@atproto/pds 0.5.12 → 0.5.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (322) hide show
  1. package/CHANGELOG.md +36 -0
  2. package/dist/api/app/bsky/notification/index.d.ts.map +1 -1
  3. package/dist/api/app/bsky/notification/index.js +2 -0
  4. package/dist/api/app/bsky/notification/index.js.map +1 -1
  5. package/dist/api/app/bsky/notification/unregisterPush.d.ts +4 -0
  6. package/dist/api/app/bsky/notification/unregisterPush.d.ts.map +1 -0
  7. package/dist/api/app/bsky/notification/unregisterPush.js +48 -0
  8. package/dist/api/app/bsky/notification/unregisterPush.js.map +1 -0
  9. package/package.json +42 -38
  10. package/build.templates.cjs +0 -22
  11. package/example.env +0 -42
  12. package/jest.config.cjs +0 -27
  13. package/src/account-manager/account-manager.ts +0 -916
  14. package/src/account-manager/db/index.ts +0 -21
  15. package/src/account-manager/db/migrations/001-init.ts +0 -115
  16. package/src/account-manager/db/migrations/002-account-deactivation.ts +0 -17
  17. package/src/account-manager/db/migrations/003-privileged-app-passwords.ts +0 -12
  18. package/src/account-manager/db/migrations/004-oauth.ts +0 -122
  19. package/src/account-manager/db/migrations/005-oauth-account-management.ts +0 -136
  20. package/src/account-manager/db/migrations/006-oauth-permission-sets.ts +0 -20
  21. package/src/account-manager/db/migrations/007-lexicon-failures-index.ts +0 -14
  22. package/src/account-manager/db/migrations/index.ts +0 -17
  23. package/src/account-manager/db/schema/account-device.ts +0 -14
  24. package/src/account-manager/db/schema/account.ts +0 -16
  25. package/src/account-manager/db/schema/actor.ts +0 -17
  26. package/src/account-manager/db/schema/app-password.ts +0 -13
  27. package/src/account-manager/db/schema/authorization-request.ts +0 -30
  28. package/src/account-manager/db/schema/authorized-client.ts +0 -23
  29. package/src/account-manager/db/schema/device.ts +0 -18
  30. package/src/account-manager/db/schema/email-token.ts +0 -19
  31. package/src/account-manager/db/schema/index.ts +0 -43
  32. package/src/account-manager/db/schema/invite-code.ts +0 -24
  33. package/src/account-manager/db/schema/lexicon.ts +0 -15
  34. package/src/account-manager/db/schema/refresh-token.ts +0 -11
  35. package/src/account-manager/db/schema/repo-root.ts +0 -12
  36. package/src/account-manager/db/schema/token.ts +0 -38
  37. package/src/account-manager/db/schema/used-refresh-token.ts +0 -13
  38. package/src/account-manager/helpers/account-device.ts +0 -63
  39. package/src/account-manager/helpers/account.ts +0 -355
  40. package/src/account-manager/helpers/auth.ts +0 -222
  41. package/src/account-manager/helpers/authorization-request.ts +0 -90
  42. package/src/account-manager/helpers/authorized-client.ts +0 -75
  43. package/src/account-manager/helpers/device.ts +0 -47
  44. package/src/account-manager/helpers/email-token.ts +0 -87
  45. package/src/account-manager/helpers/invite.ts +0 -263
  46. package/src/account-manager/helpers/lexicon.ts +0 -67
  47. package/src/account-manager/helpers/password.ts +0 -136
  48. package/src/account-manager/helpers/repo.ts +0 -24
  49. package/src/account-manager/helpers/scrypt.ts +0 -53
  50. package/src/account-manager/helpers/token.ts +0 -158
  51. package/src/account-manager/helpers/used-refresh-token.ts +0 -30
  52. package/src/account-manager/oauth-store.ts +0 -880
  53. package/src/account-manager/scope-reference-getter.ts +0 -106
  54. package/src/actor-store/actor-store-reader.ts +0 -45
  55. package/src/actor-store/actor-store-resources.ts +0 -8
  56. package/src/actor-store/actor-store-transactor.ts +0 -31
  57. package/src/actor-store/actor-store-writer.ts +0 -17
  58. package/src/actor-store/actor-store.ts +0 -210
  59. package/src/actor-store/blob/reader.ts +0 -160
  60. package/src/actor-store/blob/transactor.ts +0 -383
  61. package/src/actor-store/db/index.ts +0 -20
  62. package/src/actor-store/db/migrations/001-init.ts +0 -105
  63. package/src/actor-store/db/migrations/index.ts +0 -5
  64. package/src/actor-store/db/schema/account-pref.ts +0 -11
  65. package/src/actor-store/db/schema/backlink.ts +0 -9
  66. package/src/actor-store/db/schema/blob.ts +0 -14
  67. package/src/actor-store/db/schema/index.ts +0 -23
  68. package/src/actor-store/db/schema/record-blob.ts +0 -8
  69. package/src/actor-store/db/schema/record.ts +0 -14
  70. package/src/actor-store/db/schema/repo-block.ts +0 -10
  71. package/src/actor-store/db/schema/repo-root.ts +0 -10
  72. package/src/actor-store/migrate.ts +0 -39
  73. package/src/actor-store/preference/reader.ts +0 -48
  74. package/src/actor-store/preference/transactor.ts +0 -55
  75. package/src/actor-store/preference/util.ts +0 -39
  76. package/src/actor-store/record/reader.ts +0 -374
  77. package/src/actor-store/record/transactor.ts +0 -111
  78. package/src/actor-store/repo/reader.ts +0 -31
  79. package/src/actor-store/repo/sql-repo-reader.ts +0 -150
  80. package/src/actor-store/repo/sql-repo-transactor.ts +0 -105
  81. package/src/actor-store/repo/transactor.ts +0 -227
  82. package/src/api/app/bsky/actor/getPreferences.ts +0 -57
  83. package/src/api/app/bsky/actor/getProfile.ts +0 -41
  84. package/src/api/app/bsky/actor/getProfiles.ts +0 -51
  85. package/src/api/app/bsky/actor/index.ts +0 -13
  86. package/src/api/app/bsky/actor/putPreferences.ts +0 -62
  87. package/src/api/app/bsky/feed/getActorLikes.ts +0 -63
  88. package/src/api/app/bsky/feed/getAuthorFeed.ts +0 -84
  89. package/src/api/app/bsky/feed/getFeed.ts +0 -47
  90. package/src/api/app/bsky/feed/getPostThread.ts +0 -251
  91. package/src/api/app/bsky/feed/getTimeline.ts +0 -50
  92. package/src/api/app/bsky/feed/index.ts +0 -15
  93. package/src/api/app/bsky/index.ts +0 -11
  94. package/src/api/app/bsky/notification/index.ts +0 -7
  95. package/src/api/app/bsky/notification/registerPush.ts +0 -71
  96. package/src/api/app/bsky/util/resolver.ts +0 -20
  97. package/src/api/com/atproto/admin/deleteAccount.ts +0 -22
  98. package/src/api/com/atproto/admin/disableAccountInvites.ts +0 -18
  99. package/src/api/com/atproto/admin/disableInviteCodes.ts +0 -21
  100. package/src/api/com/atproto/admin/enableAccountInvites.ts +0 -18
  101. package/src/api/com/atproto/admin/getAccountInfo.ts +0 -32
  102. package/src/api/com/atproto/admin/getAccountInfos.ts +0 -34
  103. package/src/api/com/atproto/admin/getInviteCodes.ts +0 -126
  104. package/src/api/com/atproto/admin/getSubjectStatus.ts +0 -76
  105. package/src/api/com/atproto/admin/index.ts +0 -31
  106. package/src/api/com/atproto/admin/sendEmail.ts +0 -47
  107. package/src/api/com/atproto/admin/updateAccountEmail.ts +0 -32
  108. package/src/api/com/atproto/admin/updateAccountHandle.ts +0 -47
  109. package/src/api/com/atproto/admin/updateAccountPassword.ts +0 -34
  110. package/src/api/com/atproto/admin/updateSubjectStatus.ts +0 -68
  111. package/src/api/com/atproto/admin/util.ts +0 -66
  112. package/src/api/com/atproto/identity/getRecommendedDidCredentials.ts +0 -50
  113. package/src/api/com/atproto/identity/index.ts +0 -17
  114. package/src/api/com/atproto/identity/requestPlcOperationSignature.ts +0 -59
  115. package/src/api/com/atproto/identity/resolveHandle.ts +0 -50
  116. package/src/api/com/atproto/identity/signPlcOperation.ts +0 -85
  117. package/src/api/com/atproto/identity/submitPlcOperation.ts +0 -65
  118. package/src/api/com/atproto/identity/updateHandle.ts +0 -66
  119. package/src/api/com/atproto/index.ts +0 -19
  120. package/src/api/com/atproto/moderation/createReport.ts +0 -41
  121. package/src/api/com/atproto/moderation/index.ts +0 -7
  122. package/src/api/com/atproto/repo/applyWrites.ts +0 -226
  123. package/src/api/com/atproto/repo/createRecord.ts +0 -143
  124. package/src/api/com/atproto/repo/deleteRecord.ts +0 -122
  125. package/src/api/com/atproto/repo/describeRepo.ts +0 -43
  126. package/src/api/com/atproto/repo/getRecord.ts +0 -40
  127. package/src/api/com/atproto/repo/importRepo.ts +0 -101
  128. package/src/api/com/atproto/repo/index.ts +0 -25
  129. package/src/api/com/atproto/repo/listMissingBlobs.ts +0 -29
  130. package/src/api/com/atproto/repo/listRecords.ts +0 -36
  131. package/src/api/com/atproto/repo/putRecord.ts +0 -211
  132. package/src/api/com/atproto/repo/uploadBlob.ts +0 -60
  133. package/src/api/com/atproto/server/activateAccount.ts +0 -37
  134. package/src/api/com/atproto/server/checkAccountStatus.ts +0 -51
  135. package/src/api/com/atproto/server/confirmEmail.ts +0 -39
  136. package/src/api/com/atproto/server/createAccount.ts +0 -327
  137. package/src/api/com/atproto/server/createAppPassword.ts +0 -53
  138. package/src/api/com/atproto/server/createInviteCode.ts +0 -38
  139. package/src/api/com/atproto/server/createInviteCodes.ts +0 -42
  140. package/src/api/com/atproto/server/createSession.ts +0 -97
  141. package/src/api/com/atproto/server/deactivateAccount.ts +0 -41
  142. package/src/api/com/atproto/server/deleteAccount.ts +0 -85
  143. package/src/api/com/atproto/server/deleteSession.ts +0 -23
  144. package/src/api/com/atproto/server/describeServer.ts +0 -29
  145. package/src/api/com/atproto/server/getAccountInviteCodes.ts +0 -142
  146. package/src/api/com/atproto/server/getServiceAuth.ts +0 -111
  147. package/src/api/com/atproto/server/getSession.ts +0 -80
  148. package/src/api/com/atproto/server/index.ts +0 -55
  149. package/src/api/com/atproto/server/listAppPasswords.ts +0 -45
  150. package/src/api/com/atproto/server/refreshSession.ts +0 -72
  151. package/src/api/com/atproto/server/requestAccountDelete.ts +0 -66
  152. package/src/api/com/atproto/server/requestEmailConfirmation.ts +0 -68
  153. package/src/api/com/atproto/server/requestEmailUpdate.ts +0 -86
  154. package/src/api/com/atproto/server/requestPasswordReset.ts +0 -52
  155. package/src/api/com/atproto/server/reserveSigningKey.ts +0 -15
  156. package/src/api/com/atproto/server/resetPassword.ts +0 -50
  157. package/src/api/com/atproto/server/revokeAppPassword.ts +0 -42
  158. package/src/api/com/atproto/server/updateEmail.ts +0 -52
  159. package/src/api/com/atproto/server/util.ts +0 -136
  160. package/src/api/com/atproto/sync/deprecated/getCheckout.ts +0 -27
  161. package/src/api/com/atproto/sync/deprecated/getHead.ts +0 -33
  162. package/src/api/com/atproto/sync/getBlob.ts +0 -61
  163. package/src/api/com/atproto/sync/getBlocks.ts +0 -37
  164. package/src/api/com/atproto/sync/getLatestCommit.ts +0 -33
  165. package/src/api/com/atproto/sync/getRecord.ts +0 -49
  166. package/src/api/com/atproto/sync/getRepo.ts +0 -75
  167. package/src/api/com/atproto/sync/getRepoStatus.ts +0 -34
  168. package/src/api/com/atproto/sync/index.ts +0 -27
  169. package/src/api/com/atproto/sync/listBlobs.ts +0 -33
  170. package/src/api/com/atproto/sync/listRepos.ts +0 -74
  171. package/src/api/com/atproto/sync/subscribeRepos.ts +0 -73
  172. package/src/api/com/atproto/sync/util.ts +0 -37
  173. package/src/api/com/atproto/temp/checkSignupQueue.ts +0 -34
  174. package/src/api/com/atproto/temp/index.ts +0 -7
  175. package/src/api/index.ts +0 -10
  176. package/src/api/proxy.ts +0 -44
  177. package/src/app-view.ts +0 -24
  178. package/src/auth-output.ts +0 -52
  179. package/src/auth-routes.ts +0 -64
  180. package/src/auth-scope.ts +0 -40
  181. package/src/auth-verifier.ts +0 -668
  182. package/src/background.ts +0 -65
  183. package/src/basic-routes.ts +0 -52
  184. package/src/bsky-app-view.ts +0 -33
  185. package/src/config/config.ts +0 -553
  186. package/src/config/env.ts +0 -167
  187. package/src/config/index.ts +0 -3
  188. package/src/config/secrets.ts +0 -54
  189. package/src/context.ts +0 -523
  190. package/src/crawlers.ts +0 -46
  191. package/src/db/cast.ts +0 -52
  192. package/src/db/db.ts +0 -140
  193. package/src/db/index.ts +0 -4
  194. package/src/db/migrator.ts +0 -40
  195. package/src/db/pagination.ts +0 -132
  196. package/src/db/tables/moderation.ts +0 -80
  197. package/src/db/util.ts +0 -108
  198. package/src/did-cache/db/index.ts +0 -21
  199. package/src/did-cache/db/migrations.ts +0 -17
  200. package/src/did-cache/db/schema.ts +0 -9
  201. package/src/did-cache/index.ts +0 -131
  202. package/src/disk-blobstore.ts +0 -172
  203. package/src/error.ts +0 -19
  204. package/src/handle/explicit-slurs.ts +0 -22
  205. package/src/handle/index.ts +0 -49
  206. package/src/handle/reserved.ts +0 -1059
  207. package/src/image/image-url-builder.ts +0 -16
  208. package/src/index.ts +0 -189
  209. package/src/lexicons.ts +0 -4
  210. package/src/logger.ts +0 -35
  211. package/src/mailer/index.ts +0 -111
  212. package/src/mailer/moderation.ts +0 -33
  213. package/src/mailer/templates/confirm-email.d.ts +0 -4
  214. package/src/mailer/templates/confirm-email.hbs +0 -158
  215. package/src/mailer/templates/delete-account.d.ts +0 -4
  216. package/src/mailer/templates/delete-account.hbs +0 -156
  217. package/src/mailer/templates/plc-operation.d.ts +0 -4
  218. package/src/mailer/templates/plc-operation.hbs +0 -153
  219. package/src/mailer/templates/reset-password.d.ts +0 -4
  220. package/src/mailer/templates/reset-password.hbs +0 -154
  221. package/src/mailer/templates/update-email.d.ts +0 -4
  222. package/src/mailer/templates/update-email.hbs +0 -153
  223. package/src/mailer/templates.ts +0 -17
  224. package/src/pipethrough.ts +0 -716
  225. package/src/rate-limits.ts +0 -59
  226. package/src/read-after-write/index.ts +0 -3
  227. package/src/read-after-write/types.ts +0 -35
  228. package/src/read-after-write/util.ts +0 -101
  229. package/src/read-after-write/viewer.ts +0 -290
  230. package/src/redis.ts +0 -25
  231. package/src/repo/index.ts +0 -2
  232. package/src/repo/prepare.ts +0 -266
  233. package/src/repo/types.ts +0 -65
  234. package/src/scripts/README.md +0 -40
  235. package/src/scripts/index.ts +0 -20
  236. package/src/scripts/publish-identity.ts +0 -60
  237. package/src/scripts/rebuild-repo.ts +0 -119
  238. package/src/scripts/rotate-keys.ts +0 -146
  239. package/src/scripts/sequencer-recovery/index.ts +0 -23
  240. package/src/scripts/sequencer-recovery/recoverer.ts +0 -297
  241. package/src/scripts/sequencer-recovery/recovery-db.ts +0 -65
  242. package/src/scripts/sequencer-recovery/repair-repos.ts +0 -49
  243. package/src/scripts/sequencer-recovery/user-queues.ts +0 -44
  244. package/src/scripts/util.ts +0 -7
  245. package/src/sequencer/db/index.ts +0 -21
  246. package/src/sequencer/db/migrations/001-init.ts +0 -35
  247. package/src/sequencer/db/migrations/index.ts +0 -5
  248. package/src/sequencer/db/schema.ts +0 -19
  249. package/src/sequencer/events.ts +0 -199
  250. package/src/sequencer/index.ts +0 -3
  251. package/src/sequencer/outbox.ts +0 -123
  252. package/src/sequencer/sequencer.ts +0 -290
  253. package/src/util/compression.ts +0 -16
  254. package/src/util/debug.ts +0 -10
  255. package/src/util/http.ts +0 -31
  256. package/src/util/types.ts +0 -7
  257. package/src/well-known.ts +0 -30
  258. package/test.env +0 -2
  259. package/tests/__snapshots__/takedown-appeal.test.ts.snap +0 -43
  260. package/tests/_oauth_client_assets_middleware.ts +0 -23
  261. package/tests/_puppeteer.ts +0 -147
  262. package/tests/_types.d.ts +0 -16
  263. package/tests/_util.ts +0 -191
  264. package/tests/account-deactivation.test.ts +0 -204
  265. package/tests/account-deletion.test.ts +0 -300
  266. package/tests/account-manager.test.ts +0 -462
  267. package/tests/account-migration.test.ts +0 -221
  268. package/tests/account-status.test.ts +0 -206
  269. package/tests/account.test.ts +0 -595
  270. package/tests/app-passwords.test.ts +0 -262
  271. package/tests/auth.test.ts +0 -405
  272. package/tests/blob-deletes.test.ts +0 -204
  273. package/tests/create-post.test.ts +0 -79
  274. package/tests/crud.test.ts +0 -1595
  275. package/tests/db.test.ts +0 -170
  276. package/tests/email-confirmation.test.ts +0 -227
  277. package/tests/entryway-mock.ts +0 -323
  278. package/tests/entryway.test.ts +0 -145
  279. package/tests/file-uploads.test.ts +0 -301
  280. package/tests/get-service-auth.test.ts +0 -81
  281. package/tests/handle-validation.test.ts +0 -56
  282. package/tests/handles.test.ts +0 -274
  283. package/tests/invite-codes.test.ts +0 -367
  284. package/tests/invites-admin.test.ts +0 -252
  285. package/tests/moderation.test.ts +0 -280
  286. package/tests/moderator-auth.test.ts +0 -177
  287. package/tests/oauth.test.ts +0 -334
  288. package/tests/plc-operations.test.ts +0 -239
  289. package/tests/preferences.test.ts +0 -352
  290. package/tests/proxied/__snapshots__/admin.test.ts.snap +0 -516
  291. package/tests/proxied/__snapshots__/feedgen.test.ts.snap +0 -215
  292. package/tests/proxied/__snapshots__/views.test.ts.snap +0 -4456
  293. package/tests/proxied/admin.test.ts +0 -340
  294. package/tests/proxied/feedgen.test.ts +0 -66
  295. package/tests/proxied/notif.test.ts +0 -85
  296. package/tests/proxied/procedures.test.ts +0 -175
  297. package/tests/proxied/proxy-catchall.test.ts +0 -256
  298. package/tests/proxied/proxy-header.test.ts +0 -239
  299. package/tests/proxied/proxy-oauth-aud.test.ts +0 -182
  300. package/tests/proxied/read-after-write.test.ts +0 -382
  301. package/tests/proxied/views.test.ts +0 -608
  302. package/tests/races.test.ts +0 -89
  303. package/tests/rate-limits.test.ts +0 -70
  304. package/tests/recovery.test.ts +0 -180
  305. package/tests/seeds/basic.ts +0 -165
  306. package/tests/seeds/follows.ts +0 -57
  307. package/tests/seeds/likes.ts +0 -14
  308. package/tests/seeds/reposts.ts +0 -18
  309. package/tests/seeds/thread.ts +0 -40
  310. package/tests/seeds/users-bulk.ts +0 -246
  311. package/tests/seeds/users.ts +0 -67
  312. package/tests/sequencer.test.ts +0 -251
  313. package/tests/server.test.ts +0 -151
  314. package/tests/sync/invertible-ops.test.ts +0 -99
  315. package/tests/sync/list.test.ts +0 -43
  316. package/tests/sync/subscribe-repos.test.ts +0 -672
  317. package/tests/sync/sync.test.ts +0 -316
  318. package/tests/takedown-appeal.test.ts +0 -166
  319. package/tsconfig.build.json +0 -9
  320. package/tsconfig.build.tsbuildinfo +0 -1
  321. package/tsconfig.json +0 -7
  322. package/tsconfig.tests.json +0 -8
@@ -1,252 +0,0 @@
1
- import { AtpAgent } from '@atproto/api'
2
- import { randomStr } from '@atproto/crypto'
3
- import { SeedClient, TestNetworkNoAppView } from '@atproto/dev-env'
4
- import type { DidString } from '@atproto/syntax'
5
-
6
- describe('pds admin invite views', () => {
7
- let network: TestNetworkNoAppView
8
- let agent: AtpAgent
9
- let sc: SeedClient
10
-
11
- beforeAll(async () => {
12
- network = await TestNetworkNoAppView.create({
13
- dbPostgresSchema: 'views_admin_invites',
14
- pds: {
15
- inviteRequired: true,
16
- inviteInterval: 1,
17
- },
18
- })
19
- agent = network.pds.getAgent()
20
- sc = network.getSeedClient()
21
- })
22
-
23
- afterAll(async () => {
24
- await network?.close()
25
- })
26
-
27
- let alice: DidString
28
- let bob: DidString
29
- let carol: DidString
30
-
31
- beforeAll(async () => {
32
- const adminCode = await agent.api.com.atproto.server.createInviteCode(
33
- { useCount: 10 },
34
- { encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
35
- )
36
-
37
- await sc.createAccount('alice', {
38
- handle: 'alice.test',
39
- email: 'alice@test.com',
40
- password: 'alice',
41
- inviteCode: adminCode.data.code,
42
- })
43
- await sc.createAccount('bob', {
44
- handle: 'bob.test',
45
- email: 'bob@test.com',
46
- password: 'bob',
47
- inviteCode: adminCode.data.code,
48
- })
49
- await sc.createAccount('carol', {
50
- handle: 'carol.test',
51
- email: 'carol@test.com',
52
- password: 'carol',
53
- inviteCode: adminCode.data.code,
54
- })
55
-
56
- alice = sc.dids.alice
57
- bob = sc.dids.bob
58
- carol = sc.dids.carol
59
-
60
- const aliceCodes = await agent.api.com.atproto.server.getAccountInviteCodes(
61
- {},
62
- { headers: sc.getHeaders(alice) },
63
- )
64
- await agent.api.com.atproto.server.getAccountInviteCodes(
65
- {},
66
- { headers: sc.getHeaders(bob) },
67
- )
68
- await agent.api.com.atproto.server.createInviteCode(
69
- { useCount: 5, forAccount: alice },
70
- { encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
71
- )
72
- await agent.api.com.atproto.admin.disableInviteCodes(
73
- { codes: [adminCode.data.code], accounts: [bob] },
74
- { encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
75
- )
76
-
77
- const useCode = async (code: string) => {
78
- const name = randomStr(8, 'base32')
79
- await agent.api.com.atproto.server.createAccount({
80
- handle: `${name}.test`,
81
- email: `${name}@test.com`,
82
- password: name,
83
- inviteCode: code,
84
- })
85
- }
86
-
87
- await useCode(aliceCodes.data.codes[0].code)
88
- await useCode(aliceCodes.data.codes[1].code)
89
- })
90
-
91
- it('gets a list of invite codes by recency', async () => {
92
- const result = await agent.api.com.atproto.admin.getInviteCodes(
93
- {},
94
- { headers: network.pds.adminAuthHeaders() },
95
- )
96
- let lastDate = result.data.codes[0].createdAt
97
- for (const code of result.data.codes) {
98
- expect(code.createdAt <= lastDate).toBeTruthy()
99
- lastDate = code.createdAt
100
- }
101
- expect(result.data.codes.length).toBe(12)
102
- expect(result.data.codes[0]).toMatchObject({
103
- available: 5,
104
- disabled: false,
105
- forAccount: alice,
106
- createdBy: 'admin',
107
- })
108
- expect(result.data.codes[0].uses.length).toBe(0)
109
- expect(result.data.codes.at(-1)).toMatchObject({
110
- available: 10,
111
- disabled: true,
112
- forAccount: 'admin',
113
- createdBy: 'admin',
114
- })
115
- expect(result.data.codes.at(-1)?.uses.length).toBe(3)
116
- })
117
-
118
- it('paginates by recency', async () => {
119
- const full = await agent.api.com.atproto.admin.getInviteCodes(
120
- {},
121
- { headers: network.pds.adminAuthHeaders() },
122
- )
123
- const first = await agent.api.com.atproto.admin.getInviteCodes(
124
- { limit: 5 },
125
- { headers: network.pds.adminAuthHeaders() },
126
- )
127
- const second = await agent.api.com.atproto.admin.getInviteCodes(
128
- { cursor: first.data.cursor },
129
- { headers: network.pds.adminAuthHeaders() },
130
- )
131
- const combined = [...first.data.codes, ...second.data.codes]
132
- expect(combined).toEqual(full.data.codes)
133
- })
134
-
135
- it('gets a list of invite codes by usage', async () => {
136
- const result = await agent.api.com.atproto.admin.getInviteCodes(
137
- { sort: 'usage' },
138
- { headers: network.pds.adminAuthHeaders() },
139
- )
140
- let lastUseCount = result.data.codes[0].uses.length
141
- for (const code of result.data.codes) {
142
- expect(code.uses.length).toBeLessThanOrEqual(lastUseCount)
143
- lastUseCount = code.uses.length
144
- }
145
- expect(result.data.codes[0]).toMatchObject({
146
- available: 10,
147
- disabled: true,
148
- forAccount: 'admin',
149
- createdBy: 'admin',
150
- })
151
- expect(result.data.codes[0].uses.length).toBe(3)
152
- })
153
-
154
- it('paginates by usage', async () => {
155
- const full = await agent.api.com.atproto.admin.getInviteCodes(
156
- { sort: 'usage' },
157
- { headers: network.pds.adminAuthHeaders() },
158
- )
159
- const first = await agent.api.com.atproto.admin.getInviteCodes(
160
- { sort: 'usage', limit: 5 },
161
- { headers: network.pds.adminAuthHeaders() },
162
- )
163
- const second = await agent.api.com.atproto.admin.getInviteCodes(
164
- { sort: 'usage', cursor: first.data.cursor },
165
- { headers: network.pds.adminAuthHeaders() },
166
- )
167
- const combined = [...first.data.codes, ...second.data.codes]
168
- expect(combined).toEqual(full.data.codes)
169
- })
170
-
171
- it('hydrates invites into admin.getAccountInfo', async () => {
172
- const aliceView = await agent.api.com.atproto.admin.getAccountInfo(
173
- { did: alice },
174
- { headers: network.pds.adminAuthHeaders() },
175
- )
176
- expect(aliceView.data.invitedBy?.available).toBe(10)
177
- expect(aliceView.data.invitedBy?.uses.length).toBe(3)
178
- expect(aliceView.data.invites?.length).toBe(6)
179
- })
180
-
181
- it('disables an account from getting additional invite codes', async () => {
182
- await agent.api.com.atproto.admin.disableAccountInvites(
183
- { account: carol },
184
- { encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
185
- )
186
-
187
- const repoRes = await agent.api.com.atproto.admin.getAccountInfo(
188
- { did: carol },
189
- { headers: network.pds.adminAuthHeaders() },
190
- )
191
- expect(repoRes.data.invitesDisabled).toBe(true)
192
-
193
- const invRes = await agent.api.com.atproto.server.getAccountInviteCodes(
194
- {},
195
- { headers: sc.getHeaders(carol) },
196
- )
197
- expect(invRes.data.codes.length).toBe(0)
198
- })
199
-
200
- it('allows setting reason when enabling and disabling invite codes', async () => {
201
- await agent.api.com.atproto.admin.enableAccountInvites(
202
- { account: carol },
203
- { encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
204
- )
205
-
206
- const afterEnable = await agent.api.com.atproto.admin.getAccountInfo(
207
- { did: carol },
208
- { headers: network.pds.adminAuthHeaders() },
209
- )
210
- expect(afterEnable.data.invitesDisabled).toBe(false)
211
-
212
- await agent.api.com.atproto.admin.disableAccountInvites(
213
- { account: carol },
214
- { encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
215
- )
216
-
217
- const afterDisable = await agent.api.com.atproto.admin.getAccountInfo(
218
- { did: carol },
219
- { headers: network.pds.adminAuthHeaders() },
220
- )
221
- expect(afterDisable.data.invitesDisabled).toBe(true)
222
- })
223
-
224
- it('creates codes in the background but disables them', async () => {
225
- const res = await network.pds.ctx.accountManager.db.db
226
- .selectFrom('invite_code')
227
- .where('forAccount', '=', carol)
228
- .selectAll()
229
- .execute()
230
- expect(res.length).toBe(5)
231
- expect(res.every((row) => row.disabled === 1))
232
- })
233
-
234
- it('re-enables an accounts invites', async () => {
235
- await agent.api.com.atproto.admin.enableAccountInvites(
236
- { account: carol },
237
- { encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
238
- )
239
-
240
- const repoRes = await agent.api.com.atproto.admin.getAccountInfo(
241
- { did: carol },
242
- { headers: network.pds.adminAuthHeaders() },
243
- )
244
- expect(repoRes.data.invitesDisabled).toBe(false)
245
-
246
- const invRes = await agent.api.com.atproto.server.getAccountInviteCodes(
247
- {},
248
- { headers: sc.getHeaders(carol) },
249
- )
250
- expect(invRes.data.codes.length).toBeGreaterThan(0)
251
- })
252
- })
@@ -1,280 +0,0 @@
1
- import assert from 'node:assert'
2
- import {
3
- $Typed,
4
- AtpAgent,
5
- ComAtprotoAdminDefs,
6
- ComAtprotoRepoStrongRef,
7
- } from '@atproto/api'
8
- import { ImageRef, SeedClient, TestNetworkNoAppView } from '@atproto/dev-env'
9
- import { BlobNotFoundError } from '@atproto/repo'
10
- import basicSeed from './seeds/basic.js'
11
-
12
- describe('moderation', () => {
13
- let network: TestNetworkNoAppView
14
- let agent: AtpAgent
15
- let sc: SeedClient
16
-
17
- let repoSubject: $Typed<ComAtprotoAdminDefs.RepoRef>
18
- let recordSubject: $Typed<ComAtprotoRepoStrongRef.Main>
19
- let blobSubject: $Typed<ComAtprotoAdminDefs.RepoBlobRef>
20
- let blobRef: ImageRef
21
-
22
- beforeAll(async () => {
23
- network = await TestNetworkNoAppView.create({
24
- dbPostgresSchema: 'moderation',
25
- })
26
-
27
- agent = network.pds.getAgent()
28
- sc = network.getSeedClient()
29
- await basicSeed(sc)
30
- await network.processAll()
31
- repoSubject = {
32
- $type: 'com.atproto.admin.defs#repoRef',
33
- did: sc.dids.bob,
34
- }
35
- const post = sc.posts[sc.dids.carol][0]
36
- recordSubject = {
37
- $type: 'com.atproto.repo.strongRef',
38
- uri: post.ref.uriStr,
39
- cid: post.ref.cidStr,
40
- }
41
- blobRef = post.images[1]
42
- blobSubject = {
43
- $type: 'com.atproto.admin.defs#repoBlobRef',
44
- did: sc.dids.carol,
45
- cid: blobRef.image.ref.toString(),
46
- }
47
- })
48
-
49
- afterAll(async () => {
50
- await network?.close()
51
- })
52
-
53
- it('takes down accounts', async () => {
54
- await agent.api.com.atproto.admin.updateSubjectStatus(
55
- {
56
- subject: repoSubject,
57
- takedown: { applied: true, ref: 'test-repo' },
58
- },
59
- {
60
- encoding: 'application/json',
61
- headers: network.pds.adminAuthHeaders(),
62
- },
63
- )
64
- const res = await agent.api.com.atproto.admin.getSubjectStatus(
65
- {
66
- did: repoSubject.did,
67
- },
68
- { headers: network.pds.adminAuthHeaders() },
69
- )
70
- assert(ComAtprotoAdminDefs.isRepoRef(res.data.subject))
71
- expect(res.data.subject.did).toEqual(sc.dids.bob)
72
- expect(res.data.takedown?.applied).toBe(true)
73
- expect(res.data.takedown?.ref).toBe('test-repo')
74
- })
75
-
76
- it('restores takendown accounts', async () => {
77
- await agent.api.com.atproto.admin.updateSubjectStatus(
78
- {
79
- subject: repoSubject,
80
- takedown: { applied: false },
81
- },
82
- {
83
- encoding: 'application/json',
84
- headers: network.pds.adminAuthHeaders(),
85
- },
86
- )
87
- const res = await agent.api.com.atproto.admin.getSubjectStatus(
88
- {
89
- did: repoSubject.did,
90
- },
91
- { headers: network.pds.adminAuthHeaders() },
92
- )
93
- assert(ComAtprotoAdminDefs.isRepoRef(res.data.subject))
94
- expect(res.data.subject.did).toEqual(sc.dids.bob)
95
- expect(res.data.takedown?.applied).toBe(false)
96
- expect(res.data.takedown?.ref).toBeUndefined()
97
- })
98
-
99
- it('takes down records', async () => {
100
- await agent.api.com.atproto.admin.updateSubjectStatus(
101
- {
102
- subject: recordSubject,
103
- takedown: { applied: true, ref: 'test-record' },
104
- },
105
- {
106
- encoding: 'application/json',
107
- headers: network.pds.adminAuthHeaders(),
108
- },
109
- )
110
- const res = await agent.api.com.atproto.admin.getSubjectStatus(
111
- {
112
- uri: recordSubject.uri,
113
- },
114
- { headers: network.pds.adminAuthHeaders() },
115
- )
116
- assert(ComAtprotoRepoStrongRef.isMain(res.data.subject))
117
- expect(res.data.subject.uri).toEqual(recordSubject.uri)
118
- expect(res.data.takedown?.applied).toBe(true)
119
- expect(res.data.takedown?.ref).toBe('test-record')
120
- })
121
-
122
- it('restores takendown records', async () => {
123
- await agent.api.com.atproto.admin.updateSubjectStatus(
124
- {
125
- subject: recordSubject,
126
- takedown: { applied: false },
127
- },
128
- {
129
- encoding: 'application/json',
130
- headers: network.pds.adminAuthHeaders(),
131
- },
132
- )
133
- const res = await agent.api.com.atproto.admin.getSubjectStatus(
134
- {
135
- uri: recordSubject.uri,
136
- },
137
- { headers: network.pds.adminAuthHeaders() },
138
- )
139
- assert(ComAtprotoRepoStrongRef.isMain(res.data.subject))
140
- expect(res.data.subject.uri).toEqual(recordSubject.uri)
141
- expect(res.data.takedown?.applied).toBe(false)
142
- expect(res.data.takedown?.ref).toBeUndefined()
143
- })
144
-
145
- describe('blob takedown', () => {
146
- it('takes down blobs', async () => {
147
- await agent.api.com.atproto.admin.updateSubjectStatus(
148
- {
149
- subject: blobSubject,
150
- takedown: { applied: true, ref: 'test-blob' },
151
- },
152
- {
153
- encoding: 'application/json',
154
- headers: network.pds.adminAuthHeaders(),
155
- },
156
- )
157
- const res = await agent.api.com.atproto.admin.getSubjectStatus(
158
- {
159
- did: blobSubject.did,
160
- blob: blobSubject.cid,
161
- },
162
- { headers: network.pds.adminAuthHeaders() },
163
- )
164
- assert(ComAtprotoAdminDefs.isRepoBlobRef(res.data.subject))
165
- expect(res.data.subject.did).toEqual(blobSubject.did)
166
- assert(ComAtprotoAdminDefs.isRepoBlobRef(res.data.subject))
167
- expect(res.data.subject.cid).toEqual(blobSubject.cid)
168
- expect(res.data.takedown?.applied).toBe(true)
169
- expect(res.data.takedown?.ref).toBe('test-blob')
170
- })
171
-
172
- it('removes blob from the store', async () => {
173
- const tryGetBytes = network.pds.ctx
174
- .blobstore(blobSubject.did)
175
- .getBytes(blobRef.image.ref)
176
- await expect(tryGetBytes).rejects.toThrow(BlobNotFoundError)
177
- })
178
-
179
- it('prevents blob from being referenced again.', async () => {
180
- const referenceBlob = sc.post(sc.dids.carol, 'pic', [], [blobRef])
181
- await expect(referenceBlob).rejects.toThrow('Could not find blob:')
182
- })
183
-
184
- it('prevents blob from being reuploaded', async () => {
185
- const attempt = sc.uploadFile(
186
- sc.dids.carol,
187
- '../dev-env/assets/key-alt.jpg',
188
- 'image/jpeg',
189
- )
190
- await expect(attempt).rejects.toThrow(
191
- 'Blob has been takendown, cannot re-upload',
192
- )
193
- })
194
-
195
- it('prevents image blob from being served.', async () => {
196
- const attempt = agent.api.com.atproto.sync.getBlob({
197
- did: sc.dids.carol,
198
- cid: blobRef.image.ref.toString(),
199
- })
200
- await expect(attempt).rejects.toThrow('Blob not found')
201
- })
202
-
203
- it('restores blob when takedown is removed', async () => {
204
- await agent.api.com.atproto.admin.updateSubjectStatus(
205
- {
206
- subject: blobSubject,
207
- takedown: { applied: false },
208
- },
209
- {
210
- encoding: 'application/json',
211
- headers: network.pds.adminAuthHeaders(),
212
- },
213
- )
214
-
215
- // Can post and reference blob
216
- const post = await sc.post(sc.dids.carol, 'pic', [], [blobRef])
217
- expect(post.images[0].image.ref.equals(blobRef.image.ref)).toBeTruthy()
218
-
219
- // Can fetch through image server
220
- const res = await agent.api.com.atproto.sync.getBlob({
221
- did: sc.dids.carol,
222
- cid: blobRef.image.ref.toString(),
223
- })
224
-
225
- expect(res.data.byteLength).toBeGreaterThan(9000)
226
- })
227
-
228
- it('prevents blobs of takendown accounts from being served.', async () => {
229
- await agent.api.com.atproto.admin.updateSubjectStatus(
230
- {
231
- subject: {
232
- $type: 'com.atproto.admin.defs#repoRef',
233
- did: sc.dids.carol,
234
- },
235
- takedown: { applied: true },
236
- },
237
- {
238
- encoding: 'application/json',
239
- headers: network.pds.adminAuthHeaders(),
240
- },
241
- )
242
- const blobParams = {
243
- did: sc.dids.carol,
244
- cid: blobRef.image.ref.toString(),
245
- }
246
- // public, disallow
247
- const attempt1 = agent.api.com.atproto.sync.getBlob(blobParams)
248
- await expect(attempt1).rejects.toThrow(/Repo has been takendown/)
249
- // logged-in, disallow
250
- const attempt2 = agent.api.com.atproto.sync.getBlob(blobParams, {
251
- headers: sc.getHeaders(sc.dids.bob),
252
- })
253
- await expect(attempt2).rejects.toThrow(/Repo has been takendown/)
254
- // logged-in as account, allow
255
- const res1 = await agent.api.com.atproto.sync.getBlob(blobParams, {
256
- headers: sc.getHeaders(sc.dids.carol),
257
- })
258
- expect(res1.data.byteLength).toBeGreaterThan(9000)
259
- // admin role, allow
260
- const res2 = await agent.api.com.atproto.sync.getBlob(blobParams, {
261
- headers: network.pds.adminAuthHeaders(),
262
- })
263
- expect(res2.data.byteLength).toBeGreaterThan(9000)
264
- // revert takedown
265
- await agent.api.com.atproto.admin.updateSubjectStatus(
266
- {
267
- subject: {
268
- $type: 'com.atproto.admin.defs#repoRef',
269
- did: sc.dids.carol,
270
- },
271
- takedown: { applied: false },
272
- },
273
- {
274
- encoding: 'application/json',
275
- headers: network.pds.adminAuthHeaders(),
276
- },
277
- )
278
- })
279
- })
280
- })
@@ -1,177 +0,0 @@
1
- import assert from 'node:assert'
2
- import * as plc from '@did-plc/lib'
3
- import { AtpAgent } from '@atproto/api'
4
- import { Keypair, Secp256k1Keypair } from '@atproto/crypto'
5
- import { SeedClient, TestNetworkNoAppView } from '@atproto/dev-env'
6
- import { $Typed } from '@atproto/lex'
7
- import { createServiceAuthHeaders } from '@atproto/xrpc-server'
8
- import { com } from '../src/lexicons/index.js'
9
- import usersSeed from './seeds/users.js'
10
-
11
- describe('moderator auth', () => {
12
- let network: TestNetworkNoAppView
13
- let agent: AtpAgent
14
- let sc: SeedClient
15
-
16
- let repoSubject: $Typed<com.atproto.admin.defs.RepoRef>
17
-
18
- let modServiceDid: string
19
- let altModDid: string
20
- let modServiceKey: Secp256k1Keypair
21
- let pdsDid: string
22
-
23
- const opAndDid = async (handle: string, key: Keypair) => {
24
- const op = await plc.signOperation(
25
- {
26
- type: 'plc_operation',
27
- alsoKnownAs: [handle],
28
- verificationMethods: {
29
- atproto: key.did(),
30
- },
31
- rotationKeys: [key.did()],
32
- services: {},
33
- prev: null,
34
- },
35
- key,
36
- )
37
- const did = await plc.didForCreateOp(op)
38
- return { op, did }
39
- }
40
-
41
- beforeAll(async () => {
42
- // kinda goofy but we need to know the dids before creating the testnet for the PDS's config
43
- modServiceKey = await Secp256k1Keypair.create()
44
- const modServiceInfo = await opAndDid('mod.test', modServiceKey)
45
- const altModInfo = await opAndDid('alt-mod.test', modServiceKey)
46
- modServiceDid = modServiceInfo.did
47
- altModDid = altModInfo.did
48
-
49
- network = await TestNetworkNoAppView.create({
50
- dbPostgresSchema: 'pds_moderator_auth',
51
- pds: {
52
- modServiceDid: modServiceInfo.did,
53
- modServiceUrl: 'https://mod.invalid',
54
- },
55
- })
56
-
57
- pdsDid = network.pds.ctx.cfg.service.did
58
-
59
- const plcClient = network.plc.getClient()
60
- await plcClient.sendOperation(modServiceInfo.did, modServiceInfo.op)
61
- await plcClient.sendOperation(altModInfo.did, altModInfo.op)
62
-
63
- agent = network.pds.getAgent()
64
- sc = network.getSeedClient()
65
- await usersSeed(sc)
66
- await network.processAll()
67
- repoSubject = {
68
- $type: 'com.atproto.admin.defs#repoRef',
69
- did: sc.dids.bob,
70
- }
71
- }, 20_000) // @NOTE seeding can take a while
72
-
73
- afterAll(async () => {
74
- await network?.close()
75
- })
76
-
77
- it('allows service auth requests from the configured appview did', async () => {
78
- const updateHeaders = await createServiceAuthHeaders({
79
- iss: modServiceDid,
80
- aud: pdsDid,
81
- lxm: com.atproto.admin.updateSubjectStatus.$lxm,
82
- keypair: modServiceKey,
83
- })
84
- await agent.api.com.atproto.admin.updateSubjectStatus(
85
- {
86
- subject: repoSubject,
87
- takedown: { applied: true, ref: 'test-repo' },
88
- },
89
- {
90
- ...updateHeaders,
91
- encoding: 'application/json',
92
- },
93
- )
94
-
95
- const getHeaders = await createServiceAuthHeaders({
96
- iss: modServiceDid,
97
- aud: pdsDid,
98
- lxm: com.atproto.admin.getSubjectStatus.$lxm,
99
- keypair: modServiceKey,
100
- })
101
- const res = await agent.api.com.atproto.admin.getSubjectStatus(
102
- {
103
- did: repoSubject.did,
104
- },
105
- getHeaders,
106
- )
107
- assert(com.atproto.admin.defs.repoRef.$matches(res.data.subject))
108
- expect(res.data.subject.did).toBe(repoSubject.did)
109
- expect(res.data.takedown?.applied).toBe(true)
110
- })
111
-
112
- it('does not allow requests from another did', async () => {
113
- const headers = await createServiceAuthHeaders({
114
- iss: altModDid,
115
- aud: pdsDid,
116
- lxm: com.atproto.admin.updateSubjectStatus.$lxm,
117
- keypair: modServiceKey,
118
- })
119
- const attempt = agent.api.com.atproto.admin.updateSubjectStatus(
120
- {
121
- subject: repoSubject,
122
- takedown: { applied: true, ref: 'test-repo' },
123
- },
124
- {
125
- ...headers,
126
- encoding: 'application/json',
127
- },
128
- )
129
- await expect(attempt).rejects.toThrow('Untrusted issuer')
130
- })
131
-
132
- it('does not allow requests with a bad signature', async () => {
133
- const badKey = await Secp256k1Keypair.create()
134
- const headers = await createServiceAuthHeaders({
135
- iss: modServiceDid,
136
- aud: pdsDid,
137
- lxm: com.atproto.admin.updateSubjectStatus.$lxm,
138
- keypair: badKey,
139
- })
140
- const attempt = agent.api.com.atproto.admin.updateSubjectStatus(
141
- {
142
- subject: repoSubject,
143
- takedown: { applied: true, ref: 'test-repo' },
144
- },
145
- {
146
- ...headers,
147
- encoding: 'application/json',
148
- },
149
- )
150
- await expect(attempt).rejects.toThrow(
151
- 'jwt signature does not match jwt issuer',
152
- )
153
- })
154
-
155
- it('does not allow requests with a bad aud', async () => {
156
- // repo subject is bob, so we set alice as the audience
157
- const headers = await createServiceAuthHeaders({
158
- iss: modServiceDid,
159
- aud: sc.dids.alice,
160
- lxm: com.atproto.admin.updateSubjectStatus.$lxm,
161
- keypair: modServiceKey,
162
- })
163
- const attempt = agent.api.com.atproto.admin.updateSubjectStatus(
164
- {
165
- subject: repoSubject,
166
- takedown: { applied: true, ref: 'test-repo' },
167
- },
168
- {
169
- ...headers,
170
- encoding: 'application/json',
171
- },
172
- )
173
- await expect(attempt).rejects.toThrow(
174
- 'jwt audience does not match service did',
175
- )
176
- })
177
- })