npm - @atproto/pds - Versions diffs - 0.5.1 → 0.5.3 - Mend

@atproto/pds 0.5.1 → 0.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (268) hide show

package/dist/api/com/atproto/identity/updateHandle.js CHANGED Viewed

@@ -1,75 +1,53 @@
 import { DAY, MINUTE } from '@atproto/common';
-import { InvalidRequestError } from '@atproto/xrpc-server';
 import { com } from '../../../../lexicons/index.js';
-import { httpLogger } from '../../../../logger.js';
 export default function (server, ctx) {
-    server.add(com.atproto.identity.updateHandle, {
-        auth: ctx.authVerifier.authorization({
-            checkTakedown: true,
-            authorize: (permissions) => {
-                permissions.assertIdentity({ attr: 'handle' });
-            },
-        }),
-        rateLimit: [
-            {
-                durationMs: 5 * MINUTE,
-                points: 10,
-                calcKey: ({ auth }) => auth.credentials.did,
-            },
-            {
-                durationMs: DAY,
-                points: 50,
-                calcKey: ({ auth }) => auth.credentials.did,
-            },
-        ],
-        handler: async ({ auth, input, req }) => {
-            const requester = auth.credentials.did;
-            if (ctx.entrywayClient) {
+    const { entrywayClient } = ctx;
+    const auth = ctx.authVerifier.authorization({
+        checkTakedown: true,
+        authorize: (permissions) => {
+            permissions.assertIdentity({ attr: 'handle' });
+        },
+    });
+    const rateLimit = [
+        {
+            durationMs: 5 * MINUTE,
+            points: 10,
+            calcKey: ({ auth }) => auth.credentials.did,
+        },
+        {
+            durationMs: DAY,
+            points: 50,
+            calcKey: ({ auth }) => auth.credentials.did,
+        },
+    ];
+    if (entrywayClient) {
+        server.add(com.atproto.identity.updateHandle, {
+            auth,
+            rateLimit,
+            handler: async ({ auth, input, req }) => {
                 const { headers } = await ctx.entrywayAuthHeaders(req, auth.credentials.did, com.atproto.identity.updateHandle.$lxm);
-                // the full flow is:
+                // The full flow is:
                 // -> entryway(identity.updateHandle) [update handle, submit plc op]
                 // -> pds(admin.updateAccountHandle)  [track handle, sequence handle update]
-                await ctx.entrywayClient.xrpc(com.atproto.identity.updateHandle, {
+                await entrywayClient.xrpc(com.atproto.identity.updateHandle, {
                     headers,
                     body: {
                         handle: input.body.handle,
                         // @ts-expect-error "did" is not in the schema
-                        did: requester,
+                        did: auth.credentials.did,
                     },
                 });
-                return;
-            }
-            const handle = await ctx.accountManager.normalizeAndValidateHandle(input.body.handle, { did: requester });
-            // Pessimistic check to handle spam: also enforced by updateHandle() and the db.
-            const account = await ctx.accountManager.getAccount(handle, {
-                includeDeactivated: true,
-            });
-            if (!account) {
-                if (requester.startsWith('did:plc:')) {
-                    await ctx.plcClient.updateHandle(requester, ctx.plcRotationKey, handle);
-                }
-                else {
-                    const resolved = await ctx.idResolver.did.resolveAtprotoData(requester, true);
-                    if (resolved.handle !== handle) {
-                        throw new InvalidRequestError('DID is not properly configured for handle');
-                    }
-                }
-                await ctx.accountManager.updateHandle(requester, handle);
-            }
-            else {
-                // if we found an account with matching handle, check if it is the same as requester
-                // if so emit an identity event, otherwise error.
-                if (account.did !== requester) {
-                    throw new InvalidRequestError(`Handle already taken: ${handle}`);
-                }
-            }
-            try {
-                await ctx.sequencer.sequenceIdentityEvt(requester, handle);
-            }
-            catch (err) {
-                httpLogger.error({ err, did: requester, handle }, 'failed to sequence handle update');
-            }
-        },
-    });
+            },
+        });
+    }
+    else {
+        server.add(com.atproto.identity.updateHandle, {
+            auth,
+            rateLimit,
+            handler: async ({ auth, input }) => {
+                await ctx.accountManager.updateHandle(auth.credentials.did, input.body.handle);
+            },
+        });
+    }
 }
 //# sourceMappingURL=updateHandle.js.map

package/dist/api/com/atproto/identity/updateHandle.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"updateHandle.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/identity/updateHandle.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;~~AAC7C~~,OAAO,EAAE,~~mBAAmB,EAAU,MAAM,sBAAsB,CAAA;AAElE,OAAO,EAAE,~~GAAG,EAAE,MAAM,+BAA+B,CAAA;~~AACnD~~,~~OAAO,EAAE,UAAU,EAAE,~~MAAM,~~uBAAuB,CAAA;AAElD,MAAM,~~CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,~~CAAC~~,~~GAAG~~,~~CAAC~~,GAAG,~~CAAC~~,~~OAAO~~,~~CAAC~~,~~QAAQ,CAAC,YAAY,EAAE;QAC5C,~~IAAI,~~EAAE~~,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC;~~YACnC~~,aAAa,EAAE,IAAI;~~YACnB~~,SAAS,EAAE,CAAC,WAAW,EAAE,EAAE;~~gBACzB~~,WAAW,CAAC,cAAc,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAA;~~YAChD~~,CAAC;~~SACF~~,CAAC;~~QACF~~,SAAS,~~EAAE~~;~~YACT~~;~~gBACE~~,UAAU,EAAE,CAAC,GAAG,MAAM;~~gBACtB~~,MAAM,EAAE,EAAE;~~gBACV~~,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG;~~aAC5C~~;~~YACD~~;~~gBACE~~,UAAU,EAAE,GAAG;~~gBACf~~,MAAM,EAAE,EAAE;~~gBACV~~,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG;~~aAC5C~~;~~SACF~~;~~QACD~~,~~OAAO~~,~~EAAE~~,~~KAAK,~~EAAE,~~EAAE~~,~~IAAI~~,~~EAAE~~,~~KAAK~~,~~EAAE~~,GAAG,~~EAAE~~,~~EAAE~~,EAAE;~~YACtC~~,~~MAAM~~,SAAS,~~GAAG~~,~~IAAI~~,~~CAAC~~,~~WAAW~~,~~CAAC~~,~~GAAG~~,~~CAAA;YAEtC~~,~~IAAI~~,GAAG,~~CAAC~~,~~cAAc~~,EAAE~~,CAAC~~;~~gBACvB~~,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,GAAG,CAAC,mBAAmB,CAC/C,GAAG,EACH,IAAI,CAAC,WAAW,CAAC,GAAG,EACpB,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,CACvC,CAAA;~~gBACD~~,oBAAoB;gBACpB,oEAAoE;gBACpE,4EAA4E;gBAC5E,MAAM,~~GAAG,CAAC,~~cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,EAAE;~~oBAC/D~~,OAAO;oBACP,IAAI,EAAE;wBACJ,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM;wBACzB,8CAA8C;wBAC9C,GAAG,EAAE,~~SAAS;qBACf;iBACF~~,CAAC,~~CAAA;gBACF~~,~~OAAM;YACR,~~CAAC~~;YAED~~,~~MAAM,MAAM,~~GAAG,~~MAAM,GAAG,~~CAAC,~~cAAc,CAAC,0BAA0B,CAChE,KAAK,CAAC,IAAI,CAAC,MAAM,EACjB,EAAE,GAAG,EAAE,SAAS,EAAE,CACnB,~~CAAA;~~YAED~~,~~gFAAgF;YAChF,MAAM,OAAO,GAAG,MAAM,GAAG,~~CAAC~~,cAAc,CAAC,UAAU,CAAC,MAAM,EAAE~~;~~gBAC1D~~,~~kBAAkB,EAAE,IAAI;aACzB,~~CAAC,CAAA;~~YAEF~~,~~IAAI,~~CAAC~~,OAAO,EAAE,CAAC~~;~~gBACb~~,~~IAAI,SAAS,~~CAAC~~,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC~~;~~oBACrC~~,MAAM,~~GAAG,~~CAAC,~~SAAS,CAAC,YAAY,CAC9B,SAAS,EACT,~~GAAG,CAAC,~~cAAc,EAClB,MAAM,CACP,CAAA;gBACH,CAAC;qBAAM,CAAC;oBACN,MAAM,QAAQ,~~GAAG,~~MAAM,GAAG,~~CAAC,~~UAAU~~,CAAC,~~GAAG,CAAC,kBAAkB,CAC1D,SAAS,EACT,IAAI,CACL,CAAA;oBACD,IAAI,~~QAAQ,CAAC,~~MAAM~~,~~KAAK,MAAM,~~EAAE~~,CAAC~~;~~wBAC/B~~,~~MAAM,~~IAAI~~,mBAAmB,CAC3B,2CAA2C,CAC5C,CAAA~~;~~oBACH~~,~~CAAC;gBACH,CAAC;gBACD,MAAM,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,~~SAAS~~,EAAE,MAAM,CAAC,CAAA~~;~~YAC1D~~,~~CAAC;iBAAM,CAAC;gBACN,oFAAoF;gBACpF,iDAAiD;gBACjD,IAAI,~~OAAO,~~CAAC~~,~~GAAG,~~KAAK,~~SAAS~~,EAAE,~~CAAC;oBAC9B,MAAM,~~IAAI,~~mBAAmB~~,~~CAAC~~,~~yBAAyB~~,~~MAAM~~,EAAE~~,CAAC,CAAA~~;~~gBAClE~~,~~CAAC;YACH,CAAC;YAED,IAAI,CAAC;gBACH,~~MAAM,GAAG,CAAC,~~SAAS~~,CAAC,~~mBAAmB~~,~~CAAC~~,~~SAAS~~,~~EAAE,MAAM,~~CAAC,~~CAAA;YAC5D~~,CAAC~~;YAAC~~,~~OAAO,~~GAAG,~~EAAE~~,CAAC~~;gBACb~~,~~UAAU~~,CAAC,~~KAAK,CACd,EAAE,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,~~MAAM,~~EAAE~~,~~EAC/B,kCAAkC,CACnC,~~CAAA;YACH,CAAC;~~QACH~~,CAAC;~~KACF~~,CAAC~~,CAAA~~;~~AACJ~~,CAAC","sourcesContent":["import { DAY, MINUTE } from '@atproto/common'\nimport { ~~InvalidRequestError~~, Server } from '@atproto/xrpc-server'\nimport { ~~AppContext~~ } from '../../../../~~context~~.js'\nimport { ~~com~~ } from '../../../../~~lexicons/index~~.js'\nimport { ~~httpLogger~~ } from '../../../../~~logger~~.js'\n\nexport default function (server: Server, ctx: AppContext) {\n ~~server.add(com.atproto.identity.updateHandle,~~ {\n auth: ctx.authVerifier.authorization({\n checkTakedown: true,\n authorize: (permissions) => {\n permissions.assertIdentity({ attr: 'handle' })\n },\n }),\n rateLimit: [\n {\n durationMs: 5 * MINUTE,\n points: 10,\n calcKey: ({ auth }) => auth.credentials.did,\n },\n {\n durationMs: DAY,\n points: 50,\n calcKey: ({ auth }) => auth.credentials.did,\n },\n ],\n handler: async ({ auth, input, req }) => {\n ~~const requester = auth.credentials.did\n\n if (ctx.entrywayClient) {\n~~ const { headers } = await ctx.entrywayAuthHeaders(\n req,\n auth.credentials.did,\n com.atproto.identity.updateHandle.$lxm,\n )\n // ~~the~~ full flow is:\n // -> entryway(identity.updateHandle) [update handle, submit plc op]\n // -> pds(admin.updateAccountHandle) [track handle, sequence handle update]\n await ~~ctx.~~entrywayClient.xrpc(com.atproto.identity.updateHandle, {\n headers,\n body: {\n handle: input.body.handle,\n // @ts-expect-error \"did\" is not in the schema\n did: ~~requester~~,\n },\n })\n ~~return\n~~ }~~\n\n const handle = await ctx.accountManager.normalizeAndValidateHandle(\n input.body.handle~~,\n ~~{ did: requester~~ }~~,\n~~ )\n~~\n //~~ ~~Pessimistic~~ ~~check to handle spam: also enforced by updateHandle() and the db.\~~n ~~const account = await ctx~~.~~accountManager~~.~~getAccount(handle~~, {\n ~~includeDeactivated: true~~,\n ~~})\~~n\n ~~if (!account) {\n if (requester.startsWith('did~~:~~plc:'))~~ ~~{\n await~~ ~~ctx.plcClient.updateHandle~~(~~\n requester,\n ctx.plcRotationKey,\n handle,\n )\n } else~~ {~~\n const~~ ~~resolved~~ = ~~await ctx.idResolver.did.resolveAtprotoData(\n requester,\n true,\n~~ )~~\n if~~ ~~(resolved.handle~~ ~~!== handle)~~ {\n ~~throw new InvalidRequestError(\n 'DID is not properly configured for handle',\n )\n }\n~~ ~~}\n~~ await ctx.accountManager.updateHandle(~~requester, handle)~~\n } else {\n // if we found an account with matching handle, check if it is the same as requester\n // if so emit an identity event, otherwise error.\n if (account.did !== requester) {\n ~~throw new InvalidRequestError(`Handle already taken: ${handle}`)\n }\n }\n\n try {\n await ctx~~.~~sequencer~~.~~sequenceIdentityEvt(requester, handle)\n } catch (err) {\n httpLogger.error(\n { err,~~ did~~: requester, handle }~~,\n ~~'failed to sequence~~ handle ~~update'~~,\n )\n }\n },\n })\n}\n"]}
1	+ {"version":3,"file":"updateHandle.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/identity/updateHandle.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AAI7C,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AAEnD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,EAAE,cAAc,EAAE,GAAG,GAAG,CAAA;IAE9B,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC;QAC1C,aAAa,EAAE,IAAI;QACnB,SAAS,EAAE,CAAC,WAAW,EAAE,EAAE;YACzB,WAAW,CAAC,cAAc,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAA;QAChD,CAAC;KACF,CAAC,CAAA;IAEF,MAAM,SAAS,GAAgD;QAC7D;YACE,UAAU,EAAE,CAAC,GAAG,MAAM;YACtB,MAAM,EAAE,EAAE;YACV,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG;SAC5C;QACD;YACE,UAAU,EAAE,GAAG;YACf,MAAM,EAAE,EAAE;YACV,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG;SAC5C;KACF,CAAA;IAED,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,EAAE;YAC5C,IAAI;YACJ,SAAS;YACT,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,EAAE;gBACtC,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,GAAG,CAAC,mBAAmB,CAC/C,GAAG,EACH,IAAI,CAAC,WAAW,CAAC,GAAG,EACpB,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,CACvC,CAAA;gBAED,oBAAoB;gBACpB,oEAAoE;gBACpE,4EAA4E;gBAC5E,MAAM,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,EAAE;oBAC3D,OAAO;oBACP,IAAI,EAAE;wBACJ,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM;wBACzB,8CAA8C;wBAC9C,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG;qBAC1B;iBACF,CAAC,CAAA;YACJ,CAAC;SACF,CAAC,CAAA;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,EAAE;YAC5C,IAAI;YACJ,SAAS;YACT,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;gBACjC,MAAM,GAAG,CAAC,cAAc,CAAC,YAAY,CACnC,IAAI,CAAC,WAAW,CAAC,GAAG,EACpB,KAAK,CAAC,IAAI,CAAC,MAAM,CAClB,CAAA;YACH,CAAC;SACF,CAAC,CAAA;IACJ,CAAC;AACH,CAAC","sourcesContent":["import { DAY, MINUTE } from '@atproto/common'\nimport { MethodRateLimit, Server } from '@atproto/xrpc-server'\nimport { AccessOutput, OAuthOutput } from '../../../../auth-output.js'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\n\nexport default function (server: Server, ctx: AppContext) {\n const { entrywayClient } = ctx\n\n const auth = ctx.authVerifier.authorization({\n checkTakedown: true,\n authorize: (permissions) => {\n permissions.assertIdentity({ attr: 'handle' })\n },\n })\n\n const rateLimit: MethodRateLimit<AccessOutput \| OAuthOutput> = [\n {\n durationMs: 5 * MINUTE,\n points: 10,\n calcKey: ({ auth }) => auth.credentials.did,\n },\n {\n durationMs: DAY,\n points: 50,\n calcKey: ({ auth }) => auth.credentials.did,\n },\n ]\n\n if (entrywayClient) {\n server.add(com.atproto.identity.updateHandle, {\n auth,\n rateLimit,\n handler: async ({ auth, input, req }) => {\n const { headers } = await ctx.entrywayAuthHeaders(\n req,\n auth.credentials.did,\n com.atproto.identity.updateHandle.$lxm,\n )\n\n // The full flow is:\n // -> entryway(identity.updateHandle) [update handle, submit plc op]\n // -> pds(admin.updateAccountHandle) [track handle, sequence handle update]\n await entrywayClient.xrpc(com.atproto.identity.updateHandle, {\n headers,\n body: {\n handle: input.body.handle,\n // @ts-expect-error \"did\" is not in the schema\n did: auth.credentials.did,\n },\n })\n },\n })\n } else {\n server.add(com.atproto.identity.updateHandle, {\n auth,\n rateLimit,\n handler: async ({ auth, input }) => {\n await ctx.accountManager.updateHandle(\n auth.credentials.did,\n input.body.handle,\n )\n },\n })\n }\n}\n"]}

package/dist/api/com/atproto/repo/getRecord.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AtUri } from '@atproto/syntax';
+import { atUri } from '@atproto/lex';
 import { InvalidRequestError } from '@atproto/xrpc-server';
 import { com } from '../../../../lexicons/index.js';
 import { pipethrough } from '../../../../pipethrough.js';
@@ -8,7 +8,7 @@ export default function (server, ctx) {
         const did = await ctx.accountManager.getDidForActor(repo);
         // fetch from pds if available, if not then fetch from appview
         if (did) {
-            const uri = AtUri.make(did, collection, rkey);
+            const uri = atUri(did, collection, rkey);
             const record = await ctx.actorStore.read(did, (store) => store.record.getRecord(uri, cid ?? null));
             if (!record || record.takedownRef !== null) {
                 throw new InvalidRequestError(`Could not locate record: ${uri}`, 'RecordNotFound');
@@ -16,7 +16,7 @@ export default function (server, ctx) {
             return {
                 encoding: 'application/json',
                 body: {
-                    uri: uri.toString(),
+                    uri,
                     cid: record.cid,
                     value: record.value,
                 },

package/dist/api/com/atproto/repo/getRecord.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"getRecord.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/repo/getRecord.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,~~iBAAiB~~,CAAA;~~AACvC~~,OAAO,EAAE,mBAAmB,EAAU,MAAM,sBAAsB,CAAA;AAElE,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AAExD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,EAAE;QAC/D,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,MAAM,CAAA;QAC9C,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,cAAc,CAAC,IAAI,CAAC,CAAA;QAEzD,8DAA8D;QAC9D,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,GAAG,GAAG,KAAK,CAAC,~~IAAI,CAAC,~~GAAG,EAAE,UAAU,EAAE,IAAI,CAAC,CAAA;~~YAC7C~~,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,KAAK,EAAE,EAAE,CACtD,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,CACzC,CAAA;YACD,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;gBAC3C,MAAM,IAAI,mBAAmB,CAC3B,4BAA4B,GAAG,EAAE,EACjC,gBAAgB,CACjB,CAAA;YACH,CAAC;YACD,OAAO;gBACL,QAAQ,EAAE,kBAA2B;gBACrC,IAAI,EAAE;oBACJ,GAAG~~,EAAE,GAAG,CAAC,QAAQ,EAAE~~;~~oBACnB~~,GAAG,EAAE,MAAM,CAAC,GAAG;oBACf,KAAK,EAAE,MAAM,CAAC,KAAK;iBACpB;aACF,CAAA;QACH,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACzB,MAAM,IAAI,mBAAmB,CAAC,yBAAyB,CAAC,CAAA;QAC1D,CAAC;QAED,OAAO,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;IAC9B,CAAC,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import { ~~AtUri~~ } from '@atproto/~~syntax~~'\nimport { InvalidRequestError, Server } from '@atproto/xrpc-server'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\nimport { pipethrough } from '../../../../pipethrough.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.repo.getRecord, async ({ req, params }) => {\n const { repo, collection, rkey, cid } = params\n const did = await ctx.accountManager.getDidForActor(repo)\n\n // fetch from pds if available, if not then fetch from appview\n if (did) {\n const uri = ~~AtUri.make~~(did, collection, rkey)\n const record = await ctx.actorStore.read(did, (store) =>\n store.record.getRecord(uri, cid ?? null),\n )\n if (!record \|\| record.takedownRef !== null) {\n throw new InvalidRequestError(\n `Could not locate record: ${uri}`,\n 'RecordNotFound',\n )\n }\n return {\n encoding: 'application/json' as const,\n body: {\n uri~~: uri.toString()~~,\n cid: record.cid,\n value: record.value,\n },\n }\n }\n\n if (!ctx.cfg.bskyAppView) {\n throw new InvalidRequestError(`Could not locate record`)\n }\n\n return pipethrough(ctx, req)\n })\n}\n"]}
1	+ {"version":3,"file":"getRecord.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/repo/getRecord.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,cAAc,CAAA;AACpC,OAAO,EAAE,mBAAmB,EAAU,MAAM,sBAAsB,CAAA;AAElE,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AAExD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,EAAE;QAC/D,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,MAAM,CAAA;QAC9C,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,cAAc,CAAC,IAAI,CAAC,CAAA;QAEzD,8DAA8D;QAC9D,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,EAAE,UAAU,EAAE,IAAI,CAAC,CAAA;YACxC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,KAAK,EAAE,EAAE,CACtD,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,CACzC,CAAA;YACD,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;gBAC3C,MAAM,IAAI,mBAAmB,CAC3B,4BAA4B,GAAG,EAAE,EACjC,gBAAgB,CACjB,CAAA;YACH,CAAC;YACD,OAAO;gBACL,QAAQ,EAAE,kBAA2B;gBACrC,IAAI,EAAE;oBACJ,GAAG;oBACH,GAAG,EAAE,MAAM,CAAC,GAAG;oBACf,KAAK,EAAE,MAAM,CAAC,KAAK;iBACpB;aACF,CAAA;QACH,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACzB,MAAM,IAAI,mBAAmB,CAAC,yBAAyB,CAAC,CAAA;QAC1D,CAAC;QAED,OAAO,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;IAC9B,CAAC,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import { atUri } from '@atproto/lex'\nimport { InvalidRequestError, Server } from '@atproto/xrpc-server'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\nimport { pipethrough } from '../../../../pipethrough.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.repo.getRecord, async ({ req, params }) => {\n const { repo, collection, rkey, cid } = params\n const did = await ctx.accountManager.getDidForActor(repo)\n\n // fetch from pds if available, if not then fetch from appview\n if (did) {\n const uri = atUri(did, collection, rkey)\n const record = await ctx.actorStore.read(did, (store) =>\n store.record.getRecord(uri, cid ?? null),\n )\n if (!record \|\| record.takedownRef !== null) {\n throw new InvalidRequestError(\n `Could not locate record: ${uri}`,\n 'RecordNotFound',\n )\n }\n return {\n encoding: 'application/json' as const,\n body: {\n uri,\n cid: record.cid,\n value: record.value,\n },\n }\n }\n\n if (!ctx.cfg.bskyAppView) {\n throw new InvalidRequestError(`Could not locate record`)\n }\n\n return pipethrough(ctx, req)\n })\n}\n"]}

package/dist/api/com/atproto/repo/putRecord.js CHANGED Viewed

@@ -1,5 +1,5 @@
+import { atUri } from '@atproto/lex';
 import { isLegacyBlobRef, parseCid, } from '@atproto/lex-data';
-import { AtUri } from '@atproto/syntax';
 import { AuthRequiredError, InvalidRequestError, } from '@atproto/xrpc-server';
 import { app, com } from '../../../../lexicons/index.js';
 import { dbLogger } from '../../../../logger.js';
@@ -56,7 +56,7 @@ export default function (server, ctx) {
                     collection,
                 });
             }
-            const uri = AtUri.make(did, collection, rkey);
+            const uri = atUri(did, collection, rkey);
             const swapCommitCid = swapCommit ? parseCid(swapCommit) : undefined;
             const swapRecordCid = typeof swapRecord === 'string' ? parseCid(swapRecord) : swapRecord;
             const { commit, write } = await ctx.actorStore.transact(did, async (actorTxn) => {

package/dist/api/com/atproto/repo/putRecord.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"putRecord.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/repo/putRecord.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,eAAe,EACf,QAAQ,GACT,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAA;AACvC,OAAO,EACL,iBAAiB,EACjB,mBAAmB,GAEpB,MAAM,sBAAsB,CAAA;AAG7B,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACxD,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAChD,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,kBAAkB,EAGlB,aAAa,EACb,aAAa,GACd,MAAM,2BAA2B,CAAA;AAElC,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE;QACrC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC;YACnC,wEAAwE;YACxE,uEAAuE;YACvE,0EAA0E;YAC1E,yEAAyE;YACzE,uEAAuE;YACvE,6CAA6C;YAE7C,uBAAuB;YACvB,0BAA0B;YAC1B,SAAS,EAAE,GAAG,EAAE;gBACd,2DAA2D;YAC7D,CAAC;SACF,CAAC;QACF,SAAS,EAAE;YACT;gBACE,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG;gBAC3C,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;aACpB;YACD;gBACE,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG;gBAC3C,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;aACpB;SACF;QACD,IAAI,EAAE;YACJ,SAAS,EAAE,SAAS;SACrB;QACD,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;YACjC,MAAM,EACJ,IAAI,EACJ,UAAU,EACV,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,UAAU,EACV,UAAU,GACX,GAAG,KAAK,CAAC,IAAI,CAAA;YAEd,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,YAAY,CAAC,WAAW,CAAC,IAAI,EAAE;gBACvD,gBAAgB,EAAE,IAAI;gBACtB,aAAa,EAAE,IAAI;aACpB,CAAC,CAAA;YAEF,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAA;YACvB,IAAI,GAAG,KAAK,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC;gBACjC,MAAM,IAAI,iBAAiB,EAAE,CAAA;YAC/B,CAAC;YAED,yEAAyE;YACzE,sCAAsC;YACtC,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;gBACtC,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC;oBACtC,MAAM,EAAE,QAAQ;oBAChB,UAAU;iBACX,CAAC,CAAA;gBACF,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC;oBACtC,MAAM,EAAE,QAAQ;oBAChB,UAAU;iBACX,CAAC,CAAA;YACJ,CAAC;YAED,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,EAAE,IAAI,CAAC,CAAA;YAC7C,MAAM,aAAa,GAAG,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;YACnE,MAAM,aAAa,GACjB,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAA;YAEpE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,QAAQ,CACrD,GAAG,EACH,KAAK,EAAE,QAAQ,EAAE,EAAE;gBACjB,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,CAAA;gBAChE,MAAM,QAAQ,GAAG,OAAO,KAAK,IAAI,CAAA;gBAEjC,+FAA+F;gBAC/F,IAAI,QAAQ,IAAI,UAAU,KAAK,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;oBAC5D,MAAM,0BAA0B,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;gBACpD,CAAC;gBAED,MAAM,SAAS,GAAG;oBAChB,GAAG;oBACH,UAAU;oBACV,IAAI;oBACJ,MAAM;oBACN,OAAO,EAAE,aAAa;oBACtB,QAAQ;iBACT,CAAA;gBAED,IAAI,KAAsC,CAAA;gBAC1C,IAAI,CAAC;oBACH,KAAK,GAAG,QAAQ;wBACd,CAAC,CAAC,MAAM,aAAa,CAAC,SAAS,CAAC;wBAChC,CAAC,CAAC,MAAM,aAAa,CAAC,SAAS,CAAC,CAAA;gBACpC,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,IAAI,GAAG,YAAY,kBAAkB,EAAE,CAAC;wBACtC,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;oBAC5C,CAAC;oBACD,MAAM,GAAG,CAAA;gBACX,CAAC;gBAED,QAAQ;gBACR,IAAI,OAAO,IAAI,OAAO,CAAC,GAAG,KAAK,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC;oBACpD,OAAO;wBACL,MAAM,EAAE,IAAI;wBACZ,KAAK;qBACN,CAAA;gBACH,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI;qBAC/B,aAAa,CAAC,CAAC,KAAK,CAAC,EAAE,aAAa,CAAC;qBACrC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBACb,IACE,GAAG,YAAY,kBAAkB;wBACjC,GAAG,YAAY,kBAAkB,EACjC,CAAC;wBACD,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,OAAO,EAAE,aAAa,CAAC,CAAA;oBAC3D,CAAC;yBAAM,CAAC;wBACN,MAAM,GAAG,CAAA;oBACX,CAAC;gBACH,CAAC,CAAC,CAAA;gBAEJ,MAAM,GAAG,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;gBAE/C,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;YAC1B,CAAC,CACF,CAAA;YAED,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;gBACpB,MAAM,GAAG,CAAC,cAAc;qBACrB,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC;qBAC3C,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBACb,QAAQ,CAAC,KAAK,CACZ,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,EAC9C,+BAA+B,CAChC,CAAA;gBACH,CAAC,CAAC,CAAA;YACN,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE,kBAAkB;gBAC5B,IAAI,EAAE;oBACJ,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE;oBACzB,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE;oBACzB,MAAM,EAAE,MAAM;wBACZ,CAAC,CAAC;4BACE,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE;4BAC1B,GAAG,EAAE,MAAM,CAAC,GAAG;yBAChB;wBACH,CAAC,CAAC,SAAS;oBACb,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;iBACzC;aACF,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED,0BAA0B;AAC1B,KAAK,UAAU,0BAA0B,CACvC,UAAgC,EAChC,MAAc;IAEd,IAAI,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QACnC,MAAM,CAAC,MAAM,GAAG,MAAM,iBAAiB,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,CAAA;IACpE,CAAC;IACD,IAAI,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QACnC,MAAM,CAAC,MAAM,GAAG,MAAM,iBAAiB,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,CAAA;IACpE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,UAAgC,EAChC,UAAyB;IAEzB,MAAM,GAAG,GAAG,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;IACpC,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAA;IAC5D,OAAO;QACL,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,UAAU,CAAC,QAAQ;QAC7B,GAAG;QACH,IAAI,EAAE,IAAI,CAAC,IAAI;KAChB,CAAA;AACH,CAAC","sourcesContent":["import {\n LegacyBlobRef,\n LexMap,\n TypedBlobRef,\n isLegacyBlobRef,\n parseCid,\n} from '@atproto/lex-data'\nimport { AtUri } from '@atproto/syntax'\nimport {\n AuthRequiredError,\n InvalidRequestError,\n Server,\n} from '@atproto/xrpc-server'\nimport { ActorStoreTransactor } from '../../../../actor-store/actor-store-transactor.js'\nimport { AppContext } from '../../../../context.js'\nimport { app, com } from '../../../../lexicons/index.js'\nimport { dbLogger } from '../../../../logger.js'\nimport {\n BadCommitSwapError,\n BadRecordSwapError,\n InvalidRecordError,\n PreparedCreate,\n PreparedUpdate,\n prepareCreate,\n prepareUpdate,\n} from '../../../../repo/index.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.repo.putRecord, {\n auth: ctx.authVerifier.authorization({\n // @NOTE the \"checkTakedown\" and \"checkDeactivated\" checks are typically\n // performed during auth. However, since this method's \"repo\" parameter\n // can be a handle, we will need to fetch the account again to ensure that\n // the handle matches the DID from the request's credentials. In order to\n // avoid fetching the account twice (during auth, and then again in the\n // controller), the checks are disabled here:\n\n // checkTakedown: true,\n // checkDeactivated: true,\n authorize: () => {\n // Performed in the handler as it requires the request body\n },\n }),\n rateLimit: [\n {\n name: 'repo-write-hour',\n calcKey: ({ auth }) => auth.credentials.did,\n calcPoints: () => 2,\n },\n {\n name: 'repo-write-day',\n calcKey: ({ auth }) => auth.credentials.did,\n calcPoints: () => 2,\n },\n ],\n opts: {\n jsonLimit: 1_000_000,\n },\n handler: async ({ auth, input }) => {\n const {\n repo,\n collection,\n rkey,\n record,\n validate,\n swapCommit,\n swapRecord,\n } = input.body\n\n const account = await ctx.authVerifier.findAccount(repo, {\n checkDeactivated: true,\n checkTakedown: true,\n })\n\n const did = account.did\n if (did !== auth.credentials.did) {\n throw new AuthRequiredError()\n }\n\n // We can't compute permissions based on the request payload (\"input\") in\n // the 'auth' phase, so we do it here.\n if (auth.credentials.type === 'oauth') {\n auth.credentials.permissions.assertRepo({\n action: 'create',\n collection,\n })\n auth.credentials.permissions.assertRepo({\n action: 'update',\n collection,\n })\n }\n\n const uri = AtUri.make(did, collection, rkey)\n const swapCommitCid = swapCommit ? parseCid(swapCommit) : undefined\n const swapRecordCid =\n typeof swapRecord === 'string' ? parseCid(swapRecord) : swapRecord\n\n const { commit, write } = await ctx.actorStore.transact(\n did,\n async (actorTxn) => {\n const current = await actorTxn.record.getRecord(uri, null, true)\n const isUpdate = current !== null\n\n // @TODO temporaray hack for legacy blob refs in profiles - remove after migrating legacy blobs\n if (isUpdate && collection === app.bsky.actor.profile.$type) {\n await updateProfileLegacyBlobRef(actorTxn, record)\n }\n\n const writeInfo = {\n did,\n collection,\n rkey,\n record,\n swapCid: swapRecordCid,\n validate,\n }\n\n let write: PreparedCreate \| PreparedUpdate\n try {\n write = isUpdate\n ? await prepareUpdate(writeInfo)\n : await prepareCreate(writeInfo)\n } catch (err) {\n if (err instanceof InvalidRecordError) {\n throw new InvalidRequestError(err.message)\n }\n throw err\n }\n\n // no-op\n if (current && current.cid === write.cid.toString()) {\n return {\n commit: null,\n write,\n }\n }\n\n const commit = await actorTxn.repo\n .processWrites([write], swapCommitCid)\n .catch((err) => {\n if (\n err instanceof BadCommitSwapError \|\|\n err instanceof BadRecordSwapError\n ) {\n throw new InvalidRequestError(err.message, 'InvalidSwap')\n } else {\n throw err\n }\n })\n\n await ctx.sequencer.sequenceCommit(did, commit)\n\n return { commit, write }\n },\n )\n\n if (commit !== null) {\n await ctx.accountManager\n .updateRepoRoot(did, commit.cid, commit.rev)\n .catch((err) => {\n dbLogger.error(\n { err, did, cid: commit.cid, rev: commit.rev },\n 'failed to update account root',\n )\n })\n }\n\n return {\n encoding: 'application/json',\n body: {\n uri: write.uri.toString(),\n cid: write.cid.toString(),\n commit: commit\n ? {\n cid: commit.cid.toString(),\n rev: commit.rev,\n }\n : undefined,\n validationStatus: write.validationStatus,\n },\n }\n },\n })\n}\n\n// WARNING: mutates object\nasync function updateProfileLegacyBlobRef(\n actorStore: ActorStoreTransactor,\n record: LexMap,\n): Promise<void> {\n if (isLegacyBlobRef(record.avatar)) {\n record.avatar = await upgradeLegacyBlob(actorStore, record.avatar)\n }\n if (isLegacyBlobRef(record.banner)) {\n record.banner = await upgradeLegacyBlob(actorStore, record.banner)\n }\n}\n\nasync function upgradeLegacyBlob(\n actorStore: ActorStoreTransactor,\n legacyBlob: LegacyBlobRef,\n): Promise<TypedBlobRef> {\n const ref = parseCid(legacyBlob.cid)\n const blob = await actorStore.repo.blob.getBlobMetadata(ref)\n return {\n $type: 'blob',\n mimeType: legacyBlob.mimeType,\n ref,\n size: blob.size,\n }\n}\n"]}
1	+ {"version":3,"file":"putRecord.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/repo/putRecord.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,cAAc,CAAA;AACpC,OAAO,EAIL,eAAe,EACf,QAAQ,GACT,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EACL,iBAAiB,EACjB,mBAAmB,GAEpB,MAAM,sBAAsB,CAAA;AAG7B,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACxD,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAChD,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,kBAAkB,EAGlB,aAAa,EACb,aAAa,GACd,MAAM,2BAA2B,CAAA;AAElC,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE;QACrC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC;YACnC,wEAAwE;YACxE,uEAAuE;YACvE,0EAA0E;YAC1E,yEAAyE;YACzE,uEAAuE;YACvE,6CAA6C;YAE7C,uBAAuB;YACvB,0BAA0B;YAC1B,SAAS,EAAE,GAAG,EAAE;gBACd,2DAA2D;YAC7D,CAAC;SACF,CAAC;QACF,SAAS,EAAE;YACT;gBACE,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG;gBAC3C,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;aACpB;YACD;gBACE,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG;gBAC3C,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;aACpB;SACF;QACD,IAAI,EAAE;YACJ,SAAS,EAAE,SAAS;SACrB;QACD,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;YACjC,MAAM,EACJ,IAAI,EACJ,UAAU,EACV,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,UAAU,EACV,UAAU,GACX,GAAG,KAAK,CAAC,IAAI,CAAA;YAEd,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,YAAY,CAAC,WAAW,CAAC,IAAI,EAAE;gBACvD,gBAAgB,EAAE,IAAI;gBACtB,aAAa,EAAE,IAAI;aACpB,CAAC,CAAA;YAEF,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAA;YACvB,IAAI,GAAG,KAAK,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC;gBACjC,MAAM,IAAI,iBAAiB,EAAE,CAAA;YAC/B,CAAC;YAED,yEAAyE;YACzE,sCAAsC;YACtC,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;gBACtC,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC;oBACtC,MAAM,EAAE,QAAQ;oBAChB,UAAU;iBACX,CAAC,CAAA;gBACF,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC;oBACtC,MAAM,EAAE,QAAQ;oBAChB,UAAU;iBACX,CAAC,CAAA;YACJ,CAAC;YAED,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,EAAE,UAAU,EAAE,IAAI,CAAC,CAAA;YACxC,MAAM,aAAa,GAAG,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;YACnE,MAAM,aAAa,GACjB,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAA;YAEpE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,QAAQ,CACrD,GAAG,EACH,KAAK,EAAE,QAAQ,EAAE,EAAE;gBACjB,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,CAAA;gBAChE,MAAM,QAAQ,GAAG,OAAO,KAAK,IAAI,CAAA;gBAEjC,+FAA+F;gBAC/F,IAAI,QAAQ,IAAI,UAAU,KAAK,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;oBAC5D,MAAM,0BAA0B,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;gBACpD,CAAC;gBAED,MAAM,SAAS,GAAG;oBAChB,GAAG;oBACH,UAAU;oBACV,IAAI;oBACJ,MAAM;oBACN,OAAO,EAAE,aAAa;oBACtB,QAAQ;iBACT,CAAA;gBAED,IAAI,KAAsC,CAAA;gBAC1C,IAAI,CAAC;oBACH,KAAK,GAAG,QAAQ;wBACd,CAAC,CAAC,MAAM,aAAa,CAAC,SAAS,CAAC;wBAChC,CAAC,CAAC,MAAM,aAAa,CAAC,SAAS,CAAC,CAAA;gBACpC,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,IAAI,GAAG,YAAY,kBAAkB,EAAE,CAAC;wBACtC,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;oBAC5C,CAAC;oBACD,MAAM,GAAG,CAAA;gBACX,CAAC;gBAED,QAAQ;gBACR,IAAI,OAAO,IAAI,OAAO,CAAC,GAAG,KAAK,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC;oBACpD,OAAO;wBACL,MAAM,EAAE,IAAI;wBACZ,KAAK;qBACN,CAAA;gBACH,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI;qBAC/B,aAAa,CAAC,CAAC,KAAK,CAAC,EAAE,aAAa,CAAC;qBACrC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBACb,IACE,GAAG,YAAY,kBAAkB;wBACjC,GAAG,YAAY,kBAAkB,EACjC,CAAC;wBACD,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,OAAO,EAAE,aAAa,CAAC,CAAA;oBAC3D,CAAC;yBAAM,CAAC;wBACN,MAAM,GAAG,CAAA;oBACX,CAAC;gBACH,CAAC,CAAC,CAAA;gBAEJ,MAAM,GAAG,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;gBAE/C,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;YAC1B,CAAC,CACF,CAAA;YAED,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;gBACpB,MAAM,GAAG,CAAC,cAAc;qBACrB,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC;qBAC3C,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBACb,QAAQ,CAAC,KAAK,CACZ,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,EAC9C,+BAA+B,CAChC,CAAA;gBACH,CAAC,CAAC,CAAA;YACN,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE,kBAAkB;gBAC5B,IAAI,EAAE;oBACJ,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE;oBACzB,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE;oBACzB,MAAM,EAAE,MAAM;wBACZ,CAAC,CAAC;4BACE,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE;4BAC1B,GAAG,EAAE,MAAM,CAAC,GAAG;yBAChB;wBACH,CAAC,CAAC,SAAS;oBACb,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;iBACzC;aACF,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED,0BAA0B;AAC1B,KAAK,UAAU,0BAA0B,CACvC,UAAgC,EAChC,MAAc;IAEd,IAAI,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QACnC,MAAM,CAAC,MAAM,GAAG,MAAM,iBAAiB,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,CAAA;IACpE,CAAC;IACD,IAAI,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QACnC,MAAM,CAAC,MAAM,GAAG,MAAM,iBAAiB,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,CAAA;IACpE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,UAAgC,EAChC,UAAyB;IAEzB,MAAM,GAAG,GAAG,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;IACpC,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAA;IAC5D,OAAO;QACL,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,UAAU,CAAC,QAAQ;QAC7B,GAAG;QACH,IAAI,EAAE,IAAI,CAAC,IAAI;KAChB,CAAA;AACH,CAAC","sourcesContent":["import { atUri } from '@atproto/lex'\nimport {\n LegacyBlobRef,\n LexMap,\n TypedBlobRef,\n isLegacyBlobRef,\n parseCid,\n} from '@atproto/lex-data'\nimport {\n AuthRequiredError,\n InvalidRequestError,\n Server,\n} from '@atproto/xrpc-server'\nimport { ActorStoreTransactor } from '../../../../actor-store/actor-store-transactor.js'\nimport { AppContext } from '../../../../context.js'\nimport { app, com } from '../../../../lexicons/index.js'\nimport { dbLogger } from '../../../../logger.js'\nimport {\n BadCommitSwapError,\n BadRecordSwapError,\n InvalidRecordError,\n PreparedCreate,\n PreparedUpdate,\n prepareCreate,\n prepareUpdate,\n} from '../../../../repo/index.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.repo.putRecord, {\n auth: ctx.authVerifier.authorization({\n // @NOTE the \"checkTakedown\" and \"checkDeactivated\" checks are typically\n // performed during auth. However, since this method's \"repo\" parameter\n // can be a handle, we will need to fetch the account again to ensure that\n // the handle matches the DID from the request's credentials. In order to\n // avoid fetching the account twice (during auth, and then again in the\n // controller), the checks are disabled here:\n\n // checkTakedown: true,\n // checkDeactivated: true,\n authorize: () => {\n // Performed in the handler as it requires the request body\n },\n }),\n rateLimit: [\n {\n name: 'repo-write-hour',\n calcKey: ({ auth }) => auth.credentials.did,\n calcPoints: () => 2,\n },\n {\n name: 'repo-write-day',\n calcKey: ({ auth }) => auth.credentials.did,\n calcPoints: () => 2,\n },\n ],\n opts: {\n jsonLimit: 1_000_000,\n },\n handler: async ({ auth, input }) => {\n const {\n repo,\n collection,\n rkey,\n record,\n validate,\n swapCommit,\n swapRecord,\n } = input.body\n\n const account = await ctx.authVerifier.findAccount(repo, {\n checkDeactivated: true,\n checkTakedown: true,\n })\n\n const did = account.did\n if (did !== auth.credentials.did) {\n throw new AuthRequiredError()\n }\n\n // We can't compute permissions based on the request payload (\"input\") in\n // the 'auth' phase, so we do it here.\n if (auth.credentials.type === 'oauth') {\n auth.credentials.permissions.assertRepo({\n action: 'create',\n collection,\n })\n auth.credentials.permissions.assertRepo({\n action: 'update',\n collection,\n })\n }\n\n const uri = atUri(did, collection, rkey)\n const swapCommitCid = swapCommit ? parseCid(swapCommit) : undefined\n const swapRecordCid =\n typeof swapRecord === 'string' ? parseCid(swapRecord) : swapRecord\n\n const { commit, write } = await ctx.actorStore.transact(\n did,\n async (actorTxn) => {\n const current = await actorTxn.record.getRecord(uri, null, true)\n const isUpdate = current !== null\n\n // @TODO temporaray hack for legacy blob refs in profiles - remove after migrating legacy blobs\n if (isUpdate && collection === app.bsky.actor.profile.$type) {\n await updateProfileLegacyBlobRef(actorTxn, record)\n }\n\n const writeInfo = {\n did,\n collection,\n rkey,\n record,\n swapCid: swapRecordCid,\n validate,\n }\n\n let write: PreparedCreate \| PreparedUpdate\n try {\n write = isUpdate\n ? await prepareUpdate(writeInfo)\n : await prepareCreate(writeInfo)\n } catch (err) {\n if (err instanceof InvalidRecordError) {\n throw new InvalidRequestError(err.message)\n }\n throw err\n }\n\n // no-op\n if (current && current.cid === write.cid.toString()) {\n return {\n commit: null,\n write,\n }\n }\n\n const commit = await actorTxn.repo\n .processWrites([write], swapCommitCid)\n .catch((err) => {\n if (\n err instanceof BadCommitSwapError \|\|\n err instanceof BadRecordSwapError\n ) {\n throw new InvalidRequestError(err.message, 'InvalidSwap')\n } else {\n throw err\n }\n })\n\n await ctx.sequencer.sequenceCommit(did, commit)\n\n return { commit, write }\n },\n )\n\n if (commit !== null) {\n await ctx.accountManager\n .updateRepoRoot(did, commit.cid, commit.rev)\n .catch((err) => {\n dbLogger.error(\n { err, did, cid: commit.cid, rev: commit.rev },\n 'failed to update account root',\n )\n })\n }\n\n return {\n encoding: 'application/json',\n body: {\n uri: write.uri.toString(),\n cid: write.cid.toString(),\n commit: commit\n ? {\n cid: commit.cid.toString(),\n rev: commit.rev,\n }\n : undefined,\n validationStatus: write.validationStatus,\n },\n }\n },\n })\n}\n\n// WARNING: mutates object\nasync function updateProfileLegacyBlobRef(\n actorStore: ActorStoreTransactor,\n record: LexMap,\n): Promise<void> {\n if (isLegacyBlobRef(record.avatar)) {\n record.avatar = await upgradeLegacyBlob(actorStore, record.avatar)\n }\n if (isLegacyBlobRef(record.banner)) {\n record.banner = await upgradeLegacyBlob(actorStore, record.banner)\n }\n}\n\nasync function upgradeLegacyBlob(\n actorStore: ActorStoreTransactor,\n legacyBlob: LegacyBlobRef,\n): Promise<TypedBlobRef> {\n const ref = parseCid(legacyBlob.cid)\n const blob = await actorStore.repo.blob.getBlobMetadata(ref)\n return {\n $type: 'blob',\n mimeType: legacyBlob.mimeType,\n ref,\n size: blob.size,\n }\n}\n"]}

package/dist/api/com/atproto/sync/getRepo.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"getRepo.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/getRepo.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAA;AAEhC,OAAO,EAAuB,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAOlE,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;~~AAInD~~,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,~~QAoBvD~~;AAED,eAAO,MAAM,YAAY,GACvB,KAAK,UAAU,EACf,KAAK,MAAM,EACX,QAAQ,MAAM,KACb,OAAO,CAAC,MAAM,CAAC,QAAQ,~~CAkBzB~~,CAAA"}
1	+ {"version":3,"file":"getRepo.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/getRepo.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAA;AAEhC,OAAO,EAAuB,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAOlE,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAMnD,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QA4BvD;AAED,eAAO,MAAM,YAAY,GACvB,KAAK,UAAU,EACf,KAAK,MAAM,EACX,QAAQ,MAAM,KACb,OAAO,CAAC,MAAM,CAAC,QAAQ,CAiBzB,CAAA"}

package/dist/api/com/atproto/sync/getRepo.js CHANGED Viewed

@@ -1,10 +1,11 @@
-import { byteIterableToStream } from '@atproto/common';
+import { byteIterableToStream, coalesceByteStream } from '@atproto/common';
 import { InvalidRequestError } from '@atproto/xrpc-server';
 import { RepoRootNotFoundError, SqlRepoReader, } from '../../../../actor-store/repo/sql-repo-reader.js';
 import { AuthScope } from '../../../../auth-scope.js';
 import { isUserOrAdmin } from '../../../../auth-verifier.js';
 import { com } from '../../../../lexicons/index.js';
 import { assertRepoAvailability } from './util.js';
+const CAR_STREAM_CHUNK_SIZE = 64 * 1024;
 export default function (server, ctx) {
     server.add(com.atproto.sync.getRepo, {
         auth: ctx.authVerifier.authorizationOrAdminTokenOptional({
@@ -13,24 +14,35 @@ export default function (server, ctx) {
                 // always allow
             },
         }),
-        handler: async ({ params, auth }) => {
+        handler: async ({ req, params, auth }) => {
             const { did, since } = params;
             await assertRepoAvailability(ctx, did, isUserOrAdmin(auth, did));
             const carStream = await getCarStream(ctx, did, since);
             return {
                 encoding: 'application/vnd.ipld.car',
-                body: carStream,
+                // @NOTE If the client asked for compression (via "accept-encoding"), we
+                // coalesce the CAR stream into larger chunks to improve compression
+                // efficiency. See https://github.com/bluesky-social/atproto/pull/5078
+                //
+                // @TODO This would be better handled by xrpc-server and/or the
+                // compression middleware instead of manually coalescing the stream.
+                body: req.headers['accept-encoding']
+                    ? coalesceByteStream(carStream, CAR_STREAM_CHUNK_SIZE)
+                    : carStream,
             };
         },
     });
 }
 export const getCarStream = async (ctx, did, since) => {
     const actorDb = await ctx.actorStore.openDb(did);
-    let carStream;
     try {
         const storage = new SqlRepoReader(actorDb);
         const carIter = await storage.getCarStream(since);
-        carStream = byteIterableToStream(carIter);
+        const carStream = byteIterableToStream(carIter);
+        const closeDb = () => actorDb.close();
+        carStream.on('error', closeDb);
+        carStream.on('close', closeDb);
+        return carStream;
     }
     catch (err) {
         await actorDb.close();
@@ -39,9 +51,5 @@ export const getCarStream = async (ctx, did, since) => {
         }
         throw err;
     }
-    const closeDb = () => actorDb.close();
-    carStream.on('error', closeDb);
-    carStream.on('close', closeDb);
-    return carStream;
 };
 //# sourceMappingURL=getRepo.js.map

package/dist/api/com/atproto/sync/getRepo.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"getRepo.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/getRepo.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAA;~~AACtD~~,OAAO,EAAE,mBAAmB,EAAU,MAAM,sBAAsB,CAAA;AAClE,OAAO,EACL,qBAAqB,EACrB,aAAa,GACd,MAAM,iDAAiD,CAAA;AACxD,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAA;AAE5D,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACnD,OAAO,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAA;AAElD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE;QACnC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,iCAAiC,CAAC;YACvD,UAAU,EAAE,CAAC,SAAS,CAAC,SAAS,CAAC;YACjC,SAAS,EAAE,GAAG,EAAE;gBACd,eAAe;YACjB,CAAC;SACF,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE;~~YAClC~~,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,MAAM,CAAA;YAC7B,MAAM,sBAAsB,CAAC,GAAG,EAAE,GAAG,EAAE,aAAa,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAA;YAEhE,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;YAErD,OAAO;gBACL,QAAQ,EAAE,0BAAmC;gBAC7C,IAAI,EAAE,SAAS;~~aAChB~~,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAC/B,GAAe,EACf,GAAW,EACX,KAAc,EACY,EAAE;IAC5B,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;IAChD,IAAI,~~SAA0B,CAAA;IAC9B,IAAI,~~CAAC;QACH,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC,OAAO,CAAC,CAAA;QAC1C,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,CAAA;QACjD,SAAS,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;~~IAC3C~~,~~CAAC;IAAC~~,OAAO,GAAG,EAAE,CAAC~~;QACb~~,~~MAAM,~~OAAO,CAAC,KAAK,EAAE,CAAA;~~QACrB~~,~~IAAI~~,~~GAAG~~,~~YAAY~~,~~qBAAqB~~,EAAE,CAAC;~~YACzC~~,~~MAAM~~,~~IAAI~~,~~mBAAmB~~,CAAC,~~gCAAgC~~,~~GAAG,~~EAAE,CAAC,CAAA;~~QACtE~~,~~CAAC;QACD~~,~~MAAM~~,~~GAAG,~~CAAA;~~IACX~~,CAAC;~~IACD~~,~~MAAM,~~OAAO,GAAG,~~GAAG,~~EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,CAAA;~~IACrC~~,~~SAAS~~,~~CAAC~~,~~EAAE~~,~~CAAC~~,~~OAAO,~~EAAE,~~OAAO,~~CAAC~~,CAAA~~;~~IAC9B~~,~~SAAS~~,~~CAAC~~,~~EAAE~~,CAAC,~~OAAO~~,EAAE,~~OAAO,~~CAAC,CAAA;~~IAC9B~~,~~OAAO~~,~~SAAS~~,CAAA;~~AAClB~~,CAAC,CAAA","sourcesContent":["import stream from 'node:stream'\nimport { byteIterableToStream } from '@atproto/common'\nimport { InvalidRequestError, Server } from '@atproto/xrpc-server'\nimport {\n RepoRootNotFoundError,\n SqlRepoReader,\n} from '../../../../actor-store/repo/sql-repo-reader.js'\nimport { AuthScope } from '../../../../auth-scope.js'\nimport { isUserOrAdmin } from '../../../../auth-verifier.js'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\nimport { assertRepoAvailability } from './util.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.sync.getRepo, {\n auth: ctx.authVerifier.authorizationOrAdminTokenOptional({\n additional: [AuthScope.Takendown],\n authorize: () => {\n // always allow\n },\n }),\n handler: async ({ params, auth }) => {\n const { did, since } = params\n await assertRepoAvailability(ctx, did, isUserOrAdmin(auth, did))\n\n const carStream = await getCarStream(ctx, did, since)\n\n return {\n encoding: 'application/vnd.ipld.car' as const,\n body: carStream,\n }\n },\n })\n}\n\nexport const getCarStream = async (\n ctx: AppContext,\n did: string,\n since?: string,\n): Promise<stream.Readable> => {\n const actorDb = await ctx.actorStore.openDb(did)\n ~~let carStream: stream.Readable\n~~ try {\n const storage = new SqlRepoReader(actorDb)\n const carIter = await storage.getCarStream(since)\n carStream = byteIterableToStream(carIter)\n } catch (err) {\n await actorDb.close()\n if (err instanceof RepoRootNotFoundError) {\n throw new InvalidRequestError(`Could not find repo for DID: ${did}`)\n }\n throw err\n }\n ~~const closeDb = () => actorDb.close()\n carStream.on('error', closeDb)\n carStream.on('close', closeDb)\n return carStream\n~~}\n"]}
1	+ {"version":3,"file":"getRepo.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/getRepo.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AAC1E,OAAO,EAAE,mBAAmB,EAAU,MAAM,sBAAsB,CAAA;AAClE,OAAO,EACL,qBAAqB,EACrB,aAAa,GACd,MAAM,iDAAiD,CAAA;AACxD,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAA;AAE5D,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACnD,OAAO,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAA;AAElD,MAAM,qBAAqB,GAAG,EAAE,GAAG,IAAI,CAAA;AAEvC,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE;QACnC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,iCAAiC,CAAC;YACvD,UAAU,EAAE,CAAC,SAAS,CAAC,SAAS,CAAC;YACjC,SAAS,EAAE,GAAG,EAAE;gBACd,eAAe;YACjB,CAAC;SACF,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE;YACvC,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,MAAM,CAAA;YAC7B,MAAM,sBAAsB,CAAC,GAAG,EAAE,GAAG,EAAE,aAAa,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAA;YAEhE,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;YAErD,OAAO;gBACL,QAAQ,EAAE,0BAAmC;gBAC7C,wEAAwE;gBACxE,oEAAoE;gBACpE,sEAAsE;gBACtE,EAAE;gBACF,+DAA+D;gBAC/D,oEAAoE;gBACpE,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC;oBAClC,CAAC,CAAC,kBAAkB,CAAC,SAAS,EAAE,qBAAqB,CAAC;oBACtD,CAAC,CAAC,SAAS;aACd,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAC/B,GAAe,EACf,GAAW,EACX,KAAc,EACY,EAAE;IAC5B,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;IAChD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC,OAAO,CAAC,CAAA;QAC1C,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,CAAA;QACjD,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;QAC/C,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,CAAA;QACrC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAC9B,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAC9B,OAAO,SAAS,CAAA;IAClB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,CAAC,KAAK,EAAE,CAAA;QACrB,IAAI,GAAG,YAAY,qBAAqB,EAAE,CAAC;YACzC,MAAM,IAAI,mBAAmB,CAAC,gCAAgC,GAAG,EAAE,CAAC,CAAA;QACtE,CAAC;QACD,MAAM,GAAG,CAAA;IACX,CAAC;AACH,CAAC,CAAA","sourcesContent":["import stream from 'node:stream'\nimport { byteIterableToStream, coalesceByteStream } from '@atproto/common'\nimport { InvalidRequestError, Server } from '@atproto/xrpc-server'\nimport {\n RepoRootNotFoundError,\n SqlRepoReader,\n} from '../../../../actor-store/repo/sql-repo-reader.js'\nimport { AuthScope } from '../../../../auth-scope.js'\nimport { isUserOrAdmin } from '../../../../auth-verifier.js'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\nimport { assertRepoAvailability } from './util.js'\n\nconst CAR_STREAM_CHUNK_SIZE = 64 * 1024\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.sync.getRepo, {\n auth: ctx.authVerifier.authorizationOrAdminTokenOptional({\n additional: [AuthScope.Takendown],\n authorize: () => {\n // always allow\n },\n }),\n handler: async ({ req, params, auth }) => {\n const { did, since } = params\n await assertRepoAvailability(ctx, did, isUserOrAdmin(auth, did))\n\n const carStream = await getCarStream(ctx, did, since)\n\n return {\n encoding: 'application/vnd.ipld.car' as const,\n // @NOTE If the client asked for compression (via \"accept-encoding\"), we\n // coalesce the CAR stream into larger chunks to improve compression\n // efficiency. See https://github.com/bluesky-social/atproto/pull/5078\n //\n // @TODO This would be better handled by xrpc-server and/or the\n // compression middleware instead of manually coalescing the stream.\n body: req.headers['accept-encoding']\n ? coalesceByteStream(carStream, CAR_STREAM_CHUNK_SIZE)\n : carStream,\n }\n },\n })\n}\n\nexport const getCarStream = async (\n ctx: AppContext,\n did: string,\n since?: string,\n): Promise<stream.Readable> => {\n const actorDb = await ctx.actorStore.openDb(did)\n try {\n const storage = new SqlRepoReader(actorDb)\n const carIter = await storage.getCarStream(since)\n const carStream = byteIterableToStream(carIter)\n const closeDb = () => actorDb.close()\n carStream.on('error', closeDb)\n carStream.on('close', closeDb)\n return carStream\n } catch (err) {\n await actorDb.close()\n if (err instanceof RepoRootNotFoundError) {\n throw new InvalidRequestError(`Could not find repo for DID: ${did}`)\n }\n throw err\n }\n}\n"]}

package/dist/context.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"context.d.ts","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,GAAG,MAAM,cAAc,CAAA;AACnC,OAAO,OAAO,MAAM,SAAS,CAAA;AAC7B,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAA;AAG/B,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAA;AAEhC,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AACrC,OAAO,EAIL,aAAa,EAEd,MAAM,yBAAyB,CAAA;AAChC,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AAKzC,OAAO,EACL,KAAK,EAIN,MAAM,0BAA0B,CAAA;AACjC,OAAO,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAA;AAGrE,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAA;AAEzD,OAAO,EACL,YAAY,EAGb,MAAM,oBAAoB,CAAA;AAC3B,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAChD,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AACxC,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAIrD,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAA;AACzD,OAAO,EAAe,kBAAkB,EAAE,MAAM,8BAA8B,CAAA;AAE9E,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AAEhD,MAAM,MAAM,iBAAiB,GAAG;IAC9B,UAAU,EAAE,UAAU,CAAA;IACtB,SAAS,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,SAAS,CAAA;IACrC,WAAW,EAAE,kBAAkB,CAAA;IAC/B,MAAM,EAAE,YAAY,CAAA;IACpB,gBAAgB,EAAE,gBAAgB,CAAA;IAClC,QAAQ,EAAE,cAAc,CAAA;IACxB,UAAU,EAAE,UAAU,CAAA;IACtB,SAAS,EAAE,GAAG,CAAC,MAAM,CAAA;IACrB,cAAc,EAAE,cAAc,CAAA;IAC9B,SAAS,EAAE,SAAS,CAAA;IACpB,eAAe,EAAE,eAAe,CAAA;IAChC,YAAY,CAAC,EAAE,KAAK,CAAA;IACpB,QAAQ,EAAE,QAAQ,CAAA;IAClB,WAAW,CAAC,EAAE,WAAW,CAAA;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,UAAU,EAAE,MAAM,CAAC,UAAU,CAAA;IAC7B,SAAS,EAAE,KAAK,CAAA;IAChB,aAAa,CAAC,EAAE,aAAa,CAAA;IAC7B,YAAY,EAAE,YAAY,CAAA;IAC1B,cAAc,EAAE,MAAM,CAAC,OAAO,CAAA;IAC9B,GAAG,EAAE,YAAY,CAAA;CAClB,CAAA;AAED,qBAAa,UAAU;IACd,UAAU,EAAE,UAAU,CAAA;IACtB,SAAS,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,SAAS,CAAA;IACrC,WAAW,EAAE,kBAAkB,CAAA;IAC/B,MAAM,EAAE,YAAY,CAAA;IACpB,gBAAgB,EAAE,gBAAgB,CAAA;IAClC,QAAQ,EAAE,cAAc,CAAA;IACxB,UAAU,EAAE,UAAU,CAAA;IACtB,SAAS,EAAE,GAAG,CAAC,MAAM,CAAA;IACrB,cAAc,EAAE,cAAc,CAAA;IAC9B,SAAS,EAAE,SAAS,CAAA;IACpB,eAAe,EAAE,eAAe,CAAA;IAChC,YAAY,CAAC,EAAE,KAAK,CAAA;IACpB,QAAQ,EAAE,QAAQ,CAAA;IAClB,WAAW,CAAC,EAAE,WAAW,CAAA;IACzB,gBAAgB,EAAE,MAAM,GAAG,SAAS,CAAA;IACpC,eAAe,EAAE,MAAM,GAAG,SAAS,CAAA;IACnC,cAAc,EAAE,MAAM,GAAG,SAAS,CAAA;IAClC,mBAAmB,EAAE,MAAM,GAAG,SAAS,CAAA;IACvC,UAAU,EAAE,MAAM,CAAC,UAAU,CAAA;IAC7B,SAAS,EAAE,KAAK,CAAA;IAChB,YAAY,EAAE,YAAY,CAAA;IAC1B,aAAa,CAAC,EAAE,aAAa,CAAA;IAC7B,cAAc,EAAE,MAAM,CAAC,OAAO,CAAA;IAC9B,GAAG,EAAE,YAAY,CAAA;gBAEZ,IAAI,EAAE,iBAAiB;WA2BtB,UAAU,CACrB,GAAG,EAAE,YAAY,EACjB,OAAO,EAAE,aAAa,EACtB,SAAS,CAAC,EAAE,OAAO,CAAC,iBAAiB,CAAC,GACrC,OAAO,CAAC,UAAU,CAAC;~~IAgXhB~~,kBAAkB,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM;;;;;IAK3C,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM;;;IAUxE,uBAAuB,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO;;;IAItC,kBAAkB,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM;;;;;IAUxD,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM;CAS3D;AAUD,eAAe,UAAU,CAAA"}
1	+ {"version":3,"file":"context.d.ts","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,GAAG,MAAM,cAAc,CAAA;AACnC,OAAO,OAAO,MAAM,SAAS,CAAA;AAC7B,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAA;AAG/B,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAA;AAEhC,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AACrC,OAAO,EAIL,aAAa,EAEd,MAAM,yBAAyB,CAAA;AAChC,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AAKzC,OAAO,EACL,KAAK,EAIN,MAAM,0BAA0B,CAAA;AACjC,OAAO,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAA;AAGrE,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAA;AAEzD,OAAO,EACL,YAAY,EAGb,MAAM,oBAAoB,CAAA;AAC3B,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAChD,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AACxC,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAIrD,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAA;AACzD,OAAO,EAAe,kBAAkB,EAAE,MAAM,8BAA8B,CAAA;AAE9E,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AAEhD,MAAM,MAAM,iBAAiB,GAAG;IAC9B,UAAU,EAAE,UAAU,CAAA;IACtB,SAAS,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,SAAS,CAAA;IACrC,WAAW,EAAE,kBAAkB,CAAA;IAC/B,MAAM,EAAE,YAAY,CAAA;IACpB,gBAAgB,EAAE,gBAAgB,CAAA;IAClC,QAAQ,EAAE,cAAc,CAAA;IACxB,UAAU,EAAE,UAAU,CAAA;IACtB,SAAS,EAAE,GAAG,CAAC,MAAM,CAAA;IACrB,cAAc,EAAE,cAAc,CAAA;IAC9B,SAAS,EAAE,SAAS,CAAA;IACpB,eAAe,EAAE,eAAe,CAAA;IAChC,YAAY,CAAC,EAAE,KAAK,CAAA;IACpB,QAAQ,EAAE,QAAQ,CAAA;IAClB,WAAW,CAAC,EAAE,WAAW,CAAA;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,UAAU,EAAE,MAAM,CAAC,UAAU,CAAA;IAC7B,SAAS,EAAE,KAAK,CAAA;IAChB,aAAa,CAAC,EAAE,aAAa,CAAA;IAC7B,YAAY,EAAE,YAAY,CAAA;IAC1B,cAAc,EAAE,MAAM,CAAC,OAAO,CAAA;IAC9B,GAAG,EAAE,YAAY,CAAA;CAClB,CAAA;AAED,qBAAa,UAAU;IACd,UAAU,EAAE,UAAU,CAAA;IACtB,SAAS,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,SAAS,CAAA;IACrC,WAAW,EAAE,kBAAkB,CAAA;IAC/B,MAAM,EAAE,YAAY,CAAA;IACpB,gBAAgB,EAAE,gBAAgB,CAAA;IAClC,QAAQ,EAAE,cAAc,CAAA;IACxB,UAAU,EAAE,UAAU,CAAA;IACtB,SAAS,EAAE,GAAG,CAAC,MAAM,CAAA;IACrB,cAAc,EAAE,cAAc,CAAA;IAC9B,SAAS,EAAE,SAAS,CAAA;IACpB,eAAe,EAAE,eAAe,CAAA;IAChC,YAAY,CAAC,EAAE,KAAK,CAAA;IACpB,QAAQ,EAAE,QAAQ,CAAA;IAClB,WAAW,CAAC,EAAE,WAAW,CAAA;IACzB,gBAAgB,EAAE,MAAM,GAAG,SAAS,CAAA;IACpC,eAAe,EAAE,MAAM,GAAG,SAAS,CAAA;IACnC,cAAc,EAAE,MAAM,GAAG,SAAS,CAAA;IAClC,mBAAmB,EAAE,MAAM,GAAG,SAAS,CAAA;IACvC,UAAU,EAAE,MAAM,CAAC,UAAU,CAAA;IAC7B,SAAS,EAAE,KAAK,CAAA;IAChB,YAAY,EAAE,YAAY,CAAA;IAC1B,aAAa,CAAC,EAAE,aAAa,CAAA;IAC7B,cAAc,EAAE,MAAM,CAAC,OAAO,CAAA;IAC9B,GAAG,EAAE,YAAY,CAAA;gBAEZ,IAAI,EAAE,iBAAiB;WA2BtB,UAAU,CACrB,GAAG,EAAE,YAAY,EACjB,OAAO,EAAE,aAAa,EACtB,SAAS,CAAC,EAAE,OAAO,CAAC,iBAAiB,CAAC,GACrC,OAAO,CAAC,UAAU,CAAC;IAmXhB,kBAAkB,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM;;;;;IAK3C,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM;;;IAUxE,uBAAuB,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO;;;IAItC,kBAAkB,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM;;;;;IAUxD,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM;CAS3D;AAUD,eAAe,UAAU,CAAA"}

package/dist/context.js CHANGED Viewed

@@ -135,13 +135,13 @@ export class AppContext {
             blobstore,
             backgroundQueue,
         });
-        const accountManager = new AccountManager(idResolver, jwtSecretKey, mailer, cfg.service.did, cfg.identity.serviceHandleDomains, cfg.db);
-        await accountManager.migrateOrThrow();
         const plcRotationKey = secrets.plcRotationKey.provider === 'kms'
             ? await KmsKeypair.load({
                 keyId: secrets.plcRotationKey.keyId,
             })
             : await crypto.Secp256k1Keypair.import(secrets.plcRotationKey.privateKeyHex);
+        const accountManager = new AccountManager(idResolver, jwtSecretKey, mailer, sequencer, plcClient, plcRotationKey, cfg.service.did, cfg.identity.serviceHandleDomains, cfg.db);
+        await accountManager.migrateOrThrow();
         const localViewer = LocalViewer.creator(accountManager, imageUrlBuilder, bskyAppView);
         // An agent for performing HTTP requests based on user provided URLs.
         const proxyAgentBase = new undici.Agent({

package/dist/context.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"context.js","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAA;AAChC,OAAO,KAAK,GAAG,MAAM,cAAc,CAAA;AAGnC,OAAO,KAAK,UAAU,MAAM,YAAY,CAAA;AACxC,OAAO,KAAK,GAAG,MAAM,aAAa,CAAA;AAClC,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAA;AAChC,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AACtD,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AACrC,OAAO,EACL,eAAe,EACf,OAAO,EACP,WAAW,EACX,aAAa,EACb,aAAa,GACd,MAAM,yBAAyB,CAAA;AAEhC,OAAO,EACL,wBAAwB,EACxB,gBAAgB,GACjB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAEL,WAAW,EACX,aAAa,EACb,aAAa,GACd,MAAM,0BAA0B,CAAA;AACjC,OAAO,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAA;AACrE,OAAO,EAAE,UAAU,EAAE,MAAM,kCAAkC,CAAA;AAC7D,OAAO,EAAE,oBAAoB,EAAE,MAAM,6CAA6C,CAAA;AAClF,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAA;AACzD,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAC3D,OAAO,EACL,YAAY,EACZ,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,oBAAoB,CAAA;AAC3B,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAEhD,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AACxC,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAA;AAC9D,OAAO,EAAE,WAAW,EAAE,qBAAqB,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAC7E,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAA;AACzD,OAAO,EAAE,WAAW,EAAsB,MAAM,8BAA8B,CAAA;AAC9E,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AA6BhD,MAAM,OAAO,UAAU;IA0BrB,YAAY,IAAuB;QACjC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAA;QACjC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAA;QAC/B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACnC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAA;QACzB,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAA;QAC7C,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAA;QAC7B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAA;QACjC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAA;QAC/B,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,CAAA;QACzC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAA;QAC/B,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,eAAe,CAAA;QAC3C,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAA;QACrC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAA;QAC7B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACnC,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAA;QAC7C,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,eAAe,CAAA;QAC3C,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,CAAA;QACzC,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC,mBAAmB,CAAA;QACnD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAA;QACjC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAA;QAC/B,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAA;QACrC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa,CAAA;QACvC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,CAAA;QACzC,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAA;IACrB,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,UAAU,CACrB,GAAiB,EACjB,OAAsB,EACtB,SAAsC;QAEtC,MAAM,SAAS,GACb,GAAG,CAAC,SAAS,CAAC,QAAQ,KAAK,IAAI;YAC7B,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC;gBAClB,MAAM,EAAE,GAAG,CAAC,SAAS,CAAC,MAAM;gBAC5B,MAAM,EAAE,GAAG,CAAC,SAAS,CAAC,MAAM;gBAC5B,QAAQ,EAAE,GAAG,CAAC,SAAS,CAAC,QAAQ;gBAChC,cAAc,EAAE,GAAG,CAAC,SAAS,CAAC,cAAc;gBAC5C,WAAW,EAAE,GAAG,CAAC,SAAS,CAAC,WAAW;gBACtC,eAAe,EAAE,GAAG,CAAC,SAAS,CAAC,eAAe;aAC/C,CAAC;YACJ,CAAC,CAAC,aAAa,CAAC,OAAO,CACnB,GAAG,CAAC,SAAS,CAAC,QAAQ,EACtB,GAAG,CAAC,SAAS,CAAC,YAAY,CAC3B,CAAA;QAEP,MAAM,aAAa,GACjB,GAAG,CAAC,KAAK,KAAK,IAAI;YAChB,CAAC,CAAC,UAAU,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC;YAC/C,CAAC,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAA;QAEzD,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,aAAa,EAAE,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAA;QAEvE,MAAM,gBAAgB,GACpB,GAAG,CAAC,eAAe,KAAK,IAAI;YAC1B,CAAC,CAAC,UAAU,CAAC,eAAe,CAAC,GAAG,CAAC,eAAe,CAAC,OAAO,CAAC;YACzD,CAAC,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAA;QAEzD,MAAM,gBAAgB,GAAG,IAAI,gBAAgB,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAA;QAEpE,MAAM,QAAQ,GAAG,IAAI,cAAc,CACjC,GAAG,CAAC,EAAE,CAAC,aAAa,EACpB,GAAG,CAAC,QAAQ,CAAC,aAAa,EAC1B,GAAG,CAAC,QAAQ,CAAC,WAAW,EACxB,GAAG,CAAC,EAAE,CAAC,wBAAwB,CAChC,CAAA;QACD,MAAM,QAAQ,CAAC,cAAc,EAAE,CAAA;QAE/B,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC;YAChC,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,MAAM;YAC3B,QAAQ;YACR,OAAO,EAAE,GAAG,CAAC,QAAQ,CAAC,eAAe;YACrC,iBAAiB,EAAE,GAAG,CAAC,QAAQ,CAAC,uBAAuB;SACxD,CAAC,CAAA;QACF,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QAErD,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAA;QAC7C,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAC3B,eAAe,EACf,GAAG,CAAC,OAAO,CAAC,QAAQ,EACpB,GAAG,CAAC,QAAQ,CACb,CAAA;QACD,MAAM,SAAS,GAAG,IAAI,SAAS,CAC7B,GAAG,CAAC,EAAE,CAAC,cAAc,EACrB,QAAQ,EACR,SAAS,EACT,GAAG,CAAC,EAAE,CAAC,wBAAwB,CAChC,CAAA;QACD,MAAM,YAAY,GAAG,GAAG,CAAC,KAAK;YAC5B,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC;YACvD,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,WAAW,GAAG,GAAG,CAAC,WAAW;YACjC,CAAC,CAAC,IAAI,WAAW,CAAC;gBACd,GAAG,GAAG,CAAC,WAAW;gBAClB,gBAAgB,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;aACtC,CAAC;YACJ,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,gBAAgB,GAAG,GAAG,CAAC,UAAU;YACrC,CAAC,CAAC,IAAI,MAAM,CACR,EAAE,OAAO,EAAE,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,EAC/B;gBACE,2DAA2D;gBAC3D,wBAAwB,EAAE,KAAK;gBAC/B,gBAAgB,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;aACtC,CACF;YACH,CAAC,CAAC,SAAS,CAAA;QACb,MAAM,eAAe,GAAG,GAAG,CAAC,aAAa;YACvC,CAAC,CAAC,IAAI,MAAM,CACR,EAAE,OAAO,EAAE,GAAG,CAAC,aAAa,CAAC,GAAG,EAAE,EAClC;gBACE,2DAA2D;gBAC3D,wBAAwB,EAAE,KAAK;gBAC/B,gBAAgB,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;aACtC,CACF;YACH,CAAC,CAAC,SAAS,CAAA;QACb,MAAM,cAAc,GAAG,GAAG,CAAC,QAAQ;YACjC,CAAC,CAAC,IAAI,MAAM,CACR,EAAE,OAAO,EAAE,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,EAC7B;gBACE,2DAA2D;gBAC3D,wBAAwB,EAAE,KAAK;gBAC/B,gBAAgB,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;aACtC,CACF;YACH,CAAC,CAAC,SAAS,CAAA;QACb,MAAM,mBAAmB,GACvB,GAAG,CAAC,QAAQ,IAAI,OAAO,CAAC,kBAAkB;YACxC,CAAC,CAAC,IAAI,MAAM,CACR,EAAE,OAAO,EAAE,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,EAC7B;gBACE,OAAO,EAAE;oBACP,aAAa,EAAE,eAAe,CAC5B,OAAO,EACP,OAAO,CAAC,kBAAkB,CAC3B;iBACF;gBACD,2DAA2D;gBAC3D,wBAAwB,EAAE,KAAK;gBAC/B,gBAAgB,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;aACtC,CACF;YACH,CAAC,CAAC,SAAS,CAAA;QAEf,MAAM,YAAY,GAAG,qBAAqB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;QAC7D,MAAM,YAAY,GAAG,GAAG,CAAC,QAAQ;YAC/B,CAAC,CAAC,qBAAqB,CAAC,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC;YACrD,CAAC,CAAC,IAAI,CAAA;QAER,MAAM,eAAe,GAAG,IAAI,eAAe,CACzC,GAAG,CAAC,OAAO,CAAC,QAAQ,EACpB,WAAW,CACZ,CAAA;QAED,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,UAAU,EAAE;YAChD,SAAS;YACT,eAAe;SAChB,CAAC,CAAA;QAEF,MAAM,cAAc,GAAG,IAAI,cAAc,CACvC,UAAU,EACV,YAAY,EACZ,MAAM,EACN,GAAG,CAAC,OAAO,CAAC,GAAG,EACf,GAAG,CAAC,QAAQ,CAAC,oBAAoB,EACjC,GAAG,CAAC,EAAE,CACP,CAAA;QACD,MAAM,cAAc,CAAC,cAAc,EAAE,CAAA;QAErC,MAAM,cAAc,GAClB,OAAO,CAAC,cAAc,CAAC,QAAQ,KAAK,KAAK;YACvC,CAAC,CAAC,MAAM,UAAU,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,OAAO,CAAC,cAAc,CAAC,KAAK;aACpC,CAAC;YACJ,CAAC,CAAC,MAAM,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAClC,OAAO,CAAC,cAAc,CAAC,aAAa,CACrC,CAAA;QAEP,MAAM,WAAW,GAAG,WAAW,CAAC,OAAO,CACrC,cAAc,EACd,eAAe,EACf,WAAW,CACZ,CAAA;QAED,qEAAqE;QACrE,MAAM,cAAc,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC;YACtC,OAAO,EAAE,GAAG,CAAC,KAAK,CAAC,UAAU,EAAE,uBAAuB;YACtD,cAAc,EAAE,GAAG,CAAC,KAAK,CAAC,cAAc;YACxC,eAAe,EAAE,GAAG,CAAC,KAAK,CAAC,eAAe;YAC1C,WAAW,EAAE,GAAG,CAAC,KAAK,CAAC,WAAW;YAClC,OAAO,EAAE,GAAG,CAAC,KAAK,CAAC,qBAAqB;gBACtC,CAAC,CAAC,SAAS;gBACX,CAAC,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE;oBACf,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAC1B,MAAM,YAAY,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,CAAA;oBAClD,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;wBAC1B,MAAM,IAAI,KAAK,CAAC,uBAAuB,QAAQ,GAAG,CAAC,CAAA;oBACrD,CAAC;oBACD,IAAI,WAAW,CAAC,QAAQ,CAAC,KAAK,KAAK,EAAE,CAAC;wBACpC,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;oBAC7D,CAAC;oBACD,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;gBACtC,CAAC;YACL,OAAO,EAAE;gBACP,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,aAAa;aACpE;SACF,CAAC,CAAA;QACF,MAAM,UAAU,GACd,GAAG,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC;YACtB,CAAC,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,cAAc,EAAE;gBACpC,WAAW,EAAE,EAAE,EAAE,8BAA8B;gBAC/C,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC;gBACxB,UAAU,EAAE,GAAG,CAAC,KAAK,CAAC,UAAU;aACjC,CAAC;YACJ,CAAC,CAAC,cAAc,CAAA;QAEpB;;;;;;;;WAQG;QACH,MAAM,SAAS,GAAG,aAAa,CAAC;YAC9B,WAAW,EAAE,KAAK;YAClB,qBAAqB,EAAE,KAAK;YAC5B,eAAe,EAAE,GAAG,CAAC,KAAK,CAAC,eAAe;YAC1C,cAAc,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,qBAAqB;YAEhD,KAAK,EAAE,UAAU,KAAK,EAAE,IAAI;gBAC1B,MAAM,MAAM,GACV,IAAI,EAAE,MAAM,IAAI,CAAC,KAAK,YAAY,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;gBACnE,MAAM,GAAG,GAAG,KAAK,YAAY,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;gBAEhE,WAAW,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,OAAO,CAAC,CAAA;gBAE1C,OAAO,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,CAAA;YACjD,CAAC;SACF,CAAC,CAAA;QAEF,MAAM,aAAa,GAAG,GAAG,CAAC,KAAK,CAAC,QAAQ;YACtC,CAAC,CAAC,IAAI,aAAa,CAAC;gBAChB,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC,MAAM;gBACxB,MAAM,EAAE,CAAC,MAAM,OAAO,CAAC,WAAW,CAAC,YAAY,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;gBACrE,KAAK,EAAE,IAAI,UAAU,CACnB,cAAc,EACd,UAAU,EACV,eAAe,EACf,eAAe,EACf,MAAM,EACN,SAAS,EACT,SAAS,EACT,cAAc,EACd,GAAG,CAAC,OAAO,CAAC,SAAS,EACrB,GAAG,CAAC,QAAQ,CAAC,cAAc,CAC5B;gBACD,KAAK,EAAE,YAAY;gBACnB,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,kBAAkB,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ;gBACxC,oBAAoB,EAAE,GAAG,CAAC,QAAQ,CAAC,oBAAoB;gBACvD,QAAQ,EAAE,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ;gBACrC,QAAQ,EAAE,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ;gBACrC,SAAS;gBACT,WAAW,EAAE,IAAI,WAAW,CAAC;oBAC3B,KAAK,EAAE,SAAS;oBAChB,eAAe,EAAE,GAAG,CAAC,QAAQ,CAAC,MAAM;oBACpC,KAAK,EAAE;wBACL,kBAAkB,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE;4BAC/B,qBAAqB,CAAC,KAAK,CACzB,EAAE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,EACzB,iCAAiC,CAClC,CAAA;4BACD,+DAA+D;4BAC/D,OAAO,GAAG,CAAC,OAAO,CAAC,YAAY,CAAA;wBACjC,CAAC;wBACD,wBAAwB,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE;4BACpC,qBAAqB,CAAC,IAAI,CACxB,EAAE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,EAC9B,sBAAsB,CACvB,CAAA;wBACH,CAAC;wBACD,uBAAuB,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE;4BACnC,qBAAqB,CAAC,KAAK,CACzB,EAAE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,EAC9B,8BAA8B,CAC/B,CAAA;wBACH,CAAC;wBACD,aAAa,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE;4BACxB,qBAAqB,CAAC,IAAI,CACxB,EAAE,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE,EAAE,EAC5C,iBAAiB,CAClB,CAAA;wBACH,CAAC;wBACD,YAAY,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE;4BACvB,qBAAqB,CAAC,KAAK,CACzB,EAAE,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,EAC5B,qBAAqB,CACtB,CAAA;wBACH,CAAC;qBACF;iBACF,CAAC;gBACF,QAAQ,EAAE;oBACR,mBAAmB,EAAE,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;iBACxD;gBACD,mEAAmE;gBACnE,gEAAgE;gBAChE,kEAAkE;gBAClE,oEAAoE;gBACpE,0DAA0D;gBAC1D,eAAe,EAAE,eAAe,CAAC,QAAQ;gBAEzC,aAAa,CAAC,QAAQ;oBACpB,OAAO;wBACL,SAAS,EAAE,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE,cAAc,EAAE,QAAQ,CAAC,QAAQ,CAAC;qBAClE,CAAA;gBACH,CAAC;aACF,CAAC;YACJ,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,cAAc,GAAG,cAAc;YACnC,CAAC,CAAC,IAAI,oBAAoB,CAAC,cAAc,EAAE,YAAY,CAAC;YACxD,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,aAAa,GACjB,aAAa,IAAI,sCAAsC;YACvD,IAAI,aAAa,CAAC;gBAChB,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC,MAAM;gBACxB,MAAM,EAAE,CAAC,MAAM,OAAO,CAAC,WAAW,CAAC,YAAa,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;gBACvE,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,KAAK,EAAE,YAAY;gBACnB,aAAa,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE;oBAC9C,wEAAwE;oBACxE,oCAAoC;oBACpC,IAAI,SAAS,EAAE,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;wBACjC,WAAW,CAAC,IAAI,CACd,EAAE,GAAG,EAAE,SAAS,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,EACpD,6CAA6C,CAC9C,CAAA;oBACH,CAAC;oBAED,IAAI,cAAc,EAAE,CAAC;wBACnB,OAAO,CAAC,KAAK,GAAG,MAAM,cAAc,CAAC,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;oBACjE,CAAC;oBAED,OAAO,OAAO,CAAA;gBAChB,CAAC;aACF,CAAC,CAAA;QAEJ,MAAM,YAAY,GAAG,IAAI,YAAY,CACnC,cAAc,EACd,UAAU,EACV,aAAa,EACb;YACE,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,SAAS;YAChC,MAAM,EAAE,YAAY,IAAI,YAAY;YACpC,SAAS,EAAE,OAAO,CAAC,aAAa;YAChC,IAAI,EAAE;gBACJ,GAAG,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG;gBACpB,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,GAAG;gBAC3B,UAAU,EAAE,GAAG,CAAC,UAAU,EAAE,GAAG;aAChC;SACF,CACF,CAAA;QAED,OAAO,IAAI,UAAU,CAAC;YACpB,UAAU;YACV,SAAS;YACT,WAAW;YACX,MAAM;YACN,gBAAgB;YAChB,QAAQ;YACR,UAAU;YACV,SAAS;YACT,cAAc;YACd,SAAS;YACT,eAAe;YACf,YAAY;YACZ,QAAQ;YACR,WAAW;YACX,gBAAgB;YAChB,eAAe;YACf,cAAc;YACd,mBAAmB;YACnB,UAAU;YACV,SAAS;YACT,YAAY;YACZ,aAAa;YACb,cAAc;YACd,GAAG;YACH,GAAG,CAAC,SAAS,IAAI,EAAE,CAAC;SACrB,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,GAAW,EAAE,GAAW;QAC/C,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QACxB,OAAO,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;IAChE,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,GAAoB,EAAE,GAAW,EAAE,GAAW;QACtE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;QACzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAC3C,GAAG,EACH,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,EACrB,GAAG,CACJ,CAAA;QACD,OAAO,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;IACnC,CAAC;IAED,uBAAuB,CAAC,GAAoB;QAC1C,OAAO,YAAY,CAAC,GAAG,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA;IAC7C,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,GAAW,EAAE,GAAW,EAAE,GAAW;QAC5D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAClD,OAAO,wBAAwB,CAAC;YAC9B,GAAG,EAAE,GAAG;YACR,GAAG;YACH,GAAG;YACH,OAAO;SACR,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,GAAW,EAAE,GAAW,EAAE,GAAW;QACxD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAClD,OAAO,gBAAgB,CAAC;YACtB,GAAG,EAAE,GAAG;YACR,GAAG;YACH,GAAG;YACH,OAAO;SACR,CAAC,CAAA;IACJ,CAAC;CACF;AAED,MAAM,eAAe,GAAG,CAAC,QAAgB,EAAE,QAAgB,EAAE,EAAE;IAC7D,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,CAC1B,GAAG,CAAC,UAAU,CAAC,GAAG,QAAQ,IAAI,QAAQ,EAAE,EAAE,MAAM,CAAC,EACjD,WAAW,CACZ,CAAA;IACD,OAAO,SAAS,OAAO,EAAE,CAAA;AAC3B,CAAC,CAAA;AAED,eAAe,UAAU,CAAA","sourcesContent":["import assert from 'node:assert'\nimport * as plc from '@did-plc/lib'\nimport express from 'express'\nimport { Redis } from 'ioredis'\nimport * as nodemailer from 'nodemailer'\nimport * as ui8 from 'uint8arrays'\nimport * as undici from 'undici'\nimport { KmsKeypair, S3BlobStore } from '@atproto/aws'\nimport * as crypto from '@atproto/crypto'\nimport { IdResolver } from '@atproto/identity'\nimport { Client } from '@atproto/lex'\nimport {\n AccessTokenMode,\n JoseKey,\n LexResolver,\n OAuthProvider,\n OAuthVerifier,\n} from '@atproto/oauth-provider'\nimport { BlobStore } from '@atproto/repo'\nimport {\n createServiceAuthHeaders,\n createServiceJwt,\n} from '@atproto/xrpc-server'\nimport {\n Fetch,\n isUnicastIp,\n safeFetchWrap,\n unicastLookup,\n} from '@atproto-labs/fetch-node'\nimport { AccountManager } from './account-manager/account-manager.js'\nimport { OAuthStore } from './account-manager/oauth-store.js'\nimport { ScopeReferenceGetter } from './account-manager/scope-reference-getter.js'\nimport { ActorStore } from './actor-store/actor-store.js'\nimport { authPassthru, forwardedFor } from './api/proxy.js'\nimport {\n AuthVerifier,\n createPublicKeyObject,\n createSecretKeyObject,\n} from './auth-verifier.js'\nimport { BackgroundQueue } from './background.js'\nimport { BskyAppView } from './bsky-app-view.js'\nimport { ServerConfig, ServerSecrets } from './config/index.js'\nimport { Crawlers } from './crawlers.js'\nimport { DidSqliteCache } from './did-cache/index.js'\nimport { DiskBlobStore } from './disk-blobstore.js'\nimport { ImageUrlBuilder } from './image/image-url-builder.js'\nimport { fetchLogger, lexiconResolverLogger, oauthLogger } from './logger.js'\nimport { ServerMailer } from './mailer/index.js'\nimport { ModerationMailer } from './mailer/moderation.js'\nimport { LocalViewer, LocalViewerCreator } from './read-after-write/viewer.js'\nimport { getRedisClient } from './redis.js'\nimport { Sequencer } from './sequencer/index.js'\n\nexport type AppContextOptions = {\n actorStore: ActorStore\n blobstore: (did: string) => BlobStore\n localViewer: LocalViewerCreator\n mailer: ServerMailer\n moderationMailer: ModerationMailer\n didCache: DidSqliteCache\n idResolver: IdResolver\n plcClient: plc.Client\n accountManager: AccountManager\n sequencer: Sequencer\n backgroundQueue: BackgroundQueue\n redisScratch?: Redis\n crawlers: Crawlers\n bskyAppView?: BskyAppView\n moderationClient?: Client\n reportingClient?: Client\n entrywayClient?: Client\n entrywayAdminClient?: Client\n proxyAgent: undici.Dispatcher\n safeFetch: Fetch\n oauthProvider?: OAuthProvider\n authVerifier: AuthVerifier\n plcRotationKey: crypto.Keypair\n cfg: ServerConfig\n}\n\nexport class AppContext {\n public actorStore: ActorStore\n public blobstore: (did: string) => BlobStore\n public localViewer: LocalViewerCreator\n public mailer: ServerMailer\n public moderationMailer: ModerationMailer\n public didCache: DidSqliteCache\n public idResolver: IdResolver\n public plcClient: plc.Client\n public accountManager: AccountManager\n public sequencer: Sequencer\n public backgroundQueue: BackgroundQueue\n public redisScratch?: Redis\n public crawlers: Crawlers\n public bskyAppView?: BskyAppView\n public moderationClient: Client \| undefined\n public reportingClient: Client \| undefined\n public entrywayClient: Client \| undefined\n public entrywayAdminClient: Client \| undefined\n public proxyAgent: undici.Dispatcher\n public safeFetch: Fetch\n public authVerifier: AuthVerifier\n public oauthProvider?: OAuthProvider\n public plcRotationKey: crypto.Keypair\n public cfg: ServerConfig\n\n constructor(opts: AppContextOptions) {\n this.actorStore = opts.actorStore\n this.blobstore = opts.blobstore\n this.localViewer = opts.localViewer\n this.mailer = opts.mailer\n this.moderationMailer = opts.moderationMailer\n this.didCache = opts.didCache\n this.idResolver = opts.idResolver\n this.plcClient = opts.plcClient\n this.accountManager = opts.accountManager\n this.sequencer = opts.sequencer\n this.backgroundQueue = opts.backgroundQueue\n this.redisScratch = opts.redisScratch\n this.crawlers = opts.crawlers\n this.bskyAppView = opts.bskyAppView\n this.moderationClient = opts.moderationClient\n this.reportingClient = opts.reportingClient\n this.entrywayClient = opts.entrywayClient\n this.entrywayAdminClient = opts.entrywayAdminClient\n this.proxyAgent = opts.proxyAgent\n this.safeFetch = opts.safeFetch\n this.authVerifier = opts.authVerifier\n this.oauthProvider = opts.oauthProvider\n this.plcRotationKey = opts.plcRotationKey\n this.cfg = opts.cfg\n }\n\n static async fromConfig(\n cfg: ServerConfig,\n secrets: ServerSecrets,\n overrides?: Partial<AppContextOptions>,\n ): Promise<AppContext> {\n const blobstore =\n cfg.blobstore.provider === 's3'\n ? S3BlobStore.creator({\n bucket: cfg.blobstore.bucket,\n region: cfg.blobstore.region,\n endpoint: cfg.blobstore.endpoint,\n forcePathStyle: cfg.blobstore.forcePathStyle,\n credentials: cfg.blobstore.credentials,\n uploadTimeoutMs: cfg.blobstore.uploadTimeoutMs,\n })\n : DiskBlobStore.creator(\n cfg.blobstore.location,\n cfg.blobstore.tempLocation,\n )\n\n const mailTransport =\n cfg.email !== null\n ? nodemailer.createTransport(cfg.email.smtpUrl)\n : nodemailer.createTransport({ jsonTransport: true })\n\n const mailer = new ServerMailer(mailTransport, cfg.email, cfg.branding)\n\n const modMailTransport =\n cfg.moderationEmail !== null\n ? nodemailer.createTransport(cfg.moderationEmail.smtpUrl)\n : nodemailer.createTransport({ jsonTransport: true })\n\n const moderationMailer = new ModerationMailer(modMailTransport, cfg)\n\n const didCache = new DidSqliteCache(\n cfg.db.didCacheDbLoc,\n cfg.identity.cacheStaleTTL,\n cfg.identity.cacheMaxTTL,\n cfg.db.disableWalAutoCheckpoint,\n )\n await didCache.migrateOrThrow()\n\n const idResolver = new IdResolver({\n plcUrl: cfg.identity.plcUrl,\n didCache,\n timeout: cfg.identity.resolverTimeout,\n backupNameservers: cfg.identity.handleBackupNameservers,\n })\n const plcClient = new plc.Client(cfg.identity.plcUrl)\n\n const backgroundQueue = new BackgroundQueue()\n const crawlers = new Crawlers(\n backgroundQueue,\n cfg.service.hostname,\n cfg.crawlers,\n )\n const sequencer = new Sequencer(\n cfg.db.sequencerDbLoc,\n crawlers,\n undefined,\n cfg.db.disableWalAutoCheckpoint,\n )\n const redisScratch = cfg.redis\n ? getRedisClient(cfg.redis.address, cfg.redis.password)\n : undefined\n\n const bskyAppView = cfg.bskyAppView\n ? new BskyAppView({\n ...cfg.bskyAppView,\n validateResponse: cfg.service.devMode,\n })\n : undefined\n\n const moderationClient = cfg.modService\n ? new Client(\n { service: cfg.modService.url },\n {\n // Trust internal services to send us well-formed responses\n strictResponseProcessing: false,\n validateResponse: cfg.service.devMode,\n },\n )\n : undefined\n const reportingClient = cfg.reportService\n ? new Client(\n { service: cfg.reportService.url },\n {\n // Trust internal services to send us well-formed responses\n strictResponseProcessing: false,\n validateResponse: cfg.service.devMode,\n },\n )\n : undefined\n const entrywayClient = cfg.entryway\n ? new Client(\n { service: cfg.entryway.url },\n {\n // Trust internal services to send us well-formed responses\n strictResponseProcessing: false,\n validateResponse: cfg.service.devMode,\n },\n )\n : undefined\n const entrywayAdminClient =\n cfg.entryway && secrets.entrywayAdminToken\n ? new Client(\n { service: cfg.entryway.url },\n {\n headers: {\n authorization: basicAuthHeader(\n 'admin',\n secrets.entrywayAdminToken,\n ),\n },\n // Trust internal services to send us well-formed responses\n strictResponseProcessing: false,\n validateResponse: cfg.service.devMode,\n },\n )\n : undefined\n\n const jwtSecretKey = createSecretKeyObject(secrets.jwtSecret)\n const jwtPublicKey = cfg.entryway\n ? createPublicKeyObject(cfg.entryway.jwtPublicKeyHex)\n : null\n\n const imageUrlBuilder = new ImageUrlBuilder(\n cfg.service.hostname,\n bskyAppView,\n )\n\n const actorStore = new ActorStore(cfg.actorStore, {\n blobstore,\n backgroundQueue,\n })\n\n const accountManager = new AccountManager(\n idResolver,\n jwtSecretKey,\n mailer,\n cfg.service.did,\n cfg.identity.serviceHandleDomains,\n cfg.db,\n )\n await accountManager.migrateOrThrow()\n\n const plcRotationKey =\n secrets.plcRotationKey.provider === 'kms'\n ? await KmsKeypair.load({\n keyId: secrets.plcRotationKey.keyId,\n })\n : await crypto.Secp256k1Keypair.import(\n secrets.plcRotationKey.privateKeyHex,\n )\n\n const localViewer = LocalViewer.creator(\n accountManager,\n imageUrlBuilder,\n bskyAppView,\n )\n\n // An agent for performing HTTP requests based on user provided URLs.\n const proxyAgentBase = new undici.Agent({\n allowH2: cfg.proxy.allowHTTP2, // This is experimental\n headersTimeout: cfg.proxy.headersTimeout,\n maxResponseSize: cfg.proxy.maxResponseSize,\n bodyTimeout: cfg.proxy.bodyTimeout,\n factory: cfg.proxy.disableSsrfProtection\n ? undefined\n : (origin, opts) => {\n const { protocol, hostname } =\n origin instanceof URL ? origin : new URL(origin)\n if (protocol !== 'https:') {\n throw new Error(`Forbidden protocol \"${protocol}\"`)\n }\n if (isUnicastIp(hostname) === false) {\n throw new Error('Hostname resolved to non-unicast address')\n }\n return new undici.Pool(origin, opts)\n },\n connect: {\n lookup: cfg.proxy.disableSsrfProtection ? undefined : unicastLookup,\n },\n })\n const proxyAgent =\n cfg.proxy.maxRetries > 0\n ? new undici.RetryAgent(proxyAgentBase, {\n statusCodes: [], // Only retry on socket errors\n methods: ['GET', 'HEAD'],\n maxRetries: cfg.proxy.maxRetries,\n })\n : proxyAgentBase\n\n /*\n A fetch() function that protects against SSRF attacks, large responses &\n * known bad domains. This function can safely be used to fetch user\n * provided URLs (unless \"disableSsrfProtection\" is true, of course).\n \n @note DO NOT wrap `safeFetch` with any logging or other transforms as\n * this might prevent the use of explicit `redirect: \"follow\"` init from\n * working. See {@link safeFetchWrap}.\n */\n const safeFetch = safeFetchWrap({\n allowIpHost: false,\n allowImplicitRedirect: false,\n responseMaxSize: cfg.fetch.maxResponseSize,\n ssrfProtection: !cfg.fetch.disableSsrfProtection,\n\n fetch: function (input, init) {\n const method =\n init?.method ?? (input instanceof Request ? input.method : 'GET')\n const uri = input instanceof Request ? input.url : String(input)\n\n fetchLogger.info({ method, uri }, 'fetch')\n\n return globalThis.fetch.call(this, input, init)\n },\n })\n\n const oauthProvider = cfg.oauth.provider\n ? new OAuthProvider({\n issuer: cfg.oauth.issuer,\n keyset: [await JoseKey.fromKeyLike(jwtSecretKey, undefined, 'HS256')],\n store: new OAuthStore(\n accountManager,\n actorStore,\n imageUrlBuilder,\n backgroundQueue,\n mailer,\n sequencer,\n plcClient,\n plcRotationKey,\n cfg.service.publicUrl,\n cfg.identity.recoveryDidKey,\n ),\n redis: redisScratch,\n dpopSecret: secrets.dpopSecret,\n inviteCodeRequired: cfg.invites.required,\n availableUserDomains: cfg.identity.serviceHandleDomains,\n hcaptcha: cfg.oauth.provider.hcaptcha,\n branding: cfg.oauth.provider.branding,\n safeFetch,\n lexResolver: new LexResolver({\n fetch: safeFetch,\n plcDirectoryUrl: cfg.identity.plcUrl,\n hooks: {\n onResolveAuthority: ({ nsid }) => {\n lexiconResolverLogger.debug(\n { nsid: nsid.toString() },\n 'Resolving lexicon DID authority',\n )\n // Override the lexicon did resolution to point to a custom PDS\n return cfg.lexicon.didAuthority\n },\n onResolveAuthorityResult({ nsid, did }) {\n lexiconResolverLogger.info(\n { nsid: nsid.toString(), did },\n 'Resolved lexicon DID',\n )\n },\n onResolveAuthorityError({ nsid, err }) {\n lexiconResolverLogger.error(\n { nsid: nsid.toString(), err },\n 'Lexicon DID resolution error',\n )\n },\n onFetchResult({ uri, cid }) {\n lexiconResolverLogger.info(\n { uri: uri.toString(), cid: cid.toString() },\n 'Fetched lexicon',\n )\n },\n onFetchError({ err, uri }) {\n lexiconResolverLogger.error(\n { uri: uri.toString(), err },\n 'Lexicon fetch error',\n )\n },\n },\n }),\n metadata: {\n protected_resources: [new URL(cfg.oauth.issuer).origin],\n },\n // If the PDS is both an authorization server & resource server (no\n // entryway), we can afford to check the token validity on every\n // request. This allows revoked tokens to be rejected immediately.\n // This also allows JWT to be shorter since some claims (notably the\n // \"scope\" claim) do not need to be included in the token.\n accessTokenMode: AccessTokenMode.stateful,\n\n getClientInfo(clientId) {\n return {\n isTrusted: cfg.oauth.provider?.trustedClients?.includes(clientId),\n }\n },\n })\n : undefined\n\n const scopeRefGetter = entrywayClient\n ? new ScopeReferenceGetter(entrywayClient, redisScratch)\n : undefined\n\n const oauthVerifier: OAuthVerifier =\n oauthProvider ?? // OAuthProvider extends OAuthVerifier\n new OAuthVerifier({\n issuer: cfg.oauth.issuer,\n keyset: [await JoseKey.fromKeyLike(jwtPublicKey!, undefined, 'ES256K')],\n dpopSecret: secrets.dpopSecret,\n redis: redisScratch,\n onDecodeToken: async ({ payload, dpopProof }) => {\n // @TODO drop this once oauth provider no longer accepts DPoP proof with\n // query or fragment in \"htu\" claim.\n if (dpopProof?.htu.match(/[?#]/)) {\n oauthLogger.info(\n { htu: dpopProof.htu, client_id: payload.client_id },\n 'DPoP proof \"htu\" contains query or fragment',\n )\n }\n\n if (scopeRefGetter) {\n payload.scope = await scopeRefGetter.dereference(payload.scope)\n }\n\n return payload\n },\n })\n\n const authVerifier = new AuthVerifier(\n accountManager,\n idResolver,\n oauthVerifier,\n {\n publicUrl: cfg.service.publicUrl,\n jwtKey: jwtPublicKey ?? jwtSecretKey,\n adminPass: secrets.adminPassword,\n dids: {\n pds: cfg.service.did,\n entryway: cfg.entryway?.did,\n modService: cfg.modService?.did,\n },\n },\n )\n\n return new AppContext({\n actorStore,\n blobstore,\n localViewer,\n mailer,\n moderationMailer,\n didCache,\n idResolver,\n plcClient,\n accountManager,\n sequencer,\n backgroundQueue,\n redisScratch,\n crawlers,\n bskyAppView,\n moderationClient,\n reportingClient,\n entrywayClient,\n entrywayAdminClient,\n proxyAgent,\n safeFetch,\n authVerifier,\n oauthProvider,\n plcRotationKey,\n cfg,\n ...(overrides ?? {}),\n })\n }\n\n async appviewAuthHeaders(did: string, lxm: string) {\n assert(this.bskyAppView)\n return this.serviceAuthHeaders(did, this.bskyAppView.did, lxm)\n }\n\n async entrywayAuthHeaders(req: express.Request, did: string, lxm: string) {\n assert(this.cfg.entryway)\n const headers = await this.serviceAuthHeaders(\n did,\n this.cfg.entryway.did,\n lxm,\n )\n return forwardedFor(req, headers)\n }\n\n entrywayPassthruHeaders(req: express.Request) {\n return forwardedFor(req, authPassthru(req))\n }\n\n async serviceAuthHeaders(did: string, aud: string, lxm: string) {\n const keypair = await this.actorStore.keypair(did)\n return createServiceAuthHeaders({\n iss: did,\n aud,\n lxm,\n keypair,\n })\n }\n\n async serviceAuthJwt(did: string, aud: string, lxm: string) {\n const keypair = await this.actorStore.keypair(did)\n return createServiceJwt({\n iss: did,\n aud,\n lxm,\n keypair,\n })\n }\n}\n\nconst basicAuthHeader = (username: string, password: string) => {\n const encoded = ui8.toString(\n ui8.fromString(`${username}:${password}`, 'utf8'),\n 'base64pad',\n )\n return `Basic ${encoded}`\n}\n\nexport default AppContext\n"]}
1	+ {"version":3,"file":"context.js","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAA;AAChC,OAAO,KAAK,GAAG,MAAM,cAAc,CAAA;AAGnC,OAAO,KAAK,UAAU,MAAM,YAAY,CAAA;AACxC,OAAO,KAAK,GAAG,MAAM,aAAa,CAAA;AAClC,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAA;AAChC,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AACtD,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AACrC,OAAO,EACL,eAAe,EACf,OAAO,EACP,WAAW,EACX,aAAa,EACb,aAAa,GACd,MAAM,yBAAyB,CAAA;AAEhC,OAAO,EACL,wBAAwB,EACxB,gBAAgB,GACjB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAEL,WAAW,EACX,aAAa,EACb,aAAa,GACd,MAAM,0BAA0B,CAAA;AACjC,OAAO,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAA;AACrE,OAAO,EAAE,UAAU,EAAE,MAAM,kCAAkC,CAAA;AAC7D,OAAO,EAAE,oBAAoB,EAAE,MAAM,6CAA6C,CAAA;AAClF,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAA;AACzD,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAC3D,OAAO,EACL,YAAY,EACZ,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,oBAAoB,CAAA;AAC3B,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAEhD,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AACxC,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAA;AAC9D,OAAO,EAAE,WAAW,EAAE,qBAAqB,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAC7E,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAA;AACzD,OAAO,EAAE,WAAW,EAAsB,MAAM,8BAA8B,CAAA;AAC9E,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AA6BhD,MAAM,OAAO,UAAU;IA0BrB,YAAY,IAAuB;QACjC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAA;QACjC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAA;QAC/B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACnC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAA;QACzB,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAA;QAC7C,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAA;QAC7B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAA;QACjC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAA;QAC/B,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,CAAA;QACzC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAA;QAC/B,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,eAAe,CAAA;QAC3C,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAA;QACrC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAA;QAC7B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACnC,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAA;QAC7C,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,eAAe,CAAA;QAC3C,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,CAAA;QACzC,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC,mBAAmB,CAAA;QACnD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAA;QACjC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAA;QAC/B,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAA;QACrC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa,CAAA;QACvC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,CAAA;QACzC,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAA;IACrB,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,UAAU,CACrB,GAAiB,EACjB,OAAsB,EACtB,SAAsC;QAEtC,MAAM,SAAS,GACb,GAAG,CAAC,SAAS,CAAC,QAAQ,KAAK,IAAI;YAC7B,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC;gBAClB,MAAM,EAAE,GAAG,CAAC,SAAS,CAAC,MAAM;gBAC5B,MAAM,EAAE,GAAG,CAAC,SAAS,CAAC,MAAM;gBAC5B,QAAQ,EAAE,GAAG,CAAC,SAAS,CAAC,QAAQ;gBAChC,cAAc,EAAE,GAAG,CAAC,SAAS,CAAC,cAAc;gBAC5C,WAAW,EAAE,GAAG,CAAC,SAAS,CAAC,WAAW;gBACtC,eAAe,EAAE,GAAG,CAAC,SAAS,CAAC,eAAe;aAC/C,CAAC;YACJ,CAAC,CAAC,aAAa,CAAC,OAAO,CACnB,GAAG,CAAC,SAAS,CAAC,QAAQ,EACtB,GAAG,CAAC,SAAS,CAAC,YAAY,CAC3B,CAAA;QAEP,MAAM,aAAa,GACjB,GAAG,CAAC,KAAK,KAAK,IAAI;YAChB,CAAC,CAAC,UAAU,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC;YAC/C,CAAC,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAA;QAEzD,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,aAAa,EAAE,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAA;QAEvE,MAAM,gBAAgB,GACpB,GAAG,CAAC,eAAe,KAAK,IAAI;YAC1B,CAAC,CAAC,UAAU,CAAC,eAAe,CAAC,GAAG,CAAC,eAAe,CAAC,OAAO,CAAC;YACzD,CAAC,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAA;QAEzD,MAAM,gBAAgB,GAAG,IAAI,gBAAgB,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAA;QAEpE,MAAM,QAAQ,GAAG,IAAI,cAAc,CACjC,GAAG,CAAC,EAAE,CAAC,aAAa,EACpB,GAAG,CAAC,QAAQ,CAAC,aAAa,EAC1B,GAAG,CAAC,QAAQ,CAAC,WAAW,EACxB,GAAG,CAAC,EAAE,CAAC,wBAAwB,CAChC,CAAA;QACD,MAAM,QAAQ,CAAC,cAAc,EAAE,CAAA;QAE/B,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC;YAChC,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,MAAM;YAC3B,QAAQ;YACR,OAAO,EAAE,GAAG,CAAC,QAAQ,CAAC,eAAe;YACrC,iBAAiB,EAAE,GAAG,CAAC,QAAQ,CAAC,uBAAuB;SACxD,CAAC,CAAA;QACF,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QAErD,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAA;QAC7C,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAC3B,eAAe,EACf,GAAG,CAAC,OAAO,CAAC,QAAQ,EACpB,GAAG,CAAC,QAAQ,CACb,CAAA;QACD,MAAM,SAAS,GAAG,IAAI,SAAS,CAC7B,GAAG,CAAC,EAAE,CAAC,cAAc,EACrB,QAAQ,EACR,SAAS,EACT,GAAG,CAAC,EAAE,CAAC,wBAAwB,CAChC,CAAA;QACD,MAAM,YAAY,GAAG,GAAG,CAAC,KAAK;YAC5B,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC;YACvD,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,WAAW,GAAG,GAAG,CAAC,WAAW;YACjC,CAAC,CAAC,IAAI,WAAW,CAAC;gBACd,GAAG,GAAG,CAAC,WAAW;gBAClB,gBAAgB,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;aACtC,CAAC;YACJ,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,gBAAgB,GAAG,GAAG,CAAC,UAAU;YACrC,CAAC,CAAC,IAAI,MAAM,CACR,EAAE,OAAO,EAAE,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,EAC/B;gBACE,2DAA2D;gBAC3D,wBAAwB,EAAE,KAAK;gBAC/B,gBAAgB,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;aACtC,CACF;YACH,CAAC,CAAC,SAAS,CAAA;QACb,MAAM,eAAe,GAAG,GAAG,CAAC,aAAa;YACvC,CAAC,CAAC,IAAI,MAAM,CACR,EAAE,OAAO,EAAE,GAAG,CAAC,aAAa,CAAC,GAAG,EAAE,EAClC;gBACE,2DAA2D;gBAC3D,wBAAwB,EAAE,KAAK;gBAC/B,gBAAgB,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;aACtC,CACF;YACH,CAAC,CAAC,SAAS,CAAA;QACb,MAAM,cAAc,GAAG,GAAG,CAAC,QAAQ;YACjC,CAAC,CAAC,IAAI,MAAM,CACR,EAAE,OAAO,EAAE,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,EAC7B;gBACE,2DAA2D;gBAC3D,wBAAwB,EAAE,KAAK;gBAC/B,gBAAgB,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;aACtC,CACF;YACH,CAAC,CAAC,SAAS,CAAA;QACb,MAAM,mBAAmB,GACvB,GAAG,CAAC,QAAQ,IAAI,OAAO,CAAC,kBAAkB;YACxC,CAAC,CAAC,IAAI,MAAM,CACR,EAAE,OAAO,EAAE,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,EAC7B;gBACE,OAAO,EAAE;oBACP,aAAa,EAAE,eAAe,CAC5B,OAAO,EACP,OAAO,CAAC,kBAAkB,CAC3B;iBACF;gBACD,2DAA2D;gBAC3D,wBAAwB,EAAE,KAAK;gBAC/B,gBAAgB,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;aACtC,CACF;YACH,CAAC,CAAC,SAAS,CAAA;QAEf,MAAM,YAAY,GAAG,qBAAqB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;QAC7D,MAAM,YAAY,GAAG,GAAG,CAAC,QAAQ;YAC/B,CAAC,CAAC,qBAAqB,CAAC,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC;YACrD,CAAC,CAAC,IAAI,CAAA;QAER,MAAM,eAAe,GAAG,IAAI,eAAe,CACzC,GAAG,CAAC,OAAO,CAAC,QAAQ,EACpB,WAAW,CACZ,CAAA;QAED,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,UAAU,EAAE;YAChD,SAAS;YACT,eAAe;SAChB,CAAC,CAAA;QAEF,MAAM,cAAc,GAClB,OAAO,CAAC,cAAc,CAAC,QAAQ,KAAK,KAAK;YACvC,CAAC,CAAC,MAAM,UAAU,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,OAAO,CAAC,cAAc,CAAC,KAAK;aACpC,CAAC;YACJ,CAAC,CAAC,MAAM,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAClC,OAAO,CAAC,cAAc,CAAC,aAAa,CACrC,CAAA;QAEP,MAAM,cAAc,GAAG,IAAI,cAAc,CACvC,UAAU,EACV,YAAY,EACZ,MAAM,EACN,SAAS,EACT,SAAS,EACT,cAAc,EACd,GAAG,CAAC,OAAO,CAAC,GAAG,EACf,GAAG,CAAC,QAAQ,CAAC,oBAAoB,EACjC,GAAG,CAAC,EAAE,CACP,CAAA;QACD,MAAM,cAAc,CAAC,cAAc,EAAE,CAAA;QAErC,MAAM,WAAW,GAAG,WAAW,CAAC,OAAO,CACrC,cAAc,EACd,eAAe,EACf,WAAW,CACZ,CAAA;QAED,qEAAqE;QACrE,MAAM,cAAc,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC;YACtC,OAAO,EAAE,GAAG,CAAC,KAAK,CAAC,UAAU,EAAE,uBAAuB;YACtD,cAAc,EAAE,GAAG,CAAC,KAAK,CAAC,cAAc;YACxC,eAAe,EAAE,GAAG,CAAC,KAAK,CAAC,eAAe;YAC1C,WAAW,EAAE,GAAG,CAAC,KAAK,CAAC,WAAW;YAClC,OAAO,EAAE,GAAG,CAAC,KAAK,CAAC,qBAAqB;gBACtC,CAAC,CAAC,SAAS;gBACX,CAAC,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE;oBACf,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAC1B,MAAM,YAAY,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,CAAA;oBAClD,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;wBAC1B,MAAM,IAAI,KAAK,CAAC,uBAAuB,QAAQ,GAAG,CAAC,CAAA;oBACrD,CAAC;oBACD,IAAI,WAAW,CAAC,QAAQ,CAAC,KAAK,KAAK,EAAE,CAAC;wBACpC,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;oBAC7D,CAAC;oBACD,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;gBACtC,CAAC;YACL,OAAO,EAAE;gBACP,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,aAAa;aACpE;SACF,CAAC,CAAA;QACF,MAAM,UAAU,GACd,GAAG,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC;YACtB,CAAC,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,cAAc,EAAE;gBACpC,WAAW,EAAE,EAAE,EAAE,8BAA8B;gBAC/C,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC;gBACxB,UAAU,EAAE,GAAG,CAAC,KAAK,CAAC,UAAU;aACjC,CAAC;YACJ,CAAC,CAAC,cAAc,CAAA;QAEpB;;;;;;;;WAQG;QACH,MAAM,SAAS,GAAG,aAAa,CAAC;YAC9B,WAAW,EAAE,KAAK;YAClB,qBAAqB,EAAE,KAAK;YAC5B,eAAe,EAAE,GAAG,CAAC,KAAK,CAAC,eAAe;YAC1C,cAAc,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,qBAAqB;YAEhD,KAAK,EAAE,UAAU,KAAK,EAAE,IAAI;gBAC1B,MAAM,MAAM,GACV,IAAI,EAAE,MAAM,IAAI,CAAC,KAAK,YAAY,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;gBACnE,MAAM,GAAG,GAAG,KAAK,YAAY,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;gBAEhE,WAAW,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,OAAO,CAAC,CAAA;gBAE1C,OAAO,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,CAAA;YACjD,CAAC;SACF,CAAC,CAAA;QAEF,MAAM,aAAa,GAAG,GAAG,CAAC,KAAK,CAAC,QAAQ;YACtC,CAAC,CAAC,IAAI,aAAa,CAAC;gBAChB,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC,MAAM;gBACxB,MAAM,EAAE,CAAC,MAAM,OAAO,CAAC,WAAW,CAAC,YAAY,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;gBACrE,KAAK,EAAE,IAAI,UAAU,CACnB,cAAc,EACd,UAAU,EACV,eAAe,EACf,eAAe,EACf,MAAM,EACN,SAAS,EACT,SAAS,EACT,cAAc,EACd,GAAG,CAAC,OAAO,CAAC,SAAS,EACrB,GAAG,CAAC,QAAQ,CAAC,cAAc,CAC5B;gBACD,KAAK,EAAE,YAAY;gBACnB,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,kBAAkB,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ;gBACxC,oBAAoB,EAAE,GAAG,CAAC,QAAQ,CAAC,oBAAoB;gBACvD,QAAQ,EAAE,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ;gBACrC,QAAQ,EAAE,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ;gBACrC,SAAS;gBACT,WAAW,EAAE,IAAI,WAAW,CAAC;oBAC3B,KAAK,EAAE,SAAS;oBAChB,eAAe,EAAE,GAAG,CAAC,QAAQ,CAAC,MAAM;oBACpC,KAAK,EAAE;wBACL,kBAAkB,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE;4BAC/B,qBAAqB,CAAC,KAAK,CACzB,EAAE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,EACzB,iCAAiC,CAClC,CAAA;4BACD,+DAA+D;4BAC/D,OAAO,GAAG,CAAC,OAAO,CAAC,YAAY,CAAA;wBACjC,CAAC;wBACD,wBAAwB,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE;4BACpC,qBAAqB,CAAC,IAAI,CACxB,EAAE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,EAC9B,sBAAsB,CACvB,CAAA;wBACH,CAAC;wBACD,uBAAuB,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE;4BACnC,qBAAqB,CAAC,KAAK,CACzB,EAAE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,EAC9B,8BAA8B,CAC/B,CAAA;wBACH,CAAC;wBACD,aAAa,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE;4BACxB,qBAAqB,CAAC,IAAI,CACxB,EAAE,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE,EAAE,EAC5C,iBAAiB,CAClB,CAAA;wBACH,CAAC;wBACD,YAAY,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE;4BACvB,qBAAqB,CAAC,KAAK,CACzB,EAAE,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,EAC5B,qBAAqB,CACtB,CAAA;wBACH,CAAC;qBACF;iBACF,CAAC;gBACF,QAAQ,EAAE;oBACR,mBAAmB,EAAE,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;iBACxD;gBACD,mEAAmE;gBACnE,gEAAgE;gBAChE,kEAAkE;gBAClE,oEAAoE;gBACpE,0DAA0D;gBAC1D,eAAe,EAAE,eAAe,CAAC,QAAQ;gBAEzC,aAAa,CAAC,QAAQ;oBACpB,OAAO;wBACL,SAAS,EAAE,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE,cAAc,EAAE,QAAQ,CAAC,QAAQ,CAAC;qBAClE,CAAA;gBACH,CAAC;aACF,CAAC;YACJ,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,cAAc,GAAG,cAAc;YACnC,CAAC,CAAC,IAAI,oBAAoB,CAAC,cAAc,EAAE,YAAY,CAAC;YACxD,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,aAAa,GACjB,aAAa,IAAI,sCAAsC;YACvD,IAAI,aAAa,CAAC;gBAChB,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC,MAAM;gBACxB,MAAM,EAAE,CAAC,MAAM,OAAO,CAAC,WAAW,CAAC,YAAa,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;gBACvE,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,KAAK,EAAE,YAAY;gBACnB,aAAa,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE;oBAC9C,wEAAwE;oBACxE,oCAAoC;oBACpC,IAAI,SAAS,EAAE,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;wBACjC,WAAW,CAAC,IAAI,CACd,EAAE,GAAG,EAAE,SAAS,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,EACpD,6CAA6C,CAC9C,CAAA;oBACH,CAAC;oBAED,IAAI,cAAc,EAAE,CAAC;wBACnB,OAAO,CAAC,KAAK,GAAG,MAAM,cAAc,CAAC,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;oBACjE,CAAC;oBAED,OAAO,OAAO,CAAA;gBAChB,CAAC;aACF,CAAC,CAAA;QAEJ,MAAM,YAAY,GAAG,IAAI,YAAY,CACnC,cAAc,EACd,UAAU,EACV,aAAa,EACb;YACE,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,SAAS;YAChC,MAAM,EAAE,YAAY,IAAI,YAAY;YACpC,SAAS,EAAE,OAAO,CAAC,aAAa;YAChC,IAAI,EAAE;gBACJ,GAAG,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG;gBACpB,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,GAAG;gBAC3B,UAAU,EAAE,GAAG,CAAC,UAAU,EAAE,GAAG;aAChC;SACF,CACF,CAAA;QAED,OAAO,IAAI,UAAU,CAAC;YACpB,UAAU;YACV,SAAS;YACT,WAAW;YACX,MAAM;YACN,gBAAgB;YAChB,QAAQ;YACR,UAAU;YACV,SAAS;YACT,cAAc;YACd,SAAS;YACT,eAAe;YACf,YAAY;YACZ,QAAQ;YACR,WAAW;YACX,gBAAgB;YAChB,eAAe;YACf,cAAc;YACd,mBAAmB;YACnB,UAAU;YACV,SAAS;YACT,YAAY;YACZ,aAAa;YACb,cAAc;YACd,GAAG;YACH,GAAG,CAAC,SAAS,IAAI,EAAE,CAAC;SACrB,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,GAAW,EAAE,GAAW;QAC/C,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QACxB,OAAO,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;IAChE,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,GAAoB,EAAE,GAAW,EAAE,GAAW;QACtE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;QACzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAC3C,GAAG,EACH,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,EACrB,GAAG,CACJ,CAAA;QACD,OAAO,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;IACnC,CAAC;IAED,uBAAuB,CAAC,GAAoB;QAC1C,OAAO,YAAY,CAAC,GAAG,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA;IAC7C,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,GAAW,EAAE,GAAW,EAAE,GAAW;QAC5D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAClD,OAAO,wBAAwB,CAAC;YAC9B,GAAG,EAAE,GAAG;YACR,GAAG;YACH,GAAG;YACH,OAAO;SACR,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,GAAW,EAAE,GAAW,EAAE,GAAW;QACxD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAClD,OAAO,gBAAgB,CAAC;YACtB,GAAG,EAAE,GAAG;YACR,GAAG;YACH,GAAG;YACH,OAAO;SACR,CAAC,CAAA;IACJ,CAAC;CACF;AAED,MAAM,eAAe,GAAG,CAAC,QAAgB,EAAE,QAAgB,EAAE,EAAE;IAC7D,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,CAC1B,GAAG,CAAC,UAAU,CAAC,GAAG,QAAQ,IAAI,QAAQ,EAAE,EAAE,MAAM,CAAC,EACjD,WAAW,CACZ,CAAA;IACD,OAAO,SAAS,OAAO,EAAE,CAAA;AAC3B,CAAC,CAAA;AAED,eAAe,UAAU,CAAA","sourcesContent":["import assert from 'node:assert'\nimport * as plc from '@did-plc/lib'\nimport express from 'express'\nimport { Redis } from 'ioredis'\nimport * as nodemailer from 'nodemailer'\nimport * as ui8 from 'uint8arrays'\nimport * as undici from 'undici'\nimport { KmsKeypair, S3BlobStore } from '@atproto/aws'\nimport * as crypto from '@atproto/crypto'\nimport { IdResolver } from '@atproto/identity'\nimport { Client } from '@atproto/lex'\nimport {\n AccessTokenMode,\n JoseKey,\n LexResolver,\n OAuthProvider,\n OAuthVerifier,\n} from '@atproto/oauth-provider'\nimport { BlobStore } from '@atproto/repo'\nimport {\n createServiceAuthHeaders,\n createServiceJwt,\n} from '@atproto/xrpc-server'\nimport {\n Fetch,\n isUnicastIp,\n safeFetchWrap,\n unicastLookup,\n} from '@atproto-labs/fetch-node'\nimport { AccountManager } from './account-manager/account-manager.js'\nimport { OAuthStore } from './account-manager/oauth-store.js'\nimport { ScopeReferenceGetter } from './account-manager/scope-reference-getter.js'\nimport { ActorStore } from './actor-store/actor-store.js'\nimport { authPassthru, forwardedFor } from './api/proxy.js'\nimport {\n AuthVerifier,\n createPublicKeyObject,\n createSecretKeyObject,\n} from './auth-verifier.js'\nimport { BackgroundQueue } from './background.js'\nimport { BskyAppView } from './bsky-app-view.js'\nimport { ServerConfig, ServerSecrets } from './config/index.js'\nimport { Crawlers } from './crawlers.js'\nimport { DidSqliteCache } from './did-cache/index.js'\nimport { DiskBlobStore } from './disk-blobstore.js'\nimport { ImageUrlBuilder } from './image/image-url-builder.js'\nimport { fetchLogger, lexiconResolverLogger, oauthLogger } from './logger.js'\nimport { ServerMailer } from './mailer/index.js'\nimport { ModerationMailer } from './mailer/moderation.js'\nimport { LocalViewer, LocalViewerCreator } from './read-after-write/viewer.js'\nimport { getRedisClient } from './redis.js'\nimport { Sequencer } from './sequencer/index.js'\n\nexport type AppContextOptions = {\n actorStore: ActorStore\n blobstore: (did: string) => BlobStore\n localViewer: LocalViewerCreator\n mailer: ServerMailer\n moderationMailer: ModerationMailer\n didCache: DidSqliteCache\n idResolver: IdResolver\n plcClient: plc.Client\n accountManager: AccountManager\n sequencer: Sequencer\n backgroundQueue: BackgroundQueue\n redisScratch?: Redis\n crawlers: Crawlers\n bskyAppView?: BskyAppView\n moderationClient?: Client\n reportingClient?: Client\n entrywayClient?: Client\n entrywayAdminClient?: Client\n proxyAgent: undici.Dispatcher\n safeFetch: Fetch\n oauthProvider?: OAuthProvider\n authVerifier: AuthVerifier\n plcRotationKey: crypto.Keypair\n cfg: ServerConfig\n}\n\nexport class AppContext {\n public actorStore: ActorStore\n public blobstore: (did: string) => BlobStore\n public localViewer: LocalViewerCreator\n public mailer: ServerMailer\n public moderationMailer: ModerationMailer\n public didCache: DidSqliteCache\n public idResolver: IdResolver\n public plcClient: plc.Client\n public accountManager: AccountManager\n public sequencer: Sequencer\n public backgroundQueue: BackgroundQueue\n public redisScratch?: Redis\n public crawlers: Crawlers\n public bskyAppView?: BskyAppView\n public moderationClient: Client \| undefined\n public reportingClient: Client \| undefined\n public entrywayClient: Client \| undefined\n public entrywayAdminClient: Client \| undefined\n public proxyAgent: undici.Dispatcher\n public safeFetch: Fetch\n public authVerifier: AuthVerifier\n public oauthProvider?: OAuthProvider\n public plcRotationKey: crypto.Keypair\n public cfg: ServerConfig\n\n constructor(opts: AppContextOptions) {\n this.actorStore = opts.actorStore\n this.blobstore = opts.blobstore\n this.localViewer = opts.localViewer\n this.mailer = opts.mailer\n this.moderationMailer = opts.moderationMailer\n this.didCache = opts.didCache\n this.idResolver = opts.idResolver\n this.plcClient = opts.plcClient\n this.accountManager = opts.accountManager\n this.sequencer = opts.sequencer\n this.backgroundQueue = opts.backgroundQueue\n this.redisScratch = opts.redisScratch\n this.crawlers = opts.crawlers\n this.bskyAppView = opts.bskyAppView\n this.moderationClient = opts.moderationClient\n this.reportingClient = opts.reportingClient\n this.entrywayClient = opts.entrywayClient\n this.entrywayAdminClient = opts.entrywayAdminClient\n this.proxyAgent = opts.proxyAgent\n this.safeFetch = opts.safeFetch\n this.authVerifier = opts.authVerifier\n this.oauthProvider = opts.oauthProvider\n this.plcRotationKey = opts.plcRotationKey\n this.cfg = opts.cfg\n }\n\n static async fromConfig(\n cfg: ServerConfig,\n secrets: ServerSecrets,\n overrides?: Partial<AppContextOptions>,\n ): Promise<AppContext> {\n const blobstore =\n cfg.blobstore.provider === 's3'\n ? S3BlobStore.creator({\n bucket: cfg.blobstore.bucket,\n region: cfg.blobstore.region,\n endpoint: cfg.blobstore.endpoint,\n forcePathStyle: cfg.blobstore.forcePathStyle,\n credentials: cfg.blobstore.credentials,\n uploadTimeoutMs: cfg.blobstore.uploadTimeoutMs,\n })\n : DiskBlobStore.creator(\n cfg.blobstore.location,\n cfg.blobstore.tempLocation,\n )\n\n const mailTransport =\n cfg.email !== null\n ? nodemailer.createTransport(cfg.email.smtpUrl)\n : nodemailer.createTransport({ jsonTransport: true })\n\n const mailer = new ServerMailer(mailTransport, cfg.email, cfg.branding)\n\n const modMailTransport =\n cfg.moderationEmail !== null\n ? nodemailer.createTransport(cfg.moderationEmail.smtpUrl)\n : nodemailer.createTransport({ jsonTransport: true })\n\n const moderationMailer = new ModerationMailer(modMailTransport, cfg)\n\n const didCache = new DidSqliteCache(\n cfg.db.didCacheDbLoc,\n cfg.identity.cacheStaleTTL,\n cfg.identity.cacheMaxTTL,\n cfg.db.disableWalAutoCheckpoint,\n )\n await didCache.migrateOrThrow()\n\n const idResolver = new IdResolver({\n plcUrl: cfg.identity.plcUrl,\n didCache,\n timeout: cfg.identity.resolverTimeout,\n backupNameservers: cfg.identity.handleBackupNameservers,\n })\n const plcClient = new plc.Client(cfg.identity.plcUrl)\n\n const backgroundQueue = new BackgroundQueue()\n const crawlers = new Crawlers(\n backgroundQueue,\n cfg.service.hostname,\n cfg.crawlers,\n )\n const sequencer = new Sequencer(\n cfg.db.sequencerDbLoc,\n crawlers,\n undefined,\n cfg.db.disableWalAutoCheckpoint,\n )\n const redisScratch = cfg.redis\n ? getRedisClient(cfg.redis.address, cfg.redis.password)\n : undefined\n\n const bskyAppView = cfg.bskyAppView\n ? new BskyAppView({\n ...cfg.bskyAppView,\n validateResponse: cfg.service.devMode,\n })\n : undefined\n\n const moderationClient = cfg.modService\n ? new Client(\n { service: cfg.modService.url },\n {\n // Trust internal services to send us well-formed responses\n strictResponseProcessing: false,\n validateResponse: cfg.service.devMode,\n },\n )\n : undefined\n const reportingClient = cfg.reportService\n ? new Client(\n { service: cfg.reportService.url },\n {\n // Trust internal services to send us well-formed responses\n strictResponseProcessing: false,\n validateResponse: cfg.service.devMode,\n },\n )\n : undefined\n const entrywayClient = cfg.entryway\n ? new Client(\n { service: cfg.entryway.url },\n {\n // Trust internal services to send us well-formed responses\n strictResponseProcessing: false,\n validateResponse: cfg.service.devMode,\n },\n )\n : undefined\n const entrywayAdminClient =\n cfg.entryway && secrets.entrywayAdminToken\n ? new Client(\n { service: cfg.entryway.url },\n {\n headers: {\n authorization: basicAuthHeader(\n 'admin',\n secrets.entrywayAdminToken,\n ),\n },\n // Trust internal services to send us well-formed responses\n strictResponseProcessing: false,\n validateResponse: cfg.service.devMode,\n },\n )\n : undefined\n\n const jwtSecretKey = createSecretKeyObject(secrets.jwtSecret)\n const jwtPublicKey = cfg.entryway\n ? createPublicKeyObject(cfg.entryway.jwtPublicKeyHex)\n : null\n\n const imageUrlBuilder = new ImageUrlBuilder(\n cfg.service.hostname,\n bskyAppView,\n )\n\n const actorStore = new ActorStore(cfg.actorStore, {\n blobstore,\n backgroundQueue,\n })\n\n const plcRotationKey =\n secrets.plcRotationKey.provider === 'kms'\n ? await KmsKeypair.load({\n keyId: secrets.plcRotationKey.keyId,\n })\n : await crypto.Secp256k1Keypair.import(\n secrets.plcRotationKey.privateKeyHex,\n )\n\n const accountManager = new AccountManager(\n idResolver,\n jwtSecretKey,\n mailer,\n sequencer,\n plcClient,\n plcRotationKey,\n cfg.service.did,\n cfg.identity.serviceHandleDomains,\n cfg.db,\n )\n await accountManager.migrateOrThrow()\n\n const localViewer = LocalViewer.creator(\n accountManager,\n imageUrlBuilder,\n bskyAppView,\n )\n\n // An agent for performing HTTP requests based on user provided URLs.\n const proxyAgentBase = new undici.Agent({\n allowH2: cfg.proxy.allowHTTP2, // This is experimental\n headersTimeout: cfg.proxy.headersTimeout,\n maxResponseSize: cfg.proxy.maxResponseSize,\n bodyTimeout: cfg.proxy.bodyTimeout,\n factory: cfg.proxy.disableSsrfProtection\n ? undefined\n : (origin, opts) => {\n const { protocol, hostname } =\n origin instanceof URL ? origin : new URL(origin)\n if (protocol !== 'https:') {\n throw new Error(`Forbidden protocol \"${protocol}\"`)\n }\n if (isUnicastIp(hostname) === false) {\n throw new Error('Hostname resolved to non-unicast address')\n }\n return new undici.Pool(origin, opts)\n },\n connect: {\n lookup: cfg.proxy.disableSsrfProtection ? undefined : unicastLookup,\n },\n })\n const proxyAgent =\n cfg.proxy.maxRetries > 0\n ? new undici.RetryAgent(proxyAgentBase, {\n statusCodes: [], // Only retry on socket errors\n methods: ['GET', 'HEAD'],\n maxRetries: cfg.proxy.maxRetries,\n })\n : proxyAgentBase\n\n /*\n A fetch() function that protects against SSRF attacks, large responses &\n * known bad domains. This function can safely be used to fetch user\n * provided URLs (unless \"disableSsrfProtection\" is true, of course).\n \n @note DO NOT wrap `safeFetch` with any logging or other transforms as\n * this might prevent the use of explicit `redirect: \"follow\"` init from\n * working. See {@link safeFetchWrap}.\n */\n const safeFetch = safeFetchWrap({\n allowIpHost: false,\n allowImplicitRedirect: false,\n responseMaxSize: cfg.fetch.maxResponseSize,\n ssrfProtection: !cfg.fetch.disableSsrfProtection,\n\n fetch: function (input, init) {\n const method =\n init?.method ?? (input instanceof Request ? input.method : 'GET')\n const uri = input instanceof Request ? input.url : String(input)\n\n fetchLogger.info({ method, uri }, 'fetch')\n\n return globalThis.fetch.call(this, input, init)\n },\n })\n\n const oauthProvider = cfg.oauth.provider\n ? new OAuthProvider({\n issuer: cfg.oauth.issuer,\n keyset: [await JoseKey.fromKeyLike(jwtSecretKey, undefined, 'HS256')],\n store: new OAuthStore(\n accountManager,\n actorStore,\n imageUrlBuilder,\n backgroundQueue,\n mailer,\n sequencer,\n plcClient,\n plcRotationKey,\n cfg.service.publicUrl,\n cfg.identity.recoveryDidKey,\n ),\n redis: redisScratch,\n dpopSecret: secrets.dpopSecret,\n inviteCodeRequired: cfg.invites.required,\n availableUserDomains: cfg.identity.serviceHandleDomains,\n hcaptcha: cfg.oauth.provider.hcaptcha,\n branding: cfg.oauth.provider.branding,\n safeFetch,\n lexResolver: new LexResolver({\n fetch: safeFetch,\n plcDirectoryUrl: cfg.identity.plcUrl,\n hooks: {\n onResolveAuthority: ({ nsid }) => {\n lexiconResolverLogger.debug(\n { nsid: nsid.toString() },\n 'Resolving lexicon DID authority',\n )\n // Override the lexicon did resolution to point to a custom PDS\n return cfg.lexicon.didAuthority\n },\n onResolveAuthorityResult({ nsid, did }) {\n lexiconResolverLogger.info(\n { nsid: nsid.toString(), did },\n 'Resolved lexicon DID',\n )\n },\n onResolveAuthorityError({ nsid, err }) {\n lexiconResolverLogger.error(\n { nsid: nsid.toString(), err },\n 'Lexicon DID resolution error',\n )\n },\n onFetchResult({ uri, cid }) {\n lexiconResolverLogger.info(\n { uri: uri.toString(), cid: cid.toString() },\n 'Fetched lexicon',\n )\n },\n onFetchError({ err, uri }) {\n lexiconResolverLogger.error(\n { uri: uri.toString(), err },\n 'Lexicon fetch error',\n )\n },\n },\n }),\n metadata: {\n protected_resources: [new URL(cfg.oauth.issuer).origin],\n },\n // If the PDS is both an authorization server & resource server (no\n // entryway), we can afford to check the token validity on every\n // request. This allows revoked tokens to be rejected immediately.\n // This also allows JWT to be shorter since some claims (notably the\n // \"scope\" claim) do not need to be included in the token.\n accessTokenMode: AccessTokenMode.stateful,\n\n getClientInfo(clientId) {\n return {\n isTrusted: cfg.oauth.provider?.trustedClients?.includes(clientId),\n }\n },\n })\n : undefined\n\n const scopeRefGetter = entrywayClient\n ? new ScopeReferenceGetter(entrywayClient, redisScratch)\n : undefined\n\n const oauthVerifier: OAuthVerifier =\n oauthProvider ?? // OAuthProvider extends OAuthVerifier\n new OAuthVerifier({\n issuer: cfg.oauth.issuer,\n keyset: [await JoseKey.fromKeyLike(jwtPublicKey!, undefined, 'ES256K')],\n dpopSecret: secrets.dpopSecret,\n redis: redisScratch,\n onDecodeToken: async ({ payload, dpopProof }) => {\n // @TODO drop this once oauth provider no longer accepts DPoP proof with\n // query or fragment in \"htu\" claim.\n if (dpopProof?.htu.match(/[?#]/)) {\n oauthLogger.info(\n { htu: dpopProof.htu, client_id: payload.client_id },\n 'DPoP proof \"htu\" contains query or fragment',\n )\n }\n\n if (scopeRefGetter) {\n payload.scope = await scopeRefGetter.dereference(payload.scope)\n }\n\n return payload\n },\n })\n\n const authVerifier = new AuthVerifier(\n accountManager,\n idResolver,\n oauthVerifier,\n {\n publicUrl: cfg.service.publicUrl,\n jwtKey: jwtPublicKey ?? jwtSecretKey,\n adminPass: secrets.adminPassword,\n dids: {\n pds: cfg.service.did,\n entryway: cfg.entryway?.did,\n modService: cfg.modService?.did,\n },\n },\n )\n\n return new AppContext({\n actorStore,\n blobstore,\n localViewer,\n mailer,\n moderationMailer,\n didCache,\n idResolver,\n plcClient,\n accountManager,\n sequencer,\n backgroundQueue,\n redisScratch,\n crawlers,\n bskyAppView,\n moderationClient,\n reportingClient,\n entrywayClient,\n entrywayAdminClient,\n proxyAgent,\n safeFetch,\n authVerifier,\n oauthProvider,\n plcRotationKey,\n cfg,\n ...(overrides ?? {}),\n })\n }\n\n async appviewAuthHeaders(did: string, lxm: string) {\n assert(this.bskyAppView)\n return this.serviceAuthHeaders(did, this.bskyAppView.did, lxm)\n }\n\n async entrywayAuthHeaders(req: express.Request, did: string, lxm: string) {\n assert(this.cfg.entryway)\n const headers = await this.serviceAuthHeaders(\n did,\n this.cfg.entryway.did,\n lxm,\n )\n return forwardedFor(req, headers)\n }\n\n entrywayPassthruHeaders(req: express.Request) {\n return forwardedFor(req, authPassthru(req))\n }\n\n async serviceAuthHeaders(did: string, aud: string, lxm: string) {\n const keypair = await this.actorStore.keypair(did)\n return createServiceAuthHeaders({\n iss: did,\n aud,\n lxm,\n keypair,\n })\n }\n\n async serviceAuthJwt(did: string, aud: string, lxm: string) {\n const keypair = await this.actorStore.keypair(did)\n return createServiceJwt({\n iss: did,\n aud,\n lxm,\n keypair,\n })\n }\n}\n\nconst basicAuthHeader = (username: string, password: string) => {\n const encoded = ui8.toString(\n ui8.fromString(`${username}:${password}`, 'utf8'),\n 'base64pad',\n )\n return `Basic ${encoded}`\n}\n\nexport default AppContext\n"]}

package/dist/lexicons/app/bsky/actor/defs.defs.d.ts CHANGED Viewed

@@ -178,6 +178,14 @@ type VerificationView = {
      * The user who issued this verification.
      */
     issuer: l.DidString;
+    /**
+     * The display name of the issuer.
+     */
+    issuerDisplayName?: string;
+    /**
+     * The handle of the issuer.
+     */
+    issuerHandle?: l.HandleString;
     /**
      * The AT-URI of the verification record.
      */