@atproto/pds 0.5.12 → 0.5.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +36 -0
- package/dist/api/app/bsky/notification/index.d.ts.map +1 -1
- package/dist/api/app/bsky/notification/index.js +2 -0
- package/dist/api/app/bsky/notification/index.js.map +1 -1
- package/dist/api/app/bsky/notification/unregisterPush.d.ts +4 -0
- package/dist/api/app/bsky/notification/unregisterPush.d.ts.map +1 -0
- package/dist/api/app/bsky/notification/unregisterPush.js +48 -0
- package/dist/api/app/bsky/notification/unregisterPush.js.map +1 -0
- package/package.json +42 -38
- package/build.templates.cjs +0 -22
- package/example.env +0 -42
- package/jest.config.cjs +0 -27
- package/src/account-manager/account-manager.ts +0 -916
- package/src/account-manager/db/index.ts +0 -21
- package/src/account-manager/db/migrations/001-init.ts +0 -115
- package/src/account-manager/db/migrations/002-account-deactivation.ts +0 -17
- package/src/account-manager/db/migrations/003-privileged-app-passwords.ts +0 -12
- package/src/account-manager/db/migrations/004-oauth.ts +0 -122
- package/src/account-manager/db/migrations/005-oauth-account-management.ts +0 -136
- package/src/account-manager/db/migrations/006-oauth-permission-sets.ts +0 -20
- package/src/account-manager/db/migrations/007-lexicon-failures-index.ts +0 -14
- package/src/account-manager/db/migrations/index.ts +0 -17
- package/src/account-manager/db/schema/account-device.ts +0 -14
- package/src/account-manager/db/schema/account.ts +0 -16
- package/src/account-manager/db/schema/actor.ts +0 -17
- package/src/account-manager/db/schema/app-password.ts +0 -13
- package/src/account-manager/db/schema/authorization-request.ts +0 -30
- package/src/account-manager/db/schema/authorized-client.ts +0 -23
- package/src/account-manager/db/schema/device.ts +0 -18
- package/src/account-manager/db/schema/email-token.ts +0 -19
- package/src/account-manager/db/schema/index.ts +0 -43
- package/src/account-manager/db/schema/invite-code.ts +0 -24
- package/src/account-manager/db/schema/lexicon.ts +0 -15
- package/src/account-manager/db/schema/refresh-token.ts +0 -11
- package/src/account-manager/db/schema/repo-root.ts +0 -12
- package/src/account-manager/db/schema/token.ts +0 -38
- package/src/account-manager/db/schema/used-refresh-token.ts +0 -13
- package/src/account-manager/helpers/account-device.ts +0 -63
- package/src/account-manager/helpers/account.ts +0 -355
- package/src/account-manager/helpers/auth.ts +0 -222
- package/src/account-manager/helpers/authorization-request.ts +0 -90
- package/src/account-manager/helpers/authorized-client.ts +0 -75
- package/src/account-manager/helpers/device.ts +0 -47
- package/src/account-manager/helpers/email-token.ts +0 -87
- package/src/account-manager/helpers/invite.ts +0 -263
- package/src/account-manager/helpers/lexicon.ts +0 -67
- package/src/account-manager/helpers/password.ts +0 -136
- package/src/account-manager/helpers/repo.ts +0 -24
- package/src/account-manager/helpers/scrypt.ts +0 -53
- package/src/account-manager/helpers/token.ts +0 -158
- package/src/account-manager/helpers/used-refresh-token.ts +0 -30
- package/src/account-manager/oauth-store.ts +0 -880
- package/src/account-manager/scope-reference-getter.ts +0 -106
- package/src/actor-store/actor-store-reader.ts +0 -45
- package/src/actor-store/actor-store-resources.ts +0 -8
- package/src/actor-store/actor-store-transactor.ts +0 -31
- package/src/actor-store/actor-store-writer.ts +0 -17
- package/src/actor-store/actor-store.ts +0 -210
- package/src/actor-store/blob/reader.ts +0 -160
- package/src/actor-store/blob/transactor.ts +0 -383
- package/src/actor-store/db/index.ts +0 -20
- package/src/actor-store/db/migrations/001-init.ts +0 -105
- package/src/actor-store/db/migrations/index.ts +0 -5
- package/src/actor-store/db/schema/account-pref.ts +0 -11
- package/src/actor-store/db/schema/backlink.ts +0 -9
- package/src/actor-store/db/schema/blob.ts +0 -14
- package/src/actor-store/db/schema/index.ts +0 -23
- package/src/actor-store/db/schema/record-blob.ts +0 -8
- package/src/actor-store/db/schema/record.ts +0 -14
- package/src/actor-store/db/schema/repo-block.ts +0 -10
- package/src/actor-store/db/schema/repo-root.ts +0 -10
- package/src/actor-store/migrate.ts +0 -39
- package/src/actor-store/preference/reader.ts +0 -48
- package/src/actor-store/preference/transactor.ts +0 -55
- package/src/actor-store/preference/util.ts +0 -39
- package/src/actor-store/record/reader.ts +0 -374
- package/src/actor-store/record/transactor.ts +0 -111
- package/src/actor-store/repo/reader.ts +0 -31
- package/src/actor-store/repo/sql-repo-reader.ts +0 -150
- package/src/actor-store/repo/sql-repo-transactor.ts +0 -105
- package/src/actor-store/repo/transactor.ts +0 -227
- package/src/api/app/bsky/actor/getPreferences.ts +0 -57
- package/src/api/app/bsky/actor/getProfile.ts +0 -41
- package/src/api/app/bsky/actor/getProfiles.ts +0 -51
- package/src/api/app/bsky/actor/index.ts +0 -13
- package/src/api/app/bsky/actor/putPreferences.ts +0 -62
- package/src/api/app/bsky/feed/getActorLikes.ts +0 -63
- package/src/api/app/bsky/feed/getAuthorFeed.ts +0 -84
- package/src/api/app/bsky/feed/getFeed.ts +0 -47
- package/src/api/app/bsky/feed/getPostThread.ts +0 -251
- package/src/api/app/bsky/feed/getTimeline.ts +0 -50
- package/src/api/app/bsky/feed/index.ts +0 -15
- package/src/api/app/bsky/index.ts +0 -11
- package/src/api/app/bsky/notification/index.ts +0 -7
- package/src/api/app/bsky/notification/registerPush.ts +0 -71
- package/src/api/app/bsky/util/resolver.ts +0 -20
- package/src/api/com/atproto/admin/deleteAccount.ts +0 -22
- package/src/api/com/atproto/admin/disableAccountInvites.ts +0 -18
- package/src/api/com/atproto/admin/disableInviteCodes.ts +0 -21
- package/src/api/com/atproto/admin/enableAccountInvites.ts +0 -18
- package/src/api/com/atproto/admin/getAccountInfo.ts +0 -32
- package/src/api/com/atproto/admin/getAccountInfos.ts +0 -34
- package/src/api/com/atproto/admin/getInviteCodes.ts +0 -126
- package/src/api/com/atproto/admin/getSubjectStatus.ts +0 -76
- package/src/api/com/atproto/admin/index.ts +0 -31
- package/src/api/com/atproto/admin/sendEmail.ts +0 -47
- package/src/api/com/atproto/admin/updateAccountEmail.ts +0 -32
- package/src/api/com/atproto/admin/updateAccountHandle.ts +0 -47
- package/src/api/com/atproto/admin/updateAccountPassword.ts +0 -34
- package/src/api/com/atproto/admin/updateSubjectStatus.ts +0 -68
- package/src/api/com/atproto/admin/util.ts +0 -66
- package/src/api/com/atproto/identity/getRecommendedDidCredentials.ts +0 -50
- package/src/api/com/atproto/identity/index.ts +0 -17
- package/src/api/com/atproto/identity/requestPlcOperationSignature.ts +0 -59
- package/src/api/com/atproto/identity/resolveHandle.ts +0 -50
- package/src/api/com/atproto/identity/signPlcOperation.ts +0 -85
- package/src/api/com/atproto/identity/submitPlcOperation.ts +0 -65
- package/src/api/com/atproto/identity/updateHandle.ts +0 -66
- package/src/api/com/atproto/index.ts +0 -19
- package/src/api/com/atproto/moderation/createReport.ts +0 -41
- package/src/api/com/atproto/moderation/index.ts +0 -7
- package/src/api/com/atproto/repo/applyWrites.ts +0 -226
- package/src/api/com/atproto/repo/createRecord.ts +0 -143
- package/src/api/com/atproto/repo/deleteRecord.ts +0 -122
- package/src/api/com/atproto/repo/describeRepo.ts +0 -43
- package/src/api/com/atproto/repo/getRecord.ts +0 -40
- package/src/api/com/atproto/repo/importRepo.ts +0 -101
- package/src/api/com/atproto/repo/index.ts +0 -25
- package/src/api/com/atproto/repo/listMissingBlobs.ts +0 -29
- package/src/api/com/atproto/repo/listRecords.ts +0 -36
- package/src/api/com/atproto/repo/putRecord.ts +0 -211
- package/src/api/com/atproto/repo/uploadBlob.ts +0 -60
- package/src/api/com/atproto/server/activateAccount.ts +0 -37
- package/src/api/com/atproto/server/checkAccountStatus.ts +0 -51
- package/src/api/com/atproto/server/confirmEmail.ts +0 -39
- package/src/api/com/atproto/server/createAccount.ts +0 -327
- package/src/api/com/atproto/server/createAppPassword.ts +0 -53
- package/src/api/com/atproto/server/createInviteCode.ts +0 -38
- package/src/api/com/atproto/server/createInviteCodes.ts +0 -42
- package/src/api/com/atproto/server/createSession.ts +0 -97
- package/src/api/com/atproto/server/deactivateAccount.ts +0 -41
- package/src/api/com/atproto/server/deleteAccount.ts +0 -85
- package/src/api/com/atproto/server/deleteSession.ts +0 -23
- package/src/api/com/atproto/server/describeServer.ts +0 -29
- package/src/api/com/atproto/server/getAccountInviteCodes.ts +0 -142
- package/src/api/com/atproto/server/getServiceAuth.ts +0 -111
- package/src/api/com/atproto/server/getSession.ts +0 -80
- package/src/api/com/atproto/server/index.ts +0 -55
- package/src/api/com/atproto/server/listAppPasswords.ts +0 -45
- package/src/api/com/atproto/server/refreshSession.ts +0 -72
- package/src/api/com/atproto/server/requestAccountDelete.ts +0 -66
- package/src/api/com/atproto/server/requestEmailConfirmation.ts +0 -68
- package/src/api/com/atproto/server/requestEmailUpdate.ts +0 -86
- package/src/api/com/atproto/server/requestPasswordReset.ts +0 -52
- package/src/api/com/atproto/server/reserveSigningKey.ts +0 -15
- package/src/api/com/atproto/server/resetPassword.ts +0 -50
- package/src/api/com/atproto/server/revokeAppPassword.ts +0 -42
- package/src/api/com/atproto/server/updateEmail.ts +0 -52
- package/src/api/com/atproto/server/util.ts +0 -136
- package/src/api/com/atproto/sync/deprecated/getCheckout.ts +0 -27
- package/src/api/com/atproto/sync/deprecated/getHead.ts +0 -33
- package/src/api/com/atproto/sync/getBlob.ts +0 -61
- package/src/api/com/atproto/sync/getBlocks.ts +0 -37
- package/src/api/com/atproto/sync/getLatestCommit.ts +0 -33
- package/src/api/com/atproto/sync/getRecord.ts +0 -49
- package/src/api/com/atproto/sync/getRepo.ts +0 -75
- package/src/api/com/atproto/sync/getRepoStatus.ts +0 -34
- package/src/api/com/atproto/sync/index.ts +0 -27
- package/src/api/com/atproto/sync/listBlobs.ts +0 -33
- package/src/api/com/atproto/sync/listRepos.ts +0 -74
- package/src/api/com/atproto/sync/subscribeRepos.ts +0 -73
- package/src/api/com/atproto/sync/util.ts +0 -37
- package/src/api/com/atproto/temp/checkSignupQueue.ts +0 -34
- package/src/api/com/atproto/temp/index.ts +0 -7
- package/src/api/index.ts +0 -10
- package/src/api/proxy.ts +0 -44
- package/src/app-view.ts +0 -24
- package/src/auth-output.ts +0 -52
- package/src/auth-routes.ts +0 -64
- package/src/auth-scope.ts +0 -40
- package/src/auth-verifier.ts +0 -668
- package/src/background.ts +0 -65
- package/src/basic-routes.ts +0 -52
- package/src/bsky-app-view.ts +0 -33
- package/src/config/config.ts +0 -553
- package/src/config/env.ts +0 -167
- package/src/config/index.ts +0 -3
- package/src/config/secrets.ts +0 -54
- package/src/context.ts +0 -523
- package/src/crawlers.ts +0 -46
- package/src/db/cast.ts +0 -52
- package/src/db/db.ts +0 -140
- package/src/db/index.ts +0 -4
- package/src/db/migrator.ts +0 -40
- package/src/db/pagination.ts +0 -132
- package/src/db/tables/moderation.ts +0 -80
- package/src/db/util.ts +0 -108
- package/src/did-cache/db/index.ts +0 -21
- package/src/did-cache/db/migrations.ts +0 -17
- package/src/did-cache/db/schema.ts +0 -9
- package/src/did-cache/index.ts +0 -131
- package/src/disk-blobstore.ts +0 -172
- package/src/error.ts +0 -19
- package/src/handle/explicit-slurs.ts +0 -22
- package/src/handle/index.ts +0 -49
- package/src/handle/reserved.ts +0 -1059
- package/src/image/image-url-builder.ts +0 -16
- package/src/index.ts +0 -189
- package/src/lexicons.ts +0 -4
- package/src/logger.ts +0 -35
- package/src/mailer/index.ts +0 -111
- package/src/mailer/moderation.ts +0 -33
- package/src/mailer/templates/confirm-email.d.ts +0 -4
- package/src/mailer/templates/confirm-email.hbs +0 -158
- package/src/mailer/templates/delete-account.d.ts +0 -4
- package/src/mailer/templates/delete-account.hbs +0 -156
- package/src/mailer/templates/plc-operation.d.ts +0 -4
- package/src/mailer/templates/plc-operation.hbs +0 -153
- package/src/mailer/templates/reset-password.d.ts +0 -4
- package/src/mailer/templates/reset-password.hbs +0 -154
- package/src/mailer/templates/update-email.d.ts +0 -4
- package/src/mailer/templates/update-email.hbs +0 -153
- package/src/mailer/templates.ts +0 -17
- package/src/pipethrough.ts +0 -716
- package/src/rate-limits.ts +0 -59
- package/src/read-after-write/index.ts +0 -3
- package/src/read-after-write/types.ts +0 -35
- package/src/read-after-write/util.ts +0 -101
- package/src/read-after-write/viewer.ts +0 -290
- package/src/redis.ts +0 -25
- package/src/repo/index.ts +0 -2
- package/src/repo/prepare.ts +0 -266
- package/src/repo/types.ts +0 -65
- package/src/scripts/README.md +0 -40
- package/src/scripts/index.ts +0 -20
- package/src/scripts/publish-identity.ts +0 -60
- package/src/scripts/rebuild-repo.ts +0 -119
- package/src/scripts/rotate-keys.ts +0 -146
- package/src/scripts/sequencer-recovery/index.ts +0 -23
- package/src/scripts/sequencer-recovery/recoverer.ts +0 -297
- package/src/scripts/sequencer-recovery/recovery-db.ts +0 -65
- package/src/scripts/sequencer-recovery/repair-repos.ts +0 -49
- package/src/scripts/sequencer-recovery/user-queues.ts +0 -44
- package/src/scripts/util.ts +0 -7
- package/src/sequencer/db/index.ts +0 -21
- package/src/sequencer/db/migrations/001-init.ts +0 -35
- package/src/sequencer/db/migrations/index.ts +0 -5
- package/src/sequencer/db/schema.ts +0 -19
- package/src/sequencer/events.ts +0 -199
- package/src/sequencer/index.ts +0 -3
- package/src/sequencer/outbox.ts +0 -123
- package/src/sequencer/sequencer.ts +0 -290
- package/src/util/compression.ts +0 -16
- package/src/util/debug.ts +0 -10
- package/src/util/http.ts +0 -31
- package/src/util/types.ts +0 -7
- package/src/well-known.ts +0 -30
- package/test.env +0 -2
- package/tests/__snapshots__/takedown-appeal.test.ts.snap +0 -43
- package/tests/_oauth_client_assets_middleware.ts +0 -23
- package/tests/_puppeteer.ts +0 -147
- package/tests/_types.d.ts +0 -16
- package/tests/_util.ts +0 -191
- package/tests/account-deactivation.test.ts +0 -204
- package/tests/account-deletion.test.ts +0 -300
- package/tests/account-manager.test.ts +0 -462
- package/tests/account-migration.test.ts +0 -221
- package/tests/account-status.test.ts +0 -206
- package/tests/account.test.ts +0 -595
- package/tests/app-passwords.test.ts +0 -262
- package/tests/auth.test.ts +0 -405
- package/tests/blob-deletes.test.ts +0 -204
- package/tests/create-post.test.ts +0 -79
- package/tests/crud.test.ts +0 -1595
- package/tests/db.test.ts +0 -170
- package/tests/email-confirmation.test.ts +0 -227
- package/tests/entryway-mock.ts +0 -323
- package/tests/entryway.test.ts +0 -145
- package/tests/file-uploads.test.ts +0 -301
- package/tests/get-service-auth.test.ts +0 -81
- package/tests/handle-validation.test.ts +0 -56
- package/tests/handles.test.ts +0 -274
- package/tests/invite-codes.test.ts +0 -367
- package/tests/invites-admin.test.ts +0 -252
- package/tests/moderation.test.ts +0 -280
- package/tests/moderator-auth.test.ts +0 -177
- package/tests/oauth.test.ts +0 -334
- package/tests/plc-operations.test.ts +0 -239
- package/tests/preferences.test.ts +0 -352
- package/tests/proxied/__snapshots__/admin.test.ts.snap +0 -516
- package/tests/proxied/__snapshots__/feedgen.test.ts.snap +0 -215
- package/tests/proxied/__snapshots__/views.test.ts.snap +0 -4456
- package/tests/proxied/admin.test.ts +0 -340
- package/tests/proxied/feedgen.test.ts +0 -66
- package/tests/proxied/notif.test.ts +0 -85
- package/tests/proxied/procedures.test.ts +0 -175
- package/tests/proxied/proxy-catchall.test.ts +0 -256
- package/tests/proxied/proxy-header.test.ts +0 -239
- package/tests/proxied/proxy-oauth-aud.test.ts +0 -182
- package/tests/proxied/read-after-write.test.ts +0 -382
- package/tests/proxied/views.test.ts +0 -608
- package/tests/races.test.ts +0 -89
- package/tests/rate-limits.test.ts +0 -70
- package/tests/recovery.test.ts +0 -180
- package/tests/seeds/basic.ts +0 -165
- package/tests/seeds/follows.ts +0 -57
- package/tests/seeds/likes.ts +0 -14
- package/tests/seeds/reposts.ts +0 -18
- package/tests/seeds/thread.ts +0 -40
- package/tests/seeds/users-bulk.ts +0 -246
- package/tests/seeds/users.ts +0 -67
- package/tests/sequencer.test.ts +0 -251
- package/tests/server.test.ts +0 -151
- package/tests/sync/invertible-ops.test.ts +0 -99
- package/tests/sync/list.test.ts +0 -43
- package/tests/sync/subscribe-repos.test.ts +0 -672
- package/tests/sync/sync.test.ts +0 -316
- package/tests/takedown-appeal.test.ts +0 -166
- package/tsconfig.build.json +0 -9
- package/tsconfig.build.tsbuildinfo +0 -1
- package/tsconfig.json +0 -7
- package/tsconfig.tests.json +0 -8
|
@@ -1,50 +0,0 @@
|
|
|
1
|
-
import { Server } from '@atproto/xrpc-server'
|
|
2
|
-
import { AppContext } from '../../../../context.js'
|
|
3
|
-
import { com } from '../../../../lexicons/index.js'
|
|
4
|
-
|
|
5
|
-
export default function (server: Server, ctx: AppContext) {
|
|
6
|
-
server.add(com.atproto.identity.getRecommendedDidCredentials, {
|
|
7
|
-
auth: ctx.authVerifier.authorization({
|
|
8
|
-
authorize: () => {
|
|
9
|
-
// always allow
|
|
10
|
-
},
|
|
11
|
-
}),
|
|
12
|
-
handler: async ({ auth }) => {
|
|
13
|
-
const requester = auth.credentials.did
|
|
14
|
-
const signingKey = await ctx.actorStore.keypair(requester)
|
|
15
|
-
const verificationMethods = {
|
|
16
|
-
atproto: signingKey.did(),
|
|
17
|
-
}
|
|
18
|
-
const account = await ctx.accountManager.getAccount(requester, {
|
|
19
|
-
includeDeactivated: true,
|
|
20
|
-
})
|
|
21
|
-
const alsoKnownAs = account?.handle
|
|
22
|
-
? [`at://${account.handle}`]
|
|
23
|
-
: undefined
|
|
24
|
-
|
|
25
|
-
const plcRotationKey =
|
|
26
|
-
ctx.cfg.entryway?.plcRotationKey ?? ctx.plcRotationKey.did()
|
|
27
|
-
const rotationKeys = [plcRotationKey]
|
|
28
|
-
if (ctx.cfg.identity.recoveryDidKey) {
|
|
29
|
-
rotationKeys.unshift(ctx.cfg.identity.recoveryDidKey)
|
|
30
|
-
}
|
|
31
|
-
|
|
32
|
-
const services = {
|
|
33
|
-
atproto_pds: {
|
|
34
|
-
type: 'AtprotoPersonalDataServer',
|
|
35
|
-
endpoint: ctx.cfg.service.publicUrl,
|
|
36
|
-
},
|
|
37
|
-
}
|
|
38
|
-
|
|
39
|
-
return {
|
|
40
|
-
encoding: 'application/json' as const,
|
|
41
|
-
body: {
|
|
42
|
-
alsoKnownAs,
|
|
43
|
-
verificationMethods,
|
|
44
|
-
rotationKeys,
|
|
45
|
-
services,
|
|
46
|
-
},
|
|
47
|
-
}
|
|
48
|
-
},
|
|
49
|
-
})
|
|
50
|
-
}
|
|
@@ -1,17 +0,0 @@
|
|
|
1
|
-
import { Server } from '@atproto/xrpc-server'
|
|
2
|
-
import { AppContext } from '../../../../context.js'
|
|
3
|
-
import getRecommendedDidCredentials from './getRecommendedDidCredentials.js'
|
|
4
|
-
import requestPlcOperationSignature from './requestPlcOperationSignature.js'
|
|
5
|
-
import resolveHandle from './resolveHandle.js'
|
|
6
|
-
import signPlcOperation from './signPlcOperation.js'
|
|
7
|
-
import submitPlcOperation from './submitPlcOperation.js'
|
|
8
|
-
import updateHandle from './updateHandle.js'
|
|
9
|
-
|
|
10
|
-
export default function (server: Server, ctx: AppContext) {
|
|
11
|
-
resolveHandle(server, ctx)
|
|
12
|
-
updateHandle(server, ctx)
|
|
13
|
-
getRecommendedDidCredentials(server, ctx)
|
|
14
|
-
requestPlcOperationSignature(server, ctx)
|
|
15
|
-
signPlcOperation(server, ctx)
|
|
16
|
-
submitPlcOperation(server, ctx)
|
|
17
|
-
}
|
|
@@ -1,59 +0,0 @@
|
|
|
1
|
-
import { InvalidRequestError, Server } from '@atproto/xrpc-server'
|
|
2
|
-
import { ACCESS_FULL, AuthScope } from '../../../../auth-scope.js'
|
|
3
|
-
import { AppContext } from '../../../../context.js'
|
|
4
|
-
import { com } from '../../../../lexicons/index.js'
|
|
5
|
-
|
|
6
|
-
export default function (server: Server, ctx: AppContext) {
|
|
7
|
-
const { entrywayClient } = ctx
|
|
8
|
-
|
|
9
|
-
const auth = ctx.authVerifier.authorization({
|
|
10
|
-
// @NOTE Reflect any change in signPlcOperation
|
|
11
|
-
scopes: ACCESS_FULL,
|
|
12
|
-
additional: [AuthScope.Takendown],
|
|
13
|
-
authorize: (permissions) => {
|
|
14
|
-
permissions.assertIdentity({ attr: '*' })
|
|
15
|
-
},
|
|
16
|
-
})
|
|
17
|
-
|
|
18
|
-
if (entrywayClient) {
|
|
19
|
-
// @TODO we should have a higher level way of defining these "passthrough"
|
|
20
|
-
// handlers
|
|
21
|
-
server.add(com.atproto.identity.requestPlcOperationSignature, {
|
|
22
|
-
auth,
|
|
23
|
-
handler: async ({ auth, req }) => {
|
|
24
|
-
const { headers } = await ctx.entrywayAuthHeaders(
|
|
25
|
-
req,
|
|
26
|
-
auth.credentials.did,
|
|
27
|
-
com.atproto.identity.requestPlcOperationSignature.$lxm,
|
|
28
|
-
)
|
|
29
|
-
await entrywayClient.xrpc(
|
|
30
|
-
com.atproto.identity.requestPlcOperationSignature,
|
|
31
|
-
{ headers },
|
|
32
|
-
)
|
|
33
|
-
},
|
|
34
|
-
})
|
|
35
|
-
} else {
|
|
36
|
-
server.add(com.atproto.identity.requestPlcOperationSignature, {
|
|
37
|
-
auth,
|
|
38
|
-
handler: async ({ auth }) => {
|
|
39
|
-
const did = auth.credentials.did
|
|
40
|
-
const account = await ctx.accountManager.getAccount(did, {
|
|
41
|
-
includeDeactivated: true,
|
|
42
|
-
includeTakenDown: true,
|
|
43
|
-
})
|
|
44
|
-
if (!account) {
|
|
45
|
-
throw new InvalidRequestError('account not found')
|
|
46
|
-
} else if (!account.email) {
|
|
47
|
-
throw new InvalidRequestError(
|
|
48
|
-
'account does not have an email address',
|
|
49
|
-
)
|
|
50
|
-
}
|
|
51
|
-
const token = await ctx.accountManager.createEmailToken(
|
|
52
|
-
did,
|
|
53
|
-
'plc_operation',
|
|
54
|
-
)
|
|
55
|
-
await ctx.mailer.sendPlcOperation({ token }, { to: account.email })
|
|
56
|
-
},
|
|
57
|
-
})
|
|
58
|
-
}
|
|
59
|
-
}
|
|
@@ -1,50 +0,0 @@
|
|
|
1
|
-
import { isDidString } from '@atproto/lex'
|
|
2
|
-
import { DidString } from '@atproto/syntax'
|
|
3
|
-
import { InvalidRequestError, Server } from '@atproto/xrpc-server'
|
|
4
|
-
import { AppContext } from '../../../../context.js'
|
|
5
|
-
import { baseNormalizeAndValidate } from '../../../../handle/index.js'
|
|
6
|
-
import { com } from '../../../../lexicons/index.js'
|
|
7
|
-
|
|
8
|
-
export default function (server: Server, ctx: AppContext) {
|
|
9
|
-
server.add(com.atproto.identity.resolveHandle, async ({ params }) => {
|
|
10
|
-
const handle = baseNormalizeAndValidate(params.handle)
|
|
11
|
-
|
|
12
|
-
const user = await ctx.accountManager.getAccount(handle)
|
|
13
|
-
if (user) {
|
|
14
|
-
return {
|
|
15
|
-
encoding: 'application/json' as const,
|
|
16
|
-
body: { did: user.did as DidString },
|
|
17
|
-
}
|
|
18
|
-
}
|
|
19
|
-
|
|
20
|
-
const supportedHandle = ctx.cfg.identity.serviceHandleDomains.some(
|
|
21
|
-
(host) => handle.endsWith(host) || handle === host.slice(1),
|
|
22
|
-
)
|
|
23
|
-
// this should be in our DB & we couldn't find it, so fail
|
|
24
|
-
if (supportedHandle) {
|
|
25
|
-
throw new InvalidRequestError('Unable to resolve handle')
|
|
26
|
-
}
|
|
27
|
-
|
|
28
|
-
const did: DidString = ctx.bskyAppView
|
|
29
|
-
? await ctx.bskyAppView.client
|
|
30
|
-
.call(com.atproto.identity.resolveHandle, { handle })
|
|
31
|
-
.then((r) => r.did, throwInvalidRequestError)
|
|
32
|
-
: await ctx.idResolver.handle
|
|
33
|
-
.resolve(handle)
|
|
34
|
-
.then(
|
|
35
|
-
(v) => (v && isDidString(v) ? v : throwInvalidRequestError()),
|
|
36
|
-
throwInvalidRequestError,
|
|
37
|
-
)
|
|
38
|
-
|
|
39
|
-
return {
|
|
40
|
-
encoding: 'application/json' as const,
|
|
41
|
-
body: { did },
|
|
42
|
-
}
|
|
43
|
-
})
|
|
44
|
-
}
|
|
45
|
-
|
|
46
|
-
function throwInvalidRequestError(cause?: unknown): never {
|
|
47
|
-
throw new InvalidRequestError('Unable to resolve handle', undefined, {
|
|
48
|
-
cause,
|
|
49
|
-
})
|
|
50
|
-
}
|
|
@@ -1,85 +0,0 @@
|
|
|
1
|
-
import * as plc from '@did-plc/lib'
|
|
2
|
-
import { check } from '@atproto/common'
|
|
3
|
-
import { InvalidRequestError, Server } from '@atproto/xrpc-server'
|
|
4
|
-
import { ACCESS_FULL, AuthScope } from '../../../../auth-scope.js'
|
|
5
|
-
import { AppContext } from '../../../../context.js'
|
|
6
|
-
import { com } from '../../../../lexicons/index.js'
|
|
7
|
-
|
|
8
|
-
export default function (server: Server, ctx: AppContext) {
|
|
9
|
-
const { entrywayClient } = ctx
|
|
10
|
-
|
|
11
|
-
const auth = ctx.authVerifier.authorization({
|
|
12
|
-
// @NOTE Should match auth rules from requestPlcOperationSignature
|
|
13
|
-
scopes: ACCESS_FULL,
|
|
14
|
-
additional: [AuthScope.Takendown],
|
|
15
|
-
authorize: (permissions) => {
|
|
16
|
-
permissions.assertIdentity({ attr: '*' })
|
|
17
|
-
},
|
|
18
|
-
})
|
|
19
|
-
|
|
20
|
-
if (entrywayClient) {
|
|
21
|
-
server.add(com.atproto.identity.signPlcOperation, {
|
|
22
|
-
auth,
|
|
23
|
-
handler: async ({ auth, input: { body }, req }) => {
|
|
24
|
-
const { headers } = await ctx.entrywayAuthHeaders(
|
|
25
|
-
req,
|
|
26
|
-
auth.credentials.did,
|
|
27
|
-
com.atproto.identity.signPlcOperation.$lxm,
|
|
28
|
-
)
|
|
29
|
-
|
|
30
|
-
return entrywayClient.xrpc(com.atproto.identity.signPlcOperation, {
|
|
31
|
-
headers,
|
|
32
|
-
body,
|
|
33
|
-
})
|
|
34
|
-
},
|
|
35
|
-
})
|
|
36
|
-
} else {
|
|
37
|
-
server.add(com.atproto.identity.signPlcOperation, {
|
|
38
|
-
auth,
|
|
39
|
-
handler: async ({ auth, input }) => {
|
|
40
|
-
const did = auth.credentials.did
|
|
41
|
-
const { token } = input.body
|
|
42
|
-
if (!token) {
|
|
43
|
-
throw new InvalidRequestError(
|
|
44
|
-
'email confirmation token required to sign PLC operations',
|
|
45
|
-
)
|
|
46
|
-
}
|
|
47
|
-
await ctx.accountManager.assertValidEmailTokenAndCleanup(
|
|
48
|
-
did,
|
|
49
|
-
'plc_operation',
|
|
50
|
-
token,
|
|
51
|
-
)
|
|
52
|
-
|
|
53
|
-
const lastOp = await ctx.plcClient.getLastOp(did)
|
|
54
|
-
if (check.is(lastOp, plc.def.tombstone)) {
|
|
55
|
-
throw new InvalidRequestError('Did is tombstoned')
|
|
56
|
-
}
|
|
57
|
-
const operation = await plc.createUpdateOp(
|
|
58
|
-
lastOp,
|
|
59
|
-
ctx.plcRotationKey,
|
|
60
|
-
(lastOp) => ({
|
|
61
|
-
...lastOp,
|
|
62
|
-
rotationKeys: input.body.rotationKeys ?? lastOp.rotationKeys,
|
|
63
|
-
alsoKnownAs: input.body.alsoKnownAs ?? lastOp.alsoKnownAs,
|
|
64
|
-
verificationMethods:
|
|
65
|
-
// @TODO: actually validate instead of type casting
|
|
66
|
-
(input.body.verificationMethods as
|
|
67
|
-
| undefined
|
|
68
|
-
| Record<string, string>) ?? lastOp.verificationMethods,
|
|
69
|
-
services:
|
|
70
|
-
// @TODO: actually validate instead of type casting
|
|
71
|
-
(input.body.services as
|
|
72
|
-
| undefined
|
|
73
|
-
| Record<string, { type: string; endpoint: string }>) ??
|
|
74
|
-
lastOp.services,
|
|
75
|
-
}),
|
|
76
|
-
)
|
|
77
|
-
|
|
78
|
-
return {
|
|
79
|
-
encoding: 'application/json' as const,
|
|
80
|
-
body: { operation },
|
|
81
|
-
}
|
|
82
|
-
},
|
|
83
|
-
})
|
|
84
|
-
}
|
|
85
|
-
}
|
|
@@ -1,65 +0,0 @@
|
|
|
1
|
-
import * as plc from '@did-plc/lib'
|
|
2
|
-
import { check } from '@atproto/common'
|
|
3
|
-
import { InvalidRequestError, Server } from '@atproto/xrpc-server'
|
|
4
|
-
import { AppContext } from '../../../../context.js'
|
|
5
|
-
import { com } from '../../../../lexicons/index.js'
|
|
6
|
-
import { httpLogger as log } from '../../../../logger.js'
|
|
7
|
-
|
|
8
|
-
export default function (server: Server, ctx: AppContext) {
|
|
9
|
-
server.add(com.atproto.identity.submitPlcOperation, {
|
|
10
|
-
auth: ctx.authVerifier.authorization({
|
|
11
|
-
authorize: (permissions) => {
|
|
12
|
-
permissions.assertIdentity({ attr: '*' })
|
|
13
|
-
},
|
|
14
|
-
}),
|
|
15
|
-
handler: async ({ auth, input }) => {
|
|
16
|
-
const requester = auth.credentials.did
|
|
17
|
-
const op = input.body.operation
|
|
18
|
-
|
|
19
|
-
if (!check.is(op, plc.def.operation)) {
|
|
20
|
-
throw new InvalidRequestError('Invalid operation')
|
|
21
|
-
}
|
|
22
|
-
|
|
23
|
-
const rotationKey =
|
|
24
|
-
ctx.cfg.entryway?.plcRotationKey ?? ctx.plcRotationKey.did()
|
|
25
|
-
if (!op.rotationKeys.includes(rotationKey)) {
|
|
26
|
-
throw new InvalidRequestError(
|
|
27
|
-
"Rotation keys do not include server's rotation key",
|
|
28
|
-
)
|
|
29
|
-
}
|
|
30
|
-
if (op.services['atproto_pds']?.type !== 'AtprotoPersonalDataServer') {
|
|
31
|
-
throw new InvalidRequestError('Incorrect type on atproto_pds service')
|
|
32
|
-
}
|
|
33
|
-
if (op.services['atproto_pds']?.endpoint !== ctx.cfg.service.publicUrl) {
|
|
34
|
-
throw new InvalidRequestError(
|
|
35
|
-
'Incorrect endpoint on atproto_pds service',
|
|
36
|
-
)
|
|
37
|
-
}
|
|
38
|
-
const signingKey = await ctx.actorStore.keypair(requester)
|
|
39
|
-
if (op.verificationMethods['atproto'] !== signingKey.did()) {
|
|
40
|
-
throw new InvalidRequestError('Incorrect signing key')
|
|
41
|
-
}
|
|
42
|
-
const account = await ctx.accountManager.getAccount(requester, {
|
|
43
|
-
includeDeactivated: true,
|
|
44
|
-
})
|
|
45
|
-
if (
|
|
46
|
-
account?.handle &&
|
|
47
|
-
op.alsoKnownAs.at(0) !== `at://${account.handle}`
|
|
48
|
-
) {
|
|
49
|
-
throw new InvalidRequestError('Incorrect handle in alsoKnownAs')
|
|
50
|
-
}
|
|
51
|
-
|
|
52
|
-
await ctx.plcClient.sendOperation(requester, op)
|
|
53
|
-
await ctx.sequencer.sequenceIdentity(requester)
|
|
54
|
-
|
|
55
|
-
try {
|
|
56
|
-
await ctx.idResolver.did.resolve(requester, true)
|
|
57
|
-
} catch (err) {
|
|
58
|
-
log.error(
|
|
59
|
-
{ err, did: requester },
|
|
60
|
-
'failed to refresh did after plc update',
|
|
61
|
-
)
|
|
62
|
-
}
|
|
63
|
-
},
|
|
64
|
-
})
|
|
65
|
-
}
|
|
@@ -1,66 +0,0 @@
|
|
|
1
|
-
import { DAY, MINUTE } from '@atproto/common'
|
|
2
|
-
import { MethodRateLimit, Server } from '@atproto/xrpc-server'
|
|
3
|
-
import { AccessOutput, OAuthOutput } from '../../../../auth-output.js'
|
|
4
|
-
import { AppContext } from '../../../../context.js'
|
|
5
|
-
import { com } from '../../../../lexicons/index.js'
|
|
6
|
-
|
|
7
|
-
export default function (server: Server, ctx: AppContext) {
|
|
8
|
-
const { entrywayClient } = ctx
|
|
9
|
-
|
|
10
|
-
const auth = ctx.authVerifier.authorization({
|
|
11
|
-
checkTakedown: true,
|
|
12
|
-
authorize: (permissions) => {
|
|
13
|
-
permissions.assertIdentity({ attr: 'handle' })
|
|
14
|
-
},
|
|
15
|
-
})
|
|
16
|
-
|
|
17
|
-
const rateLimit: MethodRateLimit<AccessOutput | OAuthOutput> = [
|
|
18
|
-
{
|
|
19
|
-
durationMs: 5 * MINUTE,
|
|
20
|
-
points: 10,
|
|
21
|
-
calcKey: ({ auth }) => auth.credentials.did,
|
|
22
|
-
},
|
|
23
|
-
{
|
|
24
|
-
durationMs: DAY,
|
|
25
|
-
points: 50,
|
|
26
|
-
calcKey: ({ auth }) => auth.credentials.did,
|
|
27
|
-
},
|
|
28
|
-
]
|
|
29
|
-
|
|
30
|
-
if (entrywayClient) {
|
|
31
|
-
server.add(com.atproto.identity.updateHandle, {
|
|
32
|
-
auth,
|
|
33
|
-
rateLimit,
|
|
34
|
-
handler: async ({ auth, input, req }) => {
|
|
35
|
-
const { headers } = await ctx.entrywayAuthHeaders(
|
|
36
|
-
req,
|
|
37
|
-
auth.credentials.did,
|
|
38
|
-
com.atproto.identity.updateHandle.$lxm,
|
|
39
|
-
)
|
|
40
|
-
|
|
41
|
-
// The full flow is:
|
|
42
|
-
// -> entryway(identity.updateHandle) [update handle, submit plc op]
|
|
43
|
-
// -> pds(admin.updateAccountHandle) [track handle, sequence handle update]
|
|
44
|
-
await entrywayClient.xrpc(com.atproto.identity.updateHandle, {
|
|
45
|
-
headers,
|
|
46
|
-
body: {
|
|
47
|
-
handle: input.body.handle,
|
|
48
|
-
// @ts-expect-error "did" is not in the schema
|
|
49
|
-
did: auth.credentials.did,
|
|
50
|
-
},
|
|
51
|
-
})
|
|
52
|
-
},
|
|
53
|
-
})
|
|
54
|
-
} else {
|
|
55
|
-
server.add(com.atproto.identity.updateHandle, {
|
|
56
|
-
auth,
|
|
57
|
-
rateLimit,
|
|
58
|
-
handler: async ({ auth, input }) => {
|
|
59
|
-
await ctx.accountManager.updateHandle(
|
|
60
|
-
auth.credentials.did,
|
|
61
|
-
input.body.handle,
|
|
62
|
-
)
|
|
63
|
-
},
|
|
64
|
-
})
|
|
65
|
-
}
|
|
66
|
-
}
|
|
@@ -1,19 +0,0 @@
|
|
|
1
|
-
import { Server } from '@atproto/xrpc-server'
|
|
2
|
-
import { AppContext } from '../../../context.js'
|
|
3
|
-
import admin from './admin/index.js'
|
|
4
|
-
import identity from './identity/index.js'
|
|
5
|
-
import moderation from './moderation/index.js'
|
|
6
|
-
import repo from './repo/index.js'
|
|
7
|
-
import serverMethods from './server/index.js'
|
|
8
|
-
import sync from './sync/index.js'
|
|
9
|
-
import temp from './temp/index.js'
|
|
10
|
-
|
|
11
|
-
export default function (server: Server, ctx: AppContext) {
|
|
12
|
-
admin(server, ctx)
|
|
13
|
-
identity(server, ctx)
|
|
14
|
-
moderation(server, ctx)
|
|
15
|
-
repo(server, ctx)
|
|
16
|
-
serverMethods(server, ctx)
|
|
17
|
-
sync(server, ctx)
|
|
18
|
-
temp(server, ctx)
|
|
19
|
-
}
|
|
@@ -1,41 +0,0 @@
|
|
|
1
|
-
import { xrpc } from '@atproto/lex'
|
|
2
|
-
import { Server } from '@atproto/xrpc-server'
|
|
3
|
-
import { AuthScope } from '../../../../auth-scope.js'
|
|
4
|
-
import { AppContext } from '../../../../context.js'
|
|
5
|
-
import { com } from '../../../../lexicons/index.js'
|
|
6
|
-
import { computeProxyTo, parseProxyInfo } from '../../../../pipethrough.js'
|
|
7
|
-
|
|
8
|
-
export default function (server: Server, ctx: AppContext) {
|
|
9
|
-
server.add(com.atproto.moderation.createReport, {
|
|
10
|
-
auth: ctx.authVerifier.authorization({
|
|
11
|
-
additional: [AuthScope.Takendown],
|
|
12
|
-
authorize: (permissions, { req }) => {
|
|
13
|
-
const lxm = com.atproto.moderation.createReport.$lxm
|
|
14
|
-
const aud = computeProxyTo(ctx, req, lxm)
|
|
15
|
-
permissions.assertRpc({ aud, lxm })
|
|
16
|
-
},
|
|
17
|
-
}),
|
|
18
|
-
handler: async ({ auth, params, input: { body }, req }) => {
|
|
19
|
-
const { url, did: aud } = await parseProxyInfo(
|
|
20
|
-
ctx,
|
|
21
|
-
req,
|
|
22
|
-
com.atproto.moderation.createReport.$lxm,
|
|
23
|
-
)
|
|
24
|
-
|
|
25
|
-
const { headers } = await ctx.serviceAuthHeaders(
|
|
26
|
-
auth.credentials.did,
|
|
27
|
-
aud,
|
|
28
|
-
com.atproto.moderation.createReport.$lxm,
|
|
29
|
-
)
|
|
30
|
-
|
|
31
|
-
return xrpc(url, com.atproto.moderation.createReport, {
|
|
32
|
-
validateRequest: ctx.cfg.service.devMode,
|
|
33
|
-
validateResponse: ctx.cfg.service.devMode,
|
|
34
|
-
strictResponseProcessing: ctx.cfg.service.devMode,
|
|
35
|
-
headers,
|
|
36
|
-
params,
|
|
37
|
-
body,
|
|
38
|
-
})
|
|
39
|
-
},
|
|
40
|
-
})
|
|
41
|
-
}
|
|
@@ -1,226 +0,0 @@
|
|
|
1
|
-
import { parseCid } from '@atproto/lex-data'
|
|
2
|
-
import { WriteOpAction } from '@atproto/repo'
|
|
3
|
-
import {
|
|
4
|
-
AuthRequiredError,
|
|
5
|
-
InvalidRequestError,
|
|
6
|
-
Server,
|
|
7
|
-
} from '@atproto/xrpc-server'
|
|
8
|
-
import { AppContext } from '../../../../context.js'
|
|
9
|
-
import { com } from '../../../../lexicons/index.js'
|
|
10
|
-
import { dbLogger } from '../../../../logger.js'
|
|
11
|
-
import {
|
|
12
|
-
BadCommitSwapError,
|
|
13
|
-
InvalidRecordError,
|
|
14
|
-
PreparedWrite,
|
|
15
|
-
prepareCreate,
|
|
16
|
-
prepareDelete,
|
|
17
|
-
prepareUpdate,
|
|
18
|
-
} from '../../../../repo/index.js'
|
|
19
|
-
|
|
20
|
-
const ratelimitPoints = ({
|
|
21
|
-
input,
|
|
22
|
-
}: {
|
|
23
|
-
input: com.atproto.repo.applyWrites.$Input
|
|
24
|
-
}) => {
|
|
25
|
-
let points = 0
|
|
26
|
-
for (const op of input.body.writes) {
|
|
27
|
-
if (com.atproto.repo.applyWrites.create.$isTypeOf(op)) {
|
|
28
|
-
points += 3
|
|
29
|
-
} else if (com.atproto.repo.applyWrites.update.$isTypeOf(op)) {
|
|
30
|
-
points += 2
|
|
31
|
-
} else {
|
|
32
|
-
points += 1
|
|
33
|
-
}
|
|
34
|
-
}
|
|
35
|
-
return points
|
|
36
|
-
}
|
|
37
|
-
|
|
38
|
-
export default function (server: Server, ctx: AppContext) {
|
|
39
|
-
server.add(com.atproto.repo.applyWrites, {
|
|
40
|
-
auth: ctx.authVerifier.authorization({
|
|
41
|
-
// @NOTE the "checkTakedown" and "checkDeactivated" checks are typically
|
|
42
|
-
// performed during auth. However, since this method's "repo" parameter
|
|
43
|
-
// can be a handle, we will need to fetch the account again to ensure that
|
|
44
|
-
// the handle matches the DID from the request's credentials. In order to
|
|
45
|
-
// avoid fetching the account twice (during auth, and then again in the
|
|
46
|
-
// controller), the checks are disabled here:
|
|
47
|
-
|
|
48
|
-
// checkTakedown: true,
|
|
49
|
-
// checkDeactivated: true,
|
|
50
|
-
authorize: () => {
|
|
51
|
-
// Performed in the handler as it is based on the request body
|
|
52
|
-
},
|
|
53
|
-
}),
|
|
54
|
-
|
|
55
|
-
rateLimit: [
|
|
56
|
-
{
|
|
57
|
-
name: 'repo-write-hour',
|
|
58
|
-
calcKey: ({ auth }) => auth.credentials.did,
|
|
59
|
-
calcPoints: ratelimitPoints,
|
|
60
|
-
},
|
|
61
|
-
{
|
|
62
|
-
name: 'repo-write-day',
|
|
63
|
-
calcKey: ({ auth }) => auth.credentials.did,
|
|
64
|
-
calcPoints: ratelimitPoints,
|
|
65
|
-
},
|
|
66
|
-
],
|
|
67
|
-
|
|
68
|
-
opts: {
|
|
69
|
-
jsonLimit: 1_000_000,
|
|
70
|
-
},
|
|
71
|
-
|
|
72
|
-
handler: async ({ input, auth }) => {
|
|
73
|
-
const { repo, validate, swapCommit, writes } = input.body
|
|
74
|
-
|
|
75
|
-
const account = await ctx.authVerifier.findAccount(repo, {
|
|
76
|
-
checkDeactivated: true,
|
|
77
|
-
checkTakedown: true,
|
|
78
|
-
})
|
|
79
|
-
|
|
80
|
-
const did = account.did
|
|
81
|
-
if (did !== auth.credentials.did) {
|
|
82
|
-
throw new AuthRequiredError()
|
|
83
|
-
}
|
|
84
|
-
|
|
85
|
-
if (writes.length > 200) {
|
|
86
|
-
throw new InvalidRequestError('Too many writes. Max: 200')
|
|
87
|
-
}
|
|
88
|
-
|
|
89
|
-
// Verify permission of every unique "action" / "collection" pair
|
|
90
|
-
if (auth.credentials.type === 'oauth') {
|
|
91
|
-
// @NOTE Unlike "importRepo", we do not require "action" = "*" here.
|
|
92
|
-
for (const [action, collections] of [
|
|
93
|
-
[
|
|
94
|
-
'create',
|
|
95
|
-
new Set(
|
|
96
|
-
writes
|
|
97
|
-
.filter((v) => com.atproto.repo.applyWrites.create.$isTypeOf(v))
|
|
98
|
-
.map((w) => w.collection),
|
|
99
|
-
),
|
|
100
|
-
],
|
|
101
|
-
[
|
|
102
|
-
'update',
|
|
103
|
-
new Set(
|
|
104
|
-
writes
|
|
105
|
-
.filter((v) => com.atproto.repo.applyWrites.update.$isTypeOf(v))
|
|
106
|
-
.map((w) => w.collection),
|
|
107
|
-
),
|
|
108
|
-
],
|
|
109
|
-
[
|
|
110
|
-
'delete',
|
|
111
|
-
new Set(
|
|
112
|
-
writes
|
|
113
|
-
.filter((v) => com.atproto.repo.applyWrites.delete.$isTypeOf(v))
|
|
114
|
-
.map((w) => w.collection),
|
|
115
|
-
),
|
|
116
|
-
],
|
|
117
|
-
] as const) {
|
|
118
|
-
for (const collection of collections) {
|
|
119
|
-
auth.credentials.permissions.assertRepo({ action, collection })
|
|
120
|
-
}
|
|
121
|
-
}
|
|
122
|
-
}
|
|
123
|
-
|
|
124
|
-
// @NOTE should preserve order of ts.writes for final use in response
|
|
125
|
-
let preparedWrites: PreparedWrite[]
|
|
126
|
-
try {
|
|
127
|
-
preparedWrites = await Promise.all(
|
|
128
|
-
writes.map(async (write, i) => {
|
|
129
|
-
if (com.atproto.repo.applyWrites.create.$isTypeOf(write)) {
|
|
130
|
-
return prepareCreate({
|
|
131
|
-
did,
|
|
132
|
-
collection: write.collection,
|
|
133
|
-
record: write.value,
|
|
134
|
-
rkey: write.rkey,
|
|
135
|
-
validate,
|
|
136
|
-
validationPath: ['writes', i, 'record'],
|
|
137
|
-
})
|
|
138
|
-
} else if (com.atproto.repo.applyWrites.update.$isTypeOf(write)) {
|
|
139
|
-
return prepareUpdate({
|
|
140
|
-
did,
|
|
141
|
-
collection: write.collection,
|
|
142
|
-
record: write.value,
|
|
143
|
-
rkey: write.rkey,
|
|
144
|
-
validate,
|
|
145
|
-
validationPath: ['writes', i, 'record'],
|
|
146
|
-
})
|
|
147
|
-
} else if (com.atproto.repo.applyWrites.delete.$isTypeOf(write)) {
|
|
148
|
-
return prepareDelete({
|
|
149
|
-
did,
|
|
150
|
-
collection: write.collection,
|
|
151
|
-
rkey: write.rkey,
|
|
152
|
-
})
|
|
153
|
-
} else {
|
|
154
|
-
throw new InvalidRequestError(
|
|
155
|
-
`Action not supported: ${write['$type']}`,
|
|
156
|
-
)
|
|
157
|
-
}
|
|
158
|
-
}),
|
|
159
|
-
)
|
|
160
|
-
} catch (err) {
|
|
161
|
-
if (err instanceof InvalidRecordError) {
|
|
162
|
-
throw new InvalidRequestError(err.message)
|
|
163
|
-
}
|
|
164
|
-
throw err
|
|
165
|
-
}
|
|
166
|
-
|
|
167
|
-
const swapCommitCid = swapCommit ? parseCid(swapCommit) : undefined
|
|
168
|
-
|
|
169
|
-
const commit = await ctx.actorStore.transact(did, async (actorTxn) => {
|
|
170
|
-
const commit = await actorTxn.repo
|
|
171
|
-
.processWrites(preparedWrites, swapCommitCid)
|
|
172
|
-
.catch((err) => {
|
|
173
|
-
if (err instanceof BadCommitSwapError) {
|
|
174
|
-
throw new InvalidRequestError(err.message, 'InvalidSwap')
|
|
175
|
-
} else {
|
|
176
|
-
throw err
|
|
177
|
-
}
|
|
178
|
-
})
|
|
179
|
-
|
|
180
|
-
await ctx.sequencer.sequenceCommit(did, commit)
|
|
181
|
-
return commit
|
|
182
|
-
})
|
|
183
|
-
|
|
184
|
-
await ctx.accountManager
|
|
185
|
-
.updateRepoRoot(did, commit.cid, commit.rev)
|
|
186
|
-
.catch((err) => {
|
|
187
|
-
dbLogger.error(
|
|
188
|
-
{ err, did, cid: commit.cid, rev: commit.rev },
|
|
189
|
-
'failed to update account root',
|
|
190
|
-
)
|
|
191
|
-
})
|
|
192
|
-
|
|
193
|
-
return {
|
|
194
|
-
encoding: 'application/json' as const,
|
|
195
|
-
body: {
|
|
196
|
-
commit: {
|
|
197
|
-
cid: commit.cid.toString(),
|
|
198
|
-
rev: commit.rev,
|
|
199
|
-
},
|
|
200
|
-
results: preparedWrites.map(writeToOutputResult),
|
|
201
|
-
},
|
|
202
|
-
}
|
|
203
|
-
},
|
|
204
|
-
})
|
|
205
|
-
}
|
|
206
|
-
|
|
207
|
-
const writeToOutputResult = (write: PreparedWrite) => {
|
|
208
|
-
switch (write.action) {
|
|
209
|
-
case WriteOpAction.Create:
|
|
210
|
-
return com.atproto.repo.applyWrites.createResult.$build({
|
|
211
|
-
cid: write.cid.toString(),
|
|
212
|
-
uri: write.uri.toString(),
|
|
213
|
-
validationStatus: write.validationStatus,
|
|
214
|
-
})
|
|
215
|
-
case WriteOpAction.Update:
|
|
216
|
-
return com.atproto.repo.applyWrites.updateResult.$build({
|
|
217
|
-
cid: write.cid.toString(),
|
|
218
|
-
uri: write.uri.toString(),
|
|
219
|
-
validationStatus: write.validationStatus,
|
|
220
|
-
})
|
|
221
|
-
case WriteOpAction.Delete:
|
|
222
|
-
return com.atproto.repo.applyWrites.deleteResult.$build({})
|
|
223
|
-
default:
|
|
224
|
-
throw new Error(`Unrecognized action: ${write}`)
|
|
225
|
-
}
|
|
226
|
-
}
|