npm - @atproto/pds - Versions diffs - 0.4.226 → 0.5.1 - Mend

@atproto/pds 0.4.226 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (113) hide show

package/CHANGELOG.md +27 -0
package/dist/account-manager/account-manager.d.ts +19 -5
package/dist/account-manager/account-manager.d.ts.map +1 -1
package/dist/account-manager/account-manager.js +94 -12
package/dist/account-manager/account-manager.js.map +1 -1
package/dist/account-manager/helpers/account.d.ts +2 -0
package/dist/account-manager/helpers/account.d.ts.map +1 -1
package/dist/account-manager/helpers/account.js +4 -0
package/dist/account-manager/helpers/account.js.map +1 -1
package/dist/account-manager/oauth-store.d.ts +5 -1
package/dist/account-manager/oauth-store.d.ts.map +1 -1
package/dist/account-manager/oauth-store.js +50 -1
package/dist/account-manager/oauth-store.js.map +1 -1
package/dist/api/app/bsky/actor/getPreferences.d.ts.map +1 -1
package/dist/api/app/bsky/actor/getPreferences.js +7 -2
package/dist/api/app/bsky/actor/getPreferences.js.map +1 -1
package/dist/api/app/bsky/actor/putPreferences.d.ts.map +1 -1
package/dist/api/app/bsky/actor/putPreferences.js +7 -2
package/dist/api/app/bsky/actor/putPreferences.js.map +1 -1
package/dist/api/com/atproto/admin/updateAccountEmail.js +1 -1
package/dist/api/com/atproto/admin/updateAccountEmail.js.map +1 -1
package/dist/api/com/atproto/server/confirmEmail.d.ts.map +1 -1
package/dist/api/com/atproto/server/confirmEmail.js +20 -27
package/dist/api/com/atproto/server/confirmEmail.js.map +1 -1
package/dist/api/com/atproto/server/getServiceAuth.d.ts.map +1 -1
package/dist/api/com/atproto/server/getServiceAuth.js +4 -0
package/dist/api/com/atproto/server/getServiceAuth.js.map +1 -1
package/dist/api/com/atproto/server/requestEmailConfirmation.d.ts +3 -1
package/dist/api/com/atproto/server/requestEmailConfirmation.d.ts.map +1 -1
package/dist/api/com/atproto/server/requestEmailConfirmation.js +44 -39
package/dist/api/com/atproto/server/requestEmailConfirmation.js.map +1 -1
package/dist/api/com/atproto/server/requestEmailUpdate.d.ts +3 -1
package/dist/api/com/atproto/server/requestEmailUpdate.d.ts.map +1 -1
package/dist/api/com/atproto/server/requestEmailUpdate.js +51 -47
package/dist/api/com/atproto/server/requestEmailUpdate.js.map +1 -1
package/dist/api/com/atproto/server/updateEmail.d.ts.map +1 -1
package/dist/api/com/atproto/server/updateEmail.js +32 -46
package/dist/api/com/atproto/server/updateEmail.js.map +1 -1
package/dist/config/config.d.ts +5 -2
package/dist/config/config.d.ts.map +1 -1
package/dist/config/config.js +50 -46
package/dist/config/config.js.map +1 -1
package/dist/config/env.d.ts +1 -0
package/dist/config/env.d.ts.map +1 -1
package/dist/config/env.js +1 -0
package/dist/config/env.js.map +1 -1
package/dist/context.d.ts.map +1 -1
package/dist/context.js +2 -2
package/dist/context.js.map +1 -1
package/dist/lexicons/app/bsky/embed/external.defs.d.ts +5 -0
package/dist/lexicons/app/bsky/embed/external.defs.d.ts.map +1 -1
package/dist/lexicons/app/bsky/embed/external.defs.js +4 -0
package/dist/lexicons/app/bsky/embed/external.defs.js.map +1 -1
package/dist/lexicons/chat/bsky/actor/getStatus.defs.d.ts +2 -0
package/dist/lexicons/chat/bsky/actor/getStatus.defs.d.ts.map +1 -1
package/dist/lexicons/chat/bsky/actor/getStatus.defs.js +1 -0
package/dist/lexicons/chat/bsky/actor/getStatus.defs.js.map +1 -1
package/dist/lexicons/chat/bsky/convo/defs.defs.d.ts +4 -0
package/dist/lexicons/chat/bsky/convo/defs.defs.d.ts.map +1 -1
package/dist/lexicons/chat/bsky/convo/defs.defs.js +1 -0
package/dist/lexicons/chat/bsky/convo/defs.defs.js.map +1 -1
package/dist/lexicons/com/atproto/server/getServiceAuth.defs.d.ts +2 -2
package/dist/lexicons/com/atproto/server/getServiceAuth.defs.js +1 -1
package/dist/lexicons/com/atproto/server/getServiceAuth.defs.js.map +1 -1
package/dist/mailer/index.d.ts +5 -3
package/dist/mailer/index.d.ts.map +1 -1
package/dist/mailer/index.js +20 -9
package/dist/mailer/index.js.map +1 -1
package/dist/mailer/templates/confirm-email.js +11 -3
package/dist/mailer/templates/confirm-email.js.map +2 -2
package/dist/mailer/templates/delete-account.js +2 -2
package/dist/mailer/templates/delete-account.js.map +2 -2
package/dist/mailer/templates/plc-operation.js +2 -2
package/dist/mailer/templates/plc-operation.js.map +2 -2
package/dist/mailer/templates/reset-password.js +2 -2
package/dist/mailer/templates/reset-password.js.map +2 -2
package/dist/mailer/templates/update-email.js +2 -2
package/dist/mailer/templates/update-email.js.map +2 -2
package/dist/mailer/templates.d.ts +11 -0
package/dist/mailer/templates.d.ts.map +1 -1
package/dist/mailer/templates.js.map +1 -1
package/dist/pipethrough.d.ts +3 -0
package/dist/pipethrough.d.ts.map +1 -1
package/dist/pipethrough.js +25 -9
package/dist/pipethrough.js.map +1 -1
package/package.json +12 -11
package/src/account-manager/account-manager.ts +136 -15
package/src/account-manager/helpers/account.ts +9 -1
package/src/account-manager/oauth-store.ts +80 -1
package/src/api/app/bsky/actor/getPreferences.ts +11 -2
package/src/api/app/bsky/actor/putPreferences.ts +11 -2
package/src/api/com/atproto/admin/updateAccountEmail.ts +1 -1
package/src/api/com/atproto/server/confirmEmail.ts +24 -29
package/src/api/com/atproto/server/getServiceAuth.ts +7 -0
package/src/api/com/atproto/server/requestEmailConfirmation.ts +55 -48
package/src/api/com/atproto/server/requestEmailUpdate.ts +64 -48
package/src/api/com/atproto/server/updateEmail.ts +32 -62
package/src/config/config.ts +69 -57
package/src/config/env.ts +3 -0
package/src/context.ts +2 -1
package/src/mailer/index.ts +35 -11
package/src/mailer/templates/confirm-email.hbs +18 -17
package/src/mailer/templates/delete-account.hbs +6 -6
package/src/mailer/templates/plc-operation.hbs +6 -6
package/src/mailer/templates/reset-password.hbs +7 -7
package/src/mailer/templates/update-email.hbs +6 -6
package/src/mailer/templates.ts +12 -0
package/src/pipethrough.ts +33 -12
package/tests/account-manager.test.ts +89 -8
package/tests/app-passwords.test.ts +5 -5
package/tests/get-service-auth.test.ts +81 -0
package/tests/proxied/proxy-header.test.ts +1 -0
package/tests/proxied/proxy-oauth-aud.test.ts +175 -0

package/src/mailer/index.ts CHANGED Viewed

@@ -1,22 +1,38 @@
 import { SendMailOptions, Transporter } from 'nodemailer'
 import { htmlToText } from 'nodemailer-html-to-text'
-import { ServerConfig } from '../config/index.js'
+import { BrandingConfig, EmailConfig } from '../config/index.js'
 import { mailerLogger } from '../logger.js'
 import * as templates from './templates.js'
 // @TODO Add support for i18n
+const DEFAULT_LOGO_URL =
+  'https://bsky.social/about/images/email/email_logo_default.png'
+const DEFAULT_MARK_URL =
+  'https://bsky.social/about/images/email/email_mark_dark.png'
+const DEFAULT_HOME_URL = 'https://bsky.app'
+const DEFAULT_PRIMARY_COLOR = '#067df7'
 export class ServerMailer {
+  private readonly config: templates.Config
   constructor(
     public readonly transporter: Transporter,
-    private readonly config: ServerConfig,
+    private readonly email: EmailConfig | null,
+    branding: BrandingConfig,
   ) {
     transporter.use('compile', htmlToText())
-  }
-  // The returned config can be used inside email templates.
-  static getEmailConfig(_config: ServerConfig) {
-    return {}
+    this.config = {
+      serviceName: branding.name ?? 'Bluesky',
+      homeUrl:
+        branding.links?.find((link) => link.rel === 'canonical')?.href ??
+        DEFAULT_HOME_URL,
+      logoUrl: branding.logo ?? DEFAULT_LOGO_URL,
+      markUrl: branding.logo ?? DEFAULT_MARK_URL,
+      primaryColor: branding.colors?.primary ?? DEFAULT_PRIMARY_COLOR,
+      showBskyAppEmailConfirmationLink: email?.disableConfirmationLink !== true,
+    }
   }
   async sendResetPassword(
@@ -39,14 +55,22 @@ export class ServerMailer {
     })
   }
-  async sendConfirmEmail(params: { token: string }, mailOpts: SendMailOptions) {
+  async sendConfirmEmail(
+    params: { token: string; locale?: string },
+    mailOpts: SendMailOptions,
+  ) {
+    // @TODO (later) handle locale in the template
     await this.sendTemplate('confirmEmail', params, {
       subject: 'Email Confirmation',
       ...mailOpts,
     })
   }
-  async sendUpdateEmail(params: { token: string }, mailOpts: SendMailOptions) {
+  async sendUpdateEmail(
+    params: { token: string; locale?: string },
+    mailOpts: SendMailOptions,
+  ) {
+    // @TODO (later) handle locale in the template
     await this.sendTemplate('updateEmail', params, {
       subject: 'Email Update Requested',
       ...mailOpts,
@@ -67,14 +91,14 @@ export class ServerMailer {
   ) {
     const html = templates[templateName]({
       ...params,
-      config: ServerMailer.getEmailConfig(this.config),
+      config: this.config,
     } as any)
     const res = await this.transporter.sendMail({
       ...mailOpts,
-      from: mailOpts.from ?? this.config.email?.fromAddress,
+      from: mailOpts.from ?? this.email?.fromAddress,
       html,
     })
-    if (!this.config.email?.smtpUrl) {
+    if (!this.email?.smtpUrl) {
       mailerLogger.debug(
         'No SMTP URL has been configured. Intended to send email:\n' +
           JSON.stringify(res, null, 2),

package/src/mailer/templates/confirm-email.hbs CHANGED Viewed

@@ -4,14 +4,12 @@
     <meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
     <meta name="x-apple-disable-message-reformatting" />
     <title>Confirm your email</title>
-    <meta
-      name="description"
-      content="To confirm your email, enter the code provided in the app."
-    />
+    <meta name="description" content="{{token}} is your verification code." />
   </head>
   <div
     style="display:none;overflow:hidden;line-height:1px;opacity:0;max-height:0;max-width:0"
-  >To confirm your email, enter the code provided in the app.<div
+  >{{token}}
+    is your verification code.<div
     > ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏</div>
   </div>
@@ -42,8 +40,8 @@
               <tbody>
                 <tr>
                   <td><img
-                      alt="Bluesky"
-                      src="https://bsky.social/about/images/email/email_logo_default.png"
+                      alt="{{config.serviceName}}"
+                      src="{{config.logoUrl}}"
                       style="display:block;outline:none;border:none;text-decoration:none;width:110px;margin:0 auto"
                     /></td>
                 </tr>
@@ -67,12 +65,15 @@
                     <p
                       style="font-size:16px;line-height:1.4;margin:0px 0px;letter-spacing:0.25px;color:hsl(211, 24%, 34.2%);font-family:-apple-system, BlinkMacSystemFont, &#x27;Roboto&#x27;, &#x27;Oxygen&#x27;, &#x27;Ubuntu&#x27;, &#x27;Cantarell&#x27;, &#x27;Fira Sans&#x27;, &#x27;Droid Sans&#x27;, &#x27;Helvetica Neue&#x27;, sans-serif;padding-top:12px;padding-bottom:12px;padding-right:32px"
                     >To confirm this email for your account, please enter the
-                      code below in the app or<!-- -->
-                      <a
-                        href="https://bsky.app/intent/verify-email?code={{token}}"
-                        style="color:#067df7;text-decoration:none;text-decoration-line:underline;font-size:16px;letter-spacing:0.25px"
-                        target="_blank"
-                      >click here.</a></p><code
+                      code below in the app{{#if
+                        config.showBskyAppEmailConfirmationLink
+                      }}
+                        or<!-- -->
+                        <a
+                          href="https://bsky.app/intent/verify-email?code={{token}}"
+                          style="color:{{config.primaryColor}};text-decoration:none;text-decoration-line:underline;font-size:16px;letter-spacing:0.25px"
+                          target="_blank"
+                        >click here</a>{{/if}}.</p><code
                       style="display:block;padding:16px;border-radius:8px;border-width:1px;border-style:solid;background-color:hsl(211, 20%, 95.3%);border-color:hsl(211, 20%, 85.89999999999999%);font-size:14px;letter-spacing:0.25px;font-family:monospace;text-transform:uppercase"
                     >{{token}}</code>
                     <p
@@ -109,17 +110,17 @@
                                     <p
                                       style="font-size:14px;line-height:1.4;margin:0px 0px;color:hsl(211, 20%, 53%);font-family:-apple-system, BlinkMacSystemFont, &#x27;Roboto&#x27;, &#x27;Oxygen&#x27;, &#x27;Ubuntu&#x27;, &#x27;Cantarell&#x27;, &#x27;Fira Sans&#x27;, &#x27;Droid Sans&#x27;, &#x27;Helvetica Neue&#x27;, sans-serif;letter-spacing:0.25px"
                                     ><a
-                                        href="https://bsky.app"
+                                        href="{{config.homeUrl}}"
                                         style="color:hsl(211, 20%, 53%);text-decoration:none;text-decoration-line:underline;font-family:-apple-system, BlinkMacSystemFont, &#x27;Roboto&#x27;, &#x27;Oxygen&#x27;, &#x27;Ubuntu&#x27;, &#x27;Cantarell&#x27;, &#x27;Fira Sans&#x27;, &#x27;Droid Sans&#x27;, &#x27;Helvetica Neue&#x27;, sans-serif;margin:0px 0px;line-height:1.0;font-size:14px;letter-spacing:0.25px"
                                         target="_blank"
-                                      >Bluesky</a>, the social internet</p>
+                                      >{{config.serviceName}}</a></p>
                                   </td>
                                   <td
                                     data-id="__react-email-column"
                                     style="width:24px"
                                   ><img
-                                      alt="🦋"
-                                      src="https://bsky.social/about/images/email/email_mark_dark.png"
+                                      alt="{{config.serviceName}}"
+                                      src="{{config.markUrl}}"
                                       style="display:block;outline:none;border:none;text-decoration:none;width:24px"
                                     /></td>
                                 </tr>

package/src/mailer/templates/delete-account.hbs CHANGED Viewed

@@ -43,8 +43,8 @@
               <tbody>
                 <tr>
                   <td><img
-                      alt="Bluesky"
-                      src="https://bsky.social/about/images/email/email_logo_default.png"
+                      alt="{{config.serviceName}}"
+                      src="{{config.logoUrl}}"
                       style="display:block;outline:none;border:none;text-decoration:none;width:110px;margin:0 auto"
                     /></td>
                 </tr>
@@ -108,17 +108,17 @@
                                     <p
                                       style="font-size:14px;line-height:1.4;margin:0px 0px;color:hsl(211, 20%, 53%);font-family:-apple-system, BlinkMacSystemFont, &#x27;Roboto&#x27;, &#x27;Oxygen&#x27;, &#x27;Ubuntu&#x27;, &#x27;Cantarell&#x27;, &#x27;Fira Sans&#x27;, &#x27;Droid Sans&#x27;, &#x27;Helvetica Neue&#x27;, sans-serif;letter-spacing:0.25px"
                                     ><a
-                                        href="https://bsky.app"
+                                        href="{{config.homeUrl}}"
                                         style="color:hsl(211, 20%, 53%);text-decoration:none;text-decoration-line:underline;font-family:-apple-system, BlinkMacSystemFont, &#x27;Roboto&#x27;, &#x27;Oxygen&#x27;, &#x27;Ubuntu&#x27;, &#x27;Cantarell&#x27;, &#x27;Fira Sans&#x27;, &#x27;Droid Sans&#x27;, &#x27;Helvetica Neue&#x27;, sans-serif;margin:0px 0px;line-height:1.0;font-size:14px;letter-spacing:0.25px"
                                         target="_blank"
-                                      >Bluesky</a>, the social internet</p>
+                                      >{{config.serviceName}}</a></p>
                                   </td>
                                   <td
                                     data-id="__react-email-column"
                                     style="width:24px"
                                   ><img
-                                      alt="🦋"
-                                      src="https://bsky.social/about/images/email/email_mark_dark.png"
+                                      alt="{{config.serviceName}}"
+                                      src="{{config.markUrl}}"
                                       style="display:block;outline:none;border:none;text-decoration:none;width:24px"
                                     /></td>
                                 </tr>

package/src/mailer/templates/plc-operation.hbs CHANGED Viewed

@@ -42,8 +42,8 @@
               <tbody>
                 <tr>
                   <td><img
-                      alt="Bluesky"
-                      src="https://bsky.social/about/images/email/email_logo_default.png"
+                      alt="{{config.serviceName}}"
+                      src="{{config.logoUrl}}"
                       style="display:block;outline:none;border:none;text-decoration:none;width:110px;margin:0 auto"
                     /></td>
                 </tr>
@@ -105,17 +105,17 @@
                                     <p
                                       style="font-size:14px;line-height:1.4;margin:0px 0px;color:hsl(211, 20%, 53%);font-family:-apple-system, BlinkMacSystemFont, &#x27;Roboto&#x27;, &#x27;Oxygen&#x27;, &#x27;Ubuntu&#x27;, &#x27;Cantarell&#x27;, &#x27;Fira Sans&#x27;, &#x27;Droid Sans&#x27;, &#x27;Helvetica Neue&#x27;, sans-serif;letter-spacing:0.25px"
                                     ><a
-                                        href="https://bsky.app"
+                                        href="{{config.homeUrl}}"
                                         style="color:hsl(211, 20%, 53%);text-decoration:none;text-decoration-line:underline;font-family:-apple-system, BlinkMacSystemFont, &#x27;Roboto&#x27;, &#x27;Oxygen&#x27;, &#x27;Ubuntu&#x27;, &#x27;Cantarell&#x27;, &#x27;Fira Sans&#x27;, &#x27;Droid Sans&#x27;, &#x27;Helvetica Neue&#x27;, sans-serif;margin:0px 0px;line-height:1.0;font-size:14px;letter-spacing:0.25px"
                                         target="_blank"
-                                      >Bluesky</a>, the social internet</p>
+                                      >{{config.serviceName}}</a></p>
                                   </td>
                                   <td
                                     data-id="__react-email-column"
                                     style="width:24px"
                                   ><img
-                                      alt="🦋"
-                                      src="https://bsky.social/about/images/email/email_mark_dark.png"
+                                      alt="{{config.serviceName}}"
+                                      src="{{config.markUrl}}"
                                       style="display:block;outline:none;border:none;text-decoration:none;width:24px"
                                     /></td>
                                 </tr>

package/src/mailer/templates/reset-password.hbs CHANGED Viewed

@@ -42,8 +42,8 @@
               <tbody>
                 <tr>
                   <td><img
-                      alt="Bluesky"
-                      src="https://bsky.social/about/images/email/email_logo_default.png"
+                      alt="{{config.serviceName}}"
+                      src="{{config.logoUrl}}"
                       style="display:block;outline:none;border:none;text-decoration:none;width:110px;margin:0 auto"
                     /></td>
                 </tr>
@@ -68,7 +68,7 @@
                       style="font-size:16px;line-height:1.4;margin:0px 0px;letter-spacing:0.25px;color:hsl(211, 24%, 34.2%);font-family:-apple-system, BlinkMacSystemFont, &#x27;Roboto&#x27;, &#x27;Oxygen&#x27;, &#x27;Ubuntu&#x27;, &#x27;Cantarell&#x27;, &#x27;Fira Sans&#x27;, &#x27;Droid Sans&#x27;, &#x27;Helvetica Neue&#x27;, sans-serif;padding-top:12px;padding-bottom:12px"
                     >We received a request to reset the password for the account<!-- -->
                       <span
-                        style="color:hsl(211, 99%, 53%)"
+                        style="color:{{config.primaryColor}}"
                       >@<!-- -->{{handle}}<!-- -->.</span></p><code
                       style="display:block;padding:16px;border-radius:8px;border-width:1px;border-style:solid;background-color:hsl(211, 20%, 95.3%);border-color:hsl(211, 20%, 85.89999999999999%);font-size:14px;letter-spacing:0.25px;font-family:monospace;text-transform:uppercase"
                     >{{token}}</code>
@@ -106,17 +106,17 @@
                                     <p
                                       style="font-size:14px;line-height:1.4;margin:0px 0px;color:hsl(211, 20%, 53%);font-family:-apple-system, BlinkMacSystemFont, &#x27;Roboto&#x27;, &#x27;Oxygen&#x27;, &#x27;Ubuntu&#x27;, &#x27;Cantarell&#x27;, &#x27;Fira Sans&#x27;, &#x27;Droid Sans&#x27;, &#x27;Helvetica Neue&#x27;, sans-serif;letter-spacing:0.25px"
                                     ><a
-                                        href="https://bsky.app"
+                                        href="{{config.homeUrl}}"
                                         style="color:hsl(211, 20%, 53%);text-decoration:none;text-decoration-line:underline;font-family:-apple-system, BlinkMacSystemFont, &#x27;Roboto&#x27;, &#x27;Oxygen&#x27;, &#x27;Ubuntu&#x27;, &#x27;Cantarell&#x27;, &#x27;Fira Sans&#x27;, &#x27;Droid Sans&#x27;, &#x27;Helvetica Neue&#x27;, sans-serif;margin:0px 0px;line-height:1.0;font-size:14px;letter-spacing:0.25px"
                                         target="_blank"
-                                      >Bluesky</a>, the social internet</p>
+                                      >{{config.serviceName}}</a></p>
                                   </td>
                                   <td
                                     data-id="__react-email-column"
                                     style="width:24px"
                                   ><img
-                                      alt="🦋"
-                                      src="https://bsky.social/about/images/email/email_mark_dark.png"
+                                      alt="{{config.serviceName}}"
+                                      src="{{config.markUrl}}"
                                       style="display:block;outline:none;border:none;text-decoration:none;width:24px"
                                     /></td>
                                 </tr>

package/src/mailer/templates/update-email.hbs CHANGED Viewed

@@ -43,8 +43,8 @@
               <tbody>
                 <tr>
                   <td><img
-                      alt="Bluesky"
-                      src="https://bsky.social/about/images/email/email_logo_default.png"
+                      alt="{{config.serviceName}}"
+                      src="{{config.logoUrl}}"
                       style="display:block;outline:none;border:none;text-decoration:none;width:110px;margin:0 auto"
                     /></td>
                 </tr>
@@ -105,17 +105,17 @@
                                     <p
                                       style="font-size:14px;line-height:1.4;margin:0px 0px;color:hsl(211, 20%, 53%);font-family:-apple-system, BlinkMacSystemFont, &#x27;Roboto&#x27;, &#x27;Oxygen&#x27;, &#x27;Ubuntu&#x27;, &#x27;Cantarell&#x27;, &#x27;Fira Sans&#x27;, &#x27;Droid Sans&#x27;, &#x27;Helvetica Neue&#x27;, sans-serif;letter-spacing:0.25px"
                                     ><a
-                                        href="https://bsky.app"
+                                        href="{{config.homeUrl}}"
                                         style="color:hsl(211, 20%, 53%);text-decoration:none;text-decoration-line:underline;font-family:-apple-system, BlinkMacSystemFont, &#x27;Roboto&#x27;, &#x27;Oxygen&#x27;, &#x27;Ubuntu&#x27;, &#x27;Cantarell&#x27;, &#x27;Fira Sans&#x27;, &#x27;Droid Sans&#x27;, &#x27;Helvetica Neue&#x27;, sans-serif;margin:0px 0px;line-height:1.0;font-size:14px;letter-spacing:0.25px"
                                         target="_blank"
-                                      >Bluesky</a>, the social internet</p>
+                                      >{{config.serviceName}}</a></p>
                                   </td>
                                   <td
                                     data-id="__react-email-column"
                                     style="width:24px"
                                   ><img
-                                      alt="🦋"
-                                      src="https://bsky.social/about/images/email/email_mark_dark.png"
+                                      alt="{{config.serviceName}}"
+                                      src="{{config.markUrl}}"
                                       style="display:block;outline:none;border:none;text-decoration:none;width:24px"
                                     /></td>
                                 </tr>

package/src/mailer/templates.ts CHANGED Viewed

@@ -3,3 +3,15 @@ export { default as deleteAccount } from './templates/delete-account.js'
 export { default as confirmEmail } from './templates/confirm-email.js'
 export { default as updateEmail } from './templates/update-email.js'
 export { default as plcOperation } from './templates/plc-operation.js'
+/**
+ * Common config variable that will be injected into all templates.
+ */
+export type Config = {
+  serviceName: string
+  homeUrl: string
+  logoUrl: string
+  markUrl: string
+  primaryColor: string
+  showBskyAppEmailConfirmationLink: boolean
+}

package/src/pipethrough.ts CHANGED Viewed

@@ -56,9 +56,23 @@ export const proxyHandler = (ctx: AppContext): CatchallHandler => {
         throw new InvalidRequestError('Bad token method', 'InvalidToken')
       }
-      const { url: origin, did: aud } = await parseProxyInfo(ctx, req, lxm)
-      const authResult = await performAuth({ req, res, params: { lxm, aud } })
+      const {
+        url: origin,
+        did,
+        serviceId,
+      } = await parseProxyInfo(ctx, req, lxm)
+      // Phase 1 of service auth updates: the scope check sees the combined
+      // did#serviceId form (so OAuth callers' rpc:?aud=did#service scopes
+      // match), while the outbound service-auth JWT keeps bare-DID aud
+      // regardless of session type.
+      const scopeAud = `${did}#${serviceId}`
+      const tokenAud = did
+      const authResult = await performAuth({
+        req,
+        res,
+        params: { lxm, aud: scopeAud },
+      })
       const { credentials } = excludeErrorResult(authResult)
@@ -80,7 +94,7 @@ export const proxyHandler = (ctx: AppContext): CatchallHandler => {
         'content-encoding': body && req.headers['content-encoding'],
         'content-length': body && req.headers['content-length'],
-        authorization: `Bearer ${await ctx.serviceAuthJwt(credentials.did, aud, lxm)}`,
+        authorization: `Bearer ${await ctx.serviceAuthJwt(credentials.did, tokenAud, lxm)}`,
       }
       const dispatchOptions: Dispatcher.RequestOptions = {
@@ -216,18 +230,25 @@ export function computeProxyTo(
   throw new InvalidRequestError(`No service configured for ${lxm}`)
 }
+// Bare-DID portion of `proxyTo`, suitable as a service-auth JWT audience
+// (Phase 1 of service auth updates).
+export function bareDidFromProxyTo(proxyTo: string): string {
+  const hashIndex = proxyTo.indexOf('#')
+  return hashIndex === -1 ? proxyTo : proxyTo.slice(0, hashIndex)
+}
 export async function parseProxyInfo(
   ctx: AppContext,
   req: Request,
   lxm: string,
-): Promise<{ url: string; did: string }> {
+): Promise<{ url: string; did: string; serviceId: string }> {
   // /!\ Hot path
   const proxyToHeader = req.header('atproto-proxy')
   if (proxyToHeader) return parseProxyHeader(ctx, proxyToHeader)
-  const { serviceInfo } = defaultService(ctx, lxm)
-  if (serviceInfo) return serviceInfo
+  const { serviceId, serviceInfo } = defaultService(ctx, lxm)
+  if (serviceInfo) return { ...serviceInfo, serviceId }
   throw new InvalidRequestError(`No service configured for ${lxm}`)
 }
@@ -236,7 +257,7 @@ export const parseProxyHeader = async (
   // Using subset of AppContext for testing purposes
   ctx: Pick<AppContext, 'cfg' | 'idResolver'>,
   proxyTo: string,
-): Promise<{ did: string; url: string }> => {
+): Promise<{ did: string; url: string; serviceId: string }> => {
   // /!\ Hot path
   const hashIndex = proxyTo.indexOf('#')
@@ -260,13 +281,14 @@ export const parseProxyHeader = async (
   }
   const did = proxyTo.slice(0, hashIndex)
+  const serviceId = proxyTo.slice(hashIndex + 1)
   // Special case a configured appview, while still proxying correctly any other appview
   if (
     ctx.cfg.bskyAppView &&
     proxyTo === `${ctx.cfg.bskyAppView.did}#bsky_appview`
   ) {
-    return { did, url: ctx.cfg.bskyAppView.url }
+    return { did, url: ctx.cfg.bskyAppView.url, serviceId }
   }
   const didDoc = await ctx.idResolver.did.resolve(did)
@@ -274,13 +296,12 @@ export const parseProxyHeader = async (
     throw new InvalidRequestError('could not resolve proxy did')
   }
-  const serviceId = proxyTo.slice(hashIndex)
-  const url = getServiceEndpoint(didDoc, { id: serviceId })
+  const url = getServiceEndpoint(didDoc, { id: `#${serviceId}` })
   if (!url) {
     throw new InvalidRequestError('could not resolve proxy did service url')
   }
-  return { did, url }
+  return { did, url, serviceId }
 }
 /**

package/tests/account-manager.test.ts CHANGED Viewed

@@ -108,12 +108,6 @@ describe('account manager', () => {
   })
   it('allows changing the password', async () => {
-    const sendResetPasswordMock = jest
-      .spyOn(network.pds.ctx.mailer, 'sendResetPassword')
-      .mockImplementation(async () => {
-        // noop
-      })
     await using page = await PageHelper.from(browser, { languages })
     await page.goto(new URL('/account', network.pds.url))
@@ -122,7 +116,11 @@ describe('account manager', () => {
     await page.clickOnText('Mot de passe', 'a')
-    expect(sendResetPasswordMock).toHaveBeenCalledTimes(0)
+    using sendResetPasswordMock = jest
+      .spyOn(network.pds.ctx.mailer, 'sendResetPassword')
+      .mockImplementation(async () => {
+        // noop
+      })
     await page.clickOnText('Envoyer le code')
@@ -145,7 +143,90 @@ describe('account manager', () => {
       'Réinitialisation du mot de passe réussie',
       'div',
     )
+  })
+  it('allows validating the email address', async () => {
+    await using page = await PageHelper.from(browser, { languages })
+    await page.goto(new URL('/account', network.pds.url))
+    await page.clickOnText('Vérifier maintenant', 'button')
+    using sendConfirmEmailMock = jest
+      .spyOn(network.pds.ctx.mailer, 'sendConfirmEmail')
+      .mockImplementation(async () => {
+        // noop
+      })
+    await page.clickOnText('Envoyer le code', 'button')
+    await page.waitForNetworkIdle()
+    expect(sendConfirmEmailMock).toHaveBeenCalledTimes(1)
+    const [params] = sendConfirmEmailMock.mock.lastCall!
+    expect(params).toEqual({
+      locale: 'fr',
+      token: expect.any(String),
+    })
+    await page.typeInInput('code', params.token)
+    await page.clickOnText('Soumettre')
+    await page.ensureTextVisibility('Adresse email vérifiée', 'div')
+  })
+  it('allows changing the email address', async () => {
+    await using page = await PageHelper.from(browser, { languages })
+    await page.goto(new URL('/account', network.pds.url))
+    await page.clickOnText('Email', 'a')
+    using sendUpdateEmailMock = jest
+      .spyOn(network.pds.ctx.mailer, 'sendUpdateEmail')
+      .mockImplementation(async () => {
+        // noop
+      })
+    using sendConfirmEmailMock = jest
+      .spyOn(network.pds.ctx.mailer, 'sendConfirmEmail')
+      .mockImplementation(async () => {
+        // noop
+      })
+    await page.clickOnText('Envoyer le code', 'button')
+    await page.waitForNetworkIdle()
+    expect(sendUpdateEmailMock).toHaveBeenCalledTimes(1)
+    const [updateParams] = sendUpdateEmailMock.mock.lastCall!
+    expect(updateParams).toEqual({
+      locale: 'fr',
+      token: expect.any(String),
+    })
+    await page.typeInInput('code', updateParams.token)
+    await page.typeInInput('email', 'bob-new-email@example.com')
+    await page.clickOnText('Soumettre')
+    await page.ensureTextVisibility(
+      "Modification de l'adresse email réussie",
+      'div',
+    )
+    expect(sendConfirmEmailMock).toHaveBeenCalledTimes(1)
+    const [confirmParams] = sendConfirmEmailMock.mock.lastCall!
+    expect(confirmParams).toEqual({
+      locale: 'fr',
+      token: expect.any(String),
+    })
+    await page.typeInInput('code', confirmParams.token)
+    await page.clickOnText('Soumettre')
-    sendResetPasswordMock.mockRestore()
+    await page.ensureTextVisibility('Adresse email vérifiée', 'div')
   })
 })

package/tests/app-passwords.test.ts CHANGED Viewed

@@ -115,7 +115,7 @@ describe('app_passwords', () => {
   it('restricts service auth token methods for non-privileged access tokens', async () => {
     const attemptCaseSensitive = appAgent.api.com.atproto.server.getServiceAuth(
       {
-        aud: 'did:example:test',
+        aud: network.pds.ctx.cfg.service.did,
         lxm: 'com.atproto.server.createAccount',
       },
     )
@@ -124,7 +124,7 @@ describe('app_passwords', () => {
     )
     const attemptCaseInsensitive =
       appAgent.api.com.atproto.server.getServiceAuth({
-        aud: 'did:example:test',
+        aud: network.pds.ctx.cfg.service.did,
         lxm: 'com.atproto.server.createaccount',
       })
     await expect(attemptCaseInsensitive).rejects.toThrow(
@@ -134,7 +134,7 @@ describe('app_passwords', () => {
   it('allows privileged service auth token scopes for privileged access tokens', async () => {
     await priviAgent.api.com.atproto.server.getServiceAuth({
-      aud: 'did:example:test',
+      aud: network.pds.ctx.cfg.service.did,
       lxm: 'com.atproto.server.createAccount',
     })
   })
@@ -165,7 +165,7 @@ describe('app_passwords', () => {
     // allows privileged app passwords or higher
     const priviAttempt = appAgent.api.com.atproto.server.getServiceAuth({
-      aud: 'did:example:test',
+      aud: network.pds.ctx.cfg.service.did,
       lxm: 'com.atproto.server.createAccount',
     })
     await expect(priviAttempt).rejects.toThrow(
@@ -211,7 +211,7 @@ describe('app_passwords', () => {
     // allows privileged app passwords or higher
     await priviAgent.api.com.atproto.server.getServiceAuth({
-      aud: 'did:example:test',
+      aud: network.pds.ctx.cfg.service.did,
     })
     // allows only full access auth