@atproto/pds 0.4.164 → 0.4.166

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (296) hide show
  1. package/CHANGELOG.md +19 -0
  2. package/dist/account-manager/account-manager.js +2 -2
  3. package/dist/account-manager/account-manager.js.map +1 -1
  4. package/dist/account-manager/helpers/account-device.d.ts +4 -4
  5. package/dist/account-manager/helpers/account.d.ts +1 -1
  6. package/dist/account-manager/helpers/auth.d.ts +1 -1
  7. package/dist/account-manager/helpers/auth.d.ts.map +1 -1
  8. package/dist/account-manager/helpers/auth.js +8 -8
  9. package/dist/account-manager/helpers/auth.js.map +1 -1
  10. package/dist/account-manager/helpers/authorization-request.d.ts +1 -1
  11. package/dist/account-manager/helpers/authorization-request.d.ts.map +1 -1
  12. package/dist/account-manager/helpers/authorization-request.js +16 -8
  13. package/dist/account-manager/helpers/authorization-request.js.map +1 -1
  14. package/dist/account-manager/helpers/token.d.ts +65 -65
  15. package/dist/actor-store/preference/reader.d.ts +2 -2
  16. package/dist/actor-store/preference/reader.d.ts.map +1 -1
  17. package/dist/actor-store/preference/reader.js +2 -2
  18. package/dist/actor-store/preference/reader.js.map +1 -1
  19. package/dist/actor-store/preference/transactor.d.ts +2 -2
  20. package/dist/actor-store/preference/transactor.d.ts.map +1 -1
  21. package/dist/actor-store/preference/transactor.js +5 -5
  22. package/dist/actor-store/preference/transactor.js.map +1 -1
  23. package/dist/actor-store/preference/util.d.ts +4 -2
  24. package/dist/actor-store/preference/util.d.ts.map +1 -1
  25. package/dist/actor-store/preference/util.js +9 -8
  26. package/dist/actor-store/preference/util.js.map +1 -1
  27. package/dist/actor-store/record/reader.d.ts +2 -2
  28. package/dist/api/app/bsky/actor/getPreferences.d.ts.map +1 -1
  29. package/dist/api/app/bsky/actor/getPreferences.js +29 -7
  30. package/dist/api/app/bsky/actor/getPreferences.js.map +1 -1
  31. package/dist/api/app/bsky/actor/getProfile.d.ts.map +1 -1
  32. package/dist/api/app/bsky/actor/getProfile.js +9 -1
  33. package/dist/api/app/bsky/actor/getProfile.js.map +1 -1
  34. package/dist/api/app/bsky/actor/getProfiles.d.ts.map +1 -1
  35. package/dist/api/app/bsky/actor/getProfiles.js +9 -1
  36. package/dist/api/app/bsky/actor/getProfiles.js.map +1 -1
  37. package/dist/api/app/bsky/actor/putPreferences.d.ts.map +1 -1
  38. package/dist/api/app/bsky/actor/putPreferences.js +30 -8
  39. package/dist/api/app/bsky/actor/putPreferences.js.map +1 -1
  40. package/dist/api/app/bsky/feed/getActorLikes.d.ts.map +1 -1
  41. package/dist/api/app/bsky/feed/getActorLikes.js +9 -1
  42. package/dist/api/app/bsky/feed/getActorLikes.js.map +1 -1
  43. package/dist/api/app/bsky/feed/getAuthorFeed.d.ts.map +1 -1
  44. package/dist/api/app/bsky/feed/getAuthorFeed.js +9 -1
  45. package/dist/api/app/bsky/feed/getAuthorFeed.js.map +1 -1
  46. package/dist/api/app/bsky/feed/getFeed.d.ts.map +1 -1
  47. package/dist/api/app/bsky/feed/getFeed.js +8 -1
  48. package/dist/api/app/bsky/feed/getFeed.js.map +1 -1
  49. package/dist/api/app/bsky/feed/getPostThread.d.ts.map +1 -1
  50. package/dist/api/app/bsky/feed/getPostThread.js +8 -1
  51. package/dist/api/app/bsky/feed/getPostThread.js.map +1 -1
  52. package/dist/api/app/bsky/feed/getTimeline.d.ts.map +1 -1
  53. package/dist/api/app/bsky/feed/getTimeline.js +9 -1
  54. package/dist/api/app/bsky/feed/getTimeline.js.map +1 -1
  55. package/dist/api/app/bsky/notification/registerPush.d.ts.map +1 -1
  56. package/dist/api/app/bsky/notification/registerPush.js +16 -4
  57. package/dist/api/app/bsky/notification/registerPush.js.map +1 -1
  58. package/dist/api/com/atproto/identity/getRecommendedDidCredentials.d.ts.map +1 -1
  59. package/dist/api/com/atproto/identity/getRecommendedDidCredentials.js +5 -1
  60. package/dist/api/com/atproto/identity/getRecommendedDidCredentials.js.map +1 -1
  61. package/dist/api/com/atproto/identity/requestPlcOperationSignature.d.ts.map +1 -1
  62. package/dist/api/com/atproto/identity/requestPlcOperationSignature.js +9 -2
  63. package/dist/api/com/atproto/identity/requestPlcOperationSignature.js.map +1 -1
  64. package/dist/api/com/atproto/identity/signPlcOperation.d.ts.map +1 -1
  65. package/dist/api/com/atproto/identity/signPlcOperation.js +9 -1
  66. package/dist/api/com/atproto/identity/signPlcOperation.js.map +1 -1
  67. package/dist/api/com/atproto/identity/submitPlcOperation.d.ts.map +1 -1
  68. package/dist/api/com/atproto/identity/submitPlcOperation.js +5 -1
  69. package/dist/api/com/atproto/identity/submitPlcOperation.js.map +1 -1
  70. package/dist/api/com/atproto/identity/updateHandle.d.ts.map +1 -1
  71. package/dist/api/com/atproto/identity/updateHandle.js +6 -1
  72. package/dist/api/com/atproto/identity/updateHandle.js.map +1 -1
  73. package/dist/api/com/atproto/moderation/createReport.d.ts.map +1 -1
  74. package/dist/api/com/atproto/moderation/createReport.js +8 -3
  75. package/dist/api/com/atproto/moderation/createReport.js.map +1 -1
  76. package/dist/api/com/atproto/repo/applyWrites.d.ts.map +1 -1
  77. package/dist/api/com/atproto/repo/applyWrites.js +25 -19
  78. package/dist/api/com/atproto/repo/applyWrites.js.map +1 -1
  79. package/dist/api/com/atproto/repo/createRecord.d.ts.map +1 -1
  80. package/dist/api/com/atproto/repo/createRecord.js +10 -1
  81. package/dist/api/com/atproto/repo/createRecord.js.map +1 -1
  82. package/dist/api/com/atproto/repo/deleteRecord.d.ts.map +1 -1
  83. package/dist/api/com/atproto/repo/deleteRecord.js +12 -1
  84. package/dist/api/com/atproto/repo/deleteRecord.js.map +1 -1
  85. package/dist/api/com/atproto/repo/importRepo.d.ts.map +1 -1
  86. package/dist/api/com/atproto/repo/importRepo.js +7 -2
  87. package/dist/api/com/atproto/repo/importRepo.js.map +1 -1
  88. package/dist/api/com/atproto/repo/listMissingBlobs.d.ts.map +1 -1
  89. package/dist/api/com/atproto/repo/listMissingBlobs.js +6 -2
  90. package/dist/api/com/atproto/repo/listMissingBlobs.js.map +1 -1
  91. package/dist/api/com/atproto/repo/putRecord.d.ts.map +1 -1
  92. package/dist/api/com/atproto/repo/putRecord.js +17 -11
  93. package/dist/api/com/atproto/repo/putRecord.js.map +1 -1
  94. package/dist/api/com/atproto/repo/uploadBlob.d.ts.map +1 -1
  95. package/dist/api/com/atproto/repo/uploadBlob.js +5 -1
  96. package/dist/api/com/atproto/repo/uploadBlob.js.map +1 -1
  97. package/dist/api/com/atproto/server/activateAccount.d.ts.map +1 -1
  98. package/dist/api/com/atproto/server/activateAccount.js +7 -1
  99. package/dist/api/com/atproto/server/activateAccount.js.map +1 -1
  100. package/dist/api/com/atproto/server/checkAccountStatus.d.ts.map +1 -1
  101. package/dist/api/com/atproto/server/checkAccountStatus.js +5 -1
  102. package/dist/api/com/atproto/server/checkAccountStatus.js.map +1 -1
  103. package/dist/api/com/atproto/server/confirmEmail.d.ts.map +1 -1
  104. package/dist/api/com/atproto/server/confirmEmail.js +6 -1
  105. package/dist/api/com/atproto/server/confirmEmail.js.map +1 -1
  106. package/dist/api/com/atproto/server/createAppPassword.d.ts.map +1 -1
  107. package/dist/api/com/atproto/server/createAppPassword.js +7 -1
  108. package/dist/api/com/atproto/server/createAppPassword.js.map +1 -1
  109. package/dist/api/com/atproto/server/deactivateAccount.d.ts.map +1 -1
  110. package/dist/api/com/atproto/server/deactivateAccount.js +9 -2
  111. package/dist/api/com/atproto/server/deactivateAccount.js.map +1 -1
  112. package/dist/api/com/atproto/server/deleteSession.d.ts.map +1 -1
  113. package/dist/api/com/atproto/server/deleteSession.js +3 -1
  114. package/dist/api/com/atproto/server/deleteSession.js.map +1 -1
  115. package/dist/api/com/atproto/server/getAccountInviteCodes.d.ts.map +1 -1
  116. package/dist/api/com/atproto/server/getAccountInviteCodes.js +8 -1
  117. package/dist/api/com/atproto/server/getAccountInviteCodes.js.map +1 -1
  118. package/dist/api/com/atproto/server/getServiceAuth.d.ts.map +1 -1
  119. package/dist/api/com/atproto/server/getServiceAuth.js +24 -13
  120. package/dist/api/com/atproto/server/getServiceAuth.js.map +1 -1
  121. package/dist/api/com/atproto/server/getSession.d.ts.map +1 -1
  122. package/dist/api/com/atproto/server/getSession.js +12 -19
  123. package/dist/api/com/atproto/server/getSession.js.map +1 -1
  124. package/dist/api/com/atproto/server/listAppPasswords.d.ts.map +1 -1
  125. package/dist/api/com/atproto/server/listAppPasswords.js +6 -1
  126. package/dist/api/com/atproto/server/listAppPasswords.js.map +1 -1
  127. package/dist/api/com/atproto/server/refreshSession.js +1 -1
  128. package/dist/api/com/atproto/server/refreshSession.js.map +1 -1
  129. package/dist/api/com/atproto/server/requestAccountDelete.d.ts.map +1 -1
  130. package/dist/api/com/atproto/server/requestAccountDelete.js +8 -1
  131. package/dist/api/com/atproto/server/requestAccountDelete.js.map +1 -1
  132. package/dist/api/com/atproto/server/requestEmailConfirmation.d.ts.map +1 -1
  133. package/dist/api/com/atproto/server/requestEmailConfirmation.js +6 -1
  134. package/dist/api/com/atproto/server/requestEmailConfirmation.js.map +1 -1
  135. package/dist/api/com/atproto/server/requestEmailUpdate.d.ts.map +1 -1
  136. package/dist/api/com/atproto/server/requestEmailUpdate.js +6 -1
  137. package/dist/api/com/atproto/server/requestEmailUpdate.js.map +1 -1
  138. package/dist/api/com/atproto/server/revokeAppPassword.d.ts.map +1 -1
  139. package/dist/api/com/atproto/server/revokeAppPassword.js +6 -1
  140. package/dist/api/com/atproto/server/revokeAppPassword.js.map +1 -1
  141. package/dist/api/com/atproto/server/updateEmail.d.ts.map +1 -1
  142. package/dist/api/com/atproto/server/updateEmail.js +8 -1
  143. package/dist/api/com/atproto/server/updateEmail.js.map +1 -1
  144. package/dist/api/com/atproto/sync/deprecated/getCheckout.d.ts.map +1 -1
  145. package/dist/api/com/atproto/sync/deprecated/getCheckout.js +7 -2
  146. package/dist/api/com/atproto/sync/deprecated/getCheckout.js.map +1 -1
  147. package/dist/api/com/atproto/sync/deprecated/getHead.d.ts.map +1 -1
  148. package/dist/api/com/atproto/sync/deprecated/getHead.js +7 -2
  149. package/dist/api/com/atproto/sync/deprecated/getHead.js.map +1 -1
  150. package/dist/api/com/atproto/sync/getBlob.d.ts.map +1 -1
  151. package/dist/api/com/atproto/sync/getBlob.js +7 -3
  152. package/dist/api/com/atproto/sync/getBlob.js.map +1 -1
  153. package/dist/api/com/atproto/sync/getBlocks.d.ts.map +1 -1
  154. package/dist/api/com/atproto/sync/getBlocks.js +7 -2
  155. package/dist/api/com/atproto/sync/getBlocks.js.map +1 -1
  156. package/dist/api/com/atproto/sync/getLatestCommit.d.ts.map +1 -1
  157. package/dist/api/com/atproto/sync/getLatestCommit.js +7 -2
  158. package/dist/api/com/atproto/sync/getLatestCommit.js.map +1 -1
  159. package/dist/api/com/atproto/sync/getRecord.d.ts.map +1 -1
  160. package/dist/api/com/atproto/sync/getRecord.js +7 -2
  161. package/dist/api/com/atproto/sync/getRecord.js.map +1 -1
  162. package/dist/api/com/atproto/sync/getRepo.d.ts.map +1 -1
  163. package/dist/api/com/atproto/sync/getRepo.js +7 -3
  164. package/dist/api/com/atproto/sync/getRepo.js.map +1 -1
  165. package/dist/api/com/atproto/sync/listBlobs.d.ts.map +1 -1
  166. package/dist/api/com/atproto/sync/listBlobs.js +7 -3
  167. package/dist/api/com/atproto/sync/listBlobs.js.map +1 -1
  168. package/dist/api/com/atproto/temp/checkSignupQueue.d.ts.map +1 -1
  169. package/dist/api/com/atproto/temp/checkSignupQueue.js +7 -3
  170. package/dist/api/com/atproto/temp/checkSignupQueue.js.map +1 -1
  171. package/dist/auth-output.d.ts +45 -0
  172. package/dist/auth-output.d.ts.map +1 -0
  173. package/dist/auth-output.js +3 -0
  174. package/dist/auth-output.js.map +1 -0
  175. package/dist/auth-scope.d.ts +16 -0
  176. package/dist/auth-scope.d.ts.map +1 -0
  177. package/dist/auth-scope.js +40 -0
  178. package/dist/auth-scope.js.map +1 -0
  179. package/dist/auth-verifier.d.ts +50 -115
  180. package/dist/auth-verifier.d.ts.map +1 -1
  181. package/dist/auth-verifier.js +275 -366
  182. package/dist/auth-verifier.js.map +1 -1
  183. package/dist/config/config.d.ts +2 -1
  184. package/dist/config/config.d.ts.map +1 -1
  185. package/dist/config/config.js +2 -1
  186. package/dist/config/config.js.map +1 -1
  187. package/dist/config/env.d.ts +1 -0
  188. package/dist/config/env.d.ts.map +1 -1
  189. package/dist/config/env.js +3 -1
  190. package/dist/config/env.js.map +1 -1
  191. package/dist/context.d.ts.map +1 -1
  192. package/dist/context.js +5 -5
  193. package/dist/context.js.map +1 -1
  194. package/dist/lexicon/index.d.ts +234 -230
  195. package/dist/lexicon/index.d.ts.map +1 -1
  196. package/dist/lexicon/index.js +682 -674
  197. package/dist/lexicon/index.js.map +1 -1
  198. package/dist/lexicon/lexicons.d.ts +17994 -17706
  199. package/dist/lexicon/lexicons.d.ts.map +1 -1
  200. package/dist/lexicon/lexicons.js +9126 -8980
  201. package/dist/lexicon/lexicons.js.map +1 -1
  202. package/dist/lexicon/types/app/bsky/graph/getLists.d.ts +2 -0
  203. package/dist/lexicon/types/app/bsky/graph/getLists.d.ts.map +1 -1
  204. package/dist/lexicon/types/app/bsky/graph/getListsWithMembership.d.ts +40 -0
  205. package/dist/lexicon/types/app/bsky/graph/getListsWithMembership.d.ts.map +1 -0
  206. package/dist/lexicon/types/app/bsky/graph/getListsWithMembership.js +16 -0
  207. package/dist/lexicon/types/app/bsky/graph/getListsWithMembership.js.map +1 -0
  208. package/dist/lexicon/types/app/bsky/graph/getStarterPacksWithMembership.d.ts +38 -0
  209. package/dist/lexicon/types/app/bsky/graph/getStarterPacksWithMembership.d.ts.map +1 -0
  210. package/dist/lexicon/types/app/bsky/graph/getStarterPacksWithMembership.js +16 -0
  211. package/dist/lexicon/types/app/bsky/graph/getStarterPacksWithMembership.js.map +1 -0
  212. package/dist/pipethrough.d.ts +5 -3
  213. package/dist/pipethrough.d.ts.map +1 -1
  214. package/dist/pipethrough.js +42 -15
  215. package/dist/pipethrough.js.map +1 -1
  216. package/dist/sequencer/events.d.ts +13 -13
  217. package/dist/util/http.d.ts +7 -0
  218. package/dist/util/http.d.ts.map +1 -0
  219. package/dist/util/http.js +31 -0
  220. package/dist/util/http.js.map +1 -0
  221. package/dist/util/types.d.ts +5 -0
  222. package/dist/util/types.d.ts.map +1 -0
  223. package/dist/util/types.js +3 -0
  224. package/dist/util/types.js.map +1 -0
  225. package/package.json +7 -6
  226. package/src/account-manager/account-manager.ts +1 -1
  227. package/src/account-manager/helpers/auth.ts +1 -1
  228. package/src/account-manager/helpers/authorization-request.ts +8 -4
  229. package/src/actor-store/preference/reader.ts +3 -4
  230. package/src/actor-store/preference/transactor.ts +6 -7
  231. package/src/actor-store/preference/util.ts +15 -5
  232. package/src/api/app/bsky/actor/getPreferences.ts +33 -8
  233. package/src/api/app/bsky/actor/getProfile.ts +9 -1
  234. package/src/api/app/bsky/actor/getProfiles.ts +9 -1
  235. package/src/api/app/bsky/actor/putPreferences.ts +35 -12
  236. package/src/api/app/bsky/feed/getActorLikes.ts +9 -1
  237. package/src/api/app/bsky/feed/getAuthorFeed.ts +9 -1
  238. package/src/api/app/bsky/feed/getFeed.ts +9 -2
  239. package/src/api/app/bsky/feed/getPostThread.ts +8 -1
  240. package/src/api/app/bsky/feed/getTimeline.ts +9 -1
  241. package/src/api/app/bsky/notification/registerPush.ts +16 -5
  242. package/src/api/com/atproto/identity/getRecommendedDidCredentials.ts +5 -1
  243. package/src/api/com/atproto/identity/requestPlcOperationSignature.ts +9 -2
  244. package/src/api/com/atproto/identity/signPlcOperation.ts +9 -1
  245. package/src/api/com/atproto/identity/submitPlcOperation.ts +5 -1
  246. package/src/api/com/atproto/identity/updateHandle.ts +6 -1
  247. package/src/api/com/atproto/moderation/createReport.ts +8 -3
  248. package/src/api/com/atproto/repo/applyWrites.ts +28 -20
  249. package/src/api/com/atproto/repo/createRecord.ts +12 -1
  250. package/src/api/com/atproto/repo/deleteRecord.ts +14 -1
  251. package/src/api/com/atproto/repo/importRepo.ts +9 -2
  252. package/src/api/com/atproto/repo/listMissingBlobs.ts +7 -2
  253. package/src/api/com/atproto/repo/putRecord.ts +18 -10
  254. package/src/api/com/atproto/repo/uploadBlob.ts +6 -2
  255. package/src/api/com/atproto/server/activateAccount.ts +10 -2
  256. package/src/api/com/atproto/server/checkAccountStatus.ts +5 -1
  257. package/src/api/com/atproto/server/confirmEmail.ts +6 -1
  258. package/src/api/com/atproto/server/createAppPassword.ts +9 -1
  259. package/src/api/com/atproto/server/deactivateAccount.ts +11 -2
  260. package/src/api/com/atproto/server/deleteSession.ts +3 -1
  261. package/src/api/com/atproto/server/getAccountInviteCodes.ts +11 -2
  262. package/src/api/com/atproto/server/getServiceAuth.ts +37 -18
  263. package/src/api/com/atproto/server/getSession.ts +20 -27
  264. package/src/api/com/atproto/server/listAppPasswords.ts +8 -1
  265. package/src/api/com/atproto/server/refreshSession.ts +1 -1
  266. package/src/api/com/atproto/server/requestAccountDelete.ts +11 -2
  267. package/src/api/com/atproto/server/requestEmailConfirmation.ts +6 -1
  268. package/src/api/com/atproto/server/requestEmailUpdate.ts +6 -1
  269. package/src/api/com/atproto/server/revokeAppPassword.ts +8 -1
  270. package/src/api/com/atproto/server/updateEmail.ts +11 -2
  271. package/src/api/com/atproto/sync/deprecated/getCheckout.ts +7 -6
  272. package/src/api/com/atproto/sync/deprecated/getHead.ts +7 -6
  273. package/src/api/com/atproto/sync/getBlob.ts +7 -7
  274. package/src/api/com/atproto/sync/getBlocks.ts +7 -6
  275. package/src/api/com/atproto/sync/getLatestCommit.ts +7 -6
  276. package/src/api/com/atproto/sync/getRecord.ts +7 -6
  277. package/src/api/com/atproto/sync/getRepo.ts +7 -7
  278. package/src/api/com/atproto/sync/listBlobs.ts +7 -7
  279. package/src/api/com/atproto/temp/checkSignupQueue.ts +8 -2
  280. package/src/auth-output.ts +51 -0
  281. package/src/auth-scope.ts +40 -0
  282. package/src/auth-verifier.ts +404 -520
  283. package/src/config/config.ts +7 -7
  284. package/src/config/env.ts +5 -1
  285. package/src/context.ts +6 -5
  286. package/src/lexicon/index.ts +1247 -1221
  287. package/src/lexicon/lexicons.ts +9494 -9341
  288. package/src/lexicon/types/app/bsky/graph/getLists.ts +2 -0
  289. package/src/lexicon/types/app/bsky/graph/getListsWithMembership.ts +63 -0
  290. package/src/lexicon/types/app/bsky/graph/getStarterPacksWithMembership.ts +65 -0
  291. package/src/pipethrough.ts +61 -18
  292. package/src/util/http.ts +31 -0
  293. package/src/util/types.ts +7 -0
  294. package/tests/oauth.test.ts +11 -37
  295. package/tests/preferences.test.ts +7 -3
  296. package/tsconfig.build.tsbuildinfo +1 -1
package/src/api/com/atproto/sync/getBlocks.ts CHANGED
@@ -2,20 +2,21 @@ import { CID } from 'multiformats/cid'
2
2
  import { byteIterableToStream } from '@atproto/common'
3
3
  import { blocksToCarStream } from '@atproto/repo'
4
4
  import { InvalidRequestError } from '@atproto/xrpc-server'
5
+ import { isUserOrAdmin } from '../../../../auth-verifier'
5
6
  import { AppContext } from '../../../../context'
6
7
  import { Server } from '../../../../lexicon'
7
8
  import { assertRepoAvailability } from './util'
8
9
 
9
10
  export default function (server: Server, ctx: AppContext) {
10
11
  server.com.atproto.sync.getBlocks({
11
- auth: ctx.authVerifier.optionalAccessOrAdminToken(),
12
+ auth: ctx.authVerifier.authorizationOrAdminTokenOptional({
13
+ authorize: () => {
14
+ // always allow
15
+ },
16
+ }),
12
17
  handler: async ({ params, auth }) => {
13
18
  const { did } = params
14
- await assertRepoAvailability(
15
- ctx,
16
- did,
17
- ctx.authVerifier.isUserOrAdmin(auth, did),
18
- )
19
+ await assertRepoAvailability(ctx, did, isUserOrAdmin(auth, did))
19
20
 
20
21
  const cids = params.cids.map((c) => CID.parse(c))
21
22
  const got = await ctx.actorStore.read(did, (store) =>
package/src/api/com/atproto/sync/getLatestCommit.ts CHANGED
@@ -1,18 +1,19 @@
1
1
  import { InvalidRequestError } from '@atproto/xrpc-server'
2
+ import { isUserOrAdmin } from '../../../../auth-verifier'
2
3
  import { AppContext } from '../../../../context'
3
4
  import { Server } from '../../../../lexicon'
4
5
  import { assertRepoAvailability } from './util'
5
6
 
6
7
  export default function (server: Server, ctx: AppContext) {
7
8
  server.com.atproto.sync.getLatestCommit({
8
- auth: ctx.authVerifier.optionalAccessOrAdminToken(),
9
+ auth: ctx.authVerifier.authorizationOrAdminTokenOptional({
10
+ authorize: () => {
11
+ // always allow
12
+ },
13
+ }),
9
14
  handler: async ({ params, auth }) => {
10
15
  const { did } = params
11
- await assertRepoAvailability(
12
- ctx,
13
- did,
14
- ctx.authVerifier.isUserOrAdmin(auth, did),
15
- )
16
+ await assertRepoAvailability(ctx, did, isUserOrAdmin(auth, did))
16
17
 
17
18
  const root = await ctx.actorStore.read(did, (store) =>
18
19
  store.repo.storage.getRootDetailed(),
package/src/api/com/atproto/sync/getRecord.ts CHANGED
@@ -3,20 +3,21 @@ import { byteIterableToStream } from '@atproto/common'
3
3
  import * as repo from '@atproto/repo'
4
4
  import { InvalidRequestError } from '@atproto/xrpc-server'
5
5
  import { SqlRepoReader } from '../../../../actor-store/repo/sql-repo-reader'
6
+ import { isUserOrAdmin } from '../../../../auth-verifier'
6
7
  import { AppContext } from '../../../../context'
7
8
  import { Server } from '../../../../lexicon'
8
9
  import { assertRepoAvailability } from './util'
9
10
 
10
11
  export default function (server: Server, ctx: AppContext) {
11
12
  server.com.atproto.sync.getRecord({
12
- auth: ctx.authVerifier.optionalAccessOrAdminToken(),
13
+ auth: ctx.authVerifier.authorizationOrAdminTokenOptional({
14
+ authorize: () => {
15
+ // always allow
16
+ },
17
+ }),
13
18
  handler: async ({ params, auth }) => {
14
19
  const { did, collection, rkey } = params
15
- await assertRepoAvailability(
16
- ctx,
17
- did,
18
- ctx.authVerifier.isUserOrAdmin(auth, did),
19
- )
20
+ await assertRepoAvailability(ctx, did, isUserOrAdmin(auth, did))
20
21
 
21
22
  // must open up the db outside of store interface so that we can close the file handle after finished streaming
22
23
  const actorDb = await ctx.actorStore.openDb(did)
package/src/api/com/atproto/sync/getRepo.ts CHANGED
@@ -5,23 +5,23 @@ import {
5
5
  RepoRootNotFoundError,
6
6
  SqlRepoReader,
7
7
  } from '../../../../actor-store/repo/sql-repo-reader'
8
- import { AuthScope } from '../../../../auth-verifier'
8
+ import { AuthScope } from '../../../../auth-scope'
9
+ import { isUserOrAdmin } from '../../../../auth-verifier'
9
10
  import { AppContext } from '../../../../context'
10
11
  import { Server } from '../../../../lexicon'
11
12
  import { assertRepoAvailability } from './util'
12
13
 
13
14
  export default function (server: Server, ctx: AppContext) {
14
15
  server.com.atproto.sync.getRepo({
15
- auth: ctx.authVerifier.optionalAccessOrAdminToken({
16
+ auth: ctx.authVerifier.authorizationOrAdminTokenOptional({
16
17
  additional: [AuthScope.Takendown],
18
+ authorize: () => {
19
+ // always allow
20
+ },
17
21
  }),
18
22
  handler: async ({ params, auth }) => {
19
23
  const { did, since } = params
20
- await assertRepoAvailability(
21
- ctx,
22
- did,
23
- ctx.authVerifier.isUserOrAdmin(auth, did),
24
- )
24
+ await assertRepoAvailability(ctx, did, isUserOrAdmin(auth, did))
25
25
 
26
26
  const carStream = await getCarStream(ctx, did, since)
27
27
 
package/src/api/com/atproto/sync/listBlobs.ts CHANGED
@@ -1,20 +1,20 @@
1
- import { AuthScope } from '../../../../auth-verifier'
1
+ import { AuthScope } from '../../../../auth-scope'
2
+ import { isUserOrAdmin } from '../../../../auth-verifier'
2
3
  import { AppContext } from '../../../../context'
3
4
  import { Server } from '../../../../lexicon'
4
5
  import { assertRepoAvailability } from './util'
5
6
 
6
7
  export default function (server: Server, ctx: AppContext) {
7
8
  server.com.atproto.sync.listBlobs({
8
- auth: ctx.authVerifier.optionalAccessOrAdminToken({
9
+ auth: ctx.authVerifier.authorizationOrAdminTokenOptional({
9
10
  additional: [AuthScope.Takendown],
11
+ authorize: () => {
12
+ // always allow
13
+ },
10
14
  }),
11
15
  handler: async ({ params, auth }) => {
12
16
  const { did, since, limit, cursor } = params
13
- await assertRepoAvailability(
14
- ctx,
15
- did,
16
- ctx.authVerifier.isUserOrAdmin(auth, did),
17
- )
17
+ await assertRepoAvailability(ctx, did, isUserOrAdmin(auth, did))
18
18
 
19
19
  const blobCids = await ctx.actorStore.read(did, (store) =>
20
20
  store.repo.blob.listBlobs({ since, limit, cursor }),
package/src/api/com/atproto/temp/checkSignupQueue.ts CHANGED
@@ -1,4 +1,5 @@
1
- import { AuthScope } from '../../../../auth-verifier'
1
+ import { ForbiddenError } from '@atproto/xrpc-server'
2
+ import { AuthScope } from '../../../../auth-scope'
2
3
  import { AppContext } from '../../../../context'
3
4
  import { Server } from '../../../../lexicon'
4
5
  import { resultPassthru } from '../../../proxy'
@@ -6,8 +7,13 @@ import { resultPassthru } from '../../../proxy'
6
7
  // THIS IS A TEMPORARY UNSPECCED ROUTE
7
8
  export default function (server: Server, ctx: AppContext) {
8
9
  server.com.atproto.temp.checkSignupQueue({
9
- auth: ctx.authVerifier.accessStandard({
10
+ auth: ctx.authVerifier.authorization({
10
11
  additional: [AuthScope.SignupQueued],
12
+ authorize: () => {
13
+ throw new ForbiddenError(
14
+ 'OAuth credentials are not supported for this endpoint',
15
+ )
16
+ },
11
17
  }),
12
18
  handler: async ({ req }) => {
13
19
  if (!ctx.entrywayAgent) {
package/src/auth-output.ts ADDED
@@ -0,0 +1,51 @@
1
+ import { PermissionSet } from '@atproto/oauth-scopes'
2
+ import { AuthScope } from './auth-scope'
3
+
4
+ export type UnauthenticatedOutput = {
5
+ credentials: null
6
+ }
7
+
8
+ export type AdminTokenOutput = {
9
+ credentials: {
10
+ type: 'admin_token'
11
+ }
12
+ }
13
+
14
+ export type ModServiceOutput = {
15
+ credentials: {
16
+ type: 'mod_service'
17
+ did: string
18
+ }
19
+ }
20
+
21
+ export type AccessOutput<S extends AuthScope = AuthScope> = {
22
+ credentials: {
23
+ type: 'access'
24
+ did: string
25
+ scope: S
26
+ }
27
+ }
28
+
29
+ export type OAuthOutput = {
30
+ credentials: {
31
+ type: 'oauth'
32
+ did: string
33
+ permissions: PermissionSet
34
+ }
35
+ }
36
+
37
+ export type RefreshOutput = {
38
+ credentials: {
39
+ type: 'refresh'
40
+ did: string
41
+ scope: AuthScope.Refresh
42
+ tokenId: string
43
+ }
44
+ }
45
+
46
+ export type UserServiceAuthOutput = {
47
+ credentials: {
48
+ type: 'user_service_auth'
49
+ did: string
50
+ }
51
+ }
package/src/auth-scope.ts ADDED
@@ -0,0 +1,40 @@
1
+ // @TODO sync-up with current method names, consider backwards compat.
2
+ export enum AuthScope {
3
+ Access = 'com.atproto.access',
4
+ Refresh = 'com.atproto.refresh',
5
+ AppPass = 'com.atproto.appPass',
6
+ AppPassPrivileged = 'com.atproto.appPassPrivileged',
7
+ SignupQueued = 'com.atproto.signupQueued',
8
+ Takendown = 'com.atproto.takendown',
9
+ }
10
+
11
+ export const ACCESS_FULL = [AuthScope.Access] as const
12
+ export const ACCESS_PRIVILEGED = [
13
+ ...ACCESS_FULL,
14
+ AuthScope.AppPassPrivileged,
15
+ ] as const
16
+ export const ACCESS_STANDARD = [
17
+ ...ACCESS_PRIVILEGED,
18
+ AuthScope.AppPass,
19
+ ] as const
20
+
21
+ const authScopesValues = new Set(Object.values(AuthScope))
22
+ export function isAuthScope(val: unknown): val is AuthScope {
23
+ return (authScopesValues as Set<unknown>).has(val)
24
+ }
25
+
26
+ export function isAccessFull(
27
+ scope: AuthScope,
28
+ ): scope is (typeof ACCESS_FULL)[number] {
29
+ return (ACCESS_FULL as readonly string[]).includes(scope)
30
+ }
31
+
32
+ export function isAccessPrivileged(
33
+ scope: AuthScope,
34
+ ): scope is (typeof ACCESS_PRIVILEGED)[number] {
35
+ return (ACCESS_PRIVILEGED as readonly string[]).includes(scope)
36
+ }
37
+
38
+ export function isTakendown(scope: unknown): scope is AuthScope.Takendown {
39
+ return scope === AuthScope.Takendown
40
+ }