@atproto/pds 0.4.29 → 0.4.31

package/src/auth-verifier.ts

@@ -24,7 +24,13 @@ export enum AuthScope {
   Refresh = 'com.atproto.refresh',
   AppPass = 'com.atproto.appPass',
   AppPassPrivileged = 'com.atproto.appPassPrivileged',
-  Deactivated = 'com.atproto.deactivated',
+  SignupQueued = 'com.atproto.signupQueued',
+}
+
+export type AccessOpts = {
+  additional: AuthScope[]
+  checkTakedown: boolean
+  checkDeactivated: boolean
 }
 
 export enum RoleStatus {
@@ -115,55 +121,40 @@ export class AuthVerifier {
 
   // verifiers (arrow fns to preserve scope)
 
-  access = (ctx: ReqCtx): Promise<AccessOutput> => {
-    return this.validateAccessToken(ctx.req, [
-      AuthScope.Access,
-      AuthScope.AppPassPrivileged,
-      AuthScope.AppPass,
-    ])
-  }
-
-  accessCheckTakedown = async (ctx: ReqCtx): Promise<AccessOutput> => {
-    const result = await this.validateAccessToken(ctx.req, [
-      AuthScope.Access,
-      AuthScope.AppPassPrivileged,
-      AuthScope.AppPass,
-    ])
-    const found = await this.accountManager.getAccount(result.credentials.did, {
-      includeDeactivated: true,
-    })
-    if (!found) {
-      // will be turned into ExpiredToken for the client if proxied by entryway
-      throw new ForbiddenError('Account not found', 'AccountNotFound')
-    }
-    if (softDeleted(found)) {
-      throw new AuthRequiredError(
-        'Account has been taken down',
-        'AccountTakedown',
+  accessStandard =
+    (opts: Partial<AccessOpts> = {}) =>
+    (ctx: ReqCtx): Promise<AccessOutput> => {
+      return this.validateAccessToken(
+        ctx.req,
+        [
+          AuthScope.Access,
+          AuthScope.AppPassPrivileged,
+          AuthScope.AppPass,
+          ...(opts.additional ?? []),
+        ],
+        opts,
       )
     }
-    return result
-  }
-
-  accessFull = (ctx: ReqCtx): Promise<AccessOutput> => {
-    return this.validateAccessToken(ctx.req, [AuthScope.Access])
-  }
 
-  accessAppPassPrivileged = (ctx: ReqCtx): Promise<AccessOutput> => {
-    return this.validateAccessToken(ctx.req, [
-      AuthScope.Access,
-      AuthScope.AppPassPrivileged,
-    ])
-  }
+  accessFull =
+    (opts: Partial<AccessOpts> = {}) =>
+    (ctx: ReqCtx): Promise<AccessOutput> => {
+      return this.validateAccessToken(
+        ctx.req,
+        [AuthScope.Access, ...(opts.additional ?? [])],
+        opts,
+      )
+    }
 
-  accessDeactived = (ctx: ReqCtx): Promise<AccessOutput> => {
-    return this.validateAccessToken(ctx.req, [
-      AuthScope.Access,
-      AuthScope.AppPass,
-      AuthScope.AppPassPrivileged,
-      AuthScope.Deactivated,
-    ])
-  }
+  accessPrivileged =
+    (opts: Partial<AccessOpts> = {}) =>
+    (ctx: ReqCtx): Promise<AccessOutput> => {
+      return this.validateAccessToken(ctx.req, [
+        AuthScope.Access,
+        AuthScope.AppPassPrivileged,
+        ...(opts.additional ?? []),
+      ])
+    }
 
   refresh = async (ctx: ReqCtx): Promise<RefreshOutput> => {
     const { did, scope, token, audience, payload } =
@@ -205,7 +196,7 @@ export class AuthVerifier {
     ctx: ReqCtx,
   ): Promise<AccessOutput | AdminTokenOutput | NullOutput> => {
     if (isBearerToken(ctx.req)) {
-      return await this.access(ctx)
+      return await this.accessStandard()(ctx)
     } else if (isBasicToken(ctx.req)) {
       return await this.adminToken(ctx)
     } else {
@@ -308,12 +299,36 @@ export class AuthVerifier {
   async validateAccessToken(
     req: express.Request,
     scopes: AuthScope[],
+    opts?: { checkTakedown?: boolean; checkDeactivated?: boolean },
   ): Promise<AccessOutput> {
     const { did, scope, token, audience } = await this.validateBearerToken(
       req,
       scopes,
       { audience: this.dids.pds },
     )
+    const { checkTakedown = false, checkDeactivated = false } = opts ?? {}
+    if (checkTakedown || checkDeactivated) {
+      const found = await this.accountManager.getAccount(did, {
+        includeDeactivated: true,
+        includeTakenDown: true,
+      })
+      if (!found) {
+        // will be turned into ExpiredToken for the client if proxied by entryway
+        throw new ForbiddenError('Account not found', 'AccountNotFound')
+      }
+      if (checkTakedown && softDeleted(found)) {
+        throw new AuthRequiredError(
+          'Account has been taken down',
+          'AccountTakedown',
+        )
+      }
+      if (checkDeactivated && found.deactivatedAt) {
+        throw new AuthRequiredError(
+          'Account is deactivated',
+          'AccountDeactivated',
+        )
+      }
+    }
     return {
       credentials: {
         type: 'access',

package/src/lexicon/lexicons.ts

@@ -66,6 +66,10 @@ export const schemaDict = {
           inviteNote: {
             type: 'string',
           },
+          deactivatedAt: {
+            type: 'string',
+            format: 'datetime',
+          },
         },
       },
       repoRef: {
@@ -364,6 +368,10 @@ export const schemaDict = {
                 type: 'ref',
                 ref: 'lex:com.atproto.admin.defs#statusAttr',
               },
+              deactivated: {
+                type: 'ref',
+                ref: 'lex:com.atproto.admin.defs#statusAttr',
+              },
             },
           },
         },
@@ -527,6 +535,10 @@ export const schemaDict = {
                 type: 'ref',
                 ref: 'lex:com.atproto.admin.defs#statusAttr',
               },
+              deactivated: {
+                type: 'ref',
+                ref: 'lex:com.atproto.admin.defs#statusAttr',
+              },
             },
           },
         },
@@ -2255,6 +2267,15 @@ export const schemaDict = {
               emailAuthFactor: {
                 type: 'boolean',
               },
+              active: {
+                type: 'boolean',
+              },
+              status: {
+                type: 'string',
+                description:
+                  'If active=false, this optional field indicates a possible reason for why the account is not active. If active=false and no status is supplied, then the host makes no claim for why the repository is no longer being hosted.',
+                knownValues: ['takendown', 'suspended', 'deactivated'],
+              },
             },
           },
         },
@@ -2591,6 +2612,15 @@ export const schemaDict = {
               didDoc: {
                 type: 'unknown',
               },
+              active: {
+                type: 'boolean',
+              },
+              status: {
+                type: 'string',
+                description:
+                  'If active=false, this optional field indicates a possible reason for why the account is not active. If active=false and no status is supplied, then the host makes no claim for why the repository is no longer being hosted.',
+                knownValues: ['takendown', 'suspended', 'deactivated'],
+              },
             },
           },
         },
@@ -2675,6 +2705,15 @@ export const schemaDict = {
               didDoc: {
                 type: 'unknown',
               },
+              active: {
+                type: 'boolean',
+              },
+              status: {
+                type: 'string',
+                description:
+                  "Hosting status of the account. If not specified, then assume 'active'.",
+                knownValues: ['takendown', 'suspended', 'deactivated'],
+              },
             },
           },
         },
@@ -9999,6 +10038,10 @@ export const schemaDict = {
           inviteNote: {
             type: 'string',
           },
+          deactivatedAt: {
+            type: 'string',
+            format: 'datetime',
+          },
         },
       },
       repoViewDetail: {
@@ -10064,6 +10107,10 @@ export const schemaDict = {
             type: 'string',
             format: 'datetime',
           },
+          deactivatedAt: {
+            type: 'string',
+            format: 'datetime',
+          },
         },
       },
       repoViewNotFound: {

package/src/lexicon/types/com/atproto/admin/defs.ts

@@ -36,6 +36,7 @@ export interface AccountView {
   invitesDisabled?: boolean
   emailConfirmedAt?: string
   inviteNote?: string
+  deactivatedAt?: string
   [k: string]: unknown
 }
 

package/src/lexicon/types/com/atproto/admin/getSubjectStatus.ts

@@ -25,6 +25,7 @@ export interface OutputSchema {
     | ComAtprotoAdminDefs.RepoBlobRef
     | { $type: string; [k: string]: unknown }
   takedown?: ComAtprotoAdminDefs.StatusAttr
+  deactivated?: ComAtprotoAdminDefs.StatusAttr
   [k: string]: unknown
 }
 

package/src/lexicon/types/com/atproto/admin/updateSubjectStatus.ts

@@ -19,6 +19,7 @@ export interface InputSchema {
     | ComAtprotoAdminDefs.RepoBlobRef
     | { $type: string; [k: string]: unknown }
   takedown?: ComAtprotoAdminDefs.StatusAttr
+  deactivated?: ComAtprotoAdminDefs.StatusAttr
   [k: string]: unknown
 }
 

package/src/lexicon/types/com/atproto/server/createSession.ts

@@ -27,6 +27,9 @@ export interface OutputSchema {
   email?: string
   emailConfirmed?: boolean
   emailAuthFactor?: boolean
+  active?: boolean
+  /** If active=false, this optional field indicates a possible reason for why the account is not active. If active=false and no status is supplied, then the host makes no claim for why the repository is no longer being hosted. */
+  status?: 'takendown' | 'suspended' | 'deactivated' | (string & {})
   [k: string]: unknown
 }
 

package/src/lexicon/types/com/atproto/server/getSession.ts

@@ -19,6 +19,9 @@ export interface OutputSchema {
   emailConfirmed?: boolean
   emailAuthFactor?: boolean
   didDoc?: {}
+  active?: boolean
+  /** If active=false, this optional field indicates a possible reason for why the account is not active. If active=false and no status is supplied, then the host makes no claim for why the repository is no longer being hosted. */
+  status?: 'takendown' | 'suspended' | 'deactivated' | (string & {})
   [k: string]: unknown
 }
 

package/src/lexicon/types/com/atproto/server/refreshSession.ts

@@ -18,6 +18,9 @@ export interface OutputSchema {
   handle: string
   did: string
   didDoc?: {}
+  active?: boolean
+  /** Hosting status of the account. If not specified, then assume 'active'. */
+  status?: 'takendown' | 'suspended' | 'deactivated' | (string & {})
   [k: string]: unknown
 }
 

package/src/lexicon/types/tools/ozone/moderation/defs.ts

@@ -478,6 +478,7 @@ export interface RepoView {
   invitedBy?: ComAtprotoServerDefs.InviteCode
   invitesDisabled?: boolean
   inviteNote?: string
+  deactivatedAt?: string
   [k: string]: unknown
 }
 
@@ -506,6 +507,7 @@ export interface RepoViewDetail {
   invitesDisabled?: boolean
   inviteNote?: string
   emailConfirmedAt?: string
+  deactivatedAt?: string
   [k: string]: unknown
 }
 

package/src/pipethrough.ts

@@ -15,12 +15,12 @@ import { httpLogger } from './logger'
 import { getServiceEndpoint, noUndefinedVals } from '@atproto/common'
 import AppContext from './context'
 
-export const proxyHandler =
-  (ctx: AppContext): CatchallHandler =>
-  async (req, res, next) => {
+export const proxyHandler = (ctx: AppContext): CatchallHandler => {
+  const accessStandard = ctx.authVerifier.accessStandard()
+  return async (req, res, next) => {
     try {
       const { url, aud } = await formatUrlAndAud(ctx, req)
-      const auth = await ctx.authVerifier.access({ req })
+      const auth = await accessStandard({ req })
       const headers = await formatHeaders(ctx, req, aud, auth.credentials.did)
       const body = stream.Readable.toWeb(req)
       const reqInit = formatReqInit(req, headers, body)
@@ -31,6 +31,7 @@ export const proxyHandler =
     }
     return next()
   }
+}
 
 export const pipethrough = async (
   ctx: AppContext,

package/tests/account-deactivation.test.ts

@@ -56,6 +56,14 @@ describe('account deactivation', () => {
       active: false,
       status: 'deactivated',
     })
+
+    const adminRes = await agent.com.atproto.admin.getAccountInfo(
+      {
+        did: alice,
+      },
+      { headers: network.pds.adminAuthHeaders() },
+    )
+    expect(typeof adminRes.data.deactivatedAt).toBeDefined()
   })
 
   it('no longer serves repo data', async () => {
@@ -109,11 +117,19 @@ describe('account deactivation', () => {
     ).rejects.toThrow()
   })
 
-  it('still allows login', async () => {
-    await agent.com.atproto.server.createSession({
+  it('still allows login and returns status', async () => {
+    const res = await agent.com.atproto.server.createSession({
       identifier: alice,
       password: sc.accounts[alice].password,
     })
+    expect(res.data.status).toEqual('deactivated')
+  })
+
+  it('returns status on getSession', async () => {
+    const res = await agent.com.atproto.server.getSession(undefined, {
+      headers: sc.getHeaders(alice),
+    })
+    expect(res.data.status).toEqual('deactivated')
   })
 
   it('does not allow writes', async () => {
@@ -169,6 +185,19 @@ describe('account deactivation', () => {
     await agent.com.atproto.server.activateAccount(undefined, {
       headers: sc.getHeaders(alice),
     })
+
     await agent.com.atproto.sync.getRepo({ did: alice })
+
+    const statusRes = await agent.com.atproto.sync.getRepoStatus({ did: alice })
+    expect(statusRes.data.active).toBe(true)
+    expect(statusRes.data.status).toBeUndefined()
+
+    const adminRes = await agent.com.atproto.admin.getAccountInfo(
+      {
+        did: alice,
+      },
+      { headers: network.pds.adminAuthHeaders() },
+    )
+    expect(adminRes.data.deactivatedAt).toBeUndefined()
   })
 })

package/tests/auth.test.ts

@@ -62,6 +62,7 @@ describe('auth', () => {
       handle: account.handle,
       email,
       emailConfirmed: false,
+      active: true,
     })
     // Valid refresh token
     const nextSession = await refreshSession(account.refreshJwt)
@@ -91,6 +92,7 @@ describe('auth', () => {
       handle: session.handle,
       email,
       emailConfirmed: false,
+      active: true,
     })
     // Valid refresh token
     const nextSession = await refreshSession(session.refreshJwt)
@@ -135,6 +137,7 @@ describe('auth', () => {
       handle: session.handle,
       email,
       emailConfirmed: false,
+      active: true,
     })
     // Valid refresh token
     const nextSession = await refreshSession(session.refreshJwt)