@atproto/pds 0.4.45 → 0.4.46

package/src/auth-verifier.ts

@@ -71,6 +71,7 @@ type AccessOutput = {
     did: string
     scope: AuthScope
     audience: string | undefined
+    isPrivileged: boolean
   }
   artifacts: string
 }
@@ -86,11 +87,11 @@ type RefreshOutput = {
   artifacts: string
 }
 
-type UserDidOutput = {
+type UserServiceAuthOutput = {
   credentials: {
-    type: 'user_did'
+    type: 'user_service_auth'
     aud: string
-    iss: string
+    did: string
   }
 }
 
@@ -221,30 +222,40 @@ export class AuthVerifier {
     }
   }
 
-  userDidAuth = async (ctx: ReqCtx): Promise<UserDidOutput> => {
+  userServiceAuth = async (ctx: ReqCtx): Promise<UserServiceAuthOutput> => {
     const payload = await this.verifyServiceJwt(ctx, {
       aud: this.dids.entryway ?? this.dids.pds,
       iss: null,
     })
     return {
       credentials: {
-        type: 'user_did',
+        type: 'user_service_auth',
         aud: payload.aud,
-        iss: payload.iss,
+        did: payload.iss,
       },
     }
   }
 
-  userDidAuthOptional = async (
+  userServiceAuthOptional = async (
     ctx: ReqCtx,
-  ): Promise<UserDidOutput | NullOutput> => {
+  ): Promise<UserServiceAuthOutput | NullOutput> => {
     if (isBearerToken(ctx.req)) {
-      return await this.userDidAuth(ctx)
+      return await this.userServiceAuth(ctx)
     } else {
       return this.null(ctx)
     }
   }
 
+  accessOrUserServiceAuth =
+    (opts: Partial<AccessOpts> = {}) =>
+    async (ctx: ReqCtx): Promise<UserServiceAuthOutput | AccessOutput> => {
+      try {
+        return await this.accessStandard(opts)(ctx)
+      } catch {
+        return await this.userServiceAuth(ctx)
+      }
+    }
+
   modService = async (ctx: ReqCtx): Promise<ModServiceOutput> => {
     if (!this.dids.modService) {
       throw new AuthRequiredError('Untrusted issuer', 'UntrustedIss')
@@ -470,6 +481,7 @@ export class AuthVerifier {
           did: result.claims.sub,
           scope: AuthScope.Access,
           audience: this.dids.pds,
+          isPrivileged: true,
         },
         artifacts: result.token,
       }
@@ -498,12 +510,17 @@ export class AuthVerifier {
       scopes,
       { audience: this.dids.pds },
     )
+    const isPrivileged = [
+      AuthScope.Access,
+      AuthScope.AppPassPrivileged,
+    ].includes(scope)
     return {
       credentials: {
         type: 'access',
         did,
         scope,
         audience,
+        isPrivileged,
       },
       artifacts: token,
     }
@@ -544,7 +561,12 @@ export class AuthVerifier {
     if (!jwtStr) {
       throw new AuthRequiredError('missing jwt', 'MissingJwt')
     }
-    const payload = await verifyServiceJwt(jwtStr, opts.aud, getSigningKey)
+    const payload = await verifyServiceJwt(
+      jwtStr,
+      opts.aud,
+      null,
+      getSigningKey,
+    )
     return { iss: payload.iss, aud: payload.aud }
   }
 

package/src/context.ts

@@ -342,16 +342,17 @@ export class AppContext {
     })
   }
 
-  async appviewAuthHeaders(did: string) {
+  async appviewAuthHeaders(did: string, lxm: string) {
     assert(this.cfg.bskyAppView)
-    return this.serviceAuthHeaders(did, this.cfg.bskyAppView.did)
+    return this.serviceAuthHeaders(did, this.cfg.bskyAppView.did, lxm)
   }
 
-  async serviceAuthHeaders(did: string, aud: string) {
+  async serviceAuthHeaders(did: string, aud: string, lxm: string) {
     const keypair = await this.actorStore.keypair(did)
     return createServiceAuthHeaders({
       iss: did,
       aud,
+      lxm,
       keypair,
     })
   }

package/src/lexicon/lexicons.ts

@@ -891,7 +891,7 @@ export const schemaDict = {
       labelValueDefinition: {
         type: 'object',
         description:
-          'Declares a label value and its expected interpertations and behaviors.',
+          'Declares a label value and its expected interpretations and behaviors.',
         required: ['identifier', 'severity', 'blurs', 'locales'],
         properties: {
           identifier: {
@@ -2607,6 +2607,17 @@ export const schemaDict = {
               description:
                 'The DID of the service that the token will be used to authenticate with',
             },
+            exp: {
+              type: 'integer',
+              description:
+                'The time in Unix Epoch seconds that the JWT expires. Defaults to 60 seconds in the future. The service may enforce certain time bounds on tokens depending on the requested scope.',
+            },
+            lxm: {
+              type: 'string',
+              format: 'nsid',
+              description:
+                'Lexicon (XRPC) method to bind the requested token to',
+            },
           },
         },
         output: {
@@ -2621,6 +2632,13 @@ export const schemaDict = {
             },
           },
         },
+        errors: [
+          {
+            name: 'BadExpiration',
+            description:
+              'Indicates that the requested expiration date is not a valid. May be in the past or may be reliant on the requested scopes.',
+          },
+        ],
       },
     },
   },
@@ -5482,7 +5500,7 @@ export const schemaDict = {
           feedContext: {
             type: 'string',
             description:
-              'Context on a feed item that was orginally supplied by the feed generator on getFeedSkeleton.',
+              'Context on a feed item that was originally supplied by the feed generator on getFeedSkeleton.',
             maxLength: 2000,
           },
         },

package/src/lexicon/types/app/bsky/feed/defs.ts

@@ -332,7 +332,7 @@ export interface Interaction {
     | 'app.bsky.feed.defs#interactionQuote'
     | 'app.bsky.feed.defs#interactionShare'
     | (string & {})
-  /** Context on a feed item that was orginally supplied by the feed generator on getFeedSkeleton. */
+  /** Context on a feed item that was originally supplied by the feed generator on getFeedSkeleton. */
   feedContext?: string
   [k: string]: unknown
 }

package/src/lexicon/types/com/atproto/label/defs.ts

@@ -78,7 +78,7 @@ export function validateSelfLabel(v: unknown): ValidationResult {
   return lexicons.validate('com.atproto.label.defs#selfLabel', v)
 }
 
-/** Declares a label value and its expected interpertations and behaviors. */
+/** Declares a label value and its expected interpretations and behaviors. */
 export interface LabelValueDefinition {
   /** The value of the label being defined. Must only include lowercase ascii and the '-' character ([a-z-]+). */
   identifier: string

package/src/lexicon/types/com/atproto/server/getServiceAuth.ts

@@ -11,6 +11,10 @@ import { HandlerAuth, HandlerPipeThrough } from '@atproto/xrpc-server'
 export interface QueryParams {
   /** The DID of the service that the token will be used to authenticate with */
   aud: string
+  /** The time in Unix Epoch seconds that the JWT expires. Defaults to 60 seconds in the future. The service may enforce certain time bounds on tokens depending on the requested scope. */
+  exp?: number
+  /** Lexicon (XRPC) method to bind the requested token to */
+  lxm?: string
 }
 
 export type InputSchema = undefined
@@ -31,6 +35,7 @@ export interface HandlerSuccess {
 export interface HandlerError {
   status: number
   message?: string
+  error?: 'BadExpiration'
 }
 
 export type HandlerOutput = HandlerError | HandlerSuccess | HandlerPipeThrough

package/src/pipethrough.ts

@@ -14,14 +14,22 @@ import { ids, lexicons } from './lexicon/lexicons'
 import { httpLogger } from './logger'
 import { getServiceEndpoint, noUndefinedVals } from '@atproto/common'
 import AppContext from './context'
+import { parseReqNsid } from '@atproto/xrpc-server'
 
 export const proxyHandler = (ctx: AppContext): CatchallHandler => {
   const accessStandard = ctx.authVerifier.accessStandard()
   return async (req, res, next) => {
     try {
-      const { url, aud } = await formatUrlAndAud(ctx, req)
+      const { url, aud, nsid } = await formatUrlAndAud(ctx, req)
       const auth = await accessStandard({ req })
-      const headers = await formatHeaders(ctx, req, aud, auth.credentials.did)
+      if (!auth.credentials.isPrivileged && PRIVILEGED_METHODS.has(nsid)) {
+        throw new InvalidRequestError('Bad token method', 'InvalidToken')
+      }
+      const headers = await formatHeaders(ctx, req, {
+        aud,
+        lxm: nsid,
+        requester: auth.credentials.did,
+      })
       const body: webStream.ReadableStream<Uint8Array> =
         stream.Readable.toWeb(req)
       const reqInit = formatReqInit(req, headers, body)
@@ -38,10 +46,14 @@ export const pipethrough = async (
   ctx: AppContext,
   req: express.Request,
   requester: string | null,
-  audOverride?: string,
+  override: {
+    aud?: string
+    lxm?: string
+  } = {},
 ): Promise<HandlerPipeThrough> => {
-  const { url, aud } = await formatUrlAndAud(ctx, req, audOverride)
-  const headers = await formatHeaders(ctx, req, aud, requester)
+  const { url, aud, nsid } = await formatUrlAndAud(ctx, req, override.aud)
+  const lxm = override.lxm ?? nsid
+  const headers = await formatHeaders(ctx, req, { aud, lxm, requester })
   const reqInit = formatReqInit(req, headers)
   const res = await makeRequest(url, reqInit)
   return parseProxyRes(res)
@@ -53,8 +65,8 @@ export const pipethroughProcedure = async (
   requester: string | null,
   body?: LexValue,
 ): Promise<HandlerPipeThrough> => {
-  const { url, aud } = await formatUrlAndAud(ctx, req)
-  const headers = await formatHeaders(ctx, req, aud, requester)
+  const { url, aud, nsid: lxm } = await formatUrlAndAud(ctx, req)
+  const headers = await formatHeaders(ctx, req, { aud, lxm, requester })
   const encodedBody = body
     ? new TextEncoder().encode(stringifyLex(body))
     : undefined
@@ -77,9 +89,10 @@ export const formatUrlAndAud = async (
   ctx: AppContext,
   req: express.Request,
   audOverride?: string,
-): Promise<{ url: URL; aud: string }> => {
+): Promise<{ url: URL; aud: string; nsid: string }> => {
   const proxyTo = await parseProxyHeader(ctx, req)
-  const defaultProxy = defaultService(ctx, req)
+  const nsid = parseReqNsid(req)
+  const defaultProxy = defaultService(ctx, nsid)
   const serviceUrl = proxyTo?.serviceUrl ?? defaultProxy?.url
   const aud = audOverride ?? proxyTo?.did ?? defaultProxy?.did
   if (!serviceUrl || !aud) {
@@ -89,17 +102,21 @@ export const formatUrlAndAud = async (
   if (!ctx.cfg.service.devMode && !isSafeUrl(url)) {
     throw new InvalidRequestError(`Invalid service url: ${url.toString()}`)
   }
-  return { url, aud }
+  return { url, aud, nsid }
 }
 
 export const formatHeaders = async (
   ctx: AppContext,
   req: express.Request,
-  aud: string,
-  requester: string | null,
+  opts: {
+    aud: string
+    lxm: string
+    requester: string | null
+  },
 ): Promise<{ authorization?: string }> => {
+  const { aud, lxm, requester } = opts
   const headers = requester
-    ? (await ctx.serviceAuthHeaders(requester, aud)).headers
+    ? (await ctx.serviceAuthHeaders(requester, aud, lxm)).headers
     : {}
   // forward select headers to upstream services
   for (const header of REQ_HEADERS_TO_FORWARD) {
@@ -241,11 +258,28 @@ export const parseProxyRes = async (res: Response) => {
 // Utils
 // -------------------
 
+export const PRIVILEGED_METHODS = new Set([
+  ids.ChatBskyActorDeleteAccount,
+  ids.ChatBskyActorExportAccountData,
+  ids.ChatBskyConvoDeleteMessageForSelf,
+  ids.ChatBskyConvoGetConvo,
+  ids.ChatBskyConvoGetConvoForMembers,
+  ids.ChatBskyConvoGetLog,
+  ids.ChatBskyConvoGetMessages,
+  ids.ChatBskyConvoLeaveConvo,
+  ids.ChatBskyConvoListConvos,
+  ids.ChatBskyConvoMuteConvo,
+  ids.ChatBskyConvoSendMessage,
+  ids.ChatBskyConvoSendMessageBatch,
+  ids.ChatBskyConvoUnmuteConvo,
+  ids.ChatBskyConvoUpdateRead,
+  ids.ComAtprotoServerCreateAccount,
+])
+
 const defaultService = (
   ctx: AppContext,
-  req: express.Request,
+  nsid: string,
 ): { url: string; did: string } | null => {
-  const nsid = req.originalUrl.split('?')[0].replace('/xrpc/', '')
   switch (nsid) {
     case ids.ToolsOzoneTeamAddMember:
     case ids.ToolsOzoneTeamDeleteMember:

package/src/read-after-write/viewer.ts

@@ -89,7 +89,7 @@ export class LocalViewer {
     return util.format(this.appviewCdnUrlPattern, pattern, this.did, cid)
   }
 
-  async serviceAuthHeaders(did: string) {
+  async serviceAuthHeaders(did: string, lxm: string) {
     if (!this.appviewDid) {
       throw new Error('Could not find bsky appview did')
     }
@@ -98,6 +98,7 @@ export class LocalViewer {
     return createServiceAuthHeaders({
       iss: did,
       aud: this.appviewDid,
+      lxm,
       keypair,
     })
   }
@@ -244,7 +245,7 @@ export class LocalViewer {
     if (collection === ids.AppBskyFeedPost) {
       const res = await this.appViewAgent.api.app.bsky.feed.getPosts(
         { uris: [embed.record.uri] },
-        await this.serviceAuthHeaders(this.did),
+        await this.serviceAuthHeaders(this.did, ids.AppBskyFeedGetPosts),
       )
       const post = res.data.posts[0]
       if (!post) return null
@@ -261,7 +262,10 @@ export class LocalViewer {
     } else if (collection === ids.AppBskyFeedGenerator) {
       const res = await this.appViewAgent.api.app.bsky.feed.getFeedGenerator(
         { feed: embed.record.uri },
-        await this.serviceAuthHeaders(this.did),
+        await this.serviceAuthHeaders(
+          this.did,
+          ids.AppBskyFeedGetFeedGenerator,
+        ),
       )
       return {
         $type: 'app.bsky.feed.defs#generatorView',
@@ -270,7 +274,7 @@ export class LocalViewer {
     } else if (collection === ids.AppBskyGraphList) {
       const res = await this.appViewAgent.api.app.bsky.graph.getList(
         { list: embed.record.uri },
-        await this.serviceAuthHeaders(this.did),
+        await this.serviceAuthHeaders(this.did, ids.AppBskyGraphGetList),
       )
       return {
         $type: 'app.bsky.graph.defs#listView',

package/tests/moderator-auth.test.ts

@@ -76,6 +76,7 @@ describe('moderator auth', () => {
     const headers = await createServiceAuthHeaders({
       iss: modServiceDid,
       aud: pdsDid,
+      lxm: null,
       keypair: modServiceKey,
     })
     await agent.api.com.atproto.admin.updateSubjectStatus(
@@ -103,6 +104,7 @@ describe('moderator auth', () => {
     const headers = await createServiceAuthHeaders({
       iss: altModDid,
       aud: pdsDid,
+      lxm: null,
       keypair: modServiceKey,
     })
     const attempt = agent.api.com.atproto.admin.updateSubjectStatus(
@@ -123,6 +125,7 @@ describe('moderator auth', () => {
     const headers = await createServiceAuthHeaders({
       iss: modServiceDid,
       aud: pdsDid,
+      lxm: null,
       keypair: badKey,
     })
     const attempt = agent.api.com.atproto.admin.updateSubjectStatus(
@@ -145,6 +148,7 @@ describe('moderator auth', () => {
     const headers = await createServiceAuthHeaders({
       iss: modServiceDid,
       aud: sc.dids.alice,
+      lxm: null,
       keypair: modServiceKey,
     })
     const attempt = agent.api.com.atproto.admin.updateSubjectStatus(

package/tests/proxied/notif.test.ts

@@ -69,6 +69,7 @@ describe('notif service proxy', () => {
     const auth = await verifyJwt(
       spy.current?.['jwt'] as string,
       notifDid,
+      null,
       async (did) => {
         const keypair = await network.pds.ctx.actorStore.keypair(did)
         return keypair.did()

package/tests/proxied/proxy-header.test.ts

@@ -66,6 +66,7 @@ describe('proxy header', () => {
     const verified = await verifyJwt(
       req.auth.replace('Bearer ', ''),
       proxyServer.did,
+      null,
       (iss) => network.pds.ctx.idResolver.did.resolveAtprotoKey(iss, true),
     )
     expect(verified.aud).toBe(proxyServer.did)

package/dist/api/chat/index.d.ts

@@ -1,4 +0,0 @@
-import AppContext from '../../context';
-import { Server } from '../../lexicon';
-export default function (server: Server, ctx: AppContext): void;
-//# sourceMappingURL=index.d.ts.map

package/dist/api/chat/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/api/chat/index.ts"],"names":[],"mappings":"AAAA,OAAO,UAAU,MAAM,eAAe,CAAA;AACtC,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAA;AAGtC,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QAqFvD"}

package/dist/api/chat/index.js

@@ -1,91 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const pipethrough_1 = require("../../pipethrough");
-function default_1(server, ctx) {
-    server.chat.bsky.actor.deleteAccount({
-        auth: ctx.authVerifier.accessPrivileged(),
-        handler: async ({ req, auth }) => {
-            return (0, pipethrough_1.pipethroughProcedure)(ctx, req, auth.credentials.did);
-        },
-    });
-    server.chat.bsky.actor.exportAccountData({
-        auth: ctx.authVerifier.accessPrivileged(),
-        handler: ({ req, auth }) => {
-            return (0, pipethrough_1.pipethrough)(ctx, req, auth.credentials.did);
-        },
-    });
-    server.chat.bsky.convo.deleteMessageForSelf({
-        auth: ctx.authVerifier.accessPrivileged(),
-        handler: ({ req, auth, input }) => {
-            return (0, pipethrough_1.pipethroughProcedure)(ctx, req, auth.credentials.did, input.body);
-        },
-    });
-    server.chat.bsky.convo.getConvo({
-        auth: ctx.authVerifier.accessPrivileged(),
-        handler: ({ req, auth }) => {
-            return (0, pipethrough_1.pipethrough)(ctx, req, auth.credentials.did);
-        },
-    });
-    server.chat.bsky.convo.getConvoForMembers({
-        auth: ctx.authVerifier.accessPrivileged(),
-        handler: ({ req, auth }) => {
-            return (0, pipethrough_1.pipethrough)(ctx, req, auth.credentials.did);
-        },
-    });
-    server.chat.bsky.convo.getLog({
-        auth: ctx.authVerifier.accessPrivileged(),
-        handler: ({ req, auth }) => {
-            return (0, pipethrough_1.pipethrough)(ctx, req, auth.credentials.did);
-        },
-    });
-    server.chat.bsky.convo.getMessages({
-        auth: ctx.authVerifier.accessPrivileged(),
-        handler: ({ req, auth }) => {
-            return (0, pipethrough_1.pipethrough)(ctx, req, auth.credentials.did);
-        },
-    });
-    server.chat.bsky.convo.leaveConvo({
-        auth: ctx.authVerifier.accessPrivileged(),
-        handler: ({ req, auth, input }) => {
-            return (0, pipethrough_1.pipethroughProcedure)(ctx, req, auth.credentials.did, input.body);
-        },
-    });
-    server.chat.bsky.convo.listConvos({
-        auth: ctx.authVerifier.accessPrivileged(),
-        handler: ({ req, auth }) => {
-            return (0, pipethrough_1.pipethrough)(ctx, req, auth.credentials.did);
-        },
-    });
-    server.chat.bsky.convo.muteConvo({
-        auth: ctx.authVerifier.accessPrivileged(),
-        handler: ({ req, auth, input }) => {
-            return (0, pipethrough_1.pipethroughProcedure)(ctx, req, auth.credentials.did, input.body);
-        },
-    });
-    server.chat.bsky.convo.sendMessage({
-        auth: ctx.authVerifier.accessPrivileged(),
-        handler: ({ req, auth, input }) => {
-            return (0, pipethrough_1.pipethroughProcedure)(ctx, req, auth.credentials.did, input.body);
-        },
-    });
-    server.chat.bsky.convo.sendMessageBatch({
-        auth: ctx.authVerifier.accessPrivileged(),
-        handler: ({ req, auth, input }) => {
-            return (0, pipethrough_1.pipethroughProcedure)(ctx, req, auth.credentials.did, input.body);
-        },
-    });
-    server.chat.bsky.convo.unmuteConvo({
-        auth: ctx.authVerifier.accessPrivileged(),
-        handler: ({ req, auth, input }) => {
-            return (0, pipethrough_1.pipethroughProcedure)(ctx, req, auth.credentials.did, input.body);
-        },
-    });
-    server.chat.bsky.convo.updateRead({
-        auth: ctx.authVerifier.accessPrivileged(),
-        handler: ({ req, auth, input }) => {
-            return (0, pipethrough_1.pipethroughProcedure)(ctx, req, auth.credentials.did, input.body);
-        },
-    });
-}
-exports.default = default_1;
-//# sourceMappingURL=index.js.map

package/dist/api/chat/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/api/chat/index.ts"],"names":[],"mappings":";;AAEA,mDAAqE;AAErE,mBAAyB,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC;QACnC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,gBAAgB,EAAE;QACzC,OAAO,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE;YAC/B,OAAO,IAAA,kCAAoB,EAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;QAC7D,CAAC;KACF,CAAC,CAAA;IACF,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC;QACvC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,gBAAgB,EAAE;QACzC,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE;YACzB,OAAO,IAAA,yBAAW,EAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;QACpD,CAAC;KACF,CAAC,CAAA;IACF,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC;QAC1C,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,gBAAgB,EAAE;QACzC,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;YAChC,OAAO,IAAA,kCAAoB,EAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAA;QACzE,CAAC;KACF,CAAC,CAAA;IACF,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;QAC9B,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,gBAAgB,EAAE;QACzC,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE;YACzB,OAAO,IAAA,yBAAW,EAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;QACpD,CAAC;KACF,CAAC,CAAA;IACF,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC;QACxC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,gBAAgB,EAAE;QACzC,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE;YACzB,OAAO,IAAA,yBAAW,EAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;QACpD,CAAC;KACF,CAAC,CAAA;IACF,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;QAC5B,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,gBAAgB,EAAE;QACzC,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE;YACzB,OAAO,IAAA,yBAAW,EAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;QACpD,CAAC;KACF,CAAC,CAAA;IACF,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC;QACjC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,gBAAgB,EAAE;QACzC,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE;YACzB,OAAO,IAAA,yBAAW,EAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;QACpD,CAAC;KACF,CAAC,CAAA;IACF,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;QAChC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,gBAAgB,EAAE;QACzC,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;YAChC,OAAO,IAAA,kCAAoB,EAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAA;QACzE,CAAC;KACF,CAAC,CAAA;IACF,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;QAChC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,gBAAgB,EAAE;QACzC,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE;YACzB,OAAO,IAAA,yBAAW,EAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;QACpD,CAAC;KACF,CAAC,CAAA;IACF,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC;QAC/B,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,gBAAgB,EAAE;QACzC,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;YAChC,OAAO,IAAA,kCAAoB,EAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAA;QACzE,CAAC;KACF,CAAC,CAAA;IACF,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC;QACjC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,gBAAgB,EAAE;QACzC,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;YAChC,OAAO,IAAA,kCAAoB,EAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAA;QACzE,CAAC;KACF,CAAC,CAAA;IACF,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC;QACtC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,gBAAgB,EAAE;QACzC,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;YAChC,OAAO,IAAA,kCAAoB,EAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAA;QACzE,CAAC;KACF,CAAC,CAAA;IACF,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC;QACjC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,gBAAgB,EAAE;QACzC,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;YAChC,OAAO,IAAA,kCAAoB,EAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAA;QACzE,CAAC;KACF,CAAC,CAAA;IACF,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;QAChC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,gBAAgB,EAAE;QACzC,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;YAChC,OAAO,IAAA,kCAAoB,EAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAA;QACzE,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AArFD,4BAqFC"}

package/src/api/chat/index.ts

@@ -1,90 +0,0 @@
-import AppContext from '../../context'
-import { Server } from '../../lexicon'
-import { pipethrough, pipethroughProcedure } from '../../pipethrough'
-
-export default function (server: Server, ctx: AppContext) {
-  server.chat.bsky.actor.deleteAccount({
-    auth: ctx.authVerifier.accessPrivileged(),
-    handler: async ({ req, auth }) => {
-      return pipethroughProcedure(ctx, req, auth.credentials.did)
-    },
-  })
-  server.chat.bsky.actor.exportAccountData({
-    auth: ctx.authVerifier.accessPrivileged(),
-    handler: ({ req, auth }) => {
-      return pipethrough(ctx, req, auth.credentials.did)
-    },
-  })
-  server.chat.bsky.convo.deleteMessageForSelf({
-    auth: ctx.authVerifier.accessPrivileged(),
-    handler: ({ req, auth, input }) => {
-      return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
-    },
-  })
-  server.chat.bsky.convo.getConvo({
-    auth: ctx.authVerifier.accessPrivileged(),
-    handler: ({ req, auth }) => {
-      return pipethrough(ctx, req, auth.credentials.did)
-    },
-  })
-  server.chat.bsky.convo.getConvoForMembers({
-    auth: ctx.authVerifier.accessPrivileged(),
-    handler: ({ req, auth }) => {
-      return pipethrough(ctx, req, auth.credentials.did)
-    },
-  })
-  server.chat.bsky.convo.getLog({
-    auth: ctx.authVerifier.accessPrivileged(),
-    handler: ({ req, auth }) => {
-      return pipethrough(ctx, req, auth.credentials.did)
-    },
-  })
-  server.chat.bsky.convo.getMessages({
-    auth: ctx.authVerifier.accessPrivileged(),
-    handler: ({ req, auth }) => {
-      return pipethrough(ctx, req, auth.credentials.did)
-    },
-  })
-  server.chat.bsky.convo.leaveConvo({
-    auth: ctx.authVerifier.accessPrivileged(),
-    handler: ({ req, auth, input }) => {
-      return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
-    },
-  })
-  server.chat.bsky.convo.listConvos({
-    auth: ctx.authVerifier.accessPrivileged(),
-    handler: ({ req, auth }) => {
-      return pipethrough(ctx, req, auth.credentials.did)
-    },
-  })
-  server.chat.bsky.convo.muteConvo({
-    auth: ctx.authVerifier.accessPrivileged(),
-    handler: ({ req, auth, input }) => {
-      return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
-    },
-  })
-  server.chat.bsky.convo.sendMessage({
-    auth: ctx.authVerifier.accessPrivileged(),
-    handler: ({ req, auth, input }) => {
-      return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
-    },
-  })
-  server.chat.bsky.convo.sendMessageBatch({
-    auth: ctx.authVerifier.accessPrivileged(),
-    handler: ({ req, auth, input }) => {
-      return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
-    },
-  })
-  server.chat.bsky.convo.unmuteConvo({
-    auth: ctx.authVerifier.accessPrivileged(),
-    handler: ({ req, auth, input }) => {
-      return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
-    },
-  })
-  server.chat.bsky.convo.updateRead({
-    auth: ctx.authVerifier.accessPrivileged(),
-    handler: ({ req, auth, input }) => {
-      return pipethroughProcedure(ctx, req, auth.credentials.did, input.body)
-    },
-  })
-}