@atproto/pds 0.5.12 → 0.5.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +36 -0
- package/dist/api/app/bsky/notification/index.d.ts.map +1 -1
- package/dist/api/app/bsky/notification/index.js +2 -0
- package/dist/api/app/bsky/notification/index.js.map +1 -1
- package/dist/api/app/bsky/notification/unregisterPush.d.ts +4 -0
- package/dist/api/app/bsky/notification/unregisterPush.d.ts.map +1 -0
- package/dist/api/app/bsky/notification/unregisterPush.js +48 -0
- package/dist/api/app/bsky/notification/unregisterPush.js.map +1 -0
- package/package.json +42 -38
- package/build.templates.cjs +0 -22
- package/example.env +0 -42
- package/jest.config.cjs +0 -27
- package/src/account-manager/account-manager.ts +0 -916
- package/src/account-manager/db/index.ts +0 -21
- package/src/account-manager/db/migrations/001-init.ts +0 -115
- package/src/account-manager/db/migrations/002-account-deactivation.ts +0 -17
- package/src/account-manager/db/migrations/003-privileged-app-passwords.ts +0 -12
- package/src/account-manager/db/migrations/004-oauth.ts +0 -122
- package/src/account-manager/db/migrations/005-oauth-account-management.ts +0 -136
- package/src/account-manager/db/migrations/006-oauth-permission-sets.ts +0 -20
- package/src/account-manager/db/migrations/007-lexicon-failures-index.ts +0 -14
- package/src/account-manager/db/migrations/index.ts +0 -17
- package/src/account-manager/db/schema/account-device.ts +0 -14
- package/src/account-manager/db/schema/account.ts +0 -16
- package/src/account-manager/db/schema/actor.ts +0 -17
- package/src/account-manager/db/schema/app-password.ts +0 -13
- package/src/account-manager/db/schema/authorization-request.ts +0 -30
- package/src/account-manager/db/schema/authorized-client.ts +0 -23
- package/src/account-manager/db/schema/device.ts +0 -18
- package/src/account-manager/db/schema/email-token.ts +0 -19
- package/src/account-manager/db/schema/index.ts +0 -43
- package/src/account-manager/db/schema/invite-code.ts +0 -24
- package/src/account-manager/db/schema/lexicon.ts +0 -15
- package/src/account-manager/db/schema/refresh-token.ts +0 -11
- package/src/account-manager/db/schema/repo-root.ts +0 -12
- package/src/account-manager/db/schema/token.ts +0 -38
- package/src/account-manager/db/schema/used-refresh-token.ts +0 -13
- package/src/account-manager/helpers/account-device.ts +0 -63
- package/src/account-manager/helpers/account.ts +0 -355
- package/src/account-manager/helpers/auth.ts +0 -222
- package/src/account-manager/helpers/authorization-request.ts +0 -90
- package/src/account-manager/helpers/authorized-client.ts +0 -75
- package/src/account-manager/helpers/device.ts +0 -47
- package/src/account-manager/helpers/email-token.ts +0 -87
- package/src/account-manager/helpers/invite.ts +0 -263
- package/src/account-manager/helpers/lexicon.ts +0 -67
- package/src/account-manager/helpers/password.ts +0 -136
- package/src/account-manager/helpers/repo.ts +0 -24
- package/src/account-manager/helpers/scrypt.ts +0 -53
- package/src/account-manager/helpers/token.ts +0 -158
- package/src/account-manager/helpers/used-refresh-token.ts +0 -30
- package/src/account-manager/oauth-store.ts +0 -880
- package/src/account-manager/scope-reference-getter.ts +0 -106
- package/src/actor-store/actor-store-reader.ts +0 -45
- package/src/actor-store/actor-store-resources.ts +0 -8
- package/src/actor-store/actor-store-transactor.ts +0 -31
- package/src/actor-store/actor-store-writer.ts +0 -17
- package/src/actor-store/actor-store.ts +0 -210
- package/src/actor-store/blob/reader.ts +0 -160
- package/src/actor-store/blob/transactor.ts +0 -383
- package/src/actor-store/db/index.ts +0 -20
- package/src/actor-store/db/migrations/001-init.ts +0 -105
- package/src/actor-store/db/migrations/index.ts +0 -5
- package/src/actor-store/db/schema/account-pref.ts +0 -11
- package/src/actor-store/db/schema/backlink.ts +0 -9
- package/src/actor-store/db/schema/blob.ts +0 -14
- package/src/actor-store/db/schema/index.ts +0 -23
- package/src/actor-store/db/schema/record-blob.ts +0 -8
- package/src/actor-store/db/schema/record.ts +0 -14
- package/src/actor-store/db/schema/repo-block.ts +0 -10
- package/src/actor-store/db/schema/repo-root.ts +0 -10
- package/src/actor-store/migrate.ts +0 -39
- package/src/actor-store/preference/reader.ts +0 -48
- package/src/actor-store/preference/transactor.ts +0 -55
- package/src/actor-store/preference/util.ts +0 -39
- package/src/actor-store/record/reader.ts +0 -374
- package/src/actor-store/record/transactor.ts +0 -111
- package/src/actor-store/repo/reader.ts +0 -31
- package/src/actor-store/repo/sql-repo-reader.ts +0 -150
- package/src/actor-store/repo/sql-repo-transactor.ts +0 -105
- package/src/actor-store/repo/transactor.ts +0 -227
- package/src/api/app/bsky/actor/getPreferences.ts +0 -57
- package/src/api/app/bsky/actor/getProfile.ts +0 -41
- package/src/api/app/bsky/actor/getProfiles.ts +0 -51
- package/src/api/app/bsky/actor/index.ts +0 -13
- package/src/api/app/bsky/actor/putPreferences.ts +0 -62
- package/src/api/app/bsky/feed/getActorLikes.ts +0 -63
- package/src/api/app/bsky/feed/getAuthorFeed.ts +0 -84
- package/src/api/app/bsky/feed/getFeed.ts +0 -47
- package/src/api/app/bsky/feed/getPostThread.ts +0 -251
- package/src/api/app/bsky/feed/getTimeline.ts +0 -50
- package/src/api/app/bsky/feed/index.ts +0 -15
- package/src/api/app/bsky/index.ts +0 -11
- package/src/api/app/bsky/notification/index.ts +0 -7
- package/src/api/app/bsky/notification/registerPush.ts +0 -71
- package/src/api/app/bsky/util/resolver.ts +0 -20
- package/src/api/com/atproto/admin/deleteAccount.ts +0 -22
- package/src/api/com/atproto/admin/disableAccountInvites.ts +0 -18
- package/src/api/com/atproto/admin/disableInviteCodes.ts +0 -21
- package/src/api/com/atproto/admin/enableAccountInvites.ts +0 -18
- package/src/api/com/atproto/admin/getAccountInfo.ts +0 -32
- package/src/api/com/atproto/admin/getAccountInfos.ts +0 -34
- package/src/api/com/atproto/admin/getInviteCodes.ts +0 -126
- package/src/api/com/atproto/admin/getSubjectStatus.ts +0 -76
- package/src/api/com/atproto/admin/index.ts +0 -31
- package/src/api/com/atproto/admin/sendEmail.ts +0 -47
- package/src/api/com/atproto/admin/updateAccountEmail.ts +0 -32
- package/src/api/com/atproto/admin/updateAccountHandle.ts +0 -47
- package/src/api/com/atproto/admin/updateAccountPassword.ts +0 -34
- package/src/api/com/atproto/admin/updateSubjectStatus.ts +0 -68
- package/src/api/com/atproto/admin/util.ts +0 -66
- package/src/api/com/atproto/identity/getRecommendedDidCredentials.ts +0 -50
- package/src/api/com/atproto/identity/index.ts +0 -17
- package/src/api/com/atproto/identity/requestPlcOperationSignature.ts +0 -59
- package/src/api/com/atproto/identity/resolveHandle.ts +0 -50
- package/src/api/com/atproto/identity/signPlcOperation.ts +0 -85
- package/src/api/com/atproto/identity/submitPlcOperation.ts +0 -65
- package/src/api/com/atproto/identity/updateHandle.ts +0 -66
- package/src/api/com/atproto/index.ts +0 -19
- package/src/api/com/atproto/moderation/createReport.ts +0 -41
- package/src/api/com/atproto/moderation/index.ts +0 -7
- package/src/api/com/atproto/repo/applyWrites.ts +0 -226
- package/src/api/com/atproto/repo/createRecord.ts +0 -143
- package/src/api/com/atproto/repo/deleteRecord.ts +0 -122
- package/src/api/com/atproto/repo/describeRepo.ts +0 -43
- package/src/api/com/atproto/repo/getRecord.ts +0 -40
- package/src/api/com/atproto/repo/importRepo.ts +0 -101
- package/src/api/com/atproto/repo/index.ts +0 -25
- package/src/api/com/atproto/repo/listMissingBlobs.ts +0 -29
- package/src/api/com/atproto/repo/listRecords.ts +0 -36
- package/src/api/com/atproto/repo/putRecord.ts +0 -211
- package/src/api/com/atproto/repo/uploadBlob.ts +0 -60
- package/src/api/com/atproto/server/activateAccount.ts +0 -37
- package/src/api/com/atproto/server/checkAccountStatus.ts +0 -51
- package/src/api/com/atproto/server/confirmEmail.ts +0 -39
- package/src/api/com/atproto/server/createAccount.ts +0 -327
- package/src/api/com/atproto/server/createAppPassword.ts +0 -53
- package/src/api/com/atproto/server/createInviteCode.ts +0 -38
- package/src/api/com/atproto/server/createInviteCodes.ts +0 -42
- package/src/api/com/atproto/server/createSession.ts +0 -97
- package/src/api/com/atproto/server/deactivateAccount.ts +0 -41
- package/src/api/com/atproto/server/deleteAccount.ts +0 -85
- package/src/api/com/atproto/server/deleteSession.ts +0 -23
- package/src/api/com/atproto/server/describeServer.ts +0 -29
- package/src/api/com/atproto/server/getAccountInviteCodes.ts +0 -142
- package/src/api/com/atproto/server/getServiceAuth.ts +0 -111
- package/src/api/com/atproto/server/getSession.ts +0 -80
- package/src/api/com/atproto/server/index.ts +0 -55
- package/src/api/com/atproto/server/listAppPasswords.ts +0 -45
- package/src/api/com/atproto/server/refreshSession.ts +0 -72
- package/src/api/com/atproto/server/requestAccountDelete.ts +0 -66
- package/src/api/com/atproto/server/requestEmailConfirmation.ts +0 -68
- package/src/api/com/atproto/server/requestEmailUpdate.ts +0 -86
- package/src/api/com/atproto/server/requestPasswordReset.ts +0 -52
- package/src/api/com/atproto/server/reserveSigningKey.ts +0 -15
- package/src/api/com/atproto/server/resetPassword.ts +0 -50
- package/src/api/com/atproto/server/revokeAppPassword.ts +0 -42
- package/src/api/com/atproto/server/updateEmail.ts +0 -52
- package/src/api/com/atproto/server/util.ts +0 -136
- package/src/api/com/atproto/sync/deprecated/getCheckout.ts +0 -27
- package/src/api/com/atproto/sync/deprecated/getHead.ts +0 -33
- package/src/api/com/atproto/sync/getBlob.ts +0 -61
- package/src/api/com/atproto/sync/getBlocks.ts +0 -37
- package/src/api/com/atproto/sync/getLatestCommit.ts +0 -33
- package/src/api/com/atproto/sync/getRecord.ts +0 -49
- package/src/api/com/atproto/sync/getRepo.ts +0 -75
- package/src/api/com/atproto/sync/getRepoStatus.ts +0 -34
- package/src/api/com/atproto/sync/index.ts +0 -27
- package/src/api/com/atproto/sync/listBlobs.ts +0 -33
- package/src/api/com/atproto/sync/listRepos.ts +0 -74
- package/src/api/com/atproto/sync/subscribeRepos.ts +0 -73
- package/src/api/com/atproto/sync/util.ts +0 -37
- package/src/api/com/atproto/temp/checkSignupQueue.ts +0 -34
- package/src/api/com/atproto/temp/index.ts +0 -7
- package/src/api/index.ts +0 -10
- package/src/api/proxy.ts +0 -44
- package/src/app-view.ts +0 -24
- package/src/auth-output.ts +0 -52
- package/src/auth-routes.ts +0 -64
- package/src/auth-scope.ts +0 -40
- package/src/auth-verifier.ts +0 -668
- package/src/background.ts +0 -65
- package/src/basic-routes.ts +0 -52
- package/src/bsky-app-view.ts +0 -33
- package/src/config/config.ts +0 -553
- package/src/config/env.ts +0 -167
- package/src/config/index.ts +0 -3
- package/src/config/secrets.ts +0 -54
- package/src/context.ts +0 -523
- package/src/crawlers.ts +0 -46
- package/src/db/cast.ts +0 -52
- package/src/db/db.ts +0 -140
- package/src/db/index.ts +0 -4
- package/src/db/migrator.ts +0 -40
- package/src/db/pagination.ts +0 -132
- package/src/db/tables/moderation.ts +0 -80
- package/src/db/util.ts +0 -108
- package/src/did-cache/db/index.ts +0 -21
- package/src/did-cache/db/migrations.ts +0 -17
- package/src/did-cache/db/schema.ts +0 -9
- package/src/did-cache/index.ts +0 -131
- package/src/disk-blobstore.ts +0 -172
- package/src/error.ts +0 -19
- package/src/handle/explicit-slurs.ts +0 -22
- package/src/handle/index.ts +0 -49
- package/src/handle/reserved.ts +0 -1059
- package/src/image/image-url-builder.ts +0 -16
- package/src/index.ts +0 -189
- package/src/lexicons.ts +0 -4
- package/src/logger.ts +0 -35
- package/src/mailer/index.ts +0 -111
- package/src/mailer/moderation.ts +0 -33
- package/src/mailer/templates/confirm-email.d.ts +0 -4
- package/src/mailer/templates/confirm-email.hbs +0 -158
- package/src/mailer/templates/delete-account.d.ts +0 -4
- package/src/mailer/templates/delete-account.hbs +0 -156
- package/src/mailer/templates/plc-operation.d.ts +0 -4
- package/src/mailer/templates/plc-operation.hbs +0 -153
- package/src/mailer/templates/reset-password.d.ts +0 -4
- package/src/mailer/templates/reset-password.hbs +0 -154
- package/src/mailer/templates/update-email.d.ts +0 -4
- package/src/mailer/templates/update-email.hbs +0 -153
- package/src/mailer/templates.ts +0 -17
- package/src/pipethrough.ts +0 -716
- package/src/rate-limits.ts +0 -59
- package/src/read-after-write/index.ts +0 -3
- package/src/read-after-write/types.ts +0 -35
- package/src/read-after-write/util.ts +0 -101
- package/src/read-after-write/viewer.ts +0 -290
- package/src/redis.ts +0 -25
- package/src/repo/index.ts +0 -2
- package/src/repo/prepare.ts +0 -266
- package/src/repo/types.ts +0 -65
- package/src/scripts/README.md +0 -40
- package/src/scripts/index.ts +0 -20
- package/src/scripts/publish-identity.ts +0 -60
- package/src/scripts/rebuild-repo.ts +0 -119
- package/src/scripts/rotate-keys.ts +0 -146
- package/src/scripts/sequencer-recovery/index.ts +0 -23
- package/src/scripts/sequencer-recovery/recoverer.ts +0 -297
- package/src/scripts/sequencer-recovery/recovery-db.ts +0 -65
- package/src/scripts/sequencer-recovery/repair-repos.ts +0 -49
- package/src/scripts/sequencer-recovery/user-queues.ts +0 -44
- package/src/scripts/util.ts +0 -7
- package/src/sequencer/db/index.ts +0 -21
- package/src/sequencer/db/migrations/001-init.ts +0 -35
- package/src/sequencer/db/migrations/index.ts +0 -5
- package/src/sequencer/db/schema.ts +0 -19
- package/src/sequencer/events.ts +0 -199
- package/src/sequencer/index.ts +0 -3
- package/src/sequencer/outbox.ts +0 -123
- package/src/sequencer/sequencer.ts +0 -290
- package/src/util/compression.ts +0 -16
- package/src/util/debug.ts +0 -10
- package/src/util/http.ts +0 -31
- package/src/util/types.ts +0 -7
- package/src/well-known.ts +0 -30
- package/test.env +0 -2
- package/tests/__snapshots__/takedown-appeal.test.ts.snap +0 -43
- package/tests/_oauth_client_assets_middleware.ts +0 -23
- package/tests/_puppeteer.ts +0 -147
- package/tests/_types.d.ts +0 -16
- package/tests/_util.ts +0 -191
- package/tests/account-deactivation.test.ts +0 -204
- package/tests/account-deletion.test.ts +0 -300
- package/tests/account-manager.test.ts +0 -462
- package/tests/account-migration.test.ts +0 -221
- package/tests/account-status.test.ts +0 -206
- package/tests/account.test.ts +0 -595
- package/tests/app-passwords.test.ts +0 -262
- package/tests/auth.test.ts +0 -405
- package/tests/blob-deletes.test.ts +0 -204
- package/tests/create-post.test.ts +0 -79
- package/tests/crud.test.ts +0 -1595
- package/tests/db.test.ts +0 -170
- package/tests/email-confirmation.test.ts +0 -227
- package/tests/entryway-mock.ts +0 -323
- package/tests/entryway.test.ts +0 -145
- package/tests/file-uploads.test.ts +0 -301
- package/tests/get-service-auth.test.ts +0 -81
- package/tests/handle-validation.test.ts +0 -56
- package/tests/handles.test.ts +0 -274
- package/tests/invite-codes.test.ts +0 -367
- package/tests/invites-admin.test.ts +0 -252
- package/tests/moderation.test.ts +0 -280
- package/tests/moderator-auth.test.ts +0 -177
- package/tests/oauth.test.ts +0 -334
- package/tests/plc-operations.test.ts +0 -239
- package/tests/preferences.test.ts +0 -352
- package/tests/proxied/__snapshots__/admin.test.ts.snap +0 -516
- package/tests/proxied/__snapshots__/feedgen.test.ts.snap +0 -215
- package/tests/proxied/__snapshots__/views.test.ts.snap +0 -4456
- package/tests/proxied/admin.test.ts +0 -340
- package/tests/proxied/feedgen.test.ts +0 -66
- package/tests/proxied/notif.test.ts +0 -85
- package/tests/proxied/procedures.test.ts +0 -175
- package/tests/proxied/proxy-catchall.test.ts +0 -256
- package/tests/proxied/proxy-header.test.ts +0 -239
- package/tests/proxied/proxy-oauth-aud.test.ts +0 -182
- package/tests/proxied/read-after-write.test.ts +0 -382
- package/tests/proxied/views.test.ts +0 -608
- package/tests/races.test.ts +0 -89
- package/tests/rate-limits.test.ts +0 -70
- package/tests/recovery.test.ts +0 -180
- package/tests/seeds/basic.ts +0 -165
- package/tests/seeds/follows.ts +0 -57
- package/tests/seeds/likes.ts +0 -14
- package/tests/seeds/reposts.ts +0 -18
- package/tests/seeds/thread.ts +0 -40
- package/tests/seeds/users-bulk.ts +0 -246
- package/tests/seeds/users.ts +0 -67
- package/tests/sequencer.test.ts +0 -251
- package/tests/server.test.ts +0 -151
- package/tests/sync/invertible-ops.test.ts +0 -99
- package/tests/sync/list.test.ts +0 -43
- package/tests/sync/subscribe-repos.test.ts +0 -672
- package/tests/sync/sync.test.ts +0 -316
- package/tests/takedown-appeal.test.ts +0 -166
- package/tsconfig.build.json +0 -9
- package/tsconfig.build.tsbuildinfo +0 -1
- package/tsconfig.json +0 -7
- package/tsconfig.tests.json +0 -8
|
@@ -1,33 +0,0 @@
|
|
|
1
|
-
import { InvalidRequestError, Server } from '@atproto/xrpc-server'
|
|
2
|
-
import { isUserOrAdmin } from '../../../../auth-verifier.js'
|
|
3
|
-
import { AppContext } from '../../../../context.js'
|
|
4
|
-
import { com } from '../../../../lexicons/index.js'
|
|
5
|
-
import { assertRepoAvailability } from './util.js'
|
|
6
|
-
|
|
7
|
-
export default function (server: Server, ctx: AppContext) {
|
|
8
|
-
server.add(com.atproto.sync.getLatestCommit, {
|
|
9
|
-
auth: ctx.authVerifier.authorizationOrAdminTokenOptional({
|
|
10
|
-
authorize: () => {
|
|
11
|
-
// always allow
|
|
12
|
-
},
|
|
13
|
-
}),
|
|
14
|
-
handler: async ({ params, auth }) => {
|
|
15
|
-
const { did } = params
|
|
16
|
-
await assertRepoAvailability(ctx, did, isUserOrAdmin(auth, did))
|
|
17
|
-
|
|
18
|
-
const root = await ctx.actorStore.read(did, (store) =>
|
|
19
|
-
store.repo.storage.getRootDetailed(),
|
|
20
|
-
)
|
|
21
|
-
if (root === null) {
|
|
22
|
-
throw new InvalidRequestError(
|
|
23
|
-
`Could not find root for DID: ${did}`,
|
|
24
|
-
'RepoNotFound',
|
|
25
|
-
)
|
|
26
|
-
}
|
|
27
|
-
return {
|
|
28
|
-
encoding: 'application/json' as const,
|
|
29
|
-
body: { cid: root.cid.toString(), rev: root.rev },
|
|
30
|
-
}
|
|
31
|
-
},
|
|
32
|
-
})
|
|
33
|
-
}
|
|
@@ -1,49 +0,0 @@
|
|
|
1
|
-
import stream from 'node:stream'
|
|
2
|
-
import { byteIterableToStream } from '@atproto/common'
|
|
3
|
-
import * as repo from '@atproto/repo'
|
|
4
|
-
import { InvalidRequestError, Server } from '@atproto/xrpc-server'
|
|
5
|
-
import { SqlRepoReader } from '../../../../actor-store/repo/sql-repo-reader.js'
|
|
6
|
-
import { isUserOrAdmin } from '../../../../auth-verifier.js'
|
|
7
|
-
import { AppContext } from '../../../../context.js'
|
|
8
|
-
import { com } from '../../../../lexicons/index.js'
|
|
9
|
-
import { assertRepoAvailability } from './util.js'
|
|
10
|
-
|
|
11
|
-
export default function (server: Server, ctx: AppContext) {
|
|
12
|
-
server.add(com.atproto.sync.getRecord, {
|
|
13
|
-
auth: ctx.authVerifier.authorizationOrAdminTokenOptional({
|
|
14
|
-
authorize: () => {
|
|
15
|
-
// always allow
|
|
16
|
-
},
|
|
17
|
-
}),
|
|
18
|
-
handler: async ({ params, auth }) => {
|
|
19
|
-
const { did, collection, rkey } = params
|
|
20
|
-
await assertRepoAvailability(ctx, did, isUserOrAdmin(auth, did))
|
|
21
|
-
|
|
22
|
-
// must open up the db outside of store interface so that we can close the file handle after finished streaming
|
|
23
|
-
const actorDb = await ctx.actorStore.openDb(did)
|
|
24
|
-
|
|
25
|
-
let carStream: stream.Readable
|
|
26
|
-
try {
|
|
27
|
-
const storage = new SqlRepoReader(actorDb)
|
|
28
|
-
const commit = await storage.getRoot()
|
|
29
|
-
|
|
30
|
-
if (!commit) {
|
|
31
|
-
throw new InvalidRequestError(`Could not find repo for DID: ${did}`)
|
|
32
|
-
}
|
|
33
|
-
const carIter = repo.getRecords(storage, commit, [{ collection, rkey }])
|
|
34
|
-
carStream = byteIterableToStream(carIter)
|
|
35
|
-
} catch (err) {
|
|
36
|
-
actorDb.close()
|
|
37
|
-
throw err
|
|
38
|
-
}
|
|
39
|
-
const closeDb = () => actorDb.close()
|
|
40
|
-
carStream.on('error', closeDb)
|
|
41
|
-
carStream.on('close', closeDb)
|
|
42
|
-
|
|
43
|
-
return {
|
|
44
|
-
encoding: 'application/vnd.ipld.car' as const,
|
|
45
|
-
body: carStream,
|
|
46
|
-
}
|
|
47
|
-
},
|
|
48
|
-
})
|
|
49
|
-
}
|
|
@@ -1,75 +0,0 @@
|
|
|
1
|
-
import stream from 'node:stream'
|
|
2
|
-
import {
|
|
3
|
-
MINUTE,
|
|
4
|
-
byteIterableToStream,
|
|
5
|
-
coalesceByteStream,
|
|
6
|
-
} from '@atproto/common'
|
|
7
|
-
import { InvalidRequestError, Server } from '@atproto/xrpc-server'
|
|
8
|
-
import {
|
|
9
|
-
RepoRootNotFoundError,
|
|
10
|
-
SqlRepoReader,
|
|
11
|
-
} from '../../../../actor-store/repo/sql-repo-reader.js'
|
|
12
|
-
import { AuthScope } from '../../../../auth-scope.js'
|
|
13
|
-
import { isUserOrAdmin } from '../../../../auth-verifier.js'
|
|
14
|
-
import { AppContext } from '../../../../context.js'
|
|
15
|
-
import { com } from '../../../../lexicons/index.js'
|
|
16
|
-
import { assertRepoAvailability } from './util.js'
|
|
17
|
-
|
|
18
|
-
const CAR_STREAM_CHUNK_SIZE = 64 * 1024
|
|
19
|
-
|
|
20
|
-
export default function (server: Server, ctx: AppContext) {
|
|
21
|
-
server.add(com.atproto.sync.getRepo, {
|
|
22
|
-
auth: ctx.authVerifier.authorizationOrAdminTokenOptional({
|
|
23
|
-
additional: [AuthScope.Takendown],
|
|
24
|
-
authorize: () => {
|
|
25
|
-
// always allow
|
|
26
|
-
},
|
|
27
|
-
}),
|
|
28
|
-
rateLimit: {
|
|
29
|
-
durationMs: 5 * MINUTE,
|
|
30
|
-
points: 6000,
|
|
31
|
-
},
|
|
32
|
-
handler: async ({ req, params, auth }) => {
|
|
33
|
-
const { did, since } = params
|
|
34
|
-
await assertRepoAvailability(ctx, did, isUserOrAdmin(auth, did))
|
|
35
|
-
|
|
36
|
-
const carStream = await getCarStream(ctx, did, since)
|
|
37
|
-
|
|
38
|
-
return {
|
|
39
|
-
encoding: 'application/vnd.ipld.car' as const,
|
|
40
|
-
// @NOTE If the client asked for compression (via "accept-encoding"), we
|
|
41
|
-
// coalesce the CAR stream into larger chunks to improve compression
|
|
42
|
-
// efficiency. See https://github.com/bluesky-social/atproto/pull/5078
|
|
43
|
-
//
|
|
44
|
-
// @TODO This would be better handled by xrpc-server and/or the
|
|
45
|
-
// compression middleware instead of manually coalescing the stream.
|
|
46
|
-
body: req.headers['accept-encoding']
|
|
47
|
-
? coalesceByteStream(carStream, CAR_STREAM_CHUNK_SIZE)
|
|
48
|
-
: carStream,
|
|
49
|
-
}
|
|
50
|
-
},
|
|
51
|
-
})
|
|
52
|
-
}
|
|
53
|
-
|
|
54
|
-
export const getCarStream = async (
|
|
55
|
-
ctx: AppContext,
|
|
56
|
-
did: string,
|
|
57
|
-
since?: string,
|
|
58
|
-
): Promise<stream.Readable> => {
|
|
59
|
-
const actorDb = await ctx.actorStore.openDb(did)
|
|
60
|
-
try {
|
|
61
|
-
const storage = new SqlRepoReader(actorDb)
|
|
62
|
-
const carIter = await storage.getCarStream(since)
|
|
63
|
-
const carStream = byteIterableToStream(carIter)
|
|
64
|
-
const closeDb = () => actorDb.close()
|
|
65
|
-
carStream.on('error', closeDb)
|
|
66
|
-
carStream.on('close', closeDb)
|
|
67
|
-
return carStream
|
|
68
|
-
} catch (err) {
|
|
69
|
-
await actorDb.close()
|
|
70
|
-
if (err instanceof RepoRootNotFoundError) {
|
|
71
|
-
throw new InvalidRequestError(`Could not find repo for DID: ${did}`)
|
|
72
|
-
}
|
|
73
|
-
throw err
|
|
74
|
-
}
|
|
75
|
-
}
|
|
@@ -1,34 +0,0 @@
|
|
|
1
|
-
import { Server } from '@atproto/xrpc-server'
|
|
2
|
-
import { formatAccountStatus } from '../../../../account-manager/account-manager.js'
|
|
3
|
-
import { AppContext } from '../../../../context.js'
|
|
4
|
-
import { com } from '../../../../lexicons/index.js'
|
|
5
|
-
import { assertRepoAvailability } from './util.js'
|
|
6
|
-
|
|
7
|
-
export default function (server: Server, ctx: AppContext) {
|
|
8
|
-
server.add(com.atproto.sync.getRepoStatus, {
|
|
9
|
-
handler: async ({ params }) => {
|
|
10
|
-
const { did } = params
|
|
11
|
-
const account = await assertRepoAvailability(ctx, did, true)
|
|
12
|
-
|
|
13
|
-
const { active, status } = formatAccountStatus(account)
|
|
14
|
-
|
|
15
|
-
let rev: string | undefined = undefined
|
|
16
|
-
if (active) {
|
|
17
|
-
const root = await ctx.actorStore.read(did, (store) =>
|
|
18
|
-
store.repo.storage.getRootDetailed(),
|
|
19
|
-
)
|
|
20
|
-
rev = root.rev
|
|
21
|
-
}
|
|
22
|
-
|
|
23
|
-
return {
|
|
24
|
-
encoding: 'application/json' as const,
|
|
25
|
-
body: {
|
|
26
|
-
did,
|
|
27
|
-
active,
|
|
28
|
-
status,
|
|
29
|
-
rev,
|
|
30
|
-
},
|
|
31
|
-
}
|
|
32
|
-
},
|
|
33
|
-
})
|
|
34
|
-
}
|
|
@@ -1,27 +0,0 @@
|
|
|
1
|
-
import { Server } from '@atproto/xrpc-server'
|
|
2
|
-
import { AppContext } from '../../../../context.js'
|
|
3
|
-
import getCheckout from './deprecated/getCheckout.js'
|
|
4
|
-
import getHead from './deprecated/getHead.js'
|
|
5
|
-
import getBlob from './getBlob.js'
|
|
6
|
-
import getBlocks from './getBlocks.js'
|
|
7
|
-
import getLatestCommit from './getLatestCommit.js'
|
|
8
|
-
import getRecord from './getRecord.js'
|
|
9
|
-
import getRepo from './getRepo.js'
|
|
10
|
-
import getRepoStatus from './getRepoStatus.js'
|
|
11
|
-
import listBlobs from './listBlobs.js'
|
|
12
|
-
import listRepos from './listRepos.js'
|
|
13
|
-
import subscribeRepos from './subscribeRepos.js'
|
|
14
|
-
|
|
15
|
-
export default function (server: Server, ctx: AppContext) {
|
|
16
|
-
getBlob(server, ctx)
|
|
17
|
-
getBlocks(server, ctx)
|
|
18
|
-
getLatestCommit(server, ctx)
|
|
19
|
-
getRepoStatus(server, ctx)
|
|
20
|
-
getRecord(server, ctx)
|
|
21
|
-
getRepo(server, ctx)
|
|
22
|
-
subscribeRepos(server, ctx)
|
|
23
|
-
listBlobs(server, ctx)
|
|
24
|
-
listRepos(server, ctx)
|
|
25
|
-
getCheckout(server, ctx)
|
|
26
|
-
getHead(server, ctx)
|
|
27
|
-
}
|
|
@@ -1,33 +0,0 @@
|
|
|
1
|
-
import { Server } from '@atproto/xrpc-server'
|
|
2
|
-
import { AuthScope } from '../../../../auth-scope.js'
|
|
3
|
-
import { isUserOrAdmin } from '../../../../auth-verifier.js'
|
|
4
|
-
import { AppContext } from '../../../../context.js'
|
|
5
|
-
import { com } from '../../../../lexicons/index.js'
|
|
6
|
-
import { assertRepoAvailability } from './util.js'
|
|
7
|
-
|
|
8
|
-
export default function (server: Server, ctx: AppContext) {
|
|
9
|
-
server.add(com.atproto.sync.listBlobs, {
|
|
10
|
-
auth: ctx.authVerifier.authorizationOrAdminTokenOptional({
|
|
11
|
-
additional: [AuthScope.Takendown],
|
|
12
|
-
authorize: () => {
|
|
13
|
-
// always allow
|
|
14
|
-
},
|
|
15
|
-
}),
|
|
16
|
-
handler: async ({ params, auth }) => {
|
|
17
|
-
const { did, since, limit, cursor } = params
|
|
18
|
-
await assertRepoAvailability(ctx, did, isUserOrAdmin(auth, did))
|
|
19
|
-
|
|
20
|
-
const blobCids = await ctx.actorStore.read(did, (store) =>
|
|
21
|
-
store.repo.blob.listBlobs({ since, limit, cursor }),
|
|
22
|
-
)
|
|
23
|
-
|
|
24
|
-
return {
|
|
25
|
-
encoding: 'application/json' as const,
|
|
26
|
-
body: {
|
|
27
|
-
cursor: blobCids.at(-1),
|
|
28
|
-
cids: blobCids,
|
|
29
|
-
},
|
|
30
|
-
}
|
|
31
|
-
},
|
|
32
|
-
})
|
|
33
|
-
}
|
|
@@ -1,74 +0,0 @@
|
|
|
1
|
-
import { InvalidRequestError, Server } from '@atproto/xrpc-server'
|
|
2
|
-
import { formatAccountStatus } from '../../../../account-manager/account-manager.js'
|
|
3
|
-
import { AppContext } from '../../../../context.js'
|
|
4
|
-
import { Cursor, GenericKeyset, paginate } from '../../../../db/pagination.js'
|
|
5
|
-
import { com } from '../../../../lexicons/index.js'
|
|
6
|
-
|
|
7
|
-
export default function (server: Server, ctx: AppContext) {
|
|
8
|
-
server.add(com.atproto.sync.listRepos, async ({ params }) => {
|
|
9
|
-
const { limit, cursor } = params
|
|
10
|
-
const db = ctx.accountManager.db
|
|
11
|
-
const { ref } = db.db.dynamic
|
|
12
|
-
let builder = db.db
|
|
13
|
-
.selectFrom('actor')
|
|
14
|
-
.innerJoin('repo_root', 'repo_root.did', 'actor.did')
|
|
15
|
-
.select([
|
|
16
|
-
'actor.did as did',
|
|
17
|
-
'repo_root.cid as head',
|
|
18
|
-
'repo_root.rev as rev',
|
|
19
|
-
'actor.createdAt as createdAt',
|
|
20
|
-
'actor.deactivatedAt as deactivatedAt',
|
|
21
|
-
'actor.takedownRef as takedownRef',
|
|
22
|
-
])
|
|
23
|
-
const keyset = new TimeDidKeyset(ref('actor.createdAt'), ref('actor.did'))
|
|
24
|
-
builder = paginate(builder, {
|
|
25
|
-
limit,
|
|
26
|
-
cursor,
|
|
27
|
-
keyset,
|
|
28
|
-
direction: 'asc',
|
|
29
|
-
tryIndex: true,
|
|
30
|
-
})
|
|
31
|
-
const res = await builder.execute()
|
|
32
|
-
const repos = res.map((row): com.atproto.sync.listRepos.Repo => {
|
|
33
|
-
const { active, status } = formatAccountStatus(row)
|
|
34
|
-
return {
|
|
35
|
-
did: row.did,
|
|
36
|
-
head: row.head,
|
|
37
|
-
rev: row.rev ?? '',
|
|
38
|
-
active,
|
|
39
|
-
status,
|
|
40
|
-
}
|
|
41
|
-
})
|
|
42
|
-
return {
|
|
43
|
-
encoding: 'application/json' as const,
|
|
44
|
-
body: {
|
|
45
|
-
cursor: keyset.packFromResult(res),
|
|
46
|
-
repos,
|
|
47
|
-
},
|
|
48
|
-
}
|
|
49
|
-
})
|
|
50
|
-
}
|
|
51
|
-
|
|
52
|
-
type TimeDidResult = { createdAt: string; did: string }
|
|
53
|
-
|
|
54
|
-
export class TimeDidKeyset extends GenericKeyset<TimeDidResult, Cursor> {
|
|
55
|
-
labelResult(result: TimeDidResult): Cursor {
|
|
56
|
-
return { primary: result.createdAt, secondary: result.did }
|
|
57
|
-
}
|
|
58
|
-
labeledResultToCursor(labeled: Cursor) {
|
|
59
|
-
return {
|
|
60
|
-
primary: new Date(labeled.primary).getTime().toString(),
|
|
61
|
-
secondary: labeled.secondary,
|
|
62
|
-
}
|
|
63
|
-
}
|
|
64
|
-
cursorToLabeledResult(cursor: Cursor) {
|
|
65
|
-
const primaryDate = new Date(parseInt(cursor.primary, 10))
|
|
66
|
-
if (isNaN(primaryDate.getTime())) {
|
|
67
|
-
throw new InvalidRequestError('Malformed cursor')
|
|
68
|
-
}
|
|
69
|
-
return {
|
|
70
|
-
primary: primaryDate.toISOString(),
|
|
71
|
-
secondary: cursor.secondary,
|
|
72
|
-
}
|
|
73
|
-
}
|
|
74
|
-
}
|
|
@@ -1,73 +0,0 @@
|
|
|
1
|
-
import { InvalidRequestError, Server } from '@atproto/xrpc-server'
|
|
2
|
-
import { AppContext } from '../../../../context.js'
|
|
3
|
-
import { com } from '../../../../lexicons/index.js'
|
|
4
|
-
import { httpLogger } from '../../../../logger.js'
|
|
5
|
-
import { Outbox } from '../../../../sequencer/outbox.js'
|
|
6
|
-
|
|
7
|
-
export default function (server: Server, ctx: AppContext) {
|
|
8
|
-
server.add(
|
|
9
|
-
com.atproto.sync.subscribeRepos,
|
|
10
|
-
async function* ({
|
|
11
|
-
params,
|
|
12
|
-
signal,
|
|
13
|
-
}): AsyncGenerator<com.atproto.sync.subscribeRepos.$Message> {
|
|
14
|
-
const { cursor } = params
|
|
15
|
-
const outbox = new Outbox(ctx.sequencer, {
|
|
16
|
-
maxBufferSize: ctx.cfg.subscription.maxBuffer,
|
|
17
|
-
})
|
|
18
|
-
httpLogger.info({ cursor }, 'request to com.atproto.sync.subscribeRepos')
|
|
19
|
-
|
|
20
|
-
const backfillTime = new Date(
|
|
21
|
-
Date.now() - ctx.cfg.subscription.repoBackfillLimitMs,
|
|
22
|
-
).toISOString()
|
|
23
|
-
let outboxCursor: number | undefined = undefined
|
|
24
|
-
if (cursor !== undefined) {
|
|
25
|
-
const [next, curr] = await Promise.all([
|
|
26
|
-
ctx.sequencer.next(cursor),
|
|
27
|
-
ctx.sequencer.curr(),
|
|
28
|
-
])
|
|
29
|
-
if (cursor > (curr ?? 0)) {
|
|
30
|
-
throw new InvalidRequestError('Cursor in the future.', 'FutureCursor')
|
|
31
|
-
} else if (next && next.sequencedAt < backfillTime) {
|
|
32
|
-
// if cursor is before backfill time, find earliest cursor from backfill window
|
|
33
|
-
yield com.atproto.sync.subscribeRepos.info.$build({
|
|
34
|
-
name: 'OutdatedCursor',
|
|
35
|
-
message: 'Requested cursor exceeded limit. Possibly missing events',
|
|
36
|
-
})
|
|
37
|
-
const startEvt = await ctx.sequencer.earliestAfterTime(backfillTime)
|
|
38
|
-
outboxCursor = startEvt?.seq ? startEvt.seq - 1 : undefined
|
|
39
|
-
} else {
|
|
40
|
-
outboxCursor = cursor
|
|
41
|
-
}
|
|
42
|
-
}
|
|
43
|
-
|
|
44
|
-
for await (const evt of outbox.events(outboxCursor, signal)) {
|
|
45
|
-
if (evt.type === 'commit') {
|
|
46
|
-
yield com.atproto.sync.subscribeRepos.commit.$build({
|
|
47
|
-
seq: evt.seq,
|
|
48
|
-
time: evt.time,
|
|
49
|
-
...evt.evt,
|
|
50
|
-
})
|
|
51
|
-
} else if (evt.type === 'sync') {
|
|
52
|
-
yield com.atproto.sync.subscribeRepos.sync.$build({
|
|
53
|
-
seq: evt.seq,
|
|
54
|
-
time: evt.time,
|
|
55
|
-
...evt.evt,
|
|
56
|
-
})
|
|
57
|
-
} else if (evt.type === 'identity') {
|
|
58
|
-
yield com.atproto.sync.subscribeRepos.identity.$build({
|
|
59
|
-
seq: evt.seq,
|
|
60
|
-
time: evt.time,
|
|
61
|
-
...evt.evt,
|
|
62
|
-
})
|
|
63
|
-
} else if (evt.type === 'account') {
|
|
64
|
-
yield com.atproto.sync.subscribeRepos.account.$build({
|
|
65
|
-
seq: evt.seq,
|
|
66
|
-
time: evt.time,
|
|
67
|
-
...evt.evt,
|
|
68
|
-
})
|
|
69
|
-
}
|
|
70
|
-
}
|
|
71
|
-
},
|
|
72
|
-
)
|
|
73
|
-
}
|
|
@@ -1,37 +0,0 @@
|
|
|
1
|
-
import { AtIdentifierString } from '@atproto/syntax'
|
|
2
|
-
import { InvalidRequestError } from '@atproto/xrpc-server'
|
|
3
|
-
import { ActorAccount } from '../../../../account-manager/helpers/account.js'
|
|
4
|
-
import { AppContext } from '../../../../context.js'
|
|
5
|
-
|
|
6
|
-
export const assertRepoAvailability = async (
|
|
7
|
-
ctx: AppContext,
|
|
8
|
-
handleOrDid: AtIdentifierString,
|
|
9
|
-
isAdminOrSelf: boolean,
|
|
10
|
-
): Promise<ActorAccount> => {
|
|
11
|
-
const account = await ctx.accountManager.getAccount(handleOrDid, {
|
|
12
|
-
includeDeactivated: true,
|
|
13
|
-
includeTakenDown: true,
|
|
14
|
-
})
|
|
15
|
-
if (!account) {
|
|
16
|
-
throw new InvalidRequestError(
|
|
17
|
-
`Could not find repo for DID: ${handleOrDid}`,
|
|
18
|
-
'RepoNotFound',
|
|
19
|
-
)
|
|
20
|
-
}
|
|
21
|
-
if (isAdminOrSelf) {
|
|
22
|
-
return account
|
|
23
|
-
}
|
|
24
|
-
if (account.takedownRef) {
|
|
25
|
-
throw new InvalidRequestError(
|
|
26
|
-
`Repo has been takendown: ${handleOrDid}`,
|
|
27
|
-
'RepoTakendown',
|
|
28
|
-
)
|
|
29
|
-
}
|
|
30
|
-
if (account.deactivatedAt) {
|
|
31
|
-
throw new InvalidRequestError(
|
|
32
|
-
`Repo has been deactivated: ${handleOrDid}`,
|
|
33
|
-
'RepoDeactivated',
|
|
34
|
-
)
|
|
35
|
-
}
|
|
36
|
-
return account
|
|
37
|
-
}
|
|
@@ -1,34 +0,0 @@
|
|
|
1
|
-
import { ForbiddenError, Server } from '@atproto/xrpc-server'
|
|
2
|
-
import { AuthScope } from '../../../../auth-scope.js'
|
|
3
|
-
import { AppContext } from '../../../../context.js'
|
|
4
|
-
import { com } from '../../../../lexicons/index.js'
|
|
5
|
-
|
|
6
|
-
// THIS IS A TEMPORARY UNSPECCED ROUTE
|
|
7
|
-
export default function (server: Server, ctx: AppContext) {
|
|
8
|
-
server.add(com.atproto.temp.checkSignupQueue, {
|
|
9
|
-
auth: ctx.authVerifier.authorization({
|
|
10
|
-
additional: [AuthScope.SignupQueued],
|
|
11
|
-
authorize: () => {
|
|
12
|
-
throw new ForbiddenError(
|
|
13
|
-
'OAuth credentials are not supported for this endpoint',
|
|
14
|
-
)
|
|
15
|
-
},
|
|
16
|
-
}),
|
|
17
|
-
handler: async ({ req }) => {
|
|
18
|
-
if (!ctx.entrywayClient) {
|
|
19
|
-
return {
|
|
20
|
-
encoding: 'application/json' as const,
|
|
21
|
-
body: {
|
|
22
|
-
activated: true,
|
|
23
|
-
},
|
|
24
|
-
}
|
|
25
|
-
}
|
|
26
|
-
|
|
27
|
-
const { headers } = ctx.entrywayPassthruHeaders(req)
|
|
28
|
-
|
|
29
|
-
return ctx.entrywayClient.xrpc(com.atproto.temp.checkSignupQueue, {
|
|
30
|
-
headers,
|
|
31
|
-
})
|
|
32
|
-
},
|
|
33
|
-
})
|
|
34
|
-
}
|
package/src/api/index.ts
DELETED
|
@@ -1,10 +0,0 @@
|
|
|
1
|
-
import { Server } from '@atproto/xrpc-server'
|
|
2
|
-
import { AppContext } from '../context.js'
|
|
3
|
-
import appBsky from './app/bsky/index.js'
|
|
4
|
-
import comAtproto from './com/atproto/index.js'
|
|
5
|
-
|
|
6
|
-
export default function (server: Server, ctx: AppContext) {
|
|
7
|
-
comAtproto(server, ctx)
|
|
8
|
-
appBsky(server, ctx)
|
|
9
|
-
return server
|
|
10
|
-
}
|
package/src/api/proxy.ts
DELETED
|
@@ -1,44 +0,0 @@
|
|
|
1
|
-
import { IncomingMessage } from 'node:http'
|
|
2
|
-
import express from 'express'
|
|
3
|
-
import { InvalidRequestError } from '@atproto/xrpc-server'
|
|
4
|
-
|
|
5
|
-
export function authPassthru(req: IncomingMessage) {
|
|
6
|
-
const { authorization } = req.headers
|
|
7
|
-
|
|
8
|
-
if (authorization) {
|
|
9
|
-
// DPoP requests are bound to the endpoint being called. Allowing them to be
|
|
10
|
-
// proxied would require that the receiving end allows DPoP proof not
|
|
11
|
-
// created for him. Since proxying is mainly there to support legacy
|
|
12
|
-
// clients, and DPoP is a new feature, we don't support DPoP requests
|
|
13
|
-
// through the proxy.
|
|
14
|
-
|
|
15
|
-
// This is fine since app views are usually called using the requester's
|
|
16
|
-
// credentials when "auth.credentials.type === 'access'", which is the only
|
|
17
|
-
// case were DPoP is used.
|
|
18
|
-
const [type] = authorization.split(' ', 1)
|
|
19
|
-
if (!type) {
|
|
20
|
-
throw new InvalidRequestError('Invalid authorization header')
|
|
21
|
-
}
|
|
22
|
-
if (type.toLowerCase() === 'dpop' || req.headers['dpop']) {
|
|
23
|
-
throw new InvalidRequestError('DPoP requests cannot be proxied')
|
|
24
|
-
}
|
|
25
|
-
|
|
26
|
-
return { headers: { authorization } }
|
|
27
|
-
}
|
|
28
|
-
}
|
|
29
|
-
|
|
30
|
-
// @NOTE this function may mutate its params input
|
|
31
|
-
// future improvement here would be to forward along all untrusted ips rather than just the first (req.ip)
|
|
32
|
-
export const forwardedFor = (
|
|
33
|
-
req: express.Request,
|
|
34
|
-
params: HeadersParam | undefined,
|
|
35
|
-
) => {
|
|
36
|
-
const result: HeadersParam = params ?? { headers: {} }
|
|
37
|
-
const ip = req.ip
|
|
38
|
-
if (ip) {
|
|
39
|
-
result.headers['x-forwarded-for'] = ip
|
|
40
|
-
}
|
|
41
|
-
return result
|
|
42
|
-
}
|
|
43
|
-
|
|
44
|
-
type HeadersParam = { headers: Record<string, string> }
|
package/src/app-view.ts
DELETED
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
import { format } from 'node:util'
|
|
2
|
-
import { Client } from '@atproto/lex'
|
|
3
|
-
|
|
4
|
-
export type AppViewOptions = {
|
|
5
|
-
url: string
|
|
6
|
-
did: string
|
|
7
|
-
cdnUrlPattern?: string
|
|
8
|
-
}
|
|
9
|
-
|
|
10
|
-
export class AppView {
|
|
11
|
-
public did: string
|
|
12
|
-
public client: Client
|
|
13
|
-
private cdnUrlPattern?: string
|
|
14
|
-
|
|
15
|
-
constructor(options: AppViewOptions) {
|
|
16
|
-
this.did = options.did
|
|
17
|
-
this.client = new Client({ service: options.url })
|
|
18
|
-
this.cdnUrlPattern = options.cdnUrlPattern
|
|
19
|
-
}
|
|
20
|
-
|
|
21
|
-
getImageUrl(pattern: string, did: string, cid: string): string | undefined {
|
|
22
|
-
if (this.cdnUrlPattern) return format(this.cdnUrlPattern, pattern, did, cid)
|
|
23
|
-
}
|
|
24
|
-
}
|
package/src/auth-output.ts
DELETED
|
@@ -1,52 +0,0 @@
|
|
|
1
|
-
import { ScopePermissions } from '@atproto/oauth-scopes'
|
|
2
|
-
import { DidString } from '@atproto/syntax'
|
|
3
|
-
import { AuthScope } from './auth-scope.js'
|
|
4
|
-
|
|
5
|
-
export type UnauthenticatedOutput = {
|
|
6
|
-
credentials: null
|
|
7
|
-
}
|
|
8
|
-
|
|
9
|
-
export type AdminTokenOutput = {
|
|
10
|
-
credentials: {
|
|
11
|
-
type: 'admin_token'
|
|
12
|
-
}
|
|
13
|
-
}
|
|
14
|
-
|
|
15
|
-
export type ModServiceOutput = {
|
|
16
|
-
credentials: {
|
|
17
|
-
type: 'mod_service'
|
|
18
|
-
did: DidString
|
|
19
|
-
}
|
|
20
|
-
}
|
|
21
|
-
|
|
22
|
-
export type AccessOutput<S extends AuthScope = AuthScope> = {
|
|
23
|
-
credentials: {
|
|
24
|
-
type: 'access'
|
|
25
|
-
did: DidString
|
|
26
|
-
scope: S
|
|
27
|
-
}
|
|
28
|
-
}
|
|
29
|
-
|
|
30
|
-
export type OAuthOutput = {
|
|
31
|
-
credentials: {
|
|
32
|
-
type: 'oauth'
|
|
33
|
-
did: DidString
|
|
34
|
-
permissions: ScopePermissions
|
|
35
|
-
}
|
|
36
|
-
}
|
|
37
|
-
|
|
38
|
-
export type RefreshOutput = {
|
|
39
|
-
credentials: {
|
|
40
|
-
type: 'refresh'
|
|
41
|
-
did: DidString
|
|
42
|
-
scope: AuthScope.Refresh
|
|
43
|
-
tokenId: string
|
|
44
|
-
}
|
|
45
|
-
}
|
|
46
|
-
|
|
47
|
-
export type UserServiceAuthOutput = {
|
|
48
|
-
credentials: {
|
|
49
|
-
type: 'user_service_auth'
|
|
50
|
-
did: DidString
|
|
51
|
-
}
|
|
52
|
-
}
|
package/src/auth-routes.ts
DELETED
|
@@ -1,64 +0,0 @@
|
|
|
1
|
-
import { Router } from 'express'
|
|
2
|
-
import {
|
|
3
|
-
HandleUnavailableError,
|
|
4
|
-
InvalidRequestError,
|
|
5
|
-
SecondAuthenticationFactorRequiredError,
|
|
6
|
-
UseDpopNonceError,
|
|
7
|
-
oauthMiddleware,
|
|
8
|
-
oauthProtectedResourceMetadataSchema,
|
|
9
|
-
} from '@atproto/oauth-provider'
|
|
10
|
-
import { AppContext } from './context.js'
|
|
11
|
-
import { oauthLogger, reqSerializer } from './logger.js'
|
|
12
|
-
|
|
13
|
-
export const createRouter = ({ oauthProvider, cfg }: AppContext): Router => {
|
|
14
|
-
const router = Router()
|
|
15
|
-
|
|
16
|
-
const oauthProtectedResourceMetadata =
|
|
17
|
-
oauthProtectedResourceMetadataSchema.parse({
|
|
18
|
-
resource: cfg.service.publicUrl,
|
|
19
|
-
authorization_servers: [cfg.entryway?.url ?? cfg.service.publicUrl],
|
|
20
|
-
bearer_methods_supported: ['header'],
|
|
21
|
-
scopes_supported: [],
|
|
22
|
-
resource_documentation: 'https://atproto.com',
|
|
23
|
-
})
|
|
24
|
-
|
|
25
|
-
if (
|
|
26
|
-
!cfg.service.devMode &&
|
|
27
|
-
!oauthProtectedResourceMetadata.resource.startsWith('https://')
|
|
28
|
-
) {
|
|
29
|
-
throw new Error('Resource URL must use the https scheme')
|
|
30
|
-
}
|
|
31
|
-
|
|
32
|
-
router.get('/.well-known/oauth-protected-resource', (req, res) => {
|
|
33
|
-
res.setHeader('Access-Control-Allow-Origin', '*')
|
|
34
|
-
res.setHeader('Access-Control-Allow-Method', '*')
|
|
35
|
-
res.setHeader('Access-Control-Allow-Headers', '*')
|
|
36
|
-
res.status(200).json(oauthProtectedResourceMetadata)
|
|
37
|
-
})
|
|
38
|
-
|
|
39
|
-
if (oauthProvider) {
|
|
40
|
-
router.use(
|
|
41
|
-
oauthMiddleware(oauthProvider, {
|
|
42
|
-
onError: (req, res, err, msg) => {
|
|
43
|
-
if (!ignoreError(err)) {
|
|
44
|
-
oauthLogger.error({ err, req: reqSerializer(req) }, msg)
|
|
45
|
-
}
|
|
46
|
-
},
|
|
47
|
-
}),
|
|
48
|
-
)
|
|
49
|
-
}
|
|
50
|
-
|
|
51
|
-
return router
|
|
52
|
-
}
|
|
53
|
-
|
|
54
|
-
function ignoreError(err: unknown): boolean {
|
|
55
|
-
if (err instanceof InvalidRequestError) {
|
|
56
|
-
return err.error_description === 'Invalid identifier or password'
|
|
57
|
-
}
|
|
58
|
-
|
|
59
|
-
return (
|
|
60
|
-
err instanceof UseDpopNonceError ||
|
|
61
|
-
err instanceof HandleUnavailableError ||
|
|
62
|
-
err instanceof SecondAuthenticationFactorRequiredError
|
|
63
|
-
)
|
|
64
|
-
}
|