@atproto/pds 0.5.12 → 0.5.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (326) hide show
  1. package/CHANGELOG.md +53 -0
  2. package/dist/api/app/bsky/notification/index.d.ts.map +1 -1
  3. package/dist/api/app/bsky/notification/index.js +2 -0
  4. package/dist/api/app/bsky/notification/index.js.map +1 -1
  5. package/dist/api/app/bsky/notification/unregisterPush.d.ts +4 -0
  6. package/dist/api/app/bsky/notification/unregisterPush.d.ts.map +1 -0
  7. package/dist/api/app/bsky/notification/unregisterPush.js +48 -0
  8. package/dist/api/app/bsky/notification/unregisterPush.js.map +1 -0
  9. package/dist/lexicons/app/bsky/actor/defs.defs.d.ts +6 -0
  10. package/dist/lexicons/app/bsky/actor/defs.defs.d.ts.map +1 -1
  11. package/dist/lexicons/app/bsky/actor/defs.defs.js +1 -0
  12. package/dist/lexicons/app/bsky/actor/defs.defs.js.map +1 -1
  13. package/package.json +42 -38
  14. package/build.templates.cjs +0 -22
  15. package/example.env +0 -42
  16. package/jest.config.cjs +0 -27
  17. package/src/account-manager/account-manager.ts +0 -916
  18. package/src/account-manager/db/index.ts +0 -21
  19. package/src/account-manager/db/migrations/001-init.ts +0 -115
  20. package/src/account-manager/db/migrations/002-account-deactivation.ts +0 -17
  21. package/src/account-manager/db/migrations/003-privileged-app-passwords.ts +0 -12
  22. package/src/account-manager/db/migrations/004-oauth.ts +0 -122
  23. package/src/account-manager/db/migrations/005-oauth-account-management.ts +0 -136
  24. package/src/account-manager/db/migrations/006-oauth-permission-sets.ts +0 -20
  25. package/src/account-manager/db/migrations/007-lexicon-failures-index.ts +0 -14
  26. package/src/account-manager/db/migrations/index.ts +0 -17
  27. package/src/account-manager/db/schema/account-device.ts +0 -14
  28. package/src/account-manager/db/schema/account.ts +0 -16
  29. package/src/account-manager/db/schema/actor.ts +0 -17
  30. package/src/account-manager/db/schema/app-password.ts +0 -13
  31. package/src/account-manager/db/schema/authorization-request.ts +0 -30
  32. package/src/account-manager/db/schema/authorized-client.ts +0 -23
  33. package/src/account-manager/db/schema/device.ts +0 -18
  34. package/src/account-manager/db/schema/email-token.ts +0 -19
  35. package/src/account-manager/db/schema/index.ts +0 -43
  36. package/src/account-manager/db/schema/invite-code.ts +0 -24
  37. package/src/account-manager/db/schema/lexicon.ts +0 -15
  38. package/src/account-manager/db/schema/refresh-token.ts +0 -11
  39. package/src/account-manager/db/schema/repo-root.ts +0 -12
  40. package/src/account-manager/db/schema/token.ts +0 -38
  41. package/src/account-manager/db/schema/used-refresh-token.ts +0 -13
  42. package/src/account-manager/helpers/account-device.ts +0 -63
  43. package/src/account-manager/helpers/account.ts +0 -355
  44. package/src/account-manager/helpers/auth.ts +0 -222
  45. package/src/account-manager/helpers/authorization-request.ts +0 -90
  46. package/src/account-manager/helpers/authorized-client.ts +0 -75
  47. package/src/account-manager/helpers/device.ts +0 -47
  48. package/src/account-manager/helpers/email-token.ts +0 -87
  49. package/src/account-manager/helpers/invite.ts +0 -263
  50. package/src/account-manager/helpers/lexicon.ts +0 -67
  51. package/src/account-manager/helpers/password.ts +0 -136
  52. package/src/account-manager/helpers/repo.ts +0 -24
  53. package/src/account-manager/helpers/scrypt.ts +0 -53
  54. package/src/account-manager/helpers/token.ts +0 -158
  55. package/src/account-manager/helpers/used-refresh-token.ts +0 -30
  56. package/src/account-manager/oauth-store.ts +0 -880
  57. package/src/account-manager/scope-reference-getter.ts +0 -106
  58. package/src/actor-store/actor-store-reader.ts +0 -45
  59. package/src/actor-store/actor-store-resources.ts +0 -8
  60. package/src/actor-store/actor-store-transactor.ts +0 -31
  61. package/src/actor-store/actor-store-writer.ts +0 -17
  62. package/src/actor-store/actor-store.ts +0 -210
  63. package/src/actor-store/blob/reader.ts +0 -160
  64. package/src/actor-store/blob/transactor.ts +0 -383
  65. package/src/actor-store/db/index.ts +0 -20
  66. package/src/actor-store/db/migrations/001-init.ts +0 -105
  67. package/src/actor-store/db/migrations/index.ts +0 -5
  68. package/src/actor-store/db/schema/account-pref.ts +0 -11
  69. package/src/actor-store/db/schema/backlink.ts +0 -9
  70. package/src/actor-store/db/schema/blob.ts +0 -14
  71. package/src/actor-store/db/schema/index.ts +0 -23
  72. package/src/actor-store/db/schema/record-blob.ts +0 -8
  73. package/src/actor-store/db/schema/record.ts +0 -14
  74. package/src/actor-store/db/schema/repo-block.ts +0 -10
  75. package/src/actor-store/db/schema/repo-root.ts +0 -10
  76. package/src/actor-store/migrate.ts +0 -39
  77. package/src/actor-store/preference/reader.ts +0 -48
  78. package/src/actor-store/preference/transactor.ts +0 -55
  79. package/src/actor-store/preference/util.ts +0 -39
  80. package/src/actor-store/record/reader.ts +0 -374
  81. package/src/actor-store/record/transactor.ts +0 -111
  82. package/src/actor-store/repo/reader.ts +0 -31
  83. package/src/actor-store/repo/sql-repo-reader.ts +0 -150
  84. package/src/actor-store/repo/sql-repo-transactor.ts +0 -105
  85. package/src/actor-store/repo/transactor.ts +0 -227
  86. package/src/api/app/bsky/actor/getPreferences.ts +0 -57
  87. package/src/api/app/bsky/actor/getProfile.ts +0 -41
  88. package/src/api/app/bsky/actor/getProfiles.ts +0 -51
  89. package/src/api/app/bsky/actor/index.ts +0 -13
  90. package/src/api/app/bsky/actor/putPreferences.ts +0 -62
  91. package/src/api/app/bsky/feed/getActorLikes.ts +0 -63
  92. package/src/api/app/bsky/feed/getAuthorFeed.ts +0 -84
  93. package/src/api/app/bsky/feed/getFeed.ts +0 -47
  94. package/src/api/app/bsky/feed/getPostThread.ts +0 -251
  95. package/src/api/app/bsky/feed/getTimeline.ts +0 -50
  96. package/src/api/app/bsky/feed/index.ts +0 -15
  97. package/src/api/app/bsky/index.ts +0 -11
  98. package/src/api/app/bsky/notification/index.ts +0 -7
  99. package/src/api/app/bsky/notification/registerPush.ts +0 -71
  100. package/src/api/app/bsky/util/resolver.ts +0 -20
  101. package/src/api/com/atproto/admin/deleteAccount.ts +0 -22
  102. package/src/api/com/atproto/admin/disableAccountInvites.ts +0 -18
  103. package/src/api/com/atproto/admin/disableInviteCodes.ts +0 -21
  104. package/src/api/com/atproto/admin/enableAccountInvites.ts +0 -18
  105. package/src/api/com/atproto/admin/getAccountInfo.ts +0 -32
  106. package/src/api/com/atproto/admin/getAccountInfos.ts +0 -34
  107. package/src/api/com/atproto/admin/getInviteCodes.ts +0 -126
  108. package/src/api/com/atproto/admin/getSubjectStatus.ts +0 -76
  109. package/src/api/com/atproto/admin/index.ts +0 -31
  110. package/src/api/com/atproto/admin/sendEmail.ts +0 -47
  111. package/src/api/com/atproto/admin/updateAccountEmail.ts +0 -32
  112. package/src/api/com/atproto/admin/updateAccountHandle.ts +0 -47
  113. package/src/api/com/atproto/admin/updateAccountPassword.ts +0 -34
  114. package/src/api/com/atproto/admin/updateSubjectStatus.ts +0 -68
  115. package/src/api/com/atproto/admin/util.ts +0 -66
  116. package/src/api/com/atproto/identity/getRecommendedDidCredentials.ts +0 -50
  117. package/src/api/com/atproto/identity/index.ts +0 -17
  118. package/src/api/com/atproto/identity/requestPlcOperationSignature.ts +0 -59
  119. package/src/api/com/atproto/identity/resolveHandle.ts +0 -50
  120. package/src/api/com/atproto/identity/signPlcOperation.ts +0 -85
  121. package/src/api/com/atproto/identity/submitPlcOperation.ts +0 -65
  122. package/src/api/com/atproto/identity/updateHandle.ts +0 -66
  123. package/src/api/com/atproto/index.ts +0 -19
  124. package/src/api/com/atproto/moderation/createReport.ts +0 -41
  125. package/src/api/com/atproto/moderation/index.ts +0 -7
  126. package/src/api/com/atproto/repo/applyWrites.ts +0 -226
  127. package/src/api/com/atproto/repo/createRecord.ts +0 -143
  128. package/src/api/com/atproto/repo/deleteRecord.ts +0 -122
  129. package/src/api/com/atproto/repo/describeRepo.ts +0 -43
  130. package/src/api/com/atproto/repo/getRecord.ts +0 -40
  131. package/src/api/com/atproto/repo/importRepo.ts +0 -101
  132. package/src/api/com/atproto/repo/index.ts +0 -25
  133. package/src/api/com/atproto/repo/listMissingBlobs.ts +0 -29
  134. package/src/api/com/atproto/repo/listRecords.ts +0 -36
  135. package/src/api/com/atproto/repo/putRecord.ts +0 -211
  136. package/src/api/com/atproto/repo/uploadBlob.ts +0 -60
  137. package/src/api/com/atproto/server/activateAccount.ts +0 -37
  138. package/src/api/com/atproto/server/checkAccountStatus.ts +0 -51
  139. package/src/api/com/atproto/server/confirmEmail.ts +0 -39
  140. package/src/api/com/atproto/server/createAccount.ts +0 -327
  141. package/src/api/com/atproto/server/createAppPassword.ts +0 -53
  142. package/src/api/com/atproto/server/createInviteCode.ts +0 -38
  143. package/src/api/com/atproto/server/createInviteCodes.ts +0 -42
  144. package/src/api/com/atproto/server/createSession.ts +0 -97
  145. package/src/api/com/atproto/server/deactivateAccount.ts +0 -41
  146. package/src/api/com/atproto/server/deleteAccount.ts +0 -85
  147. package/src/api/com/atproto/server/deleteSession.ts +0 -23
  148. package/src/api/com/atproto/server/describeServer.ts +0 -29
  149. package/src/api/com/atproto/server/getAccountInviteCodes.ts +0 -142
  150. package/src/api/com/atproto/server/getServiceAuth.ts +0 -111
  151. package/src/api/com/atproto/server/getSession.ts +0 -80
  152. package/src/api/com/atproto/server/index.ts +0 -55
  153. package/src/api/com/atproto/server/listAppPasswords.ts +0 -45
  154. package/src/api/com/atproto/server/refreshSession.ts +0 -72
  155. package/src/api/com/atproto/server/requestAccountDelete.ts +0 -66
  156. package/src/api/com/atproto/server/requestEmailConfirmation.ts +0 -68
  157. package/src/api/com/atproto/server/requestEmailUpdate.ts +0 -86
  158. package/src/api/com/atproto/server/requestPasswordReset.ts +0 -52
  159. package/src/api/com/atproto/server/reserveSigningKey.ts +0 -15
  160. package/src/api/com/atproto/server/resetPassword.ts +0 -50
  161. package/src/api/com/atproto/server/revokeAppPassword.ts +0 -42
  162. package/src/api/com/atproto/server/updateEmail.ts +0 -52
  163. package/src/api/com/atproto/server/util.ts +0 -136
  164. package/src/api/com/atproto/sync/deprecated/getCheckout.ts +0 -27
  165. package/src/api/com/atproto/sync/deprecated/getHead.ts +0 -33
  166. package/src/api/com/atproto/sync/getBlob.ts +0 -61
  167. package/src/api/com/atproto/sync/getBlocks.ts +0 -37
  168. package/src/api/com/atproto/sync/getLatestCommit.ts +0 -33
  169. package/src/api/com/atproto/sync/getRecord.ts +0 -49
  170. package/src/api/com/atproto/sync/getRepo.ts +0 -75
  171. package/src/api/com/atproto/sync/getRepoStatus.ts +0 -34
  172. package/src/api/com/atproto/sync/index.ts +0 -27
  173. package/src/api/com/atproto/sync/listBlobs.ts +0 -33
  174. package/src/api/com/atproto/sync/listRepos.ts +0 -74
  175. package/src/api/com/atproto/sync/subscribeRepos.ts +0 -73
  176. package/src/api/com/atproto/sync/util.ts +0 -37
  177. package/src/api/com/atproto/temp/checkSignupQueue.ts +0 -34
  178. package/src/api/com/atproto/temp/index.ts +0 -7
  179. package/src/api/index.ts +0 -10
  180. package/src/api/proxy.ts +0 -44
  181. package/src/app-view.ts +0 -24
  182. package/src/auth-output.ts +0 -52
  183. package/src/auth-routes.ts +0 -64
  184. package/src/auth-scope.ts +0 -40
  185. package/src/auth-verifier.ts +0 -668
  186. package/src/background.ts +0 -65
  187. package/src/basic-routes.ts +0 -52
  188. package/src/bsky-app-view.ts +0 -33
  189. package/src/config/config.ts +0 -553
  190. package/src/config/env.ts +0 -167
  191. package/src/config/index.ts +0 -3
  192. package/src/config/secrets.ts +0 -54
  193. package/src/context.ts +0 -523
  194. package/src/crawlers.ts +0 -46
  195. package/src/db/cast.ts +0 -52
  196. package/src/db/db.ts +0 -140
  197. package/src/db/index.ts +0 -4
  198. package/src/db/migrator.ts +0 -40
  199. package/src/db/pagination.ts +0 -132
  200. package/src/db/tables/moderation.ts +0 -80
  201. package/src/db/util.ts +0 -108
  202. package/src/did-cache/db/index.ts +0 -21
  203. package/src/did-cache/db/migrations.ts +0 -17
  204. package/src/did-cache/db/schema.ts +0 -9
  205. package/src/did-cache/index.ts +0 -131
  206. package/src/disk-blobstore.ts +0 -172
  207. package/src/error.ts +0 -19
  208. package/src/handle/explicit-slurs.ts +0 -22
  209. package/src/handle/index.ts +0 -49
  210. package/src/handle/reserved.ts +0 -1059
  211. package/src/image/image-url-builder.ts +0 -16
  212. package/src/index.ts +0 -189
  213. package/src/lexicons.ts +0 -4
  214. package/src/logger.ts +0 -35
  215. package/src/mailer/index.ts +0 -111
  216. package/src/mailer/moderation.ts +0 -33
  217. package/src/mailer/templates/confirm-email.d.ts +0 -4
  218. package/src/mailer/templates/confirm-email.hbs +0 -158
  219. package/src/mailer/templates/delete-account.d.ts +0 -4
  220. package/src/mailer/templates/delete-account.hbs +0 -156
  221. package/src/mailer/templates/plc-operation.d.ts +0 -4
  222. package/src/mailer/templates/plc-operation.hbs +0 -153
  223. package/src/mailer/templates/reset-password.d.ts +0 -4
  224. package/src/mailer/templates/reset-password.hbs +0 -154
  225. package/src/mailer/templates/update-email.d.ts +0 -4
  226. package/src/mailer/templates/update-email.hbs +0 -153
  227. package/src/mailer/templates.ts +0 -17
  228. package/src/pipethrough.ts +0 -716
  229. package/src/rate-limits.ts +0 -59
  230. package/src/read-after-write/index.ts +0 -3
  231. package/src/read-after-write/types.ts +0 -35
  232. package/src/read-after-write/util.ts +0 -101
  233. package/src/read-after-write/viewer.ts +0 -290
  234. package/src/redis.ts +0 -25
  235. package/src/repo/index.ts +0 -2
  236. package/src/repo/prepare.ts +0 -266
  237. package/src/repo/types.ts +0 -65
  238. package/src/scripts/README.md +0 -40
  239. package/src/scripts/index.ts +0 -20
  240. package/src/scripts/publish-identity.ts +0 -60
  241. package/src/scripts/rebuild-repo.ts +0 -119
  242. package/src/scripts/rotate-keys.ts +0 -146
  243. package/src/scripts/sequencer-recovery/index.ts +0 -23
  244. package/src/scripts/sequencer-recovery/recoverer.ts +0 -297
  245. package/src/scripts/sequencer-recovery/recovery-db.ts +0 -65
  246. package/src/scripts/sequencer-recovery/repair-repos.ts +0 -49
  247. package/src/scripts/sequencer-recovery/user-queues.ts +0 -44
  248. package/src/scripts/util.ts +0 -7
  249. package/src/sequencer/db/index.ts +0 -21
  250. package/src/sequencer/db/migrations/001-init.ts +0 -35
  251. package/src/sequencer/db/migrations/index.ts +0 -5
  252. package/src/sequencer/db/schema.ts +0 -19
  253. package/src/sequencer/events.ts +0 -199
  254. package/src/sequencer/index.ts +0 -3
  255. package/src/sequencer/outbox.ts +0 -123
  256. package/src/sequencer/sequencer.ts +0 -290
  257. package/src/util/compression.ts +0 -16
  258. package/src/util/debug.ts +0 -10
  259. package/src/util/http.ts +0 -31
  260. package/src/util/types.ts +0 -7
  261. package/src/well-known.ts +0 -30
  262. package/test.env +0 -2
  263. package/tests/__snapshots__/takedown-appeal.test.ts.snap +0 -43
  264. package/tests/_oauth_client_assets_middleware.ts +0 -23
  265. package/tests/_puppeteer.ts +0 -147
  266. package/tests/_types.d.ts +0 -16
  267. package/tests/_util.ts +0 -191
  268. package/tests/account-deactivation.test.ts +0 -204
  269. package/tests/account-deletion.test.ts +0 -300
  270. package/tests/account-manager.test.ts +0 -462
  271. package/tests/account-migration.test.ts +0 -221
  272. package/tests/account-status.test.ts +0 -206
  273. package/tests/account.test.ts +0 -595
  274. package/tests/app-passwords.test.ts +0 -262
  275. package/tests/auth.test.ts +0 -405
  276. package/tests/blob-deletes.test.ts +0 -204
  277. package/tests/create-post.test.ts +0 -79
  278. package/tests/crud.test.ts +0 -1595
  279. package/tests/db.test.ts +0 -170
  280. package/tests/email-confirmation.test.ts +0 -227
  281. package/tests/entryway-mock.ts +0 -323
  282. package/tests/entryway.test.ts +0 -145
  283. package/tests/file-uploads.test.ts +0 -301
  284. package/tests/get-service-auth.test.ts +0 -81
  285. package/tests/handle-validation.test.ts +0 -56
  286. package/tests/handles.test.ts +0 -274
  287. package/tests/invite-codes.test.ts +0 -367
  288. package/tests/invites-admin.test.ts +0 -252
  289. package/tests/moderation.test.ts +0 -280
  290. package/tests/moderator-auth.test.ts +0 -177
  291. package/tests/oauth.test.ts +0 -334
  292. package/tests/plc-operations.test.ts +0 -239
  293. package/tests/preferences.test.ts +0 -352
  294. package/tests/proxied/__snapshots__/admin.test.ts.snap +0 -516
  295. package/tests/proxied/__snapshots__/feedgen.test.ts.snap +0 -215
  296. package/tests/proxied/__snapshots__/views.test.ts.snap +0 -4456
  297. package/tests/proxied/admin.test.ts +0 -340
  298. package/tests/proxied/feedgen.test.ts +0 -66
  299. package/tests/proxied/notif.test.ts +0 -85
  300. package/tests/proxied/procedures.test.ts +0 -175
  301. package/tests/proxied/proxy-catchall.test.ts +0 -256
  302. package/tests/proxied/proxy-header.test.ts +0 -239
  303. package/tests/proxied/proxy-oauth-aud.test.ts +0 -182
  304. package/tests/proxied/read-after-write.test.ts +0 -382
  305. package/tests/proxied/views.test.ts +0 -608
  306. package/tests/races.test.ts +0 -89
  307. package/tests/rate-limits.test.ts +0 -70
  308. package/tests/recovery.test.ts +0 -180
  309. package/tests/seeds/basic.ts +0 -165
  310. package/tests/seeds/follows.ts +0 -57
  311. package/tests/seeds/likes.ts +0 -14
  312. package/tests/seeds/reposts.ts +0 -18
  313. package/tests/seeds/thread.ts +0 -40
  314. package/tests/seeds/users-bulk.ts +0 -246
  315. package/tests/seeds/users.ts +0 -67
  316. package/tests/sequencer.test.ts +0 -251
  317. package/tests/server.test.ts +0 -151
  318. package/tests/sync/invertible-ops.test.ts +0 -99
  319. package/tests/sync/list.test.ts +0 -43
  320. package/tests/sync/subscribe-repos.test.ts +0 -672
  321. package/tests/sync/sync.test.ts +0 -316
  322. package/tests/takedown-appeal.test.ts +0 -166
  323. package/tsconfig.build.json +0 -9
  324. package/tsconfig.build.tsbuildinfo +0 -1
  325. package/tsconfig.json +0 -7
  326. package/tsconfig.tests.json +0 -8
@@ -1,50 +0,0 @@
1
- import { Server } from '@atproto/xrpc-server'
2
- import { AppContext } from '../../../../context.js'
3
- import { com } from '../../../../lexicons/index.js'
4
-
5
- export default function (server: Server, ctx: AppContext) {
6
- server.add(com.atproto.identity.getRecommendedDidCredentials, {
7
- auth: ctx.authVerifier.authorization({
8
- authorize: () => {
9
- // always allow
10
- },
11
- }),
12
- handler: async ({ auth }) => {
13
- const requester = auth.credentials.did
14
- const signingKey = await ctx.actorStore.keypair(requester)
15
- const verificationMethods = {
16
- atproto: signingKey.did(),
17
- }
18
- const account = await ctx.accountManager.getAccount(requester, {
19
- includeDeactivated: true,
20
- })
21
- const alsoKnownAs = account?.handle
22
- ? [`at://${account.handle}`]
23
- : undefined
24
-
25
- const plcRotationKey =
26
- ctx.cfg.entryway?.plcRotationKey ?? ctx.plcRotationKey.did()
27
- const rotationKeys = [plcRotationKey]
28
- if (ctx.cfg.identity.recoveryDidKey) {
29
- rotationKeys.unshift(ctx.cfg.identity.recoveryDidKey)
30
- }
31
-
32
- const services = {
33
- atproto_pds: {
34
- type: 'AtprotoPersonalDataServer',
35
- endpoint: ctx.cfg.service.publicUrl,
36
- },
37
- }
38
-
39
- return {
40
- encoding: 'application/json' as const,
41
- body: {
42
- alsoKnownAs,
43
- verificationMethods,
44
- rotationKeys,
45
- services,
46
- },
47
- }
48
- },
49
- })
50
- }
@@ -1,17 +0,0 @@
1
- import { Server } from '@atproto/xrpc-server'
2
- import { AppContext } from '../../../../context.js'
3
- import getRecommendedDidCredentials from './getRecommendedDidCredentials.js'
4
- import requestPlcOperationSignature from './requestPlcOperationSignature.js'
5
- import resolveHandle from './resolveHandle.js'
6
- import signPlcOperation from './signPlcOperation.js'
7
- import submitPlcOperation from './submitPlcOperation.js'
8
- import updateHandle from './updateHandle.js'
9
-
10
- export default function (server: Server, ctx: AppContext) {
11
- resolveHandle(server, ctx)
12
- updateHandle(server, ctx)
13
- getRecommendedDidCredentials(server, ctx)
14
- requestPlcOperationSignature(server, ctx)
15
- signPlcOperation(server, ctx)
16
- submitPlcOperation(server, ctx)
17
- }
@@ -1,59 +0,0 @@
1
- import { InvalidRequestError, Server } from '@atproto/xrpc-server'
2
- import { ACCESS_FULL, AuthScope } from '../../../../auth-scope.js'
3
- import { AppContext } from '../../../../context.js'
4
- import { com } from '../../../../lexicons/index.js'
5
-
6
- export default function (server: Server, ctx: AppContext) {
7
- const { entrywayClient } = ctx
8
-
9
- const auth = ctx.authVerifier.authorization({
10
- // @NOTE Reflect any change in signPlcOperation
11
- scopes: ACCESS_FULL,
12
- additional: [AuthScope.Takendown],
13
- authorize: (permissions) => {
14
- permissions.assertIdentity({ attr: '*' })
15
- },
16
- })
17
-
18
- if (entrywayClient) {
19
- // @TODO we should have a higher level way of defining these "passthrough"
20
- // handlers
21
- server.add(com.atproto.identity.requestPlcOperationSignature, {
22
- auth,
23
- handler: async ({ auth, req }) => {
24
- const { headers } = await ctx.entrywayAuthHeaders(
25
- req,
26
- auth.credentials.did,
27
- com.atproto.identity.requestPlcOperationSignature.$lxm,
28
- )
29
- await entrywayClient.xrpc(
30
- com.atproto.identity.requestPlcOperationSignature,
31
- { headers },
32
- )
33
- },
34
- })
35
- } else {
36
- server.add(com.atproto.identity.requestPlcOperationSignature, {
37
- auth,
38
- handler: async ({ auth }) => {
39
- const did = auth.credentials.did
40
- const account = await ctx.accountManager.getAccount(did, {
41
- includeDeactivated: true,
42
- includeTakenDown: true,
43
- })
44
- if (!account) {
45
- throw new InvalidRequestError('account not found')
46
- } else if (!account.email) {
47
- throw new InvalidRequestError(
48
- 'account does not have an email address',
49
- )
50
- }
51
- const token = await ctx.accountManager.createEmailToken(
52
- did,
53
- 'plc_operation',
54
- )
55
- await ctx.mailer.sendPlcOperation({ token }, { to: account.email })
56
- },
57
- })
58
- }
59
- }
@@ -1,50 +0,0 @@
1
- import { isDidString } from '@atproto/lex'
2
- import { DidString } from '@atproto/syntax'
3
- import { InvalidRequestError, Server } from '@atproto/xrpc-server'
4
- import { AppContext } from '../../../../context.js'
5
- import { baseNormalizeAndValidate } from '../../../../handle/index.js'
6
- import { com } from '../../../../lexicons/index.js'
7
-
8
- export default function (server: Server, ctx: AppContext) {
9
- server.add(com.atproto.identity.resolveHandle, async ({ params }) => {
10
- const handle = baseNormalizeAndValidate(params.handle)
11
-
12
- const user = await ctx.accountManager.getAccount(handle)
13
- if (user) {
14
- return {
15
- encoding: 'application/json' as const,
16
- body: { did: user.did as DidString },
17
- }
18
- }
19
-
20
- const supportedHandle = ctx.cfg.identity.serviceHandleDomains.some(
21
- (host) => handle.endsWith(host) || handle === host.slice(1),
22
- )
23
- // this should be in our DB & we couldn't find it, so fail
24
- if (supportedHandle) {
25
- throw new InvalidRequestError('Unable to resolve handle')
26
- }
27
-
28
- const did: DidString = ctx.bskyAppView
29
- ? await ctx.bskyAppView.client
30
- .call(com.atproto.identity.resolveHandle, { handle })
31
- .then((r) => r.did, throwInvalidRequestError)
32
- : await ctx.idResolver.handle
33
- .resolve(handle)
34
- .then(
35
- (v) => (v && isDidString(v) ? v : throwInvalidRequestError()),
36
- throwInvalidRequestError,
37
- )
38
-
39
- return {
40
- encoding: 'application/json' as const,
41
- body: { did },
42
- }
43
- })
44
- }
45
-
46
- function throwInvalidRequestError(cause?: unknown): never {
47
- throw new InvalidRequestError('Unable to resolve handle', undefined, {
48
- cause,
49
- })
50
- }
@@ -1,85 +0,0 @@
1
- import * as plc from '@did-plc/lib'
2
- import { check } from '@atproto/common'
3
- import { InvalidRequestError, Server } from '@atproto/xrpc-server'
4
- import { ACCESS_FULL, AuthScope } from '../../../../auth-scope.js'
5
- import { AppContext } from '../../../../context.js'
6
- import { com } from '../../../../lexicons/index.js'
7
-
8
- export default function (server: Server, ctx: AppContext) {
9
- const { entrywayClient } = ctx
10
-
11
- const auth = ctx.authVerifier.authorization({
12
- // @NOTE Should match auth rules from requestPlcOperationSignature
13
- scopes: ACCESS_FULL,
14
- additional: [AuthScope.Takendown],
15
- authorize: (permissions) => {
16
- permissions.assertIdentity({ attr: '*' })
17
- },
18
- })
19
-
20
- if (entrywayClient) {
21
- server.add(com.atproto.identity.signPlcOperation, {
22
- auth,
23
- handler: async ({ auth, input: { body }, req }) => {
24
- const { headers } = await ctx.entrywayAuthHeaders(
25
- req,
26
- auth.credentials.did,
27
- com.atproto.identity.signPlcOperation.$lxm,
28
- )
29
-
30
- return entrywayClient.xrpc(com.atproto.identity.signPlcOperation, {
31
- headers,
32
- body,
33
- })
34
- },
35
- })
36
- } else {
37
- server.add(com.atproto.identity.signPlcOperation, {
38
- auth,
39
- handler: async ({ auth, input }) => {
40
- const did = auth.credentials.did
41
- const { token } = input.body
42
- if (!token) {
43
- throw new InvalidRequestError(
44
- 'email confirmation token required to sign PLC operations',
45
- )
46
- }
47
- await ctx.accountManager.assertValidEmailTokenAndCleanup(
48
- did,
49
- 'plc_operation',
50
- token,
51
- )
52
-
53
- const lastOp = await ctx.plcClient.getLastOp(did)
54
- if (check.is(lastOp, plc.def.tombstone)) {
55
- throw new InvalidRequestError('Did is tombstoned')
56
- }
57
- const operation = await plc.createUpdateOp(
58
- lastOp,
59
- ctx.plcRotationKey,
60
- (lastOp) => ({
61
- ...lastOp,
62
- rotationKeys: input.body.rotationKeys ?? lastOp.rotationKeys,
63
- alsoKnownAs: input.body.alsoKnownAs ?? lastOp.alsoKnownAs,
64
- verificationMethods:
65
- // @TODO: actually validate instead of type casting
66
- (input.body.verificationMethods as
67
- | undefined
68
- | Record<string, string>) ?? lastOp.verificationMethods,
69
- services:
70
- // @TODO: actually validate instead of type casting
71
- (input.body.services as
72
- | undefined
73
- | Record<string, { type: string; endpoint: string }>) ??
74
- lastOp.services,
75
- }),
76
- )
77
-
78
- return {
79
- encoding: 'application/json' as const,
80
- body: { operation },
81
- }
82
- },
83
- })
84
- }
85
- }
@@ -1,65 +0,0 @@
1
- import * as plc from '@did-plc/lib'
2
- import { check } from '@atproto/common'
3
- import { InvalidRequestError, Server } from '@atproto/xrpc-server'
4
- import { AppContext } from '../../../../context.js'
5
- import { com } from '../../../../lexicons/index.js'
6
- import { httpLogger as log } from '../../../../logger.js'
7
-
8
- export default function (server: Server, ctx: AppContext) {
9
- server.add(com.atproto.identity.submitPlcOperation, {
10
- auth: ctx.authVerifier.authorization({
11
- authorize: (permissions) => {
12
- permissions.assertIdentity({ attr: '*' })
13
- },
14
- }),
15
- handler: async ({ auth, input }) => {
16
- const requester = auth.credentials.did
17
- const op = input.body.operation
18
-
19
- if (!check.is(op, plc.def.operation)) {
20
- throw new InvalidRequestError('Invalid operation')
21
- }
22
-
23
- const rotationKey =
24
- ctx.cfg.entryway?.plcRotationKey ?? ctx.plcRotationKey.did()
25
- if (!op.rotationKeys.includes(rotationKey)) {
26
- throw new InvalidRequestError(
27
- "Rotation keys do not include server's rotation key",
28
- )
29
- }
30
- if (op.services['atproto_pds']?.type !== 'AtprotoPersonalDataServer') {
31
- throw new InvalidRequestError('Incorrect type on atproto_pds service')
32
- }
33
- if (op.services['atproto_pds']?.endpoint !== ctx.cfg.service.publicUrl) {
34
- throw new InvalidRequestError(
35
- 'Incorrect endpoint on atproto_pds service',
36
- )
37
- }
38
- const signingKey = await ctx.actorStore.keypair(requester)
39
- if (op.verificationMethods['atproto'] !== signingKey.did()) {
40
- throw new InvalidRequestError('Incorrect signing key')
41
- }
42
- const account = await ctx.accountManager.getAccount(requester, {
43
- includeDeactivated: true,
44
- })
45
- if (
46
- account?.handle &&
47
- op.alsoKnownAs.at(0) !== `at://${account.handle}`
48
- ) {
49
- throw new InvalidRequestError('Incorrect handle in alsoKnownAs')
50
- }
51
-
52
- await ctx.plcClient.sendOperation(requester, op)
53
- await ctx.sequencer.sequenceIdentity(requester)
54
-
55
- try {
56
- await ctx.idResolver.did.resolve(requester, true)
57
- } catch (err) {
58
- log.error(
59
- { err, did: requester },
60
- 'failed to refresh did after plc update',
61
- )
62
- }
63
- },
64
- })
65
- }
@@ -1,66 +0,0 @@
1
- import { DAY, MINUTE } from '@atproto/common'
2
- import { MethodRateLimit, Server } from '@atproto/xrpc-server'
3
- import { AccessOutput, OAuthOutput } from '../../../../auth-output.js'
4
- import { AppContext } from '../../../../context.js'
5
- import { com } from '../../../../lexicons/index.js'
6
-
7
- export default function (server: Server, ctx: AppContext) {
8
- const { entrywayClient } = ctx
9
-
10
- const auth = ctx.authVerifier.authorization({
11
- checkTakedown: true,
12
- authorize: (permissions) => {
13
- permissions.assertIdentity({ attr: 'handle' })
14
- },
15
- })
16
-
17
- const rateLimit: MethodRateLimit<AccessOutput | OAuthOutput> = [
18
- {
19
- durationMs: 5 * MINUTE,
20
- points: 10,
21
- calcKey: ({ auth }) => auth.credentials.did,
22
- },
23
- {
24
- durationMs: DAY,
25
- points: 50,
26
- calcKey: ({ auth }) => auth.credentials.did,
27
- },
28
- ]
29
-
30
- if (entrywayClient) {
31
- server.add(com.atproto.identity.updateHandle, {
32
- auth,
33
- rateLimit,
34
- handler: async ({ auth, input, req }) => {
35
- const { headers } = await ctx.entrywayAuthHeaders(
36
- req,
37
- auth.credentials.did,
38
- com.atproto.identity.updateHandle.$lxm,
39
- )
40
-
41
- // The full flow is:
42
- // -> entryway(identity.updateHandle) [update handle, submit plc op]
43
- // -> pds(admin.updateAccountHandle) [track handle, sequence handle update]
44
- await entrywayClient.xrpc(com.atproto.identity.updateHandle, {
45
- headers,
46
- body: {
47
- handle: input.body.handle,
48
- // @ts-expect-error "did" is not in the schema
49
- did: auth.credentials.did,
50
- },
51
- })
52
- },
53
- })
54
- } else {
55
- server.add(com.atproto.identity.updateHandle, {
56
- auth,
57
- rateLimit,
58
- handler: async ({ auth, input }) => {
59
- await ctx.accountManager.updateHandle(
60
- auth.credentials.did,
61
- input.body.handle,
62
- )
63
- },
64
- })
65
- }
66
- }
@@ -1,19 +0,0 @@
1
- import { Server } from '@atproto/xrpc-server'
2
- import { AppContext } from '../../../context.js'
3
- import admin from './admin/index.js'
4
- import identity from './identity/index.js'
5
- import moderation from './moderation/index.js'
6
- import repo from './repo/index.js'
7
- import serverMethods from './server/index.js'
8
- import sync from './sync/index.js'
9
- import temp from './temp/index.js'
10
-
11
- export default function (server: Server, ctx: AppContext) {
12
- admin(server, ctx)
13
- identity(server, ctx)
14
- moderation(server, ctx)
15
- repo(server, ctx)
16
- serverMethods(server, ctx)
17
- sync(server, ctx)
18
- temp(server, ctx)
19
- }
@@ -1,41 +0,0 @@
1
- import { xrpc } from '@atproto/lex'
2
- import { Server } from '@atproto/xrpc-server'
3
- import { AuthScope } from '../../../../auth-scope.js'
4
- import { AppContext } from '../../../../context.js'
5
- import { com } from '../../../../lexicons/index.js'
6
- import { computeProxyTo, parseProxyInfo } from '../../../../pipethrough.js'
7
-
8
- export default function (server: Server, ctx: AppContext) {
9
- server.add(com.atproto.moderation.createReport, {
10
- auth: ctx.authVerifier.authorization({
11
- additional: [AuthScope.Takendown],
12
- authorize: (permissions, { req }) => {
13
- const lxm = com.atproto.moderation.createReport.$lxm
14
- const aud = computeProxyTo(ctx, req, lxm)
15
- permissions.assertRpc({ aud, lxm })
16
- },
17
- }),
18
- handler: async ({ auth, params, input: { body }, req }) => {
19
- const { url, did: aud } = await parseProxyInfo(
20
- ctx,
21
- req,
22
- com.atproto.moderation.createReport.$lxm,
23
- )
24
-
25
- const { headers } = await ctx.serviceAuthHeaders(
26
- auth.credentials.did,
27
- aud,
28
- com.atproto.moderation.createReport.$lxm,
29
- )
30
-
31
- return xrpc(url, com.atproto.moderation.createReport, {
32
- validateRequest: ctx.cfg.service.devMode,
33
- validateResponse: ctx.cfg.service.devMode,
34
- strictResponseProcessing: ctx.cfg.service.devMode,
35
- headers,
36
- params,
37
- body,
38
- })
39
- },
40
- })
41
- }
@@ -1,7 +0,0 @@
1
- import { Server } from '@atproto/xrpc-server'
2
- import { AppContext } from '../../../../context.js'
3
- import createReport from './createReport.js'
4
-
5
- export default function (server: Server, ctx: AppContext) {
6
- createReport(server, ctx)
7
- }
@@ -1,226 +0,0 @@
1
- import { parseCid } from '@atproto/lex-data'
2
- import { WriteOpAction } from '@atproto/repo'
3
- import {
4
- AuthRequiredError,
5
- InvalidRequestError,
6
- Server,
7
- } from '@atproto/xrpc-server'
8
- import { AppContext } from '../../../../context.js'
9
- import { com } from '../../../../lexicons/index.js'
10
- import { dbLogger } from '../../../../logger.js'
11
- import {
12
- BadCommitSwapError,
13
- InvalidRecordError,
14
- PreparedWrite,
15
- prepareCreate,
16
- prepareDelete,
17
- prepareUpdate,
18
- } from '../../../../repo/index.js'
19
-
20
- const ratelimitPoints = ({
21
- input,
22
- }: {
23
- input: com.atproto.repo.applyWrites.$Input
24
- }) => {
25
- let points = 0
26
- for (const op of input.body.writes) {
27
- if (com.atproto.repo.applyWrites.create.$isTypeOf(op)) {
28
- points += 3
29
- } else if (com.atproto.repo.applyWrites.update.$isTypeOf(op)) {
30
- points += 2
31
- } else {
32
- points += 1
33
- }
34
- }
35
- return points
36
- }
37
-
38
- export default function (server: Server, ctx: AppContext) {
39
- server.add(com.atproto.repo.applyWrites, {
40
- auth: ctx.authVerifier.authorization({
41
- // @NOTE the "checkTakedown" and "checkDeactivated" checks are typically
42
- // performed during auth. However, since this method's "repo" parameter
43
- // can be a handle, we will need to fetch the account again to ensure that
44
- // the handle matches the DID from the request's credentials. In order to
45
- // avoid fetching the account twice (during auth, and then again in the
46
- // controller), the checks are disabled here:
47
-
48
- // checkTakedown: true,
49
- // checkDeactivated: true,
50
- authorize: () => {
51
- // Performed in the handler as it is based on the request body
52
- },
53
- }),
54
-
55
- rateLimit: [
56
- {
57
- name: 'repo-write-hour',
58
- calcKey: ({ auth }) => auth.credentials.did,
59
- calcPoints: ratelimitPoints,
60
- },
61
- {
62
- name: 'repo-write-day',
63
- calcKey: ({ auth }) => auth.credentials.did,
64
- calcPoints: ratelimitPoints,
65
- },
66
- ],
67
-
68
- opts: {
69
- jsonLimit: 1_000_000,
70
- },
71
-
72
- handler: async ({ input, auth }) => {
73
- const { repo, validate, swapCommit, writes } = input.body
74
-
75
- const account = await ctx.authVerifier.findAccount(repo, {
76
- checkDeactivated: true,
77
- checkTakedown: true,
78
- })
79
-
80
- const did = account.did
81
- if (did !== auth.credentials.did) {
82
- throw new AuthRequiredError()
83
- }
84
-
85
- if (writes.length > 200) {
86
- throw new InvalidRequestError('Too many writes. Max: 200')
87
- }
88
-
89
- // Verify permission of every unique "action" / "collection" pair
90
- if (auth.credentials.type === 'oauth') {
91
- // @NOTE Unlike "importRepo", we do not require "action" = "*" here.
92
- for (const [action, collections] of [
93
- [
94
- 'create',
95
- new Set(
96
- writes
97
- .filter((v) => com.atproto.repo.applyWrites.create.$isTypeOf(v))
98
- .map((w) => w.collection),
99
- ),
100
- ],
101
- [
102
- 'update',
103
- new Set(
104
- writes
105
- .filter((v) => com.atproto.repo.applyWrites.update.$isTypeOf(v))
106
- .map((w) => w.collection),
107
- ),
108
- ],
109
- [
110
- 'delete',
111
- new Set(
112
- writes
113
- .filter((v) => com.atproto.repo.applyWrites.delete.$isTypeOf(v))
114
- .map((w) => w.collection),
115
- ),
116
- ],
117
- ] as const) {
118
- for (const collection of collections) {
119
- auth.credentials.permissions.assertRepo({ action, collection })
120
- }
121
- }
122
- }
123
-
124
- // @NOTE should preserve order of ts.writes for final use in response
125
- let preparedWrites: PreparedWrite[]
126
- try {
127
- preparedWrites = await Promise.all(
128
- writes.map(async (write, i) => {
129
- if (com.atproto.repo.applyWrites.create.$isTypeOf(write)) {
130
- return prepareCreate({
131
- did,
132
- collection: write.collection,
133
- record: write.value,
134
- rkey: write.rkey,
135
- validate,
136
- validationPath: ['writes', i, 'record'],
137
- })
138
- } else if (com.atproto.repo.applyWrites.update.$isTypeOf(write)) {
139
- return prepareUpdate({
140
- did,
141
- collection: write.collection,
142
- record: write.value,
143
- rkey: write.rkey,
144
- validate,
145
- validationPath: ['writes', i, 'record'],
146
- })
147
- } else if (com.atproto.repo.applyWrites.delete.$isTypeOf(write)) {
148
- return prepareDelete({
149
- did,
150
- collection: write.collection,
151
- rkey: write.rkey,
152
- })
153
- } else {
154
- throw new InvalidRequestError(
155
- `Action not supported: ${write['$type']}`,
156
- )
157
- }
158
- }),
159
- )
160
- } catch (err) {
161
- if (err instanceof InvalidRecordError) {
162
- throw new InvalidRequestError(err.message)
163
- }
164
- throw err
165
- }
166
-
167
- const swapCommitCid = swapCommit ? parseCid(swapCommit) : undefined
168
-
169
- const commit = await ctx.actorStore.transact(did, async (actorTxn) => {
170
- const commit = await actorTxn.repo
171
- .processWrites(preparedWrites, swapCommitCid)
172
- .catch((err) => {
173
- if (err instanceof BadCommitSwapError) {
174
- throw new InvalidRequestError(err.message, 'InvalidSwap')
175
- } else {
176
- throw err
177
- }
178
- })
179
-
180
- await ctx.sequencer.sequenceCommit(did, commit)
181
- return commit
182
- })
183
-
184
- await ctx.accountManager
185
- .updateRepoRoot(did, commit.cid, commit.rev)
186
- .catch((err) => {
187
- dbLogger.error(
188
- { err, did, cid: commit.cid, rev: commit.rev },
189
- 'failed to update account root',
190
- )
191
- })
192
-
193
- return {
194
- encoding: 'application/json' as const,
195
- body: {
196
- commit: {
197
- cid: commit.cid.toString(),
198
- rev: commit.rev,
199
- },
200
- results: preparedWrites.map(writeToOutputResult),
201
- },
202
- }
203
- },
204
- })
205
- }
206
-
207
- const writeToOutputResult = (write: PreparedWrite) => {
208
- switch (write.action) {
209
- case WriteOpAction.Create:
210
- return com.atproto.repo.applyWrites.createResult.$build({
211
- cid: write.cid.toString(),
212
- uri: write.uri.toString(),
213
- validationStatus: write.validationStatus,
214
- })
215
- case WriteOpAction.Update:
216
- return com.atproto.repo.applyWrites.updateResult.$build({
217
- cid: write.cid.toString(),
218
- uri: write.uri.toString(),
219
- validationStatus: write.validationStatus,
220
- })
221
- case WriteOpAction.Delete:
222
- return com.atproto.repo.applyWrites.deleteResult.$build({})
223
- default:
224
- throw new Error(`Unrecognized action: ${write}`)
225
- }
226
- }