npm - @atproto/pds - Versions diffs - 0.4.28 → 0.4.30 - Mend

@atproto/pds 0.4.28 → 0.4.30

Files changed (347) hide show

package/src/account-manager/helpers/account.ts CHANGED Viewed

@@ -9,6 +9,8 @@ export type ActorAccount = ActorEntry & {
   email: string | null
   emailConfirmedAt: string | null
   invitesDisabled: 0 | 1 | null
+  active: boolean
+  status?: AccountStatus
 }
 export type AvailabilityFlags = {
@@ -16,6 +18,14 @@ export type AvailabilityFlags = {
   includeDeactivated?: boolean
 }
+export enum AccountStatus {
+  Active = 'active',
+  Takendown = 'takendown',
+  Suspended = 'suspended',
+  Deleted = 'deleted',
+  Deactivated = 'deactivated',
+}
 const selectAccountQB = (db: AccountDb, flags?: AvailabilityFlags) => {
   const { includeTakenDown = false, includeDeactivated = false } = flags ?? {}
   const { ref } = db.db.dynamic
@@ -53,7 +63,7 @@ export const getAccount = async (
       }
     })
     .executeTakeFirst()
-  return found || null
+  return found ? { ...found, ...formatAccountStatus(found) } : null
 }
 export const getAccountByEmail = async (
@@ -64,7 +74,7 @@ export const getAccountByEmail = async (
   const found = await selectAccountQB(db, flags)
     .where('email', '=', email.toLowerCase())
     .executeTakeFirst()
-  return found || null
+  return found ? { ...found, ...formatAccountStatus(found) } : null
 }
 export const registerActor = async (
@@ -196,19 +206,21 @@ export const setEmailConfirmedAt = async (
   )
 }
-export const getAccountTakedownStatus = async (
+export const getAccountAdminStatus = async (
   db: AccountDb,
   did: string,
-): Promise<StatusAttr | null> => {
+): Promise<{ takedown: StatusAttr; deactivated: StatusAttr } | null> => {
   const res = await db.db
     .selectFrom('actor')
-    .select('takedownRef')
+    .select(['takedownRef', 'deactivatedAt'])
     .where('did', '=', did)
     .executeTakeFirst()
   if (!res) return null
-  return res.takedownRef
+  const takedown = res.takedownRef
     ? { applied: true, ref: res.takedownRef }
     : { applied: false }
+  const deactivated = res.deactivatedAt ? { applied: true } : { applied: false }
+  return { takedown, deactivated }
 }
 export const updateAccountTakedownStatus = async (
@@ -251,3 +263,23 @@ export const activateAccount = async (db: AccountDb, did: string) => {
       .where('did', '=', did),
   )
 }
+export const formatAccountStatus = (account: {
+  takedownRef: string | null
+  deactivatedAt: string | null
+}): {
+  active: boolean
+  status?: AccountStatus
+} => {
+  let status: AccountStatus | undefined = undefined
+  if (account.takedownRef) {
+    status = AccountStatus.Takendown
+  } else if (account.deactivatedAt) {
+    status = AccountStatus.Deactivated
+  }
+  const active = !status
+  return {
+    active,
+    status,
+  }
+}

package/src/account-manager/index.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import { CID } from 'multiformats/cid'
 import { AccountDb, EmailTokenPurpose, getDb, getMigrator } from './db'
 import * as scrypt from './helpers/scrypt'
 import * as account from './helpers/account'
+import { AccountStatus } from './helpers/account'
 import { ActorAccount } from './helpers/account'
 import * as repo from './helpers/repo'
 import * as auth from './helpers/auth'
@@ -13,6 +14,8 @@ import * as emailToken from './helpers/email-token'
 import { AuthScope } from '../auth-verifier'
 import { StatusAttr } from '../lexicon/types/com/atproto/admin/defs'
+export { AccountStatus } from './helpers/account'
 export class AccountManager {
   db: AccountDb
@@ -51,12 +54,6 @@ export class AccountManager {
     return account.getAccountByEmail(this.db, email, flags)
   }
-  // Repo exists and is not taken-down
-  async isRepoAvailable(did: string) {
-    const got = await this.getAccount(did)
-    return !!got
-  }
   async isAccountActivated(did: string): Promise<boolean> {
     const account = await this.getAccount(did, { includeDeactivated: true })
     if (!account) return false
@@ -71,6 +68,22 @@ export class AccountManager {
     return got?.did ?? null
   }
+  async getAccountStatus(handleOrDid: string): Promise<AccountStatus> {
+    const got = await this.getAccount(handleOrDid, {
+      includeDeactivated: true,
+      includeTakenDown: true,
+    })
+    if (!got) {
+      return AccountStatus.Deleted
+    } else if (got.takedownRef) {
+      return AccountStatus.Takendown
+    } else if (got.deactivatedAt) {
+      return AccountStatus.Deactivated
+    } else {
+      return AccountStatus.Active
+    }
+  }
   async createAccount(opts: {
     did: string
     handle: string
@@ -143,8 +156,8 @@ export class AccountManager {
     )
   }
-  async getAccountTakedownStatus(did: string) {
-    return account.getAccountTakedownStatus(this.db, did)
+  async getAccountAdminStatus(did: string) {
+    return account.getAccountAdminStatus(this.db, did)
   }
   async updateRepoRoot(did: string, cid: CID, rev: string) {

package/src/api/app/bsky/actor/getPreferences.ts CHANGED Viewed

@@ -5,7 +5,7 @@ import { AuthScope } from '../../../../auth-verifier'
 export default function (server: Server, ctx: AppContext) {
   if (!ctx.cfg.bskyAppView) return
   server.app.bsky.actor.getPreferences({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ auth }) => {
       const requester = auth.credentials.did
       let preferences = await ctx.actorStore.read(requester, (store) =>

package/src/api/app/bsky/actor/getProfile.ts CHANGED Viewed

@@ -14,7 +14,7 @@ export default function (server: Server, ctx: AppContext) {
   const { bskyAppView } = ctx.cfg
   if (!bskyAppView) return
   server.app.bsky.actor.getProfile({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ req, auth }) => {
       const requester = auth.credentials.did
       const res = await pipethrough(ctx, req, requester)

package/src/api/app/bsky/actor/getProfiles.ts CHANGED Viewed

@@ -14,7 +14,7 @@ export default function (server: Server, ctx: AppContext) {
   const { bskyAppView } = ctx.cfg
   if (!bskyAppView) return
   server.app.bsky.actor.getProfiles({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ req, auth }) => {
       const requester = auth.credentials.did

package/src/api/app/bsky/actor/putPreferences.ts CHANGED Viewed

@@ -6,7 +6,7 @@ import { AccountPreference } from '../../../../actor-store/preference/reader'
 export default function (server: Server, ctx: AppContext) {
   if (!ctx.cfg.bskyAppView) return
   server.app.bsky.actor.putPreferences({
-    auth: ctx.authVerifier.accessCheckTakedown,
+    auth: ctx.authVerifier.accessStandard({ checkTakedown: true }),
     handler: async ({ auth, input }) => {
       const { preferences } = input.body
       const requester = auth.credentials.did

package/src/api/app/bsky/feed/getActorLikes.ts CHANGED Viewed

@@ -14,7 +14,7 @@ export default function (server: Server, ctx: AppContext) {
   const { bskyAppView } = ctx.cfg
   if (!bskyAppView) return
   server.app.bsky.feed.getActorLikes({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ req, auth }) => {
       const requester = auth.credentials.did
       const res = await pipethrough(ctx, req, requester)

package/src/api/app/bsky/feed/getAuthorFeed.ts CHANGED Viewed

@@ -15,7 +15,7 @@ export default function (server: Server, ctx: AppContext) {
   const { bskyAppView } = ctx.cfg
   if (!bskyAppView) return
   server.app.bsky.feed.getAuthorFeed({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ req, auth }) => {
       const requester = auth.credentials.did
       const res = await pipethrough(ctx, req, requester)

package/src/api/app/bsky/feed/getFeed.ts CHANGED Viewed

@@ -7,7 +7,7 @@ export default function (server: Server, ctx: AppContext) {
   const { bskyAppView } = ctx.cfg
   if (!appViewAgent || !bskyAppView) return
   server.app.bsky.feed.getFeed({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ params, auth, req }) => {
       const requester = auth.credentials.did

package/src/api/app/bsky/feed/getPostThread.ts CHANGED Viewed

@@ -29,7 +29,7 @@ export default function (server: Server, ctx: AppContext) {
   const { bskyAppView } = ctx.cfg
   if (!bskyAppView) return
   server.app.bsky.feed.getPostThread({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ req, auth, params }) => {
       const requester = auth.credentials.did

package/src/api/app/bsky/feed/getTimeline.ts CHANGED Viewed

@@ -14,7 +14,7 @@ export default function (server: Server, ctx: AppContext) {
   const { bskyAppView } = ctx.cfg
   if (!bskyAppView) return
   server.app.bsky.feed.getTimeline({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ req, auth }) => {
       const requester = auth.credentials.did
       const res = await pipethrough(ctx, req, requester)

package/src/api/app/bsky/notification/registerPush.ts CHANGED Viewed

@@ -4,12 +4,15 @@ import { getNotif } from '@atproto/identity'
 import { InvalidRequestError } from '@atproto/xrpc-server'
 import { AtpAgent } from '@atproto/api'
 import { getDidDoc } from '../util/resolver'
+import { AuthScope } from '../../../../auth-verifier'
 export default function (server: Server, ctx: AppContext) {
   const { appViewAgent } = ctx
   if (!appViewAgent) return
   server.app.bsky.notification.registerPush({
-    auth: ctx.authVerifier.accessDeactived,
+    auth: ctx.authVerifier.accessStandard({
+      additional: [AuthScope.SignupQueued],
+    }),
     handler: async ({ auth, input }) => {
       const { serviceDid } = input.body
       const {

package/src/api/chat/index.ts CHANGED Viewed

@@ -4,85 +4,85 @@ import { pipethrough, pipethroughProcedure } from '../../pipethrough'
 export default function (server: Server, ctx: AppContext) {
   server.chat.bsky.actor.deleteAccount({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: async ({ req, auth }) => {
       return pipethroughProcedure(ctx, req, auth.credentials.did)
     },
   })
   server.chat.bsky.actor.exportAccountData({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth }) => {
       return pipethrough(ctx, req, auth.credentials.did)
     },
   })
   server.chat.bsky.convo.deleteMessageForSelf({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth, input }) => {
       return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
     },
   })
   server.chat.bsky.convo.getConvo({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth }) => {
       return pipethrough(ctx, req, auth.credentials.did)
     },
   })
   server.chat.bsky.convo.getConvoForMembers({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth }) => {
       return pipethrough(ctx, req, auth.credentials.did)
     },
   })
   server.chat.bsky.convo.getLog({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth }) => {
       return pipethrough(ctx, req, auth.credentials.did)
     },
   })
   server.chat.bsky.convo.getMessages({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth }) => {
       return pipethrough(ctx, req, auth.credentials.did)
     },
   })
   server.chat.bsky.convo.leaveConvo({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth, input }) => {
       return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
     },
   })
   server.chat.bsky.convo.listConvos({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth }) => {
       return pipethrough(ctx, req, auth.credentials.did)
     },
   })
   server.chat.bsky.convo.muteConvo({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth, input }) => {
       return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
     },
   })
   server.chat.bsky.convo.sendMessage({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth, input }) => {
       return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
     },
   })
   server.chat.bsky.convo.sendMessageBatch({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth, input }) => {
       return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
     },
   })
   server.chat.bsky.convo.unmuteConvo({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth, input }) => {
       return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
     },
   })
   server.chat.bsky.convo.updateRead({
-    auth: ctx.authVerifier.accessAppPassPrivileged,
+    auth: ctx.authVerifier.accessPrivileged(),
     handler: ({ req, auth, input }) => {
       return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
     },

package/src/api/com/atproto/admin/deleteAccount.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { Server } from '../../../../lexicon'
 import AppContext from '../../../../context'
+import { AccountStatus } from '../../../../account-manager'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.admin.deleteAccount({
@@ -8,8 +9,12 @@ export default function (server: Server, ctx: AppContext) {
       const { did } = input.body
       await ctx.actorStore.destroy(did)
       await ctx.accountManager.deleteAccount(did)
-      await ctx.sequencer.sequenceTombstone(did)
-      await ctx.sequencer.deleteAllForUser(did)
+      const tombstoneSeq = await ctx.sequencer.sequenceTombstone(did)
+      const accountSeq = await ctx.sequencer.sequenceAccountEvt(
+        did,
+        AccountStatus.Deleted,
+      )
+      await ctx.sequencer.deleteAllForUser(did, [accountSeq, tombstoneSeq])
     },
   })
 }

package/src/api/com/atproto/admin/getAccountInfo.ts CHANGED Viewed

@@ -32,6 +32,7 @@ export default function (server: Server, ctx: AppContext) {
           invitesDisabled: managesOwnInvites
             ? account.invitesDisabled === 1
             : undefined,
+          deactivatedAt: account.deactivatedAt ?? undefined,
         },
       }
     },

package/src/api/com/atproto/admin/getSubjectStatus.ts CHANGED Viewed

@@ -51,14 +51,15 @@ export default function (server: Server, ctx: AppContext) {
           }
         }
       } else if (did) {
-        const takedown = await ctx.accountManager.getAccountTakedownStatus(did)
-        if (takedown) {
+        const status = await ctx.accountManager.getAccountAdminStatus(did)
+        if (status) {
           body = {
             subject: {
               $type: 'com.atproto.admin.defs#repoRef',
               did: did,
             },
-            takedown,
+            takedown: status.takedown,
+            deactivated: status.deactivated,
           }
         }
       } else {

package/src/api/com/atproto/admin/updateAccountHandle.ts CHANGED Viewed

@@ -45,7 +45,7 @@ export default function (server: Server, ctx: AppContext) {
       try {
         await ctx.sequencer.sequenceHandleUpdate(did, handle)
-        await ctx.sequencer.sequenceIdentityEvt(did)
+        await ctx.sequencer.sequenceIdentityEvt(did, handle)
       } catch (err) {
         httpLogger.error(
           { err, did, handle },

package/src/api/com/atproto/admin/updateSubjectStatus.ts CHANGED Viewed

@@ -17,6 +17,8 @@ export default function (server: Server, ctx: AppContext) {
       if (takedown) {
         if (isRepoRef(subject)) {
           await ctx.accountManager.takedownAccount(subject.did, takedown)
+          const status = await ctx.accountManager.getAccountStatus(subject.did)
+          await ctx.sequencer.sequenceAccountEvt(subject.did, status)
         } else if (isStrongRef(subject)) {
           const uri = new AtUri(subject.uri)
           await ctx.actorStore.transact(uri.hostname, (store) =>

package/src/api/com/atproto/identity/getRecommendedDidCredentials.ts CHANGED Viewed

@@ -3,7 +3,7 @@ import AppContext from '../../../../context'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.identity.getRecommendedDidCredentials({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ auth }) => {
       const requester = auth.credentials.did
       const signingKey = await ctx.actorStore.keypair(requester)

package/src/api/com/atproto/identity/requestPlcOperationSignature.ts CHANGED Viewed

@@ -5,7 +5,7 @@ import { authPassthru } from '../../../proxy'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.identity.requestPlcOperationSignature({
-    auth: ctx.authVerifier.accessFull,
+    auth: ctx.authVerifier.accessFull(),
     handler: async ({ auth, req }) => {
       if (ctx.entrywayAgent) {
         await ctx.entrywayAgent.com.atproto.identity.requestPlcOperationSignature(

package/src/api/com/atproto/identity/signPlcOperation.ts CHANGED Viewed

@@ -7,7 +7,7 @@ import { authPassthru, resultPassthru } from '../../../proxy'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.identity.signPlcOperation({
-    auth: ctx.authVerifier.accessFull,
+    auth: ctx.authVerifier.accessFull(),
     handler: async ({ auth, input, req }) => {
       if (ctx.entrywayAgent) {
         return resultPassthru(

package/src/api/com/atproto/identity/submitPlcOperation.ts CHANGED Viewed

@@ -7,7 +7,7 @@ import { httpLogger as log } from '../../../../logger'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.identity.submitPlcOperation({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ auth, input }) => {
       const requester = auth.credentials.did
       const op = input.body.operation
@@ -47,6 +47,7 @@ export default function (server: Server, ctx: AppContext) {
       await ctx.plcClient.sendOperation(requester, op)
       await ctx.sequencer.sequenceIdentityEvt(requester)
       try {
         await ctx.idResolver.did.resolve(requester, true)
       } catch (err) {

package/src/api/com/atproto/identity/updateHandle.ts CHANGED Viewed

@@ -8,7 +8,7 @@ import { authPassthru } from '../../../proxy'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.identity.updateHandle({
-    auth: ctx.authVerifier.accessCheckTakedown,
+    auth: ctx.authVerifier.accessStandard({ checkTakedown: true }),
     rateLimit: [
       {
         durationMs: 5 * MINUTE,
@@ -57,7 +57,7 @@ export default function (server: Server, ctx: AppContext) {
       try {
         await ctx.sequencer.sequenceHandleUpdate(requester, handle)
-        await ctx.sequencer.sequenceIdentityEvt(requester)
+        await ctx.sequencer.sequenceIdentityEvt(requester, handle)
       } catch (err) {
         httpLogger.error(
           { err, did: requester, handle },

package/src/api/com/atproto/repo/applyWrites.ts CHANGED Viewed

@@ -31,7 +31,10 @@ const ratelimitPoints = ({ input }: { input: HandlerInput }) => {
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.applyWrites({
-    auth: ctx.authVerifier.accessCheckTakedown,
+    auth: ctx.authVerifier.accessStandard({
+      checkTakedown: true,
+      checkDeactivated: true,
+    }),
     rateLimit: [
       {
         name: 'repo-write-hour',

package/src/api/com/atproto/repo/createRecord.ts CHANGED Viewed

@@ -12,7 +12,10 @@ import AppContext from '../../../../context'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.createRecord({
-    auth: ctx.authVerifier.accessCheckTakedown,
+    auth: ctx.authVerifier.accessStandard({
+      checkTakedown: true,
+      checkDeactivated: true,
+    }),
     rateLimit: [
       {
         name: 'repo-write-hour',

package/src/api/com/atproto/repo/deleteRecord.ts CHANGED Viewed

@@ -7,7 +7,10 @@ import { CID } from 'multiformats/cid'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.deleteRecord({
-    auth: ctx.authVerifier.accessCheckTakedown,
+    auth: ctx.authVerifier.accessStandard({
+      checkTakedown: true,
+      checkDeactivated: true,
+    }),
     rateLimit: [
       {
         name: 'repo-write-hour',

package/src/api/com/atproto/repo/describeRepo.ts CHANGED Viewed

@@ -3,15 +3,13 @@ import * as id from '@atproto/identity'
 import { Server } from '../../../../lexicon'
 import AppContext from '../../../../context'
 import { INVALID_HANDLE } from '@atproto/syntax'
+import { assertRepoAvailability } from '../sync/util'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.describeRepo(async ({ params }) => {
     const { repo } = params
-    const account = await ctx.accountManager.getAccount(repo)
-    if (account === null) {
-      throw new InvalidRequestError(`Could not find user: ${repo}`)
-    }
+    const account = await assertRepoAvailability(ctx, repo, false)
     let didDoc
     try {

package/src/api/com/atproto/repo/importRepo.ts CHANGED Viewed

@@ -17,7 +17,9 @@ import { BlobRef, LexValue, RepoRecord } from '@atproto/lexicon'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.importRepo({
-    auth: ctx.authVerifier.accessFull,
+    auth: ctx.authVerifier.accessFull({
+      checkTakedown: true,
+    }),
     handler: async ({ input, auth }) => {
       const did = auth.credentials.did
       if (!ctx.cfg.service.acceptingImports) {

package/src/api/com/atproto/repo/listMissingBlobs.ts CHANGED Viewed

@@ -3,7 +3,7 @@ import AppContext from '../../../../context'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.listMissingBlobs({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ auth, params }) => {
       const did = auth.credentials.did
       const { limit, cursor } = params

package/src/api/com/atproto/repo/putRecord.ts CHANGED Viewed

@@ -19,7 +19,10 @@ import { ActorStoreTransactor } from '../../../../actor-store'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.putRecord({
-    auth: ctx.authVerifier.accessCheckTakedown,
+    auth: ctx.authVerifier.accessStandard({
+      checkTakedown: true,
+      checkDeactivated: true,
+    }),
     rateLimit: [
       {
         name: 'repo-write-hour',

package/src/api/com/atproto/repo/uploadBlob.ts CHANGED Viewed

@@ -6,7 +6,9 @@ import { BlobMetadata } from '../../../../actor-store/blob/transactor'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.repo.uploadBlob({
-    auth: ctx.authVerifier.accessCheckTakedown,
+    auth: ctx.authVerifier.accessStandard({
+      checkTakedown: true,
+    }),
     rateLimit: {
       durationMs: DAY,
       points: 1000,

package/src/api/com/atproto/server/activateAccount.ts CHANGED Viewed

@@ -7,7 +7,7 @@ import { assertValidDidDocumentForService } from './util'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.activateAccount({
-    auth: ctx.authVerifier.accessFull,
+    auth: ctx.authVerifier.accessFull(),
     handler: async ({ auth }) => {
       const requester = auth.credentials.did
@@ -36,7 +36,8 @@ export default function (server: Server, ctx: AppContext) {
       })
       // @NOTE: we're over-emitting for now for backwards compatibility, can reduce this in the future
-      await ctx.sequencer.sequenceIdentityEvt(requester)
+      const status = await ctx.accountManager.getAccountStatus(requester)
+      await ctx.sequencer.sequenceAccountEvt(requester, status)
       await ctx.sequencer.sequenceHandleUpdate(
         requester,
         account.handle ?? INVALID_HANDLE,

package/src/api/com/atproto/server/checkAccountStatus.ts CHANGED Viewed

@@ -4,7 +4,7 @@ import { isValidDidDocForService } from './util'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.checkAccountStatus({
-    auth: ctx.authVerifier.access,
+    auth: ctx.authVerifier.accessStandard(),
     handler: async ({ auth }) => {
       const requester = auth.credentials.did
       const [

package/src/api/com/atproto/server/confirmEmail.ts CHANGED Viewed

@@ -5,7 +5,7 @@ import { authPassthru } from '../../../proxy'
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.confirmEmail({
-    auth: ctx.authVerifier.accessCheckTakedown,
+    auth: ctx.authVerifier.accessStandard({ checkTakedown: true }),
     handler: async ({ auth, input, req }) => {
       const did = auth.credentials.did