@atproto/pds 0.4.103 → 0.4.105
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +35 -0
- package/dist/account-manager/{index.d.ts → account-manager.d.ts} +26 -35
- package/dist/account-manager/account-manager.d.ts.map +1 -0
- package/dist/account-manager/{index.js → account-manager.js} +52 -207
- package/dist/account-manager/account-manager.js.map +1 -0
- package/dist/account-manager/helpers/account.d.ts +3 -3
- package/dist/account-manager/helpers/device-account.d.ts +15 -15
- package/dist/account-manager/helpers/device-account.d.ts.map +1 -1
- package/dist/account-manager/helpers/device-account.js +2 -1
- package/dist/account-manager/helpers/device-account.js.map +1 -1
- package/dist/account-manager/helpers/token.d.ts +98 -98
- package/dist/account-manager/oauth-store.d.ts +58 -0
- package/dist/account-manager/oauth-store.d.ts.map +1 -0
- package/dist/account-manager/oauth-store.js +417 -0
- package/dist/account-manager/oauth-store.js.map +1 -0
- package/dist/actor-store/record/reader.d.ts +3 -3
- package/dist/actor-store/repo/reader.d.ts +2 -0
- package/dist/actor-store/repo/reader.d.ts.map +1 -1
- package/dist/actor-store/repo/reader.js +9 -0
- package/dist/actor-store/repo/reader.js.map +1 -1
- package/dist/actor-store/repo/sql-repo-reader.d.ts +1 -1
- package/dist/actor-store/repo/transactor.d.ts.map +1 -1
- package/dist/actor-store/repo/transactor.js +13 -4
- package/dist/actor-store/repo/transactor.js.map +1 -1
- package/dist/api/com/atproto/admin/deleteAccount.d.ts.map +1 -1
- package/dist/api/com/atproto/admin/deleteAccount.js +2 -3
- package/dist/api/com/atproto/admin/deleteAccount.js.map +1 -1
- package/dist/api/com/atproto/admin/sendEmail.d.ts.map +1 -1
- package/dist/api/com/atproto/admin/sendEmail.js +2 -7
- package/dist/api/com/atproto/admin/sendEmail.js.map +1 -1
- package/dist/api/com/atproto/admin/updateAccountEmail.d.ts.map +1 -1
- package/dist/api/com/atproto/admin/updateAccountEmail.js +1 -2
- package/dist/api/com/atproto/admin/updateAccountEmail.js.map +1 -1
- package/dist/api/com/atproto/admin/updateAccountHandle.d.ts.map +1 -1
- package/dist/api/com/atproto/admin/updateAccountHandle.js +2 -6
- package/dist/api/com/atproto/admin/updateAccountHandle.js.map +1 -1
- package/dist/api/com/atproto/admin/updateAccountPassword.d.ts.map +1 -1
- package/dist/api/com/atproto/admin/updateAccountPassword.js +1 -2
- package/dist/api/com/atproto/admin/updateAccountPassword.js.map +1 -1
- package/dist/api/com/atproto/identity/requestPlcOperationSignature.d.ts.map +1 -1
- package/dist/api/com/atproto/identity/requestPlcOperationSignature.js +2 -7
- package/dist/api/com/atproto/identity/requestPlcOperationSignature.js.map +1 -1
- package/dist/api/com/atproto/identity/resolveHandle.d.ts.map +1 -1
- package/dist/api/com/atproto/identity/resolveHandle.js +2 -36
- package/dist/api/com/atproto/identity/resolveHandle.js.map +1 -1
- package/dist/api/com/atproto/identity/signPlcOperation.d.ts.map +1 -1
- package/dist/api/com/atproto/identity/signPlcOperation.js +2 -7
- package/dist/api/com/atproto/identity/signPlcOperation.js.map +1 -1
- package/dist/api/com/atproto/identity/updateHandle.d.ts.map +1 -1
- package/dist/api/com/atproto/identity/updateHandle.js +3 -14
- package/dist/api/com/atproto/identity/updateHandle.js.map +1 -1
- package/dist/api/com/atproto/repo/applyWrites.d.ts.map +1 -1
- package/dist/api/com/atproto/repo/applyWrites.js +12 -7
- package/dist/api/com/atproto/repo/applyWrites.js.map +1 -1
- package/dist/api/com/atproto/repo/createRecord.d.ts.map +1 -1
- package/dist/api/com/atproto/repo/createRecord.js +12 -8
- package/dist/api/com/atproto/repo/createRecord.js.map +1 -1
- package/dist/api/com/atproto/repo/deleteRecord.d.ts.map +1 -1
- package/dist/api/com/atproto/repo/deleteRecord.js +12 -7
- package/dist/api/com/atproto/repo/deleteRecord.js.map +1 -1
- package/dist/api/com/atproto/repo/listRecords.d.ts.map +1 -1
- package/dist/api/com/atproto/repo/listRecords.js +1 -3
- package/dist/api/com/atproto/repo/listRecords.js.map +1 -1
- package/dist/api/com/atproto/repo/putRecord.d.ts.map +1 -1
- package/dist/api/com/atproto/repo/putRecord.js +11 -8
- package/dist/api/com/atproto/repo/putRecord.js.map +1 -1
- package/dist/api/com/atproto/server/activateAccount.d.ts.map +1 -1
- package/dist/api/com/atproto/server/activateAccount.js +3 -20
- package/dist/api/com/atproto/server/activateAccount.js.map +1 -1
- package/dist/api/com/atproto/server/confirmEmail.d.ts.map +1 -1
- package/dist/api/com/atproto/server/confirmEmail.js +2 -7
- package/dist/api/com/atproto/server/confirmEmail.js.map +1 -1
- package/dist/api/com/atproto/server/createAccount.d.ts.map +1 -1
- package/dist/api/com/atproto/server/createAccount.js +5 -7
- package/dist/api/com/atproto/server/createAccount.js.map +1 -1
- package/dist/api/com/atproto/server/createAppPassword.d.ts.map +1 -1
- package/dist/api/com/atproto/server/createAppPassword.js +2 -7
- package/dist/api/com/atproto/server/createAppPassword.js.map +1 -1
- package/dist/api/com/atproto/server/createSession.js +2 -2
- package/dist/api/com/atproto/server/createSession.js.map +1 -1
- package/dist/api/com/atproto/server/deactivateAccount.d.ts.map +1 -1
- package/dist/api/com/atproto/server/deactivateAccount.js +1 -2
- package/dist/api/com/atproto/server/deactivateAccount.js.map +1 -1
- package/dist/api/com/atproto/server/deleteAccount.d.ts.map +1 -1
- package/dist/api/com/atproto/server/deleteAccount.js +3 -5
- package/dist/api/com/atproto/server/deleteAccount.js.map +1 -1
- package/dist/api/com/atproto/server/deleteSession.d.ts.map +1 -1
- package/dist/api/com/atproto/server/deleteSession.js +2 -3
- package/dist/api/com/atproto/server/deleteSession.js.map +1 -1
- package/dist/api/com/atproto/server/getAccountInviteCodes.d.ts.map +1 -1
- package/dist/api/com/atproto/server/getAccountInviteCodes.js +2 -7
- package/dist/api/com/atproto/server/getAccountInviteCodes.js.map +1 -1
- package/dist/api/com/atproto/server/getSession.js +2 -2
- package/dist/api/com/atproto/server/getSession.js.map +1 -1
- package/dist/api/com/atproto/server/listAppPasswords.d.ts.map +1 -1
- package/dist/api/com/atproto/server/listAppPasswords.js +2 -7
- package/dist/api/com/atproto/server/listAppPasswords.js.map +1 -1
- package/dist/api/com/atproto/server/refreshSession.js +2 -2
- package/dist/api/com/atproto/server/refreshSession.js.map +1 -1
- package/dist/api/com/atproto/server/requestAccountDelete.d.ts.map +1 -1
- package/dist/api/com/atproto/server/requestAccountDelete.js +2 -7
- package/dist/api/com/atproto/server/requestAccountDelete.js.map +1 -1
- package/dist/api/com/atproto/server/requestEmailConfirmation.d.ts.map +1 -1
- package/dist/api/com/atproto/server/requestEmailConfirmation.js +2 -7
- package/dist/api/com/atproto/server/requestEmailConfirmation.js.map +1 -1
- package/dist/api/com/atproto/server/requestEmailUpdate.d.ts.map +1 -1
- package/dist/api/com/atproto/server/requestEmailUpdate.js +2 -7
- package/dist/api/com/atproto/server/requestEmailUpdate.js.map +1 -1
- package/dist/api/com/atproto/server/requestPasswordReset.d.ts.map +1 -1
- package/dist/api/com/atproto/server/requestPasswordReset.js +1 -2
- package/dist/api/com/atproto/server/requestPasswordReset.js.map +1 -1
- package/dist/api/com/atproto/server/resetPassword.d.ts.map +1 -1
- package/dist/api/com/atproto/server/resetPassword.js +1 -2
- package/dist/api/com/atproto/server/resetPassword.js.map +1 -1
- package/dist/api/com/atproto/server/revokeAppPassword.d.ts.map +1 -1
- package/dist/api/com/atproto/server/revokeAppPassword.js +2 -7
- package/dist/api/com/atproto/server/revokeAppPassword.js.map +1 -1
- package/dist/api/com/atproto/server/updateEmail.d.ts.map +1 -1
- package/dist/api/com/atproto/server/updateEmail.js +2 -7
- package/dist/api/com/atproto/server/updateEmail.js.map +1 -1
- package/dist/api/com/atproto/sync/getRecord.d.ts.map +1 -1
- package/dist/api/com/atproto/sync/getRecord.js +1 -4
- package/dist/api/com/atproto/sync/getRecord.js.map +1 -1
- package/dist/api/com/atproto/sync/getRepoStatus.js +1 -1
- package/dist/api/com/atproto/sync/getRepoStatus.js.map +1 -1
- package/dist/api/com/atproto/sync/listRepos.js +1 -1
- package/dist/api/com/atproto/sync/listRepos.js.map +1 -1
- package/dist/api/com/atproto/sync/subscribeRepos.d.ts.map +1 -1
- package/dist/api/com/atproto/sync/subscribeRepos.js +2 -10
- package/dist/api/com/atproto/sync/subscribeRepos.js.map +1 -1
- package/dist/api/com/atproto/temp/checkSignupQueue.js +1 -1
- package/dist/api/com/atproto/temp/checkSignupQueue.js.map +1 -1
- package/dist/api/proxy.d.ts +7 -8
- package/dist/api/proxy.d.ts.map +1 -1
- package/dist/api/proxy.js +14 -6
- package/dist/api/proxy.js.map +1 -1
- package/dist/app-view.d.ts +14 -0
- package/dist/app-view.d.ts.map +1 -0
- package/dist/app-view.js +36 -0
- package/dist/app-view.js.map +1 -0
- package/dist/auth-routes.d.ts +1 -1
- package/dist/auth-routes.d.ts.map +1 -1
- package/dist/auth-routes.js +9 -3
- package/dist/auth-routes.js.map +1 -1
- package/dist/auth-verifier.d.ts +1 -1
- package/dist/auth-verifier.d.ts.map +1 -1
- package/dist/config/config.d.ts +3 -2
- package/dist/config/config.d.ts.map +1 -1
- package/dist/config/config.js +17 -7
- package/dist/config/config.js.map +1 -1
- package/dist/config/env.d.ts +4 -0
- package/dist/config/env.d.ts.map +1 -1
- package/dist/config/env.js +5 -0
- package/dist/config/env.js.map +1 -1
- package/dist/context.d.ts +11 -4
- package/dist/context.d.ts.map +1 -1
- package/dist/context.js +33 -18
- package/dist/context.js.map +1 -1
- package/dist/handle/index.d.ts +0 -7
- package/dist/handle/index.d.ts.map +1 -1
- package/dist/handle/index.js +4 -58
- package/dist/handle/index.js.map +1 -1
- package/dist/image/image-url.d.ts +8 -0
- package/dist/image/image-url.d.ts.map +1 -0
- package/dist/image/image-url.js +26 -0
- package/dist/image/image-url.js.map +1 -0
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/lexicon/index.d.ts +6 -0
- package/dist/lexicon/index.d.ts.map +1 -1
- package/dist/lexicon/index.js +12 -0
- package/dist/lexicon/index.js.map +1 -1
- package/dist/lexicon/lexicons.d.ts +412 -158
- package/dist/lexicon/lexicons.d.ts.map +1 -1
- package/dist/lexicon/lexicons.js +222 -81
- package/dist/lexicon/lexicons.js.map +1 -1
- package/dist/lexicon/types/app/bsky/embed/video.d.ts +1 -0
- package/dist/lexicon/types/app/bsky/embed/video.d.ts.map +1 -1
- package/dist/lexicon/types/app/bsky/embed/video.js.map +1 -1
- package/dist/lexicon/types/app/bsky/labeler/defs.d.ts +7 -0
- package/dist/lexicon/types/app/bsky/labeler/defs.d.ts.map +1 -1
- package/dist/lexicon/types/app/bsky/labeler/defs.js.map +1 -1
- package/dist/lexicon/types/app/bsky/labeler/service.d.ts +7 -0
- package/dist/lexicon/types/app/bsky/labeler/service.d.ts.map +1 -1
- package/dist/lexicon/types/app/bsky/labeler/service.js.map +1 -1
- package/dist/lexicon/types/com/atproto/identity/defs.d.ts +17 -0
- package/dist/lexicon/types/com/atproto/identity/defs.d.ts.map +1 -0
- package/dist/lexicon/types/com/atproto/identity/defs.js +16 -0
- package/dist/lexicon/types/com/atproto/identity/defs.js.map +1 -0
- package/dist/lexicon/types/com/atproto/identity/refreshIdentity.d.ts +39 -0
- package/dist/lexicon/types/com/atproto/identity/refreshIdentity.d.ts.map +1 -0
- package/dist/lexicon/types/com/atproto/identity/refreshIdentity.js +7 -0
- package/dist/lexicon/types/com/atproto/identity/refreshIdentity.js.map +1 -0
- package/dist/lexicon/types/com/atproto/identity/resolveDid.d.ts +40 -0
- package/dist/lexicon/types/com/atproto/identity/resolveDid.d.ts.map +1 -0
- package/dist/lexicon/types/com/atproto/identity/resolveDid.js +7 -0
- package/dist/lexicon/types/com/atproto/identity/resolveDid.js.map +1 -0
- package/dist/lexicon/types/com/atproto/identity/resolveHandle.d.ts +1 -0
- package/dist/lexicon/types/com/atproto/identity/resolveHandle.d.ts.map +1 -1
- package/dist/lexicon/types/com/atproto/identity/resolveIdentity.d.ts +36 -0
- package/dist/lexicon/types/com/atproto/identity/resolveIdentity.d.ts.map +1 -0
- package/dist/lexicon/types/com/atproto/identity/resolveIdentity.js +7 -0
- package/dist/lexicon/types/com/atproto/identity/resolveIdentity.js.map +1 -0
- package/dist/lexicon/types/com/atproto/moderation/defs.d.ts +2 -0
- package/dist/lexicon/types/com/atproto/moderation/defs.d.ts.map +1 -1
- package/dist/lexicon/types/com/atproto/repo/listRecords.d.ts +0 -4
- package/dist/lexicon/types/com/atproto/repo/listRecords.d.ts.map +1 -1
- package/dist/lexicon/types/com/atproto/repo/listRecords.js.map +1 -1
- package/dist/lexicon/types/com/atproto/sync/getRecord.d.ts +0 -2
- package/dist/lexicon/types/com/atproto/sync/getRecord.d.ts.map +1 -1
- package/dist/lexicon/types/com/atproto/sync/subscribeRepos.d.ts +1 -30
- package/dist/lexicon/types/com/atproto/sync/subscribeRepos.d.ts.map +1 -1
- package/dist/lexicon/types/com/atproto/sync/subscribeRepos.js +0 -27
- package/dist/lexicon/types/com/atproto/sync/subscribeRepos.js.map +1 -1
- package/dist/mailer/index.d.ts +5 -5
- package/dist/mailer/index.d.ts.map +1 -1
- package/dist/mailer/index.js +6 -5
- package/dist/mailer/index.js.map +1 -1
- package/dist/read-after-write/viewer.d.ts +1 -1
- package/dist/read-after-write/viewer.d.ts.map +1 -1
- package/dist/repo/types.d.ts +6 -2
- package/dist/repo/types.d.ts.map +1 -1
- package/dist/repo/types.js.map +1 -1
- package/dist/scripts/rebuild-repo.d.ts.map +1 -1
- package/dist/scripts/rebuild-repo.js +2 -1
- package/dist/scripts/rebuild-repo.js.map +1 -1
- package/dist/sequencer/db/schema.d.ts +1 -1
- package/dist/sequencer/db/schema.d.ts.map +1 -1
- package/dist/sequencer/events.d.ts +29 -41
- package/dist/sequencer/events.d.ts.map +1 -1
- package/dist/sequencer/events.js +24 -58
- package/dist/sequencer/events.js.map +1 -1
- package/dist/sequencer/sequencer.d.ts +2 -3
- package/dist/sequencer/sequencer.d.ts.map +1 -1
- package/dist/sequencer/sequencer.js +5 -17
- package/dist/sequencer/sequencer.js.map +1 -1
- package/package.json +15 -15
- package/src/account-manager/{index.ts → account-manager.ts} +107 -307
- package/src/account-manager/helpers/device-account.ts +1 -0
- package/src/account-manager/oauth-store.ts +494 -0
- package/src/actor-store/repo/reader.ts +11 -0
- package/src/actor-store/repo/transactor.ts +15 -4
- package/src/api/com/atproto/admin/deleteAccount.ts +2 -3
- package/src/api/com/atproto/admin/sendEmail.ts +3 -5
- package/src/api/com/atproto/admin/updateAccountEmail.ts +1 -2
- package/src/api/com/atproto/admin/updateAccountHandle.ts +7 -8
- package/src/api/com/atproto/admin/updateAccountPassword.ts +1 -2
- package/src/api/com/atproto/identity/requestPlcOperationSignature.ts +3 -5
- package/src/api/com/atproto/identity/resolveHandle.ts +2 -11
- package/src/api/com/atproto/identity/signPlcOperation.ts +3 -5
- package/src/api/com/atproto/identity/updateHandle.ts +7 -13
- package/src/api/com/atproto/repo/applyWrites.ts +21 -11
- package/src/api/com/atproto/repo/createRecord.ts +19 -14
- package/src/api/com/atproto/repo/deleteRecord.ts +26 -14
- package/src/api/com/atproto/repo/listRecords.ts +1 -11
- package/src/api/com/atproto/repo/putRecord.ts +24 -16
- package/src/api/com/atproto/server/activateAccount.ts +5 -20
- package/src/api/com/atproto/server/confirmEmail.ts +3 -5
- package/src/api/com/atproto/server/createAccount.ts +10 -11
- package/src/api/com/atproto/server/createAppPassword.ts +3 -6
- package/src/api/com/atproto/server/createSession.ts +3 -3
- package/src/api/com/atproto/server/deactivateAccount.ts +1 -2
- package/src/api/com/atproto/server/deleteAccount.ts +3 -5
- package/src/api/com/atproto/server/deleteSession.ts +2 -3
- package/src/api/com/atproto/server/getAccountInviteCodes.ts +3 -5
- package/src/api/com/atproto/server/getSession.ts +3 -3
- package/src/api/com/atproto/server/listAppPasswords.ts +3 -5
- package/src/api/com/atproto/server/refreshSession.ts +3 -3
- package/src/api/com/atproto/server/requestAccountDelete.ts +3 -5
- package/src/api/com/atproto/server/requestEmailConfirmation.ts +3 -5
- package/src/api/com/atproto/server/requestEmailUpdate.ts +3 -5
- package/src/api/com/atproto/server/requestPasswordReset.ts +1 -2
- package/src/api/com/atproto/server/resetPassword.ts +1 -2
- package/src/api/com/atproto/server/revokeAppPassword.ts +3 -5
- package/src/api/com/atproto/server/updateEmail.ts +3 -5
- package/src/api/com/atproto/sync/getRecord.ts +1 -4
- package/src/api/com/atproto/sync/getRepoStatus.ts +1 -1
- package/src/api/com/atproto/sync/listRepos.ts +1 -1
- package/src/api/com/atproto/sync/subscribeRepos.ts +2 -9
- package/src/api/com/atproto/temp/checkSignupQueue.ts +2 -2
- package/src/api/proxy.ts +19 -19
- package/src/app-view.ts +24 -0
- package/src/auth-routes.ts +9 -3
- package/src/auth-verifier.ts +1 -1
- package/src/config/config.ts +25 -13
- package/src/config/env.ts +12 -0
- package/src/context.ts +60 -24
- package/src/handle/index.ts +6 -52
- package/src/image/image-url.ts +16 -0
- package/src/index.ts +1 -1
- package/src/lexicon/index.ts +36 -0
- package/src/lexicon/lexicons.ts +243 -84
- package/src/lexicon/types/app/bsky/embed/video.ts +1 -0
- package/src/lexicon/types/app/bsky/labeler/defs.ts +7 -0
- package/src/lexicon/types/app/bsky/labeler/service.ts +7 -0
- package/src/lexicon/types/com/atproto/identity/defs.ts +30 -0
- package/src/lexicon/types/com/atproto/identity/refreshIdentity.ts +52 -0
- package/src/lexicon/types/com/atproto/identity/resolveDid.ts +52 -0
- package/src/lexicon/types/com/atproto/identity/resolveHandle.ts +1 -0
- package/src/lexicon/types/com/atproto/identity/resolveIdentity.ts +48 -0
- package/src/lexicon/types/com/atproto/moderation/defs.ts +3 -0
- package/src/lexicon/types/com/atproto/repo/listRecords.ts +0 -4
- package/src/lexicon/types/com/atproto/sync/getRecord.ts +0 -2
- package/src/lexicon/types/com/atproto/sync/subscribeRepos.ts +0 -59
- package/src/mailer/index.ts +7 -5
- package/src/read-after-write/viewer.ts +1 -1
- package/src/repo/types.ts +7 -2
- package/src/scripts/rebuild-repo.ts +4 -1
- package/src/sequencer/db/schema.ts +1 -8
- package/src/sequencer/events.ts +29 -75
- package/src/sequencer/sequencer.ts +9 -23
- package/tests/account-deletion.test.ts +3 -5
- package/tests/oauth.test.ts +286 -71
- package/tests/sequencer.test.ts +18 -27
- package/tests/sync/subscribe-repos.test.ts +67 -45
- package/tsconfig.build.tsbuildinfo +1 -1
- package/dist/account-manager/index.d.ts.map +0 -1
- package/dist/account-manager/index.js.map +0 -1
- package/dist/actor-store/repo/util.d.ts +0 -5
- package/dist/actor-store/repo/util.d.ts.map +0 -1
- package/dist/actor-store/repo/util.js +0 -25
- package/dist/actor-store/repo/util.js.map +0 -1
- package/dist/oauth/provider.d.ts +0 -10
- package/dist/oauth/provider.d.ts.map +0 -1
- package/dist/oauth/provider.js +0 -38
- package/dist/oauth/provider.js.map +0 -1
- package/src/actor-store/repo/util.ts +0 -22
- package/src/oauth/provider.ts +0 -59
package/src/context.ts
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import assert from 'node:assert'
|
|
2
2
|
import * as plc from '@did-plc/lib'
|
|
3
|
+
import express from 'express'
|
|
3
4
|
import { Redis } from 'ioredis'
|
|
4
5
|
import * as nodemailer from 'nodemailer'
|
|
5
6
|
import * as undici from 'undici'
|
|
@@ -7,7 +8,12 @@ import { AtpAgent } from '@atproto/api'
|
|
|
7
8
|
import { KmsKeypair, S3BlobStore } from '@atproto/aws'
|
|
8
9
|
import * as crypto from '@atproto/crypto'
|
|
9
10
|
import { IdResolver } from '@atproto/identity'
|
|
10
|
-
import {
|
|
11
|
+
import {
|
|
12
|
+
AccessTokenType,
|
|
13
|
+
JoseKey,
|
|
14
|
+
OAuthProvider,
|
|
15
|
+
OAuthVerifier,
|
|
16
|
+
} from '@atproto/oauth-provider'
|
|
11
17
|
import { BlobStore } from '@atproto/repo'
|
|
12
18
|
import {
|
|
13
19
|
RateLimiter,
|
|
@@ -23,8 +29,10 @@ import {
|
|
|
23
29
|
safeFetchWrap,
|
|
24
30
|
unicastLookup,
|
|
25
31
|
} from '@atproto-labs/fetch-node'
|
|
26
|
-
import { AccountManager } from './account-manager'
|
|
32
|
+
import { AccountManager } from './account-manager/account-manager'
|
|
33
|
+
import { OAuthStore } from './account-manager/oauth-store'
|
|
27
34
|
import { ActorStore } from './actor-store/actor-store'
|
|
35
|
+
import { authPassthru, forwardedFor } from './api/proxy'
|
|
28
36
|
import {
|
|
29
37
|
AuthVerifier,
|
|
30
38
|
createPublicKeyObject,
|
|
@@ -40,7 +48,6 @@ import { ImageUrlBuilder } from './image/image-url-builder'
|
|
|
40
48
|
import { fetchLogger } from './logger'
|
|
41
49
|
import { ServerMailer } from './mailer'
|
|
42
50
|
import { ModerationMailer } from './mailer/moderation'
|
|
43
|
-
import { PdsOAuthProvider } from './oauth/provider'
|
|
44
51
|
import { LocalViewer, LocalViewerCreator } from './read-after-write/viewer'
|
|
45
52
|
import { getRedisClient } from './redis'
|
|
46
53
|
import { Sequencer } from './sequencer'
|
|
@@ -66,7 +73,7 @@ export type AppContextOptions = {
|
|
|
66
73
|
entrywayAgent?: AtpAgent
|
|
67
74
|
proxyAgent: undici.Dispatcher
|
|
68
75
|
safeFetch: Fetch
|
|
69
|
-
|
|
76
|
+
oauthProvider?: OAuthProvider
|
|
70
77
|
authVerifier: AuthVerifier
|
|
71
78
|
plcRotationKey: crypto.Keypair
|
|
72
79
|
cfg: ServerConfig
|
|
@@ -94,7 +101,7 @@ export class AppContext {
|
|
|
94
101
|
public proxyAgent: undici.Dispatcher
|
|
95
102
|
public safeFetch: Fetch
|
|
96
103
|
public authVerifier: AuthVerifier
|
|
97
|
-
public
|
|
104
|
+
public oauthProvider?: OAuthProvider
|
|
98
105
|
public plcRotationKey: crypto.Keypair
|
|
99
106
|
public cfg: ServerConfig
|
|
100
107
|
|
|
@@ -120,7 +127,7 @@ export class AppContext {
|
|
|
120
127
|
this.proxyAgent = opts.proxyAgent
|
|
121
128
|
this.safeFetch = opts.safeFetch
|
|
122
129
|
this.authVerifier = opts.authVerifier
|
|
123
|
-
this.
|
|
130
|
+
this.oauthProvider = opts.oauthProvider
|
|
124
131
|
this.plcRotationKey = opts.plcRotationKey
|
|
125
132
|
this.cfg = opts.cfg
|
|
126
133
|
}
|
|
@@ -245,13 +252,11 @@ export class AppContext {
|
|
|
245
252
|
})
|
|
246
253
|
|
|
247
254
|
const accountManager = new AccountManager(
|
|
248
|
-
|
|
249
|
-
imageUrlBuilder,
|
|
250
|
-
backgroundQueue,
|
|
251
|
-
cfg.db.accountDbLoc,
|
|
255
|
+
idResolver,
|
|
252
256
|
jwtSecretKey,
|
|
253
257
|
cfg.service.did,
|
|
254
|
-
cfg.
|
|
258
|
+
cfg.identity.serviceHandleDomains,
|
|
259
|
+
cfg.db,
|
|
255
260
|
)
|
|
256
261
|
await accountManager.migrateOrThrow()
|
|
257
262
|
|
|
@@ -321,26 +326,43 @@ export class AppContext {
|
|
|
321
326
|
logError: false,
|
|
322
327
|
})
|
|
323
328
|
|
|
324
|
-
const
|
|
325
|
-
? new
|
|
329
|
+
const oauthProvider = cfg.oauth.provider
|
|
330
|
+
? new OAuthProvider({
|
|
326
331
|
issuer: cfg.oauth.issuer,
|
|
327
|
-
keyset: [
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
332
|
+
keyset: [await JoseKey.fromKeyLike(jwtSecretKey, undefined, 'HS256')],
|
|
333
|
+
store: new OAuthStore(
|
|
334
|
+
accountManager,
|
|
335
|
+
actorStore,
|
|
336
|
+
imageUrlBuilder,
|
|
337
|
+
backgroundQueue,
|
|
338
|
+
mailer,
|
|
339
|
+
sequencer,
|
|
340
|
+
plcClient,
|
|
341
|
+
plcRotationKey,
|
|
342
|
+
cfg.service.publicUrl,
|
|
343
|
+
cfg.identity.recoveryDidKey,
|
|
344
|
+
),
|
|
332
345
|
redis: redisScratch,
|
|
333
346
|
dpopSecret: secrets.dpopSecret,
|
|
334
|
-
|
|
347
|
+
inviteCodeRequired: cfg.invites.required,
|
|
348
|
+
availableUserDomains: cfg.identity.serviceHandleDomains,
|
|
349
|
+
hcaptcha: cfg.oauth.provider.hcaptcha,
|
|
350
|
+
branding: cfg.oauth.provider.branding,
|
|
335
351
|
safeFetch,
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
352
|
+
metadata: {
|
|
353
|
+
protected_resources: [new URL(cfg.oauth.issuer).origin],
|
|
354
|
+
scopes_supported: ['transition:generic', 'transition:chat.bsky'],
|
|
355
|
+
},
|
|
356
|
+
// If the PDS is both an authorization server & resource server (no
|
|
357
|
+
// entryway), there is no need to use JWTs as access tokens. Instead,
|
|
358
|
+
// the PDS can use tokenId as access tokens. This allows the PDS to
|
|
359
|
+
// always use up-to-date token data from the token store.
|
|
360
|
+
accessTokenType: AccessTokenType.id,
|
|
339
361
|
})
|
|
340
362
|
: undefined
|
|
341
363
|
|
|
342
364
|
const oauthVerifier: OAuthVerifier =
|
|
343
|
-
|
|
365
|
+
oauthProvider ?? // OAuthProvider extends OAuthVerifier
|
|
344
366
|
new OAuthVerifier({
|
|
345
367
|
issuer: cfg.oauth.issuer,
|
|
346
368
|
keyset: [await JoseKey.fromKeyLike(jwtPublicKey!, undefined, 'ES256K')],
|
|
@@ -386,7 +408,7 @@ export class AppContext {
|
|
|
386
408
|
proxyAgent,
|
|
387
409
|
safeFetch,
|
|
388
410
|
authVerifier,
|
|
389
|
-
|
|
411
|
+
oauthProvider,
|
|
390
412
|
plcRotationKey,
|
|
391
413
|
cfg,
|
|
392
414
|
...(overrides ?? {}),
|
|
@@ -398,6 +420,20 @@ export class AppContext {
|
|
|
398
420
|
return this.serviceAuthHeaders(did, this.bskyAppView.did, lxm)
|
|
399
421
|
}
|
|
400
422
|
|
|
423
|
+
async entrywayAuthHeaders(req: express.Request, did: string, lxm: string) {
|
|
424
|
+
assert(this.cfg.entryway)
|
|
425
|
+
const headers = await this.serviceAuthHeaders(
|
|
426
|
+
did,
|
|
427
|
+
this.cfg.entryway.did,
|
|
428
|
+
lxm,
|
|
429
|
+
)
|
|
430
|
+
return forwardedFor(req, headers)
|
|
431
|
+
}
|
|
432
|
+
|
|
433
|
+
entrywayPassthruHeaders(req: express.Request) {
|
|
434
|
+
return forwardedFor(req, authPassthru(req))
|
|
435
|
+
}
|
|
436
|
+
|
|
401
437
|
async serviceAuthHeaders(did: string, aud: string, lxm: string) {
|
|
402
438
|
const keypair = await this.actorStore.keypair(did)
|
|
403
439
|
return createServiceAuthHeaders({
|
package/src/handle/index.ts
CHANGED
|
@@ -1,61 +1,15 @@
|
|
|
1
|
-
import
|
|
1
|
+
import {
|
|
2
|
+
InvalidHandleError,
|
|
3
|
+
normalizeAndEnsureValidHandle,
|
|
4
|
+
} from '@atproto/syntax'
|
|
2
5
|
import { InvalidRequestError } from '@atproto/xrpc-server'
|
|
3
|
-
import { AppContext } from '../context'
|
|
4
|
-
import { hasExplicitSlur } from './explicit-slurs'
|
|
5
6
|
import { reservedSubdomains } from './reserved'
|
|
6
7
|
|
|
7
|
-
export const normalizeAndValidateHandle = async (opts: {
|
|
8
|
-
ctx: AppContext
|
|
9
|
-
handle: string
|
|
10
|
-
did?: string
|
|
11
|
-
allowReserved?: boolean
|
|
12
|
-
}): Promise<string> => {
|
|
13
|
-
const { ctx, did, allowReserved } = opts
|
|
14
|
-
// base formatting validation
|
|
15
|
-
const handle = baseNormalizeAndValidate(opts.handle)
|
|
16
|
-
// tld validation
|
|
17
|
-
if (!ident.isValidTld(handle)) {
|
|
18
|
-
throw new InvalidRequestError(
|
|
19
|
-
'Handle TLD is invalid or disallowed',
|
|
20
|
-
'InvalidHandle',
|
|
21
|
-
)
|
|
22
|
-
}
|
|
23
|
-
// slur check
|
|
24
|
-
if (hasExplicitSlur(handle)) {
|
|
25
|
-
throw new InvalidRequestError(
|
|
26
|
-
'Inappropriate language in handle',
|
|
27
|
-
'InvalidHandle',
|
|
28
|
-
)
|
|
29
|
-
}
|
|
30
|
-
if (isServiceDomain(handle, ctx.cfg.identity.serviceHandleDomains)) {
|
|
31
|
-
// verify constraints on a service domain
|
|
32
|
-
ensureHandleServiceConstraints(
|
|
33
|
-
handle,
|
|
34
|
-
ctx.cfg.identity.serviceHandleDomains,
|
|
35
|
-
allowReserved,
|
|
36
|
-
)
|
|
37
|
-
} else {
|
|
38
|
-
if (opts.did === undefined) {
|
|
39
|
-
throw new InvalidRequestError(
|
|
40
|
-
'Not a supported handle domain',
|
|
41
|
-
'UnsupportedDomain',
|
|
42
|
-
)
|
|
43
|
-
}
|
|
44
|
-
// verify resolution of a non-service domain
|
|
45
|
-
const resolvedDid = await ctx.idResolver.handle.resolve(handle)
|
|
46
|
-
if (resolvedDid !== did) {
|
|
47
|
-
throw new InvalidRequestError('External handle did not resolve to DID')
|
|
48
|
-
}
|
|
49
|
-
}
|
|
50
|
-
return handle
|
|
51
|
-
}
|
|
52
|
-
|
|
53
8
|
export const baseNormalizeAndValidate = (handle: string) => {
|
|
54
9
|
try {
|
|
55
|
-
|
|
56
|
-
return normalized
|
|
10
|
+
return normalizeAndEnsureValidHandle(handle)
|
|
57
11
|
} catch (err) {
|
|
58
|
-
if (err instanceof
|
|
12
|
+
if (err instanceof InvalidHandleError) {
|
|
59
13
|
throw new InvalidRequestError(err.message, 'InvalidHandle')
|
|
60
14
|
}
|
|
61
15
|
throw err
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import { AppView } from '../app-view'
|
|
2
|
+
import { ids } from '../lexicon/lexicons'
|
|
3
|
+
|
|
4
|
+
export class ImageUrlBuilder {
|
|
5
|
+
constructor(
|
|
6
|
+
readonly pdsHostname: string,
|
|
7
|
+
readonly appview?: AppView,
|
|
8
|
+
) {}
|
|
9
|
+
|
|
10
|
+
build(pattern: string, did: string, cid: string): string {
|
|
11
|
+
return (
|
|
12
|
+
this.appview?.getImageUrl(pattern, did, cid) ??
|
|
13
|
+
`https://${this.pdsHostname}/xrpc/${ids.ComAtprotoSyncGetBlob}?did=${did}&cid=${cid}`
|
|
14
|
+
)
|
|
15
|
+
}
|
|
16
|
+
}
|
package/src/index.ts
CHANGED
|
@@ -122,7 +122,7 @@ export class PDS {
|
|
|
122
122
|
server = API(server, ctx)
|
|
123
123
|
|
|
124
124
|
const app = express()
|
|
125
|
-
app.set('trust proxy',
|
|
125
|
+
app.set('trust proxy', ['loopback', 'linklocal', 'uniquelocal'])
|
|
126
126
|
app.use(loggerMiddleware)
|
|
127
127
|
app.use(compression())
|
|
128
128
|
app.use(authRoutes.createRouter(ctx)) // Before CORS
|
package/src/lexicon/index.ts
CHANGED
|
@@ -24,8 +24,11 @@ import * as ComAtprotoAdminUpdateAccountHandle from './types/com/atproto/admin/u
|
|
|
24
24
|
import * as ComAtprotoAdminUpdateAccountPassword from './types/com/atproto/admin/updateAccountPassword.js'
|
|
25
25
|
import * as ComAtprotoAdminUpdateSubjectStatus from './types/com/atproto/admin/updateSubjectStatus.js'
|
|
26
26
|
import * as ComAtprotoIdentityGetRecommendedDidCredentials from './types/com/atproto/identity/getRecommendedDidCredentials.js'
|
|
27
|
+
import * as ComAtprotoIdentityRefreshIdentity from './types/com/atproto/identity/refreshIdentity.js'
|
|
27
28
|
import * as ComAtprotoIdentityRequestPlcOperationSignature from './types/com/atproto/identity/requestPlcOperationSignature.js'
|
|
29
|
+
import * as ComAtprotoIdentityResolveDid from './types/com/atproto/identity/resolveDid.js'
|
|
28
30
|
import * as ComAtprotoIdentityResolveHandle from './types/com/atproto/identity/resolveHandle.js'
|
|
31
|
+
import * as ComAtprotoIdentityResolveIdentity from './types/com/atproto/identity/resolveIdentity.js'
|
|
29
32
|
import * as ComAtprotoIdentitySignPlcOperation from './types/com/atproto/identity/signPlcOperation.js'
|
|
30
33
|
import * as ComAtprotoIdentitySubmitPlcOperation from './types/com/atproto/identity/submitPlcOperation.js'
|
|
31
34
|
import * as ComAtprotoIdentityUpdateHandle from './types/com/atproto/identity/updateHandle.js'
|
|
@@ -480,6 +483,17 @@ export class ComAtprotoIdentityNS {
|
|
|
480
483
|
return this._server.xrpc.method(nsid, cfg)
|
|
481
484
|
}
|
|
482
485
|
|
|
486
|
+
refreshIdentity<AV extends AuthVerifier>(
|
|
487
|
+
cfg: ConfigOf<
|
|
488
|
+
AV,
|
|
489
|
+
ComAtprotoIdentityRefreshIdentity.Handler<ExtractAuth<AV>>,
|
|
490
|
+
ComAtprotoIdentityRefreshIdentity.HandlerReqCtx<ExtractAuth<AV>>
|
|
491
|
+
>,
|
|
492
|
+
) {
|
|
493
|
+
const nsid = 'com.atproto.identity.refreshIdentity' // @ts-ignore
|
|
494
|
+
return this._server.xrpc.method(nsid, cfg)
|
|
495
|
+
}
|
|
496
|
+
|
|
483
497
|
requestPlcOperationSignature<AV extends AuthVerifier>(
|
|
484
498
|
cfg: ConfigOf<
|
|
485
499
|
AV,
|
|
@@ -493,6 +507,17 @@ export class ComAtprotoIdentityNS {
|
|
|
493
507
|
return this._server.xrpc.method(nsid, cfg)
|
|
494
508
|
}
|
|
495
509
|
|
|
510
|
+
resolveDid<AV extends AuthVerifier>(
|
|
511
|
+
cfg: ConfigOf<
|
|
512
|
+
AV,
|
|
513
|
+
ComAtprotoIdentityResolveDid.Handler<ExtractAuth<AV>>,
|
|
514
|
+
ComAtprotoIdentityResolveDid.HandlerReqCtx<ExtractAuth<AV>>
|
|
515
|
+
>,
|
|
516
|
+
) {
|
|
517
|
+
const nsid = 'com.atproto.identity.resolveDid' // @ts-ignore
|
|
518
|
+
return this._server.xrpc.method(nsid, cfg)
|
|
519
|
+
}
|
|
520
|
+
|
|
496
521
|
resolveHandle<AV extends AuthVerifier>(
|
|
497
522
|
cfg: ConfigOf<
|
|
498
523
|
AV,
|
|
@@ -504,6 +529,17 @@ export class ComAtprotoIdentityNS {
|
|
|
504
529
|
return this._server.xrpc.method(nsid, cfg)
|
|
505
530
|
}
|
|
506
531
|
|
|
532
|
+
resolveIdentity<AV extends AuthVerifier>(
|
|
533
|
+
cfg: ConfigOf<
|
|
534
|
+
AV,
|
|
535
|
+
ComAtprotoIdentityResolveIdentity.Handler<ExtractAuth<AV>>,
|
|
536
|
+
ComAtprotoIdentityResolveIdentity.HandlerReqCtx<ExtractAuth<AV>>
|
|
537
|
+
>,
|
|
538
|
+
) {
|
|
539
|
+
const nsid = 'com.atproto.identity.resolveIdentity' // @ts-ignore
|
|
540
|
+
return this._server.xrpc.method(nsid, cfg)
|
|
541
|
+
}
|
|
542
|
+
|
|
507
543
|
signPlcOperation<AV extends AuthVerifier>(
|
|
508
544
|
cfg: ConfigOf<
|
|
509
545
|
AV,
|