npm - @atproto/pds - Versions diffs - 0.4.34 → 0.4.36 - Mend

@atproto/pds 0.4.34 → 0.4.36

Files changed (179) hide show

package/CHANGELOG.md +17 -0
package/dist/account-manager/db/migrations/004-oauth.d.ts +4 -0
package/dist/account-manager/db/migrations/004-oauth.d.ts.map +1 -0
package/dist/account-manager/db/migrations/004-oauth.js +106 -0
package/dist/account-manager/db/migrations/004-oauth.js.map +1 -0
package/dist/account-manager/db/migrations/index.d.ts +2 -0
package/dist/account-manager/db/migrations/index.d.ts.map +1 -1
package/dist/account-manager/db/migrations/index.js +2 -0
package/dist/account-manager/db/migrations/index.js.map +1 -1
package/dist/account-manager/db/schema/authorization-request.d.ts +19 -0
package/dist/account-manager/db/schema/authorization-request.d.ts.map +1 -0
package/dist/account-manager/db/schema/authorization-request.js +5 -0
package/dist/account-manager/db/schema/authorization-request.js.map +1 -0
package/dist/account-manager/db/schema/device-account.d.ts +14 -0
package/dist/account-manager/db/schema/device-account.d.ts.map +1 -0
package/dist/account-manager/db/schema/device-account.js +5 -0
package/dist/account-manager/db/schema/device-account.js.map +1 -0
package/dist/account-manager/db/schema/device.d.ts +16 -0
package/dist/account-manager/db/schema/device.d.ts.map +1 -0
package/dist/account-manager/db/schema/device.js +5 -0
package/dist/account-manager/db/schema/device.js.map +1 -0
package/dist/account-manager/db/schema/index.d.ts +11 -1
package/dist/account-manager/db/schema/index.d.ts.map +1 -1
package/dist/account-manager/db/schema/token.d.ts +24 -0
package/dist/account-manager/db/schema/token.d.ts.map +1 -0
package/dist/account-manager/db/schema/token.js +5 -0
package/dist/account-manager/db/schema/token.js.map +1 -0
package/dist/account-manager/db/schema/used-refresh-token.d.ts +12 -0
package/dist/account-manager/db/schema/used-refresh-token.d.ts.map +1 -0
package/dist/account-manager/db/schema/used-refresh-token.js +5 -0
package/dist/account-manager/db/schema/used-refresh-token.js.map +1 -0
package/dist/account-manager/helpers/account.d.ts +27 -5
package/dist/account-manager/helpers/account.d.ts.map +1 -1
package/dist/account-manager/helpers/account.js +15 -14
package/dist/account-manager/helpers/account.js.map +1 -1
package/dist/account-manager/helpers/authorization-request.d.ts +12 -0
package/dist/account-manager/helpers/authorization-request.d.ts.map +1 -0
package/dist/account-manager/helpers/authorization-request.js +59 -0
package/dist/account-manager/helpers/authorization-request.js.map +1 -0
package/dist/account-manager/helpers/device-account.d.ts +108 -0
package/dist/account-manager/helpers/device-account.d.ts.map +1 -0
package/dist/account-manager/helpers/device-account.js +82 -0
package/dist/account-manager/helpers/device-account.js.map +1 -0
package/dist/account-manager/helpers/device.d.ts +9 -0
package/dist/account-manager/helpers/device.d.ts.map +1 -0
package/dist/account-manager/helpers/device.js +32 -0
package/dist/account-manager/helpers/device.js.map +1 -0
package/dist/account-manager/helpers/token.d.ts +485 -0
package/dist/account-manager/helpers/token.d.ts.map +1 -0
package/dist/account-manager/helpers/token.js +123 -0
package/dist/account-manager/helpers/token.js.map +1 -0
package/dist/account-manager/helpers/used-refresh-token.d.ts +10 -0
package/dist/account-manager/helpers/used-refresh-token.d.ts.map +1 -0
package/dist/account-manager/helpers/used-refresh-token.js +25 -0
package/dist/account-manager/helpers/used-refresh-token.js.map +1 -0
package/dist/account-manager/index.d.ts +36 -6
package/dist/account-manager/index.d.ts.map +1 -1
package/dist/account-manager/index.js +223 -22
package/dist/account-manager/index.js.map +1 -1
package/dist/actor-store/preference/reader.js.map +1 -1
package/dist/actor-store/record/reader.d.ts +1 -1
package/dist/api/app/bsky/util/resolver.d.ts +1 -1
package/dist/api/com/atproto/server/createSession.d.ts.map +1 -1
package/dist/api/com/atproto/server/createSession.js +7 -31
package/dist/api/com/atproto/server/createSession.js.map +1 -1
package/dist/api/com/atproto/server/deleteSession.d.ts.map +1 -1
package/dist/api/com/atproto/server/deleteSession.js +14 -13
package/dist/api/com/atproto/server/deleteSession.js.map +1 -1
package/dist/api/com/atproto/server/getSession.d.ts.map +1 -1
package/dist/api/com/atproto/server/getSession.js +4 -2
package/dist/api/com/atproto/server/getSession.js.map +1 -1
package/dist/api/com/atproto/server/refreshSession.d.ts.map +1 -1
package/dist/api/com/atproto/server/refreshSession.js +4 -2
package/dist/api/com/atproto/server/refreshSession.js.map +1 -1
package/dist/api/com/atproto/sync/getRepoStatus.d.ts.map +1 -1
package/dist/api/com/atproto/sync/getRepoStatus.js +2 -1
package/dist/api/com/atproto/sync/getRepoStatus.js.map +1 -1
package/dist/api/com/atproto/sync/listRepos.js +2 -2
package/dist/api/com/atproto/sync/listRepos.js.map +1 -1
package/dist/api/proxy.d.ts.map +1 -1
package/dist/api/proxy.js +15 -2
package/dist/api/proxy.js.map +1 -1
package/dist/auth-routes.d.ts +4 -0
package/dist/auth-routes.d.ts.map +1 -0
package/dist/auth-routes.js +24 -0
package/dist/auth-routes.js.map +1 -0
package/dist/auth-verifier.d.ts +32 -11
package/dist/auth-verifier.d.ts.map +1 -1
package/dist/auth-verifier.js +238 -79
package/dist/auth-verifier.js.map +1 -1
package/dist/config/config.d.ts +12 -0
package/dist/config/config.d.ts.map +1 -1
package/dist/config/config.js +45 -0
package/dist/config/config.js.map +1 -1
package/dist/config/env.d.ts +8 -0
package/dist/config/env.d.ts.map +1 -1
package/dist/config/env.js +10 -0
package/dist/config/env.js.map +1 -1
package/dist/config/secrets.d.ts +1 -0
package/dist/config/secrets.d.ts.map +1 -1
package/dist/config/secrets.js +1 -0
package/dist/config/secrets.js.map +1 -1
package/dist/context.d.ts +6 -0
package/dist/context.d.ts.map +1 -1
package/dist/context.js +71 -13
package/dist/context.js.map +1 -1
package/dist/db/cast.d.ts +15 -0
package/dist/db/cast.d.ts.map +1 -0
package/dist/db/cast.js +66 -0
package/dist/db/cast.js.map +1 -0
package/dist/db/db.d.ts +2 -2
package/dist/db/db.d.ts.map +1 -1
package/dist/db/db.js +9 -7
package/dist/db/db.js.map +1 -1
package/dist/db/index.d.ts +1 -0
package/dist/db/index.d.ts.map +1 -1
package/dist/db/index.js +1 -0
package/dist/db/index.js.map +1 -1
package/dist/error.d.ts.map +1 -1
package/dist/error.js +5 -0
package/dist/error.js.map +1 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +2 -0
package/dist/index.js.map +1 -1
package/dist/logger.d.ts +13 -11
package/dist/logger.d.ts.map +1 -1
package/dist/logger.js +80 -64
package/dist/logger.js.map +1 -1
package/dist/oauth/detailed-account-store.d.ts +27 -0
package/dist/oauth/detailed-account-store.d.ts.map +1 -0
package/dist/oauth/detailed-account-store.js +76 -0
package/dist/oauth/detailed-account-store.js.map +1 -0
package/dist/oauth/provider.d.ts +16 -0
package/dist/oauth/provider.d.ts.map +1 -0
package/dist/oauth/provider.js +45 -0
package/dist/oauth/provider.js.map +1 -0
package/dist/pipethrough.d.ts.map +1 -1
package/dist/pipethrough.js.map +1 -1
package/dist/sequencer/events.d.ts +2 -2
package/example.env +21 -3
package/package.json +9 -7
package/src/account-manager/db/migrations/004-oauth.ts +122 -0
package/src/account-manager/db/migrations/index.ts +2 -0
package/src/account-manager/db/schema/authorization-request.ts +26 -0
package/src/account-manager/db/schema/device-account.ts +15 -0
package/src/account-manager/db/schema/device.ts +18 -0
package/src/account-manager/db/schema/index.ts +15 -0
package/src/account-manager/db/schema/token.ts +34 -0
package/src/account-manager/db/schema/used-refresh-token.ts +13 -0
package/src/account-manager/helpers/account.ts +16 -21
package/src/account-manager/helpers/authorization-request.ts +82 -0
package/src/account-manager/helpers/device-account.ts +135 -0
package/src/account-manager/helpers/device.ts +45 -0
package/src/account-manager/helpers/token.ts +185 -0
package/src/account-manager/helpers/used-refresh-token.ts +30 -0
package/src/account-manager/index.ts +325 -20
package/src/actor-store/preference/reader.ts +1 -1
package/src/api/com/atproto/server/createSession.ts +8 -44
package/src/api/com/atproto/server/deleteSession.ts +14 -20
package/src/api/com/atproto/server/getSession.ts +7 -2
package/src/api/com/atproto/server/refreshSession.ts +6 -2
package/src/api/com/atproto/sync/getRepoStatus.ts +3 -1
package/src/api/com/atproto/sync/listRepos.ts +1 -1
package/src/api/proxy.ts +18 -2
package/src/auth-routes.ts +27 -0
package/src/auth-verifier.ts +312 -92
package/src/config/config.ts +66 -0
package/src/config/env.ts +24 -0
package/src/config/secrets.ts +2 -0
package/src/context.ts +80 -14
package/src/db/cast.ts +59 -0
package/src/db/db.ts +15 -12
package/src/db/index.ts +1 -0
package/src/error.ts +7 -0
package/src/index.ts +2 -0
package/src/logger.ts +83 -38
package/src/oauth/detailed-account-store.ts +96 -0
package/src/oauth/provider.ts +77 -0
package/src/pipethrough.ts +3 -2

package/src/oauth/provider.ts ADDED Viewed

@@ -0,0 +1,77 @@
+import {
+  AccessTokenType,
+  OAuthProvider,
+  OAuthProviderOptions,
+} from '@atproto/oauth-provider'
+import { AccountManager } from '../account-manager/index'
+import { ActorStore } from '../actor-store/index'
+import { oauthLogger } from '../logger'
+import { LocalViewerCreator } from '../read-after-write/index'
+import { DetailedAccountStore } from './detailed-account-store'
+export type AuthProviderOptions = {
+  accountManager: AccountManager
+  actorStore: ActorStore
+  localViewer: LocalViewerCreator
+} & Pick<
+  OAuthProviderOptions,
+  'issuer' | 'redis' | 'keyset' | 'dpopSecret' | 'customization'
+> &
+  Required<Pick<OAuthProviderOptions, 'safeFetch'>>
+export class PdsOAuthProvider extends OAuthProvider {
+  constructor({
+    accountManager,
+    actorStore,
+    localViewer,
+    keyset,
+    redis,
+    dpopSecret,
+    issuer,
+    customization,
+    safeFetch,
+  }: AuthProviderOptions) {
+    super({
+      issuer,
+      keyset,
+      dpopSecret,
+      redis,
+      safeFetch,
+      customization,
+      metadata: {
+        // PdsOAuthProvider is used when the PDS is both an authorization server
+        // & resource server, in which case the issuer origin is also the
+        // resource server uri.
+        protected_resources: [new URL(issuer).origin],
+      },
+      accountStore: new DetailedAccountStore(
+        accountManager,
+        actorStore,
+        localViewer,
+      ),
+      requestStore: accountManager,
+      deviceStore: accountManager,
+      tokenStore: accountManager,
+      // If the PDS is both an authorization server & resource server (no
+      // entryway), there is no need to use JWTs as access tokens. Instead,
+      // the PDS can use tokenId as access tokens. This allows the PDS to
+      // always use up-to-date token data from the token store.
+      accessTokenType: AccessTokenType.id,
+      onClientInfo: (clientId) => ({
+        isFirstParty: clientId === 'https://bsky.app/',
+        // @TODO make client client list configurable:
+        isTrusted: undefined,
+      }),
+    })
+  }
+  createRouter() {
+    return this.httpHandler({
+      onError: (req, res, err, message) => oauthLogger.error({ err }, message),
+    })
+  }
+}

package/src/pipethrough.ts CHANGED Viewed

@@ -22,7 +22,8 @@ export const proxyHandler = (ctx: AppContext): CatchallHandler => {
       const { url, aud } = await formatUrlAndAud(ctx, req)
       const auth = await accessStandard({ req })
       const headers = await formatHeaders(ctx, req, aud, auth.credentials.did)
-      const body = stream.Readable.toWeb(req)
+      const body: webStream.ReadableStream<Uint8Array> =
+        stream.Readable.toWeb(req)
       const reqInit = formatReqInit(req, headers, body)
       const proxyRes = await makeRequest(url, reqInit)
       await pipeProxyRes(proxyRes, res)
@@ -113,7 +114,7 @@ export const formatHeaders = async (
 const formatReqInit = (
   req: express.Request,
   headers: Record<string, string>,
-  body?: Uint8Array | ReadableStream,
+  body?: Uint8Array | webStream.ReadableStream<Uint8Array>,
 ): RequestInit => {
   if (req.method === 'GET') {
     return {