@atproto/pds 0.5.12 → 0.5.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (326) hide show
  1. package/CHANGELOG.md +53 -0
  2. package/dist/api/app/bsky/notification/index.d.ts.map +1 -1
  3. package/dist/api/app/bsky/notification/index.js +2 -0
  4. package/dist/api/app/bsky/notification/index.js.map +1 -1
  5. package/dist/api/app/bsky/notification/unregisterPush.d.ts +4 -0
  6. package/dist/api/app/bsky/notification/unregisterPush.d.ts.map +1 -0
  7. package/dist/api/app/bsky/notification/unregisterPush.js +48 -0
  8. package/dist/api/app/bsky/notification/unregisterPush.js.map +1 -0
  9. package/dist/lexicons/app/bsky/actor/defs.defs.d.ts +6 -0
  10. package/dist/lexicons/app/bsky/actor/defs.defs.d.ts.map +1 -1
  11. package/dist/lexicons/app/bsky/actor/defs.defs.js +1 -0
  12. package/dist/lexicons/app/bsky/actor/defs.defs.js.map +1 -1
  13. package/package.json +42 -38
  14. package/build.templates.cjs +0 -22
  15. package/example.env +0 -42
  16. package/jest.config.cjs +0 -27
  17. package/src/account-manager/account-manager.ts +0 -916
  18. package/src/account-manager/db/index.ts +0 -21
  19. package/src/account-manager/db/migrations/001-init.ts +0 -115
  20. package/src/account-manager/db/migrations/002-account-deactivation.ts +0 -17
  21. package/src/account-manager/db/migrations/003-privileged-app-passwords.ts +0 -12
  22. package/src/account-manager/db/migrations/004-oauth.ts +0 -122
  23. package/src/account-manager/db/migrations/005-oauth-account-management.ts +0 -136
  24. package/src/account-manager/db/migrations/006-oauth-permission-sets.ts +0 -20
  25. package/src/account-manager/db/migrations/007-lexicon-failures-index.ts +0 -14
  26. package/src/account-manager/db/migrations/index.ts +0 -17
  27. package/src/account-manager/db/schema/account-device.ts +0 -14
  28. package/src/account-manager/db/schema/account.ts +0 -16
  29. package/src/account-manager/db/schema/actor.ts +0 -17
  30. package/src/account-manager/db/schema/app-password.ts +0 -13
  31. package/src/account-manager/db/schema/authorization-request.ts +0 -30
  32. package/src/account-manager/db/schema/authorized-client.ts +0 -23
  33. package/src/account-manager/db/schema/device.ts +0 -18
  34. package/src/account-manager/db/schema/email-token.ts +0 -19
  35. package/src/account-manager/db/schema/index.ts +0 -43
  36. package/src/account-manager/db/schema/invite-code.ts +0 -24
  37. package/src/account-manager/db/schema/lexicon.ts +0 -15
  38. package/src/account-manager/db/schema/refresh-token.ts +0 -11
  39. package/src/account-manager/db/schema/repo-root.ts +0 -12
  40. package/src/account-manager/db/schema/token.ts +0 -38
  41. package/src/account-manager/db/schema/used-refresh-token.ts +0 -13
  42. package/src/account-manager/helpers/account-device.ts +0 -63
  43. package/src/account-manager/helpers/account.ts +0 -355
  44. package/src/account-manager/helpers/auth.ts +0 -222
  45. package/src/account-manager/helpers/authorization-request.ts +0 -90
  46. package/src/account-manager/helpers/authorized-client.ts +0 -75
  47. package/src/account-manager/helpers/device.ts +0 -47
  48. package/src/account-manager/helpers/email-token.ts +0 -87
  49. package/src/account-manager/helpers/invite.ts +0 -263
  50. package/src/account-manager/helpers/lexicon.ts +0 -67
  51. package/src/account-manager/helpers/password.ts +0 -136
  52. package/src/account-manager/helpers/repo.ts +0 -24
  53. package/src/account-manager/helpers/scrypt.ts +0 -53
  54. package/src/account-manager/helpers/token.ts +0 -158
  55. package/src/account-manager/helpers/used-refresh-token.ts +0 -30
  56. package/src/account-manager/oauth-store.ts +0 -880
  57. package/src/account-manager/scope-reference-getter.ts +0 -106
  58. package/src/actor-store/actor-store-reader.ts +0 -45
  59. package/src/actor-store/actor-store-resources.ts +0 -8
  60. package/src/actor-store/actor-store-transactor.ts +0 -31
  61. package/src/actor-store/actor-store-writer.ts +0 -17
  62. package/src/actor-store/actor-store.ts +0 -210
  63. package/src/actor-store/blob/reader.ts +0 -160
  64. package/src/actor-store/blob/transactor.ts +0 -383
  65. package/src/actor-store/db/index.ts +0 -20
  66. package/src/actor-store/db/migrations/001-init.ts +0 -105
  67. package/src/actor-store/db/migrations/index.ts +0 -5
  68. package/src/actor-store/db/schema/account-pref.ts +0 -11
  69. package/src/actor-store/db/schema/backlink.ts +0 -9
  70. package/src/actor-store/db/schema/blob.ts +0 -14
  71. package/src/actor-store/db/schema/index.ts +0 -23
  72. package/src/actor-store/db/schema/record-blob.ts +0 -8
  73. package/src/actor-store/db/schema/record.ts +0 -14
  74. package/src/actor-store/db/schema/repo-block.ts +0 -10
  75. package/src/actor-store/db/schema/repo-root.ts +0 -10
  76. package/src/actor-store/migrate.ts +0 -39
  77. package/src/actor-store/preference/reader.ts +0 -48
  78. package/src/actor-store/preference/transactor.ts +0 -55
  79. package/src/actor-store/preference/util.ts +0 -39
  80. package/src/actor-store/record/reader.ts +0 -374
  81. package/src/actor-store/record/transactor.ts +0 -111
  82. package/src/actor-store/repo/reader.ts +0 -31
  83. package/src/actor-store/repo/sql-repo-reader.ts +0 -150
  84. package/src/actor-store/repo/sql-repo-transactor.ts +0 -105
  85. package/src/actor-store/repo/transactor.ts +0 -227
  86. package/src/api/app/bsky/actor/getPreferences.ts +0 -57
  87. package/src/api/app/bsky/actor/getProfile.ts +0 -41
  88. package/src/api/app/bsky/actor/getProfiles.ts +0 -51
  89. package/src/api/app/bsky/actor/index.ts +0 -13
  90. package/src/api/app/bsky/actor/putPreferences.ts +0 -62
  91. package/src/api/app/bsky/feed/getActorLikes.ts +0 -63
  92. package/src/api/app/bsky/feed/getAuthorFeed.ts +0 -84
  93. package/src/api/app/bsky/feed/getFeed.ts +0 -47
  94. package/src/api/app/bsky/feed/getPostThread.ts +0 -251
  95. package/src/api/app/bsky/feed/getTimeline.ts +0 -50
  96. package/src/api/app/bsky/feed/index.ts +0 -15
  97. package/src/api/app/bsky/index.ts +0 -11
  98. package/src/api/app/bsky/notification/index.ts +0 -7
  99. package/src/api/app/bsky/notification/registerPush.ts +0 -71
  100. package/src/api/app/bsky/util/resolver.ts +0 -20
  101. package/src/api/com/atproto/admin/deleteAccount.ts +0 -22
  102. package/src/api/com/atproto/admin/disableAccountInvites.ts +0 -18
  103. package/src/api/com/atproto/admin/disableInviteCodes.ts +0 -21
  104. package/src/api/com/atproto/admin/enableAccountInvites.ts +0 -18
  105. package/src/api/com/atproto/admin/getAccountInfo.ts +0 -32
  106. package/src/api/com/atproto/admin/getAccountInfos.ts +0 -34
  107. package/src/api/com/atproto/admin/getInviteCodes.ts +0 -126
  108. package/src/api/com/atproto/admin/getSubjectStatus.ts +0 -76
  109. package/src/api/com/atproto/admin/index.ts +0 -31
  110. package/src/api/com/atproto/admin/sendEmail.ts +0 -47
  111. package/src/api/com/atproto/admin/updateAccountEmail.ts +0 -32
  112. package/src/api/com/atproto/admin/updateAccountHandle.ts +0 -47
  113. package/src/api/com/atproto/admin/updateAccountPassword.ts +0 -34
  114. package/src/api/com/atproto/admin/updateSubjectStatus.ts +0 -68
  115. package/src/api/com/atproto/admin/util.ts +0 -66
  116. package/src/api/com/atproto/identity/getRecommendedDidCredentials.ts +0 -50
  117. package/src/api/com/atproto/identity/index.ts +0 -17
  118. package/src/api/com/atproto/identity/requestPlcOperationSignature.ts +0 -59
  119. package/src/api/com/atproto/identity/resolveHandle.ts +0 -50
  120. package/src/api/com/atproto/identity/signPlcOperation.ts +0 -85
  121. package/src/api/com/atproto/identity/submitPlcOperation.ts +0 -65
  122. package/src/api/com/atproto/identity/updateHandle.ts +0 -66
  123. package/src/api/com/atproto/index.ts +0 -19
  124. package/src/api/com/atproto/moderation/createReport.ts +0 -41
  125. package/src/api/com/atproto/moderation/index.ts +0 -7
  126. package/src/api/com/atproto/repo/applyWrites.ts +0 -226
  127. package/src/api/com/atproto/repo/createRecord.ts +0 -143
  128. package/src/api/com/atproto/repo/deleteRecord.ts +0 -122
  129. package/src/api/com/atproto/repo/describeRepo.ts +0 -43
  130. package/src/api/com/atproto/repo/getRecord.ts +0 -40
  131. package/src/api/com/atproto/repo/importRepo.ts +0 -101
  132. package/src/api/com/atproto/repo/index.ts +0 -25
  133. package/src/api/com/atproto/repo/listMissingBlobs.ts +0 -29
  134. package/src/api/com/atproto/repo/listRecords.ts +0 -36
  135. package/src/api/com/atproto/repo/putRecord.ts +0 -211
  136. package/src/api/com/atproto/repo/uploadBlob.ts +0 -60
  137. package/src/api/com/atproto/server/activateAccount.ts +0 -37
  138. package/src/api/com/atproto/server/checkAccountStatus.ts +0 -51
  139. package/src/api/com/atproto/server/confirmEmail.ts +0 -39
  140. package/src/api/com/atproto/server/createAccount.ts +0 -327
  141. package/src/api/com/atproto/server/createAppPassword.ts +0 -53
  142. package/src/api/com/atproto/server/createInviteCode.ts +0 -38
  143. package/src/api/com/atproto/server/createInviteCodes.ts +0 -42
  144. package/src/api/com/atproto/server/createSession.ts +0 -97
  145. package/src/api/com/atproto/server/deactivateAccount.ts +0 -41
  146. package/src/api/com/atproto/server/deleteAccount.ts +0 -85
  147. package/src/api/com/atproto/server/deleteSession.ts +0 -23
  148. package/src/api/com/atproto/server/describeServer.ts +0 -29
  149. package/src/api/com/atproto/server/getAccountInviteCodes.ts +0 -142
  150. package/src/api/com/atproto/server/getServiceAuth.ts +0 -111
  151. package/src/api/com/atproto/server/getSession.ts +0 -80
  152. package/src/api/com/atproto/server/index.ts +0 -55
  153. package/src/api/com/atproto/server/listAppPasswords.ts +0 -45
  154. package/src/api/com/atproto/server/refreshSession.ts +0 -72
  155. package/src/api/com/atproto/server/requestAccountDelete.ts +0 -66
  156. package/src/api/com/atproto/server/requestEmailConfirmation.ts +0 -68
  157. package/src/api/com/atproto/server/requestEmailUpdate.ts +0 -86
  158. package/src/api/com/atproto/server/requestPasswordReset.ts +0 -52
  159. package/src/api/com/atproto/server/reserveSigningKey.ts +0 -15
  160. package/src/api/com/atproto/server/resetPassword.ts +0 -50
  161. package/src/api/com/atproto/server/revokeAppPassword.ts +0 -42
  162. package/src/api/com/atproto/server/updateEmail.ts +0 -52
  163. package/src/api/com/atproto/server/util.ts +0 -136
  164. package/src/api/com/atproto/sync/deprecated/getCheckout.ts +0 -27
  165. package/src/api/com/atproto/sync/deprecated/getHead.ts +0 -33
  166. package/src/api/com/atproto/sync/getBlob.ts +0 -61
  167. package/src/api/com/atproto/sync/getBlocks.ts +0 -37
  168. package/src/api/com/atproto/sync/getLatestCommit.ts +0 -33
  169. package/src/api/com/atproto/sync/getRecord.ts +0 -49
  170. package/src/api/com/atproto/sync/getRepo.ts +0 -75
  171. package/src/api/com/atproto/sync/getRepoStatus.ts +0 -34
  172. package/src/api/com/atproto/sync/index.ts +0 -27
  173. package/src/api/com/atproto/sync/listBlobs.ts +0 -33
  174. package/src/api/com/atproto/sync/listRepos.ts +0 -74
  175. package/src/api/com/atproto/sync/subscribeRepos.ts +0 -73
  176. package/src/api/com/atproto/sync/util.ts +0 -37
  177. package/src/api/com/atproto/temp/checkSignupQueue.ts +0 -34
  178. package/src/api/com/atproto/temp/index.ts +0 -7
  179. package/src/api/index.ts +0 -10
  180. package/src/api/proxy.ts +0 -44
  181. package/src/app-view.ts +0 -24
  182. package/src/auth-output.ts +0 -52
  183. package/src/auth-routes.ts +0 -64
  184. package/src/auth-scope.ts +0 -40
  185. package/src/auth-verifier.ts +0 -668
  186. package/src/background.ts +0 -65
  187. package/src/basic-routes.ts +0 -52
  188. package/src/bsky-app-view.ts +0 -33
  189. package/src/config/config.ts +0 -553
  190. package/src/config/env.ts +0 -167
  191. package/src/config/index.ts +0 -3
  192. package/src/config/secrets.ts +0 -54
  193. package/src/context.ts +0 -523
  194. package/src/crawlers.ts +0 -46
  195. package/src/db/cast.ts +0 -52
  196. package/src/db/db.ts +0 -140
  197. package/src/db/index.ts +0 -4
  198. package/src/db/migrator.ts +0 -40
  199. package/src/db/pagination.ts +0 -132
  200. package/src/db/tables/moderation.ts +0 -80
  201. package/src/db/util.ts +0 -108
  202. package/src/did-cache/db/index.ts +0 -21
  203. package/src/did-cache/db/migrations.ts +0 -17
  204. package/src/did-cache/db/schema.ts +0 -9
  205. package/src/did-cache/index.ts +0 -131
  206. package/src/disk-blobstore.ts +0 -172
  207. package/src/error.ts +0 -19
  208. package/src/handle/explicit-slurs.ts +0 -22
  209. package/src/handle/index.ts +0 -49
  210. package/src/handle/reserved.ts +0 -1059
  211. package/src/image/image-url-builder.ts +0 -16
  212. package/src/index.ts +0 -189
  213. package/src/lexicons.ts +0 -4
  214. package/src/logger.ts +0 -35
  215. package/src/mailer/index.ts +0 -111
  216. package/src/mailer/moderation.ts +0 -33
  217. package/src/mailer/templates/confirm-email.d.ts +0 -4
  218. package/src/mailer/templates/confirm-email.hbs +0 -158
  219. package/src/mailer/templates/delete-account.d.ts +0 -4
  220. package/src/mailer/templates/delete-account.hbs +0 -156
  221. package/src/mailer/templates/plc-operation.d.ts +0 -4
  222. package/src/mailer/templates/plc-operation.hbs +0 -153
  223. package/src/mailer/templates/reset-password.d.ts +0 -4
  224. package/src/mailer/templates/reset-password.hbs +0 -154
  225. package/src/mailer/templates/update-email.d.ts +0 -4
  226. package/src/mailer/templates/update-email.hbs +0 -153
  227. package/src/mailer/templates.ts +0 -17
  228. package/src/pipethrough.ts +0 -716
  229. package/src/rate-limits.ts +0 -59
  230. package/src/read-after-write/index.ts +0 -3
  231. package/src/read-after-write/types.ts +0 -35
  232. package/src/read-after-write/util.ts +0 -101
  233. package/src/read-after-write/viewer.ts +0 -290
  234. package/src/redis.ts +0 -25
  235. package/src/repo/index.ts +0 -2
  236. package/src/repo/prepare.ts +0 -266
  237. package/src/repo/types.ts +0 -65
  238. package/src/scripts/README.md +0 -40
  239. package/src/scripts/index.ts +0 -20
  240. package/src/scripts/publish-identity.ts +0 -60
  241. package/src/scripts/rebuild-repo.ts +0 -119
  242. package/src/scripts/rotate-keys.ts +0 -146
  243. package/src/scripts/sequencer-recovery/index.ts +0 -23
  244. package/src/scripts/sequencer-recovery/recoverer.ts +0 -297
  245. package/src/scripts/sequencer-recovery/recovery-db.ts +0 -65
  246. package/src/scripts/sequencer-recovery/repair-repos.ts +0 -49
  247. package/src/scripts/sequencer-recovery/user-queues.ts +0 -44
  248. package/src/scripts/util.ts +0 -7
  249. package/src/sequencer/db/index.ts +0 -21
  250. package/src/sequencer/db/migrations/001-init.ts +0 -35
  251. package/src/sequencer/db/migrations/index.ts +0 -5
  252. package/src/sequencer/db/schema.ts +0 -19
  253. package/src/sequencer/events.ts +0 -199
  254. package/src/sequencer/index.ts +0 -3
  255. package/src/sequencer/outbox.ts +0 -123
  256. package/src/sequencer/sequencer.ts +0 -290
  257. package/src/util/compression.ts +0 -16
  258. package/src/util/debug.ts +0 -10
  259. package/src/util/http.ts +0 -31
  260. package/src/util/types.ts +0 -7
  261. package/src/well-known.ts +0 -30
  262. package/test.env +0 -2
  263. package/tests/__snapshots__/takedown-appeal.test.ts.snap +0 -43
  264. package/tests/_oauth_client_assets_middleware.ts +0 -23
  265. package/tests/_puppeteer.ts +0 -147
  266. package/tests/_types.d.ts +0 -16
  267. package/tests/_util.ts +0 -191
  268. package/tests/account-deactivation.test.ts +0 -204
  269. package/tests/account-deletion.test.ts +0 -300
  270. package/tests/account-manager.test.ts +0 -462
  271. package/tests/account-migration.test.ts +0 -221
  272. package/tests/account-status.test.ts +0 -206
  273. package/tests/account.test.ts +0 -595
  274. package/tests/app-passwords.test.ts +0 -262
  275. package/tests/auth.test.ts +0 -405
  276. package/tests/blob-deletes.test.ts +0 -204
  277. package/tests/create-post.test.ts +0 -79
  278. package/tests/crud.test.ts +0 -1595
  279. package/tests/db.test.ts +0 -170
  280. package/tests/email-confirmation.test.ts +0 -227
  281. package/tests/entryway-mock.ts +0 -323
  282. package/tests/entryway.test.ts +0 -145
  283. package/tests/file-uploads.test.ts +0 -301
  284. package/tests/get-service-auth.test.ts +0 -81
  285. package/tests/handle-validation.test.ts +0 -56
  286. package/tests/handles.test.ts +0 -274
  287. package/tests/invite-codes.test.ts +0 -367
  288. package/tests/invites-admin.test.ts +0 -252
  289. package/tests/moderation.test.ts +0 -280
  290. package/tests/moderator-auth.test.ts +0 -177
  291. package/tests/oauth.test.ts +0 -334
  292. package/tests/plc-operations.test.ts +0 -239
  293. package/tests/preferences.test.ts +0 -352
  294. package/tests/proxied/__snapshots__/admin.test.ts.snap +0 -516
  295. package/tests/proxied/__snapshots__/feedgen.test.ts.snap +0 -215
  296. package/tests/proxied/__snapshots__/views.test.ts.snap +0 -4456
  297. package/tests/proxied/admin.test.ts +0 -340
  298. package/tests/proxied/feedgen.test.ts +0 -66
  299. package/tests/proxied/notif.test.ts +0 -85
  300. package/tests/proxied/procedures.test.ts +0 -175
  301. package/tests/proxied/proxy-catchall.test.ts +0 -256
  302. package/tests/proxied/proxy-header.test.ts +0 -239
  303. package/tests/proxied/proxy-oauth-aud.test.ts +0 -182
  304. package/tests/proxied/read-after-write.test.ts +0 -382
  305. package/tests/proxied/views.test.ts +0 -608
  306. package/tests/races.test.ts +0 -89
  307. package/tests/rate-limits.test.ts +0 -70
  308. package/tests/recovery.test.ts +0 -180
  309. package/tests/seeds/basic.ts +0 -165
  310. package/tests/seeds/follows.ts +0 -57
  311. package/tests/seeds/likes.ts +0 -14
  312. package/tests/seeds/reposts.ts +0 -18
  313. package/tests/seeds/thread.ts +0 -40
  314. package/tests/seeds/users-bulk.ts +0 -246
  315. package/tests/seeds/users.ts +0 -67
  316. package/tests/sequencer.test.ts +0 -251
  317. package/tests/server.test.ts +0 -151
  318. package/tests/sync/invertible-ops.test.ts +0 -99
  319. package/tests/sync/list.test.ts +0 -43
  320. package/tests/sync/subscribe-repos.test.ts +0 -672
  321. package/tests/sync/sync.test.ts +0 -316
  322. package/tests/takedown-appeal.test.ts +0 -166
  323. package/tsconfig.build.json +0 -9
  324. package/tsconfig.build.tsbuildinfo +0 -1
  325. package/tsconfig.json +0 -7
  326. package/tsconfig.tests.json +0 -8
package/src/context.ts DELETED
@@ -1,523 +0,0 @@
1
- import assert from 'node:assert'
2
- import * as plc from '@did-plc/lib'
3
- import express from 'express'
4
- import { Redis } from 'ioredis'
5
- import * as nodemailer from 'nodemailer'
6
- import * as ui8 from 'uint8arrays'
7
- import * as undici from 'undici'
8
- import { KmsKeypair, S3BlobStore } from '@atproto/aws'
9
- import * as crypto from '@atproto/crypto'
10
- import { IdResolver } from '@atproto/identity'
11
- import { Client } from '@atproto/lex'
12
- import {
13
- AccessTokenMode,
14
- JoseKey,
15
- LexResolver,
16
- OAuthProvider,
17
- OAuthVerifier,
18
- } from '@atproto/oauth-provider'
19
- import { BlobStore } from '@atproto/repo'
20
- import {
21
- createServiceAuthHeaders,
22
- createServiceJwt,
23
- } from '@atproto/xrpc-server'
24
- import { Fetch, safeFetchWrap } from '@atproto-labs/fetch-node'
25
- import { AccountManager } from './account-manager/account-manager.js'
26
- import { OAuthStore } from './account-manager/oauth-store.js'
27
- import { ScopeReferenceGetter } from './account-manager/scope-reference-getter.js'
28
- import { ActorStore } from './actor-store/actor-store.js'
29
- import { authPassthru, forwardedFor } from './api/proxy.js'
30
- import {
31
- AuthVerifier,
32
- createPublicKeyObject,
33
- createSecretKeyObject,
34
- } from './auth-verifier.js'
35
- import { BackgroundQueue } from './background.js'
36
- import { BskyAppView } from './bsky-app-view.js'
37
- import { ServerConfig, ServerSecrets } from './config/index.js'
38
- import { Crawlers } from './crawlers.js'
39
- import { DidSqliteCache } from './did-cache/index.js'
40
- import { DiskBlobStore } from './disk-blobstore.js'
41
- import { ImageUrlBuilder } from './image/image-url-builder.js'
42
- import { fetchLogger, lexiconResolverLogger, oauthLogger } from './logger.js'
43
- import { ServerMailer } from './mailer/index.js'
44
- import { ModerationMailer } from './mailer/moderation.js'
45
- import { buildProxyAgent } from './pipethrough.js'
46
- import { LocalViewer, LocalViewerCreator } from './read-after-write/viewer.js'
47
- import { getRedisClient } from './redis.js'
48
- import { Sequencer } from './sequencer/index.js'
49
-
50
- export type AppContextOptions = {
51
- actorStore: ActorStore
52
- blobstore: (did: string) => BlobStore
53
- localViewer: LocalViewerCreator
54
- mailer: ServerMailer
55
- moderationMailer: ModerationMailer
56
- didCache: DidSqliteCache
57
- idResolver: IdResolver
58
- plcClient: plc.Client
59
- accountManager: AccountManager
60
- sequencer: Sequencer
61
- backgroundQueue: BackgroundQueue
62
- redisScratch?: Redis
63
- crawlers: Crawlers
64
- bskyAppView?: BskyAppView
65
- moderationClient?: Client
66
- reportingClient?: Client
67
- entrywayClient?: Client
68
- entrywayAdminClient?: Client
69
- proxyAgent: undici.Dispatcher
70
- safeFetch: Fetch
71
- oauthProvider?: OAuthProvider
72
- authVerifier: AuthVerifier
73
- plcRotationKey: crypto.Keypair
74
- cfg: ServerConfig
75
- }
76
-
77
- export class AppContext {
78
- public actorStore: ActorStore
79
- public blobstore: (did: string) => BlobStore
80
- public localViewer: LocalViewerCreator
81
- public mailer: ServerMailer
82
- public moderationMailer: ModerationMailer
83
- public didCache: DidSqliteCache
84
- public idResolver: IdResolver
85
- public plcClient: plc.Client
86
- public accountManager: AccountManager
87
- public sequencer: Sequencer
88
- public backgroundQueue: BackgroundQueue
89
- public redisScratch?: Redis
90
- public crawlers: Crawlers
91
- public bskyAppView?: BskyAppView
92
- public moderationClient: Client | undefined
93
- public reportingClient: Client | undefined
94
- public entrywayClient: Client | undefined
95
- public entrywayAdminClient: Client | undefined
96
- public proxyAgent: undici.Dispatcher
97
- public safeFetch: Fetch
98
- public authVerifier: AuthVerifier
99
- public oauthProvider?: OAuthProvider
100
- public plcRotationKey: crypto.Keypair
101
- public cfg: ServerConfig
102
-
103
- constructor(opts: AppContextOptions) {
104
- this.actorStore = opts.actorStore
105
- this.blobstore = opts.blobstore
106
- this.localViewer = opts.localViewer
107
- this.mailer = opts.mailer
108
- this.moderationMailer = opts.moderationMailer
109
- this.didCache = opts.didCache
110
- this.idResolver = opts.idResolver
111
- this.plcClient = opts.plcClient
112
- this.accountManager = opts.accountManager
113
- this.sequencer = opts.sequencer
114
- this.backgroundQueue = opts.backgroundQueue
115
- this.redisScratch = opts.redisScratch
116
- this.crawlers = opts.crawlers
117
- this.bskyAppView = opts.bskyAppView
118
- this.moderationClient = opts.moderationClient
119
- this.reportingClient = opts.reportingClient
120
- this.entrywayClient = opts.entrywayClient
121
- this.entrywayAdminClient = opts.entrywayAdminClient
122
- this.proxyAgent = opts.proxyAgent
123
- this.safeFetch = opts.safeFetch
124
- this.authVerifier = opts.authVerifier
125
- this.oauthProvider = opts.oauthProvider
126
- this.plcRotationKey = opts.plcRotationKey
127
- this.cfg = opts.cfg
128
- }
129
-
130
- static async fromConfig(
131
- cfg: ServerConfig,
132
- secrets: ServerSecrets,
133
- overrides?: Partial<AppContextOptions>,
134
- ): Promise<AppContext> {
135
- const blobstore =
136
- cfg.blobstore.provider === 's3'
137
- ? S3BlobStore.creator({
138
- bucket: cfg.blobstore.bucket,
139
- region: cfg.blobstore.region,
140
- endpoint: cfg.blobstore.endpoint,
141
- forcePathStyle: cfg.blobstore.forcePathStyle,
142
- credentials: cfg.blobstore.credentials,
143
- uploadTimeoutMs: cfg.blobstore.uploadTimeoutMs,
144
- })
145
- : DiskBlobStore.creator(
146
- cfg.blobstore.location,
147
- cfg.blobstore.tempLocation,
148
- )
149
-
150
- const mailTransport =
151
- cfg.email !== null
152
- ? nodemailer.createTransport(cfg.email.smtpUrl)
153
- : nodemailer.createTransport({ jsonTransport: true })
154
-
155
- const mailer = new ServerMailer(mailTransport, cfg.email, cfg.branding)
156
-
157
- const modMailTransport =
158
- cfg.moderationEmail !== null
159
- ? nodemailer.createTransport(cfg.moderationEmail.smtpUrl)
160
- : nodemailer.createTransport({ jsonTransport: true })
161
-
162
- const moderationMailer = new ModerationMailer(modMailTransport, cfg)
163
-
164
- const didCache = new DidSqliteCache(
165
- cfg.db.didCacheDbLoc,
166
- cfg.identity.cacheStaleTTL,
167
- cfg.identity.cacheMaxTTL,
168
- cfg.db.disableWalAutoCheckpoint,
169
- )
170
- await didCache.migrateOrThrow()
171
-
172
- const idResolver = new IdResolver({
173
- plcUrl: cfg.identity.plcUrl,
174
- didCache,
175
- timeout: cfg.identity.resolverTimeout,
176
- backupNameservers: cfg.identity.handleBackupNameservers,
177
- })
178
- const plcClient = new plc.Client(cfg.identity.plcUrl)
179
-
180
- const backgroundQueue = new BackgroundQueue(undefined, { concurrency: 5 })
181
- const crawlers = new Crawlers(
182
- backgroundQueue,
183
- cfg.service.hostname,
184
- cfg.crawlers,
185
- )
186
- const sequencer = new Sequencer(
187
- cfg.db.sequencerDbLoc,
188
- crawlers,
189
- undefined,
190
- cfg.db.disableWalAutoCheckpoint,
191
- )
192
- const redisScratch = cfg.redis
193
- ? getRedisClient(cfg.redis.address, cfg.redis.password)
194
- : undefined
195
-
196
- const bskyAppView = cfg.bskyAppView
197
- ? new BskyAppView({
198
- ...cfg.bskyAppView,
199
- validateResponse: cfg.service.devMode,
200
- })
201
- : undefined
202
-
203
- const moderationClient = cfg.modService
204
- ? new Client(
205
- { service: cfg.modService.url },
206
- {
207
- // Trust internal services to send us well-formed responses
208
- strictResponseProcessing: false,
209
- validateResponse: cfg.service.devMode,
210
- },
211
- )
212
- : undefined
213
- const reportingClient = cfg.reportService
214
- ? new Client(
215
- { service: cfg.reportService.url },
216
- {
217
- // Trust internal services to send us well-formed responses
218
- strictResponseProcessing: false,
219
- validateResponse: cfg.service.devMode,
220
- },
221
- )
222
- : undefined
223
- const entrywayClient = cfg.entryway
224
- ? new Client(
225
- { service: cfg.entryway.url },
226
- {
227
- // Trust internal services to send us well-formed responses
228
- strictResponseProcessing: false,
229
- validateResponse: cfg.service.devMode,
230
- },
231
- )
232
- : undefined
233
- const entrywayAdminClient =
234
- cfg.entryway && secrets.entrywayAdminToken
235
- ? new Client(
236
- { service: cfg.entryway.url },
237
- {
238
- headers: {
239
- authorization: basicAuthHeader(
240
- 'admin',
241
- secrets.entrywayAdminToken,
242
- ),
243
- },
244
- // Trust internal services to send us well-formed responses
245
- strictResponseProcessing: false,
246
- validateResponse: cfg.service.devMode,
247
- },
248
- )
249
- : undefined
250
-
251
- const jwtSecretKey = createSecretKeyObject(secrets.jwtSecret)
252
- const jwtPublicKey = cfg.entryway
253
- ? createPublicKeyObject(cfg.entryway.jwtPublicKeyHex)
254
- : null
255
-
256
- const imageUrlBuilder = new ImageUrlBuilder(
257
- cfg.service.hostname,
258
- bskyAppView,
259
- )
260
-
261
- const actorStore = new ActorStore(cfg.actorStore, {
262
- blobstore,
263
- backgroundQueue,
264
- })
265
-
266
- const plcRotationKey =
267
- secrets.plcRotationKey.provider === 'kms'
268
- ? await KmsKeypair.load({
269
- keyId: secrets.plcRotationKey.keyId,
270
- })
271
- : await crypto.Secp256k1Keypair.import(
272
- secrets.plcRotationKey.privateKeyHex,
273
- )
274
-
275
- const accountManager = new AccountManager(
276
- cfg,
277
- actorStore,
278
- idResolver,
279
- jwtSecretKey,
280
- mailer,
281
- sequencer,
282
- plcClient,
283
- plcRotationKey,
284
- )
285
- await accountManager.migrateOrThrow()
286
-
287
- const localViewer = LocalViewer.creator(
288
- accountManager,
289
- imageUrlBuilder,
290
- bskyAppView,
291
- )
292
-
293
- // An agent for performing HTTP requests based on user provided URLs.
294
- const proxyAgent = buildProxyAgent(cfg.proxy)
295
-
296
- /**
297
- * A fetch() function that protects against SSRF attacks, large responses &
298
- * known bad domains. This function can safely be used to fetch user
299
- * provided URLs (unless "disableSsrfProtection" is true, of course).
300
- *
301
- * @note **DO NOT** wrap `safeFetch` with any logging or other transforms as
302
- * this might prevent the use of explicit `redirect: "follow"` init from
303
- * working. See {@link safeFetchWrap}.
304
- */
305
- const safeFetch = safeFetchWrap({
306
- allowIpHost: false,
307
- allowImplicitRedirect: false,
308
- responseMaxSize: cfg.fetch.maxResponseSize,
309
- ssrfProtection: !cfg.fetch.disableSsrfProtection,
310
-
311
- fetch: function (input, init) {
312
- const method =
313
- init?.method ?? (input instanceof Request ? input.method : 'GET')
314
- const uri = input instanceof Request ? input.url : String(input)
315
-
316
- fetchLogger.info({ method, uri }, 'fetch')
317
-
318
- return globalThis.fetch.call(this, input, init)
319
- },
320
- })
321
-
322
- const oauthProvider = cfg.oauth.provider
323
- ? new OAuthProvider({
324
- issuer: cfg.oauth.issuer,
325
- keyset: [await JoseKey.fromKeyLike(jwtSecretKey, undefined, 'HS256')],
326
- store: new OAuthStore(
327
- accountManager,
328
- actorStore,
329
- imageUrlBuilder,
330
- backgroundQueue,
331
- mailer,
332
- sequencer,
333
- plcClient,
334
- plcRotationKey,
335
- cfg.service.publicUrl,
336
- cfg.identity.recoveryDidKey,
337
- ),
338
- redis: redisScratch,
339
- dpopSecret: secrets.dpopSecret,
340
- inviteCodeRequired: cfg.invites.required,
341
- availableUserDomains: cfg.identity.serviceHandleDomains,
342
- hcaptcha: cfg.oauth.provider.hcaptcha,
343
- branding: cfg.oauth.provider.branding,
344
- safeFetch,
345
- lexResolver: new LexResolver({
346
- fetch: safeFetch,
347
- plcDirectoryUrl: cfg.identity.plcUrl,
348
- hooks: {
349
- onResolveAuthority: ({ nsid }) => {
350
- lexiconResolverLogger.debug(
351
- { nsid: nsid.toString() },
352
- 'Resolving lexicon DID authority',
353
- )
354
- // Override the lexicon did resolution to point to a custom PDS
355
- return cfg.lexicon.didAuthority
356
- },
357
- onResolveAuthorityResult({ nsid, did }) {
358
- lexiconResolverLogger.info(
359
- { nsid: nsid.toString(), did },
360
- 'Resolved lexicon DID',
361
- )
362
- },
363
- onResolveAuthorityError({ nsid, err }) {
364
- lexiconResolverLogger.error(
365
- { nsid: nsid.toString(), err },
366
- 'Lexicon DID resolution error',
367
- )
368
- },
369
- onFetchResult({ uri, cid }) {
370
- lexiconResolverLogger.info(
371
- { uri: uri.toString(), cid: cid.toString() },
372
- 'Fetched lexicon',
373
- )
374
- },
375
- onFetchError({ err, uri }) {
376
- lexiconResolverLogger.error(
377
- { uri: uri.toString(), err },
378
- 'Lexicon fetch error',
379
- )
380
- },
381
- },
382
- }),
383
- metadata: {
384
- protected_resources: [new URL(cfg.oauth.issuer).origin],
385
- },
386
- // If the PDS is both an authorization server & resource server (no
387
- // entryway), we can afford to check the token validity on every
388
- // request. This allows revoked tokens to be rejected immediately.
389
- // This also allows JWT to be shorter since some claims (notably the
390
- // "scope" claim) do not need to be included in the token.
391
- accessTokenMode: AccessTokenMode.stateful,
392
-
393
- getClientInfo(clientId) {
394
- return {
395
- isTrusted: cfg.oauth.provider?.trustedClients?.includes(clientId),
396
- }
397
- },
398
- })
399
- : undefined
400
-
401
- const scopeRefGetter = entrywayClient
402
- ? new ScopeReferenceGetter(entrywayClient, redisScratch)
403
- : undefined
404
-
405
- const oauthVerifier: OAuthVerifier =
406
- oauthProvider ?? // OAuthProvider extends OAuthVerifier
407
- new OAuthVerifier({
408
- issuer: cfg.oauth.issuer,
409
- keyset: [await JoseKey.fromKeyLike(jwtPublicKey!, undefined, 'ES256K')],
410
- dpopSecret: secrets.dpopSecret,
411
- redis: redisScratch,
412
- onDecodeToken: async ({ payload, dpopProof }) => {
413
- // @TODO drop this once oauth provider no longer accepts DPoP proof with
414
- // query or fragment in "htu" claim.
415
- if (dpopProof?.htu.match(/[?#]/)) {
416
- oauthLogger.info(
417
- { htu: dpopProof.htu, client_id: payload.client_id },
418
- 'DPoP proof "htu" contains query or fragment',
419
- )
420
- }
421
-
422
- if (scopeRefGetter) {
423
- payload.scope = await scopeRefGetter.dereference(payload.scope)
424
- }
425
-
426
- return payload
427
- },
428
- })
429
-
430
- const authVerifier = new AuthVerifier(
431
- accountManager,
432
- idResolver,
433
- oauthVerifier,
434
- {
435
- publicUrl: cfg.service.publicUrl,
436
- jwtKey: jwtPublicKey ?? jwtSecretKey,
437
- adminPass: secrets.adminPassword,
438
- dids: {
439
- pds: cfg.service.did,
440
- entryway: cfg.entryway?.did,
441
- modService: cfg.modService?.did,
442
- },
443
- },
444
- )
445
-
446
- return new AppContext({
447
- actorStore,
448
- blobstore,
449
- localViewer,
450
- mailer,
451
- moderationMailer,
452
- didCache,
453
- idResolver,
454
- plcClient,
455
- accountManager,
456
- sequencer,
457
- backgroundQueue,
458
- redisScratch,
459
- crawlers,
460
- bskyAppView,
461
- moderationClient,
462
- reportingClient,
463
- entrywayClient,
464
- entrywayAdminClient,
465
- proxyAgent,
466
- safeFetch,
467
- authVerifier,
468
- oauthProvider,
469
- plcRotationKey,
470
- cfg,
471
- ...(overrides ?? {}),
472
- })
473
- }
474
-
475
- async appviewAuthHeaders(did: string, lxm: string) {
476
- assert(this.bskyAppView)
477
- return this.serviceAuthHeaders(did, this.bskyAppView.did, lxm)
478
- }
479
-
480
- async entrywayAuthHeaders(req: express.Request, did: string, lxm: string) {
481
- assert(this.cfg.entryway)
482
- const headers = await this.serviceAuthHeaders(
483
- did,
484
- this.cfg.entryway.did,
485
- lxm,
486
- )
487
- return forwardedFor(req, headers)
488
- }
489
-
490
- entrywayPassthruHeaders(req: express.Request) {
491
- return forwardedFor(req, authPassthru(req))
492
- }
493
-
494
- async serviceAuthHeaders(did: string, aud: string, lxm: string) {
495
- const keypair = await this.actorStore.keypair(did)
496
- return createServiceAuthHeaders({
497
- iss: did,
498
- aud,
499
- lxm,
500
- keypair,
501
- })
502
- }
503
-
504
- async serviceAuthJwt(did: string, aud: string, lxm: string) {
505
- const keypair = await this.actorStore.keypair(did)
506
- return createServiceJwt({
507
- iss: did,
508
- aud,
509
- lxm,
510
- keypair,
511
- })
512
- }
513
- }
514
-
515
- const basicAuthHeader = (username: string, password: string) => {
516
- const encoded = ui8.toString(
517
- ui8.fromString(`${username}:${password}`, 'utf8'),
518
- 'base64pad',
519
- )
520
- return `Basic ${encoded}`
521
- }
522
-
523
- export default AppContext
package/src/crawlers.ts DELETED
@@ -1,46 +0,0 @@
1
- import { xrpc } from '@atproto/lex'
2
- import { BackgroundQueue } from './background.js'
3
- import { com } from './lexicons/index.js'
4
- import { crawlerLogger as log } from './logger.js'
5
-
6
- const NOTIFY_THRESHOLD = 20 * 60e3
7
-
8
- export class Crawlers {
9
- private lastNotified = -Infinity
10
-
11
- constructor(
12
- private readonly backgroundQueue: BackgroundQueue,
13
- private readonly hostname: string,
14
- private readonly crawlers: Iterable<string>,
15
- ) {}
16
-
17
- notifyOfUpdate() {
18
- const now = Date.now()
19
- if (this.lastNotified < now - NOTIFY_THRESHOLD) {
20
- this.lastNotified = now
21
- this.requestCrawl()
22
- } else {
23
- // @TODO We should probably actually schedule (setTimeout) a crawl for
24
- // when the threshold is met, instead of just waiting for the next update
25
- // to trigger it. Not doing this now as it requires cleanup logic on
26
- // shutdown.
27
- }
28
- }
29
-
30
- private requestCrawl() {
31
- for (const crawler of this.crawlers) {
32
- this.backgroundQueue.add(async () => {
33
- try {
34
- await xrpc(crawler, com.atproto.sync.requestCrawl, {
35
- validateRequest: false,
36
- validateResponse: false,
37
- strictResponseProcessing: false,
38
- body: { hostname: this.hostname },
39
- })
40
- } catch (err) {
41
- log.warn({ err, crawler }, 'failed to request crawl')
42
- }
43
- })
44
- }
45
- }
46
- }
package/src/db/cast.ts DELETED
@@ -1,52 +0,0 @@
1
- export type DateISO = `${string}T${string}Z`
2
- export function toDateISO(date: Date) {
3
- return date.toISOString() as DateISO
4
- }
5
- export function fromDateISO(dateStr: DateISO) {
6
- return new Date(dateStr)
7
- }
8
-
9
- /**
10
- * Allows to ensure that {@link JsonEncoded} is not used with non-JSON
11
- * serializable values (e.g. {@link Date} or {@link Function}s).
12
- */
13
- export type Encodable =
14
- | string
15
- | number
16
- | boolean
17
- | null
18
- | readonly Encodable[]
19
- | { readonly [_ in string]?: Encodable }
20
-
21
- export type JsonString<T extends Encodable> = T extends readonly unknown[]
22
- ? `[${string}]`
23
- : T extends object
24
- ? `{${string}}`
25
- : T extends string
26
- ? `"${string}"`
27
- : T extends number
28
- ? `${number}`
29
- : T extends boolean
30
- ? `true` | `false`
31
- : T extends null
32
- ? `null`
33
- : never
34
-
35
- declare const jsonEncodedType: unique symbol
36
- export type JsonEncoded<T extends Encodable = Encodable> = JsonString<T> & {
37
- [jsonEncodedType]: T
38
- }
39
-
40
- export function toJson<T extends Encodable>(value: T): JsonEncoded<T> {
41
- const json = JSON.stringify(value)
42
- if (json === undefined) throw new TypeError('Input not JSONifyable')
43
- return json as JsonEncoded<T>
44
- }
45
-
46
- export function fromJson<T extends Encodable>(jsonStr: JsonEncoded<T>): T {
47
- try {
48
- return JSON.parse(jsonStr) as T
49
- } catch (cause) {
50
- throw new TypeError('Database contains invalid JSON', { cause })
51
- }
52
- }