npm - @atproto/pds - Versions diffs - 0.4.164 → 0.4.166 - Mend

@atproto/pds 0.4.164 → 0.4.166

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (296) hide show

package/src/api/com/atproto/repo/deleteRecord.ts CHANGED Viewed

@@ -11,9 +11,12 @@ import {
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.deleteRecord({
-    auth: ctx.authVerifier.accessStandard({
+    auth: ctx.authVerifier.authorization({
       checkTakedown: true,
       checkDeactivated: true,
+      authorize: () => {
+        // Performed in the handler as it requires the request body
+      },
     }),
     rateLimit: [
       {
@@ -29,6 +32,16 @@ export default function (server: Server, ctx: AppContext) {
     ],
     handler: async ({ input, auth }) => {
       const { repo, collection, rkey, swapCommit, swapRecord } = input.body
+      // We can't compute permissions based on the request payload ("input") in
+      // the 'auth' phase, so we do it here.
+      if (auth.credentials.type === 'oauth') {
+        auth.credentials.permissions.assertRepo({
+          action: 'delete',
+          collection,
+        })
+      }
       const account = await ctx.accountManager.getAccount(repo, {
         includeDeactivated: true,
       })

package/src/api/com/atproto/repo/importRepo.ts CHANGED Viewed

@@ -12,19 +12,26 @@ import {
 import { AtUri } from '@atproto/syntax'
 import { InvalidRequestError } from '@atproto/xrpc-server'
 import { ActorStoreTransactor } from '../../../../actor-store/actor-store-transactor'
+import { ACCESS_FULL } from '../../../../auth-scope'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.importRepo({
-    auth: ctx.authVerifier.accessFull({
+    auth: ctx.authVerifier.authorization({
       checkTakedown: true,
+      scopes: ACCESS_FULL,
+      authorize: (permissions) => {
+        permissions.assertAccount({ attr: 'repo', action: 'manage' })
+      },
     }),
     handler: async ({ input, auth }) => {
-      const did = auth.credentials.did
       if (!ctx.cfg.service.acceptingImports) {
         throw new InvalidRequestError('Service is not accepting repo imports')
       }
+      const { did } = auth.credentials
       await ctx.actorStore.transact(did, (store) =>
         importRepo(store, input.body),
       )

package/src/api/com/atproto/repo/listMissingBlobs.ts CHANGED Viewed

@@ -3,10 +3,15 @@ import { Server } from '../../../../lexicon'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.listMissingBlobs({
-    auth: ctx.authVerifier.accessStandard(),
+    auth: ctx.authVerifier.authorization({
+      authorize: () => {
+        // always allow
+      },
+    }),
     handler: async ({ auth, params }) => {
-      const did = auth.credentials.did
+      const { did } = auth.credentials
       const { limit, cursor } = params
       const blobs = await ctx.actorStore.read(did, (store) =>
         store.repo.blob.listMissingBlobs({ limit, cursor }),
       )

package/src/api/com/atproto/repo/putRecord.ts CHANGED Viewed

@@ -20,9 +20,12 @@ import {
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.putRecord({
-    auth: ctx.authVerifier.accessStandard({
+    auth: ctx.authVerifier.authorization({
       checkTakedown: true,
       checkDeactivated: true,
+      authorize: () => {
+        // Performed in the handler as it requires the request body
+      },
     }),
     rateLimit: [
       {
@@ -46,17 +49,22 @@ export default function (server: Server, ctx: AppContext) {
         swapCommit,
         swapRecord,
       } = input.body
-      const account = await ctx.accountManager.getAccount(repo, {
-        includeDeactivated: true,
-      })
-      if (!account) {
-        throw new InvalidRequestError(`Could not find repo: ${repo}`)
-      } else if (account.deactivatedAt) {
-        throw new InvalidRequestError('Account is deactivated')
+      // We can't compute permissions based on the request payload ("input") in
+      // the 'auth' phase, so we do it here.
+      if (auth.credentials.type === 'oauth') {
+        auth.credentials.permissions.assertRepo({
+          action: 'create',
+          collection,
+        })
+        auth.credentials.permissions.assertRepo({
+          action: 'update',
+          collection,
+        })
       }
-      const did = account.did
-      if (did !== auth.credentials.did) {
+      const { did } = auth.credentials
+      if (did !== repo) {
         throw new AuthRequiredError()
       }

package/src/api/com/atproto/repo/uploadBlob.ts CHANGED Viewed

@@ -1,13 +1,17 @@
 import { DAY } from '@atproto/common'
-import { UpstreamTimeoutError } from '@atproto/xrpc-server'
+import { UpstreamTimeoutError, parseReqEncoding } from '@atproto/xrpc-server'
 import { BlobMetadata } from '../../../../actor-store/blob/transactor'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.uploadBlob({
-    auth: ctx.authVerifier.accessOrUserServiceAuth({
+    auth: ctx.authVerifier.authorizationOrUserServiceAuth({
       checkTakedown: true,
+      authorize: (permissions, { req }) => {
+        const encoding = parseReqEncoding(req)
+        permissions.assertBlob({ mime: encoding })
+      },
     }),
     rateLimit: {
       durationMs: DAY,

package/src/api/com/atproto/server/activateAccount.ts CHANGED Viewed

@@ -1,12 +1,20 @@
 import { INVALID_HANDLE } from '@atproto/syntax'
-import { InvalidRequestError } from '@atproto/xrpc-server'
+import { ForbiddenError, InvalidRequestError } from '@atproto/xrpc-server'
+import { ACCESS_FULL } from '../../../../auth-scope'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 import { assertValidDidDocumentForService } from './util'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.activateAccount({
-    auth: ctx.authVerifier.accessFull(),
+    auth: ctx.authVerifier.authorization({
+      scopes: ACCESS_FULL,
+      authorize: () => {
+        throw new ForbiddenError(
+          'OAuth credentials are not supported for this endpoint',
+        )
+      },
+    }),
     handler: async ({ req, auth }) => {
       // in the case of entryway, the full flow is activateAccount (PDS) -> activateAccount (Entryway) -> updateSubjectStatus(PDS)
       if (ctx.entrywayAgent) {

package/src/api/com/atproto/server/checkAccountStatus.ts CHANGED Viewed

@@ -4,7 +4,11 @@ import { isValidDidDocForService } from './util'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.checkAccountStatus({
-    auth: ctx.authVerifier.accessStandard(),
+    auth: ctx.authVerifier.authorization({
+      authorize: () => {
+        // always allow
+      },
+    }),
     handler: async ({ auth }) => {
       const requester = auth.credentials.did
       const [

package/src/api/com/atproto/server/confirmEmail.ts CHANGED Viewed

@@ -5,7 +5,12 @@ import { ids } from '../../../../lexicon/lexicons'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.confirmEmail({
-    auth: ctx.authVerifier.accessStandard({ checkTakedown: true }),
+    auth: ctx.authVerifier.authorization({
+      checkTakedown: true,
+      authorize: (permissions) => {
+        permissions.assertAccount({ attr: 'email', action: 'manage' })
+      },
+    }),
     handler: async ({ auth, input, req }) => {
       const did = auth.credentials.did

package/src/api/com/atproto/server/createAppPassword.ts CHANGED Viewed

@@ -1,3 +1,5 @@
+import { ForbiddenError } from '@atproto/xrpc-server'
+import { ACCESS_FULL } from '../../../../auth-scope'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 import { ids } from '../../../../lexicon/lexicons'
@@ -5,8 +7,14 @@ import { resultPassthru } from '../../../proxy'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.createAppPassword({
-    auth: ctx.authVerifier.accessFull({
+    auth: ctx.authVerifier.authorization({
       checkTakedown: true,
+      scopes: ACCESS_FULL,
+      authorize: () => {
+        throw new ForbiddenError(
+          'OAuth credentials are not supported for this endpoint',
+        )
+      },
     }),
     handler: async ({ auth, input, req }) => {
       if (ctx.entrywayAgent) {

package/src/api/com/atproto/server/deactivateAccount.ts CHANGED Viewed

@@ -1,10 +1,19 @@
-import { AuthScope } from '../../../../auth-verifier'
+import { ForbiddenError } from '@atproto/xrpc-server'
+import { ACCESS_FULL, AuthScope } from '../../../../auth-scope'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.deactivateAccount({
-    auth: ctx.authVerifier.accessFull({ additional: [AuthScope.Takendown] }),
+    auth: ctx.authVerifier.authorization({
+      additional: [AuthScope.Takendown],
+      scopes: ACCESS_FULL,
+      authorize: () => {
+        throw new ForbiddenError(
+          'OAuth credentials are not supported for this endpoint',
+        )
+      },
+    }),
     handler: async ({ req, auth, input }) => {
       // in the case of entryway, the full flow is deactivateAccount (PDS) -> deactivateAccount (Entryway) -> updateSubjectStatus(PDS)
       if (ctx.entrywayAgent) {

package/src/api/com/atproto/server/deleteSession.ts CHANGED Viewed

@@ -12,7 +12,9 @@ export default function (server: Server, ctx: AppContext) {
     })
   } else {
     server.com.atproto.server.deleteSession({
-      auth: ctx.authVerifier.refreshExpired,
+      auth: ctx.authVerifier.refresh({
+        allowExpired: true,
+      }),
       handler: async ({ auth }) => {
         await ctx.accountManager.revokeRefreshToken(auth.credentials.tokenId)
       },

package/src/api/com/atproto/server/getAccountInviteCodes.ts CHANGED Viewed

@@ -1,5 +1,6 @@
-import { InvalidRequestError } from '@atproto/xrpc-server'
+import { ForbiddenError, InvalidRequestError } from '@atproto/xrpc-server'
 import { CodeDetail } from '../../../../account-manager/helpers/invite'
+import { ACCESS_FULL } from '../../../../auth-scope'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 import { ids } from '../../../../lexicon/lexicons'
@@ -8,7 +9,15 @@ import { genInvCodes } from './util'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.getAccountInviteCodes({
-    auth: ctx.authVerifier.accessFull({ checkTakedown: true }),
+    auth: ctx.authVerifier.authorization({
+      checkTakedown: true,
+      scopes: ACCESS_FULL,
+      authorize: () => {
+        throw new ForbiddenError(
+          'OAuth credentials are not supported for this endpoint',
+        )
+      },
+    }),
     handler: async ({ params, auth, req }) => {
       if (ctx.entrywayAgent) {
         return resultPassthru(

package/src/api/com/atproto/server/getServiceAuth.ts CHANGED Viewed

@@ -1,6 +1,10 @@
 import { HOUR, MINUTE } from '@atproto/common'
 import { InvalidRequestError, createServiceJwt } from '@atproto/xrpc-server'
-import { AuthScope } from '../../../../auth-verifier'
+import {
+  AuthScope,
+  isAccessPrivileged,
+  isTakendown,
+} from '../../../../auth-scope'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 import { ids } from '../../../../lexicon/lexicons'
@@ -8,19 +12,41 @@ import { PRIVILEGED_METHODS, PROTECTED_METHODS } from '../../../../pipethrough'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.getServiceAuth({
-    auth: ctx.authVerifier.accessStandard({
+    auth: ctx.authVerifier.authorization({
       additional: [AuthScope.Takendown],
+      authorize: (permissions, ctx) => {
+        const { aud, lxm = '*' } = ctx.params
+        permissions.assertRpc({ aud, lxm })
+      },
     }),
     handler: async ({ params, auth }) => {
       const did = auth.credentials.did
+      // @NOTE "exp" is expressed in seconds since epoch, not milliseconds
       const { aud, exp, lxm = null } = params
       // Takendown accounts should not be able to generate service auth tokens except for methods necessary for account migration
-      if (
-        auth.credentials.scope === AuthScope.Takendown &&
-        lxm !== ids.ComAtprotoServerCreateAccount
-      ) {
-        throw new InvalidRequestError('Bad token scope', 'InvalidToken')
+      if (auth.credentials.type === 'access') {
+        // @NOTE We should probably use "ForbiddenError" here. Using
+        // "InvalidRequestError" for legacy reasons.
+        if (
+          isTakendown(auth.credentials.scope) &&
+          lxm !== ids.ComAtprotoServerCreateAccount
+        ) {
+          throw new InvalidRequestError('Bad token scope', 'InvalidToken')
+        }
+        // @NOTE "oauth" based credentials already checked through permission
+        // set in "authorize" method above.
+        if (
+          lxm != null &&
+          PRIVILEGED_METHODS.has(lxm) &&
+          !isAccessPrivileged(auth.credentials.scope)
+        ) {
+          throw new InvalidRequestError(
+            `insufficient access to request a service auth token for the following method: ${lxm}`,
+          )
+        }
       }
       if (exp) {
@@ -43,17 +69,10 @@ export default function (server: Server, ctx: AppContext) {
         }
       }
-      if (lxm) {
-        if (PROTECTED_METHODS.has(lxm)) {
-          throw new InvalidRequestError(
-            `cannot request a service auth token for the following protected method: ${lxm}`,
-          )
-        }
-        if (!auth.credentials.isPrivileged && PRIVILEGED_METHODS.has(lxm)) {
-          throw new InvalidRequestError(
-            `insufficient access to request a service auth token for the following method: ${lxm}`,
-          )
-        }
+      if (lxm && PROTECTED_METHODS.has(lxm)) {
+        throw new InvalidRequestError(
+          `cannot request a service auth token for the following protected method: ${lxm}`,
+        )
       }
       const keypair = await ctx.actorStore.keypair(did)

package/src/api/com/atproto/server/getSession.ts CHANGED Viewed

@@ -2,27 +2,27 @@ import { ComAtprotoServerGetSession } from '@atproto/api'
 import { INVALID_HANDLE } from '@atproto/syntax'
 import { InvalidRequestError } from '@atproto/xrpc-server'
 import { formatAccountStatus } from '../../../../account-manager/account-manager'
-import { AccessOutput, AuthScope, OAuthOutput } from '../../../../auth-verifier'
+import { AccessOutput, OAuthOutput } from '../../../../auth-output'
+import { AuthScope } from '../../../../auth-scope'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 import { didDocForSession } from './util'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.getSession({
-    auth: ctx.authVerifier.accessStandard({
+    auth: ctx.authVerifier.authorization({
       additional: [AuthScope.SignupQueued],
+      authorize: () => {
+        // Always allowed. "email" access is checked in the handler.
+      },
     }),
     handler: async ({ auth, req }) => {
       if (ctx.entrywayAgent) {
-        // Allow proxying of dpop bound requests by using service auth instead
-        const headers =
-          auth.credentials.type === 'oauth' // DPoP bound tokens cannot be proxied
-            ? await ctx.entrywayAuthHeaders(
-                req,
-                auth.credentials.did,
-                'com.atproto.server.getSession',
-              )
-            : ctx.entrywayPassthruHeaders(req)
+        const headers = await ctx.entrywayAuthHeaders(
+          req,
+          auth.credentials.did,
+          'com.atproto.server.getSession',
+        )
         const res = await ctx.entrywayAgent.com.atproto.server.getSession(
           undefined,
@@ -65,23 +65,16 @@ export default function (server: Server, ctx: AppContext) {
 }
 function output(
-  { credentials }: AccessOutput | OAuthOutput,
+  { credentials }: OAuthOutput | AccessOutput,
   data: ComAtprotoServerGetSession.OutputSchema,
 ): ComAtprotoServerGetSession.OutputSchema {
-  switch (credentials.type) {
-    case 'access':
-      return data
-    case 'oauth':
-      if (!credentials.oauthScopes.has('transition:email')) {
-        const { email, emailAuthFactor, emailConfirmed, ...rest } = data
-        return rest
-      }
-      return data
-    default:
-      // @ts-expect-error
-      throw new Error(`Unknown credentials type: ${credentials.type}`)
+  if (
+    credentials.type === 'oauth' &&
+    !credentials.permissions.allowsAccount({ attr: 'email', action: 'read' })
+  ) {
+    const { email, emailAuthFactor, emailConfirmed, ...rest } = data
+    return rest
   }
+  return data
 }

package/src/api/com/atproto/server/listAppPasswords.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+import { ForbiddenError } from '@atproto/xrpc-server'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 import { ids } from '../../../../lexicon/lexicons'
@@ -5,7 +6,13 @@ import { resultPassthru } from '../../../proxy'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.listAppPasswords({
-    auth: ctx.authVerifier.accessStandard(),
+    auth: ctx.authVerifier.authorization({
+      authorize: () => {
+        throw new ForbiddenError(
+          'OAuth credentials are not supported for this endpoint',
+        )
+      },
+    }),
     handler: async ({ auth, req }) => {
       if (ctx.entrywayAgent) {
         return resultPassthru(

package/src/api/com/atproto/server/refreshSession.ts CHANGED Viewed

@@ -9,7 +9,7 @@ import { didDocForSession } from './util'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.refreshSession({
-    auth: ctx.authVerifier.refresh,
+    auth: ctx.authVerifier.refresh(),
     handler: async ({ auth, req }) => {
       const did = auth.credentials.did
       const user = await ctx.accountManager.getAccount(did, {

package/src/api/com/atproto/server/requestAccountDelete.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { DAY, HOUR } from '@atproto/common'
-import { InvalidRequestError } from '@atproto/xrpc-server'
+import { ForbiddenError, InvalidRequestError } from '@atproto/xrpc-server'
+import { ACCESS_FULL } from '../../../../auth-scope'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 import { ids } from '../../../../lexicon/lexicons'
@@ -18,7 +19,15 @@ export default function (server: Server, ctx: AppContext) {
         calcKey: ({ auth }) => auth.credentials.did,
       },
     ],
-    auth: ctx.authVerifier.accessFull({ checkTakedown: true }),
+    auth: ctx.authVerifier.authorization({
+      checkTakedown: true,
+      scopes: ACCESS_FULL,
+      authorize: () => {
+        throw new ForbiddenError(
+          'OAuth credentials are not supported for this endpoint',
+        )
+      },
+    }),
     handler: async ({ auth, req }) => {
       const did = auth.credentials.did
       const account = await ctx.accountManager.getAccount(did, {

package/src/api/com/atproto/server/requestEmailConfirmation.ts CHANGED Viewed

@@ -18,7 +18,12 @@ export default function (server: Server, ctx: AppContext) {
         calcKey: ({ auth }) => auth.credentials.did,
       },
     ],
-    auth: ctx.authVerifier.accessStandard({ checkTakedown: true }),
+    auth: ctx.authVerifier.authorization({
+      checkTakedown: true,
+      authorize: (permissions) => {
+        permissions.assertAccount({ attr: 'email', action: 'manage' })
+      },
+    }),
     handler: async ({ auth, req }) => {
       const did = auth.credentials.did
       const account = await ctx.accountManager.getAccount(did, {

package/src/api/com/atproto/server/requestEmailUpdate.ts CHANGED Viewed

@@ -19,7 +19,12 @@ export default function (server: Server, ctx: AppContext) {
         calcKey: ({ auth }) => auth.credentials.did,
       },
     ],
-    auth: ctx.authVerifier.accessStandard({ checkTakedown: true }),
+    auth: ctx.authVerifier.authorization({
+      checkTakedown: true,
+      authorize: (permissions) => {
+        permissions.assertAccount({ attr: 'email', action: 'manage' })
+      },
+    }),
     handler: async ({ auth, req }) => {
       const did = auth.credentials.did
       const account = await ctx.accountManager.getAccount(did, {

package/src/api/com/atproto/server/revokeAppPassword.ts CHANGED Viewed

@@ -1,10 +1,17 @@
+import { ForbiddenError } from '@atproto/xrpc-server'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 import { ids } from '../../../../lexicon/lexicons'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.revokeAppPassword({
-    auth: ctx.authVerifier.accessStandard(),
+    auth: ctx.authVerifier.authorization({
+      authorize: () => {
+        throw new ForbiddenError(
+          'OAuth credentials are not supported for this endpoint',
+        )
+      },
+    }),
     handler: async ({ auth, input, req }) => {
       if (ctx.entrywayAgent) {
         await ctx.entrywayAgent.com.atproto.server.revokeAppPassword(

package/src/api/com/atproto/server/updateEmail.ts CHANGED Viewed

@@ -1,14 +1,23 @@
 import { isEmailValid } from '@hapi/address'
 import { isDisposableEmail } from 'disposable-email-domains-js'
-import { InvalidRequestError } from '@atproto/xrpc-server'
+import { ForbiddenError, InvalidRequestError } from '@atproto/xrpc-server'
 import { UserAlreadyExistsError } from '../../../../account-manager/helpers/account'
+import { ACCESS_FULL } from '../../../../auth-scope'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 import { ids } from '../../../../lexicon/lexicons'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.updateEmail({
-    auth: ctx.authVerifier.accessFull({ checkTakedown: true }),
+    auth: ctx.authVerifier.authorization({
+      checkTakedown: true,
+      scopes: ACCESS_FULL,
+      authorize: () => {
+        throw new ForbiddenError(
+          'OAuth credentials are not supported for this endpoint',
+        )
+      },
+    }),
     handler: async ({ auth, input, req }) => {
       const did = auth.credentials.did
       const { token, email } = input.body

package/src/api/com/atproto/sync/deprecated/getCheckout.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+import { isUserOrAdmin } from '../../../../../auth-verifier'
 import { AppContext } from '../../../../../context'
 import { Server } from '../../../../../lexicon'
 import { getCarStream } from '../getRepo'
@@ -5,14 +6,14 @@ import { assertRepoAvailability } from '../util'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.sync.getCheckout({
-    auth: ctx.authVerifier.optionalAccessOrAdminToken(),
+    auth: ctx.authVerifier.authorizationOrAdminTokenOptional({
+      authorize: () => {
+        // always allow
+      },
+    }),
     handler: async ({ params, auth }) => {
       const { did } = params
-      await assertRepoAvailability(
-        ctx,
-        did,
-        ctx.authVerifier.isUserOrAdmin(auth, did),
-      )
+      await assertRepoAvailability(ctx, did, isUserOrAdmin(auth, did))
       const carStream = await getCarStream(ctx, did)

package/src/api/com/atproto/sync/deprecated/getHead.ts CHANGED Viewed

@@ -1,18 +1,19 @@
 import { InvalidRequestError } from '@atproto/xrpc-server'
+import { isUserOrAdmin } from '../../../../../auth-verifier'
 import { AppContext } from '../../../../../context'
 import { Server } from '../../../../../lexicon'
 import { assertRepoAvailability } from '../util'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.sync.getHead({
-    auth: ctx.authVerifier.optionalAccessOrAdminToken(),
+    auth: ctx.authVerifier.authorizationOrAdminTokenOptional({
+      authorize: () => {
+        // always allow
+      },
+    }),
     handler: async ({ params, auth }) => {
       const { did } = params
-      await assertRepoAvailability(
-        ctx,
-        did,
-        ctx.authVerifier.isUserOrAdmin(auth, did),
-      )
+      await assertRepoAvailability(ctx, did, isUserOrAdmin(auth, did))
       const root = await ctx.actorStore.read(did, (store) =>
         store.repo.storage.getRoot(),

package/src/api/com/atproto/sync/getBlob.ts CHANGED Viewed

@@ -1,23 +1,23 @@
 import { CID } from 'multiformats/cid'
 import { BlobNotFoundError } from '@atproto/repo'
 import { InvalidRequestError } from '@atproto/xrpc-server'
-import { AuthScope } from '../../../../auth-verifier'
+import { AuthScope } from '../../../../auth-scope'
+import { isUserOrAdmin } from '../../../../auth-verifier'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 import { assertRepoAvailability } from './util'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.sync.getBlob({
-    auth: ctx.authVerifier.optionalAccessOrAdminToken({
+    auth: ctx.authVerifier.authorizationOrAdminTokenOptional({
       additional: [AuthScope.Takendown],
+      authorize: () => {
+        // always allow
+      },
     }),
     handler: async ({ params, res, auth }) => {
       const { did } = params
-      await assertRepoAvailability(
-        ctx,
-        did,
-        ctx.authVerifier.isUserOrAdmin(auth, did),
-      )
+      await assertRepoAvailability(ctx, did, isUserOrAdmin(auth, did))
       const cid = CID.parse(params.cid)
       const found = await ctx.actorStore.read(params.did, async (store) => {