@atproto/pds 0.5.12 → 0.5.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (326) hide show
  1. package/CHANGELOG.md +53 -0
  2. package/dist/api/app/bsky/notification/index.d.ts.map +1 -1
  3. package/dist/api/app/bsky/notification/index.js +2 -0
  4. package/dist/api/app/bsky/notification/index.js.map +1 -1
  5. package/dist/api/app/bsky/notification/unregisterPush.d.ts +4 -0
  6. package/dist/api/app/bsky/notification/unregisterPush.d.ts.map +1 -0
  7. package/dist/api/app/bsky/notification/unregisterPush.js +48 -0
  8. package/dist/api/app/bsky/notification/unregisterPush.js.map +1 -0
  9. package/dist/lexicons/app/bsky/actor/defs.defs.d.ts +6 -0
  10. package/dist/lexicons/app/bsky/actor/defs.defs.d.ts.map +1 -1
  11. package/dist/lexicons/app/bsky/actor/defs.defs.js +1 -0
  12. package/dist/lexicons/app/bsky/actor/defs.defs.js.map +1 -1
  13. package/package.json +42 -38
  14. package/build.templates.cjs +0 -22
  15. package/example.env +0 -42
  16. package/jest.config.cjs +0 -27
  17. package/src/account-manager/account-manager.ts +0 -916
  18. package/src/account-manager/db/index.ts +0 -21
  19. package/src/account-manager/db/migrations/001-init.ts +0 -115
  20. package/src/account-manager/db/migrations/002-account-deactivation.ts +0 -17
  21. package/src/account-manager/db/migrations/003-privileged-app-passwords.ts +0 -12
  22. package/src/account-manager/db/migrations/004-oauth.ts +0 -122
  23. package/src/account-manager/db/migrations/005-oauth-account-management.ts +0 -136
  24. package/src/account-manager/db/migrations/006-oauth-permission-sets.ts +0 -20
  25. package/src/account-manager/db/migrations/007-lexicon-failures-index.ts +0 -14
  26. package/src/account-manager/db/migrations/index.ts +0 -17
  27. package/src/account-manager/db/schema/account-device.ts +0 -14
  28. package/src/account-manager/db/schema/account.ts +0 -16
  29. package/src/account-manager/db/schema/actor.ts +0 -17
  30. package/src/account-manager/db/schema/app-password.ts +0 -13
  31. package/src/account-manager/db/schema/authorization-request.ts +0 -30
  32. package/src/account-manager/db/schema/authorized-client.ts +0 -23
  33. package/src/account-manager/db/schema/device.ts +0 -18
  34. package/src/account-manager/db/schema/email-token.ts +0 -19
  35. package/src/account-manager/db/schema/index.ts +0 -43
  36. package/src/account-manager/db/schema/invite-code.ts +0 -24
  37. package/src/account-manager/db/schema/lexicon.ts +0 -15
  38. package/src/account-manager/db/schema/refresh-token.ts +0 -11
  39. package/src/account-manager/db/schema/repo-root.ts +0 -12
  40. package/src/account-manager/db/schema/token.ts +0 -38
  41. package/src/account-manager/db/schema/used-refresh-token.ts +0 -13
  42. package/src/account-manager/helpers/account-device.ts +0 -63
  43. package/src/account-manager/helpers/account.ts +0 -355
  44. package/src/account-manager/helpers/auth.ts +0 -222
  45. package/src/account-manager/helpers/authorization-request.ts +0 -90
  46. package/src/account-manager/helpers/authorized-client.ts +0 -75
  47. package/src/account-manager/helpers/device.ts +0 -47
  48. package/src/account-manager/helpers/email-token.ts +0 -87
  49. package/src/account-manager/helpers/invite.ts +0 -263
  50. package/src/account-manager/helpers/lexicon.ts +0 -67
  51. package/src/account-manager/helpers/password.ts +0 -136
  52. package/src/account-manager/helpers/repo.ts +0 -24
  53. package/src/account-manager/helpers/scrypt.ts +0 -53
  54. package/src/account-manager/helpers/token.ts +0 -158
  55. package/src/account-manager/helpers/used-refresh-token.ts +0 -30
  56. package/src/account-manager/oauth-store.ts +0 -880
  57. package/src/account-manager/scope-reference-getter.ts +0 -106
  58. package/src/actor-store/actor-store-reader.ts +0 -45
  59. package/src/actor-store/actor-store-resources.ts +0 -8
  60. package/src/actor-store/actor-store-transactor.ts +0 -31
  61. package/src/actor-store/actor-store-writer.ts +0 -17
  62. package/src/actor-store/actor-store.ts +0 -210
  63. package/src/actor-store/blob/reader.ts +0 -160
  64. package/src/actor-store/blob/transactor.ts +0 -383
  65. package/src/actor-store/db/index.ts +0 -20
  66. package/src/actor-store/db/migrations/001-init.ts +0 -105
  67. package/src/actor-store/db/migrations/index.ts +0 -5
  68. package/src/actor-store/db/schema/account-pref.ts +0 -11
  69. package/src/actor-store/db/schema/backlink.ts +0 -9
  70. package/src/actor-store/db/schema/blob.ts +0 -14
  71. package/src/actor-store/db/schema/index.ts +0 -23
  72. package/src/actor-store/db/schema/record-blob.ts +0 -8
  73. package/src/actor-store/db/schema/record.ts +0 -14
  74. package/src/actor-store/db/schema/repo-block.ts +0 -10
  75. package/src/actor-store/db/schema/repo-root.ts +0 -10
  76. package/src/actor-store/migrate.ts +0 -39
  77. package/src/actor-store/preference/reader.ts +0 -48
  78. package/src/actor-store/preference/transactor.ts +0 -55
  79. package/src/actor-store/preference/util.ts +0 -39
  80. package/src/actor-store/record/reader.ts +0 -374
  81. package/src/actor-store/record/transactor.ts +0 -111
  82. package/src/actor-store/repo/reader.ts +0 -31
  83. package/src/actor-store/repo/sql-repo-reader.ts +0 -150
  84. package/src/actor-store/repo/sql-repo-transactor.ts +0 -105
  85. package/src/actor-store/repo/transactor.ts +0 -227
  86. package/src/api/app/bsky/actor/getPreferences.ts +0 -57
  87. package/src/api/app/bsky/actor/getProfile.ts +0 -41
  88. package/src/api/app/bsky/actor/getProfiles.ts +0 -51
  89. package/src/api/app/bsky/actor/index.ts +0 -13
  90. package/src/api/app/bsky/actor/putPreferences.ts +0 -62
  91. package/src/api/app/bsky/feed/getActorLikes.ts +0 -63
  92. package/src/api/app/bsky/feed/getAuthorFeed.ts +0 -84
  93. package/src/api/app/bsky/feed/getFeed.ts +0 -47
  94. package/src/api/app/bsky/feed/getPostThread.ts +0 -251
  95. package/src/api/app/bsky/feed/getTimeline.ts +0 -50
  96. package/src/api/app/bsky/feed/index.ts +0 -15
  97. package/src/api/app/bsky/index.ts +0 -11
  98. package/src/api/app/bsky/notification/index.ts +0 -7
  99. package/src/api/app/bsky/notification/registerPush.ts +0 -71
  100. package/src/api/app/bsky/util/resolver.ts +0 -20
  101. package/src/api/com/atproto/admin/deleteAccount.ts +0 -22
  102. package/src/api/com/atproto/admin/disableAccountInvites.ts +0 -18
  103. package/src/api/com/atproto/admin/disableInviteCodes.ts +0 -21
  104. package/src/api/com/atproto/admin/enableAccountInvites.ts +0 -18
  105. package/src/api/com/atproto/admin/getAccountInfo.ts +0 -32
  106. package/src/api/com/atproto/admin/getAccountInfos.ts +0 -34
  107. package/src/api/com/atproto/admin/getInviteCodes.ts +0 -126
  108. package/src/api/com/atproto/admin/getSubjectStatus.ts +0 -76
  109. package/src/api/com/atproto/admin/index.ts +0 -31
  110. package/src/api/com/atproto/admin/sendEmail.ts +0 -47
  111. package/src/api/com/atproto/admin/updateAccountEmail.ts +0 -32
  112. package/src/api/com/atproto/admin/updateAccountHandle.ts +0 -47
  113. package/src/api/com/atproto/admin/updateAccountPassword.ts +0 -34
  114. package/src/api/com/atproto/admin/updateSubjectStatus.ts +0 -68
  115. package/src/api/com/atproto/admin/util.ts +0 -66
  116. package/src/api/com/atproto/identity/getRecommendedDidCredentials.ts +0 -50
  117. package/src/api/com/atproto/identity/index.ts +0 -17
  118. package/src/api/com/atproto/identity/requestPlcOperationSignature.ts +0 -59
  119. package/src/api/com/atproto/identity/resolveHandle.ts +0 -50
  120. package/src/api/com/atproto/identity/signPlcOperation.ts +0 -85
  121. package/src/api/com/atproto/identity/submitPlcOperation.ts +0 -65
  122. package/src/api/com/atproto/identity/updateHandle.ts +0 -66
  123. package/src/api/com/atproto/index.ts +0 -19
  124. package/src/api/com/atproto/moderation/createReport.ts +0 -41
  125. package/src/api/com/atproto/moderation/index.ts +0 -7
  126. package/src/api/com/atproto/repo/applyWrites.ts +0 -226
  127. package/src/api/com/atproto/repo/createRecord.ts +0 -143
  128. package/src/api/com/atproto/repo/deleteRecord.ts +0 -122
  129. package/src/api/com/atproto/repo/describeRepo.ts +0 -43
  130. package/src/api/com/atproto/repo/getRecord.ts +0 -40
  131. package/src/api/com/atproto/repo/importRepo.ts +0 -101
  132. package/src/api/com/atproto/repo/index.ts +0 -25
  133. package/src/api/com/atproto/repo/listMissingBlobs.ts +0 -29
  134. package/src/api/com/atproto/repo/listRecords.ts +0 -36
  135. package/src/api/com/atproto/repo/putRecord.ts +0 -211
  136. package/src/api/com/atproto/repo/uploadBlob.ts +0 -60
  137. package/src/api/com/atproto/server/activateAccount.ts +0 -37
  138. package/src/api/com/atproto/server/checkAccountStatus.ts +0 -51
  139. package/src/api/com/atproto/server/confirmEmail.ts +0 -39
  140. package/src/api/com/atproto/server/createAccount.ts +0 -327
  141. package/src/api/com/atproto/server/createAppPassword.ts +0 -53
  142. package/src/api/com/atproto/server/createInviteCode.ts +0 -38
  143. package/src/api/com/atproto/server/createInviteCodes.ts +0 -42
  144. package/src/api/com/atproto/server/createSession.ts +0 -97
  145. package/src/api/com/atproto/server/deactivateAccount.ts +0 -41
  146. package/src/api/com/atproto/server/deleteAccount.ts +0 -85
  147. package/src/api/com/atproto/server/deleteSession.ts +0 -23
  148. package/src/api/com/atproto/server/describeServer.ts +0 -29
  149. package/src/api/com/atproto/server/getAccountInviteCodes.ts +0 -142
  150. package/src/api/com/atproto/server/getServiceAuth.ts +0 -111
  151. package/src/api/com/atproto/server/getSession.ts +0 -80
  152. package/src/api/com/atproto/server/index.ts +0 -55
  153. package/src/api/com/atproto/server/listAppPasswords.ts +0 -45
  154. package/src/api/com/atproto/server/refreshSession.ts +0 -72
  155. package/src/api/com/atproto/server/requestAccountDelete.ts +0 -66
  156. package/src/api/com/atproto/server/requestEmailConfirmation.ts +0 -68
  157. package/src/api/com/atproto/server/requestEmailUpdate.ts +0 -86
  158. package/src/api/com/atproto/server/requestPasswordReset.ts +0 -52
  159. package/src/api/com/atproto/server/reserveSigningKey.ts +0 -15
  160. package/src/api/com/atproto/server/resetPassword.ts +0 -50
  161. package/src/api/com/atproto/server/revokeAppPassword.ts +0 -42
  162. package/src/api/com/atproto/server/updateEmail.ts +0 -52
  163. package/src/api/com/atproto/server/util.ts +0 -136
  164. package/src/api/com/atproto/sync/deprecated/getCheckout.ts +0 -27
  165. package/src/api/com/atproto/sync/deprecated/getHead.ts +0 -33
  166. package/src/api/com/atproto/sync/getBlob.ts +0 -61
  167. package/src/api/com/atproto/sync/getBlocks.ts +0 -37
  168. package/src/api/com/atproto/sync/getLatestCommit.ts +0 -33
  169. package/src/api/com/atproto/sync/getRecord.ts +0 -49
  170. package/src/api/com/atproto/sync/getRepo.ts +0 -75
  171. package/src/api/com/atproto/sync/getRepoStatus.ts +0 -34
  172. package/src/api/com/atproto/sync/index.ts +0 -27
  173. package/src/api/com/atproto/sync/listBlobs.ts +0 -33
  174. package/src/api/com/atproto/sync/listRepos.ts +0 -74
  175. package/src/api/com/atproto/sync/subscribeRepos.ts +0 -73
  176. package/src/api/com/atproto/sync/util.ts +0 -37
  177. package/src/api/com/atproto/temp/checkSignupQueue.ts +0 -34
  178. package/src/api/com/atproto/temp/index.ts +0 -7
  179. package/src/api/index.ts +0 -10
  180. package/src/api/proxy.ts +0 -44
  181. package/src/app-view.ts +0 -24
  182. package/src/auth-output.ts +0 -52
  183. package/src/auth-routes.ts +0 -64
  184. package/src/auth-scope.ts +0 -40
  185. package/src/auth-verifier.ts +0 -668
  186. package/src/background.ts +0 -65
  187. package/src/basic-routes.ts +0 -52
  188. package/src/bsky-app-view.ts +0 -33
  189. package/src/config/config.ts +0 -553
  190. package/src/config/env.ts +0 -167
  191. package/src/config/index.ts +0 -3
  192. package/src/config/secrets.ts +0 -54
  193. package/src/context.ts +0 -523
  194. package/src/crawlers.ts +0 -46
  195. package/src/db/cast.ts +0 -52
  196. package/src/db/db.ts +0 -140
  197. package/src/db/index.ts +0 -4
  198. package/src/db/migrator.ts +0 -40
  199. package/src/db/pagination.ts +0 -132
  200. package/src/db/tables/moderation.ts +0 -80
  201. package/src/db/util.ts +0 -108
  202. package/src/did-cache/db/index.ts +0 -21
  203. package/src/did-cache/db/migrations.ts +0 -17
  204. package/src/did-cache/db/schema.ts +0 -9
  205. package/src/did-cache/index.ts +0 -131
  206. package/src/disk-blobstore.ts +0 -172
  207. package/src/error.ts +0 -19
  208. package/src/handle/explicit-slurs.ts +0 -22
  209. package/src/handle/index.ts +0 -49
  210. package/src/handle/reserved.ts +0 -1059
  211. package/src/image/image-url-builder.ts +0 -16
  212. package/src/index.ts +0 -189
  213. package/src/lexicons.ts +0 -4
  214. package/src/logger.ts +0 -35
  215. package/src/mailer/index.ts +0 -111
  216. package/src/mailer/moderation.ts +0 -33
  217. package/src/mailer/templates/confirm-email.d.ts +0 -4
  218. package/src/mailer/templates/confirm-email.hbs +0 -158
  219. package/src/mailer/templates/delete-account.d.ts +0 -4
  220. package/src/mailer/templates/delete-account.hbs +0 -156
  221. package/src/mailer/templates/plc-operation.d.ts +0 -4
  222. package/src/mailer/templates/plc-operation.hbs +0 -153
  223. package/src/mailer/templates/reset-password.d.ts +0 -4
  224. package/src/mailer/templates/reset-password.hbs +0 -154
  225. package/src/mailer/templates/update-email.d.ts +0 -4
  226. package/src/mailer/templates/update-email.hbs +0 -153
  227. package/src/mailer/templates.ts +0 -17
  228. package/src/pipethrough.ts +0 -716
  229. package/src/rate-limits.ts +0 -59
  230. package/src/read-after-write/index.ts +0 -3
  231. package/src/read-after-write/types.ts +0 -35
  232. package/src/read-after-write/util.ts +0 -101
  233. package/src/read-after-write/viewer.ts +0 -290
  234. package/src/redis.ts +0 -25
  235. package/src/repo/index.ts +0 -2
  236. package/src/repo/prepare.ts +0 -266
  237. package/src/repo/types.ts +0 -65
  238. package/src/scripts/README.md +0 -40
  239. package/src/scripts/index.ts +0 -20
  240. package/src/scripts/publish-identity.ts +0 -60
  241. package/src/scripts/rebuild-repo.ts +0 -119
  242. package/src/scripts/rotate-keys.ts +0 -146
  243. package/src/scripts/sequencer-recovery/index.ts +0 -23
  244. package/src/scripts/sequencer-recovery/recoverer.ts +0 -297
  245. package/src/scripts/sequencer-recovery/recovery-db.ts +0 -65
  246. package/src/scripts/sequencer-recovery/repair-repos.ts +0 -49
  247. package/src/scripts/sequencer-recovery/user-queues.ts +0 -44
  248. package/src/scripts/util.ts +0 -7
  249. package/src/sequencer/db/index.ts +0 -21
  250. package/src/sequencer/db/migrations/001-init.ts +0 -35
  251. package/src/sequencer/db/migrations/index.ts +0 -5
  252. package/src/sequencer/db/schema.ts +0 -19
  253. package/src/sequencer/events.ts +0 -199
  254. package/src/sequencer/index.ts +0 -3
  255. package/src/sequencer/outbox.ts +0 -123
  256. package/src/sequencer/sequencer.ts +0 -290
  257. package/src/util/compression.ts +0 -16
  258. package/src/util/debug.ts +0 -10
  259. package/src/util/http.ts +0 -31
  260. package/src/util/types.ts +0 -7
  261. package/src/well-known.ts +0 -30
  262. package/test.env +0 -2
  263. package/tests/__snapshots__/takedown-appeal.test.ts.snap +0 -43
  264. package/tests/_oauth_client_assets_middleware.ts +0 -23
  265. package/tests/_puppeteer.ts +0 -147
  266. package/tests/_types.d.ts +0 -16
  267. package/tests/_util.ts +0 -191
  268. package/tests/account-deactivation.test.ts +0 -204
  269. package/tests/account-deletion.test.ts +0 -300
  270. package/tests/account-manager.test.ts +0 -462
  271. package/tests/account-migration.test.ts +0 -221
  272. package/tests/account-status.test.ts +0 -206
  273. package/tests/account.test.ts +0 -595
  274. package/tests/app-passwords.test.ts +0 -262
  275. package/tests/auth.test.ts +0 -405
  276. package/tests/blob-deletes.test.ts +0 -204
  277. package/tests/create-post.test.ts +0 -79
  278. package/tests/crud.test.ts +0 -1595
  279. package/tests/db.test.ts +0 -170
  280. package/tests/email-confirmation.test.ts +0 -227
  281. package/tests/entryway-mock.ts +0 -323
  282. package/tests/entryway.test.ts +0 -145
  283. package/tests/file-uploads.test.ts +0 -301
  284. package/tests/get-service-auth.test.ts +0 -81
  285. package/tests/handle-validation.test.ts +0 -56
  286. package/tests/handles.test.ts +0 -274
  287. package/tests/invite-codes.test.ts +0 -367
  288. package/tests/invites-admin.test.ts +0 -252
  289. package/tests/moderation.test.ts +0 -280
  290. package/tests/moderator-auth.test.ts +0 -177
  291. package/tests/oauth.test.ts +0 -334
  292. package/tests/plc-operations.test.ts +0 -239
  293. package/tests/preferences.test.ts +0 -352
  294. package/tests/proxied/__snapshots__/admin.test.ts.snap +0 -516
  295. package/tests/proxied/__snapshots__/feedgen.test.ts.snap +0 -215
  296. package/tests/proxied/__snapshots__/views.test.ts.snap +0 -4456
  297. package/tests/proxied/admin.test.ts +0 -340
  298. package/tests/proxied/feedgen.test.ts +0 -66
  299. package/tests/proxied/notif.test.ts +0 -85
  300. package/tests/proxied/procedures.test.ts +0 -175
  301. package/tests/proxied/proxy-catchall.test.ts +0 -256
  302. package/tests/proxied/proxy-header.test.ts +0 -239
  303. package/tests/proxied/proxy-oauth-aud.test.ts +0 -182
  304. package/tests/proxied/read-after-write.test.ts +0 -382
  305. package/tests/proxied/views.test.ts +0 -608
  306. package/tests/races.test.ts +0 -89
  307. package/tests/rate-limits.test.ts +0 -70
  308. package/tests/recovery.test.ts +0 -180
  309. package/tests/seeds/basic.ts +0 -165
  310. package/tests/seeds/follows.ts +0 -57
  311. package/tests/seeds/likes.ts +0 -14
  312. package/tests/seeds/reposts.ts +0 -18
  313. package/tests/seeds/thread.ts +0 -40
  314. package/tests/seeds/users-bulk.ts +0 -246
  315. package/tests/seeds/users.ts +0 -67
  316. package/tests/sequencer.test.ts +0 -251
  317. package/tests/server.test.ts +0 -151
  318. package/tests/sync/invertible-ops.test.ts +0 -99
  319. package/tests/sync/list.test.ts +0 -43
  320. package/tests/sync/subscribe-repos.test.ts +0 -672
  321. package/tests/sync/sync.test.ts +0 -316
  322. package/tests/takedown-appeal.test.ts +0 -166
  323. package/tsconfig.build.json +0 -9
  324. package/tsconfig.build.tsbuildinfo +0 -1
  325. package/tsconfig.json +0 -7
  326. package/tsconfig.tests.json +0 -8
@@ -1,23 +0,0 @@
1
- import { Server } from '@atproto/xrpc-server'
2
- import { AppContext } from '../../../../context.js'
3
- import { com } from '../../../../lexicons/index.js'
4
-
5
- export default function (server: Server, ctx: AppContext) {
6
- const { entrywayClient } = ctx
7
-
8
- if (entrywayClient) {
9
- server.add(com.atproto.server.deleteSession, async ({ req }) => {
10
- const { headers } = ctx.entrywayPassthruHeaders(req)
11
- await entrywayClient.xrpc(com.atproto.server.deleteSession, {
12
- headers,
13
- })
14
- })
15
- } else {
16
- server.add(com.atproto.server.deleteSession, {
17
- auth: ctx.authVerifier.refresh({ allowExpired: true }),
18
- handler: async ({ auth }) => {
19
- await ctx.accountManager.revokeRefreshToken(auth.credentials.tokenId)
20
- },
21
- })
22
- }
23
- }
@@ -1,29 +0,0 @@
1
- import { UriString } from '@atproto/lex'
2
- import { DidString } from '@atproto/syntax'
3
- import { Server } from '@atproto/xrpc-server'
4
- import { AppContext } from '../../../../context.js'
5
- import { com } from '../../../../lexicons/index.js'
6
-
7
- export default function (server: Server, ctx: AppContext) {
8
- server.add(com.atproto.server.describeServer, () => {
9
- const did = ctx.cfg.service.did as DidString
10
- const availableUserDomains = ctx.cfg.identity.serviceHandleDomains
11
- const inviteCodeRequired = ctx.cfg.invites.required
12
- const privacyPolicy = ctx.cfg.service.privacyPolicyUrl as UriString
13
- const termsOfService = ctx.cfg.service.termsOfServiceUrl as UriString
14
- const contactEmailAddress = ctx.cfg.service.contactEmailAddress
15
-
16
- return {
17
- encoding: 'application/json' as const,
18
- body: {
19
- did,
20
- availableUserDomains,
21
- inviteCodeRequired,
22
- links: { privacyPolicy, termsOfService },
23
- contact: {
24
- email: contactEmailAddress,
25
- },
26
- },
27
- }
28
- })
29
- }
@@ -1,142 +0,0 @@
1
- import {
2
- ForbiddenError,
3
- InvalidRequestError,
4
- Server,
5
- } from '@atproto/xrpc-server'
6
- import { CodeDetail } from '../../../../account-manager/helpers/invite.js'
7
- import { ACCESS_FULL } from '../../../../auth-scope.js'
8
- import { AppContext } from '../../../../context.js'
9
- import { com } from '../../../../lexicons/index.js'
10
- import { genInvCodes } from './util.js'
11
-
12
- export default function (server: Server, ctx: AppContext) {
13
- server.add(com.atproto.server.getAccountInviteCodes, {
14
- auth: ctx.authVerifier.authorization({
15
- checkTakedown: true,
16
- scopes: ACCESS_FULL,
17
- authorize: () => {
18
- throw new ForbiddenError(
19
- 'OAuth credentials are not supported for this endpoint',
20
- )
21
- },
22
- }),
23
- handler: async ({ params, auth, req }) => {
24
- if (ctx.entrywayClient) {
25
- const { headers } = await ctx.entrywayAuthHeaders(
26
- req,
27
- auth.credentials.did,
28
- com.atproto.server.getAccountInviteCodes.$lxm,
29
- )
30
- return ctx.entrywayClient.xrpc(
31
- com.atproto.server.getAccountInviteCodes,
32
- { params, headers },
33
- )
34
- }
35
-
36
- const requester = auth.credentials.did
37
- const { includeUsed, createAvailable } = params
38
-
39
- const [account, userCodes] = await Promise.all([
40
- ctx.accountManager.getAccount(requester),
41
- ctx.accountManager.getAccountInvitesCodes(requester),
42
- ])
43
- if (!account) {
44
- throw new InvalidRequestError('Account not found', 'NotFound')
45
- }
46
-
47
- let created: CodeDetail[] = []
48
-
49
- if (
50
- createAvailable &&
51
- ctx.cfg.invites.required &&
52
- ctx.cfg.invites.interval !== null
53
- ) {
54
- const { toCreate, total } = calculateCodesToCreate({
55
- did: requester,
56
- userCreatedAt: new Date(account.createdAt).getTime(),
57
- codes: userCodes,
58
- epoch: ctx.cfg.invites.epoch,
59
- interval: ctx.cfg.invites.interval,
60
- })
61
- if (toCreate > 0) {
62
- const codes = genInvCodes(ctx.cfg, toCreate)
63
- created = await ctx.accountManager.createAccountInviteCodes(
64
- requester,
65
- codes,
66
- total,
67
- account.invitesDisabled ?? 0,
68
- )
69
- }
70
- }
71
-
72
- const allCodes = [...userCodes, ...created]
73
-
74
- const filtered = allCodes.filter((code) => {
75
- if (code.disabled) return false
76
- if (!includeUsed && code.uses.length >= code.available) return false
77
- return true
78
- })
79
-
80
- return {
81
- encoding: 'application/json' as const,
82
- body: { codes: filtered },
83
- }
84
- },
85
- })
86
- }
87
-
88
- /**
89
- * WARNING: TRICKY SUBTLE MATH - DONT MESS WITH THIS FUNCTION UNLESS YOUR'RE VERY CONFIDENT
90
- * if the user wishes to create available codes & the server allows that,
91
- * we determine the number to create by dividing their account lifetime by the interval at which they can create codes
92
- * if an invite epoch is provided, we only calculate available invites since that epoch
93
- * we allow a max of 5 open codes at a given time
94
- * note: even if a user is disabled from future invites, we still create the invites for bookkeeping, we just immediately disable them as well
95
- */
96
- const calculateCodesToCreate = (opts: {
97
- did: string
98
- userCreatedAt: number
99
- codes: CodeDetail[]
100
- epoch: number
101
- interval: number
102
- }): { toCreate: number; total: number } => {
103
- // for the sake of generating routine interval codes, we do not count explicitly gifted admin codes
104
- const routineCodes = opts.codes.filter((code) => code.createdBy !== 'admin')
105
- const unusedRoutineCodes = routineCodes.filter(
106
- (row) => !row.disabled && row.available > row.uses.length,
107
- )
108
-
109
- const userLifespan = Date.now() - opts.userCreatedAt
110
-
111
- // how many codes a user could create within the current epoch if they have 0
112
- let couldCreate: number
113
-
114
- if (opts.userCreatedAt >= opts.epoch) {
115
- // if the user was created after the epoch, then they can create a code for each interval since the epoch
116
- couldCreate = Math.floor(userLifespan / opts.interval)
117
- } else {
118
- // if the user was created before the epoch, we:
119
- // - calculate the total intervals since account creation
120
- // - calculate the total intervals before the epoch
121
- // - subtract the two
122
- const couldCreateTotal = Math.floor(userLifespan / opts.interval)
123
- const userPreEpochLifespan = opts.epoch - opts.userCreatedAt
124
- const couldCreateBeforeEpoch = Math.floor(
125
- userPreEpochLifespan / opts.interval,
126
- )
127
- couldCreate = couldCreateTotal - couldCreateBeforeEpoch
128
- }
129
- // we count the codes that the user has created within the current epoch
130
- const epochCodes = routineCodes.filter(
131
- (code) => new Date(code.createdAt).getTime() > opts.epoch,
132
- )
133
- // finally we the number of codes they currently have from the number that they could create, and take a max of 5
134
- const toCreate = Math.min(
135
- 5 - unusedRoutineCodes.length,
136
- couldCreate - epochCodes.length,
137
- )
138
- return {
139
- toCreate,
140
- total: routineCodes.length + toCreate,
141
- }
142
- }
@@ -1,111 +0,0 @@
1
- import { HOUR, MINUTE } from '@atproto/common'
2
- import { isAtprotoDid, isAtprotoDidRefAbsolute } from '@atproto/did'
3
- import { l } from '@atproto/lex'
4
- import {
5
- InvalidRequestError,
6
- Server,
7
- createServiceJwt,
8
- } from '@atproto/xrpc-server'
9
- import {
10
- AuthScope,
11
- isAccessPrivileged,
12
- isTakendown,
13
- } from '../../../../auth-scope.js'
14
- import { AppContext } from '../../../../context.js'
15
- import { com } from '../../../../lexicons/index.js'
16
- import {
17
- PRIVILEGED_METHODS,
18
- PROTECTED_METHODS,
19
- } from '../../../../pipethrough.js'
20
-
21
- export default function (server: Server, ctx: AppContext) {
22
- server.add(com.atproto.server.getServiceAuth, {
23
- auth: ctx.authVerifier.authorization<
24
- l.InferMethodParams<typeof com.atproto.server.getServiceAuth.main>
25
- >({
26
- additional: [AuthScope.Takendown],
27
- authorize: (permissions, { params }) => {
28
- const { aud, lxm = '*' } = params
29
- permissions.assertRpc({ aud, lxm })
30
- },
31
- }),
32
- handler: async ({ params, auth }) => {
33
- const did = auth.credentials.did
34
-
35
- // @NOTE "exp" is expressed in seconds since epoch, not milliseconds
36
- const { aud, exp, lxm = null } = params
37
-
38
- if (!isAtprotoDid(aud) && !isAtprotoDidRefAbsolute(aud)) {
39
- throw new InvalidRequestError(
40
- 'aud must be a valid atproto DID or did#serviceId reference',
41
- )
42
- }
43
-
44
- // Takendown accounts should not be able to generate service auth tokens except for methods necessary for account migration
45
- if (auth.credentials.type === 'access') {
46
- // @NOTE We should probably use "ForbiddenError" here. Using
47
- // "InvalidRequestError" for legacy reasons.
48
- if (
49
- isTakendown(auth.credentials.scope) &&
50
- lxm !== com.atproto.server.createAccount.$lxm
51
- ) {
52
- throw new InvalidRequestError('Bad token scope', 'InvalidToken')
53
- }
54
-
55
- // @NOTE "oauth" based credentials already checked through permission
56
- // set in "authorize" method above.
57
- if (
58
- lxm != null &&
59
- PRIVILEGED_METHODS.has(lxm) &&
60
- !isAccessPrivileged(auth.credentials.scope)
61
- ) {
62
- throw new InvalidRequestError(
63
- `insufficient access to request a service auth token for the following method: ${lxm}`,
64
- )
65
- }
66
- }
67
-
68
- if (exp) {
69
- const diff = exp * 1000 - Date.now()
70
- if (diff < 0) {
71
- throw new InvalidRequestError(
72
- 'expiration is in past',
73
- 'BadExpiration',
74
- )
75
- } else if (diff > HOUR) {
76
- throw new InvalidRequestError(
77
- 'cannot request a token with an expiration more than an hour in the future',
78
- 'BadExpiration',
79
- )
80
- } else if (!lxm && diff > MINUTE) {
81
- throw new InvalidRequestError(
82
- 'cannot request a method-less token with an expiration more than a minute in the future',
83
- 'BadExpiration',
84
- )
85
- }
86
- }
87
-
88
- if (lxm && PROTECTED_METHODS.has(lxm)) {
89
- throw new InvalidRequestError(
90
- `cannot request a service auth token for the following protected method: ${lxm}`,
91
- )
92
- }
93
-
94
- const keypair = await ctx.actorStore.keypair(did)
95
-
96
- const token = await createServiceJwt({
97
- iss: did,
98
- aud,
99
- exp,
100
- lxm,
101
- keypair,
102
- })
103
- return {
104
- encoding: 'application/json' as const,
105
- body: {
106
- token,
107
- },
108
- }
109
- },
110
- })
111
- }
@@ -1,80 +0,0 @@
1
- import { DidString, HandleString, INVALID_HANDLE } from '@atproto/syntax'
2
- import { InvalidRequestError, Server } from '@atproto/xrpc-server'
3
- import { formatAccountStatus } from '../../../../account-manager/account-manager.js'
4
- import { AccessOutput, OAuthOutput } from '../../../../auth-output.js'
5
- import { AuthScope } from '../../../../auth-scope.js'
6
- import { AppContext } from '../../../../context.js'
7
- import { com } from '../../../../lexicons/index.js'
8
- import { didDocForSession } from './util.js'
9
-
10
- export default function (server: Server, ctx: AppContext) {
11
- server.add(com.atproto.server.getSession, {
12
- auth: ctx.authVerifier.authorization({
13
- additional: [AuthScope.SignupQueued],
14
- authorize: () => {
15
- // Always allowed. "email" access is checked in the handler.
16
- },
17
- }),
18
- handler: async ({ auth, req }) => {
19
- if (ctx.entrywayClient) {
20
- const { headers } = await ctx.entrywayAuthHeaders(
21
- req,
22
- auth.credentials.did,
23
- 'com.atproto.server.getSession',
24
- )
25
-
26
- const { body } = await ctx.entrywayClient.xrpc(
27
- com.atproto.server.getSession,
28
- { headers },
29
- )
30
-
31
- return {
32
- encoding: 'application/json' as const,
33
- body: output(auth, body),
34
- }
35
- }
36
-
37
- const did = auth.credentials.did
38
- const [user, didDoc] = await Promise.all([
39
- ctx.accountManager.getAccount(did, { includeDeactivated: true }),
40
- didDocForSession(ctx, did),
41
- ])
42
- if (!user) {
43
- throw new InvalidRequestError(
44
- `Could not find user info for account: ${did}`,
45
- )
46
- }
47
-
48
- const { status, active } = formatAccountStatus(user)
49
-
50
- return {
51
- encoding: 'application/json' as const,
52
- body: output(auth, {
53
- did: user.did as DidString,
54
- // @ts-expect-error https://github.com/bluesky-social/atproto/pull/4406
55
- didDoc,
56
- handle: (user.handle ?? INVALID_HANDLE) as HandleString,
57
- email: user.email ?? undefined,
58
- emailConfirmed: !!user.emailConfirmedAt,
59
- active,
60
- status,
61
- }),
62
- }
63
- },
64
- })
65
- }
66
-
67
- function output(
68
- { credentials }: OAuthOutput | AccessOutput,
69
- data: com.atproto.server.getSession.$OutputBody,
70
- ): com.atproto.server.getSession.$OutputBody {
71
- if (
72
- credentials.type === 'oauth' &&
73
- !credentials.permissions.allowsAccount({ attr: 'email', action: 'read' })
74
- ) {
75
- const { email, emailAuthFactor, emailConfirmed, ...rest } = data
76
- return rest
77
- }
78
-
79
- return data
80
- }
@@ -1,55 +0,0 @@
1
- import { Server } from '@atproto/xrpc-server'
2
- import { AppContext } from '../../../../context.js'
3
- import activateAccount from './activateAccount.js'
4
- import checkAccountStatus from './checkAccountStatus.js'
5
- import confirmEmail from './confirmEmail.js'
6
- import createAccount from './createAccount.js'
7
- import createAppPassword from './createAppPassword.js'
8
- import createInviteCode from './createInviteCode.js'
9
- import createInviteCodes from './createInviteCodes.js'
10
- import createSession from './createSession.js'
11
- import deactivateAccount from './deactivateAccount.js'
12
- import deleteAccount from './deleteAccount.js'
13
- import deleteSession from './deleteSession.js'
14
- import describeServer from './describeServer.js'
15
- import getAccountInviteCodes from './getAccountInviteCodes.js'
16
- import getServiceAuth from './getServiceAuth.js'
17
- import getSession from './getSession.js'
18
- import listAppPasswords from './listAppPasswords.js'
19
- import refreshSession from './refreshSession.js'
20
- import requestDelete from './requestAccountDelete.js'
21
- import requestEmailConfirmation from './requestEmailConfirmation.js'
22
- import requestEmailUpdate from './requestEmailUpdate.js'
23
- import requestPasswordReset from './requestPasswordReset.js'
24
- import reserveSigningKey from './reserveSigningKey.js'
25
- import resetPassword from './resetPassword.js'
26
- import revokeAppPassword from './revokeAppPassword.js'
27
- import updateEmail from './updateEmail.js'
28
-
29
- export default function (server: Server, ctx: AppContext) {
30
- describeServer(server, ctx)
31
- createAccount(server, ctx)
32
- createInviteCode(server, ctx)
33
- createInviteCodes(server, ctx)
34
- getAccountInviteCodes(server, ctx)
35
- reserveSigningKey(server, ctx)
36
- requestDelete(server, ctx)
37
- deleteAccount(server, ctx)
38
- requestPasswordReset(server, ctx)
39
- resetPassword(server, ctx)
40
- requestEmailConfirmation(server, ctx)
41
- confirmEmail(server, ctx)
42
- requestEmailUpdate(server, ctx)
43
- updateEmail(server, ctx)
44
- createSession(server, ctx)
45
- deleteSession(server, ctx)
46
- getSession(server, ctx)
47
- refreshSession(server, ctx)
48
- createAppPassword(server, ctx)
49
- listAppPasswords(server, ctx)
50
- revokeAppPassword(server, ctx)
51
- getServiceAuth(server, ctx)
52
- checkAccountStatus(server, ctx)
53
- activateAccount(server, ctx)
54
- deactivateAccount(server, ctx)
55
- }
@@ -1,45 +0,0 @@
1
- import { ForbiddenError, Server } from '@atproto/xrpc-server'
2
- import { AppContext } from '../../../../context.js'
3
- import { com } from '../../../../lexicons/index.js'
4
-
5
- export default function (server: Server, ctx: AppContext) {
6
- const { entrywayClient } = ctx
7
-
8
- const auth = ctx.authVerifier.authorization({
9
- authorize: () => {
10
- throw new ForbiddenError(
11
- 'OAuth credentials are not supported for this endpoint',
12
- )
13
- },
14
- })
15
-
16
- if (entrywayClient) {
17
- server.add(com.atproto.server.listAppPasswords, {
18
- auth,
19
- handler: async ({ auth, req }) => {
20
- const { headers } = await ctx.entrywayAuthHeaders(
21
- req,
22
- auth.credentials.did,
23
- com.atproto.server.listAppPasswords.$lxm,
24
- )
25
-
26
- return entrywayClient.xrpc(com.atproto.server.listAppPasswords, {
27
- headers,
28
- })
29
- },
30
- })
31
- } else {
32
- server.add(com.atproto.server.listAppPasswords, {
33
- auth,
34
- handler: async ({ auth }) => {
35
- const passwords = await ctx.accountManager.listAppPasswords(
36
- auth.credentials.did,
37
- )
38
- return {
39
- encoding: 'application/json',
40
- body: { passwords },
41
- }
42
- },
43
- })
44
- }
45
- }
@@ -1,72 +0,0 @@
1
- import { DidString, HandleString, INVALID_HANDLE } from '@atproto/syntax'
2
- import {
3
- AuthRequiredError,
4
- InvalidRequestError,
5
- Server,
6
- } from '@atproto/xrpc-server'
7
- import { formatAccountStatus } from '../../../../account-manager/account-manager.js'
8
- import { AppContext } from '../../../../context.js'
9
- import { softDeleted } from '../../../../db/util.js'
10
- import { com } from '../../../../lexicons/index.js'
11
- import { didDocForSession } from './util.js'
12
-
13
- export default function (server: Server, ctx: AppContext) {
14
- server.add(com.atproto.server.refreshSession, {
15
- auth: ctx.authVerifier.refresh(),
16
- handler: async ({
17
- auth,
18
- req,
19
- }): Promise<com.atproto.server.refreshSession.$Output> => {
20
- const did = auth.credentials.did
21
- const user = await ctx.accountManager.getAccount(did, {
22
- includeDeactivated: true,
23
- includeTakenDown: true,
24
- })
25
- if (!user) {
26
- throw new InvalidRequestError(
27
- `Could not find user info for account: ${did}`,
28
- )
29
- }
30
- if (softDeleted(user)) {
31
- throw new AuthRequiredError(
32
- 'Account has been taken down',
33
- 'AccountTakedown',
34
- )
35
- }
36
-
37
- if (ctx.entrywayClient) {
38
- const { headers } = ctx.entrywayPassthruHeaders(req)
39
- return ctx.entrywayClient.xrpc(com.atproto.server.refreshSession, {
40
- headers,
41
- })
42
- }
43
-
44
- const [didDoc, rotated] = await Promise.all([
45
- didDocForSession(ctx, user.did),
46
- ctx.accountManager.rotateRefreshToken(auth.credentials.tokenId),
47
- ])
48
- if (rotated === null) {
49
- throw new InvalidRequestError('Token has been revoked', 'ExpiredToken')
50
- }
51
-
52
- const { status, active } = formatAccountStatus(user)
53
-
54
- return {
55
- encoding: 'application/json' as const,
56
- body: {
57
- accessJwt: rotated.accessJwt,
58
- refreshJwt: rotated.refreshJwt,
59
-
60
- did: user.did as DidString,
61
- // @ts-expect-error https://github.com/bluesky-social/atproto/pull/4406
62
- didDoc,
63
- handle: (user.handle ?? INVALID_HANDLE) as HandleString,
64
- email: user.email ?? undefined,
65
- emailConfirmed: !!user.emailConfirmedAt,
66
- active,
67
- status,
68
- },
69
- }
70
- },
71
- })
72
- }
@@ -1,66 +0,0 @@
1
- import { DAY, HOUR } from '@atproto/common'
2
- import {
3
- ForbiddenError,
4
- InvalidRequestError,
5
- Server,
6
- } from '@atproto/xrpc-server'
7
- import { ACCESS_FULL } from '../../../../auth-scope.js'
8
- import { AppContext } from '../../../../context.js'
9
- import { com } from '../../../../lexicons/index.js'
10
-
11
- export default function (server: Server, ctx: AppContext) {
12
- server.add(com.atproto.server.requestAccountDelete, {
13
- rateLimit: [
14
- {
15
- durationMs: DAY,
16
- points: 15,
17
- calcKey: ({ auth }) => auth.credentials.did,
18
- },
19
- {
20
- durationMs: HOUR,
21
- points: 5,
22
- calcKey: ({ auth }) => auth.credentials.did,
23
- },
24
- ],
25
- auth: ctx.authVerifier.authorization({
26
- checkTakedown: true,
27
- scopes: ACCESS_FULL,
28
- authorize: () => {
29
- throw new ForbiddenError(
30
- 'OAuth credentials are not supported for this endpoint',
31
- )
32
- },
33
- }),
34
- handler: async ({ auth, req }) => {
35
- const did = auth.credentials.did
36
- const account = await ctx.accountManager.getAccount(did, {
37
- includeDeactivated: true,
38
- includeTakenDown: true,
39
- })
40
- if (!account) {
41
- throw new InvalidRequestError('account not found')
42
- }
43
-
44
- if (ctx.entrywayClient) {
45
- const { headers } = await ctx.entrywayAuthHeaders(
46
- req,
47
- auth.credentials.did,
48
- com.atproto.server.requestAccountDelete.$lxm,
49
- )
50
- await ctx.entrywayClient.xrpc(com.atproto.server.requestAccountDelete, {
51
- headers,
52
- })
53
- return
54
- }
55
-
56
- if (!account.email) {
57
- throw new InvalidRequestError('account does not have an email address')
58
- }
59
- const token = await ctx.accountManager.createEmailToken(
60
- did,
61
- 'delete_account',
62
- )
63
- await ctx.mailer.sendAccountDelete({ token }, { to: account.email })
64
- },
65
- })
66
- }