@atproto/bsky 0.0.82 → 0.0.84

package/src/lexicon/lexicons.ts

@@ -4190,6 +4190,10 @@ export const schemaDict = {
               ref: 'lex:com.atproto.label.defs#label',
             },
           },
+          pinnedPost: {
+            type: 'ref',
+            ref: 'lex:com.atproto.repo.strongRef',
+          },
         },
       },
       profileAssociated: {
@@ -4572,6 +4576,15 @@ export const schemaDict = {
               maxLength: 100,
             },
           },
+          nuxs: {
+            description: 'Storage for NUXs the user has encountered.',
+            type: 'array',
+            maxLength: 100,
+            items: {
+              type: 'ref',
+              ref: 'lex:app.bsky.actor.defs#nux',
+            },
+          },
         },
       },
       bskyAppProgressGuide: {
@@ -4586,6 +4599,34 @@ export const schemaDict = {
           },
         },
       },
+      nux: {
+        type: 'object',
+        description: 'A new user experiences (NUX) storage object',
+        required: ['id', 'completed'],
+        properties: {
+          id: {
+            type: 'string',
+            maxLength: 100,
+          },
+          completed: {
+            type: 'boolean',
+            default: false,
+          },
+          data: {
+            description:
+              'Arbitrary data for the NUX. The structure is defined by the NUX itself. Limited to 300 characters.',
+            type: 'string',
+            maxLength: 3000,
+            maxGraphemes: 300,
+          },
+          expiresAt: {
+            type: 'string',
+            format: 'datetime',
+            description:
+              'The date and time at which the NUX will expire and should be considered completed.',
+          },
+        },
+      },
     },
   },
   AppBskyActorGetPreferences: {
@@ -4775,6 +4816,10 @@ export const schemaDict = {
               type: 'ref',
               ref: 'lex:com.atproto.repo.strongRef',
             },
+            pinnedPost: {
+              type: 'ref',
+              ref: 'lex:com.atproto.repo.strongRef',
+            },
             createdAt: {
               type: 'string',
               format: 'datetime',
@@ -5431,6 +5476,9 @@ export const schemaDict = {
           embeddingDisabled: {
             type: 'boolean',
           },
+          pinned: {
+            type: 'boolean',
+          },
         },
       },
       feedViewPost: {
@@ -5447,7 +5495,10 @@ export const schemaDict = {
           },
           reason: {
             type: 'union',
-            refs: ['lex:app.bsky.feed.defs#reasonRepost'],
+            refs: [
+              'lex:app.bsky.feed.defs#reasonRepost',
+              'lex:app.bsky.feed.defs#reasonPin',
+            ],
           },
           feedContext: {
             type: 'string',
@@ -5499,6 +5550,10 @@ export const schemaDict = {
           },
         },
       },
+      reasonPin: {
+        type: 'object',
+        properties: {},
+      },
       threadViewPost: {
         type: 'object',
         required: ['post'],
@@ -5656,7 +5711,10 @@ export const schemaDict = {
           },
           reason: {
             type: 'union',
-            refs: ['lex:app.bsky.feed.defs#skeletonReasonRepost'],
+            refs: [
+              'lex:app.bsky.feed.defs#skeletonReasonRepost',
+              'lex:app.bsky.feed.defs#skeletonReasonPin',
+            ],
           },
           feedContext: {
             type: 'string',
@@ -5676,6 +5734,10 @@ export const schemaDict = {
           },
         },
       },
+      skeletonReasonPin: {
+        type: 'object',
+        properties: {},
+      },
       threadgateView: {
         type: 'object',
         properties: {
@@ -6041,6 +6103,10 @@ export const schemaDict = {
               ],
               default: 'posts_with_replies',
             },
+            includePins: {
+              type: 'boolean',
+              default: false,
+            },
           },
         },
         output: {
@@ -7125,7 +7191,7 @@ export const schemaDict = {
         type: 'record',
         key: 'tid',
         description:
-          "Record defining interaction gating rules for a thread (aka, reply controls). The record key (rkey) of the threadgate record must match the record key of the thread's root post, and that record must be in the same repository..",
+          "Record defining interaction gating rules for a thread (aka, reply controls). The record key (rkey) of the threadgate record must match the record key of the thread's root post, and that record must be in the same repository.",
         record: {
           type: 'object',
           required: ['post', 'createdAt'],
@@ -8199,6 +8265,12 @@ export const schemaDict = {
                   ref: 'lex:app.bsky.actor.defs#profileView',
                 },
               },
+              isFallback: {
+                type: 'boolean',
+                description:
+                  'If true, response has fallen-back to generic results, and is not scoped using relativeToDid',
+                default: false,
+              },
             },
           },
         },
@@ -9155,6 +9227,12 @@ export const schemaDict = {
                   ref: 'lex:app.bsky.unspecced.defs#skeletonSearchActor',
                 },
               },
+              relativeToDid: {
+                type: 'string',
+                format: 'did',
+                description:
+                  'DID of the account these suggestions are relative to. If this is returned undefined, suggestions are based on the viewer.',
+              },
             },
           },
         },

package/src/lexicon/types/app/bsky/actor/defs.ts

@@ -7,6 +7,7 @@ import { isObj, hasProp } from '../../../../util'
 import { CID } from 'multiformats/cid'
 import * as ComAtprotoLabelDefs from '../../../com/atproto/label/defs'
 import * as AppBskyGraphDefs from '../graph/defs'
+import * as ComAtprotoRepoStrongRef from '../../../com/atproto/repo/strongRef'
 
 export interface ProfileViewBasic {
   did: string
@@ -74,6 +75,7 @@ export interface ProfileViewDetailed {
   createdAt?: string
   viewer?: ViewerState
   labels?: ComAtprotoLabelDefs.Label[]
+  pinnedPost?: ComAtprotoRepoStrongRef.Main
   [k: string]: unknown
 }
 
@@ -469,6 +471,8 @@ export interface BskyAppStatePref {
   activeProgressGuide?: BskyAppProgressGuide
   /** An array of tokens which identify nudges (modals, popups, tours, highlight dots) that should be shown to the user. */
   queuedNudges?: string[]
+  /** Storage for NUXs the user has encountered. */
+  nuxs?: Nux[]
   [k: string]: unknown
 }
 
@@ -501,3 +505,24 @@ export function isBskyAppProgressGuide(v: unknown): v is BskyAppProgressGuide {
 export function validateBskyAppProgressGuide(v: unknown): ValidationResult {
   return lexicons.validate('app.bsky.actor.defs#bskyAppProgressGuide', v)
 }
+
+/** A new user experiences (NUX) storage object */
+export interface Nux {
+  id: string
+  completed: boolean
+  /** Arbitrary data for the NUX. The structure is defined by the NUX itself. Limited to 300 characters. */
+  data?: string
+  /** The date and time at which the NUX will expire and should be considered completed. */
+  expiresAt?: string
+  [k: string]: unknown
+}
+
+export function isNux(v: unknown): v is Nux {
+  return (
+    isObj(v) && hasProp(v, '$type') && v.$type === 'app.bsky.actor.defs#nux'
+  )
+}
+
+export function validateNux(v: unknown): ValidationResult {
+  return lexicons.validate('app.bsky.actor.defs#nux', v)
+}

package/src/lexicon/types/app/bsky/actor/profile.ts

@@ -20,6 +20,7 @@ export interface Record {
     | ComAtprotoLabelDefs.SelfLabels
     | { $type: string; [k: string]: unknown }
   joinedViaStarterPack?: ComAtprotoRepoStrongRef.Main
+  pinnedPost?: ComAtprotoRepoStrongRef.Main
   createdAt?: string
   [k: string]: unknown
 }

package/src/lexicon/types/app/bsky/feed/defs.ts

@@ -55,6 +55,7 @@ export interface ViewerState {
   threadMuted?: boolean
   replyDisabled?: boolean
   embeddingDisabled?: boolean
+  pinned?: boolean
   [k: string]: unknown
 }
 
@@ -73,7 +74,7 @@ export function validateViewerState(v: unknown): ValidationResult {
 export interface FeedViewPost {
   post: PostView
   reply?: ReplyRef
-  reason?: ReasonRepost | { $type: string; [k: string]: unknown }
+  reason?: ReasonRepost | ReasonPin | { $type: string; [k: string]: unknown }
   /** Context provided by feed generator that may be passed back alongside interactions. */
   feedContext?: string
   [k: string]: unknown
@@ -134,6 +135,22 @@ export function validateReasonRepost(v: unknown): ValidationResult {
   return lexicons.validate('app.bsky.feed.defs#reasonRepost', v)
 }
 
+export interface ReasonPin {
+  [k: string]: unknown
+}
+
+export function isReasonPin(v: unknown): v is ReasonPin {
+  return (
+    isObj(v) &&
+    hasProp(v, '$type') &&
+    v.$type === 'app.bsky.feed.defs#reasonPin'
+  )
+}
+
+export function validateReasonPin(v: unknown): ValidationResult {
+  return lexicons.validate('app.bsky.feed.defs#reasonPin', v)
+}
+
 export interface ThreadViewPost {
   post: PostView
   parent?:
@@ -265,7 +282,10 @@ export function validateGeneratorViewerState(v: unknown): ValidationResult {
 
 export interface SkeletonFeedPost {
   post: string
-  reason?: SkeletonReasonRepost | { $type: string; [k: string]: unknown }
+  reason?:
+    | SkeletonReasonRepost
+    | SkeletonReasonPin
+    | { $type: string; [k: string]: unknown }
   /** Context that will be passed through to client and may be passed to feed generator back alongside interactions. */
   feedContext?: string
   [k: string]: unknown
@@ -300,6 +320,22 @@ export function validateSkeletonReasonRepost(v: unknown): ValidationResult {
   return lexicons.validate('app.bsky.feed.defs#skeletonReasonRepost', v)
 }
 
+export interface SkeletonReasonPin {
+  [k: string]: unknown
+}
+
+export function isSkeletonReasonPin(v: unknown): v is SkeletonReasonPin {
+  return (
+    isObj(v) &&
+    hasProp(v, '$type') &&
+    v.$type === 'app.bsky.feed.defs#skeletonReasonPin'
+  )
+}
+
+export function validateSkeletonReasonPin(v: unknown): ValidationResult {
+  return lexicons.validate('app.bsky.feed.defs#skeletonReasonPin', v)
+}
+
 export interface ThreadgateView {
   uri?: string
   cid?: string

package/src/lexicon/types/app/bsky/feed/getAuthorFeed.ts

@@ -20,6 +20,7 @@ export interface QueryParams {
     | 'posts_with_media'
     | 'posts_and_author_threads'
     | (string & {})
+  includePins: boolean
 }
 
 export type InputSchema = undefined

package/src/lexicon/types/app/bsky/graph/getSuggestedFollowsByActor.ts

@@ -17,6 +17,8 @@ export type InputSchema = undefined
 
 export interface OutputSchema {
   suggestions: AppBskyActorDefs.ProfileView[]
+  /** If true, response has fallen-back to generic results, and is not scoped using relativeToDid */
+  isFallback?: boolean
   [k: string]: unknown
 }
 

package/src/lexicon/types/app/bsky/unspecced/getSuggestionsSkeleton.ts

@@ -23,6 +23,8 @@ export type InputSchema = undefined
 export interface OutputSchema {
   cursor?: string
   actors: AppBskyUnspeccedDefs.SkeletonSearchActor[]
+  /** DID of the account these suggestions are relative to. If this is returned undefined, suggestions are based on the viewer. */
+  relativeToDid?: string
   [k: string]: unknown
 }
 

package/src/views/index.ts

@@ -16,6 +16,7 @@ import {
   NotFoundPost,
   PostView,
   ReasonRepost,
+  ReasonPin,
   ReplyRef,
   ThreadViewPost,
   ThreadgateView,
@@ -169,6 +170,7 @@ export class Views {
       joinedViaStarterPack: actor.profile?.joinedViaStarterPack
         ? this.starterPackBasic(actor.profile.joinedViaStarterPack.uri, state)
         : undefined,
+      pinnedPost: actor.profile?.pinnedPost,
     }
   }
 
@@ -606,6 +608,7 @@ export class Views {
             threadMuted: viewer.threadMuted,
             replyDisabled: this.userReplyDisabled(uri, state),
             embeddingDisabled: this.userPostEmbeddingDisabled(uri, state),
+            pinned: this.viewerPinned(uri, state, authorDid),
           }
         : undefined,
       labels,
@@ -620,8 +623,10 @@ export class Views {
     state: HydrationState,
   ): FeedViewPost | undefined {
     const postInfo = state.posts?.get(item.post.uri)
-    let reason: ReasonRepost | undefined
-    if (item.repost) {
+    let reason: ReasonRepost | ReasonPin | undefined
+    if (item.authorPinned) {
+      reason = this.reasonPin()
+    } else if (item.repost) {
       const repost = state.reposts?.get(item.repost.uri)
       if (!repost) return
       if (repost.record.subject.uri !== item.post.uri) return
@@ -723,6 +728,12 @@ export class Views {
     }
   }
 
+  reasonPin() {
+    return {
+      $type: 'app.bsky.feed.defs#reasonPin',
+    }
+  }
+
   // Threads
   // ------------
 
@@ -1128,6 +1139,15 @@ export class Views {
     return true
   }
 
+  viewerPinned(uri: string, state: HydrationState, authorDid: string) {
+    if (!state.ctx?.viewer || state.ctx.viewer !== authorDid) return
+    const actor = state.actors?.get(authorDid)
+    if (!actor) return
+    const pinnedPost = actor.profile?.pinnedPost
+    if (!pinnedPost) return undefined
+    return pinnedPost.uri === uri
+  }
+
   notification(
     notif: Notification,
     lastSeenAt: string | undefined,

package/tests/entryway-auth.test.ts

@@ -0,0 +1,174 @@
+import * as nodeCrypto from 'node:crypto'
+import KeyEncoder from 'key-encoder'
+import * as ui8 from 'uint8arrays'
+import * as jose from 'jose'
+import * as crypto from '@atproto/crypto'
+import { AtpAgent, AtUri } from '@atproto/api'
+import { basicSeed, SeedClient, TestNetwork } from '@atproto/dev-env'
+import assert from 'node:assert'
+import { MINUTE } from '@atproto/common'
+
+const keyEncoder = new KeyEncoder('secp256k1')
+
+const derivePrivKey = async (
+  keypair: crypto.ExportableKeypair,
+): Promise<nodeCrypto.KeyObject> => {
+  const privKeyRaw = await keypair.export()
+  const privKeyEncoded = keyEncoder.encodePrivate(
+    ui8.toString(privKeyRaw, 'hex'),
+    'raw',
+    'pem',
+  )
+  return nodeCrypto.createPrivateKey(privKeyEncoded)
+}
+
+// @NOTE temporary measure, see note on entrywaySession in bsky/src/auth-verifier.ts
+describe('entryway auth', () => {
+  let network: TestNetwork
+  let agent: AtpAgent
+  let sc: SeedClient
+  let alice: string
+  let jwtPrivKey: nodeCrypto.KeyObject
+
+  beforeAll(async () => {
+    const keypair = await crypto.Secp256k1Keypair.create({ exportable: true })
+    jwtPrivKey = await derivePrivKey(keypair)
+    const entrywayJwtPublicKeyHex = ui8.toString(
+      keypair.publicKeyBytes(),
+      'hex',
+    )
+
+    network = await TestNetwork.create({
+      dbPostgresSchema: 'bsky_entryway_auth',
+      bsky: {
+        entrywayJwtPublicKeyHex,
+      },
+    })
+    agent = network.bsky.getClient()
+    sc = network.getSeedClient()
+    await basicSeed(sc)
+    await network.processAll()
+    alice = sc.dids.alice
+  })
+
+  afterAll(async () => {
+    await network.close()
+  })
+
+  it('works', async () => {
+    const signer = new jose.SignJWT({ scope: 'com.atproto.access' })
+      .setSubject(alice)
+      .setIssuedAt()
+      .setExpirationTime('60mins')
+      .setAudience('did:web:fake.server.bsky.network')
+      .setProtectedHeader({
+        typ: 'at+jwt', // https://www.rfc-editor.org/rfc/rfc9068.html
+        alg: 'ES256K',
+      })
+    const token = await signer.sign(jwtPrivKey)
+    const res = await agent.app.bsky.actor.getProfile(
+      { actor: sc.dids.bob },
+      { headers: { authorization: `Bearer ${token}` } },
+    )
+    expect(res.data.did).toEqual(sc.dids.bob)
+    // ensure this request is personalized for alice
+    const followingUri = res.data.viewer?.following
+    assert(followingUri)
+    const parsed = new AtUri(followingUri)
+    expect(parsed.hostname).toEqual(alice)
+  })
+
+  it('does not work on bad scopes', async () => {
+    const signer = new jose.SignJWT({ scope: 'com.atproto.refresh' })
+      .setSubject(alice)
+      .setIssuedAt()
+      .setExpirationTime('60mins')
+      .setAudience('did:web:fake.server.bsky.network')
+      .setProtectedHeader({
+        typ: 'at+jwt', // https://www.rfc-editor.org/rfc/rfc9068.html
+        alg: 'ES256K',
+      })
+    const token = await signer.sign(jwtPrivKey)
+    const attempt = agent.app.bsky.actor.getProfile(
+      { actor: sc.dids.bob },
+      { headers: { authorization: `Bearer ${token}` } },
+    )
+    await expect(attempt).rejects.toThrow('Bad token scope')
+  })
+
+  it('does not work on expired tokens', async () => {
+    const time = Math.floor((Date.now() - 5 * MINUTE) / 1000)
+    const signer = new jose.SignJWT({ scope: 'com.atproto.access' })
+      .setSubject(alice)
+      .setIssuedAt()
+      .setExpirationTime(time)
+      .setAudience('did:web:fake.server.bsky.network')
+      .setProtectedHeader({
+        typ: 'at+jwt', // https://www.rfc-editor.org/rfc/rfc9068.html
+        alg: 'ES256K',
+      })
+    const token = await signer.sign(jwtPrivKey)
+    const attempt = agent.app.bsky.actor.getProfile(
+      { actor: sc.dids.bob },
+      { headers: { authorization: `Bearer ${token}` } },
+    )
+    await expect(attempt).rejects.toThrow('Token has expired')
+  })
+
+  it('does not work on bad auds', async () => {
+    const signer = new jose.SignJWT({ scope: 'com.atproto.access' })
+      .setSubject(alice)
+      .setIssuedAt()
+      .setExpirationTime('60mins')
+      .setAudience('did:web:my.personal.pds.com')
+      .setProtectedHeader({
+        typ: 'at+jwt', // https://www.rfc-editor.org/rfc/rfc9068.html
+        alg: 'ES256K',
+      })
+    const token = await signer.sign(jwtPrivKey)
+    const attempt = agent.app.bsky.actor.getProfile(
+      { actor: sc.dids.bob },
+      { headers: { authorization: `Bearer ${token}` } },
+    )
+    await expect(attempt).rejects.toThrow('Bad token aud')
+  })
+
+  it('does not work with bad signatures', async () => {
+    const fakeKey = await crypto.Secp256k1Keypair.create({ exportable: true })
+    const fakeJwtKey = await derivePrivKey(fakeKey)
+    const signer = new jose.SignJWT({ scope: 'com.atproto.access' })
+      .setSubject(alice)
+      .setIssuedAt()
+      .setExpirationTime('60mins')
+      .setAudience('did:web:my.personal.pds.com')
+      .setProtectedHeader({
+        typ: 'at+jwt', // https://www.rfc-editor.org/rfc/rfc9068.html
+        alg: 'ES256K',
+      })
+    const token = await signer.sign(fakeJwtKey)
+    const attempt = agent.app.bsky.actor.getProfile(
+      { actor: sc.dids.bob },
+      { headers: { authorization: `Bearer ${token}` } },
+    )
+    await expect(attempt).rejects.toThrow('Token could not be verified')
+  })
+
+  it('does not work on flexible aud routes', async () => {
+    const signer = new jose.SignJWT({ scope: 'com.atproto.access' })
+      .setSubject(alice)
+      .setIssuedAt()
+      .setExpirationTime('60mins')
+      .setAudience('did:web:fake.server.bsky.network')
+      .setProtectedHeader({
+        typ: 'at+jwt', // https://www.rfc-editor.org/rfc/rfc9068.html
+        alg: 'ES256K',
+      })
+    const token = await signer.sign(jwtPrivKey)
+    const feedUri = AtUri.make(alice, 'app.bsky.feed.generator', 'fake-feed')
+    const attempt = agent.app.bsky.feed.getFeed(
+      { feed: feedUri.toString() },
+      { headers: { authorization: `Bearer ${token}` } },
+    )
+    await expect(attempt).rejects.toThrow('Malformed token')
+  })
+})