npm - @atproto/pds - Versions diffs - 0.5.0 → 0.5.2 - Mend

@atproto/pds 0.5.0 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (279) hide show

package/src/api/app/bsky/actor/getPreferences.ts CHANGED Viewed

@@ -2,7 +2,11 @@ import { Server } from '@atproto/xrpc-server'
 import { AuthScope, isAccessFull } from '../../../../auth-scope.js'
 import { AppContext } from '../../../../context.js'
 import { app } from '../../../../lexicons/index.js'
-import { computeProxyTo, pipethrough } from '../../../../pipethrough.js'
+import {
+  bareDidFromProxyTo,
+  computeProxyTo,
+  pipethrough,
+} from '../../../../pipethrough.js'
 export default function (server: Server, ctx: AppContext) {
   const { bskyAppView } = ctx
@@ -26,7 +30,12 @@ export default function (server: Server, ctx: AppContext) {
       const lxm = app.bsky.actor.getPreferences.$lxm
       const aud = computeProxyTo(ctx, req, lxm)
       if (aud !== `${bskyAppView.did}#bsky_appview`) {
-        return pipethrough(ctx, req, { iss: did, aud, lxm })
+        // Phase 1 of service auth updates: outbound JWT keeps bare-DID aud.
+        return pipethrough(ctx, req, {
+          iss: did,
+          aud: bareDidFromProxyTo(aud),
+          lxm,
+        })
       }
       const hasAccessFull =

package/src/api/app/bsky/actor/putPreferences.ts CHANGED Viewed

@@ -3,7 +3,11 @@ import { AccountPreference } from '../../../../actor-store/preference/reader.js'
 import { isAccessFull } from '../../../../auth-scope.js'
 import { AppContext } from '../../../../context.js'
 import { app } from '../../../../lexicons/index.js'
-import { computeProxyTo, pipethrough } from '../../../../pipethrough.js'
+import {
+  bareDidFromProxyTo,
+  computeProxyTo,
+  pipethrough,
+} from '../../../../pipethrough.js'
 export default function (server: Server, ctx: AppContext) {
   const { bskyAppView } = ctx
@@ -27,7 +31,12 @@ export default function (server: Server, ctx: AppContext) {
       const lxm = app.bsky.actor.putPreferences.$lxm
       const aud = computeProxyTo(ctx, req, lxm)
       if (aud !== `${bskyAppView.did}#bsky_appview`) {
-        return pipethrough(ctx, req, { iss: did, aud, lxm })
+        // Phase 1 of service auth updates: outbound JWT keeps bare-DID aud.
+        return pipethrough(ctx, req, {
+          iss: did,
+          aud: bareDidFromProxyTo(aud),
+          lxm,
+        })
       }
       const checkedPreferences: AccountPreference[] = []

package/src/api/com/atproto/admin/updateAccountHandle.ts CHANGED Viewed

@@ -1,56 +1,47 @@
 import { InvalidRequestError, Server } from '@atproto/xrpc-server'
 import { AppContext } from '../../../../context.js'
 import { com } from '../../../../lexicons/index.js'
-import { httpLogger } from '../../../../logger.js'
 export default function (server: Server, ctx: AppContext) {
-  server.add(com.atproto.admin.updateAccountHandle, {
-    auth: ctx.authVerifier.adminToken,
-    handler: async ({ input }) => {
-      const { did } = input.body
-      const handle = await ctx.accountManager.normalizeAndValidateHandle(
-        input.body.handle,
-        {
-          did,
-          allowAnyValid: true,
-        },
-      )
+  const { entrywayClient } = ctx
-      // Pessimistic check to handle spam: also enforced by updateHandle() and the db.
-      const account = await ctx.accountManager.getAccount(handle, {
-        includeDeactivated: true,
-        includeTakenDown: true,
-      })
+  if (entrywayClient) {
+    server.add(com.atproto.admin.updateAccountHandle, {
+      auth: ctx.authVerifier.adminToken,
+      handler: async ({ input: { body } }) => {
+        const { did, handle } = await ctx.accountManager.validateHandleUpdate(
+          body.did,
+          body.handle,
+          { allowAnyValid: true },
+        )
-      if (account) {
-        if (account.did !== did) {
-          throw new InvalidRequestError(`Handle already taken: ${handle}`)
-        }
-      } else {
-        if (ctx.cfg.entryway) {
-          // the pds defers to the entryway for updating the handle in the user's did doc.
-          // here was just check that the handle is already bidirectionally confirmed.
-          // @TODO if handle is taken according to this PDS, should we force-update?
-          const doc = await ctx.idResolver.did
-            .resolveAtprotoData(did, true)
-            .catch(() => undefined)
-          if (doc?.handle !== handle) {
-            throw new InvalidRequestError('Handle does not match DID doc')
-          }
-        } else {
-          await ctx.plcClient.updateHandle(did, ctx.plcRotationKey, handle)
+        // the pds defers to the entryway for updating the handle in the user's
+        // did doc. here was just check that the handle is already
+        // bidirectionally confirmed.
+        //
+        // -> entryway(identity.updateHandle) [update handle, submit plc op]
+        // -> pds(admin.updateAccountHandle)  [track handle, sequence handle update]
+        //
+        // @TODO if handle is taken according to this PDS, should we force-update?
+        const doc = await ctx.idResolver.did
+          .resolveAtprotoData(did, true)
+          .catch(() => undefined)
+        if (!doc || doc.handle !== handle) {
+          throw new InvalidRequestError('Handle does not match DID doc')
         }
-        await ctx.accountManager.updateHandle(did, handle)
-      }
-      try {
-        await ctx.sequencer.sequenceIdentityEvt(did, handle)
-      } catch (err) {
-        httpLogger.error(
-          { err, did, handle },
-          'failed to sequence handle update',
-        )
-      }
-    },
-  })
+        await ctx.accountManager.updateAccountHandle(did, handle)
+      },
+    })
+  } else {
+    server.add(com.atproto.admin.updateAccountHandle, {
+      auth: ctx.authVerifier.adminToken,
+      handler: async ({ input: { body } }) => {
+        await ctx.accountManager.updateHandle(body.did, body.handle, {
+          allowAnyValid: true,
+        })
+      },
+    })
+  }
 }

package/src/api/com/atproto/identity/updateHandle.ts CHANGED Viewed

@@ -1,97 +1,66 @@
 import { DAY, MINUTE } from '@atproto/common'
-import { InvalidRequestError, Server } from '@atproto/xrpc-server'
+import { MethodRateLimit, Server } from '@atproto/xrpc-server'
+import { AccessOutput, OAuthOutput } from '../../../../auth-output.js'
 import { AppContext } from '../../../../context.js'
 import { com } from '../../../../lexicons/index.js'
-import { httpLogger } from '../../../../logger.js'
 export default function (server: Server, ctx: AppContext) {
-  server.add(com.atproto.identity.updateHandle, {
-    auth: ctx.authVerifier.authorization({
-      checkTakedown: true,
-      authorize: (permissions) => {
-        permissions.assertIdentity({ attr: 'handle' })
-      },
-    }),
-    rateLimit: [
-      {
-        durationMs: 5 * MINUTE,
-        points: 10,
-        calcKey: ({ auth }) => auth.credentials.did,
-      },
-      {
-        durationMs: DAY,
-        points: 50,
-        calcKey: ({ auth }) => auth.credentials.did,
-      },
-    ],
-    handler: async ({ auth, input, req }) => {
-      const requester = auth.credentials.did
+  const { entrywayClient } = ctx
+  const auth = ctx.authVerifier.authorization({
+    checkTakedown: true,
+    authorize: (permissions) => {
+      permissions.assertIdentity({ attr: 'handle' })
+    },
+  })
-      if (ctx.entrywayClient) {
+  const rateLimit: MethodRateLimit<AccessOutput | OAuthOutput> = [
+    {
+      durationMs: 5 * MINUTE,
+      points: 10,
+      calcKey: ({ auth }) => auth.credentials.did,
+    },
+    {
+      durationMs: DAY,
+      points: 50,
+      calcKey: ({ auth }) => auth.credentials.did,
+    },
+  ]
+  if (entrywayClient) {
+    server.add(com.atproto.identity.updateHandle, {
+      auth,
+      rateLimit,
+      handler: async ({ auth, input, req }) => {
         const { headers } = await ctx.entrywayAuthHeaders(
           req,
           auth.credentials.did,
           com.atproto.identity.updateHandle.$lxm,
         )
-        // the full flow is:
+        // The full flow is:
         // -> entryway(identity.updateHandle) [update handle, submit plc op]
         // -> pds(admin.updateAccountHandle)  [track handle, sequence handle update]
-        await ctx.entrywayClient.xrpc(com.atproto.identity.updateHandle, {
+        await entrywayClient.xrpc(com.atproto.identity.updateHandle, {
           headers,
           body: {
             handle: input.body.handle,
             // @ts-expect-error "did" is not in the schema
-            did: requester,
+            did: auth.credentials.did,
           },
         })
-        return
-      }
-      const handle = await ctx.accountManager.normalizeAndValidateHandle(
-        input.body.handle,
-        { did: requester },
-      )
-      // Pessimistic check to handle spam: also enforced by updateHandle() and the db.
-      const account = await ctx.accountManager.getAccount(handle, {
-        includeDeactivated: true,
-      })
-      if (!account) {
-        if (requester.startsWith('did:plc:')) {
-          await ctx.plcClient.updateHandle(
-            requester,
-            ctx.plcRotationKey,
-            handle,
-          )
-        } else {
-          const resolved = await ctx.idResolver.did.resolveAtprotoData(
-            requester,
-            true,
-          )
-          if (resolved.handle !== handle) {
-            throw new InvalidRequestError(
-              'DID is not properly configured for handle',
-            )
-          }
-        }
-        await ctx.accountManager.updateHandle(requester, handle)
-      } else {
-        // if we found an account with matching handle, check if it is the same as requester
-        // if so emit an identity event, otherwise error.
-        if (account.did !== requester) {
-          throw new InvalidRequestError(`Handle already taken: ${handle}`)
-        }
-      }
-      try {
-        await ctx.sequencer.sequenceIdentityEvt(requester, handle)
-      } catch (err) {
-        httpLogger.error(
-          { err, did: requester, handle },
-          'failed to sequence handle update',
+      },
+    })
+  } else {
+    server.add(com.atproto.identity.updateHandle, {
+      auth,
+      rateLimit,
+      handler: async ({ auth, input }) => {
+        await ctx.accountManager.updateHandle(
+          auth.credentials.did,
+          input.body.handle,
         )
-      }
-    },
-  })
+      },
+    })
+  }
 }

package/src/api/com/atproto/repo/getRecord.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AtUri } from '@atproto/syntax'
+import { atUri } from '@atproto/lex'
 import { InvalidRequestError, Server } from '@atproto/xrpc-server'
 import { AppContext } from '../../../../context.js'
 import { com } from '../../../../lexicons/index.js'
@@ -11,7 +11,7 @@ export default function (server: Server, ctx: AppContext) {
     // fetch from pds if available, if not then fetch from appview
     if (did) {
-      const uri = AtUri.make(did, collection, rkey)
+      const uri = atUri(did, collection, rkey)
       const record = await ctx.actorStore.read(did, (store) =>
         store.record.getRecord(uri, cid ?? null),
       )
@@ -24,7 +24,7 @@ export default function (server: Server, ctx: AppContext) {
       return {
         encoding: 'application/json' as const,
         body: {
-          uri: uri.toString(),
+          uri,
           cid: record.cid,
           value: record.value,
         },

package/src/api/com/atproto/repo/putRecord.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+import { atUri } from '@atproto/lex'
 import {
   LegacyBlobRef,
   LexMap,
@@ -5,7 +6,6 @@ import {
   isLegacyBlobRef,
   parseCid,
 } from '@atproto/lex-data'
-import { AtUri } from '@atproto/syntax'
 import {
   AuthRequiredError,
   InvalidRequestError,
@@ -90,7 +90,7 @@ export default function (server: Server, ctx: AppContext) {
         })
       }
-      const uri = AtUri.make(did, collection, rkey)
+      const uri = atUri(did, collection, rkey)
       const swapCommitCid = swapCommit ? parseCid(swapCommit) : undefined
       const swapRecordCid =
         typeof swapRecord === 'string' ? parseCid(swapRecord) : swapRecord

package/src/api/com/atproto/server/getServiceAuth.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { HOUR, MINUTE } from '@atproto/common'
+import { isAtprotoDid, isAtprotoDidRefAbsolute } from '@atproto/did'
 import { l } from '@atproto/lex'
 import {
   InvalidRequestError,
@@ -34,6 +35,12 @@ export default function (server: Server, ctx: AppContext) {
       // @NOTE "exp" is expressed in seconds since epoch, not milliseconds
       const { aud, exp, lxm = null } = params
+      if (!isAtprotoDid(aud) && !isAtprotoDidRefAbsolute(aud)) {
+        throw new InvalidRequestError(
+          'aud must be a valid atproto DID or did#serviceId reference',
+        )
+      }
       // Takendown accounts should not be able to generate service auth tokens except for methods necessary for account migration
       if (auth.credentials.type === 'access') {
         // @NOTE We should probably use "ForbiddenError" here. Using

package/src/config/config.ts CHANGED Viewed

@@ -1,10 +1,15 @@
 import assert from 'node:assert'
 import path from 'node:path'
 import { DAY, HOUR, SECOND } from '@atproto/common'
-import { BrandingInput, HcaptchaConfig } from '@atproto/oauth-provider'
+import {
+  BrandingInput as BrandingConfig,
+  HcaptchaConfig,
+} from '@atproto/oauth-provider'
 import { ensureValidDid } from '@atproto/syntax'
 import { ServerEnvironment } from './env.js'
+export type { BrandingConfig }
 // off-config but still from env:
 // logging: LOG_LEVEL, LOG_SYSTEMS, LOG_ENABLED, LOG_DESTINATION
@@ -152,6 +157,7 @@ export const envToCfg = (env: ServerEnvironment): ServerConfig => {
     emailCfg = {
       smtpUrl: env.emailSmtpUrl,
       fromAddress: env.emailFromAddress,
+      disableConfirmationLink: env.emailDisableConfirmationLink ?? false,
     }
   }
@@ -167,6 +173,7 @@ export const envToCfg = (env: ServerEnvironment): ServerConfig => {
     moderationEmailCfg = {
       smtpUrl: env.moderationEmailSmtpUrl,
       fromAddress: env.moderationEmailAddress,
+      disableConfirmationLink: false,
     }
   }
@@ -254,6 +261,62 @@ export const envToCfg = (env: ServerEnvironment): ServerConfig => {
     preferCompressed: env.proxyPreferCompressed ?? false,
   }
+  const brandingCfg = {
+    name: env.serviceName ?? `${hostname} PDS`,
+    logo: env.logoUrl,
+    colors: {
+      light: env.lightColor,
+      dark: env.darkColor,
+      contrastSaturation: env.contrastSaturation,
+      primary: env.primaryColor,
+      primaryContrast: env.primaryColorContrast,
+      primaryHue: env.primaryColorHue,
+      error: env.errorColor,
+      errorContrast: env.errorColorContrast,
+      errorHue: env.errorColorHue,
+      warning: env.warningColor,
+      warningContrast: env.warningColorContrast,
+      warningHue: env.warningColorHue,
+      info: env.infoColor,
+      infoContrast: env.infoColorContrast,
+      infoHue: env.infoColorHue,
+      success: env.successColor,
+      successContrast: env.successColorContrast,
+      successHue: env.successColorHue,
+    },
+    links: [
+      {
+        title: { en: 'Home', fr: 'Accueil' },
+        href: env.homeUrl,
+        rel: 'canonical' as const, // Prevents login page from being indexed
+      },
+      {
+        title: { en: 'Terms of Service' },
+        href: env.termsOfServiceUrl,
+        rel: 'terms-of-service' as const,
+      },
+      {
+        title: { en: 'Privacy Policy' },
+        href: env.privacyPolicyUrl,
+        rel: 'privacy-policy' as const,
+      },
+      {
+        title: { en: 'Support' },
+        href: env.supportUrl,
+        rel: 'help' as const,
+      },
+    ].filter(
+      <T extends { href?: string }>(f: T): f is T & { href: string } =>
+        f.href != null && f.href !== '',
+    ),
+  }
   const oauthCfg: ServerConfig['oauth'] = entrywayCfg
     ? {
         issuer: entrywayCfg.url,
@@ -272,61 +335,7 @@ export const envToCfg = (env: ServerEnvironment): ServerConfig => {
                   tokenSalt: env.hcaptchaTokenSalt,
                 }
               : undefined,
-          branding: {
-            name: env.serviceName ?? `${hostname} PDS`,
-            logo: env.logoUrl,
-            colors: {
-              light: env.lightColor,
-              dark: env.darkColor,
-              contrastSaturation: env.contrastSaturation,
-              primary: env.primaryColor,
-              primaryContrast: env.primaryColorContrast,
-              primaryHue: env.primaryColorHue,
-              error: env.errorColor,
-              errorContrast: env.errorColorContrast,
-              errorHue: env.errorColorHue,
-              warning: env.warningColor,
-              warningContrast: env.warningColorContrast,
-              warningHue: env.warningColorHue,
-              info: env.infoColor,
-              infoContrast: env.infoColorContrast,
-              infoHue: env.infoColorHue,
-              success: env.successColor,
-              successContrast: env.successColorContrast,
-              successHue: env.successColorHue,
-            },
-            links: [
-              {
-                title: { en: 'Home', fr: 'Accueil' },
-                href: env.homeUrl,
-                rel: 'canonical' as const, // Prevents login page from being indexed
-              },
-              {
-                title: { en: 'Terms of Service' },
-                href: env.termsOfServiceUrl,
-                rel: 'terms-of-service' as const,
-              },
-              {
-                title: { en: 'Privacy Policy' },
-                href: env.privacyPolicyUrl,
-                rel: 'privacy-policy' as const,
-              },
-              {
-                title: { en: 'Support' },
-                href: env.supportUrl,
-                rel: 'help' as const,
-              },
-            ].filter(
-              <T extends { href?: string }>(f: T): f is T & { href: string } =>
-                f.href != null && f.href !== '',
-            ),
-          },
+          branding: brandingCfg,
           trustedClients: env.trustedOAuthClients,
         },
       }
@@ -358,6 +367,7 @@ export const envToCfg = (env: ServerEnvironment): ServerConfig => {
     fetch: fetchCfg,
     lexicon: lexiconCfg,
     proxy: proxyCfg,
+    branding: brandingCfg,
     oauth: oauthCfg,
   }
 }
@@ -381,6 +391,7 @@ export type ServerConfig = {
   crawlers: string[]
   fetch: FetchConfig
   proxy: ProxyConfig
+  branding: BrandingConfig
   oauth: OAuthConfig
   lexicon: LexiconResolverConfig
 }
@@ -477,7 +488,7 @@ export type OAuthConfig = {
   issuer: string
   provider?: {
     hcaptcha?: HcaptchaConfig
-    branding: BrandingInput
+    branding: BrandingConfig
     trustedClients?: string[]
   }
 }
@@ -499,6 +510,7 @@ export type InvitesConfig =
 export type EmailConfig = {
   smtpUrl: string
   fromAddress: string
+  disableConfirmationLink: boolean
 }
 export type SubscriptionConfig = {

package/src/config/env.ts CHANGED Viewed

@@ -97,6 +97,9 @@ export function readEnv() {
     // email
     emailSmtpUrl: envStr('PDS_EMAIL_SMTP_URL'),
     emailFromAddress: envStr('PDS_EMAIL_FROM_ADDRESS'),
+    emailDisableConfirmationLink: envBool(
+      'PDS_EMAIL_DISABLE_CONFIRMATION_LINK',
+    ),
     moderationEmailSmtpUrl: envStr('PDS_MODERATION_EMAIL_SMTP_URL'),
     moderationEmailAddress: envStr('PDS_MODERATION_EMAIL_ADDRESS'),

package/src/context.ts CHANGED Viewed

@@ -156,7 +156,7 @@ export class AppContext {
         ? nodemailer.createTransport(cfg.email.smtpUrl)
         : nodemailer.createTransport({ jsonTransport: true })
-    const mailer = new ServerMailer(mailTransport, cfg)
+    const mailer = new ServerMailer(mailTransport, cfg.email, cfg.branding)
     const modMailTransport =
       cfg.moderationEmail !== null
@@ -267,25 +267,28 @@ export class AppContext {
       backgroundQueue,
     })
+    const plcRotationKey =
+      secrets.plcRotationKey.provider === 'kms'
+        ? await KmsKeypair.load({
+            keyId: secrets.plcRotationKey.keyId,
+          })
+        : await crypto.Secp256k1Keypair.import(
+            secrets.plcRotationKey.privateKeyHex,
+          )
     const accountManager = new AccountManager(
       idResolver,
       jwtSecretKey,
       mailer,
+      sequencer,
+      plcClient,
+      plcRotationKey,
       cfg.service.did,
       cfg.identity.serviceHandleDomains,
       cfg.db,
     )
     await accountManager.migrateOrThrow()
-    const plcRotationKey =
-      secrets.plcRotationKey.provider === 'kms'
-        ? await KmsKeypair.load({
-            keyId: secrets.plcRotationKey.keyId,
-          })
-        : await crypto.Secp256k1Keypair.import(
-            secrets.plcRotationKey.privateKeyHex,
-          )
     const localViewer = LocalViewer.creator(
       accountManager,
       imageUrlBuilder,

package/src/mailer/index.ts CHANGED Viewed

@@ -1,22 +1,38 @@
 import { SendMailOptions, Transporter } from 'nodemailer'
 import { htmlToText } from 'nodemailer-html-to-text'
-import { ServerConfig } from '../config/index.js'
+import { BrandingConfig, EmailConfig } from '../config/index.js'
 import { mailerLogger } from '../logger.js'
 import * as templates from './templates.js'
 // @TODO Add support for i18n
+const DEFAULT_LOGO_URL =
+  'https://bsky.social/about/images/email/email_logo_default.png'
+const DEFAULT_MARK_URL =
+  'https://bsky.social/about/images/email/email_mark_dark.png'
+const DEFAULT_HOME_URL = 'https://bsky.app'
+const DEFAULT_PRIMARY_COLOR = '#067df7'
 export class ServerMailer {
+  private readonly config: templates.Config
   constructor(
     public readonly transporter: Transporter,
-    private readonly config: ServerConfig,
+    private readonly email: EmailConfig | null,
+    branding: BrandingConfig,
   ) {
     transporter.use('compile', htmlToText())
-  }
-  // The returned config can be used inside email templates.
-  static getEmailConfig(_config: ServerConfig) {
-    return {}
+    this.config = {
+      serviceName: branding.name ?? 'Bluesky',
+      homeUrl:
+        branding.links?.find((link) => link.rel === 'canonical')?.href ??
+        DEFAULT_HOME_URL,
+      logoUrl: branding.logo ?? DEFAULT_LOGO_URL,
+      markUrl: branding.logo ?? DEFAULT_MARK_URL,
+      primaryColor: branding.colors?.primary ?? DEFAULT_PRIMARY_COLOR,
+      showBskyAppEmailConfirmationLink: email?.disableConfirmationLink !== true,
+    }
   }
   async sendResetPassword(
@@ -75,14 +91,14 @@ export class ServerMailer {
   ) {
     const html = templates[templateName]({
       ...params,
-      config: ServerMailer.getEmailConfig(this.config),
+      config: this.config,
     } as any)
     const res = await this.transporter.sendMail({
       ...mailOpts,
-      from: mailOpts.from ?? this.config.email?.fromAddress,
+      from: mailOpts.from ?? this.email?.fromAddress,
       html,
     })
-    if (!this.config.email?.smtpUrl) {
+    if (!this.email?.smtpUrl) {
       mailerLogger.debug(
         'No SMTP URL has been configured. Intended to send email:\n' +
           JSON.stringify(res, null, 2),