@atproto/pds 0.4.34 → 0.4.35
Sign up to get free protection for your applications and to get access to all the features.
- package/CHANGELOG.md +10 -0
- package/dist/account-manager/db/migrations/004-oauth.d.ts +4 -0
- package/dist/account-manager/db/migrations/004-oauth.d.ts.map +1 -0
- package/dist/account-manager/db/migrations/004-oauth.js +106 -0
- package/dist/account-manager/db/migrations/004-oauth.js.map +1 -0
- package/dist/account-manager/db/migrations/index.d.ts +2 -0
- package/dist/account-manager/db/migrations/index.d.ts.map +1 -1
- package/dist/account-manager/db/migrations/index.js +2 -0
- package/dist/account-manager/db/migrations/index.js.map +1 -1
- package/dist/account-manager/db/schema/authorization-request.d.ts +19 -0
- package/dist/account-manager/db/schema/authorization-request.d.ts.map +1 -0
- package/dist/account-manager/db/schema/authorization-request.js +5 -0
- package/dist/account-manager/db/schema/authorization-request.js.map +1 -0
- package/dist/account-manager/db/schema/device-account.d.ts +14 -0
- package/dist/account-manager/db/schema/device-account.d.ts.map +1 -0
- package/dist/account-manager/db/schema/device-account.js +5 -0
- package/dist/account-manager/db/schema/device-account.js.map +1 -0
- package/dist/account-manager/db/schema/device.d.ts +16 -0
- package/dist/account-manager/db/schema/device.d.ts.map +1 -0
- package/dist/account-manager/db/schema/device.js +5 -0
- package/dist/account-manager/db/schema/device.js.map +1 -0
- package/dist/account-manager/db/schema/index.d.ts +11 -1
- package/dist/account-manager/db/schema/index.d.ts.map +1 -1
- package/dist/account-manager/db/schema/token.d.ts +24 -0
- package/dist/account-manager/db/schema/token.d.ts.map +1 -0
- package/dist/account-manager/db/schema/token.js +5 -0
- package/dist/account-manager/db/schema/token.js.map +1 -0
- package/dist/account-manager/db/schema/used-refresh-token.d.ts +12 -0
- package/dist/account-manager/db/schema/used-refresh-token.d.ts.map +1 -0
- package/dist/account-manager/db/schema/used-refresh-token.js +5 -0
- package/dist/account-manager/db/schema/used-refresh-token.js.map +1 -0
- package/dist/account-manager/helpers/account.d.ts +27 -5
- package/dist/account-manager/helpers/account.d.ts.map +1 -1
- package/dist/account-manager/helpers/account.js +15 -14
- package/dist/account-manager/helpers/account.js.map +1 -1
- package/dist/account-manager/helpers/authorization-request.d.ts +12 -0
- package/dist/account-manager/helpers/authorization-request.d.ts.map +1 -0
- package/dist/account-manager/helpers/authorization-request.js +59 -0
- package/dist/account-manager/helpers/authorization-request.js.map +1 -0
- package/dist/account-manager/helpers/device-account.d.ts +108 -0
- package/dist/account-manager/helpers/device-account.d.ts.map +1 -0
- package/dist/account-manager/helpers/device-account.js +82 -0
- package/dist/account-manager/helpers/device-account.js.map +1 -0
- package/dist/account-manager/helpers/device.d.ts +9 -0
- package/dist/account-manager/helpers/device.d.ts.map +1 -0
- package/dist/account-manager/helpers/device.js +32 -0
- package/dist/account-manager/helpers/device.js.map +1 -0
- package/dist/account-manager/helpers/token.d.ts +485 -0
- package/dist/account-manager/helpers/token.d.ts.map +1 -0
- package/dist/account-manager/helpers/token.js +123 -0
- package/dist/account-manager/helpers/token.js.map +1 -0
- package/dist/account-manager/helpers/used-refresh-token.d.ts +10 -0
- package/dist/account-manager/helpers/used-refresh-token.d.ts.map +1 -0
- package/dist/account-manager/helpers/used-refresh-token.js +25 -0
- package/dist/account-manager/helpers/used-refresh-token.js.map +1 -0
- package/dist/account-manager/index.d.ts +36 -6
- package/dist/account-manager/index.d.ts.map +1 -1
- package/dist/account-manager/index.js +223 -22
- package/dist/account-manager/index.js.map +1 -1
- package/dist/actor-store/preference/reader.js.map +1 -1
- package/dist/actor-store/record/reader.d.ts +1 -1
- package/dist/api/app/bsky/util/resolver.d.ts +1 -1
- package/dist/api/com/atproto/server/createSession.d.ts.map +1 -1
- package/dist/api/com/atproto/server/createSession.js +7 -31
- package/dist/api/com/atproto/server/createSession.js.map +1 -1
- package/dist/api/com/atproto/server/deleteSession.d.ts.map +1 -1
- package/dist/api/com/atproto/server/deleteSession.js +14 -13
- package/dist/api/com/atproto/server/deleteSession.js.map +1 -1
- package/dist/api/com/atproto/server/getSession.d.ts.map +1 -1
- package/dist/api/com/atproto/server/getSession.js +4 -2
- package/dist/api/com/atproto/server/getSession.js.map +1 -1
- package/dist/api/com/atproto/server/refreshSession.d.ts.map +1 -1
- package/dist/api/com/atproto/server/refreshSession.js +4 -2
- package/dist/api/com/atproto/server/refreshSession.js.map +1 -1
- package/dist/api/com/atproto/sync/getRepoStatus.d.ts.map +1 -1
- package/dist/api/com/atproto/sync/getRepoStatus.js +2 -1
- package/dist/api/com/atproto/sync/getRepoStatus.js.map +1 -1
- package/dist/api/com/atproto/sync/listRepos.js +2 -2
- package/dist/api/com/atproto/sync/listRepos.js.map +1 -1
- package/dist/api/proxy.d.ts.map +1 -1
- package/dist/api/proxy.js +15 -2
- package/dist/api/proxy.js.map +1 -1
- package/dist/auth-routes.d.ts +4 -0
- package/dist/auth-routes.d.ts.map +1 -0
- package/dist/auth-routes.js +24 -0
- package/dist/auth-routes.js.map +1 -0
- package/dist/auth-verifier.d.ts +32 -11
- package/dist/auth-verifier.d.ts.map +1 -1
- package/dist/auth-verifier.js +238 -79
- package/dist/auth-verifier.js.map +1 -1
- package/dist/config/config.d.ts +12 -0
- package/dist/config/config.d.ts.map +1 -1
- package/dist/config/config.js +45 -0
- package/dist/config/config.js.map +1 -1
- package/dist/config/env.d.ts +8 -0
- package/dist/config/env.d.ts.map +1 -1
- package/dist/config/env.js +10 -0
- package/dist/config/env.js.map +1 -1
- package/dist/config/secrets.d.ts +1 -0
- package/dist/config/secrets.d.ts.map +1 -1
- package/dist/config/secrets.js +1 -0
- package/dist/config/secrets.js.map +1 -1
- package/dist/context.d.ts +6 -0
- package/dist/context.d.ts.map +1 -1
- package/dist/context.js +71 -13
- package/dist/context.js.map +1 -1
- package/dist/db/cast.d.ts +15 -0
- package/dist/db/cast.d.ts.map +1 -0
- package/dist/db/cast.js +66 -0
- package/dist/db/cast.js.map +1 -0
- package/dist/db/db.d.ts +2 -2
- package/dist/db/db.d.ts.map +1 -1
- package/dist/db/db.js +9 -7
- package/dist/db/db.js.map +1 -1
- package/dist/db/index.d.ts +1 -0
- package/dist/db/index.d.ts.map +1 -1
- package/dist/db/index.js +1 -0
- package/dist/db/index.js.map +1 -1
- package/dist/error.d.ts.map +1 -1
- package/dist/error.js +5 -0
- package/dist/error.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -0
- package/dist/index.js.map +1 -1
- package/dist/logger.d.ts +13 -11
- package/dist/logger.d.ts.map +1 -1
- package/dist/logger.js +80 -64
- package/dist/logger.js.map +1 -1
- package/dist/oauth/detailed-account-store.d.ts +27 -0
- package/dist/oauth/detailed-account-store.d.ts.map +1 -0
- package/dist/oauth/detailed-account-store.js +76 -0
- package/dist/oauth/detailed-account-store.js.map +1 -0
- package/dist/oauth/provider.d.ts +16 -0
- package/dist/oauth/provider.d.ts.map +1 -0
- package/dist/oauth/provider.js +45 -0
- package/dist/oauth/provider.js.map +1 -0
- package/dist/pipethrough.d.ts.map +1 -1
- package/dist/pipethrough.js.map +1 -1
- package/dist/sequencer/events.d.ts +2 -2
- package/example.env +21 -3
- package/package.json +6 -4
- package/src/account-manager/db/migrations/004-oauth.ts +122 -0
- package/src/account-manager/db/migrations/index.ts +2 -0
- package/src/account-manager/db/schema/authorization-request.ts +26 -0
- package/src/account-manager/db/schema/device-account.ts +15 -0
- package/src/account-manager/db/schema/device.ts +18 -0
- package/src/account-manager/db/schema/index.ts +15 -0
- package/src/account-manager/db/schema/token.ts +34 -0
- package/src/account-manager/db/schema/used-refresh-token.ts +13 -0
- package/src/account-manager/helpers/account.ts +16 -21
- package/src/account-manager/helpers/authorization-request.ts +82 -0
- package/src/account-manager/helpers/device-account.ts +135 -0
- package/src/account-manager/helpers/device.ts +45 -0
- package/src/account-manager/helpers/token.ts +185 -0
- package/src/account-manager/helpers/used-refresh-token.ts +30 -0
- package/src/account-manager/index.ts +325 -20
- package/src/actor-store/preference/reader.ts +1 -1
- package/src/api/com/atproto/server/createSession.ts +8 -44
- package/src/api/com/atproto/server/deleteSession.ts +14 -20
- package/src/api/com/atproto/server/getSession.ts +7 -2
- package/src/api/com/atproto/server/refreshSession.ts +6 -2
- package/src/api/com/atproto/sync/getRepoStatus.ts +3 -1
- package/src/api/com/atproto/sync/listRepos.ts +1 -1
- package/src/api/proxy.ts +18 -2
- package/src/auth-routes.ts +27 -0
- package/src/auth-verifier.ts +312 -92
- package/src/config/config.ts +66 -0
- package/src/config/env.ts +24 -0
- package/src/config/secrets.ts +2 -0
- package/src/context.ts +80 -14
- package/src/db/cast.ts +59 -0
- package/src/db/db.ts +15 -12
- package/src/db/index.ts +1 -0
- package/src/error.ts +7 -0
- package/src/index.ts +2 -0
- package/src/logger.ts +83 -38
- package/src/oauth/detailed-account-store.ts +96 -0
- package/src/oauth/provider.ts +77 -0
- package/src/pipethrough.ts +3 -2
@@ -0,0 +1,77 @@
|
|
1
|
+
import {
|
2
|
+
AccessTokenType,
|
3
|
+
OAuthProvider,
|
4
|
+
OAuthProviderOptions,
|
5
|
+
} from '@atproto/oauth-provider'
|
6
|
+
|
7
|
+
import { AccountManager } from '../account-manager/index'
|
8
|
+
import { ActorStore } from '../actor-store/index'
|
9
|
+
import { oauthLogger } from '../logger'
|
10
|
+
import { LocalViewerCreator } from '../read-after-write/index'
|
11
|
+
import { DetailedAccountStore } from './detailed-account-store'
|
12
|
+
|
13
|
+
export type AuthProviderOptions = {
|
14
|
+
accountManager: AccountManager
|
15
|
+
actorStore: ActorStore
|
16
|
+
localViewer: LocalViewerCreator
|
17
|
+
} & Pick<
|
18
|
+
OAuthProviderOptions,
|
19
|
+
'issuer' | 'redis' | 'keyset' | 'dpopSecret' | 'customization'
|
20
|
+
> &
|
21
|
+
Required<Pick<OAuthProviderOptions, 'safeFetch'>>
|
22
|
+
|
23
|
+
export class PdsOAuthProvider extends OAuthProvider {
|
24
|
+
constructor({
|
25
|
+
accountManager,
|
26
|
+
actorStore,
|
27
|
+
localViewer,
|
28
|
+
keyset,
|
29
|
+
redis,
|
30
|
+
dpopSecret,
|
31
|
+
issuer,
|
32
|
+
customization,
|
33
|
+
safeFetch,
|
34
|
+
}: AuthProviderOptions) {
|
35
|
+
super({
|
36
|
+
issuer,
|
37
|
+
keyset,
|
38
|
+
dpopSecret,
|
39
|
+
redis,
|
40
|
+
safeFetch,
|
41
|
+
customization,
|
42
|
+
metadata: {
|
43
|
+
// PdsOAuthProvider is used when the PDS is both an authorization server
|
44
|
+
// & resource server, in which case the issuer origin is also the
|
45
|
+
// resource server uri.
|
46
|
+
protected_resources: [new URL(issuer).origin],
|
47
|
+
},
|
48
|
+
|
49
|
+
accountStore: new DetailedAccountStore(
|
50
|
+
accountManager,
|
51
|
+
actorStore,
|
52
|
+
localViewer,
|
53
|
+
),
|
54
|
+
requestStore: accountManager,
|
55
|
+
deviceStore: accountManager,
|
56
|
+
tokenStore: accountManager,
|
57
|
+
|
58
|
+
// If the PDS is both an authorization server & resource server (no
|
59
|
+
// entryway), there is no need to use JWTs as access tokens. Instead,
|
60
|
+
// the PDS can use tokenId as access tokens. This allows the PDS to
|
61
|
+
// always use up-to-date token data from the token store.
|
62
|
+
accessTokenType: AccessTokenType.id,
|
63
|
+
|
64
|
+
onClientInfo: (clientId) => ({
|
65
|
+
isFirstParty: clientId === 'https://bsky.app/',
|
66
|
+
// @TODO make client client list configurable:
|
67
|
+
isTrusted: undefined,
|
68
|
+
}),
|
69
|
+
})
|
70
|
+
}
|
71
|
+
|
72
|
+
createRouter() {
|
73
|
+
return this.httpHandler({
|
74
|
+
onError: (req, res, err, message) => oauthLogger.error({ err }, message),
|
75
|
+
})
|
76
|
+
}
|
77
|
+
}
|
package/src/pipethrough.ts
CHANGED
@@ -22,7 +22,8 @@ export const proxyHandler = (ctx: AppContext): CatchallHandler => {
|
|
22
22
|
const { url, aud } = await formatUrlAndAud(ctx, req)
|
23
23
|
const auth = await accessStandard({ req })
|
24
24
|
const headers = await formatHeaders(ctx, req, aud, auth.credentials.did)
|
25
|
-
const body =
|
25
|
+
const body: webStream.ReadableStream<Uint8Array> =
|
26
|
+
stream.Readable.toWeb(req)
|
26
27
|
const reqInit = formatReqInit(req, headers, body)
|
27
28
|
const proxyRes = await makeRequest(url, reqInit)
|
28
29
|
await pipeProxyRes(proxyRes, res)
|
@@ -113,7 +114,7 @@ export const formatHeaders = async (
|
|
113
114
|
const formatReqInit = (
|
114
115
|
req: express.Request,
|
115
116
|
headers: Record<string, string>,
|
116
|
-
body?: Uint8Array | ReadableStream
|
117
|
+
body?: Uint8Array | webStream.ReadableStream<Uint8Array>,
|
117
118
|
): RequestInit => {
|
118
119
|
if (req.method === 'GET') {
|
119
120
|
return {
|