npm - @atproto/pds - Versions diffs - 0.4.28 → 0.4.30 - Mend

@atproto/pds 0.4.28 → 0.4.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (347) hide show

package/src/account-manager/helpers/account.ts CHANGED Viewed

@@ -9,6 +9,8 @@ export type ActorAccount = ActorEntry & {
   email: string | null
   emailConfirmedAt: string | null
   invitesDisabled: 0 | 1 | null
+  active: boolean
+  status?: AccountStatus
 }
 export type AvailabilityFlags = {
@@ -16,6 +18,14 @@ export type AvailabilityFlags = {
   includeDeactivated?: boolean
 }
+export enum AccountStatus {
+  Active = 'active',
+  Takendown = 'takendown',
+  Suspended = 'suspended',
+  Deleted = 'deleted',
+  Deactivated = 'deactivated',
+}
 const selectAccountQB = (db: AccountDb, flags?: AvailabilityFlags) => {
   const { includeTakenDown = false, includeDeactivated = false } = flags ?? {}
   const { ref } = db.db.dynamic
@@ -53,7 +63,7 @@ export const getAccount = async (
       }
     })
     .executeTakeFirst()
-  return found || null
+  return found ? { ...found, ...formatAccountStatus(found) } : null
 }
 export const getAccountByEmail = async (
@@ -64,7 +74,7 @@ export const getAccountByEmail = async (
   const found = await selectAccountQB(db, flags)
     .where('email', '=', email.toLowerCase())
     .executeTakeFirst()
-  return found || null
+  return found ? { ...found, ...formatAccountStatus(found) } : null
 }
 export const registerActor = async (
@@ -196,19 +206,21 @@ export const setEmailConfirmedAt = async (
   )
 }
-export const getAccountTakedownStatus = async (
+export const getAccountAdminStatus = async (
   db: AccountDb,
   did: string,
-): Promise<StatusAttr | null> => {
+): Promise<{ takedown: StatusAttr; deactivated: StatusAttr } | null> => {
   const res = await db.db
     .selectFrom('actor')
-    .select('takedownRef')
+    .select(['takedownRef', 'deactivatedAt'])
     .where('did', '=', did)
     .executeTakeFirst()
   if (!res) return null
-  return res.takedownRef
+  const takedown = res.takedownRef
     ? { applied: true, ref: res.takedownRef }
     : { applied: false }
+  const deactivated = res.deactivatedAt ? { applied: true } : { applied: false }
+  return { takedown, deactivated }
 }
 export const updateAccountTakedownStatus = async (
@@ -251,3 +263,23 @@ export const activateAccount = async (db: AccountDb, did: string) => {
       .where('did', '=', did),
   )
 }
+export const formatAccountStatus = (account: {
+  takedownRef: string | null
+  deactivatedAt: string | null
+}): {
+  active: boolean
+  status?: AccountStatus
+} => {
+  let status: AccountStatus | undefined = undefined
+  if (account.takedownRef) {
+    status = AccountStatus.Takendown
+  } else if (account.deactivatedAt) {
+    status = AccountStatus.Deactivated
+  }
+  const active = !status
+  return {
+    active,
+    status,
+  }
+}

package/src/account-manager/index.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import { CID } from 'multiformats/cid'
 import { AccountDb, EmailTokenPurpose, getDb, getMigrator } from './db'
 import * as scrypt from './helpers/scrypt'
 import * as account from './helpers/account'
+import { AccountStatus } from './helpers/account'
 import { ActorAccount } from './helpers/account'
 import * as repo from './helpers/repo'
 import * as auth from './helpers/auth'
@@ -13,6 +14,8 @@ import * as emailToken from './helpers/email-token'
 import { AuthScope } from '../auth-verifier'
 import { StatusAttr } from '../lexicon/types/com/atproto/admin/defs'
+export { AccountStatus } from './helpers/account'
 export class AccountManager {
   db: AccountDb
@@ -51,12 +54,6 @@ export class AccountManager {
     return account.getAccountByEmail(this.db, email, flags)
   }
-  // Repo exists and is not taken-down
-  async isRepoAvailable(did: string) {
-    const got = await this.getAccount(did)
-    return !!got
-  }
   async isAccountActivated(did: string): Promise<boolean> {
     const account = await this.getAccount(did, { includeDeactivated: true })
     if (!account) return false
@@ -71,6 +68,22 @@ export class AccountManager {
     return got?.did ?? null
   }
+  async getAccountStatus(handleOrDid: string): Promise<AccountStatus> {
+    const got = await this.getAccount(handleOrDid, {
+      includeDeactivated: true,
+      includeTakenDown: true,
+    })
+    if (!got) {
+      return AccountStatus.Deleted
+    } else if (got.takedownRef) {
+      return AccountStatus.Takendown
+    } else if (got.deactivatedAt) {
+      return AccountStatus.Deactivated
+    } else {
+      return AccountStatus.Active
+    }
+  }
   async createAccount(opts: {
     did: string
     handle: string
@@ -143,8 +156,8 @@ export class AccountManager {
     )
   }
-  async getAccountTakedownStatus(did: string) {
-    return account.getAccountTakedownStatus(this.db, did)
+  async getAccountAdminStatus(did: string) {
+    return account.getAccountAdminStatus(this.db, did)
   }
   async updateRepoRoot(did: string, cid: CID, rev: string) {

package/src/api/app/bsky/actor/getPreferences.ts CHANGED Viewed

@@ -5,7 +5,7 @@ import { AuthScope } from '../../../../auth-verifier'
 export default function (server: Server, ctx: AppContext) {
   if (!ctx.cfg.bskyAppView) return
   server.app.bsky.actor.getPreferences({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ auth }) => {
       const requester = auth.credentials.did
       let preferences = await ctx.actorStore.read(requester, (store) =>

package/src/api/app/bsky/actor/getProfile.ts CHANGED Viewed

@@ -14,7 +14,7 @@ export default function (server: Server, ctx: AppContext) {
   const { bskyAppView } = ctx.cfg
   if (!bskyAppView) return
   server.app.bsky.actor.getProfile({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ req, auth }) => {
       const requester = auth.credentials.did
       const res = await pipethrough(ctx, req, requester)

package/src/api/app/bsky/actor/getProfiles.ts CHANGED Viewed

@@ -14,7 +14,7 @@ export default function (server: Server, ctx: AppContext) {
   const { bskyAppView } = ctx.cfg
   if (!bskyAppView) return
   server.app.bsky.actor.getProfiles({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ req, auth }) => {
       const requester = auth.credentials.did

package/src/api/app/bsky/actor/putPreferences.ts CHANGED Viewed

@@ -6,7 +6,7 @@ import { AccountPreference } from '../../../../actor-store/preference/reader'
 export default function (server: Server, ctx: AppContext) {
   if (!ctx.cfg.bskyAppView) return
   server.app.bsky.actor.putPreferences({
-    auth: ctx.authVerifier.accessCheckTakedown,
+    auth: ctx.authVerifier.accessStandard({ checkTakedown: true }),
     handler: async ({ auth, input }) => {
       const { preferences } = input.body
       const requester = auth.credentials.did

package/src/api/app/bsky/feed/getActorLikes.ts CHANGED Viewed

@@ -14,7 +14,7 @@ export default function (server: Server, ctx: AppContext) {
   const { bskyAppView } = ctx.cfg
   if (!bskyAppView) return
   server.app.bsky.feed.getActorLikes({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ req, auth }) => {
       const requester = auth.credentials.did
       const res = await pipethrough(ctx, req, requester)

package/src/api/app/bsky/feed/getAuthorFeed.ts CHANGED Viewed

@@ -15,7 +15,7 @@ export default function (server: Server, ctx: AppContext) {
   const { bskyAppView } = ctx.cfg
   if (!bskyAppView) return
   server.app.bsky.feed.getAuthorFeed({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ req, auth }) => {
       const requester = auth.credentials.did
       const res = await pipethrough(ctx, req, requester)

package/src/api/app/bsky/feed/getFeed.ts CHANGED Viewed

@@ -7,7 +7,7 @@ export default function (server: Server, ctx: AppContext) {
   const { bskyAppView } = ctx.cfg
   if (!appViewAgent || !bskyAppView) return
   server.app.bsky.feed.getFeed({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ params, auth, req }) => {
       const requester = auth.credentials.did

package/src/api/app/bsky/feed/getPostThread.ts CHANGED Viewed

@@ -29,7 +29,7 @@ export default function (server: Server, ctx: AppContext) {
   const { bskyAppView } = ctx.cfg
   if (!bskyAppView) return
   server.app.bsky.feed.getPostThread({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ req, auth, params }) => {
       const requester = auth.credentials.did

package/src/api/app/bsky/feed/getTimeline.ts CHANGED Viewed

@@ -14,7 +14,7 @@ export default function (server: Server, ctx: AppContext) {
   const { bskyAppView } = ctx.cfg
   if (!bskyAppView) return
   server.app.bsky.feed.getTimeline({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ req, auth }) => {
       const requester = auth.credentials.did
       const res = await pipethrough(ctx, req, requester)

package/src/api/app/bsky/notification/registerPush.ts CHANGED Viewed

@@ -4,12 +4,15 @@ import { getNotif } from '@atproto/identity'
 import { InvalidRequestError } from '@atproto/xrpc-server'
 import { AtpAgent } from '@atproto/api'
 import { getDidDoc } from '../util/resolver'
+import { AuthScope } from '../../../../auth-verifier'
 export default function (server: Server, ctx: AppContext) {
   const { appViewAgent } = ctx
   if (!appViewAgent) return
   server.app.bsky.notification.registerPush({
-    auth: ctx.authVerifier.accessDeactived,
+    auth: ctx.authVerifier.accessStandard({
+      additional: [AuthScope.SignupQueued],
+    }),
     handler: async ({ auth, input }) => {
       const { serviceDid } = input.body
       const {

package/src/api/chat/index.ts CHANGED Viewed

@@ -4,85 +4,85 @@ import { pipethrough, pipethroughProcedure } from '../../pipethrough'
 export default function (server: Server, ctx: AppContext) {
   server.chat.bsky.actor.deleteAccount({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: async ({ req, auth }) => {
       return pipethroughProcedure(ctx, req, auth.credentials.did)
     },
   })
   server.chat.bsky.actor.exportAccountData({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth }) => {
       return pipethrough(ctx, req, auth.credentials.did)
     },
   })
   server.chat.bsky.convo.deleteMessageForSelf({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth, input }) => {
       return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
     },
   })
   server.chat.bsky.convo.getConvo({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth }) => {
       return pipethrough(ctx, req, auth.credentials.did)
     },
   })
   server.chat.bsky.convo.getConvoForMembers({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth }) => {
       return pipethrough(ctx, req, auth.credentials.did)
     },
   })
   server.chat.bsky.convo.getLog({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth }) => {
       return pipethrough(ctx, req, auth.credentials.did)
     },
   })
   server.chat.bsky.convo.getMessages({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth }) => {
       return pipethrough(ctx, req, auth.credentials.did)
     },
   })
   server.chat.bsky.convo.leaveConvo({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth, input }) => {
       return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
     },
   })
   server.chat.bsky.convo.listConvos({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth }) => {
       return pipethrough(ctx, req, auth.credentials.did)
     },
   })
   server.chat.bsky.convo.muteConvo({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth, input }) => {
       return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
     },
   })
   server.chat.bsky.convo.sendMessage({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth, input }) => {
       return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
     },
   })
   server.chat.bsky.convo.sendMessageBatch({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth, input }) => {
       return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
     },
   })
   server.chat.bsky.convo.unmuteConvo({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth, input }) => {
       return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
     },
   })
   server.chat.bsky.convo.updateRead({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth, input }) => {
       return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
     },

package/src/api/com/atproto/admin/deleteAccount.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { Server } from '../../../../lexicon'
 import AppContext from '../../../../context'
+import { AccountStatus } from '../../../../account-manager'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.admin.deleteAccount({
@@ -8,8 +9,12 @@ export default function (server: Server, ctx: AppContext) {
       const { did } = input.body
       await ctx.actorStore.destroy(did)
       await ctx.accountManager.deleteAccount(did)
-      await ctx.sequencer.sequenceTombstone(did)
-      await ctx.sequencer.deleteAllForUser(did)
+      const tombstoneSeq = await ctx.sequencer.sequenceTombstone(did)
+      const accountSeq = await ctx.sequencer.sequenceAccountEvt(
+        did,
+        AccountStatus.Deleted,
+      )
+      await ctx.sequencer.deleteAllForUser(did, [accountSeq, tombstoneSeq])
     },
   })
 }

package/src/api/com/atproto/admin/getAccountInfo.ts CHANGED Viewed

@@ -32,6 +32,7 @@ export default function (server: Server, ctx: AppContext) {
           invitesDisabled: managesOwnInvites
             ? account.invitesDisabled === 1
             : undefined,
+          deactivatedAt: account.deactivatedAt ?? undefined,
         },
       }
     },

package/src/api/com/atproto/admin/getSubjectStatus.ts CHANGED Viewed

@@ -51,14 +51,15 @@ export default function (server: Server, ctx: AppContext) {
           }
         }
       } else if (did) {
-        const takedown = await ctx.accountManager.getAccountTakedownStatus(did)
-        if (takedown) {
+        const status = await ctx.accountManager.getAccountAdminStatus(did)
+        if (status) {
           body = {
             subject: {
               $type: 'com.atproto.admin.defs#repoRef',
               did: did,
             },
-            takedown,
+            takedown: status.takedown,
+            deactivated: status.deactivated,
           }
         }
       } else {

package/src/api/com/atproto/admin/updateAccountHandle.ts CHANGED Viewed

@@ -45,7 +45,7 @@ export default function (server: Server, ctx: AppContext) {
       try {
         await ctx.sequencer.sequenceHandleUpdate(did, handle)
-        await ctx.sequencer.sequenceIdentityEvt(did)
+        await ctx.sequencer.sequenceIdentityEvt(did, handle)
       } catch (err) {
         httpLogger.error(
           { err, did, handle },

package/src/api/com/atproto/admin/updateSubjectStatus.ts CHANGED Viewed

@@ -17,6 +17,8 @@ export default function (server: Server, ctx: AppContext) {
       if (takedown) {
         if (isRepoRef(subject)) {
           await ctx.accountManager.takedownAccount(subject.did, takedown)
+          const status = await ctx.accountManager.getAccountStatus(subject.did)
+          await ctx.sequencer.sequenceAccountEvt(subject.did, status)
         } else if (isStrongRef(subject)) {
           const uri = new AtUri(subject.uri)
           await ctx.actorStore.transact(uri.hostname, (store) =>

package/src/api/com/atproto/identity/getRecommendedDidCredentials.ts CHANGED Viewed

@@ -3,7 +3,7 @@ import AppContext from '../../../../context'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.identity.getRecommendedDidCredentials({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ auth }) => {
       const requester = auth.credentials.did
       const signingKey = await ctx.actorStore.keypair(requester)

package/src/api/com/atproto/identity/requestPlcOperationSignature.ts CHANGED Viewed

@@ -5,7 +5,7 @@ import { authPassthru } from '../../../proxy'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.identity.requestPlcOperationSignature({
-    auth: ctx.authVerifier.accessFull,
+    auth: ctx.authVerifier.accessFull(),
     handler: async ({ auth, req }) => {
       if (ctx.entrywayAgent) {
         await ctx.entrywayAgent.com.atproto.identity.requestPlcOperationSignature(

package/src/api/com/atproto/identity/signPlcOperation.ts CHANGED Viewed

@@ -7,7 +7,7 @@ import { authPassthru, resultPassthru } from '../../../proxy'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.identity.signPlcOperation({
-    auth: ctx.authVerifier.accessFull,
+    auth: ctx.authVerifier.accessFull(),
     handler: async ({ auth, input, req }) => {
       if (ctx.entrywayAgent) {
         return resultPassthru(

package/src/api/com/atproto/identity/submitPlcOperation.ts CHANGED Viewed

@@ -7,7 +7,7 @@ import { httpLogger as log } from '../../../../logger'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.identity.submitPlcOperation({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ auth, input }) => {
       const requester = auth.credentials.did
       const op = input.body.operation
@@ -47,6 +47,7 @@ export default function (server: Server, ctx: AppContext) {
       await ctx.plcClient.sendOperation(requester, op)
       await ctx.sequencer.sequenceIdentityEvt(requester)
       try {
         await ctx.idResolver.did.resolve(requester, true)
       } catch (err) {

package/src/api/com/atproto/identity/updateHandle.ts CHANGED Viewed

@@ -8,7 +8,7 @@ import { authPassthru } from '../../../proxy'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.identity.updateHandle({
-    auth: ctx.authVerifier.accessCheckTakedown,
+    auth: ctx.authVerifier.accessStandard({ checkTakedown: true }),
     rateLimit: [
       {
         durationMs: 5 * MINUTE,
@@ -57,7 +57,7 @@ export default function (server: Server, ctx: AppContext) {
       try {
         await ctx.sequencer.sequenceHandleUpdate(requester, handle)
-        await ctx.sequencer.sequenceIdentityEvt(requester)
+        await ctx.sequencer.sequenceIdentityEvt(requester, handle)
       } catch (err) {
         httpLogger.error(
           { err, did: requester, handle },

package/src/api/com/atproto/repo/applyWrites.ts CHANGED Viewed

@@ -31,7 +31,10 @@ const ratelimitPoints = ({ input }: { input: HandlerInput }) => {
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.applyWrites({
-    auth: ctx.authVerifier.accessCheckTakedown,
+    auth: ctx.authVerifier.accessStandard({
+      checkTakedown: true,
+      checkDeactivated: true,
+    }),
     rateLimit: [
       {
         name: 'repo-write-hour',

package/src/api/com/atproto/repo/createRecord.ts CHANGED Viewed

@@ -12,7 +12,10 @@ import AppContext from '../../../../context'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.createRecord({
-    auth: ctx.authVerifier.accessCheckTakedown,
+    auth: ctx.authVerifier.accessStandard({
+      checkTakedown: true,
+      checkDeactivated: true,
+    }),
     rateLimit: [
       {
         name: 'repo-write-hour',

package/src/api/com/atproto/repo/deleteRecord.ts CHANGED Viewed

@@ -7,7 +7,10 @@ import { CID } from 'multiformats/cid'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.deleteRecord({
-    auth: ctx.authVerifier.accessCheckTakedown,
+    auth: ctx.authVerifier.accessStandard({
+      checkTakedown: true,
+      checkDeactivated: true,
+    }),
     rateLimit: [
       {
         name: 'repo-write-hour',

package/src/api/com/atproto/repo/describeRepo.ts CHANGED Viewed

@@ -3,15 +3,13 @@ import * as id from '@atproto/identity'
 import { Server } from '../../../../lexicon'
 import AppContext from '../../../../context'
 import { INVALID_HANDLE } from '@atproto/syntax'
+import { assertRepoAvailability } from '../sync/util'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.describeRepo(async ({ params }) => {
     const { repo } = params
-    const account = await ctx.accountManager.getAccount(repo)
-    if (account === null) {
-      throw new InvalidRequestError(`Could not find user: ${repo}`)
-    }
+    const account = await assertRepoAvailability(ctx, repo, false)
     let didDoc
     try {

package/src/api/com/atproto/repo/importRepo.ts CHANGED Viewed

@@ -17,7 +17,9 @@ import { BlobRef, LexValue, RepoRecord } from '@atproto/lexicon'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.importRepo({
-    auth: ctx.authVerifier.accessFull,
+    auth: ctx.authVerifier.accessFull({
+      checkTakedown: true,
+    }),
     handler: async ({ input, auth }) => {
       const did = auth.credentials.did
       if (!ctx.cfg.service.acceptingImports) {

package/src/api/com/atproto/repo/listMissingBlobs.ts CHANGED Viewed

@@ -3,7 +3,7 @@ import AppContext from '../../../../context'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.listMissingBlobs({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ auth, params }) => {
       const did = auth.credentials.did
       const { limit, cursor } = params

package/src/api/com/atproto/repo/putRecord.ts CHANGED Viewed

@@ -19,7 +19,10 @@ import { ActorStoreTransactor } from '../../../../actor-store'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.putRecord({
-    auth: ctx.authVerifier.accessCheckTakedown,
+    auth: ctx.authVerifier.accessStandard({
+      checkTakedown: true,
+      checkDeactivated: true,
+    }),
     rateLimit: [
       {
         name: 'repo-write-hour',

package/src/api/com/atproto/repo/uploadBlob.ts CHANGED Viewed

@@ -6,7 +6,9 @@ import { BlobMetadata } from '../../../../actor-store/blob/transactor'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.uploadBlob({
-    auth: ctx.authVerifier.accessCheckTakedown,
+    auth: ctx.authVerifier.accessStandard({
+      checkTakedown: true,
+    }),
     rateLimit: {
       durationMs: DAY,
       points: 1000,

package/src/api/com/atproto/server/activateAccount.ts CHANGED Viewed

@@ -7,7 +7,7 @@ import { assertValidDidDocumentForService } from './util'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.activateAccount({
-    auth: ctx.authVerifier.accessFull,
+    auth: ctx.authVerifier.accessFull(),
     handler: async ({ auth }) => {
       const requester = auth.credentials.did
@@ -36,7 +36,8 @@ export default function (server: Server, ctx: AppContext) {
       })
       // @NOTE: we're over-emitting for now for backwards compatibility, can reduce this in the future
-      await ctx.sequencer.sequenceIdentityEvt(requester)
+      const status = await ctx.accountManager.getAccountStatus(requester)
+      await ctx.sequencer.sequenceAccountEvt(requester, status)
       await ctx.sequencer.sequenceHandleUpdate(
         requester,
         account.handle ?? INVALID_HANDLE,

package/src/api/com/atproto/server/checkAccountStatus.ts CHANGED Viewed

@@ -4,7 +4,7 @@ import { isValidDidDocForService } from './util'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.checkAccountStatus({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ auth }) => {
       const requester = auth.credentials.did
       const [

package/src/api/com/atproto/server/confirmEmail.ts CHANGED Viewed

@@ -5,7 +5,7 @@ import { authPassthru } from '../../../proxy'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.confirmEmail({
-    auth: ctx.authVerifier.accessCheckTakedown,
+    auth: ctx.authVerifier.accessStandard({ checkTakedown: true }),
     handler: async ({ auth, input, req }) => {
       const did = auth.credentials.did