@atproto/pds 0.4.34 → 0.4.35
Sign up to get free protection for your applications and to get access to all the features.
- package/CHANGELOG.md +10 -0
- package/dist/account-manager/db/migrations/004-oauth.d.ts +4 -0
- package/dist/account-manager/db/migrations/004-oauth.d.ts.map +1 -0
- package/dist/account-manager/db/migrations/004-oauth.js +106 -0
- package/dist/account-manager/db/migrations/004-oauth.js.map +1 -0
- package/dist/account-manager/db/migrations/index.d.ts +2 -0
- package/dist/account-manager/db/migrations/index.d.ts.map +1 -1
- package/dist/account-manager/db/migrations/index.js +2 -0
- package/dist/account-manager/db/migrations/index.js.map +1 -1
- package/dist/account-manager/db/schema/authorization-request.d.ts +19 -0
- package/dist/account-manager/db/schema/authorization-request.d.ts.map +1 -0
- package/dist/account-manager/db/schema/authorization-request.js +5 -0
- package/dist/account-manager/db/schema/authorization-request.js.map +1 -0
- package/dist/account-manager/db/schema/device-account.d.ts +14 -0
- package/dist/account-manager/db/schema/device-account.d.ts.map +1 -0
- package/dist/account-manager/db/schema/device-account.js +5 -0
- package/dist/account-manager/db/schema/device-account.js.map +1 -0
- package/dist/account-manager/db/schema/device.d.ts +16 -0
- package/dist/account-manager/db/schema/device.d.ts.map +1 -0
- package/dist/account-manager/db/schema/device.js +5 -0
- package/dist/account-manager/db/schema/device.js.map +1 -0
- package/dist/account-manager/db/schema/index.d.ts +11 -1
- package/dist/account-manager/db/schema/index.d.ts.map +1 -1
- package/dist/account-manager/db/schema/token.d.ts +24 -0
- package/dist/account-manager/db/schema/token.d.ts.map +1 -0
- package/dist/account-manager/db/schema/token.js +5 -0
- package/dist/account-manager/db/schema/token.js.map +1 -0
- package/dist/account-manager/db/schema/used-refresh-token.d.ts +12 -0
- package/dist/account-manager/db/schema/used-refresh-token.d.ts.map +1 -0
- package/dist/account-manager/db/schema/used-refresh-token.js +5 -0
- package/dist/account-manager/db/schema/used-refresh-token.js.map +1 -0
- package/dist/account-manager/helpers/account.d.ts +27 -5
- package/dist/account-manager/helpers/account.d.ts.map +1 -1
- package/dist/account-manager/helpers/account.js +15 -14
- package/dist/account-manager/helpers/account.js.map +1 -1
- package/dist/account-manager/helpers/authorization-request.d.ts +12 -0
- package/dist/account-manager/helpers/authorization-request.d.ts.map +1 -0
- package/dist/account-manager/helpers/authorization-request.js +59 -0
- package/dist/account-manager/helpers/authorization-request.js.map +1 -0
- package/dist/account-manager/helpers/device-account.d.ts +108 -0
- package/dist/account-manager/helpers/device-account.d.ts.map +1 -0
- package/dist/account-manager/helpers/device-account.js +82 -0
- package/dist/account-manager/helpers/device-account.js.map +1 -0
- package/dist/account-manager/helpers/device.d.ts +9 -0
- package/dist/account-manager/helpers/device.d.ts.map +1 -0
- package/dist/account-manager/helpers/device.js +32 -0
- package/dist/account-manager/helpers/device.js.map +1 -0
- package/dist/account-manager/helpers/token.d.ts +485 -0
- package/dist/account-manager/helpers/token.d.ts.map +1 -0
- package/dist/account-manager/helpers/token.js +123 -0
- package/dist/account-manager/helpers/token.js.map +1 -0
- package/dist/account-manager/helpers/used-refresh-token.d.ts +10 -0
- package/dist/account-manager/helpers/used-refresh-token.d.ts.map +1 -0
- package/dist/account-manager/helpers/used-refresh-token.js +25 -0
- package/dist/account-manager/helpers/used-refresh-token.js.map +1 -0
- package/dist/account-manager/index.d.ts +36 -6
- package/dist/account-manager/index.d.ts.map +1 -1
- package/dist/account-manager/index.js +223 -22
- package/dist/account-manager/index.js.map +1 -1
- package/dist/actor-store/preference/reader.js.map +1 -1
- package/dist/actor-store/record/reader.d.ts +1 -1
- package/dist/api/app/bsky/util/resolver.d.ts +1 -1
- package/dist/api/com/atproto/server/createSession.d.ts.map +1 -1
- package/dist/api/com/atproto/server/createSession.js +7 -31
- package/dist/api/com/atproto/server/createSession.js.map +1 -1
- package/dist/api/com/atproto/server/deleteSession.d.ts.map +1 -1
- package/dist/api/com/atproto/server/deleteSession.js +14 -13
- package/dist/api/com/atproto/server/deleteSession.js.map +1 -1
- package/dist/api/com/atproto/server/getSession.d.ts.map +1 -1
- package/dist/api/com/atproto/server/getSession.js +4 -2
- package/dist/api/com/atproto/server/getSession.js.map +1 -1
- package/dist/api/com/atproto/server/refreshSession.d.ts.map +1 -1
- package/dist/api/com/atproto/server/refreshSession.js +4 -2
- package/dist/api/com/atproto/server/refreshSession.js.map +1 -1
- package/dist/api/com/atproto/sync/getRepoStatus.d.ts.map +1 -1
- package/dist/api/com/atproto/sync/getRepoStatus.js +2 -1
- package/dist/api/com/atproto/sync/getRepoStatus.js.map +1 -1
- package/dist/api/com/atproto/sync/listRepos.js +2 -2
- package/dist/api/com/atproto/sync/listRepos.js.map +1 -1
- package/dist/api/proxy.d.ts.map +1 -1
- package/dist/api/proxy.js +15 -2
- package/dist/api/proxy.js.map +1 -1
- package/dist/auth-routes.d.ts +4 -0
- package/dist/auth-routes.d.ts.map +1 -0
- package/dist/auth-routes.js +24 -0
- package/dist/auth-routes.js.map +1 -0
- package/dist/auth-verifier.d.ts +32 -11
- package/dist/auth-verifier.d.ts.map +1 -1
- package/dist/auth-verifier.js +238 -79
- package/dist/auth-verifier.js.map +1 -1
- package/dist/config/config.d.ts +12 -0
- package/dist/config/config.d.ts.map +1 -1
- package/dist/config/config.js +45 -0
- package/dist/config/config.js.map +1 -1
- package/dist/config/env.d.ts +8 -0
- package/dist/config/env.d.ts.map +1 -1
- package/dist/config/env.js +10 -0
- package/dist/config/env.js.map +1 -1
- package/dist/config/secrets.d.ts +1 -0
- package/dist/config/secrets.d.ts.map +1 -1
- package/dist/config/secrets.js +1 -0
- package/dist/config/secrets.js.map +1 -1
- package/dist/context.d.ts +6 -0
- package/dist/context.d.ts.map +1 -1
- package/dist/context.js +71 -13
- package/dist/context.js.map +1 -1
- package/dist/db/cast.d.ts +15 -0
- package/dist/db/cast.d.ts.map +1 -0
- package/dist/db/cast.js +66 -0
- package/dist/db/cast.js.map +1 -0
- package/dist/db/db.d.ts +2 -2
- package/dist/db/db.d.ts.map +1 -1
- package/dist/db/db.js +9 -7
- package/dist/db/db.js.map +1 -1
- package/dist/db/index.d.ts +1 -0
- package/dist/db/index.d.ts.map +1 -1
- package/dist/db/index.js +1 -0
- package/dist/db/index.js.map +1 -1
- package/dist/error.d.ts.map +1 -1
- package/dist/error.js +5 -0
- package/dist/error.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -0
- package/dist/index.js.map +1 -1
- package/dist/logger.d.ts +13 -11
- package/dist/logger.d.ts.map +1 -1
- package/dist/logger.js +80 -64
- package/dist/logger.js.map +1 -1
- package/dist/oauth/detailed-account-store.d.ts +27 -0
- package/dist/oauth/detailed-account-store.d.ts.map +1 -0
- package/dist/oauth/detailed-account-store.js +76 -0
- package/dist/oauth/detailed-account-store.js.map +1 -0
- package/dist/oauth/provider.d.ts +16 -0
- package/dist/oauth/provider.d.ts.map +1 -0
- package/dist/oauth/provider.js +45 -0
- package/dist/oauth/provider.js.map +1 -0
- package/dist/pipethrough.d.ts.map +1 -1
- package/dist/pipethrough.js.map +1 -1
- package/dist/sequencer/events.d.ts +2 -2
- package/example.env +21 -3
- package/package.json +6 -4
- package/src/account-manager/db/migrations/004-oauth.ts +122 -0
- package/src/account-manager/db/migrations/index.ts +2 -0
- package/src/account-manager/db/schema/authorization-request.ts +26 -0
- package/src/account-manager/db/schema/device-account.ts +15 -0
- package/src/account-manager/db/schema/device.ts +18 -0
- package/src/account-manager/db/schema/index.ts +15 -0
- package/src/account-manager/db/schema/token.ts +34 -0
- package/src/account-manager/db/schema/used-refresh-token.ts +13 -0
- package/src/account-manager/helpers/account.ts +16 -21
- package/src/account-manager/helpers/authorization-request.ts +82 -0
- package/src/account-manager/helpers/device-account.ts +135 -0
- package/src/account-manager/helpers/device.ts +45 -0
- package/src/account-manager/helpers/token.ts +185 -0
- package/src/account-manager/helpers/used-refresh-token.ts +30 -0
- package/src/account-manager/index.ts +325 -20
- package/src/actor-store/preference/reader.ts +1 -1
- package/src/api/com/atproto/server/createSession.ts +8 -44
- package/src/api/com/atproto/server/deleteSession.ts +14 -20
- package/src/api/com/atproto/server/getSession.ts +7 -2
- package/src/api/com/atproto/server/refreshSession.ts +6 -2
- package/src/api/com/atproto/sync/getRepoStatus.ts +3 -1
- package/src/api/com/atproto/sync/listRepos.ts +1 -1
- package/src/api/proxy.ts +18 -2
- package/src/auth-routes.ts +27 -0
- package/src/auth-verifier.ts +312 -92
- package/src/config/config.ts +66 -0
- package/src/config/env.ts +24 -0
- package/src/config/secrets.ts +2 -0
- package/src/context.ts +80 -14
- package/src/db/cast.ts +59 -0
- package/src/db/db.ts +15 -12
- package/src/db/index.ts +1 -0
- package/src/error.ts +7 -0
- package/src/index.ts +2 -0
- package/src/logger.ts +83 -38
- package/src/oauth/detailed-account-store.ts +96 -0
- package/src/oauth/provider.ts +77 -0
- package/src/pipethrough.ts +3 -2
@@ -1,20 +1,21 @@
|
|
1
1
|
"use strict";
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
3
|
-
const auth_verifier_1 = require("../../../../auth-verifier");
|
4
3
|
const proxy_1 = require("../../../proxy");
|
5
4
|
function default_1(server, ctx) {
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
}
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
5
|
+
const { entrywayAgent } = ctx;
|
6
|
+
if (entrywayAgent) {
|
7
|
+
server.com.atproto.server.deleteSession(async (reqCtx) => {
|
8
|
+
await entrywayAgent.com.atproto.server.deleteSession(undefined, (0, proxy_1.authPassthru)(reqCtx.req, true));
|
9
|
+
});
|
10
|
+
}
|
11
|
+
else {
|
12
|
+
server.com.atproto.server.deleteSession({
|
13
|
+
auth: ctx.authVerifier.refreshExpired,
|
14
|
+
handler: async ({ auth }) => {
|
15
|
+
await ctx.accountManager.revokeRefreshToken(auth.credentials.tokenId);
|
16
|
+
},
|
17
|
+
});
|
18
|
+
}
|
18
19
|
}
|
19
20
|
exports.default = default_1;
|
20
21
|
//# sourceMappingURL=deleteSession.js.map
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"deleteSession.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/deleteSession.ts"],"names":[],"mappings":";;
|
1
|
+
{"version":3,"file":"deleteSession.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/deleteSession.ts"],"names":[],"mappings":";;AAEA,0CAA6C;AAE7C,mBAAyB,MAAc,EAAE,GAAe;IACtD,MAAM,EAAE,aAAa,EAAE,GAAG,GAAG,CAAA;IAC7B,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;YACvD,MAAM,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAClD,SAAS,EACT,IAAA,oBAAY,EAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,CAC/B,CAAA;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC;YACtC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,cAAc;YACrC,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;gBAC1B,MAAM,GAAG,CAAC,cAAc,CAAC,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;YACvE,CAAC;SACF,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAjBD,4BAiBC"}
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"getSession.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/getSession.ts"],"names":[],"mappings":"
|
1
|
+
{"version":3,"file":"getSession.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/getSession.ts"],"names":[],"mappings":"AAIA,OAAO,UAAU,MAAM,qBAAqB,CAAA;AAC5C,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAK5C,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QA0CvD"}
|
@@ -2,6 +2,7 @@
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
3
3
|
const xrpc_server_1 = require("@atproto/xrpc-server");
|
4
4
|
const syntax_1 = require("@atproto/syntax");
|
5
|
+
const account_manager_1 = require("../../../../account-manager");
|
5
6
|
const proxy_1 = require("../../../proxy");
|
6
7
|
const util_1 = require("./util");
|
7
8
|
const auth_verifier_1 = require("../../../../auth-verifier");
|
@@ -22,6 +23,7 @@ function default_1(server, ctx) {
|
|
22
23
|
if (!user) {
|
23
24
|
throw new xrpc_server_1.InvalidRequestError(`Could not find user info for account: ${did}`);
|
24
25
|
}
|
26
|
+
const { status, active } = (0, account_manager_1.formatAccountStatus)(user);
|
25
27
|
return {
|
26
28
|
encoding: 'application/json',
|
27
29
|
body: {
|
@@ -30,8 +32,8 @@ function default_1(server, ctx) {
|
|
30
32
|
email: user.email ?? undefined,
|
31
33
|
didDoc,
|
32
34
|
emailConfirmed: !!user.emailConfirmedAt,
|
33
|
-
active
|
34
|
-
status
|
35
|
+
active,
|
36
|
+
status,
|
35
37
|
},
|
36
38
|
};
|
37
39
|
},
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"getSession.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/getSession.ts"],"names":[],"mappings":";;AAAA,sDAA0D;AAC1D,4CAAgD;
|
1
|
+
{"version":3,"file":"getSession.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/getSession.ts"],"names":[],"mappings":";;AAAA,sDAA0D;AAC1D,4CAAgD;AAEhD,iEAAiE;AAGjE,0CAA6D;AAC7D,iCAAyC;AACzC,6DAAqD;AAErD,mBAAyB,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC;QACnC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,cAAc,CAAC;YACpC,UAAU,EAAE,CAAC,yBAAS,CAAC,YAAY,CAAC;SACrC,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;YAC/B,IAAI,GAAG,CAAC,aAAa,EAAE,CAAC;gBACtB,OAAO,IAAA,sBAAc,EACnB,MAAM,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CACnD,SAAS,EACT,IAAA,oBAAY,EAAC,GAAG,CAAC,CAClB,CACF,CAAA;YACH,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAA;YAChC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;gBACvC,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC;gBAChE,IAAA,uBAAgB,EAAC,GAAG,EAAE,GAAG,CAAC;aAC3B,CAAC,CAAA;YACF,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,iCAAmB,CAC3B,yCAAyC,GAAG,EAAE,CAC/C,CAAA;YACH,CAAC;YAED,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,qCAAmB,EAAC,IAAI,CAAC,CAAA;YAEpD,OAAO;gBACL,QAAQ,EAAE,kBAAkB;gBAC5B,IAAI,EAAE;oBACJ,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,uBAAc;oBACrC,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,SAAS;oBAC9B,MAAM;oBACN,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,gBAAgB;oBACvC,MAAM;oBACN,MAAM;iBACP;aACF,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AA1CD,4BA0CC"}
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"refreshSession.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/refreshSession.ts"],"names":[],"mappings":"
|
1
|
+
{"version":3,"file":"refreshSession.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/refreshSession.ts"],"names":[],"mappings":"AAIA,OAAO,UAAU,MAAM,qBAAqB,CAAA;AAE5C,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAI5C,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QAsDvD"}
|
@@ -2,6 +2,7 @@
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
3
3
|
const syntax_1 = require("@atproto/syntax");
|
4
4
|
const xrpc_server_1 = require("@atproto/xrpc-server");
|
5
|
+
const account_manager_1 = require("../../../../account-manager");
|
5
6
|
const util_1 = require("../../../../db/util");
|
6
7
|
const util_2 = require("./util");
|
7
8
|
const proxy_1 = require("../../../proxy");
|
@@ -30,6 +31,7 @@ function default_1(server, ctx) {
|
|
30
31
|
if (rotated === null) {
|
31
32
|
throw new xrpc_server_1.InvalidRequestError('Token has been revoked', 'ExpiredToken');
|
32
33
|
}
|
34
|
+
const { status, active } = (0, account_manager_1.formatAccountStatus)(user);
|
33
35
|
return {
|
34
36
|
encoding: 'application/json',
|
35
37
|
body: {
|
@@ -38,8 +40,8 @@ function default_1(server, ctx) {
|
|
38
40
|
handle: user.handle ?? syntax_1.INVALID_HANDLE,
|
39
41
|
accessJwt: rotated.accessJwt,
|
40
42
|
refreshJwt: rotated.refreshJwt,
|
41
|
-
active
|
42
|
-
status
|
43
|
+
active,
|
44
|
+
status,
|
43
45
|
},
|
44
46
|
};
|
45
47
|
},
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"refreshSession.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/refreshSession.ts"],"names":[],"mappings":";;AAAA,4CAAgD;AAChD,sDAA6E;AAE7E,8CAAiD;AAEjD,iCAAyC;AACzC,0CAA6D;AAE7D,mBAAyB,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC;QACvC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,OAAO;QAC9B,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;YAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAA;YAChC,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,EAAE;gBACpD,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CAAC,CAAA;YACF,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,iCAAmB,CAC3B,yCAAyC,GAAG,EAAE,CAC/C,CAAA;YACH,CAAC;YACD,IAAI,IAAA,kBAAW,EAAC,IAAI,CAAC,EAAE,CAAC;gBACtB,MAAM,IAAI,+BAAiB,CACzB,6BAA6B,EAC7B,iBAAiB,CAClB,CAAA;YACH,CAAC;YAED,IAAI,GAAG,CAAC,aAAa,EAAE,CAAC;gBACtB,OAAO,IAAA,sBAAc,EACnB,MAAM,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CACvD,SAAS,EACT,IAAA,oBAAY,EAAC,GAAG,CAAC,CAClB,CACF,CAAA;YACH,CAAC;YAED,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;gBAC1C,IAAA,uBAAgB,EAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC;gBAC/B,GAAG,CAAC,cAAc,CAAC,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC;aAChE,CAAC,CAAA;YACF,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;gBACrB,MAAM,IAAI,iCAAmB,CAAC,wBAAwB,EAAE,cAAc,CAAC,CAAA;YACzE,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE,kBAAkB;gBAC5B,IAAI,EAAE;oBACJ,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,MAAM;oBACN,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,uBAAc;oBACrC,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,MAAM
|
1
|
+
{"version":3,"file":"refreshSession.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/refreshSession.ts"],"names":[],"mappings":";;AAAA,4CAAgD;AAChD,sDAA6E;AAE7E,iEAAiE;AAEjE,8CAAiD;AAEjD,iCAAyC;AACzC,0CAA6D;AAE7D,mBAAyB,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC;QACvC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,OAAO;QAC9B,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;YAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAA;YAChC,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,EAAE;gBACpD,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CAAC,CAAA;YACF,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,iCAAmB,CAC3B,yCAAyC,GAAG,EAAE,CAC/C,CAAA;YACH,CAAC;YACD,IAAI,IAAA,kBAAW,EAAC,IAAI,CAAC,EAAE,CAAC;gBACtB,MAAM,IAAI,+BAAiB,CACzB,6BAA6B,EAC7B,iBAAiB,CAClB,CAAA;YACH,CAAC;YAED,IAAI,GAAG,CAAC,aAAa,EAAE,CAAC;gBACtB,OAAO,IAAA,sBAAc,EACnB,MAAM,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CACvD,SAAS,EACT,IAAA,oBAAY,EAAC,GAAG,CAAC,CAClB,CACF,CAAA;YACH,CAAC;YAED,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;gBAC1C,IAAA,uBAAgB,EAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC;gBAC/B,GAAG,CAAC,cAAc,CAAC,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC;aAChE,CAAC,CAAA;YACF,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;gBACrB,MAAM,IAAI,iCAAmB,CAAC,wBAAwB,EAAE,cAAc,CAAC,CAAA;YACzE,CAAC;YAED,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,qCAAmB,EAAC,IAAI,CAAC,CAAA;YAEpD,OAAO;gBACL,QAAQ,EAAE,kBAAkB;gBAC5B,IAAI,EAAE;oBACJ,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,MAAM;oBACN,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,uBAAc;oBACrC,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,MAAM;oBACN,MAAM;iBACP;aACF,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAtDD,4BAsDC"}
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"getRepoStatus.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/getRepoStatus.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAC5C,OAAO,UAAU,MAAM,qBAAqB,CAAA;
|
1
|
+
{"version":3,"file":"getRepoStatus.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/getRepoStatus.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAC5C,OAAO,UAAU,MAAM,qBAAqB,CAAA;AAI5C,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QA2BvD"}
|
@@ -1,12 +1,13 @@
|
|
1
1
|
"use strict";
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
3
3
|
const util_1 = require("./util");
|
4
|
+
const account_manager_1 = require("../../../../account-manager");
|
4
5
|
function default_1(server, ctx) {
|
5
6
|
server.com.atproto.sync.getRepoStatus({
|
6
7
|
handler: async ({ params }) => {
|
7
8
|
const { did } = params;
|
8
9
|
const account = await (0, util_1.assertRepoAvailability)(ctx, did, true);
|
9
|
-
const { active, status } = account;
|
10
|
+
const { active, status } = (0, account_manager_1.formatAccountStatus)(account);
|
10
11
|
let rev = undefined;
|
11
12
|
if (active) {
|
12
13
|
const root = await ctx.actorStore.read(did, (store) => store.repo.storage.getRootDetailed());
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"getRepoStatus.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/getRepoStatus.ts"],"names":[],"mappings":";;AAEA,iCAA+C;
|
1
|
+
{"version":3,"file":"getRepoStatus.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/getRepoStatus.ts"],"names":[],"mappings":";;AAEA,iCAA+C;AAC/C,iEAAiE;AAEjE,mBAAyB,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC;QACpC,OAAO,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;YAC5B,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,CAAA;YACtB,MAAM,OAAO,GAAG,MAAM,IAAA,6BAAsB,EAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;YAE5D,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,qCAAmB,EAAC,OAAO,CAAC,CAAA;YAEvD,IAAI,GAAG,GAAuB,SAAS,CAAA;YACvC,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,KAAK,EAAE,EAAE,CACpD,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CACrC,CAAA;gBACD,GAAG,GAAG,IAAI,CAAC,GAAG,CAAA;YAChB,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE,kBAAkB;gBAC5B,IAAI,EAAE;oBACJ,GAAG;oBACH,MAAM;oBACN,MAAM;oBACN,GAAG;iBACJ;aACF,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AA3BD,4BA2BC"}
|
@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.TimeDidKeyset = void 0;
|
4
4
|
const xrpc_server_1 = require("@atproto/xrpc-server");
|
5
5
|
const pagination_1 = require("../../../../db/pagination");
|
6
|
-
const
|
6
|
+
const account_manager_1 = require("../../../../account-manager");
|
7
7
|
function default_1(server, ctx) {
|
8
8
|
server.com.atproto.sync.listRepos(async ({ params }) => {
|
9
9
|
const { limit, cursor } = params;
|
@@ -30,7 +30,7 @@ function default_1(server, ctx) {
|
|
30
30
|
});
|
31
31
|
const res = await builder.execute();
|
32
32
|
const repos = res.map((row) => {
|
33
|
-
const { active, status } = (0,
|
33
|
+
const { active, status } = (0, account_manager_1.formatAccountStatus)(row);
|
34
34
|
return {
|
35
35
|
did: row.did,
|
36
36
|
head: row.head,
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"listRepos.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/listRepos.ts"],"names":[],"mappings":";;;AAAA,sDAA0D;AAG1D,0DAA2E;AAC3E,
|
1
|
+
{"version":3,"file":"listRepos.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/listRepos.ts"],"names":[],"mappings":";;;AAAA,sDAA0D;AAG1D,0DAA2E;AAC3E,iEAAiE;AAEjE,mBAAyB,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;QACrD,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,MAAM,CAAA;QAChC,MAAM,EAAE,GAAG,GAAG,CAAC,cAAc,CAAC,EAAE,CAAA;QAChC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,OAAO,CAAA;QAC7B,IAAI,OAAO,GAAG,EAAE,CAAC,EAAE;aAChB,UAAU,CAAC,OAAO,CAAC;aACnB,SAAS,CAAC,WAAW,EAAE,eAAe,EAAE,WAAW,CAAC;aACpD,MAAM,CAAC;YACN,kBAAkB;YAClB,uBAAuB;YACvB,sBAAsB;YACtB,8BAA8B;YAC9B,sCAAsC;YACtC,kCAAkC;SACnC,CAAC,CAAA;QACJ,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,CAAA;QAC1E,OAAO,GAAG,IAAA,qBAAQ,EAAC,OAAO,EAAE;YAC1B,KAAK;YACL,MAAM;YACN,MAAM;YACN,SAAS,EAAE,KAAK;YAChB,QAAQ,EAAE,IAAI;SACf,CAAC,CAAA;QACF,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,CAAA;QACnC,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;YAC5B,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,qCAAmB,EAAC,GAAG,CAAC,CAAA;YACnD,OAAO;gBACL,GAAG,EAAE,GAAG,CAAC,GAAG;gBACZ,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,GAAG,EAAE,GAAG,CAAC,GAAG,IAAI,EAAE;gBAClB,MAAM;gBACN,MAAM;aACP,CAAA;QACH,CAAC,CAAC,CAAA;QACF,OAAO;YACL,QAAQ,EAAE,kBAAkB;YAC5B,IAAI,EAAE;gBACJ,MAAM,EAAE,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC;gBAClC,KAAK;aACN;SACF,CAAA;IACH,CAAC,CAAC,CAAA;AACJ,CAAC;AA3CD,4BA2CC;AAID,MAAa,aAAc,SAAQ,0BAAoC;IACrE,WAAW,CAAC,MAAqB;QAC/B,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC,GAAG,EAAE,CAAA;IAC7D,CAAC;IACD,qBAAqB,CAAC,OAAe;QACnC,OAAO;YACL,OAAO,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;YACvD,SAAS,EAAE,OAAO,CAAC,SAAS;SAC7B,CAAA;IACH,CAAC;IACD,qBAAqB,CAAC,MAAc;QAClC,MAAM,WAAW,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAA;QAC1D,IAAI,KAAK,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,iCAAmB,CAAC,kBAAkB,CAAC,CAAA;QACnD,CAAC;QACD,OAAO;YACL,OAAO,EAAE,WAAW,CAAC,WAAW,EAAE;YAClC,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAA;IACH,CAAC;CACF;AApBD,sCAoBC"}
|
package/dist/api/proxy.d.ts.map
CHANGED
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"proxy.d.ts","sourceRoot":"","sources":["../../src/api/proxy.ts"],"names":[],"mappings":";AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAA;
|
1
|
+
{"version":3,"file":"proxy.d.ts","sourceRoot":"","sources":["../../src/api/proxy.ts"],"names":[],"mappings":";AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAA;AAEvC,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAE3C,eAAO,MAAM,cAAc,cAAe;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,CAAC,CAAA;CAAE;;;CAMtE,CAAA;AAID,wBAAgB,YAAY,CAC1B,GAAG,EAAE,eAAe,EACpB,YAAY,CAAC,EAAE,KAAK,GACnB;IAAE,OAAO,EAAE;QAAE,aAAa,EAAE,MAAM,CAAA;KAAE,CAAC;IAAC,QAAQ,EAAE,SAAS,CAAA;CAAE,GAAG,SAAS,CAAA;AAE1E,wBAAgB,YAAY,CAC1B,GAAG,EAAE,eAAe,EACpB,YAAY,EAAE,IAAI,GAEhB;IAAE,OAAO,EAAE;QAAE,aAAa,EAAE,MAAM,CAAA;KAAE,CAAC;IAAC,QAAQ,EAAE,kBAAkB,CAAA;CAAE,GACpE,SAAS,CAAA"}
|
package/dist/api/proxy.js
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
"use strict";
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
3
3
|
exports.authPassthru = exports.resultPassthru = void 0;
|
4
|
+
const xrpc_server_1 = require("@atproto/xrpc-server");
|
4
5
|
const resultPassthru = (result) => {
|
5
6
|
// @TODO pass through any headers that we always want to forward along
|
6
7
|
return {
|
@@ -10,9 +11,21 @@ const resultPassthru = (result) => {
|
|
10
11
|
};
|
11
12
|
exports.resultPassthru = resultPassthru;
|
12
13
|
function authPassthru(req, withEncoding) {
|
13
|
-
|
14
|
+
const { authorization } = req.headers;
|
15
|
+
if (authorization) {
|
16
|
+
// DPoP requests are bound to the endpoint being called. Allowing them to be
|
17
|
+
// proxied would require that the receiving end allows DPoP proof not
|
18
|
+
// created for him. Since proxying is mainly there to support legacy
|
19
|
+
// clients, and DPoP is a new feature, we don't support DPoP requests
|
20
|
+
// through the proxy.
|
21
|
+
// This is fine since app views are usually called using the requester's
|
22
|
+
// credentials when "auth.credentials.type === 'access'", which is the only
|
23
|
+
// case were DPoP is used.
|
24
|
+
if (authorization.startsWith('DPoP ') || req.headers['dpop']) {
|
25
|
+
throw new xrpc_server_1.InvalidRequestError('DPoP requests cannot be proxied');
|
26
|
+
}
|
14
27
|
return {
|
15
|
-
headers: { authorization
|
28
|
+
headers: { authorization },
|
16
29
|
encoding: withEncoding ? 'application/json' : undefined,
|
17
30
|
};
|
18
31
|
}
|
package/dist/api/proxy.js.map
CHANGED
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"proxy.js","sourceRoot":"","sources":["../../src/api/proxy.ts"],"names":[],"mappings":";;;
|
1
|
+
{"version":3,"file":"proxy.js","sourceRoot":"","sources":["../../src/api/proxy.ts"],"names":[],"mappings":";;;AACA,sDAA0D;AAGnD,MAAM,cAAc,GAAG,CAAI,MAAqC,EAAE,EAAE;IACzE,sEAAsE;IACtE,OAAO;QACL,QAAQ,EAAE,kBAA2B;QACrC,IAAI,EAAE,MAAM,CAAC,IAAI;KAClB,CAAA;AACH,CAAC,CAAA;AANY,QAAA,cAAc,kBAM1B;AAgBD,SAAgB,YAAY,CAAC,GAAoB,EAAE,YAAsB;IACvE,MAAM,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,OAAO,CAAA;IAErC,IAAI,aAAa,EAAE,CAAC;QAClB,4EAA4E;QAC5E,qEAAqE;QACrE,oEAAoE;QACpE,qEAAqE;QACrE,qBAAqB;QAErB,wEAAwE;QACxE,2EAA2E;QAC3E,0BAA0B;QAC1B,IAAI,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7D,MAAM,IAAI,iCAAmB,CAAC,iCAAiC,CAAC,CAAA;QAClE,CAAC;QAED,OAAO;YACL,OAAO,EAAE,EAAE,aAAa,EAAE;YAC1B,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS;SACxD,CAAA;IACH,CAAC;AACH,CAAC;AAtBD,oCAsBC"}
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"auth-routes.d.ts","sourceRoot":"","sources":["../src/auth-routes.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAA;AAEhC,OAAO,UAAU,MAAM,WAAW,CAAA;AAElC,eAAO,MAAM,YAAY,0BAA2B,UAAU,KAAG,MAqBhE,CAAA"}
|
@@ -0,0 +1,24 @@
|
|
1
|
+
"use strict";
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
3
|
+
exports.createRouter = void 0;
|
4
|
+
const oauth_provider_1 = require("@atproto/oauth-provider");
|
5
|
+
const express_1 = require("express");
|
6
|
+
const createRouter = ({ authProvider, cfg }) => {
|
7
|
+
const router = (0, express_1.Router)();
|
8
|
+
const oauthProtectedResourceMetadata = oauth_provider_1.oauthProtectedResourceMetadataSchema.parse({
|
9
|
+
resource: cfg.service.publicUrl,
|
10
|
+
authorization_servers: [cfg.entryway?.url ?? cfg.service.publicUrl],
|
11
|
+
bearer_methods_supported: ['header'],
|
12
|
+
scopes_supported: ['profile', 'email', 'phone'],
|
13
|
+
resource_documentation: 'https://atproto.com',
|
14
|
+
});
|
15
|
+
router.get('/.well-known/oauth-protected-resource', (req, res) => {
|
16
|
+
res.status(200).json(oauthProtectedResourceMetadata);
|
17
|
+
});
|
18
|
+
if (authProvider) {
|
19
|
+
router.use(authProvider.createRouter());
|
20
|
+
}
|
21
|
+
return router;
|
22
|
+
};
|
23
|
+
exports.createRouter = createRouter;
|
24
|
+
//# sourceMappingURL=auth-routes.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"auth-routes.js","sourceRoot":"","sources":["../src/auth-routes.ts"],"names":[],"mappings":";;;AAAA,4DAA8E;AAC9E,qCAAgC;AAIzB,MAAM,YAAY,GAAG,CAAC,EAAE,YAAY,EAAE,GAAG,EAAc,EAAU,EAAE;IACxE,MAAM,MAAM,GAAG,IAAA,gBAAM,GAAE,CAAA;IAEvB,MAAM,8BAA8B,GAClC,qDAAoC,CAAC,KAAK,CAAC;QACzC,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,SAAS;QAC/B,qBAAqB,EAAE,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC;QACnE,wBAAwB,EAAE,CAAC,QAAQ,CAAC;QACpC,gBAAgB,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC;QAC/C,sBAAsB,EAAE,qBAAqB;KAC9C,CAAC,CAAA;IAEJ,MAAM,CAAC,GAAG,CAAC,uCAAuC,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC/D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAA;IACtD,CAAC,CAAC,CAAA;IAEF,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,YAAY,EAAE,CAAC,CAAA;IACzC,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC,CAAA;AArBY,QAAA,YAAY,gBAqBxB"}
|
package/dist/auth-verifier.d.ts
CHANGED
@@ -1,11 +1,13 @@
|
|
1
1
|
/// <reference types="node" />
|
2
2
|
import { KeyObject } from 'node:crypto';
|
3
|
+
import { OAuthVerifier } from '@atproto/oauth-provider';
|
3
4
|
import { IdResolver } from '@atproto/identity';
|
4
5
|
import express from 'express';
|
5
6
|
import * as jose from 'jose';
|
6
7
|
import { AccountManager } from './account-manager';
|
7
8
|
type ReqCtx = {
|
8
9
|
req: express.Request;
|
10
|
+
res?: express.Response;
|
9
11
|
};
|
10
12
|
export declare enum AuthScope {
|
11
13
|
Access = "com.atproto.access",
|
@@ -72,7 +74,11 @@ type ValidatedBearer = {
|
|
72
74
|
payload: jose.JWTPayload;
|
73
75
|
audience: string | undefined;
|
74
76
|
};
|
77
|
+
type ValidatedRefreshBearer = ValidatedBearer & {
|
78
|
+
tokenId: string;
|
79
|
+
};
|
75
80
|
export type AuthVerifierOpts = {
|
81
|
+
publicUrl: string;
|
76
82
|
jwtKey: KeyObject;
|
77
83
|
adminPass: string;
|
78
84
|
dids: {
|
@@ -84,36 +90,51 @@ export type AuthVerifierOpts = {
|
|
84
90
|
export declare class AuthVerifier {
|
85
91
|
accountManager: AccountManager;
|
86
92
|
idResolver: IdResolver;
|
93
|
+
oauthVerifier: OAuthVerifier;
|
94
|
+
private _publicUrl;
|
87
95
|
private _jwtKey;
|
88
96
|
private _adminPass;
|
89
97
|
dids: AuthVerifierOpts['dids'];
|
90
|
-
constructor(accountManager: AccountManager, idResolver: IdResolver, opts: AuthVerifierOpts);
|
98
|
+
constructor(accountManager: AccountManager, idResolver: IdResolver, oauthVerifier: OAuthVerifier, opts: AuthVerifierOpts);
|
91
99
|
accessStandard: (opts?: Partial<AccessOpts>) => (ctx: ReqCtx) => Promise<AccessOutput>;
|
92
100
|
accessFull: (opts?: Partial<AccessOpts>) => (ctx: ReqCtx) => Promise<AccessOutput>;
|
93
101
|
accessPrivileged: (opts?: Partial<AccessOpts>) => (ctx: ReqCtx) => Promise<AccessOutput>;
|
94
102
|
refresh: (ctx: ReqCtx) => Promise<RefreshOutput>;
|
95
|
-
|
103
|
+
refreshExpired: (ctx: ReqCtx) => Promise<RefreshOutput>;
|
104
|
+
adminToken: (ctx: ReqCtx) => Promise<AdminTokenOutput>;
|
96
105
|
optionalAccessOrAdminToken: (ctx: ReqCtx) => Promise<AccessOutput | AdminTokenOutput | NullOutput>;
|
97
|
-
userDidAuth: (
|
98
|
-
userDidAuthOptional: (
|
99
|
-
modService: (
|
100
|
-
moderator: (
|
101
|
-
|
102
|
-
|
106
|
+
userDidAuth: (ctx: ReqCtx) => Promise<UserDidOutput>;
|
107
|
+
userDidAuthOptional: (ctx: ReqCtx) => Promise<UserDidOutput | NullOutput>;
|
108
|
+
modService: (ctx: ReqCtx) => Promise<ModServiceOutput>;
|
109
|
+
moderator: (ctx: ReqCtx) => Promise<AdminTokenOutput | ModServiceOutput>;
|
110
|
+
protected validateAdminToken({ req, }: ReqCtx): Promise<AdminTokenOutput>;
|
111
|
+
protected validateRefreshToken(ctx: ReqCtx, verifyOptions?: Omit<jose.JWTVerifyOptions, 'audience'>): Promise<ValidatedRefreshBearer>;
|
112
|
+
protected validateBearerToken(ctx: ReqCtx, scopes: AuthScope[], verifyOptions?: jose.JWTVerifyOptions): Promise<ValidatedBearer>;
|
113
|
+
protected validateAccessToken(ctx: ReqCtx, scopes: AuthScope[], { checkTakedown, checkDeactivated, }?: {
|
103
114
|
checkTakedown?: boolean;
|
104
115
|
checkDeactivated?: boolean;
|
105
116
|
}): Promise<AccessOutput>;
|
106
|
-
|
117
|
+
protected validateDpopAccessToken(ctx: ReqCtx, scopes: AuthScope[]): Promise<AccessOutput>;
|
118
|
+
protected validateBearerAccessToken(ctx: ReqCtx, scopes: AuthScope[]): Promise<AccessOutput>;
|
119
|
+
protected verifyServiceJwt(ctx: ReqCtx, opts: {
|
107
120
|
aud: string | null;
|
108
121
|
iss: string[] | null;
|
109
122
|
}): Promise<{
|
110
123
|
iss: string;
|
111
124
|
aud: string;
|
112
125
|
}>;
|
113
|
-
null(): NullOutput;
|
126
|
+
protected null(ctx: ReqCtx): NullOutput;
|
114
127
|
isUserOrAdmin(auth: AccessOutput | AdminTokenOutput | NullOutput, did: string): boolean;
|
128
|
+
protected jwtVerify(token: string, verifyOptions?: jose.JWTVerifyOptions): Promise<jose.JWTVerifyResult<jose.JWTPayload>>;
|
129
|
+
protected setAuthHeaders({ res }: ReqCtx): void;
|
130
|
+
}
|
131
|
+
declare enum AuthType {
|
132
|
+
BASIC = "Basic",
|
133
|
+
BEARER = "Bearer",
|
134
|
+
DPOP = "DPoP"
|
115
135
|
}
|
116
|
-
export declare const
|
136
|
+
export declare const parseAuthorizationHeader: (authorization?: string) => [type: null] | [type: AuthType, token: string];
|
137
|
+
export declare const parseBasicAuth: (authorizationHeader?: string) => {
|
117
138
|
username: string;
|
118
139
|
password: string;
|
119
140
|
} | null;
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"auth-verifier.d.ts","sourceRoot":"","sources":["../src/auth-verifier.ts"],"names":[],"mappings":";AAAA,OAAO,EAAE,SAAS,EAAoC,MAAM,aAAa,CAAA;
|
1
|
+
{"version":3,"file":"auth-verifier.d.ts","sourceRoot":"","sources":["../src/auth-verifier.ts"],"names":[],"mappings":";AAAA,OAAO,EAAE,SAAS,EAAoC,MAAM,aAAa,CAAA;AAEzE,OAAO,EAEL,aAAa,EAEd,MAAM,yBAAyB,CAAA;AAQhC,OAAO,EAAE,UAAU,EAA0B,MAAM,mBAAmB,CAAA;AACtE,OAAO,OAAO,MAAM,SAAS,CAAA;AAC7B,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAE5B,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAIlD,KAAK,MAAM,GAAG;IACZ,GAAG,EAAE,OAAO,CAAC,OAAO,CAAA;IAEpB,GAAG,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAA;CACvB,CAAA;AAGD,oBAAY,SAAS;IACnB,MAAM,uBAAuB;IAC7B,OAAO,wBAAwB;IAC/B,OAAO,wBAAwB;IAC/B,iBAAiB,kCAAkC;IACnD,YAAY,6BAA6B;CAC1C;AAED,MAAM,MAAM,UAAU,GAAG;IACvB,UAAU,EAAE,SAAS,EAAE,CAAA;IACvB,aAAa,EAAE,OAAO,CAAA;IACtB,gBAAgB,EAAE,OAAO,CAAA;CAC1B,CAAA;AAED,oBAAY,UAAU;IACpB,KAAK,IAAA;IACL,OAAO,IAAA;IACP,OAAO,IAAA;CACR;AAED,KAAK,UAAU,GAAG;IAChB,WAAW,EAAE,IAAI,CAAA;CAClB,CAAA;AAED,KAAK,gBAAgB,GAAG;IACtB,WAAW,EAAE;QACX,IAAI,EAAE,aAAa,CAAA;KACpB,CAAA;CACF,CAAA;AAED,KAAK,gBAAgB,GAAG;IACtB,WAAW,EAAE;QACX,IAAI,EAAE,aAAa,CAAA;QACnB,GAAG,EAAE,MAAM,CAAA;QACX,GAAG,EAAE,MAAM,CAAA;KACZ,CAAA;CACF,CAAA;AAED,KAAK,YAAY,GAAG;IAClB,WAAW,EAAE;QACX,IAAI,EAAE,QAAQ,CAAA;QACd,GAAG,EAAE,MAAM,CAAA;QACX,KAAK,EAAE,SAAS,CAAA;QAChB,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;KAC7B,CAAA;IACD,SAAS,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,KAAK,aAAa,GAAG;IACnB,WAAW,EAAE;QACX,IAAI,EAAE,SAAS,CAAA;QACf,GAAG,EAAE,MAAM,CAAA;QACX,KAAK,EAAE,SAAS,CAAA;QAChB,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;QAC5B,OAAO,EAAE,MAAM,CAAA;KAChB,CAAA;IACD,SAAS,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,KAAK,aAAa,GAAG;IACnB,WAAW,EAAE;QACX,IAAI,EAAE,UAAU,CAAA;QAChB,GAAG,EAAE,MAAM,CAAA;QACX,GAAG,EAAE,MAAM,CAAA;KACZ,CAAA;CACF,CAAA;AAED,KAAK,eAAe,GAAG;IACrB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,SAAS,CAAA;IAChB,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,IAAI,CAAC,UAAU,CAAA;IACxB,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;CAC7B,CAAA;AAED,KAAK,sBAAsB,GAAG,eAAe,GAAG;IAC9C,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,SAAS,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,IAAI,EAAE;QACJ,GAAG,EAAE,MAAM,CAAA;QACX,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,UAAU,CAAC,EAAE,MAAM,CAAA;KACpB,CAAA;CACF,CAAA;AAED,qBAAa,YAAY;IAOd,cAAc,EAAE,cAAc;IAC9B,UAAU,EAAE,UAAU;IACtB,aAAa,EAAE,aAAa;IARrC,OAAO,CAAC,UAAU,CAAQ;IAC1B,OAAO,CAAC,OAAO,CAAW;IAC1B,OAAO,CAAC,UAAU,CAAQ;IACnB,IAAI,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAA;gBAG5B,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU,EACtB,aAAa,EAAE,aAAa,EACnC,IAAI,EAAE,gBAAgB;IAUxB,cAAc,UACL,QAAQ,UAAU,CAAC,WACpB,MAAM,KAAG,QAAQ,YAAY,CAAC,CAWnC;IAEH,UAAU,UACD,QAAQ,UAAU,CAAC,WACpB,MAAM,KAAG,QAAQ,YAAY,CAAC,CAMnC;IAEH,gBAAgB,UACP,QAAQ,UAAU,CAAC,WACpB,MAAM,KAAG,QAAQ,YAAY,CAAC,CAMnC;IAEH,OAAO,QAAe,MAAM,KAAG,QAAQ,aAAa,CAAC,CAcpD;IAED,cAAc,QAAe,MAAM,KAAG,QAAQ,aAAa,CAAC,CAc3D;IAED,UAAU,QAAe,MAAM,KAAG,QAAQ,gBAAgB,CAAC,CAG1D;IAED,0BAA0B,QACnB,MAAM,KACV,QAAQ,YAAY,GAAG,gBAAgB,GAAG,UAAU,CAAC,CAQvD;IAED,WAAW,QAAe,MAAM,KAAG,QAAQ,aAAa,CAAC,CAYxD;IAED,mBAAmB,QACZ,MAAM,KACV,QAAQ,aAAa,GAAG,UAAU,CAAC,CAMrC;IAED,UAAU,QAAe,MAAM,KAAG,QAAQ,gBAAgB,CAAC,CAwB1D;IAED,SAAS,QACF,MAAM,KACV,QAAQ,gBAAgB,GAAG,gBAAgB,CAAC,CAM9C;cAEe,kBAAkB,CAAC,EACjC,GAAG,GACJ,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;cAarB,oBAAoB,CAClC,GAAG,EAAE,MAAM,EACX,aAAa,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,UAAU,CAAC,GACtD,OAAO,CAAC,sBAAsB,CAAC;cAgBlB,mBAAmB,CACjC,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,SAAS,EAAE,EACnB,aAAa,CAAC,EAAE,IAAI,CAAC,gBAAgB,GACpC,OAAO,CAAC,eAAe,CAAC;cA+CX,mBAAmB,CACjC,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,SAAS,EAAE,EACnB,EACE,aAAqB,EACrB,gBAAwB,GACzB,GAAE;QAAE,aAAa,CAAC,EAAE,OAAO,CAAC;QAAC,gBAAgB,CAAC,EAAE,OAAO,CAAA;KAAO,GAC9D,OAAO,CAAC,YAAY,CAAC;cAqDR,uBAAuB,CACrC,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,SAAS,EAAE,GAClB,OAAO,CAAC,YAAY,CAAC;cA4DR,yBAAyB,CACvC,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,SAAS,EAAE,GAClB,OAAO,CAAC,YAAY,CAAC;cAiBR,gBAAgB,CAC9B,GAAG,EAAE,MAAM,EACX,IAAI,EAAE;QAAE,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,GAAG,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;KAAE;;;;IAqCpD,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU;IAOvC,aAAa,CACX,IAAI,EAAE,YAAY,GAAG,gBAAgB,GAAG,UAAU,EAClD,GAAG,EAAE,MAAM,GACV,OAAO;cAUM,SAAS,CACvB,KAAK,EAAE,MAAM,EACb,aAAa,CAAC,EAAE,IAAI,CAAC,gBAAgB;IAevC,SAAS,CAAC,cAAc,CAAC,EAAE,GAAG,EAAE,EAAE,MAAM;CAMzC;AAKD,aAAK,QAAQ;IACX,KAAK,UAAU;IACf,MAAM,WAAW;IACjB,IAAI,SAAS;CACd;AAED,eAAO,MAAM,wBAAwB,mBACnB,MAAM,KACrB,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAY/C,CAAA;AAsBD,eAAO,MAAM,cAAc,yBACH,MAAM,KAC3B;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GAAG,IAc3C,CAAA;AAOD,eAAO,MAAM,qBAAqB,WAAY,MAAM,KAAG,SAEtD,CAAA;AAED,eAAO,MAAM,qBAAqB,iBAAkB,MAAM,KAAG,SAG5D,CAAA"}
|