@atproto/pds 0.5.12 → 0.5.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (326) hide show
  1. package/CHANGELOG.md +53 -0
  2. package/dist/api/app/bsky/notification/index.d.ts.map +1 -1
  3. package/dist/api/app/bsky/notification/index.js +2 -0
  4. package/dist/api/app/bsky/notification/index.js.map +1 -1
  5. package/dist/api/app/bsky/notification/unregisterPush.d.ts +4 -0
  6. package/dist/api/app/bsky/notification/unregisterPush.d.ts.map +1 -0
  7. package/dist/api/app/bsky/notification/unregisterPush.js +48 -0
  8. package/dist/api/app/bsky/notification/unregisterPush.js.map +1 -0
  9. package/dist/lexicons/app/bsky/actor/defs.defs.d.ts +6 -0
  10. package/dist/lexicons/app/bsky/actor/defs.defs.d.ts.map +1 -1
  11. package/dist/lexicons/app/bsky/actor/defs.defs.js +1 -0
  12. package/dist/lexicons/app/bsky/actor/defs.defs.js.map +1 -1
  13. package/package.json +42 -38
  14. package/build.templates.cjs +0 -22
  15. package/example.env +0 -42
  16. package/jest.config.cjs +0 -27
  17. package/src/account-manager/account-manager.ts +0 -916
  18. package/src/account-manager/db/index.ts +0 -21
  19. package/src/account-manager/db/migrations/001-init.ts +0 -115
  20. package/src/account-manager/db/migrations/002-account-deactivation.ts +0 -17
  21. package/src/account-manager/db/migrations/003-privileged-app-passwords.ts +0 -12
  22. package/src/account-manager/db/migrations/004-oauth.ts +0 -122
  23. package/src/account-manager/db/migrations/005-oauth-account-management.ts +0 -136
  24. package/src/account-manager/db/migrations/006-oauth-permission-sets.ts +0 -20
  25. package/src/account-manager/db/migrations/007-lexicon-failures-index.ts +0 -14
  26. package/src/account-manager/db/migrations/index.ts +0 -17
  27. package/src/account-manager/db/schema/account-device.ts +0 -14
  28. package/src/account-manager/db/schema/account.ts +0 -16
  29. package/src/account-manager/db/schema/actor.ts +0 -17
  30. package/src/account-manager/db/schema/app-password.ts +0 -13
  31. package/src/account-manager/db/schema/authorization-request.ts +0 -30
  32. package/src/account-manager/db/schema/authorized-client.ts +0 -23
  33. package/src/account-manager/db/schema/device.ts +0 -18
  34. package/src/account-manager/db/schema/email-token.ts +0 -19
  35. package/src/account-manager/db/schema/index.ts +0 -43
  36. package/src/account-manager/db/schema/invite-code.ts +0 -24
  37. package/src/account-manager/db/schema/lexicon.ts +0 -15
  38. package/src/account-manager/db/schema/refresh-token.ts +0 -11
  39. package/src/account-manager/db/schema/repo-root.ts +0 -12
  40. package/src/account-manager/db/schema/token.ts +0 -38
  41. package/src/account-manager/db/schema/used-refresh-token.ts +0 -13
  42. package/src/account-manager/helpers/account-device.ts +0 -63
  43. package/src/account-manager/helpers/account.ts +0 -355
  44. package/src/account-manager/helpers/auth.ts +0 -222
  45. package/src/account-manager/helpers/authorization-request.ts +0 -90
  46. package/src/account-manager/helpers/authorized-client.ts +0 -75
  47. package/src/account-manager/helpers/device.ts +0 -47
  48. package/src/account-manager/helpers/email-token.ts +0 -87
  49. package/src/account-manager/helpers/invite.ts +0 -263
  50. package/src/account-manager/helpers/lexicon.ts +0 -67
  51. package/src/account-manager/helpers/password.ts +0 -136
  52. package/src/account-manager/helpers/repo.ts +0 -24
  53. package/src/account-manager/helpers/scrypt.ts +0 -53
  54. package/src/account-manager/helpers/token.ts +0 -158
  55. package/src/account-manager/helpers/used-refresh-token.ts +0 -30
  56. package/src/account-manager/oauth-store.ts +0 -880
  57. package/src/account-manager/scope-reference-getter.ts +0 -106
  58. package/src/actor-store/actor-store-reader.ts +0 -45
  59. package/src/actor-store/actor-store-resources.ts +0 -8
  60. package/src/actor-store/actor-store-transactor.ts +0 -31
  61. package/src/actor-store/actor-store-writer.ts +0 -17
  62. package/src/actor-store/actor-store.ts +0 -210
  63. package/src/actor-store/blob/reader.ts +0 -160
  64. package/src/actor-store/blob/transactor.ts +0 -383
  65. package/src/actor-store/db/index.ts +0 -20
  66. package/src/actor-store/db/migrations/001-init.ts +0 -105
  67. package/src/actor-store/db/migrations/index.ts +0 -5
  68. package/src/actor-store/db/schema/account-pref.ts +0 -11
  69. package/src/actor-store/db/schema/backlink.ts +0 -9
  70. package/src/actor-store/db/schema/blob.ts +0 -14
  71. package/src/actor-store/db/schema/index.ts +0 -23
  72. package/src/actor-store/db/schema/record-blob.ts +0 -8
  73. package/src/actor-store/db/schema/record.ts +0 -14
  74. package/src/actor-store/db/schema/repo-block.ts +0 -10
  75. package/src/actor-store/db/schema/repo-root.ts +0 -10
  76. package/src/actor-store/migrate.ts +0 -39
  77. package/src/actor-store/preference/reader.ts +0 -48
  78. package/src/actor-store/preference/transactor.ts +0 -55
  79. package/src/actor-store/preference/util.ts +0 -39
  80. package/src/actor-store/record/reader.ts +0 -374
  81. package/src/actor-store/record/transactor.ts +0 -111
  82. package/src/actor-store/repo/reader.ts +0 -31
  83. package/src/actor-store/repo/sql-repo-reader.ts +0 -150
  84. package/src/actor-store/repo/sql-repo-transactor.ts +0 -105
  85. package/src/actor-store/repo/transactor.ts +0 -227
  86. package/src/api/app/bsky/actor/getPreferences.ts +0 -57
  87. package/src/api/app/bsky/actor/getProfile.ts +0 -41
  88. package/src/api/app/bsky/actor/getProfiles.ts +0 -51
  89. package/src/api/app/bsky/actor/index.ts +0 -13
  90. package/src/api/app/bsky/actor/putPreferences.ts +0 -62
  91. package/src/api/app/bsky/feed/getActorLikes.ts +0 -63
  92. package/src/api/app/bsky/feed/getAuthorFeed.ts +0 -84
  93. package/src/api/app/bsky/feed/getFeed.ts +0 -47
  94. package/src/api/app/bsky/feed/getPostThread.ts +0 -251
  95. package/src/api/app/bsky/feed/getTimeline.ts +0 -50
  96. package/src/api/app/bsky/feed/index.ts +0 -15
  97. package/src/api/app/bsky/index.ts +0 -11
  98. package/src/api/app/bsky/notification/index.ts +0 -7
  99. package/src/api/app/bsky/notification/registerPush.ts +0 -71
  100. package/src/api/app/bsky/util/resolver.ts +0 -20
  101. package/src/api/com/atproto/admin/deleteAccount.ts +0 -22
  102. package/src/api/com/atproto/admin/disableAccountInvites.ts +0 -18
  103. package/src/api/com/atproto/admin/disableInviteCodes.ts +0 -21
  104. package/src/api/com/atproto/admin/enableAccountInvites.ts +0 -18
  105. package/src/api/com/atproto/admin/getAccountInfo.ts +0 -32
  106. package/src/api/com/atproto/admin/getAccountInfos.ts +0 -34
  107. package/src/api/com/atproto/admin/getInviteCodes.ts +0 -126
  108. package/src/api/com/atproto/admin/getSubjectStatus.ts +0 -76
  109. package/src/api/com/atproto/admin/index.ts +0 -31
  110. package/src/api/com/atproto/admin/sendEmail.ts +0 -47
  111. package/src/api/com/atproto/admin/updateAccountEmail.ts +0 -32
  112. package/src/api/com/atproto/admin/updateAccountHandle.ts +0 -47
  113. package/src/api/com/atproto/admin/updateAccountPassword.ts +0 -34
  114. package/src/api/com/atproto/admin/updateSubjectStatus.ts +0 -68
  115. package/src/api/com/atproto/admin/util.ts +0 -66
  116. package/src/api/com/atproto/identity/getRecommendedDidCredentials.ts +0 -50
  117. package/src/api/com/atproto/identity/index.ts +0 -17
  118. package/src/api/com/atproto/identity/requestPlcOperationSignature.ts +0 -59
  119. package/src/api/com/atproto/identity/resolveHandle.ts +0 -50
  120. package/src/api/com/atproto/identity/signPlcOperation.ts +0 -85
  121. package/src/api/com/atproto/identity/submitPlcOperation.ts +0 -65
  122. package/src/api/com/atproto/identity/updateHandle.ts +0 -66
  123. package/src/api/com/atproto/index.ts +0 -19
  124. package/src/api/com/atproto/moderation/createReport.ts +0 -41
  125. package/src/api/com/atproto/moderation/index.ts +0 -7
  126. package/src/api/com/atproto/repo/applyWrites.ts +0 -226
  127. package/src/api/com/atproto/repo/createRecord.ts +0 -143
  128. package/src/api/com/atproto/repo/deleteRecord.ts +0 -122
  129. package/src/api/com/atproto/repo/describeRepo.ts +0 -43
  130. package/src/api/com/atproto/repo/getRecord.ts +0 -40
  131. package/src/api/com/atproto/repo/importRepo.ts +0 -101
  132. package/src/api/com/atproto/repo/index.ts +0 -25
  133. package/src/api/com/atproto/repo/listMissingBlobs.ts +0 -29
  134. package/src/api/com/atproto/repo/listRecords.ts +0 -36
  135. package/src/api/com/atproto/repo/putRecord.ts +0 -211
  136. package/src/api/com/atproto/repo/uploadBlob.ts +0 -60
  137. package/src/api/com/atproto/server/activateAccount.ts +0 -37
  138. package/src/api/com/atproto/server/checkAccountStatus.ts +0 -51
  139. package/src/api/com/atproto/server/confirmEmail.ts +0 -39
  140. package/src/api/com/atproto/server/createAccount.ts +0 -327
  141. package/src/api/com/atproto/server/createAppPassword.ts +0 -53
  142. package/src/api/com/atproto/server/createInviteCode.ts +0 -38
  143. package/src/api/com/atproto/server/createInviteCodes.ts +0 -42
  144. package/src/api/com/atproto/server/createSession.ts +0 -97
  145. package/src/api/com/atproto/server/deactivateAccount.ts +0 -41
  146. package/src/api/com/atproto/server/deleteAccount.ts +0 -85
  147. package/src/api/com/atproto/server/deleteSession.ts +0 -23
  148. package/src/api/com/atproto/server/describeServer.ts +0 -29
  149. package/src/api/com/atproto/server/getAccountInviteCodes.ts +0 -142
  150. package/src/api/com/atproto/server/getServiceAuth.ts +0 -111
  151. package/src/api/com/atproto/server/getSession.ts +0 -80
  152. package/src/api/com/atproto/server/index.ts +0 -55
  153. package/src/api/com/atproto/server/listAppPasswords.ts +0 -45
  154. package/src/api/com/atproto/server/refreshSession.ts +0 -72
  155. package/src/api/com/atproto/server/requestAccountDelete.ts +0 -66
  156. package/src/api/com/atproto/server/requestEmailConfirmation.ts +0 -68
  157. package/src/api/com/atproto/server/requestEmailUpdate.ts +0 -86
  158. package/src/api/com/atproto/server/requestPasswordReset.ts +0 -52
  159. package/src/api/com/atproto/server/reserveSigningKey.ts +0 -15
  160. package/src/api/com/atproto/server/resetPassword.ts +0 -50
  161. package/src/api/com/atproto/server/revokeAppPassword.ts +0 -42
  162. package/src/api/com/atproto/server/updateEmail.ts +0 -52
  163. package/src/api/com/atproto/server/util.ts +0 -136
  164. package/src/api/com/atproto/sync/deprecated/getCheckout.ts +0 -27
  165. package/src/api/com/atproto/sync/deprecated/getHead.ts +0 -33
  166. package/src/api/com/atproto/sync/getBlob.ts +0 -61
  167. package/src/api/com/atproto/sync/getBlocks.ts +0 -37
  168. package/src/api/com/atproto/sync/getLatestCommit.ts +0 -33
  169. package/src/api/com/atproto/sync/getRecord.ts +0 -49
  170. package/src/api/com/atproto/sync/getRepo.ts +0 -75
  171. package/src/api/com/atproto/sync/getRepoStatus.ts +0 -34
  172. package/src/api/com/atproto/sync/index.ts +0 -27
  173. package/src/api/com/atproto/sync/listBlobs.ts +0 -33
  174. package/src/api/com/atproto/sync/listRepos.ts +0 -74
  175. package/src/api/com/atproto/sync/subscribeRepos.ts +0 -73
  176. package/src/api/com/atproto/sync/util.ts +0 -37
  177. package/src/api/com/atproto/temp/checkSignupQueue.ts +0 -34
  178. package/src/api/com/atproto/temp/index.ts +0 -7
  179. package/src/api/index.ts +0 -10
  180. package/src/api/proxy.ts +0 -44
  181. package/src/app-view.ts +0 -24
  182. package/src/auth-output.ts +0 -52
  183. package/src/auth-routes.ts +0 -64
  184. package/src/auth-scope.ts +0 -40
  185. package/src/auth-verifier.ts +0 -668
  186. package/src/background.ts +0 -65
  187. package/src/basic-routes.ts +0 -52
  188. package/src/bsky-app-view.ts +0 -33
  189. package/src/config/config.ts +0 -553
  190. package/src/config/env.ts +0 -167
  191. package/src/config/index.ts +0 -3
  192. package/src/config/secrets.ts +0 -54
  193. package/src/context.ts +0 -523
  194. package/src/crawlers.ts +0 -46
  195. package/src/db/cast.ts +0 -52
  196. package/src/db/db.ts +0 -140
  197. package/src/db/index.ts +0 -4
  198. package/src/db/migrator.ts +0 -40
  199. package/src/db/pagination.ts +0 -132
  200. package/src/db/tables/moderation.ts +0 -80
  201. package/src/db/util.ts +0 -108
  202. package/src/did-cache/db/index.ts +0 -21
  203. package/src/did-cache/db/migrations.ts +0 -17
  204. package/src/did-cache/db/schema.ts +0 -9
  205. package/src/did-cache/index.ts +0 -131
  206. package/src/disk-blobstore.ts +0 -172
  207. package/src/error.ts +0 -19
  208. package/src/handle/explicit-slurs.ts +0 -22
  209. package/src/handle/index.ts +0 -49
  210. package/src/handle/reserved.ts +0 -1059
  211. package/src/image/image-url-builder.ts +0 -16
  212. package/src/index.ts +0 -189
  213. package/src/lexicons.ts +0 -4
  214. package/src/logger.ts +0 -35
  215. package/src/mailer/index.ts +0 -111
  216. package/src/mailer/moderation.ts +0 -33
  217. package/src/mailer/templates/confirm-email.d.ts +0 -4
  218. package/src/mailer/templates/confirm-email.hbs +0 -158
  219. package/src/mailer/templates/delete-account.d.ts +0 -4
  220. package/src/mailer/templates/delete-account.hbs +0 -156
  221. package/src/mailer/templates/plc-operation.d.ts +0 -4
  222. package/src/mailer/templates/plc-operation.hbs +0 -153
  223. package/src/mailer/templates/reset-password.d.ts +0 -4
  224. package/src/mailer/templates/reset-password.hbs +0 -154
  225. package/src/mailer/templates/update-email.d.ts +0 -4
  226. package/src/mailer/templates/update-email.hbs +0 -153
  227. package/src/mailer/templates.ts +0 -17
  228. package/src/pipethrough.ts +0 -716
  229. package/src/rate-limits.ts +0 -59
  230. package/src/read-after-write/index.ts +0 -3
  231. package/src/read-after-write/types.ts +0 -35
  232. package/src/read-after-write/util.ts +0 -101
  233. package/src/read-after-write/viewer.ts +0 -290
  234. package/src/redis.ts +0 -25
  235. package/src/repo/index.ts +0 -2
  236. package/src/repo/prepare.ts +0 -266
  237. package/src/repo/types.ts +0 -65
  238. package/src/scripts/README.md +0 -40
  239. package/src/scripts/index.ts +0 -20
  240. package/src/scripts/publish-identity.ts +0 -60
  241. package/src/scripts/rebuild-repo.ts +0 -119
  242. package/src/scripts/rotate-keys.ts +0 -146
  243. package/src/scripts/sequencer-recovery/index.ts +0 -23
  244. package/src/scripts/sequencer-recovery/recoverer.ts +0 -297
  245. package/src/scripts/sequencer-recovery/recovery-db.ts +0 -65
  246. package/src/scripts/sequencer-recovery/repair-repos.ts +0 -49
  247. package/src/scripts/sequencer-recovery/user-queues.ts +0 -44
  248. package/src/scripts/util.ts +0 -7
  249. package/src/sequencer/db/index.ts +0 -21
  250. package/src/sequencer/db/migrations/001-init.ts +0 -35
  251. package/src/sequencer/db/migrations/index.ts +0 -5
  252. package/src/sequencer/db/schema.ts +0 -19
  253. package/src/sequencer/events.ts +0 -199
  254. package/src/sequencer/index.ts +0 -3
  255. package/src/sequencer/outbox.ts +0 -123
  256. package/src/sequencer/sequencer.ts +0 -290
  257. package/src/util/compression.ts +0 -16
  258. package/src/util/debug.ts +0 -10
  259. package/src/util/http.ts +0 -31
  260. package/src/util/types.ts +0 -7
  261. package/src/well-known.ts +0 -30
  262. package/test.env +0 -2
  263. package/tests/__snapshots__/takedown-appeal.test.ts.snap +0 -43
  264. package/tests/_oauth_client_assets_middleware.ts +0 -23
  265. package/tests/_puppeteer.ts +0 -147
  266. package/tests/_types.d.ts +0 -16
  267. package/tests/_util.ts +0 -191
  268. package/tests/account-deactivation.test.ts +0 -204
  269. package/tests/account-deletion.test.ts +0 -300
  270. package/tests/account-manager.test.ts +0 -462
  271. package/tests/account-migration.test.ts +0 -221
  272. package/tests/account-status.test.ts +0 -206
  273. package/tests/account.test.ts +0 -595
  274. package/tests/app-passwords.test.ts +0 -262
  275. package/tests/auth.test.ts +0 -405
  276. package/tests/blob-deletes.test.ts +0 -204
  277. package/tests/create-post.test.ts +0 -79
  278. package/tests/crud.test.ts +0 -1595
  279. package/tests/db.test.ts +0 -170
  280. package/tests/email-confirmation.test.ts +0 -227
  281. package/tests/entryway-mock.ts +0 -323
  282. package/tests/entryway.test.ts +0 -145
  283. package/tests/file-uploads.test.ts +0 -301
  284. package/tests/get-service-auth.test.ts +0 -81
  285. package/tests/handle-validation.test.ts +0 -56
  286. package/tests/handles.test.ts +0 -274
  287. package/tests/invite-codes.test.ts +0 -367
  288. package/tests/invites-admin.test.ts +0 -252
  289. package/tests/moderation.test.ts +0 -280
  290. package/tests/moderator-auth.test.ts +0 -177
  291. package/tests/oauth.test.ts +0 -334
  292. package/tests/plc-operations.test.ts +0 -239
  293. package/tests/preferences.test.ts +0 -352
  294. package/tests/proxied/__snapshots__/admin.test.ts.snap +0 -516
  295. package/tests/proxied/__snapshots__/feedgen.test.ts.snap +0 -215
  296. package/tests/proxied/__snapshots__/views.test.ts.snap +0 -4456
  297. package/tests/proxied/admin.test.ts +0 -340
  298. package/tests/proxied/feedgen.test.ts +0 -66
  299. package/tests/proxied/notif.test.ts +0 -85
  300. package/tests/proxied/procedures.test.ts +0 -175
  301. package/tests/proxied/proxy-catchall.test.ts +0 -256
  302. package/tests/proxied/proxy-header.test.ts +0 -239
  303. package/tests/proxied/proxy-oauth-aud.test.ts +0 -182
  304. package/tests/proxied/read-after-write.test.ts +0 -382
  305. package/tests/proxied/views.test.ts +0 -608
  306. package/tests/races.test.ts +0 -89
  307. package/tests/rate-limits.test.ts +0 -70
  308. package/tests/recovery.test.ts +0 -180
  309. package/tests/seeds/basic.ts +0 -165
  310. package/tests/seeds/follows.ts +0 -57
  311. package/tests/seeds/likes.ts +0 -14
  312. package/tests/seeds/reposts.ts +0 -18
  313. package/tests/seeds/thread.ts +0 -40
  314. package/tests/seeds/users-bulk.ts +0 -246
  315. package/tests/seeds/users.ts +0 -67
  316. package/tests/sequencer.test.ts +0 -251
  317. package/tests/server.test.ts +0 -151
  318. package/tests/sync/invertible-ops.test.ts +0 -99
  319. package/tests/sync/list.test.ts +0 -43
  320. package/tests/sync/subscribe-repos.test.ts +0 -672
  321. package/tests/sync/sync.test.ts +0 -316
  322. package/tests/takedown-appeal.test.ts +0 -166
  323. package/tsconfig.build.json +0 -9
  324. package/tsconfig.build.tsbuildinfo +0 -1
  325. package/tsconfig.json +0 -7
  326. package/tsconfig.tests.json +0 -8
@@ -1,252 +0,0 @@
1
- import { AtpAgent } from '@atproto/api'
2
- import { randomStr } from '@atproto/crypto'
3
- import { SeedClient, TestNetworkNoAppView } from '@atproto/dev-env'
4
- import type { DidString } from '@atproto/syntax'
5
-
6
- describe('pds admin invite views', () => {
7
- let network: TestNetworkNoAppView
8
- let agent: AtpAgent
9
- let sc: SeedClient
10
-
11
- beforeAll(async () => {
12
- network = await TestNetworkNoAppView.create({
13
- dbPostgresSchema: 'views_admin_invites',
14
- pds: {
15
- inviteRequired: true,
16
- inviteInterval: 1,
17
- },
18
- })
19
- agent = network.pds.getAgent()
20
- sc = network.getSeedClient()
21
- })
22
-
23
- afterAll(async () => {
24
- await network?.close()
25
- })
26
-
27
- let alice: DidString
28
- let bob: DidString
29
- let carol: DidString
30
-
31
- beforeAll(async () => {
32
- const adminCode = await agent.api.com.atproto.server.createInviteCode(
33
- { useCount: 10 },
34
- { encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
35
- )
36
-
37
- await sc.createAccount('alice', {
38
- handle: 'alice.test',
39
- email: 'alice@test.com',
40
- password: 'alice',
41
- inviteCode: adminCode.data.code,
42
- })
43
- await sc.createAccount('bob', {
44
- handle: 'bob.test',
45
- email: 'bob@test.com',
46
- password: 'bob',
47
- inviteCode: adminCode.data.code,
48
- })
49
- await sc.createAccount('carol', {
50
- handle: 'carol.test',
51
- email: 'carol@test.com',
52
- password: 'carol',
53
- inviteCode: adminCode.data.code,
54
- })
55
-
56
- alice = sc.dids.alice
57
- bob = sc.dids.bob
58
- carol = sc.dids.carol
59
-
60
- const aliceCodes = await agent.api.com.atproto.server.getAccountInviteCodes(
61
- {},
62
- { headers: sc.getHeaders(alice) },
63
- )
64
- await agent.api.com.atproto.server.getAccountInviteCodes(
65
- {},
66
- { headers: sc.getHeaders(bob) },
67
- )
68
- await agent.api.com.atproto.server.createInviteCode(
69
- { useCount: 5, forAccount: alice },
70
- { encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
71
- )
72
- await agent.api.com.atproto.admin.disableInviteCodes(
73
- { codes: [adminCode.data.code], accounts: [bob] },
74
- { encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
75
- )
76
-
77
- const useCode = async (code: string) => {
78
- const name = randomStr(8, 'base32')
79
- await agent.api.com.atproto.server.createAccount({
80
- handle: `${name}.test`,
81
- email: `${name}@test.com`,
82
- password: name,
83
- inviteCode: code,
84
- })
85
- }
86
-
87
- await useCode(aliceCodes.data.codes[0].code)
88
- await useCode(aliceCodes.data.codes[1].code)
89
- })
90
-
91
- it('gets a list of invite codes by recency', async () => {
92
- const result = await agent.api.com.atproto.admin.getInviteCodes(
93
- {},
94
- { headers: network.pds.adminAuthHeaders() },
95
- )
96
- let lastDate = result.data.codes[0].createdAt
97
- for (const code of result.data.codes) {
98
- expect(code.createdAt <= lastDate).toBeTruthy()
99
- lastDate = code.createdAt
100
- }
101
- expect(result.data.codes.length).toBe(12)
102
- expect(result.data.codes[0]).toMatchObject({
103
- available: 5,
104
- disabled: false,
105
- forAccount: alice,
106
- createdBy: 'admin',
107
- })
108
- expect(result.data.codes[0].uses.length).toBe(0)
109
- expect(result.data.codes.at(-1)).toMatchObject({
110
- available: 10,
111
- disabled: true,
112
- forAccount: 'admin',
113
- createdBy: 'admin',
114
- })
115
- expect(result.data.codes.at(-1)?.uses.length).toBe(3)
116
- })
117
-
118
- it('paginates by recency', async () => {
119
- const full = await agent.api.com.atproto.admin.getInviteCodes(
120
- {},
121
- { headers: network.pds.adminAuthHeaders() },
122
- )
123
- const first = await agent.api.com.atproto.admin.getInviteCodes(
124
- { limit: 5 },
125
- { headers: network.pds.adminAuthHeaders() },
126
- )
127
- const second = await agent.api.com.atproto.admin.getInviteCodes(
128
- { cursor: first.data.cursor },
129
- { headers: network.pds.adminAuthHeaders() },
130
- )
131
- const combined = [...first.data.codes, ...second.data.codes]
132
- expect(combined).toEqual(full.data.codes)
133
- })
134
-
135
- it('gets a list of invite codes by usage', async () => {
136
- const result = await agent.api.com.atproto.admin.getInviteCodes(
137
- { sort: 'usage' },
138
- { headers: network.pds.adminAuthHeaders() },
139
- )
140
- let lastUseCount = result.data.codes[0].uses.length
141
- for (const code of result.data.codes) {
142
- expect(code.uses.length).toBeLessThanOrEqual(lastUseCount)
143
- lastUseCount = code.uses.length
144
- }
145
- expect(result.data.codes[0]).toMatchObject({
146
- available: 10,
147
- disabled: true,
148
- forAccount: 'admin',
149
- createdBy: 'admin',
150
- })
151
- expect(result.data.codes[0].uses.length).toBe(3)
152
- })
153
-
154
- it('paginates by usage', async () => {
155
- const full = await agent.api.com.atproto.admin.getInviteCodes(
156
- { sort: 'usage' },
157
- { headers: network.pds.adminAuthHeaders() },
158
- )
159
- const first = await agent.api.com.atproto.admin.getInviteCodes(
160
- { sort: 'usage', limit: 5 },
161
- { headers: network.pds.adminAuthHeaders() },
162
- )
163
- const second = await agent.api.com.atproto.admin.getInviteCodes(
164
- { sort: 'usage', cursor: first.data.cursor },
165
- { headers: network.pds.adminAuthHeaders() },
166
- )
167
- const combined = [...first.data.codes, ...second.data.codes]
168
- expect(combined).toEqual(full.data.codes)
169
- })
170
-
171
- it('hydrates invites into admin.getAccountInfo', async () => {
172
- const aliceView = await agent.api.com.atproto.admin.getAccountInfo(
173
- { did: alice },
174
- { headers: network.pds.adminAuthHeaders() },
175
- )
176
- expect(aliceView.data.invitedBy?.available).toBe(10)
177
- expect(aliceView.data.invitedBy?.uses.length).toBe(3)
178
- expect(aliceView.data.invites?.length).toBe(6)
179
- })
180
-
181
- it('disables an account from getting additional invite codes', async () => {
182
- await agent.api.com.atproto.admin.disableAccountInvites(
183
- { account: carol },
184
- { encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
185
- )
186
-
187
- const repoRes = await agent.api.com.atproto.admin.getAccountInfo(
188
- { did: carol },
189
- { headers: network.pds.adminAuthHeaders() },
190
- )
191
- expect(repoRes.data.invitesDisabled).toBe(true)
192
-
193
- const invRes = await agent.api.com.atproto.server.getAccountInviteCodes(
194
- {},
195
- { headers: sc.getHeaders(carol) },
196
- )
197
- expect(invRes.data.codes.length).toBe(0)
198
- })
199
-
200
- it('allows setting reason when enabling and disabling invite codes', async () => {
201
- await agent.api.com.atproto.admin.enableAccountInvites(
202
- { account: carol },
203
- { encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
204
- )
205
-
206
- const afterEnable = await agent.api.com.atproto.admin.getAccountInfo(
207
- { did: carol },
208
- { headers: network.pds.adminAuthHeaders() },
209
- )
210
- expect(afterEnable.data.invitesDisabled).toBe(false)
211
-
212
- await agent.api.com.atproto.admin.disableAccountInvites(
213
- { account: carol },
214
- { encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
215
- )
216
-
217
- const afterDisable = await agent.api.com.atproto.admin.getAccountInfo(
218
- { did: carol },
219
- { headers: network.pds.adminAuthHeaders() },
220
- )
221
- expect(afterDisable.data.invitesDisabled).toBe(true)
222
- })
223
-
224
- it('creates codes in the background but disables them', async () => {
225
- const res = await network.pds.ctx.accountManager.db.db
226
- .selectFrom('invite_code')
227
- .where('forAccount', '=', carol)
228
- .selectAll()
229
- .execute()
230
- expect(res.length).toBe(5)
231
- expect(res.every((row) => row.disabled === 1))
232
- })
233
-
234
- it('re-enables an accounts invites', async () => {
235
- await agent.api.com.atproto.admin.enableAccountInvites(
236
- { account: carol },
237
- { encoding: 'application/json', headers: network.pds.adminAuthHeaders() },
238
- )
239
-
240
- const repoRes = await agent.api.com.atproto.admin.getAccountInfo(
241
- { did: carol },
242
- { headers: network.pds.adminAuthHeaders() },
243
- )
244
- expect(repoRes.data.invitesDisabled).toBe(false)
245
-
246
- const invRes = await agent.api.com.atproto.server.getAccountInviteCodes(
247
- {},
248
- { headers: sc.getHeaders(carol) },
249
- )
250
- expect(invRes.data.codes.length).toBeGreaterThan(0)
251
- })
252
- })
@@ -1,280 +0,0 @@
1
- import assert from 'node:assert'
2
- import {
3
- $Typed,
4
- AtpAgent,
5
- ComAtprotoAdminDefs,
6
- ComAtprotoRepoStrongRef,
7
- } from '@atproto/api'
8
- import { ImageRef, SeedClient, TestNetworkNoAppView } from '@atproto/dev-env'
9
- import { BlobNotFoundError } from '@atproto/repo'
10
- import basicSeed from './seeds/basic.js'
11
-
12
- describe('moderation', () => {
13
- let network: TestNetworkNoAppView
14
- let agent: AtpAgent
15
- let sc: SeedClient
16
-
17
- let repoSubject: $Typed<ComAtprotoAdminDefs.RepoRef>
18
- let recordSubject: $Typed<ComAtprotoRepoStrongRef.Main>
19
- let blobSubject: $Typed<ComAtprotoAdminDefs.RepoBlobRef>
20
- let blobRef: ImageRef
21
-
22
- beforeAll(async () => {
23
- network = await TestNetworkNoAppView.create({
24
- dbPostgresSchema: 'moderation',
25
- })
26
-
27
- agent = network.pds.getAgent()
28
- sc = network.getSeedClient()
29
- await basicSeed(sc)
30
- await network.processAll()
31
- repoSubject = {
32
- $type: 'com.atproto.admin.defs#repoRef',
33
- did: sc.dids.bob,
34
- }
35
- const post = sc.posts[sc.dids.carol][0]
36
- recordSubject = {
37
- $type: 'com.atproto.repo.strongRef',
38
- uri: post.ref.uriStr,
39
- cid: post.ref.cidStr,
40
- }
41
- blobRef = post.images[1]
42
- blobSubject = {
43
- $type: 'com.atproto.admin.defs#repoBlobRef',
44
- did: sc.dids.carol,
45
- cid: blobRef.image.ref.toString(),
46
- }
47
- })
48
-
49
- afterAll(async () => {
50
- await network?.close()
51
- })
52
-
53
- it('takes down accounts', async () => {
54
- await agent.api.com.atproto.admin.updateSubjectStatus(
55
- {
56
- subject: repoSubject,
57
- takedown: { applied: true, ref: 'test-repo' },
58
- },
59
- {
60
- encoding: 'application/json',
61
- headers: network.pds.adminAuthHeaders(),
62
- },
63
- )
64
- const res = await agent.api.com.atproto.admin.getSubjectStatus(
65
- {
66
- did: repoSubject.did,
67
- },
68
- { headers: network.pds.adminAuthHeaders() },
69
- )
70
- assert(ComAtprotoAdminDefs.isRepoRef(res.data.subject))
71
- expect(res.data.subject.did).toEqual(sc.dids.bob)
72
- expect(res.data.takedown?.applied).toBe(true)
73
- expect(res.data.takedown?.ref).toBe('test-repo')
74
- })
75
-
76
- it('restores takendown accounts', async () => {
77
- await agent.api.com.atproto.admin.updateSubjectStatus(
78
- {
79
- subject: repoSubject,
80
- takedown: { applied: false },
81
- },
82
- {
83
- encoding: 'application/json',
84
- headers: network.pds.adminAuthHeaders(),
85
- },
86
- )
87
- const res = await agent.api.com.atproto.admin.getSubjectStatus(
88
- {
89
- did: repoSubject.did,
90
- },
91
- { headers: network.pds.adminAuthHeaders() },
92
- )
93
- assert(ComAtprotoAdminDefs.isRepoRef(res.data.subject))
94
- expect(res.data.subject.did).toEqual(sc.dids.bob)
95
- expect(res.data.takedown?.applied).toBe(false)
96
- expect(res.data.takedown?.ref).toBeUndefined()
97
- })
98
-
99
- it('takes down records', async () => {
100
- await agent.api.com.atproto.admin.updateSubjectStatus(
101
- {
102
- subject: recordSubject,
103
- takedown: { applied: true, ref: 'test-record' },
104
- },
105
- {
106
- encoding: 'application/json',
107
- headers: network.pds.adminAuthHeaders(),
108
- },
109
- )
110
- const res = await agent.api.com.atproto.admin.getSubjectStatus(
111
- {
112
- uri: recordSubject.uri,
113
- },
114
- { headers: network.pds.adminAuthHeaders() },
115
- )
116
- assert(ComAtprotoRepoStrongRef.isMain(res.data.subject))
117
- expect(res.data.subject.uri).toEqual(recordSubject.uri)
118
- expect(res.data.takedown?.applied).toBe(true)
119
- expect(res.data.takedown?.ref).toBe('test-record')
120
- })
121
-
122
- it('restores takendown records', async () => {
123
- await agent.api.com.atproto.admin.updateSubjectStatus(
124
- {
125
- subject: recordSubject,
126
- takedown: { applied: false },
127
- },
128
- {
129
- encoding: 'application/json',
130
- headers: network.pds.adminAuthHeaders(),
131
- },
132
- )
133
- const res = await agent.api.com.atproto.admin.getSubjectStatus(
134
- {
135
- uri: recordSubject.uri,
136
- },
137
- { headers: network.pds.adminAuthHeaders() },
138
- )
139
- assert(ComAtprotoRepoStrongRef.isMain(res.data.subject))
140
- expect(res.data.subject.uri).toEqual(recordSubject.uri)
141
- expect(res.data.takedown?.applied).toBe(false)
142
- expect(res.data.takedown?.ref).toBeUndefined()
143
- })
144
-
145
- describe('blob takedown', () => {
146
- it('takes down blobs', async () => {
147
- await agent.api.com.atproto.admin.updateSubjectStatus(
148
- {
149
- subject: blobSubject,
150
- takedown: { applied: true, ref: 'test-blob' },
151
- },
152
- {
153
- encoding: 'application/json',
154
- headers: network.pds.adminAuthHeaders(),
155
- },
156
- )
157
- const res = await agent.api.com.atproto.admin.getSubjectStatus(
158
- {
159
- did: blobSubject.did,
160
- blob: blobSubject.cid,
161
- },
162
- { headers: network.pds.adminAuthHeaders() },
163
- )
164
- assert(ComAtprotoAdminDefs.isRepoBlobRef(res.data.subject))
165
- expect(res.data.subject.did).toEqual(blobSubject.did)
166
- assert(ComAtprotoAdminDefs.isRepoBlobRef(res.data.subject))
167
- expect(res.data.subject.cid).toEqual(blobSubject.cid)
168
- expect(res.data.takedown?.applied).toBe(true)
169
- expect(res.data.takedown?.ref).toBe('test-blob')
170
- })
171
-
172
- it('removes blob from the store', async () => {
173
- const tryGetBytes = network.pds.ctx
174
- .blobstore(blobSubject.did)
175
- .getBytes(blobRef.image.ref)
176
- await expect(tryGetBytes).rejects.toThrow(BlobNotFoundError)
177
- })
178
-
179
- it('prevents blob from being referenced again.', async () => {
180
- const referenceBlob = sc.post(sc.dids.carol, 'pic', [], [blobRef])
181
- await expect(referenceBlob).rejects.toThrow('Could not find blob:')
182
- })
183
-
184
- it('prevents blob from being reuploaded', async () => {
185
- const attempt = sc.uploadFile(
186
- sc.dids.carol,
187
- '../dev-env/assets/key-alt.jpg',
188
- 'image/jpeg',
189
- )
190
- await expect(attempt).rejects.toThrow(
191
- 'Blob has been takendown, cannot re-upload',
192
- )
193
- })
194
-
195
- it('prevents image blob from being served.', async () => {
196
- const attempt = agent.api.com.atproto.sync.getBlob({
197
- did: sc.dids.carol,
198
- cid: blobRef.image.ref.toString(),
199
- })
200
- await expect(attempt).rejects.toThrow('Blob not found')
201
- })
202
-
203
- it('restores blob when takedown is removed', async () => {
204
- await agent.api.com.atproto.admin.updateSubjectStatus(
205
- {
206
- subject: blobSubject,
207
- takedown: { applied: false },
208
- },
209
- {
210
- encoding: 'application/json',
211
- headers: network.pds.adminAuthHeaders(),
212
- },
213
- )
214
-
215
- // Can post and reference blob
216
- const post = await sc.post(sc.dids.carol, 'pic', [], [blobRef])
217
- expect(post.images[0].image.ref.equals(blobRef.image.ref)).toBeTruthy()
218
-
219
- // Can fetch through image server
220
- const res = await agent.api.com.atproto.sync.getBlob({
221
- did: sc.dids.carol,
222
- cid: blobRef.image.ref.toString(),
223
- })
224
-
225
- expect(res.data.byteLength).toBeGreaterThan(9000)
226
- })
227
-
228
- it('prevents blobs of takendown accounts from being served.', async () => {
229
- await agent.api.com.atproto.admin.updateSubjectStatus(
230
- {
231
- subject: {
232
- $type: 'com.atproto.admin.defs#repoRef',
233
- did: sc.dids.carol,
234
- },
235
- takedown: { applied: true },
236
- },
237
- {
238
- encoding: 'application/json',
239
- headers: network.pds.adminAuthHeaders(),
240
- },
241
- )
242
- const blobParams = {
243
- did: sc.dids.carol,
244
- cid: blobRef.image.ref.toString(),
245
- }
246
- // public, disallow
247
- const attempt1 = agent.api.com.atproto.sync.getBlob(blobParams)
248
- await expect(attempt1).rejects.toThrow(/Repo has been takendown/)
249
- // logged-in, disallow
250
- const attempt2 = agent.api.com.atproto.sync.getBlob(blobParams, {
251
- headers: sc.getHeaders(sc.dids.bob),
252
- })
253
- await expect(attempt2).rejects.toThrow(/Repo has been takendown/)
254
- // logged-in as account, allow
255
- const res1 = await agent.api.com.atproto.sync.getBlob(blobParams, {
256
- headers: sc.getHeaders(sc.dids.carol),
257
- })
258
- expect(res1.data.byteLength).toBeGreaterThan(9000)
259
- // admin role, allow
260
- const res2 = await agent.api.com.atproto.sync.getBlob(blobParams, {
261
- headers: network.pds.adminAuthHeaders(),
262
- })
263
- expect(res2.data.byteLength).toBeGreaterThan(9000)
264
- // revert takedown
265
- await agent.api.com.atproto.admin.updateSubjectStatus(
266
- {
267
- subject: {
268
- $type: 'com.atproto.admin.defs#repoRef',
269
- did: sc.dids.carol,
270
- },
271
- takedown: { applied: false },
272
- },
273
- {
274
- encoding: 'application/json',
275
- headers: network.pds.adminAuthHeaders(),
276
- },
277
- )
278
- })
279
- })
280
- })
@@ -1,177 +0,0 @@
1
- import assert from 'node:assert'
2
- import * as plc from '@did-plc/lib'
3
- import { AtpAgent } from '@atproto/api'
4
- import { Keypair, Secp256k1Keypair } from '@atproto/crypto'
5
- import { SeedClient, TestNetworkNoAppView } from '@atproto/dev-env'
6
- import { $Typed } from '@atproto/lex'
7
- import { createServiceAuthHeaders } from '@atproto/xrpc-server'
8
- import { com } from '../src/lexicons/index.js'
9
- import usersSeed from './seeds/users.js'
10
-
11
- describe('moderator auth', () => {
12
- let network: TestNetworkNoAppView
13
- let agent: AtpAgent
14
- let sc: SeedClient
15
-
16
- let repoSubject: $Typed<com.atproto.admin.defs.RepoRef>
17
-
18
- let modServiceDid: string
19
- let altModDid: string
20
- let modServiceKey: Secp256k1Keypair
21
- let pdsDid: string
22
-
23
- const opAndDid = async (handle: string, key: Keypair) => {
24
- const op = await plc.signOperation(
25
- {
26
- type: 'plc_operation',
27
- alsoKnownAs: [handle],
28
- verificationMethods: {
29
- atproto: key.did(),
30
- },
31
- rotationKeys: [key.did()],
32
- services: {},
33
- prev: null,
34
- },
35
- key,
36
- )
37
- const did = await plc.didForCreateOp(op)
38
- return { op, did }
39
- }
40
-
41
- beforeAll(async () => {
42
- // kinda goofy but we need to know the dids before creating the testnet for the PDS's config
43
- modServiceKey = await Secp256k1Keypair.create()
44
- const modServiceInfo = await opAndDid('mod.test', modServiceKey)
45
- const altModInfo = await opAndDid('alt-mod.test', modServiceKey)
46
- modServiceDid = modServiceInfo.did
47
- altModDid = altModInfo.did
48
-
49
- network = await TestNetworkNoAppView.create({
50
- dbPostgresSchema: 'pds_moderator_auth',
51
- pds: {
52
- modServiceDid: modServiceInfo.did,
53
- modServiceUrl: 'https://mod.invalid',
54
- },
55
- })
56
-
57
- pdsDid = network.pds.ctx.cfg.service.did
58
-
59
- const plcClient = network.plc.getClient()
60
- await plcClient.sendOperation(modServiceInfo.did, modServiceInfo.op)
61
- await plcClient.sendOperation(altModInfo.did, altModInfo.op)
62
-
63
- agent = network.pds.getAgent()
64
- sc = network.getSeedClient()
65
- await usersSeed(sc)
66
- await network.processAll()
67
- repoSubject = {
68
- $type: 'com.atproto.admin.defs#repoRef',
69
- did: sc.dids.bob,
70
- }
71
- }, 20_000) // @NOTE seeding can take a while
72
-
73
- afterAll(async () => {
74
- await network?.close()
75
- })
76
-
77
- it('allows service auth requests from the configured appview did', async () => {
78
- const updateHeaders = await createServiceAuthHeaders({
79
- iss: modServiceDid,
80
- aud: pdsDid,
81
- lxm: com.atproto.admin.updateSubjectStatus.$lxm,
82
- keypair: modServiceKey,
83
- })
84
- await agent.api.com.atproto.admin.updateSubjectStatus(
85
- {
86
- subject: repoSubject,
87
- takedown: { applied: true, ref: 'test-repo' },
88
- },
89
- {
90
- ...updateHeaders,
91
- encoding: 'application/json',
92
- },
93
- )
94
-
95
- const getHeaders = await createServiceAuthHeaders({
96
- iss: modServiceDid,
97
- aud: pdsDid,
98
- lxm: com.atproto.admin.getSubjectStatus.$lxm,
99
- keypair: modServiceKey,
100
- })
101
- const res = await agent.api.com.atproto.admin.getSubjectStatus(
102
- {
103
- did: repoSubject.did,
104
- },
105
- getHeaders,
106
- )
107
- assert(com.atproto.admin.defs.repoRef.$matches(res.data.subject))
108
- expect(res.data.subject.did).toBe(repoSubject.did)
109
- expect(res.data.takedown?.applied).toBe(true)
110
- })
111
-
112
- it('does not allow requests from another did', async () => {
113
- const headers = await createServiceAuthHeaders({
114
- iss: altModDid,
115
- aud: pdsDid,
116
- lxm: com.atproto.admin.updateSubjectStatus.$lxm,
117
- keypair: modServiceKey,
118
- })
119
- const attempt = agent.api.com.atproto.admin.updateSubjectStatus(
120
- {
121
- subject: repoSubject,
122
- takedown: { applied: true, ref: 'test-repo' },
123
- },
124
- {
125
- ...headers,
126
- encoding: 'application/json',
127
- },
128
- )
129
- await expect(attempt).rejects.toThrow('Untrusted issuer')
130
- })
131
-
132
- it('does not allow requests with a bad signature', async () => {
133
- const badKey = await Secp256k1Keypair.create()
134
- const headers = await createServiceAuthHeaders({
135
- iss: modServiceDid,
136
- aud: pdsDid,
137
- lxm: com.atproto.admin.updateSubjectStatus.$lxm,
138
- keypair: badKey,
139
- })
140
- const attempt = agent.api.com.atproto.admin.updateSubjectStatus(
141
- {
142
- subject: repoSubject,
143
- takedown: { applied: true, ref: 'test-repo' },
144
- },
145
- {
146
- ...headers,
147
- encoding: 'application/json',
148
- },
149
- )
150
- await expect(attempt).rejects.toThrow(
151
- 'jwt signature does not match jwt issuer',
152
- )
153
- })
154
-
155
- it('does not allow requests with a bad aud', async () => {
156
- // repo subject is bob, so we set alice as the audience
157
- const headers = await createServiceAuthHeaders({
158
- iss: modServiceDid,
159
- aud: sc.dids.alice,
160
- lxm: com.atproto.admin.updateSubjectStatus.$lxm,
161
- keypair: modServiceKey,
162
- })
163
- const attempt = agent.api.com.atproto.admin.updateSubjectStatus(
164
- {
165
- subject: repoSubject,
166
- takedown: { applied: true, ref: 'test-repo' },
167
- },
168
- {
169
- ...headers,
170
- encoding: 'application/json',
171
- },
172
- )
173
- await expect(attempt).rejects.toThrow(
174
- 'jwt audience does not match service did',
175
- )
176
- })
177
- })