npm - @atproto/pds - Versions diffs - 0.4.102 → 0.4.104 - Mend

@atproto/pds 0.4.102 → 0.4.104

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (163) hide show

package/src/api/com/atproto/server/confirmEmail.ts CHANGED Viewed

@@ -1,4 +1,3 @@
-import assert from 'node:assert'
 import { InvalidRequestError } from '@atproto/xrpc-server'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
@@ -7,7 +6,7 @@ import { ids } from '../../../../lexicon/lexicons'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.confirmEmail({
     auth: ctx.authVerifier.accessStandard({ checkTakedown: true }),
-    handler: async ({ auth, input }) => {
+    handler: async ({ auth, input, req }) => {
       const did = auth.credentials.did
       const user = await ctx.accountManager.getAccount(did, {
@@ -18,12 +17,11 @@ export default function (server: Server, ctx: AppContext) {
       }
       if (ctx.entrywayAgent) {
-        assert(ctx.cfg.entryway)
         await ctx.entrywayAgent.com.atproto.server.confirmEmail(
           input.body,
-          await ctx.serviceAuthHeaders(
+          await ctx.entrywayAuthHeaders(
+            req,
             auth.credentials.did,
-            ctx.cfg.entryway.did,
             ids.ComAtprotoServerConfirmEmail,
           ),
         )

package/src/api/com/atproto/server/createAppPassword.ts CHANGED Viewed

@@ -1,4 +1,3 @@
-import assert from 'node:assert'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 import { ids } from '../../../../lexicon/lexicons'
@@ -9,16 +8,14 @@ export default function (server: Server, ctx: AppContext) {
     auth: ctx.authVerifier.accessFull({
       checkTakedown: true,
     }),
-    handler: async ({ auth, input }) => {
+    handler: async ({ auth, input, req }) => {
       if (ctx.entrywayAgent) {
-        assert(ctx.cfg.entryway)
         return resultPassthru(
           await ctx.entrywayAgent.com.atproto.server.createAppPassword(
             input.body,
-            await ctx.serviceAuthHeaders(
+            await ctx.entrywayAuthHeaders(
+              req,
               auth.credentials.did,
-              ctx.cfg.entryway.did,
               ids.ComAtprotoServerCreateAppPassword,
             ),
           ),

package/src/api/com/atproto/server/createSession.ts CHANGED Viewed

@@ -4,7 +4,7 @@ import { AuthRequiredError } from '@atproto/xrpc-server'
 import { formatAccountStatus } from '../../../../account-manager'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
-import { authPassthru, resultPassthru } from '../../../proxy'
+import { resultPassthru } from '../../../proxy'
 import { didDocForSession } from './util'
 export default function (server: Server, ctx: AppContext) {
@@ -26,7 +26,7 @@ export default function (server: Server, ctx: AppContext) {
         return resultPassthru(
           await ctx.entrywayAgent.com.atproto.server.createSession(
             input.body,
-            authPassthru(req, true),
+            ctx.entrywayPassthruHeaders(req),
           ),
         )
       }

package/src/api/com/atproto/server/deactivateAccount.ts CHANGED Viewed

@@ -1,7 +1,6 @@
 import { AuthScope } from '../../../../auth-verifier'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
-import { authPassthru } from '../../../proxy'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.deactivateAccount({
@@ -11,7 +10,7 @@ export default function (server: Server, ctx: AppContext) {
       if (ctx.entrywayAgent) {
         await ctx.entrywayAgent.com.atproto.server.deactivateAccount(
           input.body,
-          authPassthru(req),
+          ctx.entrywayPassthruHeaders(req),
         )
         return
       }

package/src/api/com/atproto/server/deleteAccount.ts CHANGED Viewed

@@ -3,7 +3,6 @@ import { AuthRequiredError, InvalidRequestError } from '@atproto/xrpc-server'
 import { AccountStatus } from '../../../../account-manager'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
-import { authPassthru } from '../../../proxy'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.deleteAccount({
@@ -25,7 +24,7 @@ export default function (server: Server, ctx: AppContext) {
       if (ctx.entrywayAgent) {
         await ctx.entrywayAgent.com.atproto.server.deleteAccount(
           input.body,
-          authPassthru(req, true),
+          ctx.entrywayPassthruHeaders(req),
         )
         return
       }

package/src/api/com/atproto/server/deleteSession.ts CHANGED Viewed

@@ -1,14 +1,13 @@
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
-import { authPassthru } from '../../../proxy'
 export default function (server: Server, ctx: AppContext) {
   const { entrywayAgent } = ctx
   if (entrywayAgent) {
-    server.com.atproto.server.deleteSession(async (reqCtx) => {
+    server.com.atproto.server.deleteSession(async ({ req }) => {
       await entrywayAgent.com.atproto.server.deleteSession(
         undefined,
-        authPassthru(reqCtx.req),
+        ctx.entrywayPassthruHeaders(req),
       )
     })
   } else {

package/src/api/com/atproto/server/getAccountInviteCodes.ts CHANGED Viewed

@@ -1,4 +1,3 @@
-import assert from 'node:assert'
 import { InvalidRequestError } from '@atproto/xrpc-server'
 import { CodeDetail } from '../../../../account-manager/helpers/invite'
 import { AppContext } from '../../../../context'
@@ -10,15 +9,14 @@ import { genInvCodes } from './util'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.getAccountInviteCodes({
     auth: ctx.authVerifier.accessFull({ checkTakedown: true }),
-    handler: async ({ params, auth }) => {
+    handler: async ({ params, auth, req }) => {
       if (ctx.entrywayAgent) {
-        assert(ctx.cfg.entryway)
         return resultPassthru(
           await ctx.entrywayAgent.com.atproto.server.getAccountInviteCodes(
             params,
-            await ctx.serviceAuthHeaders(
+            await ctx.entrywayAuthHeaders(
+              req,
               auth.credentials.did,
-              ctx.cfg.entryway.did,
               ids.ComAtprotoServerGetAccountInviteCodes,
             ),
           ),

package/src/api/com/atproto/server/getSession.ts CHANGED Viewed

@@ -4,7 +4,7 @@ import { formatAccountStatus } from '../../../../account-manager'
 import { AuthScope } from '../../../../auth-verifier'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
-import { authPassthru, resultPassthru } from '../../../proxy'
+import { resultPassthru } from '../../../proxy'
 import { didDocForSession } from './util'
 export default function (server: Server, ctx: AppContext) {
@@ -17,7 +17,7 @@ export default function (server: Server, ctx: AppContext) {
         return resultPassthru(
           await ctx.entrywayAgent.com.atproto.server.getSession(
             undefined,
-            authPassthru(req),
+            ctx.entrywayPassthruHeaders(req),
           ),
         )
       }

package/src/api/com/atproto/server/listAppPasswords.ts CHANGED Viewed

@@ -1,4 +1,3 @@
-import assert from 'node:assert'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 import { ids } from '../../../../lexicon/lexicons'
@@ -7,15 +6,14 @@ import { resultPassthru } from '../../../proxy'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.listAppPasswords({
     auth: ctx.authVerifier.accessStandard(),
-    handler: async ({ auth }) => {
+    handler: async ({ auth, req }) => {
       if (ctx.entrywayAgent) {
-        assert(ctx.cfg.entryway)
         return resultPassthru(
           await ctx.entrywayAgent.com.atproto.server.listAppPasswords(
             undefined,
-            await ctx.serviceAuthHeaders(
+            await ctx.entrywayAuthHeaders(
+              req,
               auth.credentials.did,
-              ctx.cfg.entryway.did,
               ids.ComAtprotoServerListAppPasswords,
             ),
           ),

package/src/api/com/atproto/server/refreshSession.ts CHANGED Viewed

@@ -4,7 +4,7 @@ import { formatAccountStatus } from '../../../../account-manager'
 import { AppContext } from '../../../../context'
 import { softDeleted } from '../../../../db/util'
 import { Server } from '../../../../lexicon'
-import { authPassthru, resultPassthru } from '../../../proxy'
+import { resultPassthru } from '../../../proxy'
 import { didDocForSession } from './util'
 export default function (server: Server, ctx: AppContext) {
@@ -32,7 +32,7 @@ export default function (server: Server, ctx: AppContext) {
         return resultPassthru(
           await ctx.entrywayAgent.com.atproto.server.refreshSession(
             undefined,
-            authPassthru(req),
+            ctx.entrywayPassthruHeaders(req),
           ),
         )
       }

package/src/api/com/atproto/server/requestAccountDelete.ts CHANGED Viewed

@@ -1,4 +1,3 @@
-import assert from 'node:assert'
 import { DAY, HOUR } from '@atproto/common'
 import { InvalidRequestError } from '@atproto/xrpc-server'
 import { AppContext } from '../../../../context'
@@ -20,7 +19,7 @@ export default function (server: Server, ctx: AppContext) {
       },
     ],
     auth: ctx.authVerifier.accessFull({ checkTakedown: true }),
-    handler: async ({ auth }) => {
+    handler: async ({ auth, req }) => {
       const did = auth.credentials.did
       const account = await ctx.accountManager.getAccount(did, {
         includeDeactivated: true,
@@ -31,12 +30,11 @@ export default function (server: Server, ctx: AppContext) {
       }
       if (ctx.entrywayAgent) {
-        assert(ctx.cfg.entryway)
         await ctx.entrywayAgent.com.atproto.server.requestAccountDelete(
           undefined,
-          await ctx.serviceAuthHeaders(
+          await ctx.entrywayAuthHeaders(
+            req,
             auth.credentials.did,
-            ctx.cfg.entryway.did,
             ids.ComAtprotoServerRequestAccountDelete,
           ),
         )

package/src/api/com/atproto/server/requestEmailConfirmation.ts CHANGED Viewed

@@ -1,4 +1,3 @@
-import assert from 'node:assert'
 import { DAY, HOUR } from '@atproto/common'
 import { InvalidRequestError } from '@atproto/xrpc-server'
 import { AppContext } from '../../../../context'
@@ -20,7 +19,7 @@ export default function (server: Server, ctx: AppContext) {
       },
     ],
     auth: ctx.authVerifier.accessStandard({ checkTakedown: true }),
-    handler: async ({ auth }) => {
+    handler: async ({ auth, req }) => {
       const did = auth.credentials.did
       const account = await ctx.accountManager.getAccount(did, {
         includeDeactivated: true,
@@ -31,12 +30,11 @@ export default function (server: Server, ctx: AppContext) {
       }
       if (ctx.entrywayAgent) {
-        assert(ctx.cfg.entryway)
         await ctx.entrywayAgent.com.atproto.server.requestEmailConfirmation(
           undefined,
-          await ctx.serviceAuthHeaders(
+          await ctx.entrywayAuthHeaders(
+            req,
             auth.credentials.did,
-            ctx.cfg.entryway.did,
             ids.ComAtprotoServerRequestEmailConfirmation,
           ),
         )

package/src/api/com/atproto/server/requestEmailUpdate.ts CHANGED Viewed

@@ -1,4 +1,3 @@
-import assert from 'node:assert'
 import { DAY, HOUR } from '@atproto/common'
 import { InvalidRequestError } from '@atproto/xrpc-server'
 import { AppContext } from '../../../../context'
@@ -21,7 +20,7 @@ export default function (server: Server, ctx: AppContext) {
       },
     ],
     auth: ctx.authVerifier.accessStandard({ checkTakedown: true }),
-    handler: async ({ auth }) => {
+    handler: async ({ auth, req }) => {
       const did = auth.credentials.did
       const account = await ctx.accountManager.getAccount(did, {
         includeDeactivated: true,
@@ -32,13 +31,12 @@ export default function (server: Server, ctx: AppContext) {
       }
       if (ctx.entrywayAgent) {
-        assert(ctx.cfg.entryway)
         return resultPassthru(
           await ctx.entrywayAgent.com.atproto.server.requestEmailUpdate(
             undefined,
-            await ctx.serviceAuthHeaders(
+            await ctx.entrywayAuthHeaders(
+              req,
               auth.credentials.did,
-              ctx.cfg.entryway.did,
               ids.ComAtprotoServerRequestEmailUpdate,
             ),
           ),

package/src/api/com/atproto/server/requestPasswordReset.ts CHANGED Viewed

@@ -2,7 +2,6 @@ import { DAY, HOUR } from '@atproto/common'
 import { InvalidRequestError } from '@atproto/xrpc-server'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
-import { authPassthru } from '../../../proxy'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.requestPasswordReset({
@@ -28,7 +27,7 @@ export default function (server: Server, ctx: AppContext) {
         if (ctx.entrywayAgent) {
           await ctx.entrywayAgent.com.atproto.server.requestPasswordReset(
             input.body,
-            authPassthru(req, true),
+            ctx.entrywayPassthruHeaders(req),
           )
           return
         }

package/src/api/com/atproto/server/resetPassword.ts CHANGED Viewed

@@ -1,7 +1,6 @@
 import { MINUTE } from '@atproto/common'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
-import { authPassthru } from '../../../proxy'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.resetPassword({
@@ -15,7 +14,7 @@ export default function (server: Server, ctx: AppContext) {
       if (ctx.entrywayAgent) {
         await ctx.entrywayAgent.com.atproto.server.resetPassword(
           input.body,
-          authPassthru(req, true),
+          ctx.entrywayPassthruHeaders(req),
         )
         return
       }

package/src/api/com/atproto/server/revokeAppPassword.ts CHANGED Viewed

@@ -1,4 +1,3 @@
-import assert from 'node:assert'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 import { ids } from '../../../../lexicon/lexicons'
@@ -6,14 +5,13 @@ import { ids } from '../../../../lexicon/lexicons'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.revokeAppPassword({
     auth: ctx.authVerifier.accessStandard(),
-    handler: async ({ auth, input }) => {
+    handler: async ({ auth, input, req }) => {
       if (ctx.entrywayAgent) {
-        assert(ctx.cfg.entryway)
         await ctx.entrywayAgent.com.atproto.server.revokeAppPassword(
           input.body,
-          await ctx.serviceAuthHeaders(
+          await ctx.entrywayAuthHeaders(
+            req,
             auth.credentials.did,
-            ctx.cfg.entryway.did,
             ids.ComAtprotoServerRevokeAppPassword,
           ),
         )

package/src/api/com/atproto/server/updateEmail.ts CHANGED Viewed

@@ -1,4 +1,3 @@
-import assert from 'node:assert'
 import { isEmailValid } from '@hapi/address'
 import { isDisposableEmail } from 'disposable-email-domains-js'
 import { InvalidRequestError } from '@atproto/xrpc-server'
@@ -10,7 +9,7 @@ import { ids } from '../../../../lexicon/lexicons'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.updateEmail({
     auth: ctx.authVerifier.accessFull({ checkTakedown: true }),
-    handler: async ({ auth, input }) => {
+    handler: async ({ auth, input, req }) => {
       const did = auth.credentials.did
       const { token, email } = input.body
       if (!isEmailValid(email) || isDisposableEmail(email)) {
@@ -26,12 +25,11 @@ export default function (server: Server, ctx: AppContext) {
       }
       if (ctx.entrywayAgent) {
-        assert(ctx.cfg.entryway)
         await ctx.entrywayAgent.com.atproto.server.updateEmail(
           input.body,
-          await ctx.serviceAuthHeaders(
+          await ctx.entrywayAuthHeaders(
+            req,
             auth.credentials.did,
-            ctx.cfg.entryway.did,
             ids.ComAtprotoServerUpdateEmail,
           ),
         )

package/src/api/com/atproto/sync/getRecord.ts CHANGED Viewed

@@ -25,9 +25,7 @@ export default function (server: Server, ctx: AppContext) {
       let carStream: stream.Readable
       try {
         const storage = new SqlRepoReader(actorDb)
-        const commit = params.commit
-          ? CID.parse(params.commit)
-          : await storage.getRoot()
+        const commit = await storage.getRoot()
         if (!commit) {
           throw new InvalidRequestError(`Could not find repo for DID: ${did}`)

package/src/api/com/atproto/temp/checkSignupQueue.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { AuthScope } from '../../../../auth-verifier'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
-import { authPassthru, resultPassthru } from '../../../proxy'
+import { resultPassthru } from '../../../proxy'
 // THIS IS A TEMPORARY UNSPECCED ROUTE
 export default function (server: Server, ctx: AppContext) {
@@ -21,7 +21,7 @@ export default function (server: Server, ctx: AppContext) {
       return resultPassthru(
         await ctx.entrywayAgent.com.atproto.temp.checkSignupQueue(
           undefined,
-          authPassthru(req),
+          ctx.entrywayPassthruHeaders(req),
         ),
       )
     },

package/src/api/proxy.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { IncomingMessage } from 'node:http'
+import express from 'express'
 import { Headers } from '@atproto/xrpc'
 import { InvalidRequestError } from '@atproto/xrpc-server'
@@ -10,21 +11,7 @@ export const resultPassthru = <T>(result: { headers: Headers; data: T }) => {
   }
 }
-// Output designed to passed as second arg to AtpAgent methods.
-// The encoding field here is a quirk of the AtpAgent.
-export function authPassthru(
-  req: IncomingMessage,
-  withEncoding?: false,
-): { headers: { authorization: string }; encoding: undefined } | undefined
-export function authPassthru(
-  req: IncomingMessage,
-  withEncoding: true,
-):
-  | { headers: { authorization: string }; encoding: 'application/json' }
-  | undefined
-export function authPassthru(req: IncomingMessage, withEncoding?: boolean) {
+export function authPassthru(req: IncomingMessage) {
   const { authorization } = req.headers
   if (authorization) {
@@ -45,9 +32,22 @@ export function authPassthru(req: IncomingMessage, withEncoding?: boolean) {
       throw new InvalidRequestError('DPoP requests cannot be proxied')
     }
-    return {
-      headers: { authorization },
-      encoding: withEncoding ? 'application/json' : undefined,
-    }
+    return { headers: { authorization } }
   }
 }
+// @NOTE this function may mutate its params input
+// future improvement here would be to forward along all untrusted ips rather than just the first (req.ip)
+export const forwardedFor = (
+  req: express.Request,
+  params: HeadersParam | undefined,
+) => {
+  const result: HeadersParam = params ?? { headers: {} }
+  const ip = req.ip
+  if (ip) {
+    result.headers['x-forwarded-for'] = ip
+  }
+  return result
+}
+type HeadersParam = { headers: Record<string, string> }

package/src/context.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import assert from 'node:assert'
 import * as plc from '@did-plc/lib'
+import express from 'express'
 import { Redis } from 'ioredis'
 import * as nodemailer from 'nodemailer'
 import * as undici from 'undici'
@@ -25,6 +26,7 @@ import {
 } from '@atproto-labs/fetch-node'
 import { AccountManager } from './account-manager'
 import { ActorStore } from './actor-store/actor-store'
+import { authPassthru, forwardedFor } from './api/proxy'
 import {
   AuthVerifier,
   createPublicKeyObject,
@@ -333,6 +335,9 @@ export class AppContext {
           dpopSecret: secrets.dpopSecret,
           customization: cfg.oauth.provider.customization,
           safeFetch,
+          // @TODO: Make this configurable. The legacy implementation used to
+          // blindly trust the X-Forwarded-For header.
+          trustProxy: (_addr: string, _i: number) => true,
         })
       : undefined
@@ -395,6 +400,20 @@ export class AppContext {
     return this.serviceAuthHeaders(did, this.bskyAppView.did, lxm)
   }
+  async entrywayAuthHeaders(req: express.Request, did: string, lxm: string) {
+    assert(this.cfg.entryway)
+    const headers = await this.serviceAuthHeaders(
+      did,
+      this.cfg.entryway.did,
+      lxm,
+    )
+    return forwardedFor(req, headers)
+  }
+  entrywayPassthruHeaders(req: express.Request) {
+    return forwardedFor(req, authPassthru(req))
+  }
   async serviceAuthHeaders(did: string, aud: string, lxm: string) {
     const keypair = await this.actorStore.keypair(did)
     return createServiceAuthHeaders({

package/src/index.ts CHANGED Viewed

@@ -122,7 +122,7 @@ export class PDS {
     server = API(server, ctx)
     const app = express()
-    app.set('trust proxy', true)
+    app.set('trust proxy', ['loopback', 'linklocal', 'uniquelocal'])
     app.use(loggerMiddleware)
     app.use(compression())
     app.use(authRoutes.createRouter(ctx)) // Before CORS

package/src/lexicon/lexicons.ts CHANGED Viewed

@@ -1278,6 +1278,11 @@ export const schemaDict = {
         type: 'token',
         description: 'Appeal: appeal a previously taken moderation action',
       },
+      subjectType: {
+        type: 'string',
+        description: 'Tag describing a type of subject that might be reported.',
+        knownValues: ['account', 'record', 'chat'],
+      },
     },
   },
   ComAtprotoRepoApplyWrites: {
@@ -1855,16 +1860,6 @@ export const schemaDict = {
             cursor: {
               type: 'string',
             },
-            rkeyStart: {
-              type: 'string',
-              description:
-                'DEPRECATED: The lowest sort-ordered rkey to start from (exclusive)',
-            },
-            rkeyEnd: {
-              type: 'string',
-              description:
-                'DEPRECATED: The highest sort-ordered rkey to stop at (exclusive)',
-            },
             reverse: {
               type: 'boolean',
               description: 'Flag to reverse the order of the returned records.',
@@ -3405,12 +3400,6 @@ export const schemaDict = {
               description: 'Record Key',
               format: 'record-key',
             },
-            commit: {
-              type: 'string',
-              format: 'cid',
-              description:
-                'DEPRECATED: referenced a repo commit by CID, and retrieved record as of that commit',
-            },
           },
         },
         output: {
@@ -3759,7 +3748,7 @@ export const schemaDict = {
       main: {
         type: 'procedure',
         description:
-          'Notify a crawling service of a recent update, and that crawling should resume. Intended use is after a gap between repo stream events caused the crawling service to disconnect. Does not require auth; implemented by Relay.',
+          'Notify a crawling service of a recent update, and that crawling should resume. Intended use is after a gap between repo stream events caused the crawling service to disconnect. Does not require auth; implemented by Relay. DEPRECATED: just use com.atproto.sync.requestCrawl',
         input: {
           encoding: 'application/json',
           schema: {
@@ -9055,6 +9044,33 @@ export const schemaDict = {
               ref: 'lex:com.atproto.label.defs#label',
             },
           },
+          reasonTypes: {
+            description:
+              "The set of report reason 'codes' which are in-scope for this service to review and action. These usually align to policy categories. If not defined (distinct from empty array), all reason types are allowed.",
+            type: 'array',
+            items: {
+              type: 'ref',
+              ref: 'lex:com.atproto.moderation.defs#reasonType',
+            },
+          },
+          subjectTypes: {
+            description:
+              'The set of subject types (account, record, etc) this service accepts reports on.',
+            type: 'array',
+            items: {
+              type: 'ref',
+              ref: 'lex:com.atproto.moderation.defs#subjectType',
+            },
+          },
+          subjectCollections: {
+            type: 'array',
+            description:
+              'Set of record types (collection NSIDs) which can be reported to this service. If not defined (distinct from empty array), default is any record type.',
+            items: {
+              type: 'string',
+              format: 'nsid',
+            },
+          },
         },
       },
       labelerViewerState: {
@@ -9162,6 +9178,33 @@ export const schemaDict = {
               type: 'string',
               format: 'datetime',
             },
+            reasonTypes: {
+              description:
+                "The set of report reason 'codes' which are in-scope for this service to review and action. These usually align to policy categories. If not defined (distinct from empty array), all reason types are allowed.",
+              type: 'array',
+              items: {
+                type: 'ref',
+                ref: 'lex:com.atproto.moderation.defs#reasonType',
+              },
+            },
+            subjectTypes: {
+              description:
+                'The set of subject types (account, record, etc) this service accepts reports on.',
+              type: 'array',
+              items: {
+                type: 'ref',
+                ref: 'lex:com.atproto.moderation.defs#subjectType',
+              },
+            },
+            subjectCollections: {
+              type: 'array',
+              description:
+                'Set of record types (collection NSIDs) which can be reported to this service. If not defined (distinct from empty array), default is any record type.',
+              items: {
+                type: 'string',
+                format: 'nsid',
+              },
+            },
           },
         },
       },