@atproto/pds 0.5.12 → 0.5.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (326) hide show
  1. package/CHANGELOG.md +53 -0
  2. package/dist/api/app/bsky/notification/index.d.ts.map +1 -1
  3. package/dist/api/app/bsky/notification/index.js +2 -0
  4. package/dist/api/app/bsky/notification/index.js.map +1 -1
  5. package/dist/api/app/bsky/notification/unregisterPush.d.ts +4 -0
  6. package/dist/api/app/bsky/notification/unregisterPush.d.ts.map +1 -0
  7. package/dist/api/app/bsky/notification/unregisterPush.js +48 -0
  8. package/dist/api/app/bsky/notification/unregisterPush.js.map +1 -0
  9. package/dist/lexicons/app/bsky/actor/defs.defs.d.ts +6 -0
  10. package/dist/lexicons/app/bsky/actor/defs.defs.d.ts.map +1 -1
  11. package/dist/lexicons/app/bsky/actor/defs.defs.js +1 -0
  12. package/dist/lexicons/app/bsky/actor/defs.defs.js.map +1 -1
  13. package/package.json +42 -38
  14. package/build.templates.cjs +0 -22
  15. package/example.env +0 -42
  16. package/jest.config.cjs +0 -27
  17. package/src/account-manager/account-manager.ts +0 -916
  18. package/src/account-manager/db/index.ts +0 -21
  19. package/src/account-manager/db/migrations/001-init.ts +0 -115
  20. package/src/account-manager/db/migrations/002-account-deactivation.ts +0 -17
  21. package/src/account-manager/db/migrations/003-privileged-app-passwords.ts +0 -12
  22. package/src/account-manager/db/migrations/004-oauth.ts +0 -122
  23. package/src/account-manager/db/migrations/005-oauth-account-management.ts +0 -136
  24. package/src/account-manager/db/migrations/006-oauth-permission-sets.ts +0 -20
  25. package/src/account-manager/db/migrations/007-lexicon-failures-index.ts +0 -14
  26. package/src/account-manager/db/migrations/index.ts +0 -17
  27. package/src/account-manager/db/schema/account-device.ts +0 -14
  28. package/src/account-manager/db/schema/account.ts +0 -16
  29. package/src/account-manager/db/schema/actor.ts +0 -17
  30. package/src/account-manager/db/schema/app-password.ts +0 -13
  31. package/src/account-manager/db/schema/authorization-request.ts +0 -30
  32. package/src/account-manager/db/schema/authorized-client.ts +0 -23
  33. package/src/account-manager/db/schema/device.ts +0 -18
  34. package/src/account-manager/db/schema/email-token.ts +0 -19
  35. package/src/account-manager/db/schema/index.ts +0 -43
  36. package/src/account-manager/db/schema/invite-code.ts +0 -24
  37. package/src/account-manager/db/schema/lexicon.ts +0 -15
  38. package/src/account-manager/db/schema/refresh-token.ts +0 -11
  39. package/src/account-manager/db/schema/repo-root.ts +0 -12
  40. package/src/account-manager/db/schema/token.ts +0 -38
  41. package/src/account-manager/db/schema/used-refresh-token.ts +0 -13
  42. package/src/account-manager/helpers/account-device.ts +0 -63
  43. package/src/account-manager/helpers/account.ts +0 -355
  44. package/src/account-manager/helpers/auth.ts +0 -222
  45. package/src/account-manager/helpers/authorization-request.ts +0 -90
  46. package/src/account-manager/helpers/authorized-client.ts +0 -75
  47. package/src/account-manager/helpers/device.ts +0 -47
  48. package/src/account-manager/helpers/email-token.ts +0 -87
  49. package/src/account-manager/helpers/invite.ts +0 -263
  50. package/src/account-manager/helpers/lexicon.ts +0 -67
  51. package/src/account-manager/helpers/password.ts +0 -136
  52. package/src/account-manager/helpers/repo.ts +0 -24
  53. package/src/account-manager/helpers/scrypt.ts +0 -53
  54. package/src/account-manager/helpers/token.ts +0 -158
  55. package/src/account-manager/helpers/used-refresh-token.ts +0 -30
  56. package/src/account-manager/oauth-store.ts +0 -880
  57. package/src/account-manager/scope-reference-getter.ts +0 -106
  58. package/src/actor-store/actor-store-reader.ts +0 -45
  59. package/src/actor-store/actor-store-resources.ts +0 -8
  60. package/src/actor-store/actor-store-transactor.ts +0 -31
  61. package/src/actor-store/actor-store-writer.ts +0 -17
  62. package/src/actor-store/actor-store.ts +0 -210
  63. package/src/actor-store/blob/reader.ts +0 -160
  64. package/src/actor-store/blob/transactor.ts +0 -383
  65. package/src/actor-store/db/index.ts +0 -20
  66. package/src/actor-store/db/migrations/001-init.ts +0 -105
  67. package/src/actor-store/db/migrations/index.ts +0 -5
  68. package/src/actor-store/db/schema/account-pref.ts +0 -11
  69. package/src/actor-store/db/schema/backlink.ts +0 -9
  70. package/src/actor-store/db/schema/blob.ts +0 -14
  71. package/src/actor-store/db/schema/index.ts +0 -23
  72. package/src/actor-store/db/schema/record-blob.ts +0 -8
  73. package/src/actor-store/db/schema/record.ts +0 -14
  74. package/src/actor-store/db/schema/repo-block.ts +0 -10
  75. package/src/actor-store/db/schema/repo-root.ts +0 -10
  76. package/src/actor-store/migrate.ts +0 -39
  77. package/src/actor-store/preference/reader.ts +0 -48
  78. package/src/actor-store/preference/transactor.ts +0 -55
  79. package/src/actor-store/preference/util.ts +0 -39
  80. package/src/actor-store/record/reader.ts +0 -374
  81. package/src/actor-store/record/transactor.ts +0 -111
  82. package/src/actor-store/repo/reader.ts +0 -31
  83. package/src/actor-store/repo/sql-repo-reader.ts +0 -150
  84. package/src/actor-store/repo/sql-repo-transactor.ts +0 -105
  85. package/src/actor-store/repo/transactor.ts +0 -227
  86. package/src/api/app/bsky/actor/getPreferences.ts +0 -57
  87. package/src/api/app/bsky/actor/getProfile.ts +0 -41
  88. package/src/api/app/bsky/actor/getProfiles.ts +0 -51
  89. package/src/api/app/bsky/actor/index.ts +0 -13
  90. package/src/api/app/bsky/actor/putPreferences.ts +0 -62
  91. package/src/api/app/bsky/feed/getActorLikes.ts +0 -63
  92. package/src/api/app/bsky/feed/getAuthorFeed.ts +0 -84
  93. package/src/api/app/bsky/feed/getFeed.ts +0 -47
  94. package/src/api/app/bsky/feed/getPostThread.ts +0 -251
  95. package/src/api/app/bsky/feed/getTimeline.ts +0 -50
  96. package/src/api/app/bsky/feed/index.ts +0 -15
  97. package/src/api/app/bsky/index.ts +0 -11
  98. package/src/api/app/bsky/notification/index.ts +0 -7
  99. package/src/api/app/bsky/notification/registerPush.ts +0 -71
  100. package/src/api/app/bsky/util/resolver.ts +0 -20
  101. package/src/api/com/atproto/admin/deleteAccount.ts +0 -22
  102. package/src/api/com/atproto/admin/disableAccountInvites.ts +0 -18
  103. package/src/api/com/atproto/admin/disableInviteCodes.ts +0 -21
  104. package/src/api/com/atproto/admin/enableAccountInvites.ts +0 -18
  105. package/src/api/com/atproto/admin/getAccountInfo.ts +0 -32
  106. package/src/api/com/atproto/admin/getAccountInfos.ts +0 -34
  107. package/src/api/com/atproto/admin/getInviteCodes.ts +0 -126
  108. package/src/api/com/atproto/admin/getSubjectStatus.ts +0 -76
  109. package/src/api/com/atproto/admin/index.ts +0 -31
  110. package/src/api/com/atproto/admin/sendEmail.ts +0 -47
  111. package/src/api/com/atproto/admin/updateAccountEmail.ts +0 -32
  112. package/src/api/com/atproto/admin/updateAccountHandle.ts +0 -47
  113. package/src/api/com/atproto/admin/updateAccountPassword.ts +0 -34
  114. package/src/api/com/atproto/admin/updateSubjectStatus.ts +0 -68
  115. package/src/api/com/atproto/admin/util.ts +0 -66
  116. package/src/api/com/atproto/identity/getRecommendedDidCredentials.ts +0 -50
  117. package/src/api/com/atproto/identity/index.ts +0 -17
  118. package/src/api/com/atproto/identity/requestPlcOperationSignature.ts +0 -59
  119. package/src/api/com/atproto/identity/resolveHandle.ts +0 -50
  120. package/src/api/com/atproto/identity/signPlcOperation.ts +0 -85
  121. package/src/api/com/atproto/identity/submitPlcOperation.ts +0 -65
  122. package/src/api/com/atproto/identity/updateHandle.ts +0 -66
  123. package/src/api/com/atproto/index.ts +0 -19
  124. package/src/api/com/atproto/moderation/createReport.ts +0 -41
  125. package/src/api/com/atproto/moderation/index.ts +0 -7
  126. package/src/api/com/atproto/repo/applyWrites.ts +0 -226
  127. package/src/api/com/atproto/repo/createRecord.ts +0 -143
  128. package/src/api/com/atproto/repo/deleteRecord.ts +0 -122
  129. package/src/api/com/atproto/repo/describeRepo.ts +0 -43
  130. package/src/api/com/atproto/repo/getRecord.ts +0 -40
  131. package/src/api/com/atproto/repo/importRepo.ts +0 -101
  132. package/src/api/com/atproto/repo/index.ts +0 -25
  133. package/src/api/com/atproto/repo/listMissingBlobs.ts +0 -29
  134. package/src/api/com/atproto/repo/listRecords.ts +0 -36
  135. package/src/api/com/atproto/repo/putRecord.ts +0 -211
  136. package/src/api/com/atproto/repo/uploadBlob.ts +0 -60
  137. package/src/api/com/atproto/server/activateAccount.ts +0 -37
  138. package/src/api/com/atproto/server/checkAccountStatus.ts +0 -51
  139. package/src/api/com/atproto/server/confirmEmail.ts +0 -39
  140. package/src/api/com/atproto/server/createAccount.ts +0 -327
  141. package/src/api/com/atproto/server/createAppPassword.ts +0 -53
  142. package/src/api/com/atproto/server/createInviteCode.ts +0 -38
  143. package/src/api/com/atproto/server/createInviteCodes.ts +0 -42
  144. package/src/api/com/atproto/server/createSession.ts +0 -97
  145. package/src/api/com/atproto/server/deactivateAccount.ts +0 -41
  146. package/src/api/com/atproto/server/deleteAccount.ts +0 -85
  147. package/src/api/com/atproto/server/deleteSession.ts +0 -23
  148. package/src/api/com/atproto/server/describeServer.ts +0 -29
  149. package/src/api/com/atproto/server/getAccountInviteCodes.ts +0 -142
  150. package/src/api/com/atproto/server/getServiceAuth.ts +0 -111
  151. package/src/api/com/atproto/server/getSession.ts +0 -80
  152. package/src/api/com/atproto/server/index.ts +0 -55
  153. package/src/api/com/atproto/server/listAppPasswords.ts +0 -45
  154. package/src/api/com/atproto/server/refreshSession.ts +0 -72
  155. package/src/api/com/atproto/server/requestAccountDelete.ts +0 -66
  156. package/src/api/com/atproto/server/requestEmailConfirmation.ts +0 -68
  157. package/src/api/com/atproto/server/requestEmailUpdate.ts +0 -86
  158. package/src/api/com/atproto/server/requestPasswordReset.ts +0 -52
  159. package/src/api/com/atproto/server/reserveSigningKey.ts +0 -15
  160. package/src/api/com/atproto/server/resetPassword.ts +0 -50
  161. package/src/api/com/atproto/server/revokeAppPassword.ts +0 -42
  162. package/src/api/com/atproto/server/updateEmail.ts +0 -52
  163. package/src/api/com/atproto/server/util.ts +0 -136
  164. package/src/api/com/atproto/sync/deprecated/getCheckout.ts +0 -27
  165. package/src/api/com/atproto/sync/deprecated/getHead.ts +0 -33
  166. package/src/api/com/atproto/sync/getBlob.ts +0 -61
  167. package/src/api/com/atproto/sync/getBlocks.ts +0 -37
  168. package/src/api/com/atproto/sync/getLatestCommit.ts +0 -33
  169. package/src/api/com/atproto/sync/getRecord.ts +0 -49
  170. package/src/api/com/atproto/sync/getRepo.ts +0 -75
  171. package/src/api/com/atproto/sync/getRepoStatus.ts +0 -34
  172. package/src/api/com/atproto/sync/index.ts +0 -27
  173. package/src/api/com/atproto/sync/listBlobs.ts +0 -33
  174. package/src/api/com/atproto/sync/listRepos.ts +0 -74
  175. package/src/api/com/atproto/sync/subscribeRepos.ts +0 -73
  176. package/src/api/com/atproto/sync/util.ts +0 -37
  177. package/src/api/com/atproto/temp/checkSignupQueue.ts +0 -34
  178. package/src/api/com/atproto/temp/index.ts +0 -7
  179. package/src/api/index.ts +0 -10
  180. package/src/api/proxy.ts +0 -44
  181. package/src/app-view.ts +0 -24
  182. package/src/auth-output.ts +0 -52
  183. package/src/auth-routes.ts +0 -64
  184. package/src/auth-scope.ts +0 -40
  185. package/src/auth-verifier.ts +0 -668
  186. package/src/background.ts +0 -65
  187. package/src/basic-routes.ts +0 -52
  188. package/src/bsky-app-view.ts +0 -33
  189. package/src/config/config.ts +0 -553
  190. package/src/config/env.ts +0 -167
  191. package/src/config/index.ts +0 -3
  192. package/src/config/secrets.ts +0 -54
  193. package/src/context.ts +0 -523
  194. package/src/crawlers.ts +0 -46
  195. package/src/db/cast.ts +0 -52
  196. package/src/db/db.ts +0 -140
  197. package/src/db/index.ts +0 -4
  198. package/src/db/migrator.ts +0 -40
  199. package/src/db/pagination.ts +0 -132
  200. package/src/db/tables/moderation.ts +0 -80
  201. package/src/db/util.ts +0 -108
  202. package/src/did-cache/db/index.ts +0 -21
  203. package/src/did-cache/db/migrations.ts +0 -17
  204. package/src/did-cache/db/schema.ts +0 -9
  205. package/src/did-cache/index.ts +0 -131
  206. package/src/disk-blobstore.ts +0 -172
  207. package/src/error.ts +0 -19
  208. package/src/handle/explicit-slurs.ts +0 -22
  209. package/src/handle/index.ts +0 -49
  210. package/src/handle/reserved.ts +0 -1059
  211. package/src/image/image-url-builder.ts +0 -16
  212. package/src/index.ts +0 -189
  213. package/src/lexicons.ts +0 -4
  214. package/src/logger.ts +0 -35
  215. package/src/mailer/index.ts +0 -111
  216. package/src/mailer/moderation.ts +0 -33
  217. package/src/mailer/templates/confirm-email.d.ts +0 -4
  218. package/src/mailer/templates/confirm-email.hbs +0 -158
  219. package/src/mailer/templates/delete-account.d.ts +0 -4
  220. package/src/mailer/templates/delete-account.hbs +0 -156
  221. package/src/mailer/templates/plc-operation.d.ts +0 -4
  222. package/src/mailer/templates/plc-operation.hbs +0 -153
  223. package/src/mailer/templates/reset-password.d.ts +0 -4
  224. package/src/mailer/templates/reset-password.hbs +0 -154
  225. package/src/mailer/templates/update-email.d.ts +0 -4
  226. package/src/mailer/templates/update-email.hbs +0 -153
  227. package/src/mailer/templates.ts +0 -17
  228. package/src/pipethrough.ts +0 -716
  229. package/src/rate-limits.ts +0 -59
  230. package/src/read-after-write/index.ts +0 -3
  231. package/src/read-after-write/types.ts +0 -35
  232. package/src/read-after-write/util.ts +0 -101
  233. package/src/read-after-write/viewer.ts +0 -290
  234. package/src/redis.ts +0 -25
  235. package/src/repo/index.ts +0 -2
  236. package/src/repo/prepare.ts +0 -266
  237. package/src/repo/types.ts +0 -65
  238. package/src/scripts/README.md +0 -40
  239. package/src/scripts/index.ts +0 -20
  240. package/src/scripts/publish-identity.ts +0 -60
  241. package/src/scripts/rebuild-repo.ts +0 -119
  242. package/src/scripts/rotate-keys.ts +0 -146
  243. package/src/scripts/sequencer-recovery/index.ts +0 -23
  244. package/src/scripts/sequencer-recovery/recoverer.ts +0 -297
  245. package/src/scripts/sequencer-recovery/recovery-db.ts +0 -65
  246. package/src/scripts/sequencer-recovery/repair-repos.ts +0 -49
  247. package/src/scripts/sequencer-recovery/user-queues.ts +0 -44
  248. package/src/scripts/util.ts +0 -7
  249. package/src/sequencer/db/index.ts +0 -21
  250. package/src/sequencer/db/migrations/001-init.ts +0 -35
  251. package/src/sequencer/db/migrations/index.ts +0 -5
  252. package/src/sequencer/db/schema.ts +0 -19
  253. package/src/sequencer/events.ts +0 -199
  254. package/src/sequencer/index.ts +0 -3
  255. package/src/sequencer/outbox.ts +0 -123
  256. package/src/sequencer/sequencer.ts +0 -290
  257. package/src/util/compression.ts +0 -16
  258. package/src/util/debug.ts +0 -10
  259. package/src/util/http.ts +0 -31
  260. package/src/util/types.ts +0 -7
  261. package/src/well-known.ts +0 -30
  262. package/test.env +0 -2
  263. package/tests/__snapshots__/takedown-appeal.test.ts.snap +0 -43
  264. package/tests/_oauth_client_assets_middleware.ts +0 -23
  265. package/tests/_puppeteer.ts +0 -147
  266. package/tests/_types.d.ts +0 -16
  267. package/tests/_util.ts +0 -191
  268. package/tests/account-deactivation.test.ts +0 -204
  269. package/tests/account-deletion.test.ts +0 -300
  270. package/tests/account-manager.test.ts +0 -462
  271. package/tests/account-migration.test.ts +0 -221
  272. package/tests/account-status.test.ts +0 -206
  273. package/tests/account.test.ts +0 -595
  274. package/tests/app-passwords.test.ts +0 -262
  275. package/tests/auth.test.ts +0 -405
  276. package/tests/blob-deletes.test.ts +0 -204
  277. package/tests/create-post.test.ts +0 -79
  278. package/tests/crud.test.ts +0 -1595
  279. package/tests/db.test.ts +0 -170
  280. package/tests/email-confirmation.test.ts +0 -227
  281. package/tests/entryway-mock.ts +0 -323
  282. package/tests/entryway.test.ts +0 -145
  283. package/tests/file-uploads.test.ts +0 -301
  284. package/tests/get-service-auth.test.ts +0 -81
  285. package/tests/handle-validation.test.ts +0 -56
  286. package/tests/handles.test.ts +0 -274
  287. package/tests/invite-codes.test.ts +0 -367
  288. package/tests/invites-admin.test.ts +0 -252
  289. package/tests/moderation.test.ts +0 -280
  290. package/tests/moderator-auth.test.ts +0 -177
  291. package/tests/oauth.test.ts +0 -334
  292. package/tests/plc-operations.test.ts +0 -239
  293. package/tests/preferences.test.ts +0 -352
  294. package/tests/proxied/__snapshots__/admin.test.ts.snap +0 -516
  295. package/tests/proxied/__snapshots__/feedgen.test.ts.snap +0 -215
  296. package/tests/proxied/__snapshots__/views.test.ts.snap +0 -4456
  297. package/tests/proxied/admin.test.ts +0 -340
  298. package/tests/proxied/feedgen.test.ts +0 -66
  299. package/tests/proxied/notif.test.ts +0 -85
  300. package/tests/proxied/procedures.test.ts +0 -175
  301. package/tests/proxied/proxy-catchall.test.ts +0 -256
  302. package/tests/proxied/proxy-header.test.ts +0 -239
  303. package/tests/proxied/proxy-oauth-aud.test.ts +0 -182
  304. package/tests/proxied/read-after-write.test.ts +0 -382
  305. package/tests/proxied/views.test.ts +0 -608
  306. package/tests/races.test.ts +0 -89
  307. package/tests/rate-limits.test.ts +0 -70
  308. package/tests/recovery.test.ts +0 -180
  309. package/tests/seeds/basic.ts +0 -165
  310. package/tests/seeds/follows.ts +0 -57
  311. package/tests/seeds/likes.ts +0 -14
  312. package/tests/seeds/reposts.ts +0 -18
  313. package/tests/seeds/thread.ts +0 -40
  314. package/tests/seeds/users-bulk.ts +0 -246
  315. package/tests/seeds/users.ts +0 -67
  316. package/tests/sequencer.test.ts +0 -251
  317. package/tests/server.test.ts +0 -151
  318. package/tests/sync/invertible-ops.test.ts +0 -99
  319. package/tests/sync/list.test.ts +0 -43
  320. package/tests/sync/subscribe-repos.test.ts +0 -672
  321. package/tests/sync/sync.test.ts +0 -316
  322. package/tests/takedown-appeal.test.ts +0 -166
  323. package/tsconfig.build.json +0 -9
  324. package/tsconfig.build.tsbuildinfo +0 -1
  325. package/tsconfig.json +0 -7
  326. package/tsconfig.tests.json +0 -8
@@ -1,323 +0,0 @@
1
- import { createPrivateKey } from 'node:crypto'
2
- import * as http from 'node:http'
3
- import * as plcLib from '@did-plc/lib'
4
- import { HttpTerminator, createHttpTerminator } from 'http-terminator'
5
- import * as jose from 'jose'
6
- import KeyEncoderModule from 'key-encoder'
7
- import * as ui8 from 'uint8arrays'
8
- import { AtpAgent } from '@atproto/api'
9
- import { getVerificationMaterial } from '@atproto/common'
10
- import { Secp256k1Keypair, randomStr } from '@atproto/crypto'
11
- import { IdResolver, getDidKeyFromMultibase } from '@atproto/identity'
12
- import { DidString, HandleString } from '@atproto/syntax'
13
- import {
14
- AuthRequiredError,
15
- createServer,
16
- parseReqNsid,
17
- verifyJwt as verifyServiceJwt,
18
- } from '@atproto/xrpc-server'
19
- import {
20
- bearerTokenFromReq,
21
- createPublicKeyObject,
22
- } from '../src/auth-verifier.js'
23
- import { com } from '../src/lexicons/index.js'
24
-
25
- // key-encoder is CJS with exports.default; Node ESM interop wraps it as { default: Class }
26
- const KeyEncoder = ((m) => m.default ?? m)(KeyEncoderModule)
27
-
28
- interface Account {
29
- did: DidString
30
- handle: HandleString
31
- email?: string
32
- }
33
-
34
- interface MockEntrywayOpts {
35
- port: number
36
- serviceDid: string
37
- plcUrl: string
38
- pdsUrl: string
39
- pdsDid: string
40
- adminPassword: string
41
- jwtSigningKey: Secp256k1Keypair
42
- plcRotationKey: Secp256k1Keypair
43
- }
44
-
45
- type AccessAuthResult = { credentials: { did: string; type: 'access' } }
46
- type ServiceAuthResult = { credentials: { did: string; type: 'service' } }
47
-
48
- export class MockEntryway {
49
- public url: string
50
- public serviceDid: string
51
- public plcRotationKey: Secp256k1Keypair
52
- public idResolver: IdResolver
53
-
54
- private server: http.Server
55
- private terminator: HttpTerminator
56
- private accounts = new Map<string, Account>()
57
-
58
- private constructor(
59
- server: http.Server,
60
- terminator: HttpTerminator,
61
- idResolver: IdResolver,
62
- opts: MockEntrywayOpts,
63
- ) {
64
- this.server = server
65
- this.terminator = terminator
66
- this.url = `http://localhost:${opts.port}`
67
- this.serviceDid = opts.serviceDid
68
- this.plcRotationKey = opts.plcRotationKey
69
- this.idResolver = idResolver
70
- }
71
-
72
- static async create(opts: MockEntrywayOpts): Promise<MockEntryway> {
73
- const keyEncoder = new KeyEncoder('secp256k1')
74
- const privateKeyHex = ui8.toString(await opts.jwtSigningKey.export(), 'hex')
75
- const privatePem = keyEncoder.encodePrivate(privateKeyHex, 'raw', 'pem')
76
- const jwtPrivateKey = createPrivateKey({ format: 'pem', key: privatePem })
77
- const jwtPublicKey = createPublicKeyObject(
78
- opts.jwtSigningKey.publicKeyStr('hex'),
79
- )
80
-
81
- const plcClient = new plcLib.Client(opts.plcUrl)
82
- const pdsAgent = new AtpAgent({ service: opts.pdsUrl })
83
- const idResolver = new IdResolver({ plcUrl: opts.plcUrl })
84
-
85
- const accounts = new Map<string, Account>()
86
-
87
- const getSigningKey = async (
88
- iss: string,
89
- forceRefresh: boolean,
90
- ): Promise<string> => {
91
- const [did, serviceId] = iss.split('#')
92
- if (serviceId) {
93
- throw new AuthRequiredError('no service id expected in iss claim')
94
- }
95
- const didDoc = await idResolver.did.resolve(did, forceRefresh)
96
- if (!didDoc) {
97
- throw new AuthRequiredError(`could not resolve did: ${did}`)
98
- }
99
- const parsedKey = getVerificationMaterial(didDoc, 'atproto')
100
- if (!parsedKey) {
101
- throw new AuthRequiredError('missing or bad key in did doc')
102
- }
103
- const didKey = getDidKeyFromMultibase(parsedKey)
104
- if (!didKey) {
105
- throw new AuthRequiredError('missing or bad key in did doc')
106
- }
107
- return didKey
108
- }
109
-
110
- const bearerToken = (req: http.IncomingMessage): string => {
111
- const token = bearerTokenFromReq(req)
112
- if (!token) {
113
- throw new AuthRequiredError('missing bearer token')
114
- }
115
- return token
116
- }
117
-
118
- // Auth: verify user access token (typ: 'at+jwt') signed by entryway
119
- const accessAuth = async ({
120
- req,
121
- }: {
122
- req: http.IncomingMessage
123
- }): Promise<AccessAuthResult> => {
124
- try {
125
- const token = bearerToken(req)
126
- const { protectedHeader, payload } = await jose.jwtVerify(
127
- token,
128
- jwtPublicKey,
129
- )
130
- if (protectedHeader.typ !== 'at+jwt') {
131
- throw new AuthRequiredError('expected typ: at+jwt')
132
- }
133
- if (!payload.sub) {
134
- throw new AuthRequiredError('missing sub in token')
135
- }
136
- return { credentials: { did: payload.sub, type: 'access' } }
137
- } catch (err) {
138
- console.log(err)
139
- throw err
140
- }
141
- }
142
-
143
- // Auth: verify service auth token from PDS (no typ / typ !== 'at+jwt')
144
- const serviceAuth = async ({
145
- req,
146
- }: {
147
- req: http.IncomingMessage
148
- }): Promise<ServiceAuthResult> => {
149
- try {
150
- const token = bearerToken(req)
151
- const { typ } = jose.decodeProtectedHeader(token)
152
- if (typ === 'at+jwt') {
153
- throw new AuthRequiredError(
154
- 'expected service auth: typ must not be at+jwt',
155
- )
156
- }
157
- const nsid = parseReqNsid(req)
158
- const payload = await verifyServiceJwt(
159
- token,
160
- opts.serviceDid,
161
- nsid,
162
- getSigningKey,
163
- )
164
- return { credentials: { did: payload.iss, type: 'service' } }
165
- } catch (err) {
166
- console.log(err)
167
- throw err
168
- }
169
- }
170
-
171
- // Auth: accept either access token or service auth
172
- const accessOrServiceAuth = async ({
173
- req,
174
- }: {
175
- req: http.IncomingMessage
176
- }): Promise<AccessAuthResult | ServiceAuthResult> => {
177
- const token = bearerToken(req)
178
- const { typ } = jose.decodeProtectedHeader(token)
179
- if (typ === 'at+jwt') {
180
- return accessAuth({ req })
181
- }
182
- return serviceAuth({ req })
183
- }
184
-
185
- const server = createServer()
186
-
187
- server.add(com.atproto.server.createAccount, {
188
- handler: async ({ input }) => {
189
- const { email, handle } = input.body
190
-
191
- // Reserve a signing key on the PDS
192
- const {
193
- data: { signingKey },
194
- } = await pdsAgent.com.atproto.server.reserveSigningKey({})
195
-
196
- // Create PLC operation
197
- const plcCreate = await plcLib.createOp({
198
- signingKey,
199
- rotationKeys: [opts.plcRotationKey.did()],
200
- handle,
201
- pds: opts.pdsUrl,
202
- signer: opts.plcRotationKey,
203
- })
204
-
205
- // Create account on PDS (no auth needed — userServiceAuthOptional)
206
- await pdsAgent.com.atproto.server.createAccount({
207
- did: plcCreate.did,
208
- handle,
209
- plcOp: plcCreate.op,
210
- })
211
-
212
- // Store account in memory
213
- accounts.set(plcCreate.did, {
214
- did: plcCreate.did as DidString,
215
- handle,
216
- email,
217
- })
218
-
219
- // Sign access + refresh JWTs
220
- const now = Math.floor(Date.now() / 1000)
221
- const accessJwt = await new jose.SignJWT({
222
- scope: 'com.atproto.access',
223
- })
224
- .setProtectedHeader({ alg: 'ES256K', typ: 'at+jwt' })
225
- .setSubject(plcCreate.did)
226
- .setAudience(opts.pdsDid)
227
- .setIssuedAt(now)
228
- .setExpirationTime(now + 60 * 60)
229
- .setJti(randomStr(16, 'base32'))
230
- .sign(jwtPrivateKey)
231
-
232
- const refreshJwt = await new jose.SignJWT({
233
- scope: 'com.atproto.refresh',
234
- })
235
- .setProtectedHeader({ alg: 'ES256K', typ: 'at+jwt' })
236
- .setSubject(plcCreate.did)
237
- .setAudience(opts.pdsDid)
238
- .setIssuedAt(now)
239
- .setExpirationTime(now + 90 * 24 * 60 * 60)
240
- .setJti(randomStr(16, 'base32'))
241
- .sign(jwtPrivateKey)
242
-
243
- return {
244
- encoding: 'application/json' as const,
245
- body: {
246
- did: plcCreate.did as DidString,
247
- handle,
248
- accessJwt,
249
- refreshJwt,
250
- },
251
- }
252
- },
253
- })
254
-
255
- server.add(com.atproto.server.getSession, {
256
- auth: accessOrServiceAuth,
257
- handler: async ({ auth }) => {
258
- const account = accounts.get(auth.credentials.did)
259
- if (!account) {
260
- throw new Error(
261
- `Could not find account for DID: ${auth.credentials.did}`,
262
- )
263
- }
264
- return {
265
- encoding: 'application/json' as const,
266
- body: {
267
- did: account.did,
268
- handle: account.handle,
269
- email: account.email,
270
- emailConfirmed: false,
271
- },
272
- }
273
- },
274
- })
275
-
276
- server.add(com.atproto.identity.updateHandle, {
277
- auth: serviceAuth,
278
- handler: async ({ auth, input }) => {
279
- // The PDS sends { did, handle } where did is the target user
280
- const body = input.body as typeof input.body & { did?: string }
281
- const targetDid = body.did || auth.credentials.did
282
- const newHandle = body.handle
283
-
284
- // Update handle in PLC
285
- await plcClient.updateHandle(targetDid, opts.plcRotationKey, newHandle)
286
-
287
- // Update in-memory account
288
- const account = accounts.get(targetDid)
289
- if (account) {
290
- account.handle = newHandle
291
- }
292
-
293
- // Notify PDS via admin endpoint
294
- const adminAuth = Buffer.from(`admin:${opts.adminPassword}`).toString(
295
- 'base64',
296
- )
297
- await pdsAgent.com.atproto.admin.updateAccountHandle(
298
- { did: targetDid, handle: newHandle },
299
- {
300
- headers: { authorization: `Basic ${adminAuth}` },
301
- encoding: 'application/json',
302
- },
303
- )
304
- },
305
- })
306
-
307
- const httpServer = server.listen(opts.port)
308
- const terminator = createHttpTerminator({ server: httpServer })
309
-
310
- const instance = new MockEntryway(httpServer, terminator, idResolver, opts)
311
- instance.accounts = accounts
312
-
313
- return instance
314
- }
315
-
316
- getAccount(did: string): Account | undefined {
317
- return this.accounts.get(did)
318
- }
319
-
320
- async destroy(): Promise<void> {
321
- await this.terminator.terminate()
322
- }
323
- }
@@ -1,145 +0,0 @@
1
- import assert from 'node:assert'
2
- import * as plcLib from '@did-plc/lib'
3
- import getPort from 'get-port'
4
- import { AtpAgent } from '@atproto/api'
5
- import { Secp256k1Keypair } from '@atproto/crypto'
6
- import { SeedClient, TestPds, TestPlc, mockResolvers } from '@atproto/dev-env'
7
- import { isDidString } from '@atproto/lex'
8
- import { DidString } from '@atproto/syntax'
9
- import { MockEntryway } from './entryway-mock.js'
10
-
11
- describe('entryway', () => {
12
- let plc: TestPlc
13
- let pds: TestPds
14
- let entryway: MockEntryway
15
- let pdsAgent: AtpAgent
16
- let entrywayAgent: AtpAgent
17
- let alice: DidString
18
- let accessToken: string
19
-
20
- beforeAll(async () => {
21
- const jwtSigningKey = await Secp256k1Keypair.create({ exportable: true })
22
- const plcRotationKey = await Secp256k1Keypair.create({ exportable: true })
23
- const entrywayPort = await getPort()
24
- plc = await TestPlc.create({})
25
- pds = await TestPds.create({
26
- entrywayUrl: `http://localhost:${entrywayPort}`,
27
- entrywayDid: 'did:example:entryway',
28
- entrywayJwtVerifyKeyK256PublicKeyHex: jwtSigningKey.publicKeyStr('hex'),
29
- entrywayPlcRotationKey: plcRotationKey.did(),
30
- adminPassword: 'admin-pass',
31
- serviceHandleDomains: [],
32
- didPlcUrl: plc.url,
33
- serviceDid: 'did:example:pds',
34
- inviteRequired: false,
35
- })
36
- entryway = await MockEntryway.create({
37
- port: entrywayPort,
38
- serviceDid: 'did:example:entryway',
39
- plcUrl: plc.url,
40
- pdsUrl: pds.url,
41
- pdsDid: 'did:example:pds',
42
- adminPassword: 'admin-pass',
43
- jwtSigningKey,
44
- plcRotationKey,
45
- })
46
- mockResolvers(pds.ctx.idResolver, pds)
47
- mockResolvers(entryway.idResolver, pds)
48
- pdsAgent = pds.getAgent()
49
- entrywayAgent = new AtpAgent({
50
- service: entryway.url,
51
- })
52
- })
53
-
54
- afterAll(async () => {
55
- await plc.close()
56
- await entryway.destroy()
57
- await pds.close()
58
- })
59
-
60
- it('creates account.', async () => {
61
- const res = await entrywayAgent.api.com.atproto.server.createAccount({
62
- email: 'alice@test.com',
63
- handle: 'alice.test',
64
- password: 'test123',
65
- })
66
-
67
- assert(isDidString(res.data.did), 'Account DID is not a valid DidString')
68
-
69
- alice = res.data.did
70
- accessToken = res.data.accessJwt
71
-
72
- const account = await pds.ctx.accountManager.getAccount(alice)
73
- expect(account?.did).toEqual(alice)
74
- expect(account?.handle).toEqual('alice.test')
75
- })
76
-
77
- it('auths with both services.', async () => {
78
- const entrywaySession =
79
- await entrywayAgent.api.com.atproto.server.getSession(undefined, {
80
- headers: SeedClient.getHeaders(accessToken),
81
- })
82
- const pdsSession = await pdsAgent.api.com.atproto.server.getSession(
83
- undefined,
84
- { headers: SeedClient.getHeaders(accessToken) },
85
- )
86
- expect(entrywaySession.data).toEqual(pdsSession.data)
87
- })
88
-
89
- it('updates handle from pds.', async () => {
90
- await pdsAgent.api.com.atproto.identity.updateHandle(
91
- { handle: 'alice2.test' },
92
- {
93
- headers: SeedClient.getHeaders(accessToken),
94
- encoding: 'application/json',
95
- },
96
- )
97
- const doc = await pds.ctx.idResolver.did.resolve(alice)
98
- const handleToDid = await pds.ctx.idResolver.handle.resolve('alice2.test')
99
- const accountFromPds = await pds.ctx.accountManager.getAccount(alice)
100
- const accountFromEntryway = entryway.getAccount(alice)
101
- expect(doc?.alsoKnownAs).toEqual(['at://alice2.test'])
102
- expect(handleToDid).toEqual(alice)
103
- expect(accountFromPds?.handle).toEqual('alice2.test')
104
- expect(accountFromEntryway?.handle).toEqual('alice2.test')
105
- })
106
-
107
- it('updates handle from entryway.', async () => {
108
- await entrywayAgent.api.com.atproto.identity.updateHandle(
109
- { handle: 'alice3.test' },
110
- await pds.ctx.serviceAuthHeaders(
111
- alice,
112
- 'did:example:entryway',
113
- 'com.atproto.identity.updateHandle',
114
- ),
115
- )
116
- const doc = await entryway.idResolver.did.resolve(alice)
117
- const handleToDid = await entryway.idResolver.handle.resolve('alice3.test')
118
- const accountFromPds = await pds.ctx.accountManager.getAccount(alice)
119
- const accountFromEntryway = entryway.getAccount(alice)
120
- expect(doc?.alsoKnownAs).toEqual(['at://alice3.test'])
121
- expect(handleToDid).toEqual(alice)
122
- expect(accountFromPds?.handle).toEqual('alice3.test')
123
- expect(accountFromEntryway?.handle).toEqual('alice3.test')
124
- })
125
-
126
- it('does not allow bringing own op to account creation.', async () => {
127
- const {
128
- data: { signingKey },
129
- } = await pdsAgent.api.com.atproto.server.reserveSigningKey({})
130
- const rotationKey = await Secp256k1Keypair.create()
131
- const plcCreate = await plcLib.createOp({
132
- signingKey,
133
- rotationKeys: [rotationKey.did(), entryway.plcRotationKey.did()],
134
- handle: 'weirdalice.test',
135
- pds: pds.ctx.cfg.service.publicUrl,
136
- signer: rotationKey,
137
- })
138
- const tryCreateAccount = pdsAgent.api.com.atproto.server.createAccount({
139
- did: plcCreate.did,
140
- plcOp: plcCreate.op,
141
- handle: 'weirdalice.test',
142
- })
143
- await expect(tryCreateAccount).rejects.toThrow('invalid plc operation')
144
- })
145
- })