npm - @atproto/pds - Versions diffs - 0.4.165 → 0.4.166 - Mend

@atproto/pds 0.4.165 → 0.4.166

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (282) hide show

package/src/api/app/bsky/actor/getProfiles.ts CHANGED Viewed

@@ -1,6 +1,8 @@
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
+import { ids } from '../../../../lexicon/lexicons'
 import { OutputSchema } from '../../../../lexicon/types/app/bsky/actor/getProfiles'
+import { computeProxyTo } from '../../../../pipethrough'
 import {
   LocalRecords,
   LocalViewer,
@@ -11,7 +13,13 @@ export default function (server: Server, ctx: AppContext) {
   if (!ctx.bskyAppView) return
   server.app.bsky.actor.getProfiles({
-    auth: ctx.authVerifier.accessStandard(),
+    auth: ctx.authVerifier.authorization({
+      authorize: (permissions, { req }) => {
+        const lxm = ids.AppBskyActorGetProfiles
+        const aud = computeProxyTo(ctx, req, lxm)
+        permissions.assertRpc({ aud, lxm })
+      },
+    }),
     handler: async (reqCtx) => {
       return pipethroughReadAfterWrite(ctx, reqCtx, getProfilesMunge)
     },

package/src/api/app/bsky/actor/putPreferences.ts CHANGED Viewed

@@ -1,30 +1,53 @@
 import { InvalidRequestError } from '@atproto/xrpc-server'
 import { AccountPreference } from '../../../../actor-store/preference/reader'
+import { isAccessFull } from '../../../../auth-scope'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
+import { ids } from '../../../../lexicon/lexicons'
+import { computeProxyTo, pipethrough } from '../../../../pipethrough'
 export default function (server: Server, ctx: AppContext) {
-  if (!ctx.bskyAppView) return
+  const { bskyAppView } = ctx
+  if (!bskyAppView) return
   server.app.bsky.actor.putPreferences({
-    auth: ctx.authVerifier.accessStandard({ checkTakedown: true }),
-    handler: async ({ auth, input }) => {
-      const { preferences } = input.body
-      const requester = auth.credentials.did
+    auth: ctx.authVerifier.authorization({
+      checkTakedown: true,
+      authorize: (permissions, { req }) => {
+        const lxm = ids.AppBskyActorPutPreferences
+        const aud = computeProxyTo(ctx, req, lxm)
+        permissions.assertRpc({ aud, lxm })
+      },
+    }),
+    handler: async ({ req, auth, input }) => {
+      const { did } = auth.credentials
+      // If the request has a proxy header different from the bsky app view,
+      // we need to proxy the request to the requested app view.
+      // @TODO This behavior should not be implemented as part of the XRPC framework
+      const lxm = ids.AppBskyActorPutPreferences
+      const aud = computeProxyTo(ctx, req, lxm)
+      if (aud !== `${bskyAppView.did}#bsky_appview`) {
+        return pipethrough(ctx, req, { iss: did, aud, lxm })
+      }
       const checkedPreferences: AccountPreference[] = []
-      for (const pref of preferences) {
+      for (const pref of input.body.preferences) {
         if (typeof pref.$type === 'string') {
           checkedPreferences.push(pref as AccountPreference)
         } else {
           throw new InvalidRequestError('Preference is missing a $type')
         }
       }
-      await ctx.actorStore.transact(requester, async (actorTxn) => {
-        await actorTxn.pref.putPreferences(
-          checkedPreferences,
-          'app.bsky',
-          auth.credentials.scope,
-        )
+      const hasAccessFull =
+        auth.credentials.type === 'access' &&
+        isAccessFull(auth.credentials.scope)
+      await ctx.actorStore.transact(did, async (actorTxn) => {
+        await actorTxn.pref.putPreferences(checkedPreferences, 'app.bsky', {
+          hasAccessFull,
+        })
       })
     },
   })

package/src/api/app/bsky/feed/getActorLikes.ts CHANGED Viewed

@@ -1,6 +1,8 @@
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
+import { ids } from '../../../../lexicon/lexicons'
 import { OutputSchema } from '../../../../lexicon/types/app/bsky/feed/getActorLikes'
+import { computeProxyTo } from '../../../../pipethrough'
 import {
   LocalRecords,
   LocalViewer,
@@ -11,7 +13,13 @@ export default function (server: Server, ctx: AppContext) {
   if (!ctx.bskyAppView) return
   server.app.bsky.feed.getActorLikes({
-    auth: ctx.authVerifier.accessStandard(),
+    auth: ctx.authVerifier.authorization({
+      authorize: (permissions, { req }) => {
+        const lxm = ids.AppBskyFeedGetActorLikes
+        const aud = computeProxyTo(ctx, req, lxm)
+        permissions.assertRpc({ aud, lxm })
+      },
+    }),
     handler: async (reqCtx) => {
       return pipethroughReadAfterWrite(ctx, reqCtx, getAuthorMunge)
     },

package/src/api/app/bsky/feed/getAuthorFeed.ts CHANGED Viewed

@@ -1,7 +1,9 @@
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
+import { ids } from '../../../../lexicon/lexicons'
 import { isReasonRepost } from '../../../../lexicon/types/app/bsky/feed/defs'
 import { OutputSchema } from '../../../../lexicon/types/app/bsky/feed/getAuthorFeed'
+import { computeProxyTo } from '../../../../pipethrough'
 import {
   LocalRecords,
   LocalViewer,
@@ -12,7 +14,13 @@ export default function (server: Server, ctx: AppContext) {
   if (!ctx.bskyAppView) return
   server.app.bsky.feed.getAuthorFeed({
-    auth: ctx.authVerifier.accessStandard(),
+    auth: ctx.authVerifier.authorization({
+      authorize: (permissions, { req }) => {
+        const lxm = ids.AppBskyFeedGetAuthorFeed
+        const aud = computeProxyTo(ctx, req, lxm)
+        permissions.assertRpc({ aud, lxm })
+      },
+    }),
     handler: async (reqCtx) => {
       return pipethroughReadAfterWrite(ctx, reqCtx, getAuthorMunge)
     },

package/src/api/app/bsky/feed/getFeed.ts CHANGED Viewed

@@ -3,14 +3,21 @@ import { AtUri } from '@atproto/syntax'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 import { ids } from '../../../../lexicon/lexicons'
-import { pipethrough } from '../../../../pipethrough'
+import { computeProxyTo, pipethrough } from '../../../../pipethrough'
 export default function (server: Server, ctx: AppContext) {
   const { bskyAppView } = ctx
   if (!bskyAppView) return
   server.app.bsky.feed.getFeed({
-    auth: ctx.authVerifier.accessStandard(),
+    auth: ctx.authVerifier.authorization({
+      authorize: (permissions, { req }) => {
+        const lxm = ids.AppBskyFeedGetFeed
+        const aud = computeProxyTo(ctx, req, lxm)
+        permissions.assertRpc({ aud, lxm })
+        permissions.assertRpc({ aud, lxm: ids.AppBskyFeedGetFeedSkeleton })
+      },
+    }),
     handler: async ({ params, auth, req }) => {
       const requester = auth.credentials.did

package/src/api/app/bsky/feed/getPostThread.ts CHANGED Viewed

@@ -14,6 +14,7 @@ import {
 } from '../../../../lexicon/types/app/bsky/feed/getPostThread'
 import { Record as PostRecord } from '../../../../lexicon/types/app/bsky/feed/post'
 import { $Typed } from '../../../../lexicon/util'
+import { computeProxyTo } from '../../../../pipethrough'
 import {
   LocalRecords,
   LocalViewer,
@@ -28,7 +29,13 @@ export default function (server: Server, ctx: AppContext) {
   if (!ctx.bskyAppView) return
   server.app.bsky.feed.getPostThread({
-    auth: ctx.authVerifier.accessStandard(),
+    auth: ctx.authVerifier.authorization({
+      authorize: (permissions, { req }) => {
+        const lxm = ids.AppBskyFeedGetPostThread
+        const aud = computeProxyTo(ctx, req, lxm)
+        permissions.assertRpc({ aud, lxm })
+      },
+    }),
     handler: async (reqCtx) => {
       try {
         return await pipethroughReadAfterWrite(ctx, reqCtx, getPostThreadMunge)

package/src/api/app/bsky/feed/getTimeline.ts CHANGED Viewed

@@ -1,6 +1,8 @@
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
+import { ids } from '../../../../lexicon/lexicons'
 import { OutputSchema } from '../../../../lexicon/types/app/bsky/feed/getTimeline'
+import { computeProxyTo } from '../../../../pipethrough'
 import {
   LocalRecords,
   LocalViewer,
@@ -11,7 +13,13 @@ export default function (server: Server, ctx: AppContext) {
   if (!ctx.bskyAppView) return
   server.app.bsky.feed.getTimeline({
-    auth: ctx.authVerifier.accessStandard(),
+    auth: ctx.authVerifier.authorization({
+      authorize: (permissions, { req }) => {
+        const lxm = ids.AppBskyFeedGetTimeline
+        const aud = computeProxyTo(ctx, req, lxm)
+        permissions.assertRpc({ aud, lxm })
+      },
+    }),
     handler: async (reqCtx) => {
       return pipethroughReadAfterWrite(ctx, reqCtx, getTimelineMunge)
     },

package/src/api/app/bsky/notification/registerPush.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { AtpAgent } from '@atproto/api'
 import { getNotif } from '@atproto/identity'
 import { InvalidRequestError } from '@atproto/xrpc-server'
-import { AuthScope } from '../../../../auth-verifier'
+import { AuthScope } from '../../../../auth-scope'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 import { ids } from '../../../../lexicon/lexicons'
@@ -12,14 +12,25 @@ export default function (server: Server, ctx: AppContext) {
   if (!bskyAppView) return
   server.app.bsky.notification.registerPush({
-    auth: ctx.authVerifier.accessStandard({
+    auth: ctx.authVerifier.authorization({
       additional: [AuthScope.SignupQueued],
+      authorize: () => {
+        // @NOTE this endpoint predates generic service proxying but we want to
+        // map the permission to the "RPC" scope for consistency. However, since
+        // the service info is only available in the request body, we can't
+        // assert permissions here.
+      },
     }),
     handler: async ({ auth, input }) => {
       const { serviceDid } = input.body
-      const {
-        credentials: { did },
-      } = auth
+      const { did } = auth.credentials
+      if (auth.credentials.type === 'oauth') {
+        auth.credentials.permissions.assertRpc({
+          aud: `${serviceDid}#bsky_notif`,
+          lxm: ids.AppBskyNotificationRegisterPush,
+        })
+      }
       const authHeaders = await ctx.serviceAuthHeaders(
         did,

package/src/api/com/atproto/identity/getRecommendedDidCredentials.ts CHANGED Viewed

@@ -3,7 +3,11 @@ import { Server } from '../../../../lexicon'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.identity.getRecommendedDidCredentials({
-    auth: ctx.authVerifier.accessStandard(),
+    auth: ctx.authVerifier.authorization({
+      authorize: () => {
+        // always allow
+      },
+    }),
     handler: async ({ auth }) => {
       const requester = auth.credentials.did
       const signingKey = await ctx.actorStore.keypair(requester)

package/src/api/com/atproto/identity/requestPlcOperationSignature.ts CHANGED Viewed

@@ -1,12 +1,19 @@
 import { InvalidRequestError } from '@atproto/xrpc-server'
-import { AuthScope } from '../../../../auth-verifier'
+import { ACCESS_FULL, AuthScope } from '../../../../auth-scope'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 import { ids } from '../../../../lexicon/lexicons'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.identity.requestPlcOperationSignature({
-    auth: ctx.authVerifier.accessFull({ additional: [AuthScope.Takendown] }),
+    auth: ctx.authVerifier.authorization({
+      // @NOTE Reflect any change in signPlcOperation
+      scopes: ACCESS_FULL,
+      additional: [AuthScope.Takendown],
+      authorize: (permissions) => {
+        permissions.assertIdentity({ attr: '*' })
+      },
+    }),
     handler: async ({ auth, req }) => {
       if (ctx.entrywayAgent) {
         await ctx.entrywayAgent.com.atproto.identity.requestPlcOperationSignature(

package/src/api/com/atproto/identity/signPlcOperation.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import * as plc from '@did-plc/lib'
 import { check } from '@atproto/common'
 import { InvalidRequestError } from '@atproto/xrpc-server'
+import { ACCESS_FULL, AuthScope } from '../../../../auth-scope'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 import { ids } from '../../../../lexicon/lexicons'
@@ -8,7 +9,14 @@ import { resultPassthru } from '../../../proxy'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.identity.signPlcOperation({
-    auth: ctx.authVerifier.accessFull(),
+    auth: ctx.authVerifier.authorization({
+      // @NOTE Should match auth rules from requestPlcOperationSignature
+      scopes: ACCESS_FULL,
+      additional: [AuthScope.Takendown],
+      authorize: (permissions) => {
+        permissions.assertIdentity({ attr: '*' })
+      },
+    }),
     handler: async ({ auth, input, req }) => {
       if (ctx.entrywayAgent) {
         return resultPassthru(

package/src/api/com/atproto/identity/submitPlcOperation.ts CHANGED Viewed

@@ -7,7 +7,11 @@ import { httpLogger as log } from '../../../../logger'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.identity.submitPlcOperation({
-    auth: ctx.authVerifier.accessStandard(),
+    auth: ctx.authVerifier.authorization({
+      authorize: (permissions) => {
+        permissions.assertIdentity({ attr: '*' })
+      },
+    }),
     handler: async ({ auth, input }) => {
       const requester = auth.credentials.did
       const op = input.body.operation

package/src/api/com/atproto/identity/updateHandle.ts CHANGED Viewed

@@ -7,7 +7,12 @@ import { httpLogger } from '../../../../logger'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.identity.updateHandle({
-    auth: ctx.authVerifier.accessStandard({ checkTakedown: true }),
+    auth: ctx.authVerifier.authorization({
+      checkTakedown: true,
+      authorize: (permissions) => {
+        permissions.assertIdentity({ attr: 'handle' })
+      },
+    }),
     rateLimit: [
       {
         durationMs: 5 * MINUTE,

package/src/api/com/atproto/moderation/createReport.ts CHANGED Viewed

@@ -1,14 +1,19 @@
 import { AtpAgent } from '@atproto/api'
-import { AuthScope } from '../../../../auth-verifier'
+import { AuthScope } from '../../../../auth-scope'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 import { ids } from '../../../../lexicon/lexicons'
-import { parseProxyInfo } from '../../../../pipethrough'
+import { computeProxyTo, parseProxyInfo } from '../../../../pipethrough'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.moderation.createReport({
-    auth: ctx.authVerifier.accessStandard({
+    auth: ctx.authVerifier.authorization({
       additional: [AuthScope.Takendown],
+      authorize: (permissions, { req }) => {
+        const lxm = ids.ComAtprotoModerationCreateReport
+        const aud = computeProxyTo(ctx, req, lxm)
+        permissions.assertRpc({ aud, lxm })
+      },
     }),
     handler: async ({ auth, input, req }) => {
       const { url, did: aud } = await parseProxyInfo(

package/src/api/com/atproto/repo/applyWrites.ts CHANGED Viewed

@@ -38,10 +38,14 @@ const ratelimitPoints = ({ input }: { input: HandlerInput }) => {
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.applyWrites({
-    auth: ctx.authVerifier.accessStandard({
+    auth: ctx.authVerifier.authorization({
       checkTakedown: true,
       checkDeactivated: true,
+      authorize: () => {
+        // Performed in the handler as it is based on the request body
+      },
     }),
     rateLimit: [
       {
         name: 'repo-write-hour',
@@ -56,31 +60,35 @@ export default function (server: Server, ctx: AppContext) {
     ],
     handler: async ({ input, auth }) => {
-      const tx = input.body
-      const { repo, validate, swapCommit } = tx
-      const account = await ctx.accountManager.getAccount(repo, {
-        includeDeactivated: true,
-      })
-      if (!account) {
-        throw new InvalidRequestError(`Could not find repo: ${repo}`)
-      } else if (account.deactivatedAt) {
-        throw new InvalidRequestError('Account is deactivated')
-      }
+      const { repo, validate, swapCommit, writes } = input.body
-      const did = account.did
-      if (did !== auth.credentials.did) {
+      const { did } = auth.credentials
+      if (repo !== did) {
         throw new AuthRequiredError()
       }
-      if (tx.writes.length > 200) {
+      if (writes.length > 200) {
         throw new InvalidRequestError('Too many writes. Max: 200')
       }
+      // Verify permission of every unique "action" / "collection" pair
+      if (auth.credentials.type === 'oauth') {
+        // @NOTE Unlike "importRepo", we do not require "action" = "*" here.
+        for (const [action, collections] of [
+          ['create', new Set(writes.filter(isCreate).map((w) => w.collection))],
+          ['update', new Set(writes.filter(isUpdate).map((w) => w.collection))],
+          ['delete', new Set(writes.filter(isDelete).map((w) => w.collection))],
+        ] as const) {
+          for (const collection of collections) {
+            auth.credentials.permissions.assertRepo({ action, collection })
+          }
+        }
+      }
       // @NOTE should preserve order of ts.writes for final use in response
-      let writes: PreparedWrite[]
+      let preparedWrites: PreparedWrite[]
       try {
-        writes = await Promise.all(
-          tx.writes.map((write) => {
+        preparedWrites = await Promise.all(
+          writes.map(async (write) => {
             if (isCreate(write)) {
               return prepareCreate({
                 did,
@@ -121,7 +129,7 @@ export default function (server: Server, ctx: AppContext) {
       const commit = await ctx.actorStore.transact(did, async (actorTxn) => {
         const commit = await actorTxn.repo
-          .processWrites(writes, swapCommitCid)
+          .processWrites(preparedWrites, swapCommitCid)
           .catch((err) => {
             if (err instanceof BadCommitSwapError) {
               throw new InvalidRequestError(err.message, 'InvalidSwap')
@@ -150,7 +158,7 @@ export default function (server: Server, ctx: AppContext) {
             cid: commit.cid.toString(),
             rev: commit.rev,
           },
-          results: writes.map(writeToOutputResult),
+          results: preparedWrites.map(writeToOutputResult),
         },
       }
     },

package/src/api/com/atproto/repo/createRecord.ts CHANGED Viewed

@@ -14,9 +14,12 @@ import {
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.createRecord({
-    auth: ctx.authVerifier.accessStandard({
+    auth: ctx.authVerifier.authorization({
       checkTakedown: true,
       checkDeactivated: true,
+      authorize: () => {
+        // Performed in the handler as it requires the request body
+      },
     }),
     rateLimit: [
       {
@@ -33,6 +36,14 @@ export default function (server: Server, ctx: AppContext) {
     handler: async ({ input, auth }) => {
       const { repo, collection, rkey, record, swapCommit, validate } =
         input.body
+      if (auth.credentials.type === 'oauth') {
+        auth.credentials.permissions.assertRepo({
+          action: 'create',
+          collection,
+        })
+      }
       const account = await ctx.accountManager.getAccount(repo, {
         includeDeactivated: true,
       })

package/src/api/com/atproto/repo/deleteRecord.ts CHANGED Viewed

@@ -11,9 +11,12 @@ import {
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.deleteRecord({
-    auth: ctx.authVerifier.accessStandard({
+    auth: ctx.authVerifier.authorization({
       checkTakedown: true,
       checkDeactivated: true,
+      authorize: () => {
+        // Performed in the handler as it requires the request body
+      },
     }),
     rateLimit: [
       {
@@ -29,6 +32,16 @@ export default function (server: Server, ctx: AppContext) {
     ],
     handler: async ({ input, auth }) => {
       const { repo, collection, rkey, swapCommit, swapRecord } = input.body
+      // We can't compute permissions based on the request payload ("input") in
+      // the 'auth' phase, so we do it here.
+      if (auth.credentials.type === 'oauth') {
+        auth.credentials.permissions.assertRepo({
+          action: 'delete',
+          collection,
+        })
+      }
       const account = await ctx.accountManager.getAccount(repo, {
         includeDeactivated: true,
       })

package/src/api/com/atproto/repo/importRepo.ts CHANGED Viewed

@@ -12,19 +12,26 @@ import {
 import { AtUri } from '@atproto/syntax'
 import { InvalidRequestError } from '@atproto/xrpc-server'
 import { ActorStoreTransactor } from '../../../../actor-store/actor-store-transactor'
+import { ACCESS_FULL } from '../../../../auth-scope'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.importRepo({
-    auth: ctx.authVerifier.accessFull({
+    auth: ctx.authVerifier.authorization({
       checkTakedown: true,
+      scopes: ACCESS_FULL,
+      authorize: (permissions) => {
+        permissions.assertAccount({ attr: 'repo', action: 'manage' })
+      },
     }),
     handler: async ({ input, auth }) => {
-      const did = auth.credentials.did
       if (!ctx.cfg.service.acceptingImports) {
         throw new InvalidRequestError('Service is not accepting repo imports')
       }
+      const { did } = auth.credentials
       await ctx.actorStore.transact(did, (store) =>
         importRepo(store, input.body),
       )

package/src/api/com/atproto/repo/listMissingBlobs.ts CHANGED Viewed

@@ -3,10 +3,15 @@ import { Server } from '../../../../lexicon'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.listMissingBlobs({
-    auth: ctx.authVerifier.accessStandard(),
+    auth: ctx.authVerifier.authorization({
+      authorize: () => {
+        // always allow
+      },
+    }),
     handler: async ({ auth, params }) => {
-      const did = auth.credentials.did
+      const { did } = auth.credentials
       const { limit, cursor } = params
       const blobs = await ctx.actorStore.read(did, (store) =>
         store.repo.blob.listMissingBlobs({ limit, cursor }),
       )

package/src/api/com/atproto/repo/putRecord.ts CHANGED Viewed

@@ -20,9 +20,12 @@ import {
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.putRecord({
-    auth: ctx.authVerifier.accessStandard({
+    auth: ctx.authVerifier.authorization({
       checkTakedown: true,
       checkDeactivated: true,
+      authorize: () => {
+        // Performed in the handler as it requires the request body
+      },
     }),
     rateLimit: [
       {
@@ -46,17 +49,22 @@ export default function (server: Server, ctx: AppContext) {
         swapCommit,
         swapRecord,
       } = input.body
-      const account = await ctx.accountManager.getAccount(repo, {
-        includeDeactivated: true,
-      })
-      if (!account) {
-        throw new InvalidRequestError(`Could not find repo: ${repo}`)
-      } else if (account.deactivatedAt) {
-        throw new InvalidRequestError('Account is deactivated')
+      // We can't compute permissions based on the request payload ("input") in
+      // the 'auth' phase, so we do it here.
+      if (auth.credentials.type === 'oauth') {
+        auth.credentials.permissions.assertRepo({
+          action: 'create',
+          collection,
+        })
+        auth.credentials.permissions.assertRepo({
+          action: 'update',
+          collection,
+        })
       }
-      const did = account.did
-      if (did !== auth.credentials.did) {
+      const { did } = auth.credentials
+      if (did !== repo) {
         throw new AuthRequiredError()
       }

package/src/api/com/atproto/repo/uploadBlob.ts CHANGED Viewed

@@ -1,13 +1,17 @@
 import { DAY } from '@atproto/common'
-import { UpstreamTimeoutError } from '@atproto/xrpc-server'
+import { UpstreamTimeoutError, parseReqEncoding } from '@atproto/xrpc-server'
 import { BlobMetadata } from '../../../../actor-store/blob/transactor'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.uploadBlob({
-    auth: ctx.authVerifier.accessOrUserServiceAuth({
+    auth: ctx.authVerifier.authorizationOrUserServiceAuth({
       checkTakedown: true,
+      authorize: (permissions, { req }) => {
+        const encoding = parseReqEncoding(req)
+        permissions.assertBlob({ mime: encoding })
+      },
     }),
     rateLimit: {
       durationMs: DAY,

package/src/api/com/atproto/server/activateAccount.ts CHANGED Viewed

@@ -1,12 +1,20 @@
 import { INVALID_HANDLE } from '@atproto/syntax'
-import { InvalidRequestError } from '@atproto/xrpc-server'
+import { ForbiddenError, InvalidRequestError } from '@atproto/xrpc-server'
+import { ACCESS_FULL } from '../../../../auth-scope'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 import { assertValidDidDocumentForService } from './util'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.activateAccount({
-    auth: ctx.authVerifier.accessFull(),
+    auth: ctx.authVerifier.authorization({
+      scopes: ACCESS_FULL,
+      authorize: () => {
+        throw new ForbiddenError(
+          'OAuth credentials are not supported for this endpoint',
+        )
+      },
+    }),
     handler: async ({ req, auth }) => {
       // in the case of entryway, the full flow is activateAccount (PDS) -> activateAccount (Entryway) -> updateSubjectStatus(PDS)
       if (ctx.entrywayAgent) {