@atproto/pds 0.4.39 → 0.4.41

package/src/lexicon/lexicons.ts

@@ -4167,6 +4167,7 @@ export const schemaDict = {
             'lex:app.bsky.actor.defs#mutedWordsPref',
             'lex:app.bsky.actor.defs#hiddenPostsPref',
             'lex:app.bsky.actor.defs#bskyAppStatePref',
+            'lex:app.bsky.actor.defs#labelersPref',
           ],
         },
       },
@@ -4957,6 +4958,7 @@ export const schemaDict = {
               'lex:app.bsky.feed.defs#generatorView',
               'lex:app.bsky.graph.defs#listView',
               'lex:app.bsky.labeler.defs#labelerView',
+              'lex:app.bsky.graph.defs#starterPackViewBasic',
             ],
           },
         },
@@ -8710,6 +8712,12 @@ export const schemaDict = {
             cursor: {
               type: 'string',
             },
+            relativeToDid: {
+              type: 'string',
+              format: 'did',
+              description:
+                'DID of the account to get suggestions relative to. If not provided, suggestions will be based on the viewer.',
+            },
           },
         },
         output: {
@@ -10112,6 +10120,7 @@ export const schemaDict = {
               'lex:tools.ozone.moderation.defs#modEventEmail',
               'lex:tools.ozone.moderation.defs#modEventResolveAppeal',
               'lex:tools.ozone.moderation.defs#modEventDivert',
+              'lex:tools.ozone.moderation.defs#modEventTag',
             ],
           },
           subject: {
@@ -10175,6 +10184,7 @@ export const schemaDict = {
               'lex:tools.ozone.moderation.defs#modEventEmail',
               'lex:tools.ozone.moderation.defs#modEventResolveAppeal',
               'lex:tools.ozone.moderation.defs#modEventDivert',
+              'lex:tools.ozone.moderation.defs#modEventTag',
             ],
           },
           subject: {

package/src/lexicon/types/app/bsky/actor/defs.ts

@@ -185,6 +185,7 @@ export type Preferences = (
   | MutedWordsPref
   | HiddenPostsPref
   | BskyAppStatePref
+  | LabelersPref
   | { $type: string; [k: string]: unknown }
 )[]
 

package/src/lexicon/types/app/bsky/embed/record.ts

@@ -41,6 +41,7 @@ export interface View {
     | AppBskyFeedDefs.GeneratorView
     | AppBskyGraphDefs.ListView
     | AppBskyLabelerDefs.LabelerView
+    | AppBskyGraphDefs.StarterPackViewBasic
     | { $type: string; [k: string]: unknown }
   [k: string]: unknown
 }

package/src/lexicon/types/app/bsky/unspecced/getSuggestionsSkeleton.ts

@@ -14,6 +14,8 @@ export interface QueryParams {
   viewer?: string
   limit: number
   cursor?: string
+  /** DID of the account to get suggestions relative to. If not provided, suggestions will be based on the viewer. */
+  relativeToDid?: string
 }
 
 export type InputSchema = undefined

package/src/lexicon/types/tools/ozone/moderation/defs.ts

@@ -29,6 +29,7 @@ export interface ModEventView {
     | ModEventEmail
     | ModEventResolveAppeal
     | ModEventDivert
+    | ModEventTag
     | { $type: string; [k: string]: unknown }
   subject:
     | ComAtprotoAdminDefs.RepoRef
@@ -72,6 +73,7 @@ export interface ModEventViewDetail {
     | ModEventEmail
     | ModEventResolveAppeal
     | ModEventDivert
+    | ModEventTag
     | { $type: string; [k: string]: unknown }
   subject:
     | RepoView

package/src/logger.ts

@@ -1,6 +1,7 @@
+import { type IncomingMessage } from 'node:http'
 import { stdSerializers } from 'pino'
 import pinoHttp from 'pino-http'
-import { subsystemLogger } from '@atproto/common'
+import { obfuscateHeaders, subsystemLogger } from '@atproto/common'
 
 export const dbLogger = subsystemLogger('pds:db')
 export const didCacheLogger = subsystemLogger('pds:did-cache')
@@ -17,85 +18,14 @@ export const oauthLogger = subsystemLogger('pds:oauth')
 export const loggerMiddleware = pinoHttp({
   logger: httpLogger,
   serializers: {
-    err: errSerializer,
-    req: reqSerializer,
+    err: (err: unknown) => ({
+      code: err?.['code'],
+      message: err?.['message'],
+    }),
+    req: (req: IncomingMessage) => {
+      const serialized = stdSerializers.req(req)
+      const headers = obfuscateHeaders(serialized.headers)
+      return { ...serialized, headers }
+    },
   },
 })
-
-function errSerializer(err: any) {
-  return {
-    code: err?.code,
-    message: err?.message,
-  }
-}
-
-function reqSerializer(req: any) {
-  const serialized = stdSerializers.req(req)
-  serialized.headers = obfuscateHeaders(serialized.headers)
-  return serialized
-}
-
-function obfuscateHeaders(headers: Record<string, string>) {
-  const obfuscatedHeaders: Record<string, string> = {}
-  for (const key in headers) {
-    if (key.toLowerCase() === 'authorization') {
-      obfuscatedHeaders[key] = obfuscateAuthHeader(headers[key])
-    } else if (key.toLowerCase() === 'dpop') {
-      obfuscatedHeaders[key] = obfuscateJws(headers[key]) || 'Invalid'
-    } else {
-      obfuscatedHeaders[key] = headers[key]
-    }
-  }
-  return obfuscatedHeaders
-}
-
-function obfuscateAuthHeader(authHeader: string): string {
-  // This is a hot path (runs on every request). Avoid using split() or regex.
-
-  const spaceIdx = authHeader.indexOf(' ')
-  if (spaceIdx === -1) return 'Invalid'
-
-  const type = authHeader.slice(0, spaceIdx)
-  switch (type.toLowerCase()) {
-    case 'bearer':
-      return `${type} ${obfuscateBearer(authHeader.slice(spaceIdx + 1))}`
-    case 'dpop':
-      return `${type} ${obfuscateJws(authHeader.slice(spaceIdx + 1)) || 'Invalid'}`
-    case 'basic':
-      return `${type} ${obfuscateBasic(authHeader.slice(spaceIdx + 1)) || 'Invalid'}`
-    default:
-      return `Invalid`
-  }
-}
-
-function obfuscateBasic(token: string): null | string {
-  if (!token) return null
-  const buffer = Buffer.from(token, 'base64')
-  if (!buffer.length) return null // Buffer.from will silently ignore invalid base64 chars
-  const authHeader = buffer.toString('utf8')
-  const colIdx = authHeader.indexOf(':')
-  if (colIdx === -1) return null
-  const username = authHeader.slice(0, colIdx)
-  return `${username}:***`
-}
-
-function obfuscateBearer(token: string): string {
-  return obfuscateJws(token) || obfuscateToken(token)
-}
-
-function obfuscateToken(token: string): string {
-  return token ? '***' : ''
-}
-
-function obfuscateJws(token: string): null | string {
-  const firstDot = token.indexOf('.')
-  if (firstDot === -1) return null
-
-  const secondDot = token.indexOf('.', firstDot + 1)
-  if (secondDot === -1) return null
-
-  if (token.indexOf('.', secondDot + 1) !== -1) return null
-
-  // Strip the signature
-  return token.slice(0, secondDot) + '.obfuscated'
-}

package/src/oauth/detailed-account-store.ts

@@ -2,7 +2,7 @@ import {
   AccountInfo,
   AccountStore,
   DeviceId,
-  LoginCredentials,
+  SignInCredentials,
 } from '@atproto/oauth-provider'
 
 import { AccountManager } from '../account-manager/index'
@@ -50,7 +50,7 @@ export class DetailedAccountStore implements AccountStore {
   }
 
   async authenticateAccount(
-    credentials: LoginCredentials,
+    credentials: SignInCredentials,
     deviceId: DeviceId,
   ): Promise<AccountInfo | null> {
     const accountInfo = await this.accountManager.authenticateAccount(