@atproto/bsky 0.0.36 → 0.0.37

package/dist/lexicon/lexicons.d.ts

@@ -779,6 +779,10 @@ export declare const schemaDict: {
                         type: string;
                         description: string;
                     };
+                    content: {
+                        type: string;
+                        description: string;
+                    };
                     comment: {
                         type: string;
                         description: string;
@@ -4731,6 +4735,7 @@ export declare const schemaDict: {
                     hideRepliesByUnfollowed: {
                         type: string;
                         description: string;
+                        default: boolean;
                     };
                     hideRepliesByLikeCount: {
                         type: string;

package/dist/lexicon/types/app/bsky/actor/defs.d.ts

@@ -88,7 +88,7 @@ export declare function validatePersonalDetailsPref(v: unknown): ValidationResul
 export interface FeedViewPref {
     feed: string;
     hideReplies?: boolean;
-    hideRepliesByUnfollowed?: boolean;
+    hideRepliesByUnfollowed: boolean;
     hideRepliesByLikeCount?: number;
     hideReposts?: boolean;
     hideQuotePosts?: boolean;

package/dist/lexicon/types/com/atproto/admin/defs.d.ts

@@ -313,6 +313,7 @@ export declare function isModEventUnmute(v: unknown): v is ModEventUnmute;
 export declare function validateModEventUnmute(v: unknown): ValidationResult;
 export interface ModEventEmail {
     subjectLine: string;
+    content?: string;
     comment?: string;
     [k: string]: unknown;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/bsky",
-  "version": "0.0.36",
+  "version": "0.0.37",
   "license": "MIT",
   "description": "Reference implementation of app.bsky App View (Bluesky API)",
   "keywords": [
@@ -41,8 +41,8 @@
     "sharp": "^0.32.6",
     "typed-emitter": "^2.1.0",
     "uint8arrays": "3.0.0",
+    "@atproto/api": "^0.10.5",
     "@atproto/common": "^0.3.3",
-    "@atproto/api": "^0.10.4",
     "@atproto/crypto": "^0.3.0",
     "@atproto/identity": "^0.3.2",
     "@atproto/lexicon": "^0.3.2",
@@ -62,10 +62,10 @@
     "@types/qs": "^6.9.7",
     "axios": "^0.27.2",
     "http2-express-bridge": "^1.0.7",
-    "@atproto/api": "^0.10.4",
-    "@atproto/dev-env": "^0.2.36",
+    "@atproto/api": "^0.10.5",
+    "@atproto/dev-env": "^0.2.37",
     "@atproto/lex-cli": "^0.3.1",
-    "@atproto/pds": "^0.4.4",
+    "@atproto/pds": "^0.4.5",
     "@atproto/xrpc": "^0.4.2"
   },
   "scripts": {

package/src/api/blob-resolver.ts

@@ -106,7 +106,9 @@ export async function resolveBlob(ctx: AppContext, did: string, cid: CID) {
     throw createError(404, 'Blob not found')
   }
 
-  const blobResult = await retryHttp(() => getBlob({ pds, did, cid: cidStr }))
+  const blobResult = await retryHttp(() =>
+    getBlob(ctx, { pds, did, cid: cidStr }),
+  )
   const imageStream: Readable = blobResult.data
   const verifyCid = new VerifyCidTransform(cid)
 
@@ -119,12 +121,40 @@ export async function resolveBlob(ctx: AppContext, did: string, cid: CID) {
   }
 }
 
-async function getBlob(opts: { pds: string; did: string; cid: string }) {
+async function getBlob(
+  ctx: AppContext,
+  opts: { pds: string; did: string; cid: string },
+) {
   const { pds, did, cid } = opts
   return axios.get(`${pds}/xrpc/com.atproto.sync.getBlob`, {
     params: { did, cid },
     decompress: true,
     responseType: 'stream',
     timeout: 5000, // 5sec of inactivity on the connection
+    headers: getRateLimitBypassHeaders(ctx, pds),
   })
 }
+
+function getRateLimitBypassHeaders(
+  ctx: AppContext,
+  pds: string,
+): { 'x-ratelimit-bypass'?: string } {
+  const {
+    blobRateLimitBypassKey: bypassKey,
+    blobRateLimitBypassHostname: bypassHostname,
+  } = ctx.cfg
+  if (!bypassKey || !bypassHostname) {
+    return {}
+  }
+  const url = new URL(pds)
+  if (bypassHostname.startsWith('.')) {
+    if (url.hostname.endsWith(bypassHostname)) {
+      return { 'x-ratelimit-bypass': bypassKey }
+    }
+  } else {
+    if (url.hostname === bypassHostname) {
+      return { 'x-ratelimit-bypass': bypassKey }
+    }
+  }
+  return {}
+}

package/src/api/com/atproto/admin/getAccountInfos.ts

@@ -5,7 +5,7 @@ import { INVALID_HANDLE } from '@atproto/syntax'
 
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.admin.getAccountInfos({
-    auth: ctx.authVerifier.roleOrAdminService,
+    auth: ctx.authVerifier.roleOrModService,
     handler: async ({ params }) => {
       const { dids } = params
       const actors = await ctx.hydrator.actor.getActors(dids, true)

package/src/api/com/atproto/admin/getSubjectStatus.ts

@@ -5,7 +5,7 @@ import { OutputSchema } from '../../../../lexicon/types/com/atproto/admin/getSub
 
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.admin.getSubjectStatus({
-    auth: ctx.authVerifier.roleOrAdminService,
+    auth: ctx.authVerifier.roleOrModService,
     handler: async ({ params }) => {
       const { did, uri, blob } = params
 

package/src/api/com/atproto/admin/updateSubjectStatus.ts

@@ -10,7 +10,7 @@ import { isMain as isStrongRef } from '../../../../lexicon/types/com/atproto/rep
 
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.admin.updateSubjectStatus({
-    auth: ctx.authVerifier.roleOrAdminService,
+    auth: ctx.authVerifier.roleOrModService,
     handler: async ({ input, auth }) => {
       const { canPerformTakedown } = ctx.authVerifier.parseCreds(auth)
       if (!canPerformTakedown) {

package/src/auth-verifier.ts

@@ -25,7 +25,7 @@ export enum RoleStatus {
 
 type NullOutput = {
   credentials: {
-    type: 'null'
+    type: 'none'
     iss: null
   }
 }
@@ -45,9 +45,9 @@ type RoleOutput = {
   }
 }
 
-type AdminServiceOutput = {
+type ModServiceOutput = {
   credentials: {
-    type: 'admin_service'
+    type: 'mod_service'
     aud: string
     iss: string
   }
@@ -55,18 +55,18 @@ type AdminServiceOutput = {
 
 export type AuthVerifierOpts = {
   ownDid: string
-  adminDid: string
+  modServiceDid: string
   adminPasses: string[]
 }
 
 export class AuthVerifier {
   public ownDid: string
-  public adminDid: string
+  public modServiceDid: string
   private adminPasses: Set<string>
 
   constructor(public dataplane: DataPlaneClient, opts: AuthVerifierOpts) {
     this.ownDid = opts.ownDid
-    this.adminDid = opts.adminDid
+    this.modServiceDid = opts.modServiceDid
     this.adminPasses = new Set(opts.adminPasses)
   }
 
@@ -83,13 +83,21 @@ export class AuthVerifier {
       if (!this.parseRoleCreds(ctx.req).admin) {
         throw new AuthRequiredError('bad credentials')
       }
-      return { credentials: { type: 'standard', iss, aud } }
+      return {
+        credentials: { type: 'standard', iss, aud },
+      }
     }
     const { iss, aud } = await this.verifyServiceJwt(ctx, {
       aud: this.ownDid,
       iss: null,
     })
-    return { credentials: { type: 'standard', iss, aud } }
+    return {
+      credentials: {
+        type: 'standard',
+        iss,
+        aud,
+      },
+    }
   }
 
   standardOptional = async (
@@ -159,19 +167,19 @@ export class AuthVerifier {
     }
   }
 
-  adminService = async (reqCtx: ReqCtx): Promise<AdminServiceOutput> => {
+  modService = async (reqCtx: ReqCtx): Promise<ModServiceOutput> => {
     const { iss, aud } = await this.verifyServiceJwt(reqCtx, {
       aud: this.ownDid,
-      iss: [this.adminDid],
+      iss: [this.modServiceDid, `${this.modServiceDid}#atproto_labeler`],
     })
-    return { credentials: { type: 'admin_service', aud, iss } }
+    return { credentials: { type: 'mod_service', aud, iss } }
   }
 
-  roleOrAdminService = async (
+  roleOrModService = async (
     reqCtx: ReqCtx,
-  ): Promise<RoleOutput | AdminServiceOutput> => {
+  ): Promise<RoleOutput | ModServiceOutput> => {
     if (isBearerToken(reqCtx.req)) {
-      return this.adminService(reqCtx)
+      return this.modService(reqCtx)
     } else {
       return this.role(reqCtx)
     }
@@ -195,12 +203,15 @@ export class AuthVerifier {
     opts: { aud: string | null; iss: string[] | null },
   ) {
     const getSigningKey = async (
-      did: string,
+      iss: string,
       _forceRefresh: boolean, // @TODO consider propagating to dataplane
     ): Promise<string> => {
-      if (opts.iss !== null && !opts.iss.includes(did)) {
+      if (opts.iss !== null && !opts.iss.includes(iss)) {
         throw new AuthRequiredError('Untrusted issuer', 'UntrustedIss')
       }
+      const [did, serviceId] = iss.split('#')
+      const keyId =
+        serviceId === 'atproto_labeler' ? 'atproto_label' : 'atproto'
       let identity: GetIdentityByDidResponse
       try {
         identity = await this.dataplane.getIdentityByDid({ did })
@@ -211,7 +222,7 @@ export class AuthVerifier {
         throw err
       }
       const keys = unpackIdentityKeys(identity.keys)
-      const didKey = getKeyAsDidKey(keys, { id: 'atproto' })
+      const didKey = getKeyAsDidKey(keys, { id: keyId })
       if (!didKey) {
         throw new AuthRequiredError('missing or bad key')
       }
@@ -226,26 +237,36 @@ export class AuthVerifier {
     return { iss: payload.iss, aud: payload.aud }
   }
 
+  isModService(iss: string): boolean {
+    return [
+      this.modServiceDid,
+      `${this.modServiceDid}#atproto_labeler`,
+    ].includes(iss)
+  }
+
   nullCreds(): NullOutput {
     return {
       credentials: {
-        type: 'null',
+        type: 'none',
         iss: null,
       },
     }
   }
 
   parseCreds(
-    creds: StandardOutput | RoleOutput | AdminServiceOutput | NullOutput,
+    creds: StandardOutput | RoleOutput | ModServiceOutput | NullOutput,
   ) {
     const viewer =
       creds.credentials.type === 'standard' ? creds.credentials.iss : null
     const canViewTakedowns =
       (creds.credentials.type === 'role' && creds.credentials.admin) ||
-      creds.credentials.type === 'admin_service'
+      creds.credentials.type === 'mod_service' ||
+      (creds.credentials.type === 'standard' &&
+        this.isModService(creds.credentials.iss))
     const canPerformTakedown =
       (creds.credentials.type === 'role' && creds.credentials.admin) ||
-      creds.credentials.type === 'admin_service'
+      creds.credentials.type === 'mod_service'
+
     return {
       viewer,
       canViewTakedowns,

package/src/config.ts

@@ -21,6 +21,8 @@ export interface ServerConfigValues {
   courierIgnoreBadTls?: boolean
   searchUrl?: string
   cdnUrl?: string
+  blobRateLimitBypassKey?: string
+  blobRateLimitBypassHostname?: string
   // identity
   didPlcUrl: string
   handleResolveNameservers?: string[]
@@ -76,6 +78,15 @@ export class ServerConfig {
     const courierIgnoreBadTls =
       process.env.BSKY_COURIER_IGNORE_BAD_TLS === 'true'
     assert(courierHttpVersion === '1.1' || courierHttpVersion === '2')
+    const blobRateLimitBypassKey =
+      process.env.BSKY_BLOB_RATE_LIMIT_BYPASS_KEY || undefined
+    // single domain would be e.g. "mypds.com", subdomains are supported with a leading dot e.g. ".mypds.com"
+    const blobRateLimitBypassHostname =
+      process.env.BSKY_BLOB_RATE_LIMIT_BYPASS_HOSTNAME || undefined
+    assert(
+      !blobRateLimitBypassKey || blobRateLimitBypassHostname,
+      'must specify a hostname when using a blob rate limit bypass key',
+    )
     const adminPasswords = envList(
       process.env.BSKY_ADMIN_PASSWORDS || process.env.BSKY_ADMIN_PASSWORD,
     )
@@ -106,6 +117,8 @@ export class ServerConfig {
       courierApiKey,
       courierHttpVersion,
       courierIgnoreBadTls,
+      blobRateLimitBypassKey,
+      blobRateLimitBypassHostname,
       adminPasswords,
       modServiceDid,
       ...stripUndefineds(overrides ?? {}),
@@ -197,6 +210,14 @@ export class ServerConfig {
     return this.cfg.cdnUrl
   }
 
+  get blobRateLimitBypassKey() {
+    return this.cfg.blobRateLimitBypassKey
+  }
+
+  get blobRateLimitBypassHostname() {
+    return this.cfg.blobRateLimitBypassHostname
+  }
+
   get didPlcUrl() {
     return this.cfg.didPlcUrl
   }

package/src/index.ts

@@ -100,7 +100,7 @@ export class BskyAppView {
 
     const authVerifier = new AuthVerifier(dataplane, {
       ownDid: config.serverDid,
-      adminDid: config.modServiceDid,
+      modServiceDid: config.modServiceDid,
       adminPasses: config.adminPasswords,
     })
 

package/src/lexicon/lexicons.ts

@@ -897,6 +897,10 @@ export const schemaDict = {
             type: 'string',
             description: 'The subject line of the email sent to the user.',
           },
+          content: {
+            type: 'string',
+            description: 'The content of the email sent to the user.',
+          },
           comment: {
             type: 'string',
             description: 'Additional comment about the outgoing comm.',
@@ -5180,6 +5184,7 @@ export const schemaDict = {
             type: 'boolean',
             description:
               'Hide replies in the feed if they are not by followed users.',
+            default: true,
           },
           hideRepliesByLikeCount: {
             type: 'integer',

package/src/lexicon/types/app/bsky/actor/defs.ts

@@ -197,7 +197,7 @@ export interface FeedViewPref {
   /** Hide replies in the feed. */
   hideReplies?: boolean
   /** Hide replies in the feed if they are not by followed users. */
-  hideRepliesByUnfollowed?: boolean
+  hideRepliesByUnfollowed: boolean
   /** Hide replies in the feed if they do not have this number of likes. */
   hideRepliesByLikeCount?: number
   /** Hide reposts in the feed. */

package/src/lexicon/types/com/atproto/admin/defs.ts

@@ -704,6 +704,8 @@ export function validateModEventUnmute(v: unknown): ValidationResult {
 export interface ModEventEmail {
   /** The subject line of the email sent to the user. */
   subjectLine: string
+  /** The content of the email sent to the user. */
+  content?: string
   /** Additional comment about the outgoing comm. */
   comment?: string
   [k: string]: unknown