@atproto/pds 0.5.11 → 0.5.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +46 -0
- package/dist/api/app/bsky/notification/index.d.ts.map +1 -1
- package/dist/api/app/bsky/notification/index.js +2 -0
- package/dist/api/app/bsky/notification/index.js.map +1 -1
- package/dist/api/app/bsky/notification/unregisterPush.d.ts +4 -0
- package/dist/api/app/bsky/notification/unregisterPush.d.ts.map +1 -0
- package/dist/api/app/bsky/notification/unregisterPush.js +48 -0
- package/dist/api/app/bsky/notification/unregisterPush.js.map +1 -0
- package/package.json +42 -38
- package/build.templates.cjs +0 -22
- package/example.env +0 -42
- package/jest.config.cjs +0 -27
- package/src/account-manager/account-manager.ts +0 -916
- package/src/account-manager/db/index.ts +0 -21
- package/src/account-manager/db/migrations/001-init.ts +0 -115
- package/src/account-manager/db/migrations/002-account-deactivation.ts +0 -17
- package/src/account-manager/db/migrations/003-privileged-app-passwords.ts +0 -12
- package/src/account-manager/db/migrations/004-oauth.ts +0 -122
- package/src/account-manager/db/migrations/005-oauth-account-management.ts +0 -136
- package/src/account-manager/db/migrations/006-oauth-permission-sets.ts +0 -20
- package/src/account-manager/db/migrations/007-lexicon-failures-index.ts +0 -14
- package/src/account-manager/db/migrations/index.ts +0 -17
- package/src/account-manager/db/schema/account-device.ts +0 -14
- package/src/account-manager/db/schema/account.ts +0 -16
- package/src/account-manager/db/schema/actor.ts +0 -17
- package/src/account-manager/db/schema/app-password.ts +0 -13
- package/src/account-manager/db/schema/authorization-request.ts +0 -30
- package/src/account-manager/db/schema/authorized-client.ts +0 -23
- package/src/account-manager/db/schema/device.ts +0 -18
- package/src/account-manager/db/schema/email-token.ts +0 -19
- package/src/account-manager/db/schema/index.ts +0 -43
- package/src/account-manager/db/schema/invite-code.ts +0 -24
- package/src/account-manager/db/schema/lexicon.ts +0 -15
- package/src/account-manager/db/schema/refresh-token.ts +0 -11
- package/src/account-manager/db/schema/repo-root.ts +0 -12
- package/src/account-manager/db/schema/token.ts +0 -38
- package/src/account-manager/db/schema/used-refresh-token.ts +0 -13
- package/src/account-manager/helpers/account-device.ts +0 -63
- package/src/account-manager/helpers/account.ts +0 -355
- package/src/account-manager/helpers/auth.ts +0 -222
- package/src/account-manager/helpers/authorization-request.ts +0 -90
- package/src/account-manager/helpers/authorized-client.ts +0 -75
- package/src/account-manager/helpers/device.ts +0 -47
- package/src/account-manager/helpers/email-token.ts +0 -87
- package/src/account-manager/helpers/invite.ts +0 -263
- package/src/account-manager/helpers/lexicon.ts +0 -67
- package/src/account-manager/helpers/password.ts +0 -136
- package/src/account-manager/helpers/repo.ts +0 -24
- package/src/account-manager/helpers/scrypt.ts +0 -53
- package/src/account-manager/helpers/token.ts +0 -158
- package/src/account-manager/helpers/used-refresh-token.ts +0 -30
- package/src/account-manager/oauth-store.ts +0 -880
- package/src/account-manager/scope-reference-getter.ts +0 -106
- package/src/actor-store/actor-store-reader.ts +0 -45
- package/src/actor-store/actor-store-resources.ts +0 -8
- package/src/actor-store/actor-store-transactor.ts +0 -31
- package/src/actor-store/actor-store-writer.ts +0 -17
- package/src/actor-store/actor-store.ts +0 -210
- package/src/actor-store/blob/reader.ts +0 -160
- package/src/actor-store/blob/transactor.ts +0 -383
- package/src/actor-store/db/index.ts +0 -20
- package/src/actor-store/db/migrations/001-init.ts +0 -105
- package/src/actor-store/db/migrations/index.ts +0 -5
- package/src/actor-store/db/schema/account-pref.ts +0 -11
- package/src/actor-store/db/schema/backlink.ts +0 -9
- package/src/actor-store/db/schema/blob.ts +0 -14
- package/src/actor-store/db/schema/index.ts +0 -23
- package/src/actor-store/db/schema/record-blob.ts +0 -8
- package/src/actor-store/db/schema/record.ts +0 -14
- package/src/actor-store/db/schema/repo-block.ts +0 -10
- package/src/actor-store/db/schema/repo-root.ts +0 -10
- package/src/actor-store/migrate.ts +0 -39
- package/src/actor-store/preference/reader.ts +0 -48
- package/src/actor-store/preference/transactor.ts +0 -55
- package/src/actor-store/preference/util.ts +0 -39
- package/src/actor-store/record/reader.ts +0 -374
- package/src/actor-store/record/transactor.ts +0 -111
- package/src/actor-store/repo/reader.ts +0 -31
- package/src/actor-store/repo/sql-repo-reader.ts +0 -150
- package/src/actor-store/repo/sql-repo-transactor.ts +0 -105
- package/src/actor-store/repo/transactor.ts +0 -227
- package/src/api/app/bsky/actor/getPreferences.ts +0 -57
- package/src/api/app/bsky/actor/getProfile.ts +0 -41
- package/src/api/app/bsky/actor/getProfiles.ts +0 -51
- package/src/api/app/bsky/actor/index.ts +0 -13
- package/src/api/app/bsky/actor/putPreferences.ts +0 -62
- package/src/api/app/bsky/feed/getActorLikes.ts +0 -63
- package/src/api/app/bsky/feed/getAuthorFeed.ts +0 -84
- package/src/api/app/bsky/feed/getFeed.ts +0 -47
- package/src/api/app/bsky/feed/getPostThread.ts +0 -251
- package/src/api/app/bsky/feed/getTimeline.ts +0 -50
- package/src/api/app/bsky/feed/index.ts +0 -15
- package/src/api/app/bsky/index.ts +0 -11
- package/src/api/app/bsky/notification/index.ts +0 -7
- package/src/api/app/bsky/notification/registerPush.ts +0 -71
- package/src/api/app/bsky/util/resolver.ts +0 -20
- package/src/api/com/atproto/admin/deleteAccount.ts +0 -22
- package/src/api/com/atproto/admin/disableAccountInvites.ts +0 -18
- package/src/api/com/atproto/admin/disableInviteCodes.ts +0 -21
- package/src/api/com/atproto/admin/enableAccountInvites.ts +0 -18
- package/src/api/com/atproto/admin/getAccountInfo.ts +0 -32
- package/src/api/com/atproto/admin/getAccountInfos.ts +0 -34
- package/src/api/com/atproto/admin/getInviteCodes.ts +0 -126
- package/src/api/com/atproto/admin/getSubjectStatus.ts +0 -76
- package/src/api/com/atproto/admin/index.ts +0 -31
- package/src/api/com/atproto/admin/sendEmail.ts +0 -47
- package/src/api/com/atproto/admin/updateAccountEmail.ts +0 -32
- package/src/api/com/atproto/admin/updateAccountHandle.ts +0 -47
- package/src/api/com/atproto/admin/updateAccountPassword.ts +0 -34
- package/src/api/com/atproto/admin/updateSubjectStatus.ts +0 -68
- package/src/api/com/atproto/admin/util.ts +0 -66
- package/src/api/com/atproto/identity/getRecommendedDidCredentials.ts +0 -50
- package/src/api/com/atproto/identity/index.ts +0 -17
- package/src/api/com/atproto/identity/requestPlcOperationSignature.ts +0 -59
- package/src/api/com/atproto/identity/resolveHandle.ts +0 -50
- package/src/api/com/atproto/identity/signPlcOperation.ts +0 -85
- package/src/api/com/atproto/identity/submitPlcOperation.ts +0 -65
- package/src/api/com/atproto/identity/updateHandle.ts +0 -66
- package/src/api/com/atproto/index.ts +0 -19
- package/src/api/com/atproto/moderation/createReport.ts +0 -41
- package/src/api/com/atproto/moderation/index.ts +0 -7
- package/src/api/com/atproto/repo/applyWrites.ts +0 -226
- package/src/api/com/atproto/repo/createRecord.ts +0 -143
- package/src/api/com/atproto/repo/deleteRecord.ts +0 -122
- package/src/api/com/atproto/repo/describeRepo.ts +0 -43
- package/src/api/com/atproto/repo/getRecord.ts +0 -40
- package/src/api/com/atproto/repo/importRepo.ts +0 -101
- package/src/api/com/atproto/repo/index.ts +0 -25
- package/src/api/com/atproto/repo/listMissingBlobs.ts +0 -29
- package/src/api/com/atproto/repo/listRecords.ts +0 -36
- package/src/api/com/atproto/repo/putRecord.ts +0 -211
- package/src/api/com/atproto/repo/uploadBlob.ts +0 -60
- package/src/api/com/atproto/server/activateAccount.ts +0 -37
- package/src/api/com/atproto/server/checkAccountStatus.ts +0 -51
- package/src/api/com/atproto/server/confirmEmail.ts +0 -39
- package/src/api/com/atproto/server/createAccount.ts +0 -327
- package/src/api/com/atproto/server/createAppPassword.ts +0 -53
- package/src/api/com/atproto/server/createInviteCode.ts +0 -38
- package/src/api/com/atproto/server/createInviteCodes.ts +0 -42
- package/src/api/com/atproto/server/createSession.ts +0 -97
- package/src/api/com/atproto/server/deactivateAccount.ts +0 -41
- package/src/api/com/atproto/server/deleteAccount.ts +0 -85
- package/src/api/com/atproto/server/deleteSession.ts +0 -23
- package/src/api/com/atproto/server/describeServer.ts +0 -29
- package/src/api/com/atproto/server/getAccountInviteCodes.ts +0 -142
- package/src/api/com/atproto/server/getServiceAuth.ts +0 -111
- package/src/api/com/atproto/server/getSession.ts +0 -80
- package/src/api/com/atproto/server/index.ts +0 -55
- package/src/api/com/atproto/server/listAppPasswords.ts +0 -45
- package/src/api/com/atproto/server/refreshSession.ts +0 -72
- package/src/api/com/atproto/server/requestAccountDelete.ts +0 -66
- package/src/api/com/atproto/server/requestEmailConfirmation.ts +0 -68
- package/src/api/com/atproto/server/requestEmailUpdate.ts +0 -86
- package/src/api/com/atproto/server/requestPasswordReset.ts +0 -52
- package/src/api/com/atproto/server/reserveSigningKey.ts +0 -15
- package/src/api/com/atproto/server/resetPassword.ts +0 -50
- package/src/api/com/atproto/server/revokeAppPassword.ts +0 -42
- package/src/api/com/atproto/server/updateEmail.ts +0 -52
- package/src/api/com/atproto/server/util.ts +0 -136
- package/src/api/com/atproto/sync/deprecated/getCheckout.ts +0 -27
- package/src/api/com/atproto/sync/deprecated/getHead.ts +0 -33
- package/src/api/com/atproto/sync/getBlob.ts +0 -61
- package/src/api/com/atproto/sync/getBlocks.ts +0 -37
- package/src/api/com/atproto/sync/getLatestCommit.ts +0 -33
- package/src/api/com/atproto/sync/getRecord.ts +0 -49
- package/src/api/com/atproto/sync/getRepo.ts +0 -75
- package/src/api/com/atproto/sync/getRepoStatus.ts +0 -34
- package/src/api/com/atproto/sync/index.ts +0 -27
- package/src/api/com/atproto/sync/listBlobs.ts +0 -33
- package/src/api/com/atproto/sync/listRepos.ts +0 -74
- package/src/api/com/atproto/sync/subscribeRepos.ts +0 -73
- package/src/api/com/atproto/sync/util.ts +0 -37
- package/src/api/com/atproto/temp/checkSignupQueue.ts +0 -34
- package/src/api/com/atproto/temp/index.ts +0 -7
- package/src/api/index.ts +0 -10
- package/src/api/proxy.ts +0 -44
- package/src/app-view.ts +0 -24
- package/src/auth-output.ts +0 -52
- package/src/auth-routes.ts +0 -64
- package/src/auth-scope.ts +0 -40
- package/src/auth-verifier.ts +0 -668
- package/src/background.ts +0 -65
- package/src/basic-routes.ts +0 -52
- package/src/bsky-app-view.ts +0 -33
- package/src/config/config.ts +0 -553
- package/src/config/env.ts +0 -167
- package/src/config/index.ts +0 -3
- package/src/config/secrets.ts +0 -54
- package/src/context.ts +0 -523
- package/src/crawlers.ts +0 -46
- package/src/db/cast.ts +0 -52
- package/src/db/db.ts +0 -140
- package/src/db/index.ts +0 -4
- package/src/db/migrator.ts +0 -40
- package/src/db/pagination.ts +0 -132
- package/src/db/tables/moderation.ts +0 -80
- package/src/db/util.ts +0 -108
- package/src/did-cache/db/index.ts +0 -21
- package/src/did-cache/db/migrations.ts +0 -17
- package/src/did-cache/db/schema.ts +0 -9
- package/src/did-cache/index.ts +0 -131
- package/src/disk-blobstore.ts +0 -172
- package/src/error.ts +0 -19
- package/src/handle/explicit-slurs.ts +0 -22
- package/src/handle/index.ts +0 -49
- package/src/handle/reserved.ts +0 -1059
- package/src/image/image-url-builder.ts +0 -16
- package/src/index.ts +0 -189
- package/src/lexicons.ts +0 -4
- package/src/logger.ts +0 -35
- package/src/mailer/index.ts +0 -111
- package/src/mailer/moderation.ts +0 -33
- package/src/mailer/templates/confirm-email.d.ts +0 -4
- package/src/mailer/templates/confirm-email.hbs +0 -158
- package/src/mailer/templates/delete-account.d.ts +0 -4
- package/src/mailer/templates/delete-account.hbs +0 -156
- package/src/mailer/templates/plc-operation.d.ts +0 -4
- package/src/mailer/templates/plc-operation.hbs +0 -153
- package/src/mailer/templates/reset-password.d.ts +0 -4
- package/src/mailer/templates/reset-password.hbs +0 -154
- package/src/mailer/templates/update-email.d.ts +0 -4
- package/src/mailer/templates/update-email.hbs +0 -153
- package/src/mailer/templates.ts +0 -17
- package/src/pipethrough.ts +0 -716
- package/src/rate-limits.ts +0 -59
- package/src/read-after-write/index.ts +0 -3
- package/src/read-after-write/types.ts +0 -35
- package/src/read-after-write/util.ts +0 -101
- package/src/read-after-write/viewer.ts +0 -290
- package/src/redis.ts +0 -25
- package/src/repo/index.ts +0 -2
- package/src/repo/prepare.ts +0 -266
- package/src/repo/types.ts +0 -65
- package/src/scripts/README.md +0 -40
- package/src/scripts/index.ts +0 -20
- package/src/scripts/publish-identity.ts +0 -60
- package/src/scripts/rebuild-repo.ts +0 -119
- package/src/scripts/rotate-keys.ts +0 -146
- package/src/scripts/sequencer-recovery/index.ts +0 -23
- package/src/scripts/sequencer-recovery/recoverer.ts +0 -297
- package/src/scripts/sequencer-recovery/recovery-db.ts +0 -65
- package/src/scripts/sequencer-recovery/repair-repos.ts +0 -49
- package/src/scripts/sequencer-recovery/user-queues.ts +0 -44
- package/src/scripts/util.ts +0 -7
- package/src/sequencer/db/index.ts +0 -21
- package/src/sequencer/db/migrations/001-init.ts +0 -35
- package/src/sequencer/db/migrations/index.ts +0 -5
- package/src/sequencer/db/schema.ts +0 -19
- package/src/sequencer/events.ts +0 -199
- package/src/sequencer/index.ts +0 -3
- package/src/sequencer/outbox.ts +0 -123
- package/src/sequencer/sequencer.ts +0 -290
- package/src/util/compression.ts +0 -16
- package/src/util/debug.ts +0 -10
- package/src/util/http.ts +0 -31
- package/src/util/types.ts +0 -7
- package/src/well-known.ts +0 -30
- package/test.env +0 -2
- package/tests/__snapshots__/takedown-appeal.test.ts.snap +0 -43
- package/tests/_oauth_client_assets_middleware.ts +0 -23
- package/tests/_puppeteer.ts +0 -147
- package/tests/_types.d.ts +0 -16
- package/tests/_util.ts +0 -191
- package/tests/account-deactivation.test.ts +0 -204
- package/tests/account-deletion.test.ts +0 -300
- package/tests/account-manager.test.ts +0 -462
- package/tests/account-migration.test.ts +0 -221
- package/tests/account-status.test.ts +0 -206
- package/tests/account.test.ts +0 -595
- package/tests/app-passwords.test.ts +0 -262
- package/tests/auth.test.ts +0 -405
- package/tests/blob-deletes.test.ts +0 -204
- package/tests/create-post.test.ts +0 -79
- package/tests/crud.test.ts +0 -1595
- package/tests/db.test.ts +0 -170
- package/tests/email-confirmation.test.ts +0 -227
- package/tests/entryway-mock.ts +0 -323
- package/tests/entryway.test.ts +0 -145
- package/tests/file-uploads.test.ts +0 -301
- package/tests/get-service-auth.test.ts +0 -81
- package/tests/handle-validation.test.ts +0 -56
- package/tests/handles.test.ts +0 -274
- package/tests/invite-codes.test.ts +0 -367
- package/tests/invites-admin.test.ts +0 -252
- package/tests/moderation.test.ts +0 -280
- package/tests/moderator-auth.test.ts +0 -177
- package/tests/oauth.test.ts +0 -334
- package/tests/plc-operations.test.ts +0 -239
- package/tests/preferences.test.ts +0 -352
- package/tests/proxied/__snapshots__/admin.test.ts.snap +0 -516
- package/tests/proxied/__snapshots__/feedgen.test.ts.snap +0 -215
- package/tests/proxied/__snapshots__/views.test.ts.snap +0 -4456
- package/tests/proxied/admin.test.ts +0 -340
- package/tests/proxied/feedgen.test.ts +0 -66
- package/tests/proxied/notif.test.ts +0 -85
- package/tests/proxied/procedures.test.ts +0 -175
- package/tests/proxied/proxy-catchall.test.ts +0 -256
- package/tests/proxied/proxy-header.test.ts +0 -239
- package/tests/proxied/proxy-oauth-aud.test.ts +0 -182
- package/tests/proxied/read-after-write.test.ts +0 -382
- package/tests/proxied/views.test.ts +0 -608
- package/tests/races.test.ts +0 -89
- package/tests/rate-limits.test.ts +0 -70
- package/tests/recovery.test.ts +0 -180
- package/tests/seeds/basic.ts +0 -165
- package/tests/seeds/follows.ts +0 -57
- package/tests/seeds/likes.ts +0 -14
- package/tests/seeds/reposts.ts +0 -18
- package/tests/seeds/thread.ts +0 -40
- package/tests/seeds/users-bulk.ts +0 -246
- package/tests/seeds/users.ts +0 -67
- package/tests/sequencer.test.ts +0 -251
- package/tests/server.test.ts +0 -151
- package/tests/sync/invertible-ops.test.ts +0 -99
- package/tests/sync/list.test.ts +0 -43
- package/tests/sync/subscribe-repos.test.ts +0 -672
- package/tests/sync/sync.test.ts +0 -316
- package/tests/takedown-appeal.test.ts +0 -166
- package/tsconfig.build.json +0 -9
- package/tsconfig.build.tsbuildinfo +0 -1
- package/tsconfig.json +0 -7
- package/tsconfig.tests.json +0 -8
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
import { Server } from '@atproto/xrpc-server'
|
|
2
|
-
import { AppContext } from '../../../../context.js'
|
|
3
|
-
import { com } from '../../../../lexicons/index.js'
|
|
4
|
-
|
|
5
|
-
export default function (server: Server, ctx: AppContext) {
|
|
6
|
-
const { entrywayClient } = ctx
|
|
7
|
-
|
|
8
|
-
if (entrywayClient) {
|
|
9
|
-
server.add(com.atproto.server.deleteSession, async ({ req }) => {
|
|
10
|
-
const { headers } = ctx.entrywayPassthruHeaders(req)
|
|
11
|
-
await entrywayClient.xrpc(com.atproto.server.deleteSession, {
|
|
12
|
-
headers,
|
|
13
|
-
})
|
|
14
|
-
})
|
|
15
|
-
} else {
|
|
16
|
-
server.add(com.atproto.server.deleteSession, {
|
|
17
|
-
auth: ctx.authVerifier.refresh({ allowExpired: true }),
|
|
18
|
-
handler: async ({ auth }) => {
|
|
19
|
-
await ctx.accountManager.revokeRefreshToken(auth.credentials.tokenId)
|
|
20
|
-
},
|
|
21
|
-
})
|
|
22
|
-
}
|
|
23
|
-
}
|
|
@@ -1,29 +0,0 @@
|
|
|
1
|
-
import { UriString } from '@atproto/lex'
|
|
2
|
-
import { DidString } from '@atproto/syntax'
|
|
3
|
-
import { Server } from '@atproto/xrpc-server'
|
|
4
|
-
import { AppContext } from '../../../../context.js'
|
|
5
|
-
import { com } from '../../../../lexicons/index.js'
|
|
6
|
-
|
|
7
|
-
export default function (server: Server, ctx: AppContext) {
|
|
8
|
-
server.add(com.atproto.server.describeServer, () => {
|
|
9
|
-
const did = ctx.cfg.service.did as DidString
|
|
10
|
-
const availableUserDomains = ctx.cfg.identity.serviceHandleDomains
|
|
11
|
-
const inviteCodeRequired = ctx.cfg.invites.required
|
|
12
|
-
const privacyPolicy = ctx.cfg.service.privacyPolicyUrl as UriString
|
|
13
|
-
const termsOfService = ctx.cfg.service.termsOfServiceUrl as UriString
|
|
14
|
-
const contactEmailAddress = ctx.cfg.service.contactEmailAddress
|
|
15
|
-
|
|
16
|
-
return {
|
|
17
|
-
encoding: 'application/json' as const,
|
|
18
|
-
body: {
|
|
19
|
-
did,
|
|
20
|
-
availableUserDomains,
|
|
21
|
-
inviteCodeRequired,
|
|
22
|
-
links: { privacyPolicy, termsOfService },
|
|
23
|
-
contact: {
|
|
24
|
-
email: contactEmailAddress,
|
|
25
|
-
},
|
|
26
|
-
},
|
|
27
|
-
}
|
|
28
|
-
})
|
|
29
|
-
}
|
|
@@ -1,142 +0,0 @@
|
|
|
1
|
-
import {
|
|
2
|
-
ForbiddenError,
|
|
3
|
-
InvalidRequestError,
|
|
4
|
-
Server,
|
|
5
|
-
} from '@atproto/xrpc-server'
|
|
6
|
-
import { CodeDetail } from '../../../../account-manager/helpers/invite.js'
|
|
7
|
-
import { ACCESS_FULL } from '../../../../auth-scope.js'
|
|
8
|
-
import { AppContext } from '../../../../context.js'
|
|
9
|
-
import { com } from '../../../../lexicons/index.js'
|
|
10
|
-
import { genInvCodes } from './util.js'
|
|
11
|
-
|
|
12
|
-
export default function (server: Server, ctx: AppContext) {
|
|
13
|
-
server.add(com.atproto.server.getAccountInviteCodes, {
|
|
14
|
-
auth: ctx.authVerifier.authorization({
|
|
15
|
-
checkTakedown: true,
|
|
16
|
-
scopes: ACCESS_FULL,
|
|
17
|
-
authorize: () => {
|
|
18
|
-
throw new ForbiddenError(
|
|
19
|
-
'OAuth credentials are not supported for this endpoint',
|
|
20
|
-
)
|
|
21
|
-
},
|
|
22
|
-
}),
|
|
23
|
-
handler: async ({ params, auth, req }) => {
|
|
24
|
-
if (ctx.entrywayClient) {
|
|
25
|
-
const { headers } = await ctx.entrywayAuthHeaders(
|
|
26
|
-
req,
|
|
27
|
-
auth.credentials.did,
|
|
28
|
-
com.atproto.server.getAccountInviteCodes.$lxm,
|
|
29
|
-
)
|
|
30
|
-
return ctx.entrywayClient.xrpc(
|
|
31
|
-
com.atproto.server.getAccountInviteCodes,
|
|
32
|
-
{ params, headers },
|
|
33
|
-
)
|
|
34
|
-
}
|
|
35
|
-
|
|
36
|
-
const requester = auth.credentials.did
|
|
37
|
-
const { includeUsed, createAvailable } = params
|
|
38
|
-
|
|
39
|
-
const [account, userCodes] = await Promise.all([
|
|
40
|
-
ctx.accountManager.getAccount(requester),
|
|
41
|
-
ctx.accountManager.getAccountInvitesCodes(requester),
|
|
42
|
-
])
|
|
43
|
-
if (!account) {
|
|
44
|
-
throw new InvalidRequestError('Account not found', 'NotFound')
|
|
45
|
-
}
|
|
46
|
-
|
|
47
|
-
let created: CodeDetail[] = []
|
|
48
|
-
|
|
49
|
-
if (
|
|
50
|
-
createAvailable &&
|
|
51
|
-
ctx.cfg.invites.required &&
|
|
52
|
-
ctx.cfg.invites.interval !== null
|
|
53
|
-
) {
|
|
54
|
-
const { toCreate, total } = calculateCodesToCreate({
|
|
55
|
-
did: requester,
|
|
56
|
-
userCreatedAt: new Date(account.createdAt).getTime(),
|
|
57
|
-
codes: userCodes,
|
|
58
|
-
epoch: ctx.cfg.invites.epoch,
|
|
59
|
-
interval: ctx.cfg.invites.interval,
|
|
60
|
-
})
|
|
61
|
-
if (toCreate > 0) {
|
|
62
|
-
const codes = genInvCodes(ctx.cfg, toCreate)
|
|
63
|
-
created = await ctx.accountManager.createAccountInviteCodes(
|
|
64
|
-
requester,
|
|
65
|
-
codes,
|
|
66
|
-
total,
|
|
67
|
-
account.invitesDisabled ?? 0,
|
|
68
|
-
)
|
|
69
|
-
}
|
|
70
|
-
}
|
|
71
|
-
|
|
72
|
-
const allCodes = [...userCodes, ...created]
|
|
73
|
-
|
|
74
|
-
const filtered = allCodes.filter((code) => {
|
|
75
|
-
if (code.disabled) return false
|
|
76
|
-
if (!includeUsed && code.uses.length >= code.available) return false
|
|
77
|
-
return true
|
|
78
|
-
})
|
|
79
|
-
|
|
80
|
-
return {
|
|
81
|
-
encoding: 'application/json' as const,
|
|
82
|
-
body: { codes: filtered },
|
|
83
|
-
}
|
|
84
|
-
},
|
|
85
|
-
})
|
|
86
|
-
}
|
|
87
|
-
|
|
88
|
-
/**
|
|
89
|
-
* WARNING: TRICKY SUBTLE MATH - DONT MESS WITH THIS FUNCTION UNLESS YOUR'RE VERY CONFIDENT
|
|
90
|
-
* if the user wishes to create available codes & the server allows that,
|
|
91
|
-
* we determine the number to create by dividing their account lifetime by the interval at which they can create codes
|
|
92
|
-
* if an invite epoch is provided, we only calculate available invites since that epoch
|
|
93
|
-
* we allow a max of 5 open codes at a given time
|
|
94
|
-
* note: even if a user is disabled from future invites, we still create the invites for bookkeeping, we just immediately disable them as well
|
|
95
|
-
*/
|
|
96
|
-
const calculateCodesToCreate = (opts: {
|
|
97
|
-
did: string
|
|
98
|
-
userCreatedAt: number
|
|
99
|
-
codes: CodeDetail[]
|
|
100
|
-
epoch: number
|
|
101
|
-
interval: number
|
|
102
|
-
}): { toCreate: number; total: number } => {
|
|
103
|
-
// for the sake of generating routine interval codes, we do not count explicitly gifted admin codes
|
|
104
|
-
const routineCodes = opts.codes.filter((code) => code.createdBy !== 'admin')
|
|
105
|
-
const unusedRoutineCodes = routineCodes.filter(
|
|
106
|
-
(row) => !row.disabled && row.available > row.uses.length,
|
|
107
|
-
)
|
|
108
|
-
|
|
109
|
-
const userLifespan = Date.now() - opts.userCreatedAt
|
|
110
|
-
|
|
111
|
-
// how many codes a user could create within the current epoch if they have 0
|
|
112
|
-
let couldCreate: number
|
|
113
|
-
|
|
114
|
-
if (opts.userCreatedAt >= opts.epoch) {
|
|
115
|
-
// if the user was created after the epoch, then they can create a code for each interval since the epoch
|
|
116
|
-
couldCreate = Math.floor(userLifespan / opts.interval)
|
|
117
|
-
} else {
|
|
118
|
-
// if the user was created before the epoch, we:
|
|
119
|
-
// - calculate the total intervals since account creation
|
|
120
|
-
// - calculate the total intervals before the epoch
|
|
121
|
-
// - subtract the two
|
|
122
|
-
const couldCreateTotal = Math.floor(userLifespan / opts.interval)
|
|
123
|
-
const userPreEpochLifespan = opts.epoch - opts.userCreatedAt
|
|
124
|
-
const couldCreateBeforeEpoch = Math.floor(
|
|
125
|
-
userPreEpochLifespan / opts.interval,
|
|
126
|
-
)
|
|
127
|
-
couldCreate = couldCreateTotal - couldCreateBeforeEpoch
|
|
128
|
-
}
|
|
129
|
-
// we count the codes that the user has created within the current epoch
|
|
130
|
-
const epochCodes = routineCodes.filter(
|
|
131
|
-
(code) => new Date(code.createdAt).getTime() > opts.epoch,
|
|
132
|
-
)
|
|
133
|
-
// finally we the number of codes they currently have from the number that they could create, and take a max of 5
|
|
134
|
-
const toCreate = Math.min(
|
|
135
|
-
5 - unusedRoutineCodes.length,
|
|
136
|
-
couldCreate - epochCodes.length,
|
|
137
|
-
)
|
|
138
|
-
return {
|
|
139
|
-
toCreate,
|
|
140
|
-
total: routineCodes.length + toCreate,
|
|
141
|
-
}
|
|
142
|
-
}
|
|
@@ -1,111 +0,0 @@
|
|
|
1
|
-
import { HOUR, MINUTE } from '@atproto/common'
|
|
2
|
-
import { isAtprotoDid, isAtprotoDidRefAbsolute } from '@atproto/did'
|
|
3
|
-
import { l } from '@atproto/lex'
|
|
4
|
-
import {
|
|
5
|
-
InvalidRequestError,
|
|
6
|
-
Server,
|
|
7
|
-
createServiceJwt,
|
|
8
|
-
} from '@atproto/xrpc-server'
|
|
9
|
-
import {
|
|
10
|
-
AuthScope,
|
|
11
|
-
isAccessPrivileged,
|
|
12
|
-
isTakendown,
|
|
13
|
-
} from '../../../../auth-scope.js'
|
|
14
|
-
import { AppContext } from '../../../../context.js'
|
|
15
|
-
import { com } from '../../../../lexicons/index.js'
|
|
16
|
-
import {
|
|
17
|
-
PRIVILEGED_METHODS,
|
|
18
|
-
PROTECTED_METHODS,
|
|
19
|
-
} from '../../../../pipethrough.js'
|
|
20
|
-
|
|
21
|
-
export default function (server: Server, ctx: AppContext) {
|
|
22
|
-
server.add(com.atproto.server.getServiceAuth, {
|
|
23
|
-
auth: ctx.authVerifier.authorization<
|
|
24
|
-
l.InferMethodParams<typeof com.atproto.server.getServiceAuth.main>
|
|
25
|
-
>({
|
|
26
|
-
additional: [AuthScope.Takendown],
|
|
27
|
-
authorize: (permissions, { params }) => {
|
|
28
|
-
const { aud, lxm = '*' } = params
|
|
29
|
-
permissions.assertRpc({ aud, lxm })
|
|
30
|
-
},
|
|
31
|
-
}),
|
|
32
|
-
handler: async ({ params, auth }) => {
|
|
33
|
-
const did = auth.credentials.did
|
|
34
|
-
|
|
35
|
-
// @NOTE "exp" is expressed in seconds since epoch, not milliseconds
|
|
36
|
-
const { aud, exp, lxm = null } = params
|
|
37
|
-
|
|
38
|
-
if (!isAtprotoDid(aud) && !isAtprotoDidRefAbsolute(aud)) {
|
|
39
|
-
throw new InvalidRequestError(
|
|
40
|
-
'aud must be a valid atproto DID or did#serviceId reference',
|
|
41
|
-
)
|
|
42
|
-
}
|
|
43
|
-
|
|
44
|
-
// Takendown accounts should not be able to generate service auth tokens except for methods necessary for account migration
|
|
45
|
-
if (auth.credentials.type === 'access') {
|
|
46
|
-
// @NOTE We should probably use "ForbiddenError" here. Using
|
|
47
|
-
// "InvalidRequestError" for legacy reasons.
|
|
48
|
-
if (
|
|
49
|
-
isTakendown(auth.credentials.scope) &&
|
|
50
|
-
lxm !== com.atproto.server.createAccount.$lxm
|
|
51
|
-
) {
|
|
52
|
-
throw new InvalidRequestError('Bad token scope', 'InvalidToken')
|
|
53
|
-
}
|
|
54
|
-
|
|
55
|
-
// @NOTE "oauth" based credentials already checked through permission
|
|
56
|
-
// set in "authorize" method above.
|
|
57
|
-
if (
|
|
58
|
-
lxm != null &&
|
|
59
|
-
PRIVILEGED_METHODS.has(lxm) &&
|
|
60
|
-
!isAccessPrivileged(auth.credentials.scope)
|
|
61
|
-
) {
|
|
62
|
-
throw new InvalidRequestError(
|
|
63
|
-
`insufficient access to request a service auth token for the following method: ${lxm}`,
|
|
64
|
-
)
|
|
65
|
-
}
|
|
66
|
-
}
|
|
67
|
-
|
|
68
|
-
if (exp) {
|
|
69
|
-
const diff = exp * 1000 - Date.now()
|
|
70
|
-
if (diff < 0) {
|
|
71
|
-
throw new InvalidRequestError(
|
|
72
|
-
'expiration is in past',
|
|
73
|
-
'BadExpiration',
|
|
74
|
-
)
|
|
75
|
-
} else if (diff > HOUR) {
|
|
76
|
-
throw new InvalidRequestError(
|
|
77
|
-
'cannot request a token with an expiration more than an hour in the future',
|
|
78
|
-
'BadExpiration',
|
|
79
|
-
)
|
|
80
|
-
} else if (!lxm && diff > MINUTE) {
|
|
81
|
-
throw new InvalidRequestError(
|
|
82
|
-
'cannot request a method-less token with an expiration more than a minute in the future',
|
|
83
|
-
'BadExpiration',
|
|
84
|
-
)
|
|
85
|
-
}
|
|
86
|
-
}
|
|
87
|
-
|
|
88
|
-
if (lxm && PROTECTED_METHODS.has(lxm)) {
|
|
89
|
-
throw new InvalidRequestError(
|
|
90
|
-
`cannot request a service auth token for the following protected method: ${lxm}`,
|
|
91
|
-
)
|
|
92
|
-
}
|
|
93
|
-
|
|
94
|
-
const keypair = await ctx.actorStore.keypair(did)
|
|
95
|
-
|
|
96
|
-
const token = await createServiceJwt({
|
|
97
|
-
iss: did,
|
|
98
|
-
aud,
|
|
99
|
-
exp,
|
|
100
|
-
lxm,
|
|
101
|
-
keypair,
|
|
102
|
-
})
|
|
103
|
-
return {
|
|
104
|
-
encoding: 'application/json' as const,
|
|
105
|
-
body: {
|
|
106
|
-
token,
|
|
107
|
-
},
|
|
108
|
-
}
|
|
109
|
-
},
|
|
110
|
-
})
|
|
111
|
-
}
|
|
@@ -1,80 +0,0 @@
|
|
|
1
|
-
import { DidString, HandleString, INVALID_HANDLE } from '@atproto/syntax'
|
|
2
|
-
import { InvalidRequestError, Server } from '@atproto/xrpc-server'
|
|
3
|
-
import { formatAccountStatus } from '../../../../account-manager/account-manager.js'
|
|
4
|
-
import { AccessOutput, OAuthOutput } from '../../../../auth-output.js'
|
|
5
|
-
import { AuthScope } from '../../../../auth-scope.js'
|
|
6
|
-
import { AppContext } from '../../../../context.js'
|
|
7
|
-
import { com } from '../../../../lexicons/index.js'
|
|
8
|
-
import { didDocForSession } from './util.js'
|
|
9
|
-
|
|
10
|
-
export default function (server: Server, ctx: AppContext) {
|
|
11
|
-
server.add(com.atproto.server.getSession, {
|
|
12
|
-
auth: ctx.authVerifier.authorization({
|
|
13
|
-
additional: [AuthScope.SignupQueued],
|
|
14
|
-
authorize: () => {
|
|
15
|
-
// Always allowed. "email" access is checked in the handler.
|
|
16
|
-
},
|
|
17
|
-
}),
|
|
18
|
-
handler: async ({ auth, req }) => {
|
|
19
|
-
if (ctx.entrywayClient) {
|
|
20
|
-
const { headers } = await ctx.entrywayAuthHeaders(
|
|
21
|
-
req,
|
|
22
|
-
auth.credentials.did,
|
|
23
|
-
'com.atproto.server.getSession',
|
|
24
|
-
)
|
|
25
|
-
|
|
26
|
-
const { body } = await ctx.entrywayClient.xrpc(
|
|
27
|
-
com.atproto.server.getSession,
|
|
28
|
-
{ headers },
|
|
29
|
-
)
|
|
30
|
-
|
|
31
|
-
return {
|
|
32
|
-
encoding: 'application/json' as const,
|
|
33
|
-
body: output(auth, body),
|
|
34
|
-
}
|
|
35
|
-
}
|
|
36
|
-
|
|
37
|
-
const did = auth.credentials.did
|
|
38
|
-
const [user, didDoc] = await Promise.all([
|
|
39
|
-
ctx.accountManager.getAccount(did, { includeDeactivated: true }),
|
|
40
|
-
didDocForSession(ctx, did),
|
|
41
|
-
])
|
|
42
|
-
if (!user) {
|
|
43
|
-
throw new InvalidRequestError(
|
|
44
|
-
`Could not find user info for account: ${did}`,
|
|
45
|
-
)
|
|
46
|
-
}
|
|
47
|
-
|
|
48
|
-
const { status, active } = formatAccountStatus(user)
|
|
49
|
-
|
|
50
|
-
return {
|
|
51
|
-
encoding: 'application/json' as const,
|
|
52
|
-
body: output(auth, {
|
|
53
|
-
did: user.did as DidString,
|
|
54
|
-
// @ts-expect-error https://github.com/bluesky-social/atproto/pull/4406
|
|
55
|
-
didDoc,
|
|
56
|
-
handle: (user.handle ?? INVALID_HANDLE) as HandleString,
|
|
57
|
-
email: user.email ?? undefined,
|
|
58
|
-
emailConfirmed: !!user.emailConfirmedAt,
|
|
59
|
-
active,
|
|
60
|
-
status,
|
|
61
|
-
}),
|
|
62
|
-
}
|
|
63
|
-
},
|
|
64
|
-
})
|
|
65
|
-
}
|
|
66
|
-
|
|
67
|
-
function output(
|
|
68
|
-
{ credentials }: OAuthOutput | AccessOutput,
|
|
69
|
-
data: com.atproto.server.getSession.$OutputBody,
|
|
70
|
-
): com.atproto.server.getSession.$OutputBody {
|
|
71
|
-
if (
|
|
72
|
-
credentials.type === 'oauth' &&
|
|
73
|
-
!credentials.permissions.allowsAccount({ attr: 'email', action: 'read' })
|
|
74
|
-
) {
|
|
75
|
-
const { email, emailAuthFactor, emailConfirmed, ...rest } = data
|
|
76
|
-
return rest
|
|
77
|
-
}
|
|
78
|
-
|
|
79
|
-
return data
|
|
80
|
-
}
|
|
@@ -1,55 +0,0 @@
|
|
|
1
|
-
import { Server } from '@atproto/xrpc-server'
|
|
2
|
-
import { AppContext } from '../../../../context.js'
|
|
3
|
-
import activateAccount from './activateAccount.js'
|
|
4
|
-
import checkAccountStatus from './checkAccountStatus.js'
|
|
5
|
-
import confirmEmail from './confirmEmail.js'
|
|
6
|
-
import createAccount from './createAccount.js'
|
|
7
|
-
import createAppPassword from './createAppPassword.js'
|
|
8
|
-
import createInviteCode from './createInviteCode.js'
|
|
9
|
-
import createInviteCodes from './createInviteCodes.js'
|
|
10
|
-
import createSession from './createSession.js'
|
|
11
|
-
import deactivateAccount from './deactivateAccount.js'
|
|
12
|
-
import deleteAccount from './deleteAccount.js'
|
|
13
|
-
import deleteSession from './deleteSession.js'
|
|
14
|
-
import describeServer from './describeServer.js'
|
|
15
|
-
import getAccountInviteCodes from './getAccountInviteCodes.js'
|
|
16
|
-
import getServiceAuth from './getServiceAuth.js'
|
|
17
|
-
import getSession from './getSession.js'
|
|
18
|
-
import listAppPasswords from './listAppPasswords.js'
|
|
19
|
-
import refreshSession from './refreshSession.js'
|
|
20
|
-
import requestDelete from './requestAccountDelete.js'
|
|
21
|
-
import requestEmailConfirmation from './requestEmailConfirmation.js'
|
|
22
|
-
import requestEmailUpdate from './requestEmailUpdate.js'
|
|
23
|
-
import requestPasswordReset from './requestPasswordReset.js'
|
|
24
|
-
import reserveSigningKey from './reserveSigningKey.js'
|
|
25
|
-
import resetPassword from './resetPassword.js'
|
|
26
|
-
import revokeAppPassword from './revokeAppPassword.js'
|
|
27
|
-
import updateEmail from './updateEmail.js'
|
|
28
|
-
|
|
29
|
-
export default function (server: Server, ctx: AppContext) {
|
|
30
|
-
describeServer(server, ctx)
|
|
31
|
-
createAccount(server, ctx)
|
|
32
|
-
createInviteCode(server, ctx)
|
|
33
|
-
createInviteCodes(server, ctx)
|
|
34
|
-
getAccountInviteCodes(server, ctx)
|
|
35
|
-
reserveSigningKey(server, ctx)
|
|
36
|
-
requestDelete(server, ctx)
|
|
37
|
-
deleteAccount(server, ctx)
|
|
38
|
-
requestPasswordReset(server, ctx)
|
|
39
|
-
resetPassword(server, ctx)
|
|
40
|
-
requestEmailConfirmation(server, ctx)
|
|
41
|
-
confirmEmail(server, ctx)
|
|
42
|
-
requestEmailUpdate(server, ctx)
|
|
43
|
-
updateEmail(server, ctx)
|
|
44
|
-
createSession(server, ctx)
|
|
45
|
-
deleteSession(server, ctx)
|
|
46
|
-
getSession(server, ctx)
|
|
47
|
-
refreshSession(server, ctx)
|
|
48
|
-
createAppPassword(server, ctx)
|
|
49
|
-
listAppPasswords(server, ctx)
|
|
50
|
-
revokeAppPassword(server, ctx)
|
|
51
|
-
getServiceAuth(server, ctx)
|
|
52
|
-
checkAccountStatus(server, ctx)
|
|
53
|
-
activateAccount(server, ctx)
|
|
54
|
-
deactivateAccount(server, ctx)
|
|
55
|
-
}
|
|
@@ -1,45 +0,0 @@
|
|
|
1
|
-
import { ForbiddenError, Server } from '@atproto/xrpc-server'
|
|
2
|
-
import { AppContext } from '../../../../context.js'
|
|
3
|
-
import { com } from '../../../../lexicons/index.js'
|
|
4
|
-
|
|
5
|
-
export default function (server: Server, ctx: AppContext) {
|
|
6
|
-
const { entrywayClient } = ctx
|
|
7
|
-
|
|
8
|
-
const auth = ctx.authVerifier.authorization({
|
|
9
|
-
authorize: () => {
|
|
10
|
-
throw new ForbiddenError(
|
|
11
|
-
'OAuth credentials are not supported for this endpoint',
|
|
12
|
-
)
|
|
13
|
-
},
|
|
14
|
-
})
|
|
15
|
-
|
|
16
|
-
if (entrywayClient) {
|
|
17
|
-
server.add(com.atproto.server.listAppPasswords, {
|
|
18
|
-
auth,
|
|
19
|
-
handler: async ({ auth, req }) => {
|
|
20
|
-
const { headers } = await ctx.entrywayAuthHeaders(
|
|
21
|
-
req,
|
|
22
|
-
auth.credentials.did,
|
|
23
|
-
com.atproto.server.listAppPasswords.$lxm,
|
|
24
|
-
)
|
|
25
|
-
|
|
26
|
-
return entrywayClient.xrpc(com.atproto.server.listAppPasswords, {
|
|
27
|
-
headers,
|
|
28
|
-
})
|
|
29
|
-
},
|
|
30
|
-
})
|
|
31
|
-
} else {
|
|
32
|
-
server.add(com.atproto.server.listAppPasswords, {
|
|
33
|
-
auth,
|
|
34
|
-
handler: async ({ auth }) => {
|
|
35
|
-
const passwords = await ctx.accountManager.listAppPasswords(
|
|
36
|
-
auth.credentials.did,
|
|
37
|
-
)
|
|
38
|
-
return {
|
|
39
|
-
encoding: 'application/json',
|
|
40
|
-
body: { passwords },
|
|
41
|
-
}
|
|
42
|
-
},
|
|
43
|
-
})
|
|
44
|
-
}
|
|
45
|
-
}
|
|
@@ -1,72 +0,0 @@
|
|
|
1
|
-
import { DidString, HandleString, INVALID_HANDLE } from '@atproto/syntax'
|
|
2
|
-
import {
|
|
3
|
-
AuthRequiredError,
|
|
4
|
-
InvalidRequestError,
|
|
5
|
-
Server,
|
|
6
|
-
} from '@atproto/xrpc-server'
|
|
7
|
-
import { formatAccountStatus } from '../../../../account-manager/account-manager.js'
|
|
8
|
-
import { AppContext } from '../../../../context.js'
|
|
9
|
-
import { softDeleted } from '../../../../db/util.js'
|
|
10
|
-
import { com } from '../../../../lexicons/index.js'
|
|
11
|
-
import { didDocForSession } from './util.js'
|
|
12
|
-
|
|
13
|
-
export default function (server: Server, ctx: AppContext) {
|
|
14
|
-
server.add(com.atproto.server.refreshSession, {
|
|
15
|
-
auth: ctx.authVerifier.refresh(),
|
|
16
|
-
handler: async ({
|
|
17
|
-
auth,
|
|
18
|
-
req,
|
|
19
|
-
}): Promise<com.atproto.server.refreshSession.$Output> => {
|
|
20
|
-
const did = auth.credentials.did
|
|
21
|
-
const user = await ctx.accountManager.getAccount(did, {
|
|
22
|
-
includeDeactivated: true,
|
|
23
|
-
includeTakenDown: true,
|
|
24
|
-
})
|
|
25
|
-
if (!user) {
|
|
26
|
-
throw new InvalidRequestError(
|
|
27
|
-
`Could not find user info for account: ${did}`,
|
|
28
|
-
)
|
|
29
|
-
}
|
|
30
|
-
if (softDeleted(user)) {
|
|
31
|
-
throw new AuthRequiredError(
|
|
32
|
-
'Account has been taken down',
|
|
33
|
-
'AccountTakedown',
|
|
34
|
-
)
|
|
35
|
-
}
|
|
36
|
-
|
|
37
|
-
if (ctx.entrywayClient) {
|
|
38
|
-
const { headers } = ctx.entrywayPassthruHeaders(req)
|
|
39
|
-
return ctx.entrywayClient.xrpc(com.atproto.server.refreshSession, {
|
|
40
|
-
headers,
|
|
41
|
-
})
|
|
42
|
-
}
|
|
43
|
-
|
|
44
|
-
const [didDoc, rotated] = await Promise.all([
|
|
45
|
-
didDocForSession(ctx, user.did),
|
|
46
|
-
ctx.accountManager.rotateRefreshToken(auth.credentials.tokenId),
|
|
47
|
-
])
|
|
48
|
-
if (rotated === null) {
|
|
49
|
-
throw new InvalidRequestError('Token has been revoked', 'ExpiredToken')
|
|
50
|
-
}
|
|
51
|
-
|
|
52
|
-
const { status, active } = formatAccountStatus(user)
|
|
53
|
-
|
|
54
|
-
return {
|
|
55
|
-
encoding: 'application/json' as const,
|
|
56
|
-
body: {
|
|
57
|
-
accessJwt: rotated.accessJwt,
|
|
58
|
-
refreshJwt: rotated.refreshJwt,
|
|
59
|
-
|
|
60
|
-
did: user.did as DidString,
|
|
61
|
-
// @ts-expect-error https://github.com/bluesky-social/atproto/pull/4406
|
|
62
|
-
didDoc,
|
|
63
|
-
handle: (user.handle ?? INVALID_HANDLE) as HandleString,
|
|
64
|
-
email: user.email ?? undefined,
|
|
65
|
-
emailConfirmed: !!user.emailConfirmedAt,
|
|
66
|
-
active,
|
|
67
|
-
status,
|
|
68
|
-
},
|
|
69
|
-
}
|
|
70
|
-
},
|
|
71
|
-
})
|
|
72
|
-
}
|
|
@@ -1,66 +0,0 @@
|
|
|
1
|
-
import { DAY, HOUR } from '@atproto/common'
|
|
2
|
-
import {
|
|
3
|
-
ForbiddenError,
|
|
4
|
-
InvalidRequestError,
|
|
5
|
-
Server,
|
|
6
|
-
} from '@atproto/xrpc-server'
|
|
7
|
-
import { ACCESS_FULL } from '../../../../auth-scope.js'
|
|
8
|
-
import { AppContext } from '../../../../context.js'
|
|
9
|
-
import { com } from '../../../../lexicons/index.js'
|
|
10
|
-
|
|
11
|
-
export default function (server: Server, ctx: AppContext) {
|
|
12
|
-
server.add(com.atproto.server.requestAccountDelete, {
|
|
13
|
-
rateLimit: [
|
|
14
|
-
{
|
|
15
|
-
durationMs: DAY,
|
|
16
|
-
points: 15,
|
|
17
|
-
calcKey: ({ auth }) => auth.credentials.did,
|
|
18
|
-
},
|
|
19
|
-
{
|
|
20
|
-
durationMs: HOUR,
|
|
21
|
-
points: 5,
|
|
22
|
-
calcKey: ({ auth }) => auth.credentials.did,
|
|
23
|
-
},
|
|
24
|
-
],
|
|
25
|
-
auth: ctx.authVerifier.authorization({
|
|
26
|
-
checkTakedown: true,
|
|
27
|
-
scopes: ACCESS_FULL,
|
|
28
|
-
authorize: () => {
|
|
29
|
-
throw new ForbiddenError(
|
|
30
|
-
'OAuth credentials are not supported for this endpoint',
|
|
31
|
-
)
|
|
32
|
-
},
|
|
33
|
-
}),
|
|
34
|
-
handler: async ({ auth, req }) => {
|
|
35
|
-
const did = auth.credentials.did
|
|
36
|
-
const account = await ctx.accountManager.getAccount(did, {
|
|
37
|
-
includeDeactivated: true,
|
|
38
|
-
includeTakenDown: true,
|
|
39
|
-
})
|
|
40
|
-
if (!account) {
|
|
41
|
-
throw new InvalidRequestError('account not found')
|
|
42
|
-
}
|
|
43
|
-
|
|
44
|
-
if (ctx.entrywayClient) {
|
|
45
|
-
const { headers } = await ctx.entrywayAuthHeaders(
|
|
46
|
-
req,
|
|
47
|
-
auth.credentials.did,
|
|
48
|
-
com.atproto.server.requestAccountDelete.$lxm,
|
|
49
|
-
)
|
|
50
|
-
await ctx.entrywayClient.xrpc(com.atproto.server.requestAccountDelete, {
|
|
51
|
-
headers,
|
|
52
|
-
})
|
|
53
|
-
return
|
|
54
|
-
}
|
|
55
|
-
|
|
56
|
-
if (!account.email) {
|
|
57
|
-
throw new InvalidRequestError('account does not have an email address')
|
|
58
|
-
}
|
|
59
|
-
const token = await ctx.accountManager.createEmailToken(
|
|
60
|
-
did,
|
|
61
|
-
'delete_account',
|
|
62
|
-
)
|
|
63
|
-
await ctx.mailer.sendAccountDelete({ token }, { to: account.email })
|
|
64
|
-
},
|
|
65
|
-
})
|
|
66
|
-
}
|