@atproto/pds 0.5.11 → 0.5.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +46 -0
- package/dist/api/app/bsky/notification/index.d.ts.map +1 -1
- package/dist/api/app/bsky/notification/index.js +2 -0
- package/dist/api/app/bsky/notification/index.js.map +1 -1
- package/dist/api/app/bsky/notification/unregisterPush.d.ts +4 -0
- package/dist/api/app/bsky/notification/unregisterPush.d.ts.map +1 -0
- package/dist/api/app/bsky/notification/unregisterPush.js +48 -0
- package/dist/api/app/bsky/notification/unregisterPush.js.map +1 -0
- package/package.json +42 -38
- package/build.templates.cjs +0 -22
- package/example.env +0 -42
- package/jest.config.cjs +0 -27
- package/src/account-manager/account-manager.ts +0 -916
- package/src/account-manager/db/index.ts +0 -21
- package/src/account-manager/db/migrations/001-init.ts +0 -115
- package/src/account-manager/db/migrations/002-account-deactivation.ts +0 -17
- package/src/account-manager/db/migrations/003-privileged-app-passwords.ts +0 -12
- package/src/account-manager/db/migrations/004-oauth.ts +0 -122
- package/src/account-manager/db/migrations/005-oauth-account-management.ts +0 -136
- package/src/account-manager/db/migrations/006-oauth-permission-sets.ts +0 -20
- package/src/account-manager/db/migrations/007-lexicon-failures-index.ts +0 -14
- package/src/account-manager/db/migrations/index.ts +0 -17
- package/src/account-manager/db/schema/account-device.ts +0 -14
- package/src/account-manager/db/schema/account.ts +0 -16
- package/src/account-manager/db/schema/actor.ts +0 -17
- package/src/account-manager/db/schema/app-password.ts +0 -13
- package/src/account-manager/db/schema/authorization-request.ts +0 -30
- package/src/account-manager/db/schema/authorized-client.ts +0 -23
- package/src/account-manager/db/schema/device.ts +0 -18
- package/src/account-manager/db/schema/email-token.ts +0 -19
- package/src/account-manager/db/schema/index.ts +0 -43
- package/src/account-manager/db/schema/invite-code.ts +0 -24
- package/src/account-manager/db/schema/lexicon.ts +0 -15
- package/src/account-manager/db/schema/refresh-token.ts +0 -11
- package/src/account-manager/db/schema/repo-root.ts +0 -12
- package/src/account-manager/db/schema/token.ts +0 -38
- package/src/account-manager/db/schema/used-refresh-token.ts +0 -13
- package/src/account-manager/helpers/account-device.ts +0 -63
- package/src/account-manager/helpers/account.ts +0 -355
- package/src/account-manager/helpers/auth.ts +0 -222
- package/src/account-manager/helpers/authorization-request.ts +0 -90
- package/src/account-manager/helpers/authorized-client.ts +0 -75
- package/src/account-manager/helpers/device.ts +0 -47
- package/src/account-manager/helpers/email-token.ts +0 -87
- package/src/account-manager/helpers/invite.ts +0 -263
- package/src/account-manager/helpers/lexicon.ts +0 -67
- package/src/account-manager/helpers/password.ts +0 -136
- package/src/account-manager/helpers/repo.ts +0 -24
- package/src/account-manager/helpers/scrypt.ts +0 -53
- package/src/account-manager/helpers/token.ts +0 -158
- package/src/account-manager/helpers/used-refresh-token.ts +0 -30
- package/src/account-manager/oauth-store.ts +0 -880
- package/src/account-manager/scope-reference-getter.ts +0 -106
- package/src/actor-store/actor-store-reader.ts +0 -45
- package/src/actor-store/actor-store-resources.ts +0 -8
- package/src/actor-store/actor-store-transactor.ts +0 -31
- package/src/actor-store/actor-store-writer.ts +0 -17
- package/src/actor-store/actor-store.ts +0 -210
- package/src/actor-store/blob/reader.ts +0 -160
- package/src/actor-store/blob/transactor.ts +0 -383
- package/src/actor-store/db/index.ts +0 -20
- package/src/actor-store/db/migrations/001-init.ts +0 -105
- package/src/actor-store/db/migrations/index.ts +0 -5
- package/src/actor-store/db/schema/account-pref.ts +0 -11
- package/src/actor-store/db/schema/backlink.ts +0 -9
- package/src/actor-store/db/schema/blob.ts +0 -14
- package/src/actor-store/db/schema/index.ts +0 -23
- package/src/actor-store/db/schema/record-blob.ts +0 -8
- package/src/actor-store/db/schema/record.ts +0 -14
- package/src/actor-store/db/schema/repo-block.ts +0 -10
- package/src/actor-store/db/schema/repo-root.ts +0 -10
- package/src/actor-store/migrate.ts +0 -39
- package/src/actor-store/preference/reader.ts +0 -48
- package/src/actor-store/preference/transactor.ts +0 -55
- package/src/actor-store/preference/util.ts +0 -39
- package/src/actor-store/record/reader.ts +0 -374
- package/src/actor-store/record/transactor.ts +0 -111
- package/src/actor-store/repo/reader.ts +0 -31
- package/src/actor-store/repo/sql-repo-reader.ts +0 -150
- package/src/actor-store/repo/sql-repo-transactor.ts +0 -105
- package/src/actor-store/repo/transactor.ts +0 -227
- package/src/api/app/bsky/actor/getPreferences.ts +0 -57
- package/src/api/app/bsky/actor/getProfile.ts +0 -41
- package/src/api/app/bsky/actor/getProfiles.ts +0 -51
- package/src/api/app/bsky/actor/index.ts +0 -13
- package/src/api/app/bsky/actor/putPreferences.ts +0 -62
- package/src/api/app/bsky/feed/getActorLikes.ts +0 -63
- package/src/api/app/bsky/feed/getAuthorFeed.ts +0 -84
- package/src/api/app/bsky/feed/getFeed.ts +0 -47
- package/src/api/app/bsky/feed/getPostThread.ts +0 -251
- package/src/api/app/bsky/feed/getTimeline.ts +0 -50
- package/src/api/app/bsky/feed/index.ts +0 -15
- package/src/api/app/bsky/index.ts +0 -11
- package/src/api/app/bsky/notification/index.ts +0 -7
- package/src/api/app/bsky/notification/registerPush.ts +0 -71
- package/src/api/app/bsky/util/resolver.ts +0 -20
- package/src/api/com/atproto/admin/deleteAccount.ts +0 -22
- package/src/api/com/atproto/admin/disableAccountInvites.ts +0 -18
- package/src/api/com/atproto/admin/disableInviteCodes.ts +0 -21
- package/src/api/com/atproto/admin/enableAccountInvites.ts +0 -18
- package/src/api/com/atproto/admin/getAccountInfo.ts +0 -32
- package/src/api/com/atproto/admin/getAccountInfos.ts +0 -34
- package/src/api/com/atproto/admin/getInviteCodes.ts +0 -126
- package/src/api/com/atproto/admin/getSubjectStatus.ts +0 -76
- package/src/api/com/atproto/admin/index.ts +0 -31
- package/src/api/com/atproto/admin/sendEmail.ts +0 -47
- package/src/api/com/atproto/admin/updateAccountEmail.ts +0 -32
- package/src/api/com/atproto/admin/updateAccountHandle.ts +0 -47
- package/src/api/com/atproto/admin/updateAccountPassword.ts +0 -34
- package/src/api/com/atproto/admin/updateSubjectStatus.ts +0 -68
- package/src/api/com/atproto/admin/util.ts +0 -66
- package/src/api/com/atproto/identity/getRecommendedDidCredentials.ts +0 -50
- package/src/api/com/atproto/identity/index.ts +0 -17
- package/src/api/com/atproto/identity/requestPlcOperationSignature.ts +0 -59
- package/src/api/com/atproto/identity/resolveHandle.ts +0 -50
- package/src/api/com/atproto/identity/signPlcOperation.ts +0 -85
- package/src/api/com/atproto/identity/submitPlcOperation.ts +0 -65
- package/src/api/com/atproto/identity/updateHandle.ts +0 -66
- package/src/api/com/atproto/index.ts +0 -19
- package/src/api/com/atproto/moderation/createReport.ts +0 -41
- package/src/api/com/atproto/moderation/index.ts +0 -7
- package/src/api/com/atproto/repo/applyWrites.ts +0 -226
- package/src/api/com/atproto/repo/createRecord.ts +0 -143
- package/src/api/com/atproto/repo/deleteRecord.ts +0 -122
- package/src/api/com/atproto/repo/describeRepo.ts +0 -43
- package/src/api/com/atproto/repo/getRecord.ts +0 -40
- package/src/api/com/atproto/repo/importRepo.ts +0 -101
- package/src/api/com/atproto/repo/index.ts +0 -25
- package/src/api/com/atproto/repo/listMissingBlobs.ts +0 -29
- package/src/api/com/atproto/repo/listRecords.ts +0 -36
- package/src/api/com/atproto/repo/putRecord.ts +0 -211
- package/src/api/com/atproto/repo/uploadBlob.ts +0 -60
- package/src/api/com/atproto/server/activateAccount.ts +0 -37
- package/src/api/com/atproto/server/checkAccountStatus.ts +0 -51
- package/src/api/com/atproto/server/confirmEmail.ts +0 -39
- package/src/api/com/atproto/server/createAccount.ts +0 -327
- package/src/api/com/atproto/server/createAppPassword.ts +0 -53
- package/src/api/com/atproto/server/createInviteCode.ts +0 -38
- package/src/api/com/atproto/server/createInviteCodes.ts +0 -42
- package/src/api/com/atproto/server/createSession.ts +0 -97
- package/src/api/com/atproto/server/deactivateAccount.ts +0 -41
- package/src/api/com/atproto/server/deleteAccount.ts +0 -85
- package/src/api/com/atproto/server/deleteSession.ts +0 -23
- package/src/api/com/atproto/server/describeServer.ts +0 -29
- package/src/api/com/atproto/server/getAccountInviteCodes.ts +0 -142
- package/src/api/com/atproto/server/getServiceAuth.ts +0 -111
- package/src/api/com/atproto/server/getSession.ts +0 -80
- package/src/api/com/atproto/server/index.ts +0 -55
- package/src/api/com/atproto/server/listAppPasswords.ts +0 -45
- package/src/api/com/atproto/server/refreshSession.ts +0 -72
- package/src/api/com/atproto/server/requestAccountDelete.ts +0 -66
- package/src/api/com/atproto/server/requestEmailConfirmation.ts +0 -68
- package/src/api/com/atproto/server/requestEmailUpdate.ts +0 -86
- package/src/api/com/atproto/server/requestPasswordReset.ts +0 -52
- package/src/api/com/atproto/server/reserveSigningKey.ts +0 -15
- package/src/api/com/atproto/server/resetPassword.ts +0 -50
- package/src/api/com/atproto/server/revokeAppPassword.ts +0 -42
- package/src/api/com/atproto/server/updateEmail.ts +0 -52
- package/src/api/com/atproto/server/util.ts +0 -136
- package/src/api/com/atproto/sync/deprecated/getCheckout.ts +0 -27
- package/src/api/com/atproto/sync/deprecated/getHead.ts +0 -33
- package/src/api/com/atproto/sync/getBlob.ts +0 -61
- package/src/api/com/atproto/sync/getBlocks.ts +0 -37
- package/src/api/com/atproto/sync/getLatestCommit.ts +0 -33
- package/src/api/com/atproto/sync/getRecord.ts +0 -49
- package/src/api/com/atproto/sync/getRepo.ts +0 -75
- package/src/api/com/atproto/sync/getRepoStatus.ts +0 -34
- package/src/api/com/atproto/sync/index.ts +0 -27
- package/src/api/com/atproto/sync/listBlobs.ts +0 -33
- package/src/api/com/atproto/sync/listRepos.ts +0 -74
- package/src/api/com/atproto/sync/subscribeRepos.ts +0 -73
- package/src/api/com/atproto/sync/util.ts +0 -37
- package/src/api/com/atproto/temp/checkSignupQueue.ts +0 -34
- package/src/api/com/atproto/temp/index.ts +0 -7
- package/src/api/index.ts +0 -10
- package/src/api/proxy.ts +0 -44
- package/src/app-view.ts +0 -24
- package/src/auth-output.ts +0 -52
- package/src/auth-routes.ts +0 -64
- package/src/auth-scope.ts +0 -40
- package/src/auth-verifier.ts +0 -668
- package/src/background.ts +0 -65
- package/src/basic-routes.ts +0 -52
- package/src/bsky-app-view.ts +0 -33
- package/src/config/config.ts +0 -553
- package/src/config/env.ts +0 -167
- package/src/config/index.ts +0 -3
- package/src/config/secrets.ts +0 -54
- package/src/context.ts +0 -523
- package/src/crawlers.ts +0 -46
- package/src/db/cast.ts +0 -52
- package/src/db/db.ts +0 -140
- package/src/db/index.ts +0 -4
- package/src/db/migrator.ts +0 -40
- package/src/db/pagination.ts +0 -132
- package/src/db/tables/moderation.ts +0 -80
- package/src/db/util.ts +0 -108
- package/src/did-cache/db/index.ts +0 -21
- package/src/did-cache/db/migrations.ts +0 -17
- package/src/did-cache/db/schema.ts +0 -9
- package/src/did-cache/index.ts +0 -131
- package/src/disk-blobstore.ts +0 -172
- package/src/error.ts +0 -19
- package/src/handle/explicit-slurs.ts +0 -22
- package/src/handle/index.ts +0 -49
- package/src/handle/reserved.ts +0 -1059
- package/src/image/image-url-builder.ts +0 -16
- package/src/index.ts +0 -189
- package/src/lexicons.ts +0 -4
- package/src/logger.ts +0 -35
- package/src/mailer/index.ts +0 -111
- package/src/mailer/moderation.ts +0 -33
- package/src/mailer/templates/confirm-email.d.ts +0 -4
- package/src/mailer/templates/confirm-email.hbs +0 -158
- package/src/mailer/templates/delete-account.d.ts +0 -4
- package/src/mailer/templates/delete-account.hbs +0 -156
- package/src/mailer/templates/plc-operation.d.ts +0 -4
- package/src/mailer/templates/plc-operation.hbs +0 -153
- package/src/mailer/templates/reset-password.d.ts +0 -4
- package/src/mailer/templates/reset-password.hbs +0 -154
- package/src/mailer/templates/update-email.d.ts +0 -4
- package/src/mailer/templates/update-email.hbs +0 -153
- package/src/mailer/templates.ts +0 -17
- package/src/pipethrough.ts +0 -716
- package/src/rate-limits.ts +0 -59
- package/src/read-after-write/index.ts +0 -3
- package/src/read-after-write/types.ts +0 -35
- package/src/read-after-write/util.ts +0 -101
- package/src/read-after-write/viewer.ts +0 -290
- package/src/redis.ts +0 -25
- package/src/repo/index.ts +0 -2
- package/src/repo/prepare.ts +0 -266
- package/src/repo/types.ts +0 -65
- package/src/scripts/README.md +0 -40
- package/src/scripts/index.ts +0 -20
- package/src/scripts/publish-identity.ts +0 -60
- package/src/scripts/rebuild-repo.ts +0 -119
- package/src/scripts/rotate-keys.ts +0 -146
- package/src/scripts/sequencer-recovery/index.ts +0 -23
- package/src/scripts/sequencer-recovery/recoverer.ts +0 -297
- package/src/scripts/sequencer-recovery/recovery-db.ts +0 -65
- package/src/scripts/sequencer-recovery/repair-repos.ts +0 -49
- package/src/scripts/sequencer-recovery/user-queues.ts +0 -44
- package/src/scripts/util.ts +0 -7
- package/src/sequencer/db/index.ts +0 -21
- package/src/sequencer/db/migrations/001-init.ts +0 -35
- package/src/sequencer/db/migrations/index.ts +0 -5
- package/src/sequencer/db/schema.ts +0 -19
- package/src/sequencer/events.ts +0 -199
- package/src/sequencer/index.ts +0 -3
- package/src/sequencer/outbox.ts +0 -123
- package/src/sequencer/sequencer.ts +0 -290
- package/src/util/compression.ts +0 -16
- package/src/util/debug.ts +0 -10
- package/src/util/http.ts +0 -31
- package/src/util/types.ts +0 -7
- package/src/well-known.ts +0 -30
- package/test.env +0 -2
- package/tests/__snapshots__/takedown-appeal.test.ts.snap +0 -43
- package/tests/_oauth_client_assets_middleware.ts +0 -23
- package/tests/_puppeteer.ts +0 -147
- package/tests/_types.d.ts +0 -16
- package/tests/_util.ts +0 -191
- package/tests/account-deactivation.test.ts +0 -204
- package/tests/account-deletion.test.ts +0 -300
- package/tests/account-manager.test.ts +0 -462
- package/tests/account-migration.test.ts +0 -221
- package/tests/account-status.test.ts +0 -206
- package/tests/account.test.ts +0 -595
- package/tests/app-passwords.test.ts +0 -262
- package/tests/auth.test.ts +0 -405
- package/tests/blob-deletes.test.ts +0 -204
- package/tests/create-post.test.ts +0 -79
- package/tests/crud.test.ts +0 -1595
- package/tests/db.test.ts +0 -170
- package/tests/email-confirmation.test.ts +0 -227
- package/tests/entryway-mock.ts +0 -323
- package/tests/entryway.test.ts +0 -145
- package/tests/file-uploads.test.ts +0 -301
- package/tests/get-service-auth.test.ts +0 -81
- package/tests/handle-validation.test.ts +0 -56
- package/tests/handles.test.ts +0 -274
- package/tests/invite-codes.test.ts +0 -367
- package/tests/invites-admin.test.ts +0 -252
- package/tests/moderation.test.ts +0 -280
- package/tests/moderator-auth.test.ts +0 -177
- package/tests/oauth.test.ts +0 -334
- package/tests/plc-operations.test.ts +0 -239
- package/tests/preferences.test.ts +0 -352
- package/tests/proxied/__snapshots__/admin.test.ts.snap +0 -516
- package/tests/proxied/__snapshots__/feedgen.test.ts.snap +0 -215
- package/tests/proxied/__snapshots__/views.test.ts.snap +0 -4456
- package/tests/proxied/admin.test.ts +0 -340
- package/tests/proxied/feedgen.test.ts +0 -66
- package/tests/proxied/notif.test.ts +0 -85
- package/tests/proxied/procedures.test.ts +0 -175
- package/tests/proxied/proxy-catchall.test.ts +0 -256
- package/tests/proxied/proxy-header.test.ts +0 -239
- package/tests/proxied/proxy-oauth-aud.test.ts +0 -182
- package/tests/proxied/read-after-write.test.ts +0 -382
- package/tests/proxied/views.test.ts +0 -608
- package/tests/races.test.ts +0 -89
- package/tests/rate-limits.test.ts +0 -70
- package/tests/recovery.test.ts +0 -180
- package/tests/seeds/basic.ts +0 -165
- package/tests/seeds/follows.ts +0 -57
- package/tests/seeds/likes.ts +0 -14
- package/tests/seeds/reposts.ts +0 -18
- package/tests/seeds/thread.ts +0 -40
- package/tests/seeds/users-bulk.ts +0 -246
- package/tests/seeds/users.ts +0 -67
- package/tests/sequencer.test.ts +0 -251
- package/tests/server.test.ts +0 -151
- package/tests/sync/invertible-ops.test.ts +0 -99
- package/tests/sync/list.test.ts +0 -43
- package/tests/sync/subscribe-repos.test.ts +0 -672
- package/tests/sync/sync.test.ts +0 -316
- package/tests/takedown-appeal.test.ts +0 -166
- package/tsconfig.build.json +0 -9
- package/tsconfig.build.tsbuildinfo +0 -1
- package/tsconfig.json +0 -7
- package/tsconfig.tests.json +0 -8
package/tests/entryway-mock.ts
DELETED
|
@@ -1,323 +0,0 @@
|
|
|
1
|
-
import { createPrivateKey } from 'node:crypto'
|
|
2
|
-
import * as http from 'node:http'
|
|
3
|
-
import * as plcLib from '@did-plc/lib'
|
|
4
|
-
import { HttpTerminator, createHttpTerminator } from 'http-terminator'
|
|
5
|
-
import * as jose from 'jose'
|
|
6
|
-
import KeyEncoderModule from 'key-encoder'
|
|
7
|
-
import * as ui8 from 'uint8arrays'
|
|
8
|
-
import { AtpAgent } from '@atproto/api'
|
|
9
|
-
import { getVerificationMaterial } from '@atproto/common'
|
|
10
|
-
import { Secp256k1Keypair, randomStr } from '@atproto/crypto'
|
|
11
|
-
import { IdResolver, getDidKeyFromMultibase } from '@atproto/identity'
|
|
12
|
-
import { DidString, HandleString } from '@atproto/syntax'
|
|
13
|
-
import {
|
|
14
|
-
AuthRequiredError,
|
|
15
|
-
createServer,
|
|
16
|
-
parseReqNsid,
|
|
17
|
-
verifyJwt as verifyServiceJwt,
|
|
18
|
-
} from '@atproto/xrpc-server'
|
|
19
|
-
import {
|
|
20
|
-
bearerTokenFromReq,
|
|
21
|
-
createPublicKeyObject,
|
|
22
|
-
} from '../src/auth-verifier.js'
|
|
23
|
-
import { com } from '../src/lexicons/index.js'
|
|
24
|
-
|
|
25
|
-
// key-encoder is CJS with exports.default; Node ESM interop wraps it as { default: Class }
|
|
26
|
-
const KeyEncoder = ((m) => m.default ?? m)(KeyEncoderModule)
|
|
27
|
-
|
|
28
|
-
interface Account {
|
|
29
|
-
did: DidString
|
|
30
|
-
handle: HandleString
|
|
31
|
-
email?: string
|
|
32
|
-
}
|
|
33
|
-
|
|
34
|
-
interface MockEntrywayOpts {
|
|
35
|
-
port: number
|
|
36
|
-
serviceDid: string
|
|
37
|
-
plcUrl: string
|
|
38
|
-
pdsUrl: string
|
|
39
|
-
pdsDid: string
|
|
40
|
-
adminPassword: string
|
|
41
|
-
jwtSigningKey: Secp256k1Keypair
|
|
42
|
-
plcRotationKey: Secp256k1Keypair
|
|
43
|
-
}
|
|
44
|
-
|
|
45
|
-
type AccessAuthResult = { credentials: { did: string; type: 'access' } }
|
|
46
|
-
type ServiceAuthResult = { credentials: { did: string; type: 'service' } }
|
|
47
|
-
|
|
48
|
-
export class MockEntryway {
|
|
49
|
-
public url: string
|
|
50
|
-
public serviceDid: string
|
|
51
|
-
public plcRotationKey: Secp256k1Keypair
|
|
52
|
-
public idResolver: IdResolver
|
|
53
|
-
|
|
54
|
-
private server: http.Server
|
|
55
|
-
private terminator: HttpTerminator
|
|
56
|
-
private accounts = new Map<string, Account>()
|
|
57
|
-
|
|
58
|
-
private constructor(
|
|
59
|
-
server: http.Server,
|
|
60
|
-
terminator: HttpTerminator,
|
|
61
|
-
idResolver: IdResolver,
|
|
62
|
-
opts: MockEntrywayOpts,
|
|
63
|
-
) {
|
|
64
|
-
this.server = server
|
|
65
|
-
this.terminator = terminator
|
|
66
|
-
this.url = `http://localhost:${opts.port}`
|
|
67
|
-
this.serviceDid = opts.serviceDid
|
|
68
|
-
this.plcRotationKey = opts.plcRotationKey
|
|
69
|
-
this.idResolver = idResolver
|
|
70
|
-
}
|
|
71
|
-
|
|
72
|
-
static async create(opts: MockEntrywayOpts): Promise<MockEntryway> {
|
|
73
|
-
const keyEncoder = new KeyEncoder('secp256k1')
|
|
74
|
-
const privateKeyHex = ui8.toString(await opts.jwtSigningKey.export(), 'hex')
|
|
75
|
-
const privatePem = keyEncoder.encodePrivate(privateKeyHex, 'raw', 'pem')
|
|
76
|
-
const jwtPrivateKey = createPrivateKey({ format: 'pem', key: privatePem })
|
|
77
|
-
const jwtPublicKey = createPublicKeyObject(
|
|
78
|
-
opts.jwtSigningKey.publicKeyStr('hex'),
|
|
79
|
-
)
|
|
80
|
-
|
|
81
|
-
const plcClient = new plcLib.Client(opts.plcUrl)
|
|
82
|
-
const pdsAgent = new AtpAgent({ service: opts.pdsUrl })
|
|
83
|
-
const idResolver = new IdResolver({ plcUrl: opts.plcUrl })
|
|
84
|
-
|
|
85
|
-
const accounts = new Map<string, Account>()
|
|
86
|
-
|
|
87
|
-
const getSigningKey = async (
|
|
88
|
-
iss: string,
|
|
89
|
-
forceRefresh: boolean,
|
|
90
|
-
): Promise<string> => {
|
|
91
|
-
const [did, serviceId] = iss.split('#')
|
|
92
|
-
if (serviceId) {
|
|
93
|
-
throw new AuthRequiredError('no service id expected in iss claim')
|
|
94
|
-
}
|
|
95
|
-
const didDoc = await idResolver.did.resolve(did, forceRefresh)
|
|
96
|
-
if (!didDoc) {
|
|
97
|
-
throw new AuthRequiredError(`could not resolve did: ${did}`)
|
|
98
|
-
}
|
|
99
|
-
const parsedKey = getVerificationMaterial(didDoc, 'atproto')
|
|
100
|
-
if (!parsedKey) {
|
|
101
|
-
throw new AuthRequiredError('missing or bad key in did doc')
|
|
102
|
-
}
|
|
103
|
-
const didKey = getDidKeyFromMultibase(parsedKey)
|
|
104
|
-
if (!didKey) {
|
|
105
|
-
throw new AuthRequiredError('missing or bad key in did doc')
|
|
106
|
-
}
|
|
107
|
-
return didKey
|
|
108
|
-
}
|
|
109
|
-
|
|
110
|
-
const bearerToken = (req: http.IncomingMessage): string => {
|
|
111
|
-
const token = bearerTokenFromReq(req)
|
|
112
|
-
if (!token) {
|
|
113
|
-
throw new AuthRequiredError('missing bearer token')
|
|
114
|
-
}
|
|
115
|
-
return token
|
|
116
|
-
}
|
|
117
|
-
|
|
118
|
-
// Auth: verify user access token (typ: 'at+jwt') signed by entryway
|
|
119
|
-
const accessAuth = async ({
|
|
120
|
-
req,
|
|
121
|
-
}: {
|
|
122
|
-
req: http.IncomingMessage
|
|
123
|
-
}): Promise<AccessAuthResult> => {
|
|
124
|
-
try {
|
|
125
|
-
const token = bearerToken(req)
|
|
126
|
-
const { protectedHeader, payload } = await jose.jwtVerify(
|
|
127
|
-
token,
|
|
128
|
-
jwtPublicKey,
|
|
129
|
-
)
|
|
130
|
-
if (protectedHeader.typ !== 'at+jwt') {
|
|
131
|
-
throw new AuthRequiredError('expected typ: at+jwt')
|
|
132
|
-
}
|
|
133
|
-
if (!payload.sub) {
|
|
134
|
-
throw new AuthRequiredError('missing sub in token')
|
|
135
|
-
}
|
|
136
|
-
return { credentials: { did: payload.sub, type: 'access' } }
|
|
137
|
-
} catch (err) {
|
|
138
|
-
console.log(err)
|
|
139
|
-
throw err
|
|
140
|
-
}
|
|
141
|
-
}
|
|
142
|
-
|
|
143
|
-
// Auth: verify service auth token from PDS (no typ / typ !== 'at+jwt')
|
|
144
|
-
const serviceAuth = async ({
|
|
145
|
-
req,
|
|
146
|
-
}: {
|
|
147
|
-
req: http.IncomingMessage
|
|
148
|
-
}): Promise<ServiceAuthResult> => {
|
|
149
|
-
try {
|
|
150
|
-
const token = bearerToken(req)
|
|
151
|
-
const { typ } = jose.decodeProtectedHeader(token)
|
|
152
|
-
if (typ === 'at+jwt') {
|
|
153
|
-
throw new AuthRequiredError(
|
|
154
|
-
'expected service auth: typ must not be at+jwt',
|
|
155
|
-
)
|
|
156
|
-
}
|
|
157
|
-
const nsid = parseReqNsid(req)
|
|
158
|
-
const payload = await verifyServiceJwt(
|
|
159
|
-
token,
|
|
160
|
-
opts.serviceDid,
|
|
161
|
-
nsid,
|
|
162
|
-
getSigningKey,
|
|
163
|
-
)
|
|
164
|
-
return { credentials: { did: payload.iss, type: 'service' } }
|
|
165
|
-
} catch (err) {
|
|
166
|
-
console.log(err)
|
|
167
|
-
throw err
|
|
168
|
-
}
|
|
169
|
-
}
|
|
170
|
-
|
|
171
|
-
// Auth: accept either access token or service auth
|
|
172
|
-
const accessOrServiceAuth = async ({
|
|
173
|
-
req,
|
|
174
|
-
}: {
|
|
175
|
-
req: http.IncomingMessage
|
|
176
|
-
}): Promise<AccessAuthResult | ServiceAuthResult> => {
|
|
177
|
-
const token = bearerToken(req)
|
|
178
|
-
const { typ } = jose.decodeProtectedHeader(token)
|
|
179
|
-
if (typ === 'at+jwt') {
|
|
180
|
-
return accessAuth({ req })
|
|
181
|
-
}
|
|
182
|
-
return serviceAuth({ req })
|
|
183
|
-
}
|
|
184
|
-
|
|
185
|
-
const server = createServer()
|
|
186
|
-
|
|
187
|
-
server.add(com.atproto.server.createAccount, {
|
|
188
|
-
handler: async ({ input }) => {
|
|
189
|
-
const { email, handle } = input.body
|
|
190
|
-
|
|
191
|
-
// Reserve a signing key on the PDS
|
|
192
|
-
const {
|
|
193
|
-
data: { signingKey },
|
|
194
|
-
} = await pdsAgent.com.atproto.server.reserveSigningKey({})
|
|
195
|
-
|
|
196
|
-
// Create PLC operation
|
|
197
|
-
const plcCreate = await plcLib.createOp({
|
|
198
|
-
signingKey,
|
|
199
|
-
rotationKeys: [opts.plcRotationKey.did()],
|
|
200
|
-
handle,
|
|
201
|
-
pds: opts.pdsUrl,
|
|
202
|
-
signer: opts.plcRotationKey,
|
|
203
|
-
})
|
|
204
|
-
|
|
205
|
-
// Create account on PDS (no auth needed — userServiceAuthOptional)
|
|
206
|
-
await pdsAgent.com.atproto.server.createAccount({
|
|
207
|
-
did: plcCreate.did,
|
|
208
|
-
handle,
|
|
209
|
-
plcOp: plcCreate.op,
|
|
210
|
-
})
|
|
211
|
-
|
|
212
|
-
// Store account in memory
|
|
213
|
-
accounts.set(plcCreate.did, {
|
|
214
|
-
did: plcCreate.did as DidString,
|
|
215
|
-
handle,
|
|
216
|
-
email,
|
|
217
|
-
})
|
|
218
|
-
|
|
219
|
-
// Sign access + refresh JWTs
|
|
220
|
-
const now = Math.floor(Date.now() / 1000)
|
|
221
|
-
const accessJwt = await new jose.SignJWT({
|
|
222
|
-
scope: 'com.atproto.access',
|
|
223
|
-
})
|
|
224
|
-
.setProtectedHeader({ alg: 'ES256K', typ: 'at+jwt' })
|
|
225
|
-
.setSubject(plcCreate.did)
|
|
226
|
-
.setAudience(opts.pdsDid)
|
|
227
|
-
.setIssuedAt(now)
|
|
228
|
-
.setExpirationTime(now + 60 * 60)
|
|
229
|
-
.setJti(randomStr(16, 'base32'))
|
|
230
|
-
.sign(jwtPrivateKey)
|
|
231
|
-
|
|
232
|
-
const refreshJwt = await new jose.SignJWT({
|
|
233
|
-
scope: 'com.atproto.refresh',
|
|
234
|
-
})
|
|
235
|
-
.setProtectedHeader({ alg: 'ES256K', typ: 'at+jwt' })
|
|
236
|
-
.setSubject(plcCreate.did)
|
|
237
|
-
.setAudience(opts.pdsDid)
|
|
238
|
-
.setIssuedAt(now)
|
|
239
|
-
.setExpirationTime(now + 90 * 24 * 60 * 60)
|
|
240
|
-
.setJti(randomStr(16, 'base32'))
|
|
241
|
-
.sign(jwtPrivateKey)
|
|
242
|
-
|
|
243
|
-
return {
|
|
244
|
-
encoding: 'application/json' as const,
|
|
245
|
-
body: {
|
|
246
|
-
did: plcCreate.did as DidString,
|
|
247
|
-
handle,
|
|
248
|
-
accessJwt,
|
|
249
|
-
refreshJwt,
|
|
250
|
-
},
|
|
251
|
-
}
|
|
252
|
-
},
|
|
253
|
-
})
|
|
254
|
-
|
|
255
|
-
server.add(com.atproto.server.getSession, {
|
|
256
|
-
auth: accessOrServiceAuth,
|
|
257
|
-
handler: async ({ auth }) => {
|
|
258
|
-
const account = accounts.get(auth.credentials.did)
|
|
259
|
-
if (!account) {
|
|
260
|
-
throw new Error(
|
|
261
|
-
`Could not find account for DID: ${auth.credentials.did}`,
|
|
262
|
-
)
|
|
263
|
-
}
|
|
264
|
-
return {
|
|
265
|
-
encoding: 'application/json' as const,
|
|
266
|
-
body: {
|
|
267
|
-
did: account.did,
|
|
268
|
-
handle: account.handle,
|
|
269
|
-
email: account.email,
|
|
270
|
-
emailConfirmed: false,
|
|
271
|
-
},
|
|
272
|
-
}
|
|
273
|
-
},
|
|
274
|
-
})
|
|
275
|
-
|
|
276
|
-
server.add(com.atproto.identity.updateHandle, {
|
|
277
|
-
auth: serviceAuth,
|
|
278
|
-
handler: async ({ auth, input }) => {
|
|
279
|
-
// The PDS sends { did, handle } where did is the target user
|
|
280
|
-
const body = input.body as typeof input.body & { did?: string }
|
|
281
|
-
const targetDid = body.did || auth.credentials.did
|
|
282
|
-
const newHandle = body.handle
|
|
283
|
-
|
|
284
|
-
// Update handle in PLC
|
|
285
|
-
await plcClient.updateHandle(targetDid, opts.plcRotationKey, newHandle)
|
|
286
|
-
|
|
287
|
-
// Update in-memory account
|
|
288
|
-
const account = accounts.get(targetDid)
|
|
289
|
-
if (account) {
|
|
290
|
-
account.handle = newHandle
|
|
291
|
-
}
|
|
292
|
-
|
|
293
|
-
// Notify PDS via admin endpoint
|
|
294
|
-
const adminAuth = Buffer.from(`admin:${opts.adminPassword}`).toString(
|
|
295
|
-
'base64',
|
|
296
|
-
)
|
|
297
|
-
await pdsAgent.com.atproto.admin.updateAccountHandle(
|
|
298
|
-
{ did: targetDid, handle: newHandle },
|
|
299
|
-
{
|
|
300
|
-
headers: { authorization: `Basic ${adminAuth}` },
|
|
301
|
-
encoding: 'application/json',
|
|
302
|
-
},
|
|
303
|
-
)
|
|
304
|
-
},
|
|
305
|
-
})
|
|
306
|
-
|
|
307
|
-
const httpServer = server.listen(opts.port)
|
|
308
|
-
const terminator = createHttpTerminator({ server: httpServer })
|
|
309
|
-
|
|
310
|
-
const instance = new MockEntryway(httpServer, terminator, idResolver, opts)
|
|
311
|
-
instance.accounts = accounts
|
|
312
|
-
|
|
313
|
-
return instance
|
|
314
|
-
}
|
|
315
|
-
|
|
316
|
-
getAccount(did: string): Account | undefined {
|
|
317
|
-
return this.accounts.get(did)
|
|
318
|
-
}
|
|
319
|
-
|
|
320
|
-
async destroy(): Promise<void> {
|
|
321
|
-
await this.terminator.terminate()
|
|
322
|
-
}
|
|
323
|
-
}
|
package/tests/entryway.test.ts
DELETED
|
@@ -1,145 +0,0 @@
|
|
|
1
|
-
import assert from 'node:assert'
|
|
2
|
-
import * as plcLib from '@did-plc/lib'
|
|
3
|
-
import getPort from 'get-port'
|
|
4
|
-
import { AtpAgent } from '@atproto/api'
|
|
5
|
-
import { Secp256k1Keypair } from '@atproto/crypto'
|
|
6
|
-
import { SeedClient, TestPds, TestPlc, mockResolvers } from '@atproto/dev-env'
|
|
7
|
-
import { isDidString } from '@atproto/lex'
|
|
8
|
-
import { DidString } from '@atproto/syntax'
|
|
9
|
-
import { MockEntryway } from './entryway-mock.js'
|
|
10
|
-
|
|
11
|
-
describe('entryway', () => {
|
|
12
|
-
let plc: TestPlc
|
|
13
|
-
let pds: TestPds
|
|
14
|
-
let entryway: MockEntryway
|
|
15
|
-
let pdsAgent: AtpAgent
|
|
16
|
-
let entrywayAgent: AtpAgent
|
|
17
|
-
let alice: DidString
|
|
18
|
-
let accessToken: string
|
|
19
|
-
|
|
20
|
-
beforeAll(async () => {
|
|
21
|
-
const jwtSigningKey = await Secp256k1Keypair.create({ exportable: true })
|
|
22
|
-
const plcRotationKey = await Secp256k1Keypair.create({ exportable: true })
|
|
23
|
-
const entrywayPort = await getPort()
|
|
24
|
-
plc = await TestPlc.create({})
|
|
25
|
-
pds = await TestPds.create({
|
|
26
|
-
entrywayUrl: `http://localhost:${entrywayPort}`,
|
|
27
|
-
entrywayDid: 'did:example:entryway',
|
|
28
|
-
entrywayJwtVerifyKeyK256PublicKeyHex: jwtSigningKey.publicKeyStr('hex'),
|
|
29
|
-
entrywayPlcRotationKey: plcRotationKey.did(),
|
|
30
|
-
adminPassword: 'admin-pass',
|
|
31
|
-
serviceHandleDomains: [],
|
|
32
|
-
didPlcUrl: plc.url,
|
|
33
|
-
serviceDid: 'did:example:pds',
|
|
34
|
-
inviteRequired: false,
|
|
35
|
-
})
|
|
36
|
-
entryway = await MockEntryway.create({
|
|
37
|
-
port: entrywayPort,
|
|
38
|
-
serviceDid: 'did:example:entryway',
|
|
39
|
-
plcUrl: plc.url,
|
|
40
|
-
pdsUrl: pds.url,
|
|
41
|
-
pdsDid: 'did:example:pds',
|
|
42
|
-
adminPassword: 'admin-pass',
|
|
43
|
-
jwtSigningKey,
|
|
44
|
-
plcRotationKey,
|
|
45
|
-
})
|
|
46
|
-
mockResolvers(pds.ctx.idResolver, pds)
|
|
47
|
-
mockResolvers(entryway.idResolver, pds)
|
|
48
|
-
pdsAgent = pds.getAgent()
|
|
49
|
-
entrywayAgent = new AtpAgent({
|
|
50
|
-
service: entryway.url,
|
|
51
|
-
})
|
|
52
|
-
})
|
|
53
|
-
|
|
54
|
-
afterAll(async () => {
|
|
55
|
-
await plc.close()
|
|
56
|
-
await entryway.destroy()
|
|
57
|
-
await pds.close()
|
|
58
|
-
})
|
|
59
|
-
|
|
60
|
-
it('creates account.', async () => {
|
|
61
|
-
const res = await entrywayAgent.api.com.atproto.server.createAccount({
|
|
62
|
-
email: 'alice@test.com',
|
|
63
|
-
handle: 'alice.test',
|
|
64
|
-
password: 'test123',
|
|
65
|
-
})
|
|
66
|
-
|
|
67
|
-
assert(isDidString(res.data.did), 'Account DID is not a valid DidString')
|
|
68
|
-
|
|
69
|
-
alice = res.data.did
|
|
70
|
-
accessToken = res.data.accessJwt
|
|
71
|
-
|
|
72
|
-
const account = await pds.ctx.accountManager.getAccount(alice)
|
|
73
|
-
expect(account?.did).toEqual(alice)
|
|
74
|
-
expect(account?.handle).toEqual('alice.test')
|
|
75
|
-
})
|
|
76
|
-
|
|
77
|
-
it('auths with both services.', async () => {
|
|
78
|
-
const entrywaySession =
|
|
79
|
-
await entrywayAgent.api.com.atproto.server.getSession(undefined, {
|
|
80
|
-
headers: SeedClient.getHeaders(accessToken),
|
|
81
|
-
})
|
|
82
|
-
const pdsSession = await pdsAgent.api.com.atproto.server.getSession(
|
|
83
|
-
undefined,
|
|
84
|
-
{ headers: SeedClient.getHeaders(accessToken) },
|
|
85
|
-
)
|
|
86
|
-
expect(entrywaySession.data).toEqual(pdsSession.data)
|
|
87
|
-
})
|
|
88
|
-
|
|
89
|
-
it('updates handle from pds.', async () => {
|
|
90
|
-
await pdsAgent.api.com.atproto.identity.updateHandle(
|
|
91
|
-
{ handle: 'alice2.test' },
|
|
92
|
-
{
|
|
93
|
-
headers: SeedClient.getHeaders(accessToken),
|
|
94
|
-
encoding: 'application/json',
|
|
95
|
-
},
|
|
96
|
-
)
|
|
97
|
-
const doc = await pds.ctx.idResolver.did.resolve(alice)
|
|
98
|
-
const handleToDid = await pds.ctx.idResolver.handle.resolve('alice2.test')
|
|
99
|
-
const accountFromPds = await pds.ctx.accountManager.getAccount(alice)
|
|
100
|
-
const accountFromEntryway = entryway.getAccount(alice)
|
|
101
|
-
expect(doc?.alsoKnownAs).toEqual(['at://alice2.test'])
|
|
102
|
-
expect(handleToDid).toEqual(alice)
|
|
103
|
-
expect(accountFromPds?.handle).toEqual('alice2.test')
|
|
104
|
-
expect(accountFromEntryway?.handle).toEqual('alice2.test')
|
|
105
|
-
})
|
|
106
|
-
|
|
107
|
-
it('updates handle from entryway.', async () => {
|
|
108
|
-
await entrywayAgent.api.com.atproto.identity.updateHandle(
|
|
109
|
-
{ handle: 'alice3.test' },
|
|
110
|
-
await pds.ctx.serviceAuthHeaders(
|
|
111
|
-
alice,
|
|
112
|
-
'did:example:entryway',
|
|
113
|
-
'com.atproto.identity.updateHandle',
|
|
114
|
-
),
|
|
115
|
-
)
|
|
116
|
-
const doc = await entryway.idResolver.did.resolve(alice)
|
|
117
|
-
const handleToDid = await entryway.idResolver.handle.resolve('alice3.test')
|
|
118
|
-
const accountFromPds = await pds.ctx.accountManager.getAccount(alice)
|
|
119
|
-
const accountFromEntryway = entryway.getAccount(alice)
|
|
120
|
-
expect(doc?.alsoKnownAs).toEqual(['at://alice3.test'])
|
|
121
|
-
expect(handleToDid).toEqual(alice)
|
|
122
|
-
expect(accountFromPds?.handle).toEqual('alice3.test')
|
|
123
|
-
expect(accountFromEntryway?.handle).toEqual('alice3.test')
|
|
124
|
-
})
|
|
125
|
-
|
|
126
|
-
it('does not allow bringing own op to account creation.', async () => {
|
|
127
|
-
const {
|
|
128
|
-
data: { signingKey },
|
|
129
|
-
} = await pdsAgent.api.com.atproto.server.reserveSigningKey({})
|
|
130
|
-
const rotationKey = await Secp256k1Keypair.create()
|
|
131
|
-
const plcCreate = await plcLib.createOp({
|
|
132
|
-
signingKey,
|
|
133
|
-
rotationKeys: [rotationKey.did(), entryway.plcRotationKey.did()],
|
|
134
|
-
handle: 'weirdalice.test',
|
|
135
|
-
pds: pds.ctx.cfg.service.publicUrl,
|
|
136
|
-
signer: rotationKey,
|
|
137
|
-
})
|
|
138
|
-
const tryCreateAccount = pdsAgent.api.com.atproto.server.createAccount({
|
|
139
|
-
did: plcCreate.did,
|
|
140
|
-
plcOp: plcCreate.op,
|
|
141
|
-
handle: 'weirdalice.test',
|
|
142
|
-
})
|
|
143
|
-
await expect(tryCreateAccount).rejects.toThrow('invalid plc operation')
|
|
144
|
-
})
|
|
145
|
-
})
|