@atproto/pds 0.5.12 → 0.5.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +36 -0
- package/dist/api/app/bsky/notification/index.d.ts.map +1 -1
- package/dist/api/app/bsky/notification/index.js +2 -0
- package/dist/api/app/bsky/notification/index.js.map +1 -1
- package/dist/api/app/bsky/notification/unregisterPush.d.ts +4 -0
- package/dist/api/app/bsky/notification/unregisterPush.d.ts.map +1 -0
- package/dist/api/app/bsky/notification/unregisterPush.js +48 -0
- package/dist/api/app/bsky/notification/unregisterPush.js.map +1 -0
- package/package.json +42 -38
- package/build.templates.cjs +0 -22
- package/example.env +0 -42
- package/jest.config.cjs +0 -27
- package/src/account-manager/account-manager.ts +0 -916
- package/src/account-manager/db/index.ts +0 -21
- package/src/account-manager/db/migrations/001-init.ts +0 -115
- package/src/account-manager/db/migrations/002-account-deactivation.ts +0 -17
- package/src/account-manager/db/migrations/003-privileged-app-passwords.ts +0 -12
- package/src/account-manager/db/migrations/004-oauth.ts +0 -122
- package/src/account-manager/db/migrations/005-oauth-account-management.ts +0 -136
- package/src/account-manager/db/migrations/006-oauth-permission-sets.ts +0 -20
- package/src/account-manager/db/migrations/007-lexicon-failures-index.ts +0 -14
- package/src/account-manager/db/migrations/index.ts +0 -17
- package/src/account-manager/db/schema/account-device.ts +0 -14
- package/src/account-manager/db/schema/account.ts +0 -16
- package/src/account-manager/db/schema/actor.ts +0 -17
- package/src/account-manager/db/schema/app-password.ts +0 -13
- package/src/account-manager/db/schema/authorization-request.ts +0 -30
- package/src/account-manager/db/schema/authorized-client.ts +0 -23
- package/src/account-manager/db/schema/device.ts +0 -18
- package/src/account-manager/db/schema/email-token.ts +0 -19
- package/src/account-manager/db/schema/index.ts +0 -43
- package/src/account-manager/db/schema/invite-code.ts +0 -24
- package/src/account-manager/db/schema/lexicon.ts +0 -15
- package/src/account-manager/db/schema/refresh-token.ts +0 -11
- package/src/account-manager/db/schema/repo-root.ts +0 -12
- package/src/account-manager/db/schema/token.ts +0 -38
- package/src/account-manager/db/schema/used-refresh-token.ts +0 -13
- package/src/account-manager/helpers/account-device.ts +0 -63
- package/src/account-manager/helpers/account.ts +0 -355
- package/src/account-manager/helpers/auth.ts +0 -222
- package/src/account-manager/helpers/authorization-request.ts +0 -90
- package/src/account-manager/helpers/authorized-client.ts +0 -75
- package/src/account-manager/helpers/device.ts +0 -47
- package/src/account-manager/helpers/email-token.ts +0 -87
- package/src/account-manager/helpers/invite.ts +0 -263
- package/src/account-manager/helpers/lexicon.ts +0 -67
- package/src/account-manager/helpers/password.ts +0 -136
- package/src/account-manager/helpers/repo.ts +0 -24
- package/src/account-manager/helpers/scrypt.ts +0 -53
- package/src/account-manager/helpers/token.ts +0 -158
- package/src/account-manager/helpers/used-refresh-token.ts +0 -30
- package/src/account-manager/oauth-store.ts +0 -880
- package/src/account-manager/scope-reference-getter.ts +0 -106
- package/src/actor-store/actor-store-reader.ts +0 -45
- package/src/actor-store/actor-store-resources.ts +0 -8
- package/src/actor-store/actor-store-transactor.ts +0 -31
- package/src/actor-store/actor-store-writer.ts +0 -17
- package/src/actor-store/actor-store.ts +0 -210
- package/src/actor-store/blob/reader.ts +0 -160
- package/src/actor-store/blob/transactor.ts +0 -383
- package/src/actor-store/db/index.ts +0 -20
- package/src/actor-store/db/migrations/001-init.ts +0 -105
- package/src/actor-store/db/migrations/index.ts +0 -5
- package/src/actor-store/db/schema/account-pref.ts +0 -11
- package/src/actor-store/db/schema/backlink.ts +0 -9
- package/src/actor-store/db/schema/blob.ts +0 -14
- package/src/actor-store/db/schema/index.ts +0 -23
- package/src/actor-store/db/schema/record-blob.ts +0 -8
- package/src/actor-store/db/schema/record.ts +0 -14
- package/src/actor-store/db/schema/repo-block.ts +0 -10
- package/src/actor-store/db/schema/repo-root.ts +0 -10
- package/src/actor-store/migrate.ts +0 -39
- package/src/actor-store/preference/reader.ts +0 -48
- package/src/actor-store/preference/transactor.ts +0 -55
- package/src/actor-store/preference/util.ts +0 -39
- package/src/actor-store/record/reader.ts +0 -374
- package/src/actor-store/record/transactor.ts +0 -111
- package/src/actor-store/repo/reader.ts +0 -31
- package/src/actor-store/repo/sql-repo-reader.ts +0 -150
- package/src/actor-store/repo/sql-repo-transactor.ts +0 -105
- package/src/actor-store/repo/transactor.ts +0 -227
- package/src/api/app/bsky/actor/getPreferences.ts +0 -57
- package/src/api/app/bsky/actor/getProfile.ts +0 -41
- package/src/api/app/bsky/actor/getProfiles.ts +0 -51
- package/src/api/app/bsky/actor/index.ts +0 -13
- package/src/api/app/bsky/actor/putPreferences.ts +0 -62
- package/src/api/app/bsky/feed/getActorLikes.ts +0 -63
- package/src/api/app/bsky/feed/getAuthorFeed.ts +0 -84
- package/src/api/app/bsky/feed/getFeed.ts +0 -47
- package/src/api/app/bsky/feed/getPostThread.ts +0 -251
- package/src/api/app/bsky/feed/getTimeline.ts +0 -50
- package/src/api/app/bsky/feed/index.ts +0 -15
- package/src/api/app/bsky/index.ts +0 -11
- package/src/api/app/bsky/notification/index.ts +0 -7
- package/src/api/app/bsky/notification/registerPush.ts +0 -71
- package/src/api/app/bsky/util/resolver.ts +0 -20
- package/src/api/com/atproto/admin/deleteAccount.ts +0 -22
- package/src/api/com/atproto/admin/disableAccountInvites.ts +0 -18
- package/src/api/com/atproto/admin/disableInviteCodes.ts +0 -21
- package/src/api/com/atproto/admin/enableAccountInvites.ts +0 -18
- package/src/api/com/atproto/admin/getAccountInfo.ts +0 -32
- package/src/api/com/atproto/admin/getAccountInfos.ts +0 -34
- package/src/api/com/atproto/admin/getInviteCodes.ts +0 -126
- package/src/api/com/atproto/admin/getSubjectStatus.ts +0 -76
- package/src/api/com/atproto/admin/index.ts +0 -31
- package/src/api/com/atproto/admin/sendEmail.ts +0 -47
- package/src/api/com/atproto/admin/updateAccountEmail.ts +0 -32
- package/src/api/com/atproto/admin/updateAccountHandle.ts +0 -47
- package/src/api/com/atproto/admin/updateAccountPassword.ts +0 -34
- package/src/api/com/atproto/admin/updateSubjectStatus.ts +0 -68
- package/src/api/com/atproto/admin/util.ts +0 -66
- package/src/api/com/atproto/identity/getRecommendedDidCredentials.ts +0 -50
- package/src/api/com/atproto/identity/index.ts +0 -17
- package/src/api/com/atproto/identity/requestPlcOperationSignature.ts +0 -59
- package/src/api/com/atproto/identity/resolveHandle.ts +0 -50
- package/src/api/com/atproto/identity/signPlcOperation.ts +0 -85
- package/src/api/com/atproto/identity/submitPlcOperation.ts +0 -65
- package/src/api/com/atproto/identity/updateHandle.ts +0 -66
- package/src/api/com/atproto/index.ts +0 -19
- package/src/api/com/atproto/moderation/createReport.ts +0 -41
- package/src/api/com/atproto/moderation/index.ts +0 -7
- package/src/api/com/atproto/repo/applyWrites.ts +0 -226
- package/src/api/com/atproto/repo/createRecord.ts +0 -143
- package/src/api/com/atproto/repo/deleteRecord.ts +0 -122
- package/src/api/com/atproto/repo/describeRepo.ts +0 -43
- package/src/api/com/atproto/repo/getRecord.ts +0 -40
- package/src/api/com/atproto/repo/importRepo.ts +0 -101
- package/src/api/com/atproto/repo/index.ts +0 -25
- package/src/api/com/atproto/repo/listMissingBlobs.ts +0 -29
- package/src/api/com/atproto/repo/listRecords.ts +0 -36
- package/src/api/com/atproto/repo/putRecord.ts +0 -211
- package/src/api/com/atproto/repo/uploadBlob.ts +0 -60
- package/src/api/com/atproto/server/activateAccount.ts +0 -37
- package/src/api/com/atproto/server/checkAccountStatus.ts +0 -51
- package/src/api/com/atproto/server/confirmEmail.ts +0 -39
- package/src/api/com/atproto/server/createAccount.ts +0 -327
- package/src/api/com/atproto/server/createAppPassword.ts +0 -53
- package/src/api/com/atproto/server/createInviteCode.ts +0 -38
- package/src/api/com/atproto/server/createInviteCodes.ts +0 -42
- package/src/api/com/atproto/server/createSession.ts +0 -97
- package/src/api/com/atproto/server/deactivateAccount.ts +0 -41
- package/src/api/com/atproto/server/deleteAccount.ts +0 -85
- package/src/api/com/atproto/server/deleteSession.ts +0 -23
- package/src/api/com/atproto/server/describeServer.ts +0 -29
- package/src/api/com/atproto/server/getAccountInviteCodes.ts +0 -142
- package/src/api/com/atproto/server/getServiceAuth.ts +0 -111
- package/src/api/com/atproto/server/getSession.ts +0 -80
- package/src/api/com/atproto/server/index.ts +0 -55
- package/src/api/com/atproto/server/listAppPasswords.ts +0 -45
- package/src/api/com/atproto/server/refreshSession.ts +0 -72
- package/src/api/com/atproto/server/requestAccountDelete.ts +0 -66
- package/src/api/com/atproto/server/requestEmailConfirmation.ts +0 -68
- package/src/api/com/atproto/server/requestEmailUpdate.ts +0 -86
- package/src/api/com/atproto/server/requestPasswordReset.ts +0 -52
- package/src/api/com/atproto/server/reserveSigningKey.ts +0 -15
- package/src/api/com/atproto/server/resetPassword.ts +0 -50
- package/src/api/com/atproto/server/revokeAppPassword.ts +0 -42
- package/src/api/com/atproto/server/updateEmail.ts +0 -52
- package/src/api/com/atproto/server/util.ts +0 -136
- package/src/api/com/atproto/sync/deprecated/getCheckout.ts +0 -27
- package/src/api/com/atproto/sync/deprecated/getHead.ts +0 -33
- package/src/api/com/atproto/sync/getBlob.ts +0 -61
- package/src/api/com/atproto/sync/getBlocks.ts +0 -37
- package/src/api/com/atproto/sync/getLatestCommit.ts +0 -33
- package/src/api/com/atproto/sync/getRecord.ts +0 -49
- package/src/api/com/atproto/sync/getRepo.ts +0 -75
- package/src/api/com/atproto/sync/getRepoStatus.ts +0 -34
- package/src/api/com/atproto/sync/index.ts +0 -27
- package/src/api/com/atproto/sync/listBlobs.ts +0 -33
- package/src/api/com/atproto/sync/listRepos.ts +0 -74
- package/src/api/com/atproto/sync/subscribeRepos.ts +0 -73
- package/src/api/com/atproto/sync/util.ts +0 -37
- package/src/api/com/atproto/temp/checkSignupQueue.ts +0 -34
- package/src/api/com/atproto/temp/index.ts +0 -7
- package/src/api/index.ts +0 -10
- package/src/api/proxy.ts +0 -44
- package/src/app-view.ts +0 -24
- package/src/auth-output.ts +0 -52
- package/src/auth-routes.ts +0 -64
- package/src/auth-scope.ts +0 -40
- package/src/auth-verifier.ts +0 -668
- package/src/background.ts +0 -65
- package/src/basic-routes.ts +0 -52
- package/src/bsky-app-view.ts +0 -33
- package/src/config/config.ts +0 -553
- package/src/config/env.ts +0 -167
- package/src/config/index.ts +0 -3
- package/src/config/secrets.ts +0 -54
- package/src/context.ts +0 -523
- package/src/crawlers.ts +0 -46
- package/src/db/cast.ts +0 -52
- package/src/db/db.ts +0 -140
- package/src/db/index.ts +0 -4
- package/src/db/migrator.ts +0 -40
- package/src/db/pagination.ts +0 -132
- package/src/db/tables/moderation.ts +0 -80
- package/src/db/util.ts +0 -108
- package/src/did-cache/db/index.ts +0 -21
- package/src/did-cache/db/migrations.ts +0 -17
- package/src/did-cache/db/schema.ts +0 -9
- package/src/did-cache/index.ts +0 -131
- package/src/disk-blobstore.ts +0 -172
- package/src/error.ts +0 -19
- package/src/handle/explicit-slurs.ts +0 -22
- package/src/handle/index.ts +0 -49
- package/src/handle/reserved.ts +0 -1059
- package/src/image/image-url-builder.ts +0 -16
- package/src/index.ts +0 -189
- package/src/lexicons.ts +0 -4
- package/src/logger.ts +0 -35
- package/src/mailer/index.ts +0 -111
- package/src/mailer/moderation.ts +0 -33
- package/src/mailer/templates/confirm-email.d.ts +0 -4
- package/src/mailer/templates/confirm-email.hbs +0 -158
- package/src/mailer/templates/delete-account.d.ts +0 -4
- package/src/mailer/templates/delete-account.hbs +0 -156
- package/src/mailer/templates/plc-operation.d.ts +0 -4
- package/src/mailer/templates/plc-operation.hbs +0 -153
- package/src/mailer/templates/reset-password.d.ts +0 -4
- package/src/mailer/templates/reset-password.hbs +0 -154
- package/src/mailer/templates/update-email.d.ts +0 -4
- package/src/mailer/templates/update-email.hbs +0 -153
- package/src/mailer/templates.ts +0 -17
- package/src/pipethrough.ts +0 -716
- package/src/rate-limits.ts +0 -59
- package/src/read-after-write/index.ts +0 -3
- package/src/read-after-write/types.ts +0 -35
- package/src/read-after-write/util.ts +0 -101
- package/src/read-after-write/viewer.ts +0 -290
- package/src/redis.ts +0 -25
- package/src/repo/index.ts +0 -2
- package/src/repo/prepare.ts +0 -266
- package/src/repo/types.ts +0 -65
- package/src/scripts/README.md +0 -40
- package/src/scripts/index.ts +0 -20
- package/src/scripts/publish-identity.ts +0 -60
- package/src/scripts/rebuild-repo.ts +0 -119
- package/src/scripts/rotate-keys.ts +0 -146
- package/src/scripts/sequencer-recovery/index.ts +0 -23
- package/src/scripts/sequencer-recovery/recoverer.ts +0 -297
- package/src/scripts/sequencer-recovery/recovery-db.ts +0 -65
- package/src/scripts/sequencer-recovery/repair-repos.ts +0 -49
- package/src/scripts/sequencer-recovery/user-queues.ts +0 -44
- package/src/scripts/util.ts +0 -7
- package/src/sequencer/db/index.ts +0 -21
- package/src/sequencer/db/migrations/001-init.ts +0 -35
- package/src/sequencer/db/migrations/index.ts +0 -5
- package/src/sequencer/db/schema.ts +0 -19
- package/src/sequencer/events.ts +0 -199
- package/src/sequencer/index.ts +0 -3
- package/src/sequencer/outbox.ts +0 -123
- package/src/sequencer/sequencer.ts +0 -290
- package/src/util/compression.ts +0 -16
- package/src/util/debug.ts +0 -10
- package/src/util/http.ts +0 -31
- package/src/util/types.ts +0 -7
- package/src/well-known.ts +0 -30
- package/test.env +0 -2
- package/tests/__snapshots__/takedown-appeal.test.ts.snap +0 -43
- package/tests/_oauth_client_assets_middleware.ts +0 -23
- package/tests/_puppeteer.ts +0 -147
- package/tests/_types.d.ts +0 -16
- package/tests/_util.ts +0 -191
- package/tests/account-deactivation.test.ts +0 -204
- package/tests/account-deletion.test.ts +0 -300
- package/tests/account-manager.test.ts +0 -462
- package/tests/account-migration.test.ts +0 -221
- package/tests/account-status.test.ts +0 -206
- package/tests/account.test.ts +0 -595
- package/tests/app-passwords.test.ts +0 -262
- package/tests/auth.test.ts +0 -405
- package/tests/blob-deletes.test.ts +0 -204
- package/tests/create-post.test.ts +0 -79
- package/tests/crud.test.ts +0 -1595
- package/tests/db.test.ts +0 -170
- package/tests/email-confirmation.test.ts +0 -227
- package/tests/entryway-mock.ts +0 -323
- package/tests/entryway.test.ts +0 -145
- package/tests/file-uploads.test.ts +0 -301
- package/tests/get-service-auth.test.ts +0 -81
- package/tests/handle-validation.test.ts +0 -56
- package/tests/handles.test.ts +0 -274
- package/tests/invite-codes.test.ts +0 -367
- package/tests/invites-admin.test.ts +0 -252
- package/tests/moderation.test.ts +0 -280
- package/tests/moderator-auth.test.ts +0 -177
- package/tests/oauth.test.ts +0 -334
- package/tests/plc-operations.test.ts +0 -239
- package/tests/preferences.test.ts +0 -352
- package/tests/proxied/__snapshots__/admin.test.ts.snap +0 -516
- package/tests/proxied/__snapshots__/feedgen.test.ts.snap +0 -215
- package/tests/proxied/__snapshots__/views.test.ts.snap +0 -4456
- package/tests/proxied/admin.test.ts +0 -340
- package/tests/proxied/feedgen.test.ts +0 -66
- package/tests/proxied/notif.test.ts +0 -85
- package/tests/proxied/procedures.test.ts +0 -175
- package/tests/proxied/proxy-catchall.test.ts +0 -256
- package/tests/proxied/proxy-header.test.ts +0 -239
- package/tests/proxied/proxy-oauth-aud.test.ts +0 -182
- package/tests/proxied/read-after-write.test.ts +0 -382
- package/tests/proxied/views.test.ts +0 -608
- package/tests/races.test.ts +0 -89
- package/tests/rate-limits.test.ts +0 -70
- package/tests/recovery.test.ts +0 -180
- package/tests/seeds/basic.ts +0 -165
- package/tests/seeds/follows.ts +0 -57
- package/tests/seeds/likes.ts +0 -14
- package/tests/seeds/reposts.ts +0 -18
- package/tests/seeds/thread.ts +0 -40
- package/tests/seeds/users-bulk.ts +0 -246
- package/tests/seeds/users.ts +0 -67
- package/tests/sequencer.test.ts +0 -251
- package/tests/server.test.ts +0 -151
- package/tests/sync/invertible-ops.test.ts +0 -99
- package/tests/sync/list.test.ts +0 -43
- package/tests/sync/subscribe-repos.test.ts +0 -672
- package/tests/sync/sync.test.ts +0 -316
- package/tests/takedown-appeal.test.ts +0 -166
- package/tsconfig.build.json +0 -9
- package/tsconfig.build.tsbuildinfo +0 -1
- package/tsconfig.json +0 -7
- package/tsconfig.tests.json +0 -8
|
@@ -1,252 +0,0 @@
|
|
|
1
|
-
import { AtpAgent } from '@atproto/api'
|
|
2
|
-
import { randomStr } from '@atproto/crypto'
|
|
3
|
-
import { SeedClient, TestNetworkNoAppView } from '@atproto/dev-env'
|
|
4
|
-
import type { DidString } from '@atproto/syntax'
|
|
5
|
-
|
|
6
|
-
describe('pds admin invite views', () => {
|
|
7
|
-
let network: TestNetworkNoAppView
|
|
8
|
-
let agent: AtpAgent
|
|
9
|
-
let sc: SeedClient
|
|
10
|
-
|
|
11
|
-
beforeAll(async () => {
|
|
12
|
-
network = await TestNetworkNoAppView.create({
|
|
13
|
-
dbPostgresSchema: 'views_admin_invites',
|
|
14
|
-
pds: {
|
|
15
|
-
inviteRequired: true,
|
|
16
|
-
inviteInterval: 1,
|
|
17
|
-
},
|
|
18
|
-
})
|
|
19
|
-
agent = network.pds.getAgent()
|
|
20
|
-
sc = network.getSeedClient()
|
|
21
|
-
})
|
|
22
|
-
|
|
23
|
-
afterAll(async () => {
|
|
24
|
-
await network?.close()
|
|
25
|
-
})
|
|
26
|
-
|
|
27
|
-
let alice: DidString
|
|
28
|
-
let bob: DidString
|
|
29
|
-
let carol: DidString
|
|
30
|
-
|
|
31
|
-
beforeAll(async () => {
|
|
32
|
-
const adminCode = await agent.api.com.atproto.server.createInviteCode(
|
|
33
|
-
{ useCount: 10 },
|
|
34
|
-
{ encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
|
|
35
|
-
)
|
|
36
|
-
|
|
37
|
-
await sc.createAccount('alice', {
|
|
38
|
-
handle: 'alice.test',
|
|
39
|
-
email: 'alice@test.com',
|
|
40
|
-
password: 'alice',
|
|
41
|
-
inviteCode: adminCode.data.code,
|
|
42
|
-
})
|
|
43
|
-
await sc.createAccount('bob', {
|
|
44
|
-
handle: 'bob.test',
|
|
45
|
-
email: 'bob@test.com',
|
|
46
|
-
password: 'bob',
|
|
47
|
-
inviteCode: adminCode.data.code,
|
|
48
|
-
})
|
|
49
|
-
await sc.createAccount('carol', {
|
|
50
|
-
handle: 'carol.test',
|
|
51
|
-
email: 'carol@test.com',
|
|
52
|
-
password: 'carol',
|
|
53
|
-
inviteCode: adminCode.data.code,
|
|
54
|
-
})
|
|
55
|
-
|
|
56
|
-
alice = sc.dids.alice
|
|
57
|
-
bob = sc.dids.bob
|
|
58
|
-
carol = sc.dids.carol
|
|
59
|
-
|
|
60
|
-
const aliceCodes = await agent.api.com.atproto.server.getAccountInviteCodes(
|
|
61
|
-
{},
|
|
62
|
-
{ headers: sc.getHeaders(alice) },
|
|
63
|
-
)
|
|
64
|
-
await agent.api.com.atproto.server.getAccountInviteCodes(
|
|
65
|
-
{},
|
|
66
|
-
{ headers: sc.getHeaders(bob) },
|
|
67
|
-
)
|
|
68
|
-
await agent.api.com.atproto.server.createInviteCode(
|
|
69
|
-
{ useCount: 5, forAccount: alice },
|
|
70
|
-
{ encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
|
|
71
|
-
)
|
|
72
|
-
await agent.api.com.atproto.admin.disableInviteCodes(
|
|
73
|
-
{ codes: [adminCode.data.code], accounts: [bob] },
|
|
74
|
-
{ encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
|
|
75
|
-
)
|
|
76
|
-
|
|
77
|
-
const useCode = async (code: string) => {
|
|
78
|
-
const name = randomStr(8, 'base32')
|
|
79
|
-
await agent.api.com.atproto.server.createAccount({
|
|
80
|
-
handle: `${name}.test`,
|
|
81
|
-
email: `${name}@test.com`,
|
|
82
|
-
password: name,
|
|
83
|
-
inviteCode: code,
|
|
84
|
-
})
|
|
85
|
-
}
|
|
86
|
-
|
|
87
|
-
await useCode(aliceCodes.data.codes[0].code)
|
|
88
|
-
await useCode(aliceCodes.data.codes[1].code)
|
|
89
|
-
})
|
|
90
|
-
|
|
91
|
-
it('gets a list of invite codes by recency', async () => {
|
|
92
|
-
const result = await agent.api.com.atproto.admin.getInviteCodes(
|
|
93
|
-
{},
|
|
94
|
-
{ headers: network.pds.adminAuthHeaders() },
|
|
95
|
-
)
|
|
96
|
-
let lastDate = result.data.codes[0].createdAt
|
|
97
|
-
for (const code of result.data.codes) {
|
|
98
|
-
expect(code.createdAt <= lastDate).toBeTruthy()
|
|
99
|
-
lastDate = code.createdAt
|
|
100
|
-
}
|
|
101
|
-
expect(result.data.codes.length).toBe(12)
|
|
102
|
-
expect(result.data.codes[0]).toMatchObject({
|
|
103
|
-
available: 5,
|
|
104
|
-
disabled: false,
|
|
105
|
-
forAccount: alice,
|
|
106
|
-
createdBy: 'admin',
|
|
107
|
-
})
|
|
108
|
-
expect(result.data.codes[0].uses.length).toBe(0)
|
|
109
|
-
expect(result.data.codes.at(-1)).toMatchObject({
|
|
110
|
-
available: 10,
|
|
111
|
-
disabled: true,
|
|
112
|
-
forAccount: 'admin',
|
|
113
|
-
createdBy: 'admin',
|
|
114
|
-
})
|
|
115
|
-
expect(result.data.codes.at(-1)?.uses.length).toBe(3)
|
|
116
|
-
})
|
|
117
|
-
|
|
118
|
-
it('paginates by recency', async () => {
|
|
119
|
-
const full = await agent.api.com.atproto.admin.getInviteCodes(
|
|
120
|
-
{},
|
|
121
|
-
{ headers: network.pds.adminAuthHeaders() },
|
|
122
|
-
)
|
|
123
|
-
const first = await agent.api.com.atproto.admin.getInviteCodes(
|
|
124
|
-
{ limit: 5 },
|
|
125
|
-
{ headers: network.pds.adminAuthHeaders() },
|
|
126
|
-
)
|
|
127
|
-
const second = await agent.api.com.atproto.admin.getInviteCodes(
|
|
128
|
-
{ cursor: first.data.cursor },
|
|
129
|
-
{ headers: network.pds.adminAuthHeaders() },
|
|
130
|
-
)
|
|
131
|
-
const combined = [...first.data.codes, ...second.data.codes]
|
|
132
|
-
expect(combined).toEqual(full.data.codes)
|
|
133
|
-
})
|
|
134
|
-
|
|
135
|
-
it('gets a list of invite codes by usage', async () => {
|
|
136
|
-
const result = await agent.api.com.atproto.admin.getInviteCodes(
|
|
137
|
-
{ sort: 'usage' },
|
|
138
|
-
{ headers: network.pds.adminAuthHeaders() },
|
|
139
|
-
)
|
|
140
|
-
let lastUseCount = result.data.codes[0].uses.length
|
|
141
|
-
for (const code of result.data.codes) {
|
|
142
|
-
expect(code.uses.length).toBeLessThanOrEqual(lastUseCount)
|
|
143
|
-
lastUseCount = code.uses.length
|
|
144
|
-
}
|
|
145
|
-
expect(result.data.codes[0]).toMatchObject({
|
|
146
|
-
available: 10,
|
|
147
|
-
disabled: true,
|
|
148
|
-
forAccount: 'admin',
|
|
149
|
-
createdBy: 'admin',
|
|
150
|
-
})
|
|
151
|
-
expect(result.data.codes[0].uses.length).toBe(3)
|
|
152
|
-
})
|
|
153
|
-
|
|
154
|
-
it('paginates by usage', async () => {
|
|
155
|
-
const full = await agent.api.com.atproto.admin.getInviteCodes(
|
|
156
|
-
{ sort: 'usage' },
|
|
157
|
-
{ headers: network.pds.adminAuthHeaders() },
|
|
158
|
-
)
|
|
159
|
-
const first = await agent.api.com.atproto.admin.getInviteCodes(
|
|
160
|
-
{ sort: 'usage', limit: 5 },
|
|
161
|
-
{ headers: network.pds.adminAuthHeaders() },
|
|
162
|
-
)
|
|
163
|
-
const second = await agent.api.com.atproto.admin.getInviteCodes(
|
|
164
|
-
{ sort: 'usage', cursor: first.data.cursor },
|
|
165
|
-
{ headers: network.pds.adminAuthHeaders() },
|
|
166
|
-
)
|
|
167
|
-
const combined = [...first.data.codes, ...second.data.codes]
|
|
168
|
-
expect(combined).toEqual(full.data.codes)
|
|
169
|
-
})
|
|
170
|
-
|
|
171
|
-
it('hydrates invites into admin.getAccountInfo', async () => {
|
|
172
|
-
const aliceView = await agent.api.com.atproto.admin.getAccountInfo(
|
|
173
|
-
{ did: alice },
|
|
174
|
-
{ headers: network.pds.adminAuthHeaders() },
|
|
175
|
-
)
|
|
176
|
-
expect(aliceView.data.invitedBy?.available).toBe(10)
|
|
177
|
-
expect(aliceView.data.invitedBy?.uses.length).toBe(3)
|
|
178
|
-
expect(aliceView.data.invites?.length).toBe(6)
|
|
179
|
-
})
|
|
180
|
-
|
|
181
|
-
it('disables an account from getting additional invite codes', async () => {
|
|
182
|
-
await agent.api.com.atproto.admin.disableAccountInvites(
|
|
183
|
-
{ account: carol },
|
|
184
|
-
{ encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
|
|
185
|
-
)
|
|
186
|
-
|
|
187
|
-
const repoRes = await agent.api.com.atproto.admin.getAccountInfo(
|
|
188
|
-
{ did: carol },
|
|
189
|
-
{ headers: network.pds.adminAuthHeaders() },
|
|
190
|
-
)
|
|
191
|
-
expect(repoRes.data.invitesDisabled).toBe(true)
|
|
192
|
-
|
|
193
|
-
const invRes = await agent.api.com.atproto.server.getAccountInviteCodes(
|
|
194
|
-
{},
|
|
195
|
-
{ headers: sc.getHeaders(carol) },
|
|
196
|
-
)
|
|
197
|
-
expect(invRes.data.codes.length).toBe(0)
|
|
198
|
-
})
|
|
199
|
-
|
|
200
|
-
it('allows setting reason when enabling and disabling invite codes', async () => {
|
|
201
|
-
await agent.api.com.atproto.admin.enableAccountInvites(
|
|
202
|
-
{ account: carol },
|
|
203
|
-
{ encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
|
|
204
|
-
)
|
|
205
|
-
|
|
206
|
-
const afterEnable = await agent.api.com.atproto.admin.getAccountInfo(
|
|
207
|
-
{ did: carol },
|
|
208
|
-
{ headers: network.pds.adminAuthHeaders() },
|
|
209
|
-
)
|
|
210
|
-
expect(afterEnable.data.invitesDisabled).toBe(false)
|
|
211
|
-
|
|
212
|
-
await agent.api.com.atproto.admin.disableAccountInvites(
|
|
213
|
-
{ account: carol },
|
|
214
|
-
{ encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
|
|
215
|
-
)
|
|
216
|
-
|
|
217
|
-
const afterDisable = await agent.api.com.atproto.admin.getAccountInfo(
|
|
218
|
-
{ did: carol },
|
|
219
|
-
{ headers: network.pds.adminAuthHeaders() },
|
|
220
|
-
)
|
|
221
|
-
expect(afterDisable.data.invitesDisabled).toBe(true)
|
|
222
|
-
})
|
|
223
|
-
|
|
224
|
-
it('creates codes in the background but disables them', async () => {
|
|
225
|
-
const res = await network.pds.ctx.accountManager.db.db
|
|
226
|
-
.selectFrom('invite_code')
|
|
227
|
-
.where('forAccount', '=', carol)
|
|
228
|
-
.selectAll()
|
|
229
|
-
.execute()
|
|
230
|
-
expect(res.length).toBe(5)
|
|
231
|
-
expect(res.every((row) => row.disabled === 1))
|
|
232
|
-
})
|
|
233
|
-
|
|
234
|
-
it('re-enables an accounts invites', async () => {
|
|
235
|
-
await agent.api.com.atproto.admin.enableAccountInvites(
|
|
236
|
-
{ account: carol },
|
|
237
|
-
{ encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
|
|
238
|
-
)
|
|
239
|
-
|
|
240
|
-
const repoRes = await agent.api.com.atproto.admin.getAccountInfo(
|
|
241
|
-
{ did: carol },
|
|
242
|
-
{ headers: network.pds.adminAuthHeaders() },
|
|
243
|
-
)
|
|
244
|
-
expect(repoRes.data.invitesDisabled).toBe(false)
|
|
245
|
-
|
|
246
|
-
const invRes = await agent.api.com.atproto.server.getAccountInviteCodes(
|
|
247
|
-
{},
|
|
248
|
-
{ headers: sc.getHeaders(carol) },
|
|
249
|
-
)
|
|
250
|
-
expect(invRes.data.codes.length).toBeGreaterThan(0)
|
|
251
|
-
})
|
|
252
|
-
})
|
package/tests/moderation.test.ts
DELETED
|
@@ -1,280 +0,0 @@
|
|
|
1
|
-
import assert from 'node:assert'
|
|
2
|
-
import {
|
|
3
|
-
$Typed,
|
|
4
|
-
AtpAgent,
|
|
5
|
-
ComAtprotoAdminDefs,
|
|
6
|
-
ComAtprotoRepoStrongRef,
|
|
7
|
-
} from '@atproto/api'
|
|
8
|
-
import { ImageRef, SeedClient, TestNetworkNoAppView } from '@atproto/dev-env'
|
|
9
|
-
import { BlobNotFoundError } from '@atproto/repo'
|
|
10
|
-
import basicSeed from './seeds/basic.js'
|
|
11
|
-
|
|
12
|
-
describe('moderation', () => {
|
|
13
|
-
let network: TestNetworkNoAppView
|
|
14
|
-
let agent: AtpAgent
|
|
15
|
-
let sc: SeedClient
|
|
16
|
-
|
|
17
|
-
let repoSubject: $Typed<ComAtprotoAdminDefs.RepoRef>
|
|
18
|
-
let recordSubject: $Typed<ComAtprotoRepoStrongRef.Main>
|
|
19
|
-
let blobSubject: $Typed<ComAtprotoAdminDefs.RepoBlobRef>
|
|
20
|
-
let blobRef: ImageRef
|
|
21
|
-
|
|
22
|
-
beforeAll(async () => {
|
|
23
|
-
network = await TestNetworkNoAppView.create({
|
|
24
|
-
dbPostgresSchema: 'moderation',
|
|
25
|
-
})
|
|
26
|
-
|
|
27
|
-
agent = network.pds.getAgent()
|
|
28
|
-
sc = network.getSeedClient()
|
|
29
|
-
await basicSeed(sc)
|
|
30
|
-
await network.processAll()
|
|
31
|
-
repoSubject = {
|
|
32
|
-
$type: 'com.atproto.admin.defs#repoRef',
|
|
33
|
-
did: sc.dids.bob,
|
|
34
|
-
}
|
|
35
|
-
const post = sc.posts[sc.dids.carol][0]
|
|
36
|
-
recordSubject = {
|
|
37
|
-
$type: 'com.atproto.repo.strongRef',
|
|
38
|
-
uri: post.ref.uriStr,
|
|
39
|
-
cid: post.ref.cidStr,
|
|
40
|
-
}
|
|
41
|
-
blobRef = post.images[1]
|
|
42
|
-
blobSubject = {
|
|
43
|
-
$type: 'com.atproto.admin.defs#repoBlobRef',
|
|
44
|
-
did: sc.dids.carol,
|
|
45
|
-
cid: blobRef.image.ref.toString(),
|
|
46
|
-
}
|
|
47
|
-
})
|
|
48
|
-
|
|
49
|
-
afterAll(async () => {
|
|
50
|
-
await network?.close()
|
|
51
|
-
})
|
|
52
|
-
|
|
53
|
-
it('takes down accounts', async () => {
|
|
54
|
-
await agent.api.com.atproto.admin.updateSubjectStatus(
|
|
55
|
-
{
|
|
56
|
-
subject: repoSubject,
|
|
57
|
-
takedown: { applied: true, ref: 'test-repo' },
|
|
58
|
-
},
|
|
59
|
-
{
|
|
60
|
-
encoding: 'application/json',
|
|
61
|
-
headers: network.pds.adminAuthHeaders(),
|
|
62
|
-
},
|
|
63
|
-
)
|
|
64
|
-
const res = await agent.api.com.atproto.admin.getSubjectStatus(
|
|
65
|
-
{
|
|
66
|
-
did: repoSubject.did,
|
|
67
|
-
},
|
|
68
|
-
{ headers: network.pds.adminAuthHeaders() },
|
|
69
|
-
)
|
|
70
|
-
assert(ComAtprotoAdminDefs.isRepoRef(res.data.subject))
|
|
71
|
-
expect(res.data.subject.did).toEqual(sc.dids.bob)
|
|
72
|
-
expect(res.data.takedown?.applied).toBe(true)
|
|
73
|
-
expect(res.data.takedown?.ref).toBe('test-repo')
|
|
74
|
-
})
|
|
75
|
-
|
|
76
|
-
it('restores takendown accounts', async () => {
|
|
77
|
-
await agent.api.com.atproto.admin.updateSubjectStatus(
|
|
78
|
-
{
|
|
79
|
-
subject: repoSubject,
|
|
80
|
-
takedown: { applied: false },
|
|
81
|
-
},
|
|
82
|
-
{
|
|
83
|
-
encoding: 'application/json',
|
|
84
|
-
headers: network.pds.adminAuthHeaders(),
|
|
85
|
-
},
|
|
86
|
-
)
|
|
87
|
-
const res = await agent.api.com.atproto.admin.getSubjectStatus(
|
|
88
|
-
{
|
|
89
|
-
did: repoSubject.did,
|
|
90
|
-
},
|
|
91
|
-
{ headers: network.pds.adminAuthHeaders() },
|
|
92
|
-
)
|
|
93
|
-
assert(ComAtprotoAdminDefs.isRepoRef(res.data.subject))
|
|
94
|
-
expect(res.data.subject.did).toEqual(sc.dids.bob)
|
|
95
|
-
expect(res.data.takedown?.applied).toBe(false)
|
|
96
|
-
expect(res.data.takedown?.ref).toBeUndefined()
|
|
97
|
-
})
|
|
98
|
-
|
|
99
|
-
it('takes down records', async () => {
|
|
100
|
-
await agent.api.com.atproto.admin.updateSubjectStatus(
|
|
101
|
-
{
|
|
102
|
-
subject: recordSubject,
|
|
103
|
-
takedown: { applied: true, ref: 'test-record' },
|
|
104
|
-
},
|
|
105
|
-
{
|
|
106
|
-
encoding: 'application/json',
|
|
107
|
-
headers: network.pds.adminAuthHeaders(),
|
|
108
|
-
},
|
|
109
|
-
)
|
|
110
|
-
const res = await agent.api.com.atproto.admin.getSubjectStatus(
|
|
111
|
-
{
|
|
112
|
-
uri: recordSubject.uri,
|
|
113
|
-
},
|
|
114
|
-
{ headers: network.pds.adminAuthHeaders() },
|
|
115
|
-
)
|
|
116
|
-
assert(ComAtprotoRepoStrongRef.isMain(res.data.subject))
|
|
117
|
-
expect(res.data.subject.uri).toEqual(recordSubject.uri)
|
|
118
|
-
expect(res.data.takedown?.applied).toBe(true)
|
|
119
|
-
expect(res.data.takedown?.ref).toBe('test-record')
|
|
120
|
-
})
|
|
121
|
-
|
|
122
|
-
it('restores takendown records', async () => {
|
|
123
|
-
await agent.api.com.atproto.admin.updateSubjectStatus(
|
|
124
|
-
{
|
|
125
|
-
subject: recordSubject,
|
|
126
|
-
takedown: { applied: false },
|
|
127
|
-
},
|
|
128
|
-
{
|
|
129
|
-
encoding: 'application/json',
|
|
130
|
-
headers: network.pds.adminAuthHeaders(),
|
|
131
|
-
},
|
|
132
|
-
)
|
|
133
|
-
const res = await agent.api.com.atproto.admin.getSubjectStatus(
|
|
134
|
-
{
|
|
135
|
-
uri: recordSubject.uri,
|
|
136
|
-
},
|
|
137
|
-
{ headers: network.pds.adminAuthHeaders() },
|
|
138
|
-
)
|
|
139
|
-
assert(ComAtprotoRepoStrongRef.isMain(res.data.subject))
|
|
140
|
-
expect(res.data.subject.uri).toEqual(recordSubject.uri)
|
|
141
|
-
expect(res.data.takedown?.applied).toBe(false)
|
|
142
|
-
expect(res.data.takedown?.ref).toBeUndefined()
|
|
143
|
-
})
|
|
144
|
-
|
|
145
|
-
describe('blob takedown', () => {
|
|
146
|
-
it('takes down blobs', async () => {
|
|
147
|
-
await agent.api.com.atproto.admin.updateSubjectStatus(
|
|
148
|
-
{
|
|
149
|
-
subject: blobSubject,
|
|
150
|
-
takedown: { applied: true, ref: 'test-blob' },
|
|
151
|
-
},
|
|
152
|
-
{
|
|
153
|
-
encoding: 'application/json',
|
|
154
|
-
headers: network.pds.adminAuthHeaders(),
|
|
155
|
-
},
|
|
156
|
-
)
|
|
157
|
-
const res = await agent.api.com.atproto.admin.getSubjectStatus(
|
|
158
|
-
{
|
|
159
|
-
did: blobSubject.did,
|
|
160
|
-
blob: blobSubject.cid,
|
|
161
|
-
},
|
|
162
|
-
{ headers: network.pds.adminAuthHeaders() },
|
|
163
|
-
)
|
|
164
|
-
assert(ComAtprotoAdminDefs.isRepoBlobRef(res.data.subject))
|
|
165
|
-
expect(res.data.subject.did).toEqual(blobSubject.did)
|
|
166
|
-
assert(ComAtprotoAdminDefs.isRepoBlobRef(res.data.subject))
|
|
167
|
-
expect(res.data.subject.cid).toEqual(blobSubject.cid)
|
|
168
|
-
expect(res.data.takedown?.applied).toBe(true)
|
|
169
|
-
expect(res.data.takedown?.ref).toBe('test-blob')
|
|
170
|
-
})
|
|
171
|
-
|
|
172
|
-
it('removes blob from the store', async () => {
|
|
173
|
-
const tryGetBytes = network.pds.ctx
|
|
174
|
-
.blobstore(blobSubject.did)
|
|
175
|
-
.getBytes(blobRef.image.ref)
|
|
176
|
-
await expect(tryGetBytes).rejects.toThrow(BlobNotFoundError)
|
|
177
|
-
})
|
|
178
|
-
|
|
179
|
-
it('prevents blob from being referenced again.', async () => {
|
|
180
|
-
const referenceBlob = sc.post(sc.dids.carol, 'pic', [], [blobRef])
|
|
181
|
-
await expect(referenceBlob).rejects.toThrow('Could not find blob:')
|
|
182
|
-
})
|
|
183
|
-
|
|
184
|
-
it('prevents blob from being reuploaded', async () => {
|
|
185
|
-
const attempt = sc.uploadFile(
|
|
186
|
-
sc.dids.carol,
|
|
187
|
-
'../dev-env/assets/key-alt.jpg',
|
|
188
|
-
'image/jpeg',
|
|
189
|
-
)
|
|
190
|
-
await expect(attempt).rejects.toThrow(
|
|
191
|
-
'Blob has been takendown, cannot re-upload',
|
|
192
|
-
)
|
|
193
|
-
})
|
|
194
|
-
|
|
195
|
-
it('prevents image blob from being served.', async () => {
|
|
196
|
-
const attempt = agent.api.com.atproto.sync.getBlob({
|
|
197
|
-
did: sc.dids.carol,
|
|
198
|
-
cid: blobRef.image.ref.toString(),
|
|
199
|
-
})
|
|
200
|
-
await expect(attempt).rejects.toThrow('Blob not found')
|
|
201
|
-
})
|
|
202
|
-
|
|
203
|
-
it('restores blob when takedown is removed', async () => {
|
|
204
|
-
await agent.api.com.atproto.admin.updateSubjectStatus(
|
|
205
|
-
{
|
|
206
|
-
subject: blobSubject,
|
|
207
|
-
takedown: { applied: false },
|
|
208
|
-
},
|
|
209
|
-
{
|
|
210
|
-
encoding: 'application/json',
|
|
211
|
-
headers: network.pds.adminAuthHeaders(),
|
|
212
|
-
},
|
|
213
|
-
)
|
|
214
|
-
|
|
215
|
-
// Can post and reference blob
|
|
216
|
-
const post = await sc.post(sc.dids.carol, 'pic', [], [blobRef])
|
|
217
|
-
expect(post.images[0].image.ref.equals(blobRef.image.ref)).toBeTruthy()
|
|
218
|
-
|
|
219
|
-
// Can fetch through image server
|
|
220
|
-
const res = await agent.api.com.atproto.sync.getBlob({
|
|
221
|
-
did: sc.dids.carol,
|
|
222
|
-
cid: blobRef.image.ref.toString(),
|
|
223
|
-
})
|
|
224
|
-
|
|
225
|
-
expect(res.data.byteLength).toBeGreaterThan(9000)
|
|
226
|
-
})
|
|
227
|
-
|
|
228
|
-
it('prevents blobs of takendown accounts from being served.', async () => {
|
|
229
|
-
await agent.api.com.atproto.admin.updateSubjectStatus(
|
|
230
|
-
{
|
|
231
|
-
subject: {
|
|
232
|
-
$type: 'com.atproto.admin.defs#repoRef',
|
|
233
|
-
did: sc.dids.carol,
|
|
234
|
-
},
|
|
235
|
-
takedown: { applied: true },
|
|
236
|
-
},
|
|
237
|
-
{
|
|
238
|
-
encoding: 'application/json',
|
|
239
|
-
headers: network.pds.adminAuthHeaders(),
|
|
240
|
-
},
|
|
241
|
-
)
|
|
242
|
-
const blobParams = {
|
|
243
|
-
did: sc.dids.carol,
|
|
244
|
-
cid: blobRef.image.ref.toString(),
|
|
245
|
-
}
|
|
246
|
-
// public, disallow
|
|
247
|
-
const attempt1 = agent.api.com.atproto.sync.getBlob(blobParams)
|
|
248
|
-
await expect(attempt1).rejects.toThrow(/Repo has been takendown/)
|
|
249
|
-
// logged-in, disallow
|
|
250
|
-
const attempt2 = agent.api.com.atproto.sync.getBlob(blobParams, {
|
|
251
|
-
headers: sc.getHeaders(sc.dids.bob),
|
|
252
|
-
})
|
|
253
|
-
await expect(attempt2).rejects.toThrow(/Repo has been takendown/)
|
|
254
|
-
// logged-in as account, allow
|
|
255
|
-
const res1 = await agent.api.com.atproto.sync.getBlob(blobParams, {
|
|
256
|
-
headers: sc.getHeaders(sc.dids.carol),
|
|
257
|
-
})
|
|
258
|
-
expect(res1.data.byteLength).toBeGreaterThan(9000)
|
|
259
|
-
// admin role, allow
|
|
260
|
-
const res2 = await agent.api.com.atproto.sync.getBlob(blobParams, {
|
|
261
|
-
headers: network.pds.adminAuthHeaders(),
|
|
262
|
-
})
|
|
263
|
-
expect(res2.data.byteLength).toBeGreaterThan(9000)
|
|
264
|
-
// revert takedown
|
|
265
|
-
await agent.api.com.atproto.admin.updateSubjectStatus(
|
|
266
|
-
{
|
|
267
|
-
subject: {
|
|
268
|
-
$type: 'com.atproto.admin.defs#repoRef',
|
|
269
|
-
did: sc.dids.carol,
|
|
270
|
-
},
|
|
271
|
-
takedown: { applied: false },
|
|
272
|
-
},
|
|
273
|
-
{
|
|
274
|
-
encoding: 'application/json',
|
|
275
|
-
headers: network.pds.adminAuthHeaders(),
|
|
276
|
-
},
|
|
277
|
-
)
|
|
278
|
-
})
|
|
279
|
-
})
|
|
280
|
-
})
|
|
@@ -1,177 +0,0 @@
|
|
|
1
|
-
import assert from 'node:assert'
|
|
2
|
-
import * as plc from '@did-plc/lib'
|
|
3
|
-
import { AtpAgent } from '@atproto/api'
|
|
4
|
-
import { Keypair, Secp256k1Keypair } from '@atproto/crypto'
|
|
5
|
-
import { SeedClient, TestNetworkNoAppView } from '@atproto/dev-env'
|
|
6
|
-
import { $Typed } from '@atproto/lex'
|
|
7
|
-
import { createServiceAuthHeaders } from '@atproto/xrpc-server'
|
|
8
|
-
import { com } from '../src/lexicons/index.js'
|
|
9
|
-
import usersSeed from './seeds/users.js'
|
|
10
|
-
|
|
11
|
-
describe('moderator auth', () => {
|
|
12
|
-
let network: TestNetworkNoAppView
|
|
13
|
-
let agent: AtpAgent
|
|
14
|
-
let sc: SeedClient
|
|
15
|
-
|
|
16
|
-
let repoSubject: $Typed<com.atproto.admin.defs.RepoRef>
|
|
17
|
-
|
|
18
|
-
let modServiceDid: string
|
|
19
|
-
let altModDid: string
|
|
20
|
-
let modServiceKey: Secp256k1Keypair
|
|
21
|
-
let pdsDid: string
|
|
22
|
-
|
|
23
|
-
const opAndDid = async (handle: string, key: Keypair) => {
|
|
24
|
-
const op = await plc.signOperation(
|
|
25
|
-
{
|
|
26
|
-
type: 'plc_operation',
|
|
27
|
-
alsoKnownAs: [handle],
|
|
28
|
-
verificationMethods: {
|
|
29
|
-
atproto: key.did(),
|
|
30
|
-
},
|
|
31
|
-
rotationKeys: [key.did()],
|
|
32
|
-
services: {},
|
|
33
|
-
prev: null,
|
|
34
|
-
},
|
|
35
|
-
key,
|
|
36
|
-
)
|
|
37
|
-
const did = await plc.didForCreateOp(op)
|
|
38
|
-
return { op, did }
|
|
39
|
-
}
|
|
40
|
-
|
|
41
|
-
beforeAll(async () => {
|
|
42
|
-
// kinda goofy but we need to know the dids before creating the testnet for the PDS's config
|
|
43
|
-
modServiceKey = await Secp256k1Keypair.create()
|
|
44
|
-
const modServiceInfo = await opAndDid('mod.test', modServiceKey)
|
|
45
|
-
const altModInfo = await opAndDid('alt-mod.test', modServiceKey)
|
|
46
|
-
modServiceDid = modServiceInfo.did
|
|
47
|
-
altModDid = altModInfo.did
|
|
48
|
-
|
|
49
|
-
network = await TestNetworkNoAppView.create({
|
|
50
|
-
dbPostgresSchema: 'pds_moderator_auth',
|
|
51
|
-
pds: {
|
|
52
|
-
modServiceDid: modServiceInfo.did,
|
|
53
|
-
modServiceUrl: 'https://mod.invalid',
|
|
54
|
-
},
|
|
55
|
-
})
|
|
56
|
-
|
|
57
|
-
pdsDid = network.pds.ctx.cfg.service.did
|
|
58
|
-
|
|
59
|
-
const plcClient = network.plc.getClient()
|
|
60
|
-
await plcClient.sendOperation(modServiceInfo.did, modServiceInfo.op)
|
|
61
|
-
await plcClient.sendOperation(altModInfo.did, altModInfo.op)
|
|
62
|
-
|
|
63
|
-
agent = network.pds.getAgent()
|
|
64
|
-
sc = network.getSeedClient()
|
|
65
|
-
await usersSeed(sc)
|
|
66
|
-
await network.processAll()
|
|
67
|
-
repoSubject = {
|
|
68
|
-
$type: 'com.atproto.admin.defs#repoRef',
|
|
69
|
-
did: sc.dids.bob,
|
|
70
|
-
}
|
|
71
|
-
}, 20_000) // @NOTE seeding can take a while
|
|
72
|
-
|
|
73
|
-
afterAll(async () => {
|
|
74
|
-
await network?.close()
|
|
75
|
-
})
|
|
76
|
-
|
|
77
|
-
it('allows service auth requests from the configured appview did', async () => {
|
|
78
|
-
const updateHeaders = await createServiceAuthHeaders({
|
|
79
|
-
iss: modServiceDid,
|
|
80
|
-
aud: pdsDid,
|
|
81
|
-
lxm: com.atproto.admin.updateSubjectStatus.$lxm,
|
|
82
|
-
keypair: modServiceKey,
|
|
83
|
-
})
|
|
84
|
-
await agent.api.com.atproto.admin.updateSubjectStatus(
|
|
85
|
-
{
|
|
86
|
-
subject: repoSubject,
|
|
87
|
-
takedown: { applied: true, ref: 'test-repo' },
|
|
88
|
-
},
|
|
89
|
-
{
|
|
90
|
-
...updateHeaders,
|
|
91
|
-
encoding: 'application/json',
|
|
92
|
-
},
|
|
93
|
-
)
|
|
94
|
-
|
|
95
|
-
const getHeaders = await createServiceAuthHeaders({
|
|
96
|
-
iss: modServiceDid,
|
|
97
|
-
aud: pdsDid,
|
|
98
|
-
lxm: com.atproto.admin.getSubjectStatus.$lxm,
|
|
99
|
-
keypair: modServiceKey,
|
|
100
|
-
})
|
|
101
|
-
const res = await agent.api.com.atproto.admin.getSubjectStatus(
|
|
102
|
-
{
|
|
103
|
-
did: repoSubject.did,
|
|
104
|
-
},
|
|
105
|
-
getHeaders,
|
|
106
|
-
)
|
|
107
|
-
assert(com.atproto.admin.defs.repoRef.$matches(res.data.subject))
|
|
108
|
-
expect(res.data.subject.did).toBe(repoSubject.did)
|
|
109
|
-
expect(res.data.takedown?.applied).toBe(true)
|
|
110
|
-
})
|
|
111
|
-
|
|
112
|
-
it('does not allow requests from another did', async () => {
|
|
113
|
-
const headers = await createServiceAuthHeaders({
|
|
114
|
-
iss: altModDid,
|
|
115
|
-
aud: pdsDid,
|
|
116
|
-
lxm: com.atproto.admin.updateSubjectStatus.$lxm,
|
|
117
|
-
keypair: modServiceKey,
|
|
118
|
-
})
|
|
119
|
-
const attempt = agent.api.com.atproto.admin.updateSubjectStatus(
|
|
120
|
-
{
|
|
121
|
-
subject: repoSubject,
|
|
122
|
-
takedown: { applied: true, ref: 'test-repo' },
|
|
123
|
-
},
|
|
124
|
-
{
|
|
125
|
-
...headers,
|
|
126
|
-
encoding: 'application/json',
|
|
127
|
-
},
|
|
128
|
-
)
|
|
129
|
-
await expect(attempt).rejects.toThrow('Untrusted issuer')
|
|
130
|
-
})
|
|
131
|
-
|
|
132
|
-
it('does not allow requests with a bad signature', async () => {
|
|
133
|
-
const badKey = await Secp256k1Keypair.create()
|
|
134
|
-
const headers = await createServiceAuthHeaders({
|
|
135
|
-
iss: modServiceDid,
|
|
136
|
-
aud: pdsDid,
|
|
137
|
-
lxm: com.atproto.admin.updateSubjectStatus.$lxm,
|
|
138
|
-
keypair: badKey,
|
|
139
|
-
})
|
|
140
|
-
const attempt = agent.api.com.atproto.admin.updateSubjectStatus(
|
|
141
|
-
{
|
|
142
|
-
subject: repoSubject,
|
|
143
|
-
takedown: { applied: true, ref: 'test-repo' },
|
|
144
|
-
},
|
|
145
|
-
{
|
|
146
|
-
...headers,
|
|
147
|
-
encoding: 'application/json',
|
|
148
|
-
},
|
|
149
|
-
)
|
|
150
|
-
await expect(attempt).rejects.toThrow(
|
|
151
|
-
'jwt signature does not match jwt issuer',
|
|
152
|
-
)
|
|
153
|
-
})
|
|
154
|
-
|
|
155
|
-
it('does not allow requests with a bad aud', async () => {
|
|
156
|
-
// repo subject is bob, so we set alice as the audience
|
|
157
|
-
const headers = await createServiceAuthHeaders({
|
|
158
|
-
iss: modServiceDid,
|
|
159
|
-
aud: sc.dids.alice,
|
|
160
|
-
lxm: com.atproto.admin.updateSubjectStatus.$lxm,
|
|
161
|
-
keypair: modServiceKey,
|
|
162
|
-
})
|
|
163
|
-
const attempt = agent.api.com.atproto.admin.updateSubjectStatus(
|
|
164
|
-
{
|
|
165
|
-
subject: repoSubject,
|
|
166
|
-
takedown: { applied: true, ref: 'test-repo' },
|
|
167
|
-
},
|
|
168
|
-
{
|
|
169
|
-
...headers,
|
|
170
|
-
encoding: 'application/json',
|
|
171
|
-
},
|
|
172
|
-
)
|
|
173
|
-
await expect(attempt).rejects.toThrow(
|
|
174
|
-
'jwt audience does not match service did',
|
|
175
|
-
)
|
|
176
|
-
})
|
|
177
|
-
})
|