẼẽĖėĖ́ė́Ė̃ė̃ȨȩḜḝĘęĘ́ę́Ę̃ę̃ĒēḖḗḔḕẺẻȄȅE̋e̋ȆȇẸẹỆệḘḙḚḛɆɇE̩e̩È̩è̩É̩é̩ᶒⱸꬴꬳＥｅ])?[sŚśṤṥŜŝŠšṦṧṠṡŞşṢṣṨṩȘșS̩s̩ꞨꞩⱾȿꟅʂᶊᵴ]*\b/,
+  /\b[nŃńǸǹŇňÑñṄṅŅņṆṇṊṋṈṉN̈n̈ƝɲŊŋꞐꞑꞤꞥᵰᶇɳȵꬻꬼИиПпＮｎ][iÍíi̇́Ììi̇̀ĬĭÎîǏǐÏïḮḯĨĩi̇̃ĮįĮ́į̇́Į̃į̇̃ĪīĪ̀ī̀ỈỉȈȉI̋i̋ȊȋỊịꞼꞽḬḭƗɨᶖİiIıＩｉ1lĺľļḷḹl̃ḽḻłŀƚꝉⱡɫɬꞎꬷꬸꬹᶅɭȴＬｌoÓóÒòŎŏÔôỐốỒồỖỗỔổǑǒÖöȪȫŐőÕõṌṍṎṏȬȭȮȯO͘o͘ȰȱØøǾǿǪǫǬǭŌōṒṓṐṑỎỏȌȍȎȏƠơỚớỜờỠỡỞởỢợỌọỘộO̩o̩Ò̩ò̩Ó̩ó̩ƟɵꝊꝋꝌꝍⱺＯｏІіa4ÁáÀàĂăẮắẰằẴẵẲẳÂâẤấẦầẪẫẨẩǍǎÅåǺǻÄäǞǟÃãȦȧǠǡĄąĄ́ą́Ą̃ą̃ĀāĀ̀ā̀ẢảȀȁA̋a̋ȂȃẠạẶặẬậḀḁȺⱥꞺꞻᶏẚＡａ][gǴǵĞğĜĝǦǧĠġG̃g̃ĢģḠḡǤǥꞠꞡƓɠᶃꬶＧｇqꝖꝗꝘꝙɋʠ]{2}(l[e3ЄєЕеÉéÈèĔĕÊêẾếỀềỄễỂểÊ̄ê̄Ê̌ê̌ĚěËëẼẽĖėĖ́ė́Ė̃ė̃ȨȩḜḝĘęĘ́ę́Ę̃ę̃ĒēḖḗḔḕẺẻȄȅE̋e̋ȆȇẸẹỆệḘḙḚḛɆɇE̩e̩È̩è̩É̩é̩ᶒⱸꬴꬳＥｅ]t|[e3ЄєЕеÉéÈèĔĕÊêẾếỀềỄễỂểÊ̄ê̄Ê̌ê̌ĚěËëẼẽĖėĖ́ė́Ė̃ė̃ȨȩḜḝĘęĘ́ę́Ę̃ę̃ĒēḖḗḔḕẺẻȄȅE̋e̋ȆȇẸẹỆệḘḙḚḛɆɇE̩e̩È̩è̩É̩é̩ᶒⱸꬴꬳＥｅaÁáÀàĂăẮắẰằẴẵẲẳÂâẤấẦầẪẫẨẩǍǎÅåǺǻÄäǞǟÃãȦȧǠǡĄąĄ́ą́Ą̃ą̃ĀāĀ̀ā̀ẢảȀȁA̋a̋ȂȃẠạẶặẬậḀḁȺⱥꞺꞻᶏẚＡａ][rŔŕŘřṘṙŖŗȐȑȒȓṚṛṜṝṞṟR̃r̃ɌɍꞦꞧⱤɽᵲᶉꭉ]?|n[ÓóÒòŎŏÔôỐốỒồỖỗỔổǑǒÖöȪȫŐőÕõṌṍṎṏȬȭȮȯO͘o͘ȰȱØøǾǿǪǫǬǭŌōṒṓṐṑỎỏȌȍȎȏƠơỚớỜờỠỡỞởỢợỌọỘộO̩o̩Ò̩ò̩Ó̩ó̩ƟɵꝊꝋꝌꝍⱺＯｏ0][gǴǵĞğĜĝǦǧĠġG̃g̃ĢģḠḡǤǥꞠꞡƓɠᶃꬶＧｇqꝖꝗꝘꝙɋʠ]|[a4ÁáÀàĂăẮắẰằẴẵẲẳÂâẤấẦầẪẫẨẩǍǎÅåǺǻÄäǞǟÃãȦȧǠǡĄąĄ́ą́Ą̃ą̃ĀāĀ̀ā̀ẢảȀȁA̋a̋ȂȃẠạẶặẬậḀḁȺⱥꞺꞻᶏẚＡａ]?)?[sŚśṤṥŜŝŠšṦṧṠṡŞşṢṣṨṩȘșS̩s̩ꞨꞩⱾȿꟅʂᶊᵴ]?\b/,
+  /[nŃńǸǹŇňÑñṄṅŅņṆṇṊṋṈṉN̈n̈ƝɲŊŋꞐꞑꞤꞥᵰᶇɳȵꬻꬼИиПпＮｎ][iÍíi̇́Ììi̇̀ĬĭÎîǏǐÏïḮḯĨĩi̇̃ĮįĮ́į̇́Į̃į̇̃ĪīĪ̀ī̀ỈỉȈȉI̋i̋ȊȋỊịꞼꞽḬḭƗɨᶖİiIıＩｉ1lĺľļḷḹl̃ḽḻłŀƚꝉⱡɫɬꞎꬷꬸꬹᶅɭȴＬｌoÓóÒòŎŏÔôỐốỒồỖỗỔổǑǒÖöȪȫŐőÕõṌṍṎṏȬȭȮȯO͘o͘ȰȱØøǾǿǪǫǬǭŌōṒṓṐṑỎỏȌȍȎȏƠơỚớỜờỠỡỞởỢợỌọỘộO̩o̩Ò̩ò̩Ó̩ó̩ƟɵꝊꝋꝌꝍⱺＯｏІіa4ÁáÀàĂăẮắẰằẴẵẲẳÂâẤấẦầẪẫẨẩǍǎÅåǺǻÄäǞǟÃãȦȧǠǡĄąĄ́ą́Ą̃ą̃ĀāĀ̀ā̀ẢảȀȁA̋a̋ȂȃẠạẶặẬậḀḁȺⱥꞺꞻᶏẚＡａ][gǴǵĞğĜĝǦǧĠġG̃g̃ĢģḠḡǤǥꞠꞡƓɠᶃꬶＧｇqꝖꝗꝘꝙɋʠ]{2}(l[e3ЄєЕеÉéÈèĔĕÊêẾếỀềỄễỂểÊ̄ê̄Ê̌ê̌ĚěËëẼẽĖėĖ́ė́Ė̃ė̃ȨȩḜḝĘęĘ́ę́Ę̃ę̃ĒēḖḗḔḕẺẻȄȅE̋e̋ȆȇẸẹỆệḘḙḚḛɆɇE̩e̩È̩è̩É̩é̩ᶒⱸꬴꬳＥｅ]t|[e3ЄєЕеÉéÈèĔĕÊêẾếỀềỄễỂểÊ̄ê̄Ê̌ê̌ĚěËëẼẽĖėĖ́ė́Ė̃ė̃ȨȩḜḝĘęĘ́ę́Ę̃ę̃ĒēḖḗḔḕẺẻȄȅE̋e̋ȆȇẸẹỆệḘḙḚḛɆɇE̩e̩È̩è̩É̩é̩ᶒⱸꬴꬳＥｅ][rŔŕŘřṘṙŖŗȐȑȒȓṚṛṜṝṞṟR̃r̃ɌɍꞦꞧⱤɽᵲᶉꭉ])[sŚśṤṥŜŝŠšṦṧṠṡŞşṢṣṨṩȘșS̩s̩ꞨꞩⱾȿꟅʂᶊᵴ]?/,
+  /\b[tŤťṪṫŢţṬṭȚțṰṱṮṯŦŧȾⱦƬƭƮʈT̈ẗᵵƫȶ][rŔŕŘřṘṙŖŗȐȑȒȓṚṛṜṝṞṟR̃r̃ɌɍꞦꞧⱤɽᵲᶉꭉ][aÁáÀàĂăẮắẰằẴẵẲẳÂâẤấẦầẪẫẨẩǍǎÅåǺǻÄäǞǟÃãȦȧǠǡĄąĄ́ą́Ą̃ą̃ĀāĀ̀ā̀ẢảȀȁA̋a̋ȂȃẠạẶặẬậḀḁȺⱥꞺꞻᶏẚＡａ4]+[nŃńǸǹŇňÑñṄṅŅņṆṇṊṋṈṉN̈n̈ƝɲŊŋꞐꞑꞤꞥᵰᶇɳȵꬻꬼИиПпＮｎ]{1,2}([iÍíi̇́Ììi̇̀ĬĭÎîǏǐÏïḮḯĨĩi̇̃ĮįĮ́į̇́Į̃į̇̃ĪīĪ̀ī̀ỈỉȈȉI̋i̋ȊȋỊịꞼꞽḬḭƗɨᶖİiIıＩｉ1lĺľļḷḹl̃ḽḻłŀƚꝉⱡɫɬꞎꬷꬸꬹᶅɭȴＬｌ][e3ЄєЕеÉéÈèĔĕÊêẾếỀềỄễỂểÊ̄ê̄Ê̌ê̌ĚěËëẼẽĖėĖ́ė́Ė̃ė̃ȨȩḜḝĘęĘ́ę́Ę̃ę̃ĒēḖḗḔḕẺẻȄȅE̋e̋ȆȇẸẹỆệḘḙḚḛɆɇE̩e̩È̩è̩É̩é̩ᶒⱸꬴꬳＥｅ]|[yÝýỲỳŶŷY̊ẙŸÿỸỹẎẏȲȳỶỷỴỵɎɏƳƴỾỿ]|[e3ЄєЕеÉéÈèĔĕÊêẾếỀềỄễỂểÊ̄ê̄Ê̌ê̌ĚěËëẼẽĖėĖ́ė́Ė̃ė̃ȨȩḜḝĘęĘ́ę́Ę̃ę̃ĒēḖḗḔḕẺẻȄȅE̋e̋ȆȇẸẹỆệḘḙḚḛɆɇE̩e̩È̩è̩É̩é̩ᶒⱸꬴꬳＥｅ][rŔŕŘřṘṙŖŗȐȑȒȓṚṛṜṝṞṟR̃r̃ɌɍꞦꞧⱤɽᵲᶉꭉ])[sŚśṤṥŜŝŠšṦṧṠṡŞşṢṣṨṩȘșS̩s̩ꞨꞩⱾȿꟅʂᶊᵴ]?\b/,
+]
+
+const isSlur = (handle: string): boolean => {
+  return (
+    filter.check(handle) ||
+    explicitSlurRegexes.some(
+      (reg) =>
+        reg.test(handle) ||
+        reg.test(
+          handle.replaceAll('.', '').replaceAll('-', '').replaceAll('_', ''),
+        ),
+    )
+  )
+}

package/src/api/app/bsky/unspecced/initAgeAssurance.ts

@@ -8,7 +8,11 @@ import {
 } from '@atproto/xrpc-server'
 import { AppContext } from '../../../../context'
 import { GateID } from '../../../../feature-gates'
+import { KwsExternalPayloadError } from '../../../../kws'
 import { Server } from '../../../../lexicon'
+import { InputSchema } from '../../../../lexicon/types/app/bsky/unspecced/initAgeAssurance'
+import { httpLogger as log } from '../../../../logger'
+import { ActorInfo } from '../../../../proto/bsky_pb'
 import { KwsExternalPayload } from '../../../kws/types'
 import { createStashEvent, getClientUa } from '../../../kws/util'
 
@@ -30,25 +34,48 @@ export default function (server: Server, ctx: AppContext) {
         throw new ForbiddenError()
       }
 
-      const { email, language, countryCode } = input.body
-      if (!isEmailValid(email) || isDisposableEmail(email)) {
-        throw new InvalidRequestError(
-          'This email address is not supported, please use a different email.',
-        )
+      const actorInfo = await getAgeVerificationState(ctx, actorDid)
+
+      if (actorInfo?.ageAssuranceStatus) {
+        if (
+          actorInfo.ageAssuranceStatus.status !== 'unknown' &&
+          actorInfo.ageAssuranceStatus.status !== 'pending'
+        ) {
+          throw new InvalidRequestError(
+            `Cannot initiate age assurance flow from current state: ${actorInfo.ageAssuranceStatus.status}`,
+            'InvalidInitiation',
+          )
+        }
       }
 
+      const { countryCode, email, language } = validateInput(input.body)
+
       const attemptId = crypto.randomUUID()
       // Assumes `app.set('trust proxy', ...)` configured with `true` or specific values.
       const initIp = req.ip
       const initUa = getClientUa(req)
       const externalPayload: KwsExternalPayload = { actorDid, attemptId }
 
-      await ctx.kwsClient.sendEmail({
-        countryCode: countryCode.toUpperCase(),
-        email,
-        externalPayload,
-        language,
-      })
+      try {
+        await ctx.kwsClient.sendEmail({
+          countryCode: countryCode.toUpperCase(),
+          email,
+          externalPayload,
+          language,
+        })
+      } catch (err) {
+        if (err instanceof KwsExternalPayloadError) {
+          log.error(
+            { externalPayload },
+            'Age Assurance flow failed because external payload got too long, which is caused by the DID being too long',
+          )
+          throw new InvalidRequestError(
+            'Age Assurance flow failed because DID is too long',
+            'DidTooLong',
+          )
+        }
+        throw err
+      }
 
       const event = await createStashEvent(ctx, {
         actorDid,
@@ -69,3 +96,61 @@ export default function (server: Server, ctx: AppContext) {
     },
   })
 }
+
+// Supported languages for KWS Adult Verification.
+// This list comes from KWS's AV Developer Guide PDF doc.
+const kwsAvSupportedLanguages = [
+  'en',
+  'ar',
+  'zh-Hans',
+  'nl',
+  'tl',
+  'fr',
+  'de',
+  'id',
+  'it',
+  'ja',
+  'ko',
+  'pl',
+  'pt-BR',
+  'pt',
+  'ru',
+  'es',
+  'th',
+  'tr',
+  'vi',
+]
+
+const validateInput = (input: InputSchema): InputSchema => {
+  const { countryCode, email, language } = input
+
+  if (!isEmailValid(email) || isDisposableEmail(email)) {
+    throw new InvalidRequestError(
+      'This email address is not supported, please use a different email.',
+      'InvalidEmail',
+    )
+  }
+
+  return {
+    countryCode,
+    email,
+    language: kwsAvSupportedLanguages.includes(language) ? language : 'en',
+  }
+}
+
+const getAgeVerificationState = async (
+  ctx: AppContext,
+  actorDid: string,
+): Promise<ActorInfo | undefined> => {
+  try {
+    const res = await ctx.dataplane.getActors({
+      dids: [actorDid],
+      returnAgeAssuranceForDids: [actorDid],
+      skipCacheForDids: [actorDid],
+    })
+
+    return res.actors[0]
+  } catch (err) {
+    return undefined
+  }
+}

package/src/api/index.ts

@@ -51,6 +51,7 @@ import putPreferences from './app/bsky/notification/putPreferences'
 import putPreferencesV2 from './app/bsky/notification/putPreferencesV2'
 import registerPush from './app/bsky/notification/registerPush'
 import updateSeen from './app/bsky/notification/updateSeen'
+import checkHandleAvailability from './app/bsky/unspecced/checkHandleAvailability'
 import getAgeAssuranceState from './app/bsky/unspecced/getAgeAssuranceState'
 import getConfig from './app/bsky/unspecced/getConfig'
 import getPopularFeedGenerators from './app/bsky/unspecced/getPopularFeedGenerators'
@@ -142,6 +143,7 @@ export default function (server: Server, ctx: AppContext) {
   getConfig(server, ctx)
   getPopularFeedGenerators(server, ctx)
   getTaggedSuggestions(server, ctx)
+  checkHandleAvailability(server, ctx)
   getAgeAssuranceState(server, ctx)
   initAgeAssurance(server, ctx)
   // com.atproto

package/src/kws.ts

@@ -14,6 +14,9 @@ const authResponseSchema = z.object({
   access_token: z.string(),
 })
 
+const EXTERNAL_PAYLOAD_CHAR_LIMIT = 200
+export class KwsExternalPayloadError extends Error {}
+
 export class KwsClient {
   constructor(public cfg: KwsConfig) {}
 
@@ -76,6 +79,11 @@ export class KwsClient {
     externalPayload: KwsExternalPayload
     language: string
   }) {
+    const serializedExternalPayload = serializeExternalPayload(externalPayload)
+    if (serializedExternalPayload.length > EXTERNAL_PAYLOAD_CHAR_LIMIT) {
+      throw new KwsExternalPayloadError()
+    }
+
     const res = await this.fetchWithAuth(
       `${this.cfg.apiOrigin}/v1/verifications/send-email`,
       {
@@ -86,7 +94,7 @@ export class KwsClient {
         },
         body: JSON.stringify({
           email,
-          externalPayload: serializeExternalPayload(externalPayload),
+          externalPayload: serializedExternalPayload,
           language,
           location: countryCode,
           userContext: 'adult',