@atproto/pds 0.4.0 → 0.4.1

package/dist/lexicon/index.d.ts

@@ -20,6 +20,7 @@ import * as ComAtprotoAdminSearchRepos from './types/com/atproto/admin/searchRep
 import * as ComAtprotoAdminSendEmail from './types/com/atproto/admin/sendEmail';
 import * as ComAtprotoAdminUpdateAccountEmail from './types/com/atproto/admin/updateAccountEmail';
 import * as ComAtprotoAdminUpdateAccountHandle from './types/com/atproto/admin/updateAccountHandle';
+import * as ComAtprotoAdminUpdateAccountPassword from './types/com/atproto/admin/updateAccountPassword';
 import * as ComAtprotoAdminUpdateCommunicationTemplate from './types/com/atproto/admin/updateCommunicationTemplate';
 import * as ComAtprotoAdminUpdateSubjectStatus from './types/com/atproto/admin/updateSubjectStatus';
 import * as ComAtprotoIdentityGetRecommendedDidCredentials from './types/com/atproto/identity/getRecommendedDidCredentials';
@@ -192,6 +193,7 @@ export declare class ComAtprotoAdminNS {
     sendEmail<AV extends AuthVerifier>(cfg: ConfigOf<AV, ComAtprotoAdminSendEmail.Handler<ExtractAuth<AV>>, ComAtprotoAdminSendEmail.HandlerReqCtx<ExtractAuth<AV>>>): void;
     updateAccountEmail<AV extends AuthVerifier>(cfg: ConfigOf<AV, ComAtprotoAdminUpdateAccountEmail.Handler<ExtractAuth<AV>>, ComAtprotoAdminUpdateAccountEmail.HandlerReqCtx<ExtractAuth<AV>>>): void;
     updateAccountHandle<AV extends AuthVerifier>(cfg: ConfigOf<AV, ComAtprotoAdminUpdateAccountHandle.Handler<ExtractAuth<AV>>, ComAtprotoAdminUpdateAccountHandle.HandlerReqCtx<ExtractAuth<AV>>>): void;
+    updateAccountPassword<AV extends AuthVerifier>(cfg: ConfigOf<AV, ComAtprotoAdminUpdateAccountPassword.Handler<ExtractAuth<AV>>, ComAtprotoAdminUpdateAccountPassword.HandlerReqCtx<ExtractAuth<AV>>>): void;
     updateCommunicationTemplate<AV extends AuthVerifier>(cfg: ConfigOf<AV, ComAtprotoAdminUpdateCommunicationTemplate.Handler<ExtractAuth<AV>>, ComAtprotoAdminUpdateCommunicationTemplate.HandlerReqCtx<ExtractAuth<AV>>>): void;
     updateSubjectStatus<AV extends AuthVerifier>(cfg: ConfigOf<AV, ComAtprotoAdminUpdateSubjectStatus.Handler<ExtractAuth<AV>>, ComAtprotoAdminUpdateSubjectStatus.HandlerReqCtx<ExtractAuth<AV>>>): void;
 }

package/dist/lexicon/lexicons.d.ts

@@ -1695,6 +1695,32 @@ export declare const schemaDict: {
             };
         };
     };
+    ComAtprotoAdminUpdateAccountPassword: {
+        lexicon: number;
+        id: string;
+        defs: {
+            main: {
+                type: string;
+                description: string;
+                input: {
+                    encoding: string;
+                    schema: {
+                        type: string;
+                        required: string[];
+                        properties: {
+                            did: {
+                                type: string;
+                                format: string;
+                            };
+                            password: {
+                                type: string;
+                            };
+                        };
+                    };
+                };
+            };
+        };
+    };
     ComAtprotoAdminUpdateCommunicationTemplate: {
         lexicon: number;
         id: string;
@@ -8205,6 +8231,7 @@ export declare const ids: {
     ComAtprotoAdminSendEmail: string;
     ComAtprotoAdminUpdateAccountEmail: string;
     ComAtprotoAdminUpdateAccountHandle: string;
+    ComAtprotoAdminUpdateAccountPassword: string;
     ComAtprotoAdminUpdateCommunicationTemplate: string;
     ComAtprotoAdminUpdateSubjectStatus: string;
     ComAtprotoIdentityGetRecommendedDidCredentials: string;

package/dist/lexicon/types/app/bsky/actor/defs.d.ts

@@ -54,7 +54,7 @@ export interface ViewerState {
 }
 export declare function isViewerState(v: unknown): v is ViewerState;
 export declare function validateViewerState(v: unknown): ValidationResult;
-export type Preferences = (AdultContentPref | ContentLabelPref | SavedFeedsPref | PersonalDetailsPref | FeedViewPref | ThreadViewPref | InterestsPref | {
+export type Preferences = (AdultContentPref | ContentLabelPref | SavedFeedsPref | PersonalDetailsPref | FeedViewPref | ThreadViewPref | InterestsPref | MutedWordsPref | HiddenPostsPref | {
     $type: string;
     [k: string]: unknown;
 })[];

package/dist/lexicon/types/com/atproto/admin/updateAccountPassword.d.ts

@@ -0,0 +1,26 @@
+import express from 'express';
+import { HandlerAuth } from '@atproto/xrpc-server';
+export interface QueryParams {
+}
+export interface InputSchema {
+    did: string;
+    password: string;
+    [k: string]: unknown;
+}
+export interface HandlerInput {
+    encoding: 'application/json';
+    body: InputSchema;
+}
+export interface HandlerError {
+    status: number;
+    message?: string;
+}
+export type HandlerOutput = HandlerError | void;
+export type HandlerReqCtx<HA extends HandlerAuth = never> = {
+    auth: HA;
+    params: QueryParams;
+    input: HandlerInput;
+    req: express.Request;
+    res: express.Response;
+};
+export type Handler<HA extends HandlerAuth = never> = (ctx: HandlerReqCtx<HA>) => Promise<HandlerOutput> | HandlerOutput;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/pds",
-  "version": "0.4.0",
+  "version": "0.4.1",
   "license": "MIT",
   "description": "Reference implementation of atproto Personal Data Server (PDS)",
   "keywords": [
@@ -44,7 +44,7 @@
     "typed-emitter": "^2.1.0",
     "uint8arrays": "3.0.0",
     "zod": "^3.21.4",
-    "@atproto/api": "^0.10.0",
+    "@atproto/api": "^0.10.1",
     "@atproto/aws": "^0.1.7",
     "@atproto/common": "^0.3.3",
     "@atproto/crypto": "^0.3.0",
@@ -68,9 +68,9 @@
     "axios": "^0.27.2",
     "get-port": "^6.1.2",
     "ws": "^8.12.0",
-    "@atproto/api": "^0.10.0",
-    "@atproto/bsky": "^0.0.32",
-    "@atproto/dev-env": "^0.2.32",
+    "@atproto/api": "^0.10.1",
+    "@atproto/bsky": "^0.0.33",
+    "@atproto/dev-env": "^0.2.33",
     "@atproto/lex-cli": "^0.3.0"
   },
   "scripts": {

package/src/account-manager/index.ts

@@ -370,6 +370,11 @@ export class AccountManager {
       'reset_password',
       opts.token,
     )
+    await this.updateAccountPassword({ did, password: opts.password })
+  }
+
+  async updateAccountPassword(opts: { did: string; password: string }) {
+    const { did } = opts
     const passwordScrypt = await scrypt.genSaltAndHash(opts.password)
     await this.db.transaction(async (dbTxn) =>
       Promise.all([

package/src/api/com/atproto/admin/index.ts

@@ -15,6 +15,7 @@ import disableInviteCodes from './disableInviteCodes'
 import getInviteCodes from './getInviteCodes'
 import updateAccountHandle from './updateAccountHandle'
 import updateAccountEmail from './updateAccountEmail'
+import updateAccountPassword from './updateAccountPassword'
 import sendEmail from './sendEmail'
 import deleteAccount from './deleteAccount'
 import queryModerationStatuses from './queryModerationStatuses'
@@ -40,6 +41,7 @@ export default function (server: Server, ctx: AppContext) {
   getInviteCodes(server, ctx)
   updateAccountHandle(server, ctx)
   updateAccountEmail(server, ctx)
+  updateAccountPassword(server, ctx)
   sendEmail(server, ctx)
   deleteAccount(server, ctx)
   listCommunicationTemplates(server, ctx)

package/src/api/com/atproto/admin/updateAccountPassword.ts

@@ -0,0 +1,28 @@
+import { AuthRequiredError } from '@atproto/xrpc-server'
+import { Server } from '../../../../lexicon'
+import AppContext from '../../../../context'
+import { authPassthru } from '../../../proxy'
+
+export default function (server: Server, ctx: AppContext) {
+  server.com.atproto.admin.updateAccountPassword({
+    auth: ctx.authVerifier.role,
+    handler: async ({ input, auth, req }) => {
+      if (!auth.credentials.admin) {
+        throw new AuthRequiredError(
+          'Must be an admin to update an account password',
+        )
+      }
+
+      if (ctx.entrywayAgent) {
+        await ctx.entrywayAgent.com.atproto.admin.updateAccountPassword(
+          input.body,
+          authPassthru(req, true),
+        )
+        return
+      }
+
+      const { did, password } = input.body
+      await ctx.accountManager.updateAccountPassword({ did, password })
+    },
+  })
+}

package/src/config/config.ts

@@ -23,6 +23,7 @@ export const envToCfg = (env: ServerEnvironment): ServerConfig => {
     privacyPolicyUrl: env.privacyPolicyUrl,
     termsOfServiceUrl: env.termsOfServiceUrl,
     acceptingImports: env.acceptingImports ?? true,
+    blobUploadLimit: env.blobUploadLimit ?? 5 * 1024 * 1024, // 5mb
   }
 
   const dbLoc = (name: string) => {
@@ -275,9 +276,10 @@ export type ServiceConfig = {
   publicUrl: string
   did: string
   version?: string
-  acceptingImports: boolean
   privacyPolicyUrl?: string
   termsOfServiceUrl?: string
+  acceptingImports: boolean
+  blobUploadLimit: number
 }
 
 export type DatabaseConfig = {

package/src/config/env.ts

@@ -10,6 +10,7 @@ export const readEnv = (): ServerEnvironment => {
     privacyPolicyUrl: envStr('PDS_PRIVACY_POLICY_URL'),
     termsOfServiceUrl: envStr('PDS_TERMS_OF_SERVICE_URL'),
     acceptingImports: envBool('PDS_ACCEPTING_REPO_IMPORTS'),
+    blobUploadLimit: envInt('PDS_BLOB_UPLOAD_LIMIT'),
 
     // database
     dataDirectory: envStr('PDS_DATA_DIRECTORY'),
@@ -116,6 +117,7 @@ export type ServerEnvironment = {
   privacyPolicyUrl?: string
   termsOfServiceUrl?: string
   acceptingImports?: boolean
+  blobUploadLimit?: number
 
   // database
   dataDirectory?: string

package/src/index.ts

@@ -63,7 +63,7 @@ export class PDS {
       payload: {
         jsonLimit: 100 * 1024, // 100kb
         textLimit: 100 * 1024, // 100kb
-        blobLimit: 5 * 1024 * 1024, // 5mb
+        blobLimit: cfg.service.blobUploadLimit,
       },
     }
     if (cfg.rateLimits.enabled) {

package/src/lexicon/index.ts

@@ -30,6 +30,7 @@ import * as ComAtprotoAdminSearchRepos from './types/com/atproto/admin/searchRep
 import * as ComAtprotoAdminSendEmail from './types/com/atproto/admin/sendEmail'
 import * as ComAtprotoAdminUpdateAccountEmail from './types/com/atproto/admin/updateAccountEmail'
 import * as ComAtprotoAdminUpdateAccountHandle from './types/com/atproto/admin/updateAccountHandle'
+import * as ComAtprotoAdminUpdateAccountPassword from './types/com/atproto/admin/updateAccountPassword'
 import * as ComAtprotoAdminUpdateCommunicationTemplate from './types/com/atproto/admin/updateCommunicationTemplate'
 import * as ComAtprotoAdminUpdateSubjectStatus from './types/com/atproto/admin/updateSubjectStatus'
 import * as ComAtprotoIdentityGetRecommendedDidCredentials from './types/com/atproto/identity/getRecommendedDidCredentials'
@@ -444,6 +445,17 @@ export class ComAtprotoAdminNS {
     return this._server.xrpc.method(nsid, cfg)
   }
 
+  updateAccountPassword<AV extends AuthVerifier>(
+    cfg: ConfigOf<
+      AV,
+      ComAtprotoAdminUpdateAccountPassword.Handler<ExtractAuth<AV>>,
+      ComAtprotoAdminUpdateAccountPassword.HandlerReqCtx<ExtractAuth<AV>>
+    >,
+  ) {
+    const nsid = 'com.atproto.admin.updateAccountPassword' // @ts-ignore
+    return this._server.xrpc.method(nsid, cfg)
+  }
+
   updateCommunicationTemplate<AV extends AuthVerifier>(
     cfg: ConfigOf<
       AV,

package/src/lexicon/lexicons.ts

@@ -1863,6 +1863,33 @@ export const schemaDict = {
       },
     },
   },
+  ComAtprotoAdminUpdateAccountPassword: {
+    lexicon: 1,
+    id: 'com.atproto.admin.updateAccountPassword',
+    defs: {
+      main: {
+        type: 'procedure',
+        description:
+          'Update the password for a user account as an administrator.',
+        input: {
+          encoding: 'application/json',
+          schema: {
+            type: 'object',
+            required: ['did', 'password'],
+            properties: {
+              did: {
+                type: 'string',
+                format: 'did',
+              },
+              password: {
+                type: 'string',
+              },
+            },
+          },
+        },
+      },
+    },
+  },
   ComAtprotoAdminUpdateCommunicationTemplate: {
     lexicon: 1,
     id: 'com.atproto.admin.updateCommunicationTemplate',
@@ -5075,6 +5102,8 @@ export const schemaDict = {
             'lex:app.bsky.actor.defs#feedViewPref',
             'lex:app.bsky.actor.defs#threadViewPref',
             'lex:app.bsky.actor.defs#interestsPref',
+            'lex:app.bsky.actor.defs#mutedWordsPref',
+            'lex:app.bsky.actor.defs#hiddenPostsPref',
           ],
         },
       },
@@ -8860,6 +8889,8 @@ export const ids = {
   ComAtprotoAdminSendEmail: 'com.atproto.admin.sendEmail',
   ComAtprotoAdminUpdateAccountEmail: 'com.atproto.admin.updateAccountEmail',
   ComAtprotoAdminUpdateAccountHandle: 'com.atproto.admin.updateAccountHandle',
+  ComAtprotoAdminUpdateAccountPassword:
+    'com.atproto.admin.updateAccountPassword',
   ComAtprotoAdminUpdateCommunicationTemplate:
     'com.atproto.admin.updateCommunicationTemplate',
   ComAtprotoAdminUpdateSubjectStatus: 'com.atproto.admin.updateSubjectStatus',

package/src/lexicon/types/app/bsky/actor/defs.ts

@@ -114,6 +114,8 @@ export type Preferences = (
   | FeedViewPref
   | ThreadViewPref
   | InterestsPref
+  | MutedWordsPref
+  | HiddenPostsPref
   | { $type: string; [k: string]: unknown }
 )[]
 

package/src/lexicon/types/com/atproto/admin/updateAccountPassword.ts

@@ -0,0 +1,39 @@
+/**
+ * GENERATED CODE - DO NOT MODIFY
+ */
+import express from 'express'
+import { ValidationResult, BlobRef } from '@atproto/lexicon'
+import { lexicons } from '../../../../lexicons'
+import { isObj, hasProp } from '../../../../util'
+import { CID } from 'multiformats/cid'
+import { HandlerAuth, HandlerPipeThrough } from '@atproto/xrpc-server'
+
+export interface QueryParams {}
+
+export interface InputSchema {
+  did: string
+  password: string
+  [k: string]: unknown
+}
+
+export interface HandlerInput {
+  encoding: 'application/json'
+  body: InputSchema
+}
+
+export interface HandlerError {
+  status: number
+  message?: string
+}
+
+export type HandlerOutput = HandlerError | void
+export type HandlerReqCtx<HA extends HandlerAuth = never> = {
+  auth: HA
+  params: QueryParams
+  input: HandlerInput
+  req: express.Request
+  res: express.Response
+}
+export type Handler<HA extends HandlerAuth = never> = (
+  ctx: HandlerReqCtx<HA>,
+) => Promise<HandlerOutput> | HandlerOutput

package/tests/account.test.ts

@@ -559,4 +559,46 @@ describe('account', () => {
       }),
     ).resolves.toBeDefined()
   })
+
+  it('allows an admin to update password', async () => {
+    const tryUnauthed = agent.api.com.atproto.admin.updateAccountPassword({
+      did,
+      password: 'new-admin-pass',
+    })
+    await expect(tryUnauthed).rejects.toThrow('Authentication Required')
+
+    const tryAsModerator = agent.api.com.atproto.admin.updateAccountPassword(
+      { did, password: 'new-admin-pass' },
+      {
+        headers: network.pds.adminAuthHeaders('moderator'),
+        encoding: 'application/json',
+      },
+    )
+    await expect(tryAsModerator).rejects.toThrow(
+      'Must be an admin to update an account password',
+    )
+
+    await agent.api.com.atproto.admin.updateAccountPassword(
+      { did, password: 'new-admin-password' },
+      {
+        headers: network.pds.adminAuthHeaders('admin'),
+        encoding: 'application/json',
+      },
+    )
+
+    // old password fails
+    await expect(
+      agent.api.com.atproto.server.createSession({
+        identifier: did,
+        password,
+      }),
+    ).rejects.toThrow('Invalid identifier or password')
+
+    await expect(
+      agent.api.com.atproto.server.createSession({
+        identifier: did,
+        password: 'new-admin-password',
+      }),
+    ).resolves.toBeDefined()
+  })
 })