@atproto/pds 0.5.2 → 0.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (131) hide show
  1. package/CHANGELOG.md +22 -0
  2. package/dist/account-manager/account-manager.d.ts.map +1 -1
  3. package/dist/account-manager/account-manager.js +16 -19
  4. package/dist/account-manager/account-manager.js.map +1 -1
  5. package/dist/account-manager/oauth-store.d.ts.map +1 -1
  6. package/dist/account-manager/oauth-store.js +46 -26
  7. package/dist/account-manager/oauth-store.js.map +1 -1
  8. package/dist/api/com/atproto/admin/deleteAccount.d.ts.map +1 -1
  9. package/dist/api/com/atproto/admin/deleteAccount.js +9 -4
  10. package/dist/api/com/atproto/admin/deleteAccount.js.map +1 -1
  11. package/dist/api/com/atproto/admin/updateSubjectStatus.js +1 -1
  12. package/dist/api/com/atproto/admin/updateSubjectStatus.js.map +1 -1
  13. package/dist/api/com/atproto/identity/submitPlcOperation.js +1 -1
  14. package/dist/api/com/atproto/identity/submitPlcOperation.js.map +1 -1
  15. package/dist/api/com/atproto/server/activateAccount.js +1 -3
  16. package/dist/api/com/atproto/server/activateAccount.js.map +1 -1
  17. package/dist/api/com/atproto/server/createAccount.d.ts.map +1 -1
  18. package/dist/api/com/atproto/server/createAccount.js +61 -45
  19. package/dist/api/com/atproto/server/createAccount.js.map +1 -1
  20. package/dist/api/com/atproto/server/deactivateAccount.js +1 -1
  21. package/dist/api/com/atproto/server/deactivateAccount.js.map +1 -1
  22. package/dist/api/com/atproto/server/deleteAccount.d.ts.map +1 -1
  23. package/dist/api/com/atproto/server/deleteAccount.js +9 -4
  24. package/dist/api/com/atproto/server/deleteAccount.js.map +1 -1
  25. package/dist/api/com/atproto/sync/getRepo.d.ts.map +1 -1
  26. package/dist/api/com/atproto/sync/getRepo.js +21 -9
  27. package/dist/api/com/atproto/sync/getRepo.js.map +1 -1
  28. package/dist/index.d.ts.map +1 -1
  29. package/dist/index.js +4 -39
  30. package/dist/index.js.map +1 -1
  31. package/dist/lexicons/chat/bsky/convo/defs.defs.d.ts +4 -0
  32. package/dist/lexicons/chat/bsky/convo/defs.defs.d.ts.map +1 -1
  33. package/dist/lexicons/chat/bsky/convo/defs.defs.js +1 -0
  34. package/dist/lexicons/chat/bsky/convo/defs.defs.js.map +1 -1
  35. package/dist/lexicons/chat/bsky/convo/getUnreadCounts.d.ts +3 -0
  36. package/dist/lexicons/chat/bsky/convo/getUnreadCounts.d.ts.map +1 -0
  37. package/dist/lexicons/chat/bsky/convo/getUnreadCounts.defs.d.ts +23 -0
  38. package/dist/lexicons/chat/bsky/convo/getUnreadCounts.defs.d.ts.map +1 -0
  39. package/dist/lexicons/chat/bsky/convo/getUnreadCounts.defs.js +19 -0
  40. package/dist/lexicons/chat/bsky/convo/getUnreadCounts.defs.js.map +1 -0
  41. package/dist/lexicons/chat/bsky/convo/getUnreadCounts.js +6 -0
  42. package/dist/lexicons/chat/bsky/convo/getUnreadCounts.js.map +1 -0
  43. package/dist/lexicons/chat/bsky/convo/unlockConvo.defs.d.ts +1 -1
  44. package/dist/lexicons/chat/bsky/convo/unlockConvo.defs.d.ts.map +1 -1
  45. package/dist/lexicons/chat/bsky/convo/unlockConvo.defs.js +1 -0
  46. package/dist/lexicons/chat/bsky/convo/unlockConvo.defs.js.map +1 -1
  47. package/dist/lexicons/chat/bsky/convo.d.ts +1 -0
  48. package/dist/lexicons/chat/bsky/convo.d.ts.map +1 -1
  49. package/dist/lexicons/chat/bsky/convo.js +1 -0
  50. package/dist/lexicons/chat/bsky/convo.js.map +1 -1
  51. package/dist/lexicons/chat/bsky/embed/joinLink.defs.d.ts +1 -1
  52. package/dist/lexicons/chat/bsky/embed/joinLink.defs.d.ts.map +1 -1
  53. package/dist/lexicons/chat/bsky/embed/joinLink.defs.js +5 -1
  54. package/dist/lexicons/chat/bsky/embed/joinLink.defs.js.map +1 -1
  55. package/dist/lexicons/chat/bsky/group/createGroup.defs.d.ts +5 -5
  56. package/dist/lexicons/chat/bsky/group/createGroup.defs.js +3 -3
  57. package/dist/lexicons/chat/bsky/group/createGroup.defs.js.map +1 -1
  58. package/dist/lexicons/chat/bsky/group/defs.defs.d.ts +26 -2
  59. package/dist/lexicons/chat/bsky/group/defs.defs.d.ts.map +1 -1
  60. package/dist/lexicons/chat/bsky/group/defs.defs.js +15 -2
  61. package/dist/lexicons/chat/bsky/group/defs.defs.js.map +1 -1
  62. package/dist/lexicons/chat/bsky/group/getJoinLinkPreviews.defs.d.ts +3 -3
  63. package/dist/lexicons/chat/bsky/group/getJoinLinkPreviews.defs.d.ts.map +1 -1
  64. package/dist/lexicons/chat/bsky/group/getJoinLinkPreviews.defs.js +6 -2
  65. package/dist/lexicons/chat/bsky/group/getJoinLinkPreviews.defs.js.map +1 -1
  66. package/dist/lexicons/chat/bsky/moderation/subscribeModEvents.defs.d.ts +1 -1
  67. package/dist/lexicons/chat/bsky/moderation/subscribeModEvents.defs.d.ts.map +1 -1
  68. package/dist/lexicons/chat/bsky/moderation/subscribeModEvents.defs.js.map +1 -1
  69. package/dist/lexicons/index.d.ts +1 -0
  70. package/dist/lexicons/index.d.ts.map +1 -1
  71. package/dist/lexicons/index.js +1 -0
  72. package/dist/lexicons/index.js.map +1 -1
  73. package/dist/lexicons/internal/bsky/actor/getProfiles.d.ts +3 -0
  74. package/dist/lexicons/internal/bsky/actor/getProfiles.d.ts.map +1 -0
  75. package/dist/lexicons/internal/bsky/actor/getProfiles.defs.d.ts +38 -0
  76. package/dist/lexicons/internal/bsky/actor/getProfiles.defs.d.ts.map +1 -0
  77. package/dist/lexicons/internal/bsky/actor/getProfiles.defs.js +26 -0
  78. package/dist/lexicons/internal/bsky/actor/getProfiles.defs.js.map +1 -0
  79. package/dist/lexicons/internal/bsky/actor/getProfiles.js +6 -0
  80. package/dist/lexicons/internal/bsky/actor/getProfiles.js.map +1 -0
  81. package/dist/lexicons/internal/bsky/actor.d.ts +2 -0
  82. package/dist/lexicons/internal/bsky/actor.d.ts.map +1 -0
  83. package/dist/lexicons/internal/bsky/actor.js +5 -0
  84. package/dist/lexicons/internal/bsky/actor.js.map +1 -0
  85. package/dist/lexicons/internal/bsky.d.ts +2 -0
  86. package/dist/lexicons/internal/bsky.d.ts.map +1 -0
  87. package/dist/lexicons/internal/bsky.js +5 -0
  88. package/dist/lexicons/internal/bsky.js.map +1 -0
  89. package/dist/lexicons/internal.d.ts +2 -0
  90. package/dist/lexicons/internal.d.ts.map +1 -0
  91. package/dist/lexicons/internal.js +5 -0
  92. package/dist/lexicons/internal.js.map +1 -0
  93. package/dist/rate-limits.d.ts +7 -0
  94. package/dist/rate-limits.d.ts.map +1 -0
  95. package/dist/rate-limits.js +50 -0
  96. package/dist/rate-limits.js.map +1 -0
  97. package/dist/scripts/publish-identity.js +1 -1
  98. package/dist/scripts/publish-identity.js.map +1 -1
  99. package/dist/scripts/rebuild-repo.js +1 -1
  100. package/dist/scripts/rebuild-repo.js.map +1 -1
  101. package/dist/scripts/rotate-keys.js +2 -2
  102. package/dist/scripts/rotate-keys.js.map +1 -1
  103. package/dist/scripts/sequencer-recovery/recoverer.js +7 -5
  104. package/dist/scripts/sequencer-recovery/recoverer.js.map +1 -1
  105. package/dist/sequencer/sequencer.d.ts +8 -6
  106. package/dist/sequencer/sequencer.d.ts.map +1 -1
  107. package/dist/sequencer/sequencer.js +40 -21
  108. package/dist/sequencer/sequencer.js.map +1 -1
  109. package/package.json +10 -10
  110. package/src/account-manager/account-manager.ts +26 -23
  111. package/src/account-manager/oauth-store.ts +55 -36
  112. package/src/api/com/atproto/admin/deleteAccount.ts +9 -7
  113. package/src/api/com/atproto/admin/updateSubjectStatus.ts +1 -1
  114. package/src/api/com/atproto/identity/submitPlcOperation.ts +1 -1
  115. package/src/api/com/atproto/server/activateAccount.ts +3 -3
  116. package/src/api/com/atproto/server/createAccount.ts +72 -63
  117. package/src/api/com/atproto/server/deactivateAccount.ts +1 -1
  118. package/src/api/com/atproto/server/deleteAccount.ts +9 -7
  119. package/src/api/com/atproto/sync/getRepo.ts +26 -9
  120. package/src/index.ts +3 -42
  121. package/src/rate-limits.ts +59 -0
  122. package/src/scripts/publish-identity.ts +1 -1
  123. package/src/scripts/rebuild-repo.ts +1 -1
  124. package/src/scripts/rotate-keys.ts +2 -2
  125. package/src/scripts/sequencer-recovery/recoverer.ts +9 -5
  126. package/src/sequencer/sequencer.ts +52 -23
  127. package/tests/account-manager.test.ts +78 -0
  128. package/tsconfig.build.json +2 -2
  129. package/tsconfig.build.tsbuildinfo +1 -1
  130. package/tsconfig.json +2 -2
  131. package/tsconfig.tests.json +2 -2
package/dist/account-manager/oauth-store.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-store.js","sourceRoot":"","sources":["../../src/account-manager/oauth-store.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAA;AAChC,OAAO,EAAU,QAAQ,IAAI,WAAW,EAAE,MAAM,cAAc,CAAA;AAE9D,OAAO,EAAW,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAC3D,OAAO,EAEL,oBAAoB,EACpB,gBAAgB,EAChB,WAAW,EACX,cAAc,GACf,MAAM,cAAc,CAAA;AACrB,OAAO,EAaL,sBAAsB,EAEtB,uBAAuB,EACvB,sBAAsB,EACtB,mBAAmB,GAuBpB,MAAM,yBAAyB,CAAA;AAChC,OAAO,EACL,iBAAiB,IAAI,qBAAqB,EAC1C,mBAAmB,IAAI,uBAAuB,GAC/C,MAAM,sBAAsB,CAAA;AAG7B,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAA;AAE5C,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AAEvC,OAAO,EAAa,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AACxE,OAAO,EAAkB,oBAAoB,EAAE,MAAM,sBAAsB,CAAA;AAE3E,OAAO,KAAK,mBAAmB,MAAM,6BAA6B,CAAA;AAClE,OAAO,EACL,aAAa,EAEb,sBAAsB,GACvB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,KAAK,iBAAiB,MAAM,oCAAoC,CAAA;AACvE,OAAO,KAAK,sBAAsB,MAAM,gCAAgC,CAAA;AACxE,OAAO,KAAK,YAAY,MAAM,qBAAqB,CAAA;AACnD,OAAO,KAAK,aAAa,MAAM,sBAAsB,CAAA;AACrD,OAAO,KAAK,WAAW,MAAM,oBAAoB,CAAA;AACjD,OAAO,KAAK,sBAAsB,MAAM,iCAAiC,CAAA;AAEzE;;;;;GAKG;AACH,MAAM,OAAO,UAAU;IAGrB,YACmB,cAA8B,EAC9B,UAAsB,EACtB,eAAgC,EAChC,eAAgC,EAChC,MAAoB,EACpB,SAAoB,EACpB,SAAiB,EACjB,cAAuB,EACvB,SAAiB,EACjB,cAA6B;QAT7B,mBAAc,GAAd,cAAc,CAAgB;QAC9B,eAAU,GAAV,UAAU,CAAY;QACtB,oBAAe,GAAf,eAAe,CAAiB;QAChC,oBAAe,GAAf,eAAe,CAAiB;QAChC,WAAM,GAAN,MAAM,CAAc;QACpB,cAAS,GAAT,SAAS,CAAW;QACpB,cAAS,GAAT,SAAS,CAAQ;QACjB,mBAAc,GAAd,cAAc,CAAS;QACvB,cAAS,GAAT,SAAS,CAAQ;QACjB,mBAAc,GAAd,cAAc,CAAe;IAC7C,CAAC;IAEJ,IAAY,EAAE;QACZ,MAAM,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,cAAc,CAAA;QAClC,IAAI,EAAE,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;QAClE,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAY,UAAU;QACpB,OAAO,IAAI,CAAC,cAAc,CAAC,UAAU,CAAA;IACvC,CAAC;IAEO,KAAK,CAAC,uBAAuB,CAAC,KAAa;QACjD,4EAA4E;QAE5E,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,KAAK,EAAE;YACjE,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QAEF,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,IAAI,mBAAmB,CAAC,qBAAqB,CAAC,CAAA;QACtD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,IAAY;QACzC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,cAAc,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QACzD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GACX,GAAG,YAAY,uBAAuB,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAA;YAClE,MAAM,IAAI,sBAAsB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QAChD,CAAC;IACH,CAAC;IAED,eAAe;IAEf,KAAK,CAAC,aAAa,CAAC,EAClB,MAAM,EAAE,OAAO,EACf,UAAU,EACV,MAAM,EACN,KAAK,EACL,QAAQ,GACG;QACX,uGAAuG;QACvG,yEAAyE;QAEzE,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,EAAE,qCAAqC,CAAC,CAAA;QAErE,MAAM,OAAO,CAAC,GAAG,CAAC;YAChB,IAAI,CAAC,uBAAuB,CAAC,KAAK,CAAC;YACnC,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC;YACrC,CAAC,UAAU,IAAI,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC;SACjD,CAAC,CAAA;QAEF,4EAA4E;QAC5E,gEAAgE;QAEhE,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAA;QACtE,MAAM,aAAa,GAAG,UAAU,CAAC,GAAG,EAAE,CAAA;QAEtC,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC;YAClC,UAAU,EAAE,aAAa;YACzB,YAAY,EAAE,IAAI,CAAC,cAAc;gBAC/B,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC;gBAClD,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC;YAC/B,MAAM;YACN,GAAG,EAAE,IAAI,CAAC,SAAS;YACnB,MAAM,EAAE,IAAI,CAAC,cAAc;SAC5B,CAAC,CAAA;QAEF,MAAM,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,SAAS,CAAA;QAC7B,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,wCAAwC,CAAC,CAAA;QAElE,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,CAAA;YAC7C,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE,CAC9D,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAC7B,CAAA;gBAED,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,EAAE,CAAC,CAAA;gBAE3C,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC;oBACtC,GAAG;oBACH,MAAM;oBACN,KAAK;oBACL,QAAQ;oBACR,UAAU;oBACV,OAAO,EAAE,MAAM,CAAC,GAAG;oBACnB,OAAO,EAAE,MAAM,CAAC,GAAG;iBACpB,CAAC,CAAA;gBACF,IAAI,CAAC;oBACH,MAAM,IAAI,CAAC,SAAS,CAAC,mBAAmB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;oBACrD,MAAM,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,GAAG,EAAE,aAAa,CAAC,MAAM,CAAC,CAAA;oBAClE,MAAM,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;oBAChD,MAAM,IAAI,CAAC,SAAS,CAAC,eAAe,CAClC,GAAG,EACH,qBAAqB,CAAC,MAAM,CAAC,CAC9B,CAAA;oBACD,MAAM,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAA;oBACrE,MAAM,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,aAAa,EAAE,GAAG,CAAC,CAAA;oBAE9D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;oBACzD,IAAI,CAAC,OAAO;wBAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAA;oBAElD,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;gBACzC,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;oBACtC,MAAM,GAAG,CAAA;gBACX,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBAClC,MAAM,GAAG,CAAA;YACX,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,0BAA0B;YAC1B,IAAI,GAAG,YAAY,uBAAuB,EAAE,CAAC;gBAC3C,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;YACjD,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,EACxB,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,UAAU,EACpB,QAAQ;IACR,kCAAkC;IAClC,QAAQ,GAAG,SAAS,GACI;QACxB,0EAA0E;QAC1E,IAAI,CAAC;YACH,sBAAsB;YACtB,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;YAC/C,CAAC;YAED,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,EAAE,GACxC,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC,CAAA;YAE3D,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,IAAI,mBAAmB,CAAC,wBAAwB,CAAC,CAAA;YACzD,CAAC;YAED,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,mBAAmB,CAAC,+BAA+B,CAAC,CAAA;YAChE,CAAC;YAED,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;QAChC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,mEAAmE;YACnE,kEAAkE;YAClE,oEAAoE;YACpE,mEAAmE;YACnE,IAAI,GAAG,YAAY,oBAAoB,EAAE,CAAC;gBACxC,MAAM,IAAI,uBAAuB,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;YAC9D,CAAC;YACD,IAAI,GAAG,YAAY,qBAAqB,EAAE,CAAC;gBACzC,MAAM,IAAI,uBAAuB,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,CAAA;YAChE,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,GAAQ,EACR,QAAkB,EAClB,IAA0B;QAE1B,MAAM,sBAAsB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAA;IACnE,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,GAAQ;QAIvB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU;QACrD,0EAA0E;QAC1E,oBAAoB,CAAC,GAAG,CAAC,EACzB;YACE,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,KAAK;SACxB,CACF,CAAA;QAED,MAAM,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAA;QAEvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAA;QACnD,MAAM,iBAAiB,GAAG,MAAM,sBAAsB,CAAC,oBAAoB,CACzE,IAAI,CAAC,EAAE,EACP,GAAG,CACJ,CAAA;QAED,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAA;IACvC,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,QAAkB,EAAE,GAAW;QACvD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,CACrD,CAAA;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,QAAkB,EAClB,GAAW;QAEX,MAAM,GAAG,GAAG,MAAM,mBAAmB;aAClC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC;aACpC,gBAAgB,EAAE,CAAA;QAErB,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAA;QAErB,OAAO;YACL,QAAQ;YACR,UAAU,EAAE,YAAY,CAAC,eAAe,CAAC,GAAG,CAAC;YAC7C,OAAO,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YACrC,iBAAiB,EAAE,MAAM,sBAAsB,CAAC,oBAAoB,CAClE,IAAI,CAAC,EAAE,EACP,GAAG,CACJ;YACD,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC;YACvC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC;SACxC,CAAA;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,QAAkB,EAAE,GAAQ;QACpD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,CACrD,CAAA;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CACtB,MAA6C;QAE7C,MAAM,IAAI,GAAG,MAAM,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC,OAAO,EAAE,CAAA;QAE1E,MAAM,UAAU,GAAa,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;QAErE,sDAAsD;QACtD,MAAM,QAAQ,GAAG,IAAI,GAAG,CACtB,MAAM,OAAO,CAAC,GAAG,CACf,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,GAAG,EAA2B,EAAE;YAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAE,CAAA;YAC5C,OAAO,CAAC,GAAG,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA;QAC5C,CAAC,CAAC,CACH,CACF,CAAA;QAED,MAAM,oBAAoB,GACxB,MAAM,sBAAsB,CAAC,yBAAyB,CACpD,IAAI,CAAC,EAAE,EACP,UAAU,CACX,CAAA;QAEH,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACxB,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,UAAU,EAAE,YAAY,CAAC,eAAe,CAAC,GAAG,CAAC;YAC7C,OAAO,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAE;YAC/B,iBAAiB,EAAE,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAE;YACrD,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC;YACvC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC;SACxC,CAAC,CAAC,CAAA;IACL,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,EACzB,MAAM,EAAE,OAAO,EACf,KAAK,GACqB;QAC1B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,KAAK,EAAE;YACjE,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,KAAK;SACxB,CAAC,CAAA;QAEF,IAAI,CAAC,OAAO,EAAE,KAAK,IAAI,CAAC,OAAO,EAAE,MAAM;YAAE,OAAO,IAAI,CAAA;QAEpD,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;QAC1B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CACtD,OAAO,CAAC,GAAG,EACX,gBAAgB,CACjB,CAAA;QAED,+DAA+D;QAC/D,MAAM,IAAI,CAAC,MAAM,CAAC,iBAAiB,CACjC,EAAE,MAAM,EAAE,KAAK,EAAE,EACjB,EAAE,EAAE,EAAE,OAAO,CAAC,KAAK,EAAE,CACtB,CAAA;QAED,OAAO,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;IACnC,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,IAA+B;QAE/B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,IAAI,CAAC,CAAA;YACzD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,EAAE;gBACxD,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,KAAK;aACxB,CAAC,CAAA;YAEF,OAAO,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;QACpD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,uBAAuB,EAAE,CAAC;gBAC3C,OAAO,IAAI,CAAA;YACb,CAAC;YAED,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,MAAoB;QACjD,8EAA8E;QAC9E,IAAI,CAAC;YACH,MAAM,UAAU,GACd,MAAM,IAAI,CAAC,cAAc,CAAC,0BAA0B,CAAC,MAAM,CAAC,CAAA;YAE9D,uEAAuE;YACvE,sEAAsE;YACtE,WAAW;YACX,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;gBAC1B,MAAM,IAAI,sBAAsB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAA;YAC9D,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,UAAU,EAAE;gBAC/D,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CAAC,CAAA;YAEF,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,IAAI,sBAAsB,CAAC,OAAO,CAAC,CAAA;YAC3C,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,wBAAwB,CAAC,GAAG,CAAC,CAAA;QACrC,CAAC;IACH,CAAC;IAED,eAAe;IAEf,KAAK,CAAC,aAAa,CAAC,EAAa,EAAE,IAAiB;QAClD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,CAC9C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,EAAa;QAC7B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAA;YAC1E,IAAI,CAAC,GAAG;gBAAE,OAAO,IAAI,CAAA;YACrB,OAAO,iBAAiB,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;QAChD,CAAC;gBAAS,CAAC;YACT,0EAA0E;YAC1E,0EAA0E;YAC1E,2BAA2B;YAC3B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE;gBAClC,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,iBAAiB,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC,CAC9C,CAAA;YACH,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAa,EAAE,IAAuB;QACxD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,CAC9C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAa;QAC/B,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAA;IAC7E,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,IAAU;QACjC,MAAM,GAAG,GAAG,MAAM,iBAAiB;aAChC,eAAe,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC;aAC9B,gBAAgB,EAAE,CAAA;QACrB,OAAO,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IACpE,CAAC;IAED,cAAc;IAEd,KAAK,CAAC,YAAY,CAAC,QAAkB,EAAE,IAAgB;QACrD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,CAC/C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAAkB;QACjC,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAC3E,OAAO,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IACvD,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,QAAkB,EAClB,IAAyB;QAEzB,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,CAC/C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAkB;QACnC,+DAA+D;QAC/D,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAA;IAC1E,CAAC;IAED,eAAe;IAEf,KAAK,CAAC,WAAW,CAAC,IAAY;QAC5B,OAAO,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IAC1C,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,IAAY,EAAE,IAAiB;QAChD,OAAO,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,IAAY;QAC9B,OAAO,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IAC5C,CAAC;IAED,aAAa;IAEb,KAAK,CAAC,WAAW,CACf,EAAW,EACX,IAAe,EACf,YAA2B;QAE3B,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACxC,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,sBAAsB;qBAC3C,OAAO,CAAC,KAAK,EAAE,YAAY,CAAC;qBAC5B,uBAAuB,EAAE,CAAA;gBAE5B,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACd,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAA;gBACjD,CAAC;YACH,CAAC;YAED,OAAO,WAAW,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC,OAAO,EAAE,CAAA;QACtE,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAQ;QAC9B,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,OAAO,EAAE,CAAA;QACxE,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;IAC9D,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,OAAgB;QAC9B,MAAM,GAAG,GAAG,MAAM,WAAW;aAC1B,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC;aAC9B,gBAAgB,EAAE,CAAA;QACrB,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAgB;QAChC,6DAA6D;QAC7D,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAA;IACxE,CAAC;IAED,KAAK,CAAC,WAAW,CACf,OAAgB,EAChB,UAAmB,EACnB,eAA6B,EAC7B,OAAqB;QAErB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACpD,MAAM,EAAE,EAAE,EAAE,mBAAmB,EAAE,GAAG,MAAM,WAAW;iBAClD,WAAW,CAAC,KAAK,EAAE,OAAO,CAAC;iBAC3B,uBAAuB,EAAE,CAAA;YAE5B,IAAI,mBAAmB,EAAE,CAAC;gBACxB,MAAM,sBAAsB;qBACzB,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,mBAAmB,CAAC;qBACxC,OAAO,EAAE,CAAA;YACd,CAAC;YAED,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,sBAAsB;iBAC3C,OAAO,CAAC,KAAK,EAAE,eAAe,CAAC;iBAC/B,uBAAuB,EAAE,CAAA;YAE5B,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBACd,iEAAiE;gBACjE,OAAO,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAA;YACtD,CAAC;YAED,MAAM,WAAW;iBACd,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,eAAe,EAAE,OAAO,CAAC;iBACzD,OAAO,EAAE,CAAA;QACd,CAAC,CAAC,CAAA;QAEF,IAAI,GAAG;YAAE,MAAM,GAAG,CAAA;IACpB,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,YAA0B;QAE1B,MAAM,IAAI,GAAG,MAAM,sBAAsB;aACtC,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,YAAY,CAAC;aACpC,gBAAgB,EAAE,CAAA;QAErB,MAAM,MAAM,GAAG,IAAI;YACjB,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,OAAO,EAAE;YACtB,CAAC,CAAC,EAAE,mBAAmB,EAAE,YAAY,EAAE,CAAA;QAEzC,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAC1E,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,IAAU;QAC9B,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAC5E,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EACvB,GAAG,EAAE,GAAG,EACR,MAAM,GACkB;QACxB,0EAA0E;QAC1E,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,gCAAgC,CAAC,CAAA;QAE1D,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,cAAc,CAAC,wBAAwB,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,CAAC,CAAA;QACrE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,qBAAqB,EAAE,CAAC;gBACzC,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;YACjD,CAAC;YAED,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EACvB,GAAG,EAAE,GAAG,EACR,KAAK,EACL,KAAK,GACmB;QACxB,0EAA0E;QAC1E,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,gCAAgC,CAAC,CAAA;QAE1D,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,CAAA;YAEzE,OAAO,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;QACnC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,uBAAuB,EAAE,CAAC;gBAC3C,OAAO,IAAI,CAAA;YACb,CAAC;YAED,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EACvB,GAAG,EAAE,GAAG,EACR,MAAM,GACkB;QACxB,0EAA0E;QAC1E,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,gCAAgC,CAAC,CAAA;QAE1D,OAAO,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,CAAC,CAAA;IAChE,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EACvB,GAAG,EAAE,GAAG,EACR,KAAK,EACL,KAAK,EACL,MAAM,GACkB;QACxB,0EAA0E;QAC1E,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,gCAAgC,CAAC,CAAA;QAE1D,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE;gBACvE,qBAAqB,EAAE,IAAI;gBAC3B,MAAM;aACP,CAAC,CAAA;YAEF,OAAO,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;QACnC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,sBAAsB,EAAE,CAAC;gBAC5C,MAAM,IAAI,mBAAmB,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;YACrD,CAAC;YAED,MAAM,KAAK,CAAA;QACb,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAoB;QACvD,0EAA0E;QAC1E,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,gCAAgC,CAAC,CAAA;QAE1D,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;YAEnE,OAAO,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;QACnC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,wBAAwB,CAAC,GAAG,CAAC,CAAA;QACrC,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,WAAW,CACvB,GAA6C;QAE7C,OAAO;YACL,EAAE,EAAE,GAAG,CAAC,OAAO;YACf,IAAI,EAAE,WAAW,CAAC,WAAW,CAAC,GAAG,CAAC;YAClC,OAAO,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YACrC,mBAAmB,EAAE,GAAG,CAAC,mBAAmB;SAC7C,CAAA;IACH,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,GAAiB;QAC1C,MAAM,OAAO,GAAY;YACvB,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,GAAG,EAAE,IAAI,CAAC,UAAU;YACpB,KAAK,EAAE,GAAG,CAAC,KAAK,IAAI,SAAS;YAC7B,cAAc,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,gBAAgB,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS;YACpE,kBAAkB,EAAE,GAAG,CAAC,MAAM,IAAI,SAAS;SAC5C,CAAA;QAED,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACtC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAA;YAEvB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU;iBAClC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;gBACzB,OAAO,KAAK,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAA;YACxC,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACb,QAAQ,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,8BAA8B,CAAC,CAAA;gBACvD,OAAO,IAAI,CAAA,CAAC,uBAAuB;YACrC,CAAC,CAAC,CAAA;YAEJ,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,OAAO,CAAA;gBAEvC,OAAO,CAAC,IAAI,KAAK,WAAW,CAAA;gBAC5B,OAAO,CAAC,OAAO,KAAK,MAAM;oBACxB,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC;oBACrE,CAAC,CAAC,SAAS,CAAA;YACf,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;CACF;AAED,SAAS,wBAAwB,CAAC,GAAY;IAC5C,IAAI,GAAG,YAAY,uBAAuB,EAAE,CAAC;QAC3C,MAAM,MAAM,GAAG,yBAAyB,CAAC,GAAG,CAAC,CAAA;QAC7C,IAAI,MAAM;YAAE,MAAM,IAAI,sBAAsB,CAAC,MAAM,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QAEtE,OAAO,IAAI,mBAAmB,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IAClD,CAAC;IAED,OAAO,GAAG,CAAA;AACZ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,yBAAyB,CAChC,GAA4B;IAE5B,QAAQ,GAAG,CAAC,KAAK,EAAE,CAAC;QAClB,KAAK,oBAAoB,CAAC,CAAC,CAAC;YAC1B,IAAI,GAAG,CAAC,OAAO,KAAK,iBAAiB;gBAAE,OAAO,UAAU,CAAA;YACxD,OAAO,OAAO,CAAA;QAChB,CAAC;QAED,KAAK,mBAAmB,CAAC,CAAC,CAAC;YACzB,OAAO,aAAa,CAAA;QACtB,CAAC;QAED,KAAK,eAAe,CAAC,CAAC,CAAC;YACrB,IAAI,GAAG,CAAC,OAAO,KAAK,kCAAkC;gBAAE,OAAO,MAAM,CAAA;YACrE,IAAI,GAAG,CAAC,OAAO,KAAK,qCAAqC;gBAAE,OAAO,QAAQ,CAAA;YAC1E,OAAO,QAAQ,CAAA;QACjB,CAAC;QAED,KAAK,gBAAgB,CAAC,CAAC,CAAC;YACtB,IAAI,GAAG,CAAC,OAAO,KAAK,wCAAwC,EAAE,CAAC;gBAC7D,OAAO,YAAY,CAAA;YACrB,CAAC;YACD,OAAO,SAAS,CAAA;QAClB,CAAC;IACH,CAAC;AACH,CAAC","sourcesContent":["import assert from 'node:assert'\nimport { Client, createOp as createPlcOp } from '@did-plc/lib'\nimport { Selectable } from 'kysely'\nimport { Keypair, Secp256k1Keypair } from '@atproto/crypto'\nimport {\n HandleString,\n asAtIdentifierString,\n getBlobCidString,\n isDidString,\n isHandleString,\n} from '@atproto/lex'\nimport {\n Account,\n AccountStore,\n AuthenticateAccountData,\n AuthorizedClientData,\n AuthorizedClients,\n ClientId,\n Code,\n DeviceAccount,\n DeviceData,\n DeviceId,\n DeviceStore,\n FoundRequestResult,\n HandleUnavailableError,\n HandleUnavailableReason,\n InvalidCredentialsError,\n InvalidInviteCodeError,\n InvalidRequestError,\n LexiconData,\n LexiconStore,\n NewTokenData,\n RefreshToken,\n RequestData,\n RequestId,\n RequestStore,\n ResetPasswordConfirmInput,\n ResetPasswordRequestInput,\n SignUpData,\n Sub,\n TokenData,\n TokenId,\n TokenInfo,\n TokenStore,\n UpdateEmailConfirmInput,\n UpdateEmailRequestInput,\n UpdateEmailRequestOutput,\n UpdateHandleData,\n UpdateRequestData,\n VerifyEmailConfirmInput,\n VerifyEmailRequestInput,\n} from '@atproto/oauth-provider'\nimport {\n AuthRequiredError as XrpcAuthRequiredError,\n InvalidRequestError as XrpcInvalidRequestError,\n} from '@atproto/xrpc-server'\nimport { ActorStore } from '../actor-store/actor-store.js'\nimport { BackgroundQueue } from '../background.js'\nimport { fromDateISO } from '../db/index.js'\nimport { ImageUrlBuilder } from '../image/image-url-builder.js'\nimport { dbLogger } from '../logger.js'\nimport { ServerMailer } from '../mailer/index.js'\nimport { Sequencer, syncEvtDataFromCommit } from '../sequencer/index.js'\nimport { AccountManager, InvalidPasswordError } from './account-manager.js'\nimport * as schemas from './db/schema/index.js'\nimport * as accountDeviceHelper from './helpers/account-device.js'\nimport {\n AccountStatus,\n ActorAccount,\n UserAlreadyExistsError,\n} from './helpers/account.js'\nimport * as authRequestHelper from './helpers/authorization-request.js'\nimport * as authorizedClientHelper from './helpers/authorized-client.js'\nimport * as deviceHelper from './helpers/device.js'\nimport * as lexiconHelper from './helpers/lexicon.js'\nimport * as tokenHelper from './helpers/token.js'\nimport * as usedRefreshTokenHelper from './helpers/used-refresh-token.js'\n\n/**\n * This class' purpose is to implement the interface needed by the OAuthProvider\n * to interact with the account database (through the {@link AccountManager}).\n *\n * @note The use of this class assumes that there is no entryway.\n */\nexport class OAuthStore\n implements AccountStore, RequestStore, DeviceStore, LexiconStore, TokenStore\n{\n constructor(\n private readonly accountManager: AccountManager,\n private readonly actorStore: ActorStore,\n private readonly imageUrlBuilder: ImageUrlBuilder,\n private readonly backgroundQueue: BackgroundQueue,\n private readonly mailer: ServerMailer,\n private readonly sequencer: Sequencer,\n private readonly plcClient: Client,\n private readonly plcRotationKey: Keypair,\n private readonly publicUrl: string,\n private readonly recoveryDidKey: string | null,\n ) {}\n\n private get db() {\n const { db } = this.accountManager\n if (db.destroyed) throw new Error('Database connection is closed')\n return db\n }\n\n private get serviceDid() {\n return this.accountManager.serviceDid\n }\n\n private async verifyEmailAvailability(email: string): Promise<void> {\n // @NOTE Email validity & disposability check performed by the OAuthProvider\n\n const account = await this.accountManager.getAccountByEmail(email, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n\n if (account) {\n throw new InvalidRequestError(`Email already taken`)\n }\n }\n\n private async verifyInviteCode(code: string) {\n try {\n await this.accountManager.ensureInviteIsAvailable(code)\n } catch (err) {\n const message =\n err instanceof XrpcInvalidRequestError ? err.message : undefined\n throw new InvalidInviteCodeError(message, err)\n }\n }\n\n // AccountStore\n\n async createAccount({\n locale: _locale,\n inviteCode,\n handle,\n email,\n password,\n }: SignUpData): Promise<Account> {\n // @TODO Send an account creation confirmation email (+verification link) to the user (in their locale)\n // @NOTE Password strength & length already enforced by the OAuthProvider\n\n assert(isHandleString(handle), 'Handle must be a valid HandleString')\n\n await Promise.all([\n this.verifyEmailAvailability(email),\n this.verifyHandleAvailability(handle),\n !inviteCode || this.verifyInviteCode(inviteCode),\n ])\n\n // @TODO The code bellow should probably be refactored to be common with the\n // code of the `com.atproto.server.createAccount` XRPC endpoint.\n\n const signingKey = await Secp256k1Keypair.create({ exportable: true })\n const signingKeyDid = signingKey.did()\n\n const plcCreate = await createPlcOp({\n signingKey: signingKeyDid,\n rotationKeys: this.recoveryDidKey\n ? [this.recoveryDidKey, this.plcRotationKey.did()]\n : [this.plcRotationKey.did()],\n handle,\n pds: this.publicUrl,\n signer: this.plcRotationKey,\n })\n\n const { did, op } = plcCreate\n assert(isDidString(did), 'Generated DID is not a valid DidString')\n\n try {\n await this.actorStore.create(did, signingKey)\n try {\n const commit = await this.actorStore.transact(did, (actorTxn) =>\n actorTxn.repo.createRepo([]),\n )\n\n await this.plcClient.sendOperation(did, op)\n\n await this.accountManager.createAccount({\n did,\n handle,\n email,\n password,\n inviteCode,\n repoCid: commit.cid,\n repoRev: commit.rev,\n })\n try {\n await this.sequencer.sequenceIdentityEvt(did, handle)\n await this.sequencer.sequenceAccountEvt(did, AccountStatus.Active)\n await this.sequencer.sequenceCommit(did, commit)\n await this.sequencer.sequenceSyncEvt(\n did,\n syncEvtDataFromCommit(commit),\n )\n await this.accountManager.updateRepoRoot(did, commit.cid, commit.rev)\n await this.actorStore.clearReservedKeypair(signingKeyDid, did)\n\n const account = await this.accountManager.getAccount(did)\n if (!account) throw new Error('Account not found')\n\n return await this.buildAccount(account)\n } catch (err) {\n this.accountManager.deleteAccount(did)\n throw err\n }\n } catch (err) {\n await this.actorStore.destroy(did)\n throw err\n }\n } catch (err) {\n // XrpcError => OAuthError\n if (err instanceof XrpcInvalidRequestError) {\n throw new InvalidRequestError(err.message, err)\n }\n throw err\n }\n }\n\n async authenticateAccount({\n locale: _locale,\n username: identifier,\n password,\n // Not supported by the PDS (yet?)\n emailOtp = undefined,\n }: AuthenticateAccountData): Promise<Account> {\n // @TODO (?) Send an email to the user to notify them of the login attempt\n try {\n // Should never happen\n if (emailOtp != null) {\n throw new Error('Email OTP is not supported')\n }\n\n const { user, appPassword, isSoftDeleted } =\n await this.accountManager.login({ identifier, password })\n\n if (isSoftDeleted) {\n throw new InvalidRequestError('Account was taken down')\n }\n\n if (appPassword) {\n throw new InvalidRequestError('App passwords are not allowed')\n }\n\n return this.buildAccount(user)\n } catch (err) {\n // `InvalidPasswordError` is a subclass of `XrpcAuthRequiredError`,\n // so it must be checked first. Surfacing the matched `did` as the\n // `sub` lets the oauth-provider's `onSignInFailed` hook distinguish\n // \"identifier known, credentials wrong\" from \"identifier unknown\".\n if (err instanceof InvalidPasswordError) {\n throw new InvalidCredentialsError(err.message, err.did, err)\n }\n if (err instanceof XrpcAuthRequiredError) {\n throw new InvalidCredentialsError(err.message, undefined, err)\n }\n throw err\n }\n }\n\n async setAuthorizedClient(\n sub: Sub,\n clientId: ClientId,\n data: AuthorizedClientData,\n ): Promise<void> {\n await authorizedClientHelper.upsert(this.db, sub, clientId, data)\n }\n\n async getAccount(sub: Sub): Promise<{\n account: Account\n authorizedClients: AuthorizedClients\n }> {\n const accountRow = await this.accountManager.getAccount(\n // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`\n asAtIdentifierString(sub),\n {\n includeDeactivated: true,\n includeTakenDown: false,\n },\n )\n\n assert(accountRow, 'Account not found')\n\n const account = await this.buildAccount(accountRow)\n const authorizedClients = await authorizedClientHelper.getAuthorizedClients(\n this.db,\n sub,\n )\n\n return { account, authorizedClients }\n }\n\n async upsertDeviceAccount(deviceId: DeviceId, sub: string): Promise<void> {\n await this.db.executeWithRetry(\n accountDeviceHelper.upsertQB(this.db, deviceId, sub),\n )\n }\n\n async getDeviceAccount(\n deviceId: DeviceId,\n sub: string,\n ): Promise<DeviceAccount | null> {\n const row = await accountDeviceHelper\n .selectQB(this.db, { deviceId, sub })\n .executeTakeFirst()\n\n if (!row) return null\n\n return {\n deviceId,\n deviceData: deviceHelper.rowToDeviceData(row),\n account: await this.buildAccount(row),\n authorizedClients: await authorizedClientHelper.getAuthorizedClients(\n this.db,\n sub,\n ),\n createdAt: fromDateISO(row.adCreatedAt),\n updatedAt: fromDateISO(row.adUpdatedAt),\n }\n }\n\n async removeDeviceAccount(deviceId: DeviceId, sub: Sub): Promise<void> {\n await this.db.executeWithRetry(\n accountDeviceHelper.removeQB(this.db, deviceId, sub),\n )\n }\n\n async listDeviceAccounts(\n filter: { sub: Sub } | { deviceId: DeviceId },\n ): Promise<DeviceAccount[]> {\n const rows = await accountDeviceHelper.selectQB(this.db, filter).execute()\n\n const uniqueDids: string[] = [...new Set(rows.map((row) => row.did))]\n\n // Enrich all distinct account with their profile data\n const accounts = new Map(\n await Promise.all(\n Array.from(uniqueDids, async (did): Promise<[Sub, Account]> => {\n const row = rows.find((r) => r.did === did)!\n return [did, await this.buildAccount(row)]\n }),\n ),\n )\n\n const authorizedClientsMap =\n await authorizedClientHelper.getAuthorizedClientsMulti(\n this.db,\n uniqueDids,\n )\n\n return rows.map((row) => ({\n deviceId: row.deviceId,\n deviceData: deviceHelper.rowToDeviceData(row),\n account: accounts.get(row.did)!,\n authorizedClients: authorizedClientsMap.get(row.did)!,\n createdAt: fromDateISO(row.adCreatedAt),\n updatedAt: fromDateISO(row.adUpdatedAt),\n }))\n }\n\n async resetPasswordRequest({\n locale: _locale,\n email,\n }: ResetPasswordRequestInput): Promise<Account | null> {\n const account = await this.accountManager.getAccountByEmail(email, {\n includeDeactivated: true,\n includeTakenDown: false,\n })\n\n if (!account?.email || !account?.handle) return null\n\n const { handle } = account\n const token = await this.accountManager.createEmailToken(\n account.did,\n 'reset_password',\n )\n\n // @TODO Use the locale to send the email in the right language\n await this.mailer.sendResetPassword(\n { handle, token },\n { to: account.email },\n )\n\n return this.buildAccount(account)\n }\n\n async resetPasswordConfirm(\n data: ResetPasswordConfirmInput,\n ): Promise<Account | null> {\n try {\n const did = await this.accountManager.resetPassword(data)\n const account = await this.accountManager.getAccount(did, {\n includeDeactivated: true,\n includeTakenDown: false,\n })\n\n return account ? this.buildAccount(account) : null\n } catch (err) {\n if (err instanceof XrpcInvalidRequestError) {\n return null\n }\n\n throw err\n }\n }\n\n async verifyHandleAvailability(handle: HandleString): Promise<void> {\n // @NOTE Handle validity & normalization already enforced by the OAuthProvider\n try {\n const normalized =\n await this.accountManager.normalizeAndValidateHandle(handle)\n\n // Should never happen (OAuthProvider should have already validated the\n // handle) This check is just a safeguard against future normalization\n // changes.\n if (normalized !== handle) {\n throw new HandleUnavailableError('syntax', 'Invalid handle')\n }\n\n const account = await this.accountManager.getAccount(normalized, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n\n if (account) {\n throw new HandleUnavailableError('taken')\n }\n } catch (err) {\n throw toHandleUnavailableError(err)\n }\n }\n\n // RequestStore\n\n async createRequest(id: RequestId, data: RequestData): Promise<void> {\n await this.db.executeWithRetry(\n authRequestHelper.createQB(this.db, id, data),\n )\n }\n\n async readRequest(id: RequestId): Promise<RequestData | null> {\n try {\n const row = await authRequestHelper.readQB(this.db, id).executeTakeFirst()\n if (!row) return null\n return authRequestHelper.rowToRequestData(row)\n } finally {\n // Take the opportunity to clean up expired requests. Do this after we got\n // the current (potentially expired) request data to allow the provider to\n // handle expired requests.\n this.backgroundQueue.add(async () => {\n await this.db.executeWithRetry(\n authRequestHelper.removeOldExpiredQB(this.db),\n )\n })\n }\n }\n\n async updateRequest(id: RequestId, data: UpdateRequestData): Promise<void> {\n await this.db.executeWithRetry(\n authRequestHelper.updateQB(this.db, id, data),\n )\n }\n\n async deleteRequest(id: RequestId): Promise<void> {\n await this.db.executeWithRetry(authRequestHelper.removeByIdQB(this.db, id))\n }\n\n async consumeRequestCode(code: Code): Promise<FoundRequestResult | null> {\n const row = await authRequestHelper\n .consumeByCodeQB(this.db, code)\n .executeTakeFirst()\n return row ? authRequestHelper.rowToFoundRequestResult(row) : null\n }\n\n // DeviceStore\n\n async createDevice(deviceId: DeviceId, data: DeviceData): Promise<void> {\n await this.db.executeWithRetry(\n deviceHelper.createQB(this.db, deviceId, data),\n )\n }\n\n async readDevice(deviceId: DeviceId): Promise<null | DeviceData> {\n const row = await deviceHelper.readQB(this.db, deviceId).executeTakeFirst()\n return row ? deviceHelper.rowToDeviceData(row) : null\n }\n\n async updateDevice(\n deviceId: DeviceId,\n data: Partial<DeviceData>,\n ): Promise<void> {\n await this.db.executeWithRetry(\n deviceHelper.updateQB(this.db, deviceId, data),\n )\n }\n\n async deleteDevice(deviceId: DeviceId): Promise<void> {\n // Will cascade to device_account (device_account_device_id_fk)\n await this.db.executeWithRetry(deviceHelper.removeQB(this.db, deviceId))\n }\n\n // LexiconStore\n\n async findLexicon(nsid: string): Promise<LexiconData | null> {\n return lexiconHelper.find(this.db, nsid)\n }\n\n async storeLexicon(nsid: string, data: LexiconData): Promise<void> {\n return lexiconHelper.upsert(this.db, nsid, data)\n }\n\n async deleteLexicon(nsid: string): Promise<void> {\n return lexiconHelper.remove(this.db, nsid)\n }\n\n // TokenStore\n\n async createToken(\n id: TokenId,\n data: TokenData,\n refreshToken?: RefreshToken,\n ): Promise<void> {\n await this.db.transaction(async (dbTxn) => {\n if (refreshToken) {\n const { count } = await usedRefreshTokenHelper\n .countQB(dbTxn, refreshToken)\n .executeTakeFirstOrThrow()\n\n if (count > 0) {\n throw new Error('Refresh token already in use')\n }\n }\n\n return tokenHelper.createQB(dbTxn, id, data, refreshToken).execute()\n })\n }\n\n async listAccountTokens(sub: Sub): Promise<TokenInfo[]> {\n const rows = await tokenHelper.findByQB(this.db, { did: sub }).execute()\n return Promise.all(rows.map((row) => this.toTokenInfo(row)))\n }\n\n async readToken(tokenId: TokenId): Promise<TokenInfo | null> {\n const row = await tokenHelper\n .findByQB(this.db, { tokenId })\n .executeTakeFirst()\n return row ? this.toTokenInfo(row) : null\n }\n\n async deleteToken(tokenId: TokenId): Promise<void> {\n // Will cascade to used_refresh_token (used_refresh_token_fk)\n await this.db.executeWithRetry(tokenHelper.removeQB(this.db, tokenId))\n }\n\n async rotateToken(\n tokenId: TokenId,\n newTokenId: TokenId,\n newRefreshToken: RefreshToken,\n newData: NewTokenData,\n ): Promise<void> {\n const err = await this.db.transaction(async (dbTxn) => {\n const { id, currentRefreshToken } = await tokenHelper\n .forRotateQB(dbTxn, tokenId)\n .executeTakeFirstOrThrow()\n\n if (currentRefreshToken) {\n await usedRefreshTokenHelper\n .insertQB(dbTxn, id, currentRefreshToken)\n .execute()\n }\n\n const { count } = await usedRefreshTokenHelper\n .countQB(dbTxn, newRefreshToken)\n .executeTakeFirstOrThrow()\n\n if (count > 0) {\n // Do NOT throw (we don't want the transaction to be rolled back)\n return new Error('New refresh token already in use')\n }\n\n await tokenHelper\n .rotateQB(dbTxn, id, newTokenId, newRefreshToken, newData)\n .execute()\n })\n\n if (err) throw err\n }\n\n async findTokenByRefreshToken(\n refreshToken: RefreshToken,\n ): Promise<TokenInfo | null> {\n const used = await usedRefreshTokenHelper\n .findByTokenQB(this.db, refreshToken)\n .executeTakeFirst()\n\n const search = used\n ? { id: used.tokenId }\n : { currentRefreshToken: refreshToken }\n\n const row = await tokenHelper.findByQB(this.db, search).executeTakeFirst()\n return row ? this.toTokenInfo(row) : null\n }\n\n async findTokenByCode(code: Code): Promise<TokenInfo | null> {\n const row = await tokenHelper.findByQB(this.db, { code }).executeTakeFirst()\n return row ? this.toTokenInfo(row) : null\n }\n\n async verifyEmailRequest({\n sub: did,\n locale,\n }: VerifyEmailRequestInput): Promise<void> {\n // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`\n assert(isDidString(did), 'sub must be a valid DID string')\n\n try {\n await this.accountManager.requestEmailConfirmation(did, { locale })\n } catch (err) {\n if (err instanceof XrpcAuthRequiredError) {\n throw new InvalidRequestError(err.message, err)\n }\n\n throw err\n }\n }\n\n async verifyEmailConfirm({\n sub: did,\n email,\n token,\n }: VerifyEmailConfirmInput): Promise<Account | null> {\n // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`\n assert(isDidString(did), 'sub must be a valid DID string')\n\n try {\n const account = await this.accountManager.confirmEmail(did, email, token)\n\n return this.buildAccount(account)\n } catch (err) {\n if (err instanceof XrpcInvalidRequestError) {\n return null\n }\n\n throw err\n }\n }\n\n async updateEmailRequest({\n sub: did,\n locale,\n }: UpdateEmailRequestInput): Promise<UpdateEmailRequestOutput> {\n // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`\n assert(isDidString(did), 'sub must be a valid DID string')\n\n return this.accountManager.requestEmailUpdate(did, { locale })\n }\n\n async updateEmailConfirm({\n sub: did,\n token,\n email,\n locale,\n }: UpdateEmailConfirmInput): Promise<Account | null> {\n // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`\n assert(isDidString(did), 'sub must be a valid DID string')\n\n try {\n const account = await this.accountManager.updateEmail(did, email, token, {\n sendConfirmationEmail: true,\n locale,\n })\n\n return this.buildAccount(account)\n } catch (cause) {\n if (cause instanceof UserAlreadyExistsError) {\n throw new InvalidRequestError(cause.message, cause)\n }\n\n throw cause\n }\n }\n\n async updateHandle({ sub: did, handle }: UpdateHandleData): Promise<Account> {\n // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`\n assert(isDidString(did), 'sub must be a valid DID string')\n\n try {\n const account = await this.accountManager.updateHandle(did, handle)\n\n return this.buildAccount(account)\n } catch (err) {\n throw toHandleUnavailableError(err)\n }\n }\n\n private async toTokenInfo(\n row: ActorAccount & Selectable<schemas.Token>,\n ): Promise<TokenInfo> {\n return {\n id: row.tokenId,\n data: tokenHelper.toTokenData(row),\n account: await this.buildAccount(row),\n currentRefreshToken: row.currentRefreshToken,\n }\n }\n\n private async buildAccount(row: ActorAccount): Promise<Account> {\n const account: Account = {\n sub: row.did,\n aud: this.serviceDid,\n email: row.email || undefined,\n email_verified: row.email ? row.emailConfirmedAt != null : undefined,\n preferred_username: row.handle || undefined,\n }\n\n if (!account.name || !account.picture) {\n const did = account.sub\n\n const profile = await this.actorStore\n .read(did, async (store) => {\n return store.record.getProfileRecord()\n })\n .catch((err) => {\n dbLogger.error({ err }, 'Failed to get profile record')\n return null // No need to propagate\n })\n\n if (profile) {\n const { avatar, displayName } = profile\n\n account.name ||= displayName\n account.picture ||= avatar\n ? this.imageUrlBuilder.build('avatar', did, getBlobCidString(avatar))\n : undefined\n }\n }\n\n return account\n }\n}\n\nfunction toHandleUnavailableError(err: unknown): unknown {\n if (err instanceof XrpcInvalidRequestError) {\n const reason = toHandleUnavailableReason(err)\n if (reason) throw new HandleUnavailableError(reason, err.message, err)\n\n return new InvalidRequestError(err.message, err)\n }\n\n return err\n}\n\n/**\n * This function maps specific `XrpcInvalidRequestError`, thrown by the\n * `AccountManager` when validating a handle, to a more specific\n * `HandleUnavailableError` with a reason. This allows the OAuthProvider to\n * provide properly localized and specific error messages to the user when a\n * handle is not available.\n */\nfunction toHandleUnavailableReason(\n err: XrpcInvalidRequestError,\n): HandleUnavailableReason | undefined {\n switch (err.error) {\n case 'HandleNotAvailable': {\n if (err.message === 'Reserved handle') return 'reserved'\n return 'taken'\n }\n\n case 'UnsupportedDomain': {\n return 'unsupported'\n }\n\n case 'InvalidHandle': {\n if (err.message === 'Inappropriate language in handle') return 'slur'\n if (err.message === 'Handle TLD is invalid or disallowed') return 'domain'\n return 'syntax'\n }\n\n case 'InvalidRequest': {\n if (err.message === 'External handle did not resolve to DID') {\n return 'resolution'\n }\n return undefined\n }\n }\n}\n"]}
1
+ {"version":3,"file":"oauth-store.js","sourceRoot":"","sources":["../../src/account-manager/oauth-store.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAA;AAChC,OAAO,EAAU,QAAQ,IAAI,WAAW,EAAE,MAAM,cAAc,CAAA;AAE9D,OAAO,EAAW,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAC3D,OAAO,EAGL,oBAAoB,EACpB,gBAAgB,EAChB,WAAW,EACX,cAAc,GACf,MAAM,cAAc,CAAA;AACrB,OAAO,EAaL,sBAAsB,EAEtB,uBAAuB,EACvB,sBAAsB,EACtB,mBAAmB,GAuBpB,MAAM,yBAAyB,CAAA;AAChC,OAAO,EACL,iBAAiB,IAAI,qBAAqB,EAC1C,mBAAmB,IAAI,uBAAuB,GAC/C,MAAM,sBAAsB,CAAA;AAG7B,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAA;AAE5C,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AAGvC,OAAO,EAAkB,oBAAoB,EAAE,MAAM,sBAAsB,CAAA;AAE3E,OAAO,KAAK,mBAAmB,MAAM,6BAA6B,CAAA;AAClE,OAAO,EAAgB,sBAAsB,EAAE,MAAM,sBAAsB,CAAA;AAC3E,OAAO,KAAK,iBAAiB,MAAM,oCAAoC,CAAA;AACvE,OAAO,KAAK,sBAAsB,MAAM,gCAAgC,CAAA;AACxE,OAAO,KAAK,YAAY,MAAM,qBAAqB,CAAA;AACnD,OAAO,KAAK,aAAa,MAAM,sBAAsB,CAAA;AACrD,OAAO,KAAK,WAAW,MAAM,oBAAoB,CAAA;AACjD,OAAO,KAAK,sBAAsB,MAAM,iCAAiC,CAAA;AAEzE;;;;;GAKG;AACH,MAAM,OAAO,UAAU;IAGrB,YACmB,cAA8B,EAC9B,UAAsB,EACtB,eAAgC,EAChC,eAAgC,EAChC,MAAoB,EACpB,SAAoB,EACpB,SAAiB,EACjB,cAAuB,EACvB,SAAiB,EACjB,cAA6B;QAT7B,mBAAc,GAAd,cAAc,CAAgB;QAC9B,eAAU,GAAV,UAAU,CAAY;QACtB,oBAAe,GAAf,eAAe,CAAiB;QAChC,oBAAe,GAAf,eAAe,CAAiB;QAChC,WAAM,GAAN,MAAM,CAAc;QACpB,cAAS,GAAT,SAAS,CAAW;QACpB,cAAS,GAAT,SAAS,CAAQ;QACjB,mBAAc,GAAd,cAAc,CAAS;QACvB,cAAS,GAAT,SAAS,CAAQ;QACjB,mBAAc,GAAd,cAAc,CAAe;IAC7C,CAAC;IAEJ,IAAY,EAAE;QACZ,MAAM,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,cAAc,CAAA;QAClC,IAAI,EAAE,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;QAClE,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAY,UAAU;QACpB,OAAO,IAAI,CAAC,cAAc,CAAC,UAAU,CAAA;IACvC,CAAC;IAEO,KAAK,CAAC,uBAAuB,CAAC,KAAa;QACjD,4EAA4E;QAE5E,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,KAAK,EAAE;YACjE,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QAEF,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,IAAI,mBAAmB,CAAC,qBAAqB,CAAC,CAAA;QACtD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,IAAY;QACzC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,cAAc,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QACzD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GACX,GAAG,YAAY,uBAAuB,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAA;YAClE,MAAM,IAAI,sBAAsB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QAChD,CAAC;IACH,CAAC;IAED,eAAe;IAEf,KAAK,CAAC,aAAa,CAAC,EAClB,MAAM,EAAE,OAAO,EACf,UAAU,EACV,MAAM,EACN,KAAK,EACL,QAAQ,GACG;QACX,uGAAuG;QACvG,yEAAyE;QAEzE,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,EAAE,qCAAqC,CAAC,CAAA;QAErE,MAAM,OAAO,CAAC,GAAG,CAAC;YAChB,IAAI,CAAC,uBAAuB,CAAC,KAAK,CAAC;YACnC,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC;YACrC,CAAC,UAAU,IAAI,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC;SACjD,CAAC,CAAA;QAEF,4EAA4E;QAC5E,gEAAgE;QAEhE,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAA;QACtE,MAAM,aAAa,GAAG,UAAU,CAAC,GAAG,EAAE,CAAA;QAEtC,MAAM,YAAY;QAChB,wEAAwE;QACxE,0EAA0E;QAC1E,uCAAuC;QACvC,IAAI,CAAA;QAEN,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC;YAC5B,UAAU,EAAE,aAAa;YACzB,YAAY,EAAE,IAAI,CAAC,cAAc;gBAC/B,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC;gBAClD,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC;YAC/B,MAAM;YACN,GAAG,EAAE,IAAI,CAAC,SAAS;YACnB,MAAM,EAAE,IAAI,CAAC,cAAc;SAC5B,CAAC,CAAA;QAEF,MAAM,GAAG,GAAG,GAAG,CAAC,GAAgB,CAAA;QAEhC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,CAAA;YAE7C,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE;oBAC9D,OAAO,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAA;gBACrC,CAAC,CAAC,CAAA;gBAEF,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC,CAAA;gBAE/C,IAAI,CAAC;oBACH,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC;wBACtC,GAAG;wBACH,MAAM;wBACN,KAAK;wBACL,QAAQ;wBACR,UAAU;wBACV,OAAO,EAAE,MAAM,CAAC,GAAG;wBACnB,OAAO,EAAE,MAAM,CAAC,GAAG;qBACpB,CAAC,CAAA;oBAEF,IAAI,CAAC;wBACH,MAAM,IAAI,CAAC,SAAS,CAAC,uBAAuB,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;wBAEjE,IAAI,CAAC;4BACH,MAAM,IAAI,CAAC,UAAU;iCAClB,oBAAoB,CAAC,aAAa,EAAE,GAAG,CAAC;iCACxC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gCACb,yDAAyD;gCACzD,qDAAqD;gCACrD,QAAQ,CAAC,KAAK,CACZ,EAAE,GAAG,EAAE,aAAa,EAAE,GAAG,EAAE,EAC3B,kCAAkC,CACnC,CAAA;4BACH,CAAC,CAAC,CAAA;4BAEJ,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;4BACzD,MAAM,CAAC,OAAO,EAAE,kCAAkC,CAAC,CAAA;4BAEnD,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;wBACzC,CAAC;wBAAC,OAAO,GAAG,EAAE,CAAC;4BACb,MAAM,IAAI,CAAC,SAAS,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAA;4BACjD,MAAM,GAAG,CAAA;wBACX,CAAC;oBACH,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;wBAC5C,MAAM,GAAG,CAAA;oBACX,CAAC;gBACH,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,IAAI,YAAY,EAAE,CAAC;wBACjB,MAAM,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,cAAc,CAAC,CAAA;oBAC1D,CAAC;oBACD,MAAM,GAAG,CAAA;gBACX,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBAClC,MAAM,GAAG,CAAA;YACX,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,0BAA0B;YAC1B,IAAI,GAAG,YAAY,uBAAuB,EAAE,CAAC;gBAC3C,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;YACjD,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,EACxB,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,UAAU,EACpB,QAAQ;IACR,kCAAkC;IAClC,QAAQ,GAAG,SAAS,GACI;QACxB,0EAA0E;QAC1E,IAAI,CAAC;YACH,sBAAsB;YACtB,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;YAC/C,CAAC;YAED,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,EAAE,GACxC,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC,CAAA;YAE3D,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,IAAI,mBAAmB,CAAC,wBAAwB,CAAC,CAAA;YACzD,CAAC;YAED,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,mBAAmB,CAAC,+BAA+B,CAAC,CAAA;YAChE,CAAC;YAED,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;QAChC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,mEAAmE;YACnE,kEAAkE;YAClE,oEAAoE;YACpE,mEAAmE;YACnE,IAAI,GAAG,YAAY,oBAAoB,EAAE,CAAC;gBACxC,MAAM,IAAI,uBAAuB,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;YAC9D,CAAC;YACD,IAAI,GAAG,YAAY,qBAAqB,EAAE,CAAC;gBACzC,MAAM,IAAI,uBAAuB,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,CAAA;YAChE,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,GAAQ,EACR,QAAkB,EAClB,IAA0B;QAE1B,MAAM,sBAAsB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAA;IACnE,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,GAAQ;QAIvB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU;QACrD,0EAA0E;QAC1E,oBAAoB,CAAC,GAAG,CAAC,EACzB;YACE,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,KAAK;SACxB,CACF,CAAA;QAED,MAAM,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAA;QAEvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAA;QACnD,MAAM,iBAAiB,GAAG,MAAM,sBAAsB,CAAC,oBAAoB,CACzE,IAAI,CAAC,EAAE,EACP,GAAG,CACJ,CAAA;QAED,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAA;IACvC,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,QAAkB,EAAE,GAAW;QACvD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,CACrD,CAAA;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,QAAkB,EAClB,GAAW;QAEX,MAAM,GAAG,GAAG,MAAM,mBAAmB;aAClC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC;aACpC,gBAAgB,EAAE,CAAA;QAErB,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAA;QAErB,OAAO;YACL,QAAQ;YACR,UAAU,EAAE,YAAY,CAAC,eAAe,CAAC,GAAG,CAAC;YAC7C,OAAO,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YACrC,iBAAiB,EAAE,MAAM,sBAAsB,CAAC,oBAAoB,CAClE,IAAI,CAAC,EAAE,EACP,GAAG,CACJ;YACD,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC;YACvC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC;SACxC,CAAA;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,QAAkB,EAAE,GAAQ;QACpD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,CACrD,CAAA;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CACtB,MAA6C;QAE7C,MAAM,IAAI,GAAG,MAAM,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC,OAAO,EAAE,CAAA;QAE1E,MAAM,UAAU,GAAa,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;QAErE,sDAAsD;QACtD,MAAM,QAAQ,GAAG,IAAI,GAAG,CACtB,MAAM,OAAO,CAAC,GAAG,CACf,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,GAAG,EAA2B,EAAE;YAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAE,CAAA;YAC5C,OAAO,CAAC,GAAG,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA;QAC5C,CAAC,CAAC,CACH,CACF,CAAA;QAED,MAAM,oBAAoB,GACxB,MAAM,sBAAsB,CAAC,yBAAyB,CACpD,IAAI,CAAC,EAAE,EACP,UAAU,CACX,CAAA;QAEH,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACxB,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,UAAU,EAAE,YAAY,CAAC,eAAe,CAAC,GAAG,CAAC;YAC7C,OAAO,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAE;YAC/B,iBAAiB,EAAE,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAE;YACrD,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC;YACvC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC;SACxC,CAAC,CAAC,CAAA;IACL,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,EACzB,MAAM,EAAE,OAAO,EACf,KAAK,GACqB;QAC1B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,KAAK,EAAE;YACjE,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,KAAK;SACxB,CAAC,CAAA;QAEF,IAAI,CAAC,OAAO,EAAE,KAAK,IAAI,CAAC,OAAO,EAAE,MAAM;YAAE,OAAO,IAAI,CAAA;QAEpD,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;QAC1B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CACtD,OAAO,CAAC,GAAG,EACX,gBAAgB,CACjB,CAAA;QAED,+DAA+D;QAC/D,MAAM,IAAI,CAAC,MAAM,CAAC,iBAAiB,CACjC,EAAE,MAAM,EAAE,KAAK,EAAE,EACjB,EAAE,EAAE,EAAE,OAAO,CAAC,KAAK,EAAE,CACtB,CAAA;QAED,OAAO,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;IACnC,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,IAA+B;QAE/B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,IAAI,CAAC,CAAA;YACzD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,EAAE;gBACxD,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,KAAK;aACxB,CAAC,CAAA;YAEF,OAAO,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;QACpD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,uBAAuB,EAAE,CAAC;gBAC3C,OAAO,IAAI,CAAA;YACb,CAAC;YAED,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,MAAoB;QACjD,8EAA8E;QAC9E,IAAI,CAAC;YACH,MAAM,UAAU,GACd,MAAM,IAAI,CAAC,cAAc,CAAC,0BAA0B,CAAC,MAAM,CAAC,CAAA;YAE9D,uEAAuE;YACvE,sEAAsE;YACtE,WAAW;YACX,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;gBAC1B,MAAM,IAAI,sBAAsB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAA;YAC9D,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,UAAU,EAAE;gBAC/D,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CAAC,CAAA;YAEF,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,IAAI,sBAAsB,CAAC,OAAO,CAAC,CAAA;YAC3C,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,wBAAwB,CAAC,GAAG,CAAC,CAAA;QACrC,CAAC;IACH,CAAC;IAED,eAAe;IAEf,KAAK,CAAC,aAAa,CAAC,EAAa,EAAE,IAAiB;QAClD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,CAC9C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,EAAa;QAC7B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAA;YAC1E,IAAI,CAAC,GAAG;gBAAE,OAAO,IAAI,CAAA;YACrB,OAAO,iBAAiB,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;QAChD,CAAC;gBAAS,CAAC;YACT,0EAA0E;YAC1E,0EAA0E;YAC1E,2BAA2B;YAC3B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE;gBAClC,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,iBAAiB,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC,CAC9C,CAAA;YACH,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAa,EAAE,IAAuB;QACxD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,CAC9C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAa;QAC/B,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAA;IAC7E,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,IAAU;QACjC,MAAM,GAAG,GAAG,MAAM,iBAAiB;aAChC,eAAe,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC;aAC9B,gBAAgB,EAAE,CAAA;QACrB,OAAO,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IACpE,CAAC;IAED,cAAc;IAEd,KAAK,CAAC,YAAY,CAAC,QAAkB,EAAE,IAAgB;QACrD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,CAC/C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAAkB;QACjC,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAC3E,OAAO,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IACvD,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,QAAkB,EAClB,IAAyB;QAEzB,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,CAC/C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAkB;QACnC,+DAA+D;QAC/D,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAA;IAC1E,CAAC;IAED,eAAe;IAEf,KAAK,CAAC,WAAW,CAAC,IAAY;QAC5B,OAAO,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IAC1C,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,IAAY,EAAE,IAAiB;QAChD,OAAO,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,IAAY;QAC9B,OAAO,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IAC5C,CAAC;IAED,aAAa;IAEb,KAAK,CAAC,WAAW,CACf,EAAW,EACX,IAAe,EACf,YAA2B;QAE3B,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACxC,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,sBAAsB;qBAC3C,OAAO,CAAC,KAAK,EAAE,YAAY,CAAC;qBAC5B,uBAAuB,EAAE,CAAA;gBAE5B,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACd,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAA;gBACjD,CAAC;YACH,CAAC;YAED,OAAO,WAAW,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC,OAAO,EAAE,CAAA;QACtE,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAQ;QAC9B,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,OAAO,EAAE,CAAA;QACxE,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;IAC9D,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,OAAgB;QAC9B,MAAM,GAAG,GAAG,MAAM,WAAW;aAC1B,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC;aAC9B,gBAAgB,EAAE,CAAA;QACrB,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAgB;QAChC,6DAA6D;QAC7D,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAA;IACxE,CAAC;IAED,KAAK,CAAC,WAAW,CACf,OAAgB,EAChB,UAAmB,EACnB,eAA6B,EAC7B,OAAqB;QAErB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACpD,MAAM,EAAE,EAAE,EAAE,mBAAmB,EAAE,GAAG,MAAM,WAAW;iBAClD,WAAW,CAAC,KAAK,EAAE,OAAO,CAAC;iBAC3B,uBAAuB,EAAE,CAAA;YAE5B,IAAI,mBAAmB,EAAE,CAAC;gBACxB,MAAM,sBAAsB;qBACzB,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,mBAAmB,CAAC;qBACxC,OAAO,EAAE,CAAA;YACd,CAAC;YAED,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,sBAAsB;iBAC3C,OAAO,CAAC,KAAK,EAAE,eAAe,CAAC;iBAC/B,uBAAuB,EAAE,CAAA;YAE5B,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBACd,iEAAiE;gBACjE,OAAO,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAA;YACtD,CAAC;YAED,MAAM,WAAW;iBACd,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,eAAe,EAAE,OAAO,CAAC;iBACzD,OAAO,EAAE,CAAA;QACd,CAAC,CAAC,CAAA;QAEF,IAAI,GAAG;YAAE,MAAM,GAAG,CAAA;IACpB,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,YAA0B;QAE1B,MAAM,IAAI,GAAG,MAAM,sBAAsB;aACtC,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,YAAY,CAAC;aACpC,gBAAgB,EAAE,CAAA;QAErB,MAAM,MAAM,GAAG,IAAI;YACjB,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,OAAO,EAAE;YACtB,CAAC,CAAC,EAAE,mBAAmB,EAAE,YAAY,EAAE,CAAA;QAEzC,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAC1E,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,IAAU;QAC9B,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAC5E,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EACvB,GAAG,EAAE,GAAG,EACR,MAAM,GACkB;QACxB,0EAA0E;QAC1E,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,gCAAgC,CAAC,CAAA;QAE1D,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,cAAc,CAAC,wBAAwB,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,CAAC,CAAA;QACrE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,qBAAqB,EAAE,CAAC;gBACzC,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;YACjD,CAAC;YAED,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EACvB,GAAG,EAAE,GAAG,EACR,KAAK,EACL,KAAK,GACmB;QACxB,0EAA0E;QAC1E,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,gCAAgC,CAAC,CAAA;QAE1D,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,CAAA;YAEzE,OAAO,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;QACnC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,uBAAuB,EAAE,CAAC;gBAC3C,OAAO,IAAI,CAAA;YACb,CAAC;YAED,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EACvB,GAAG,EAAE,GAAG,EACR,MAAM,GACkB;QACxB,0EAA0E;QAC1E,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,gCAAgC,CAAC,CAAA;QAE1D,OAAO,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,CAAC,CAAA;IAChE,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EACvB,GAAG,EAAE,GAAG,EACR,KAAK,EACL,KAAK,EACL,MAAM,GACkB;QACxB,0EAA0E;QAC1E,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,gCAAgC,CAAC,CAAA;QAE1D,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE;gBACvE,qBAAqB,EAAE,IAAI;gBAC3B,MAAM;aACP,CAAC,CAAA;YAEF,OAAO,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;QACnC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,sBAAsB,EAAE,CAAC;gBAC5C,MAAM,IAAI,mBAAmB,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;YACrD,CAAC;YAED,MAAM,KAAK,CAAA;QACb,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAoB;QACvD,0EAA0E;QAC1E,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,gCAAgC,CAAC,CAAA;QAE1D,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;YAEnE,OAAO,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;QACnC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,wBAAwB,CAAC,GAAG,CAAC,CAAA;QACrC,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,WAAW,CACvB,GAA6C;QAE7C,OAAO;YACL,EAAE,EAAE,GAAG,CAAC,OAAO;YACf,IAAI,EAAE,WAAW,CAAC,WAAW,CAAC,GAAG,CAAC;YAClC,OAAO,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YACrC,mBAAmB,EAAE,GAAG,CAAC,mBAAmB;SAC7C,CAAA;IACH,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,GAAiB;QAC1C,MAAM,OAAO,GAAY;YACvB,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,GAAG,EAAE,IAAI,CAAC,UAAU;YACpB,KAAK,EAAE,GAAG,CAAC,KAAK,IAAI,SAAS;YAC7B,cAAc,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,gBAAgB,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS;YACpE,kBAAkB,EAAE,GAAG,CAAC,MAAM,IAAI,SAAS;SAC5C,CAAA;QAED,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACtC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAA;YAEvB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU;iBAClC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;gBACzB,OAAO,KAAK,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAA;YACxC,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACb,QAAQ,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,8BAA8B,CAAC,CAAA;gBACvD,OAAO,IAAI,CAAA,CAAC,uBAAuB;YACrC,CAAC,CAAC,CAAA;YAEJ,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,OAAO,CAAA;gBAEvC,OAAO,CAAC,IAAI,KAAK,WAAW,CAAA;gBAC5B,OAAO,CAAC,OAAO,KAAK,MAAM;oBACxB,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC;oBACrE,CAAC,CAAC,SAAS,CAAA;YACf,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;CACF;AAED,SAAS,wBAAwB,CAAC,GAAY;IAC5C,IAAI,GAAG,YAAY,uBAAuB,EAAE,CAAC;QAC3C,MAAM,MAAM,GAAG,yBAAyB,CAAC,GAAG,CAAC,CAAA;QAC7C,IAAI,MAAM;YAAE,MAAM,IAAI,sBAAsB,CAAC,MAAM,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QAEtE,OAAO,IAAI,mBAAmB,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IAClD,CAAC;IAED,OAAO,GAAG,CAAA;AACZ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,yBAAyB,CAChC,GAA4B;IAE5B,QAAQ,GAAG,CAAC,KAAK,EAAE,CAAC;QAClB,KAAK,oBAAoB,CAAC,CAAC,CAAC;YAC1B,IAAI,GAAG,CAAC,OAAO,KAAK,iBAAiB;gBAAE,OAAO,UAAU,CAAA;YACxD,OAAO,OAAO,CAAA;QAChB,CAAC;QAED,KAAK,mBAAmB,CAAC,CAAC,CAAC;YACzB,OAAO,aAAa,CAAA;QACtB,CAAC;QAED,KAAK,eAAe,CAAC,CAAC,CAAC;YACrB,IAAI,GAAG,CAAC,OAAO,KAAK,kCAAkC;gBAAE,OAAO,MAAM,CAAA;YACrE,IAAI,GAAG,CAAC,OAAO,KAAK,qCAAqC;gBAAE,OAAO,QAAQ,CAAA;YAC1E,OAAO,QAAQ,CAAA;QACjB,CAAC;QAED,KAAK,gBAAgB,CAAC,CAAC,CAAC;YACtB,IAAI,GAAG,CAAC,OAAO,KAAK,wCAAwC,EAAE,CAAC;gBAC7D,OAAO,YAAY,CAAA;YACrB,CAAC;YACD,OAAO,SAAS,CAAA;QAClB,CAAC;IACH,CAAC;AACH,CAAC","sourcesContent":["import assert from 'node:assert'\nimport { Client, createOp as createPlcOp } from '@did-plc/lib'\nimport { Selectable } from 'kysely'\nimport { Keypair, Secp256k1Keypair } from '@atproto/crypto'\nimport {\n DidString,\n HandleString,\n asAtIdentifierString,\n getBlobCidString,\n isDidString,\n isHandleString,\n} from '@atproto/lex'\nimport {\n Account,\n AccountStore,\n AuthenticateAccountData,\n AuthorizedClientData,\n AuthorizedClients,\n ClientId,\n Code,\n DeviceAccount,\n DeviceData,\n DeviceId,\n DeviceStore,\n FoundRequestResult,\n HandleUnavailableError,\n HandleUnavailableReason,\n InvalidCredentialsError,\n InvalidInviteCodeError,\n InvalidRequestError,\n LexiconData,\n LexiconStore,\n NewTokenData,\n RefreshToken,\n RequestData,\n RequestId,\n RequestStore,\n ResetPasswordConfirmInput,\n ResetPasswordRequestInput,\n SignUpData,\n Sub,\n TokenData,\n TokenId,\n TokenInfo,\n TokenStore,\n UpdateEmailConfirmInput,\n UpdateEmailRequestInput,\n UpdateEmailRequestOutput,\n UpdateHandleData,\n UpdateRequestData,\n VerifyEmailConfirmInput,\n VerifyEmailRequestInput,\n} from '@atproto/oauth-provider'\nimport {\n AuthRequiredError as XrpcAuthRequiredError,\n InvalidRequestError as XrpcInvalidRequestError,\n} from '@atproto/xrpc-server'\nimport { ActorStore } from '../actor-store/actor-store.js'\nimport { BackgroundQueue } from '../background.js'\nimport { fromDateISO } from '../db/index.js'\nimport { ImageUrlBuilder } from '../image/image-url-builder.js'\nimport { dbLogger } from '../logger.js'\nimport { ServerMailer } from '../mailer/index.js'\nimport { Sequencer } from '../sequencer/index.js'\nimport { AccountManager, InvalidPasswordError } from './account-manager.js'\nimport * as schemas from './db/schema/index.js'\nimport * as accountDeviceHelper from './helpers/account-device.js'\nimport { ActorAccount, UserAlreadyExistsError } from './helpers/account.js'\nimport * as authRequestHelper from './helpers/authorization-request.js'\nimport * as authorizedClientHelper from './helpers/authorized-client.js'\nimport * as deviceHelper from './helpers/device.js'\nimport * as lexiconHelper from './helpers/lexicon.js'\nimport * as tokenHelper from './helpers/token.js'\nimport * as usedRefreshTokenHelper from './helpers/used-refresh-token.js'\n\n/**\n * This class' purpose is to implement the interface needed by the OAuthProvider\n * to interact with the account database (through the {@link AccountManager}).\n *\n * @note The use of this class assumes that there is no entryway.\n */\nexport class OAuthStore\n implements AccountStore, RequestStore, DeviceStore, LexiconStore, TokenStore\n{\n constructor(\n private readonly accountManager: AccountManager,\n private readonly actorStore: ActorStore,\n private readonly imageUrlBuilder: ImageUrlBuilder,\n private readonly backgroundQueue: BackgroundQueue,\n private readonly mailer: ServerMailer,\n private readonly sequencer: Sequencer,\n private readonly plcClient: Client,\n private readonly plcRotationKey: Keypair,\n private readonly publicUrl: string,\n private readonly recoveryDidKey: string | null,\n ) {}\n\n private get db() {\n const { db } = this.accountManager\n if (db.destroyed) throw new Error('Database connection is closed')\n return db\n }\n\n private get serviceDid() {\n return this.accountManager.serviceDid\n }\n\n private async verifyEmailAvailability(email: string): Promise<void> {\n // @NOTE Email validity & disposability check performed by the OAuthProvider\n\n const account = await this.accountManager.getAccountByEmail(email, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n\n if (account) {\n throw new InvalidRequestError(`Email already taken`)\n }\n }\n\n private async verifyInviteCode(code: string) {\n try {\n await this.accountManager.ensureInviteIsAvailable(code)\n } catch (err) {\n const message =\n err instanceof XrpcInvalidRequestError ? err.message : undefined\n throw new InvalidInviteCodeError(message, err)\n }\n }\n\n // AccountStore\n\n async createAccount({\n locale: _locale,\n inviteCode,\n handle,\n email,\n password,\n }: SignUpData): Promise<Account> {\n // @TODO Send an account creation confirmation email (+verification link) to the user (in their locale)\n // @NOTE Password strength & length already enforced by the OAuthProvider\n\n assert(isHandleString(handle), 'Handle must be a valid HandleString')\n\n await Promise.all([\n this.verifyEmailAvailability(email),\n this.verifyHandleAvailability(handle),\n !inviteCode || this.verifyInviteCode(inviteCode),\n ])\n\n // @TODO The code bellow should probably be refactored to be common with the\n // code of the `com.atproto.server.createAccount` XRPC endpoint.\n\n const signingKey = await Secp256k1Keypair.create({ exportable: true })\n const signingKeyDid = signingKey.did()\n\n const canTombstone =\n // @NOTE IMPORTANT We don't support \"bring your own DID\" here (yet?). If\n // we ever do, make sure to update the computation of canTombstone so that\n // the user's did don't get tombstoned.\n true\n\n const plc = await createPlcOp({\n signingKey: signingKeyDid,\n rotationKeys: this.recoveryDidKey\n ? [this.recoveryDidKey, this.plcRotationKey.did()]\n : [this.plcRotationKey.did()],\n handle,\n pds: this.publicUrl,\n signer: this.plcRotationKey,\n })\n\n const did = plc.did as DidString\n\n try {\n await this.actorStore.create(did, signingKey)\n\n try {\n const commit = await this.actorStore.transact(did, (actorTxn) => {\n return actorTxn.repo.createRepo([])\n })\n\n await this.plcClient.sendOperation(did, plc.op)\n\n try {\n await this.accountManager.createAccount({\n did,\n handle,\n email,\n password,\n inviteCode,\n repoCid: commit.cid,\n repoRev: commit.rev,\n })\n\n try {\n await this.sequencer.sequenceAccountCreation(did, handle, commit)\n\n try {\n await this.actorStore\n .clearReservedKeypair(signingKeyDid, did)\n .catch((err) => {\n // @NOTE This is a cleanup operation so we won't fail the\n // whole flow if it fails, but we log it just in case\n dbLogger.error(\n { did, signingKeyDid, err },\n 'Failed to clear reserved keypair',\n )\n })\n\n const account = await this.accountManager.getAccount(did)\n assert(account, 'Account not found after creation')\n\n return await this.buildAccount(account)\n } catch (err) {\n await this.sequencer.sequenceAccountDeletion(did)\n throw err\n }\n } catch (err) {\n await this.accountManager.deleteAccount(did)\n throw err\n }\n } catch (err) {\n if (canTombstone) {\n await this.plcClient.tombstone(did, this.plcRotationKey)\n }\n throw err\n }\n } catch (err) {\n await this.actorStore.destroy(did)\n throw err\n }\n } catch (err) {\n // XrpcError => OAuthError\n if (err instanceof XrpcInvalidRequestError) {\n throw new InvalidRequestError(err.message, err)\n }\n throw err\n }\n }\n\n async authenticateAccount({\n locale: _locale,\n username: identifier,\n password,\n // Not supported by the PDS (yet?)\n emailOtp = undefined,\n }: AuthenticateAccountData): Promise<Account> {\n // @TODO (?) Send an email to the user to notify them of the login attempt\n try {\n // Should never happen\n if (emailOtp != null) {\n throw new Error('Email OTP is not supported')\n }\n\n const { user, appPassword, isSoftDeleted } =\n await this.accountManager.login({ identifier, password })\n\n if (isSoftDeleted) {\n throw new InvalidRequestError('Account was taken down')\n }\n\n if (appPassword) {\n throw new InvalidRequestError('App passwords are not allowed')\n }\n\n return this.buildAccount(user)\n } catch (err) {\n // `InvalidPasswordError` is a subclass of `XrpcAuthRequiredError`,\n // so it must be checked first. Surfacing the matched `did` as the\n // `sub` lets the oauth-provider's `onSignInFailed` hook distinguish\n // \"identifier known, credentials wrong\" from \"identifier unknown\".\n if (err instanceof InvalidPasswordError) {\n throw new InvalidCredentialsError(err.message, err.did, err)\n }\n if (err instanceof XrpcAuthRequiredError) {\n throw new InvalidCredentialsError(err.message, undefined, err)\n }\n throw err\n }\n }\n\n async setAuthorizedClient(\n sub: Sub,\n clientId: ClientId,\n data: AuthorizedClientData,\n ): Promise<void> {\n await authorizedClientHelper.upsert(this.db, sub, clientId, data)\n }\n\n async getAccount(sub: Sub): Promise<{\n account: Account\n authorizedClients: AuthorizedClients\n }> {\n const accountRow = await this.accountManager.getAccount(\n // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`\n asAtIdentifierString(sub),\n {\n includeDeactivated: true,\n includeTakenDown: false,\n },\n )\n\n assert(accountRow, 'Account not found')\n\n const account = await this.buildAccount(accountRow)\n const authorizedClients = await authorizedClientHelper.getAuthorizedClients(\n this.db,\n sub,\n )\n\n return { account, authorizedClients }\n }\n\n async upsertDeviceAccount(deviceId: DeviceId, sub: string): Promise<void> {\n await this.db.executeWithRetry(\n accountDeviceHelper.upsertQB(this.db, deviceId, sub),\n )\n }\n\n async getDeviceAccount(\n deviceId: DeviceId,\n sub: string,\n ): Promise<DeviceAccount | null> {\n const row = await accountDeviceHelper\n .selectQB(this.db, { deviceId, sub })\n .executeTakeFirst()\n\n if (!row) return null\n\n return {\n deviceId,\n deviceData: deviceHelper.rowToDeviceData(row),\n account: await this.buildAccount(row),\n authorizedClients: await authorizedClientHelper.getAuthorizedClients(\n this.db,\n sub,\n ),\n createdAt: fromDateISO(row.adCreatedAt),\n updatedAt: fromDateISO(row.adUpdatedAt),\n }\n }\n\n async removeDeviceAccount(deviceId: DeviceId, sub: Sub): Promise<void> {\n await this.db.executeWithRetry(\n accountDeviceHelper.removeQB(this.db, deviceId, sub),\n )\n }\n\n async listDeviceAccounts(\n filter: { sub: Sub } | { deviceId: DeviceId },\n ): Promise<DeviceAccount[]> {\n const rows = await accountDeviceHelper.selectQB(this.db, filter).execute()\n\n const uniqueDids: string[] = [...new Set(rows.map((row) => row.did))]\n\n // Enrich all distinct account with their profile data\n const accounts = new Map(\n await Promise.all(\n Array.from(uniqueDids, async (did): Promise<[Sub, Account]> => {\n const row = rows.find((r) => r.did === did)!\n return [did, await this.buildAccount(row)]\n }),\n ),\n )\n\n const authorizedClientsMap =\n await authorizedClientHelper.getAuthorizedClientsMulti(\n this.db,\n uniqueDids,\n )\n\n return rows.map((row) => ({\n deviceId: row.deviceId,\n deviceData: deviceHelper.rowToDeviceData(row),\n account: accounts.get(row.did)!,\n authorizedClients: authorizedClientsMap.get(row.did)!,\n createdAt: fromDateISO(row.adCreatedAt),\n updatedAt: fromDateISO(row.adUpdatedAt),\n }))\n }\n\n async resetPasswordRequest({\n locale: _locale,\n email,\n }: ResetPasswordRequestInput): Promise<Account | null> {\n const account = await this.accountManager.getAccountByEmail(email, {\n includeDeactivated: true,\n includeTakenDown: false,\n })\n\n if (!account?.email || !account?.handle) return null\n\n const { handle } = account\n const token = await this.accountManager.createEmailToken(\n account.did,\n 'reset_password',\n )\n\n // @TODO Use the locale to send the email in the right language\n await this.mailer.sendResetPassword(\n { handle, token },\n { to: account.email },\n )\n\n return this.buildAccount(account)\n }\n\n async resetPasswordConfirm(\n data: ResetPasswordConfirmInput,\n ): Promise<Account | null> {\n try {\n const did = await this.accountManager.resetPassword(data)\n const account = await this.accountManager.getAccount(did, {\n includeDeactivated: true,\n includeTakenDown: false,\n })\n\n return account ? this.buildAccount(account) : null\n } catch (err) {\n if (err instanceof XrpcInvalidRequestError) {\n return null\n }\n\n throw err\n }\n }\n\n async verifyHandleAvailability(handle: HandleString): Promise<void> {\n // @NOTE Handle validity & normalization already enforced by the OAuthProvider\n try {\n const normalized =\n await this.accountManager.normalizeAndValidateHandle(handle)\n\n // Should never happen (OAuthProvider should have already validated the\n // handle) This check is just a safeguard against future normalization\n // changes.\n if (normalized !== handle) {\n throw new HandleUnavailableError('syntax', 'Invalid handle')\n }\n\n const account = await this.accountManager.getAccount(normalized, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n\n if (account) {\n throw new HandleUnavailableError('taken')\n }\n } catch (err) {\n throw toHandleUnavailableError(err)\n }\n }\n\n // RequestStore\n\n async createRequest(id: RequestId, data: RequestData): Promise<void> {\n await this.db.executeWithRetry(\n authRequestHelper.createQB(this.db, id, data),\n )\n }\n\n async readRequest(id: RequestId): Promise<RequestData | null> {\n try {\n const row = await authRequestHelper.readQB(this.db, id).executeTakeFirst()\n if (!row) return null\n return authRequestHelper.rowToRequestData(row)\n } finally {\n // Take the opportunity to clean up expired requests. Do this after we got\n // the current (potentially expired) request data to allow the provider to\n // handle expired requests.\n this.backgroundQueue.add(async () => {\n await this.db.executeWithRetry(\n authRequestHelper.removeOldExpiredQB(this.db),\n )\n })\n }\n }\n\n async updateRequest(id: RequestId, data: UpdateRequestData): Promise<void> {\n await this.db.executeWithRetry(\n authRequestHelper.updateQB(this.db, id, data),\n )\n }\n\n async deleteRequest(id: RequestId): Promise<void> {\n await this.db.executeWithRetry(authRequestHelper.removeByIdQB(this.db, id))\n }\n\n async consumeRequestCode(code: Code): Promise<FoundRequestResult | null> {\n const row = await authRequestHelper\n .consumeByCodeQB(this.db, code)\n .executeTakeFirst()\n return row ? authRequestHelper.rowToFoundRequestResult(row) : null\n }\n\n // DeviceStore\n\n async createDevice(deviceId: DeviceId, data: DeviceData): Promise<void> {\n await this.db.executeWithRetry(\n deviceHelper.createQB(this.db, deviceId, data),\n )\n }\n\n async readDevice(deviceId: DeviceId): Promise<null | DeviceData> {\n const row = await deviceHelper.readQB(this.db, deviceId).executeTakeFirst()\n return row ? deviceHelper.rowToDeviceData(row) : null\n }\n\n async updateDevice(\n deviceId: DeviceId,\n data: Partial<DeviceData>,\n ): Promise<void> {\n await this.db.executeWithRetry(\n deviceHelper.updateQB(this.db, deviceId, data),\n )\n }\n\n async deleteDevice(deviceId: DeviceId): Promise<void> {\n // Will cascade to device_account (device_account_device_id_fk)\n await this.db.executeWithRetry(deviceHelper.removeQB(this.db, deviceId))\n }\n\n // LexiconStore\n\n async findLexicon(nsid: string): Promise<LexiconData | null> {\n return lexiconHelper.find(this.db, nsid)\n }\n\n async storeLexicon(nsid: string, data: LexiconData): Promise<void> {\n return lexiconHelper.upsert(this.db, nsid, data)\n }\n\n async deleteLexicon(nsid: string): Promise<void> {\n return lexiconHelper.remove(this.db, nsid)\n }\n\n // TokenStore\n\n async createToken(\n id: TokenId,\n data: TokenData,\n refreshToken?: RefreshToken,\n ): Promise<void> {\n await this.db.transaction(async (dbTxn) => {\n if (refreshToken) {\n const { count } = await usedRefreshTokenHelper\n .countQB(dbTxn, refreshToken)\n .executeTakeFirstOrThrow()\n\n if (count > 0) {\n throw new Error('Refresh token already in use')\n }\n }\n\n return tokenHelper.createQB(dbTxn, id, data, refreshToken).execute()\n })\n }\n\n async listAccountTokens(sub: Sub): Promise<TokenInfo[]> {\n const rows = await tokenHelper.findByQB(this.db, { did: sub }).execute()\n return Promise.all(rows.map((row) => this.toTokenInfo(row)))\n }\n\n async readToken(tokenId: TokenId): Promise<TokenInfo | null> {\n const row = await tokenHelper\n .findByQB(this.db, { tokenId })\n .executeTakeFirst()\n return row ? this.toTokenInfo(row) : null\n }\n\n async deleteToken(tokenId: TokenId): Promise<void> {\n // Will cascade to used_refresh_token (used_refresh_token_fk)\n await this.db.executeWithRetry(tokenHelper.removeQB(this.db, tokenId))\n }\n\n async rotateToken(\n tokenId: TokenId,\n newTokenId: TokenId,\n newRefreshToken: RefreshToken,\n newData: NewTokenData,\n ): Promise<void> {\n const err = await this.db.transaction(async (dbTxn) => {\n const { id, currentRefreshToken } = await tokenHelper\n .forRotateQB(dbTxn, tokenId)\n .executeTakeFirstOrThrow()\n\n if (currentRefreshToken) {\n await usedRefreshTokenHelper\n .insertQB(dbTxn, id, currentRefreshToken)\n .execute()\n }\n\n const { count } = await usedRefreshTokenHelper\n .countQB(dbTxn, newRefreshToken)\n .executeTakeFirstOrThrow()\n\n if (count > 0) {\n // Do NOT throw (we don't want the transaction to be rolled back)\n return new Error('New refresh token already in use')\n }\n\n await tokenHelper\n .rotateQB(dbTxn, id, newTokenId, newRefreshToken, newData)\n .execute()\n })\n\n if (err) throw err\n }\n\n async findTokenByRefreshToken(\n refreshToken: RefreshToken,\n ): Promise<TokenInfo | null> {\n const used = await usedRefreshTokenHelper\n .findByTokenQB(this.db, refreshToken)\n .executeTakeFirst()\n\n const search = used\n ? { id: used.tokenId }\n : { currentRefreshToken: refreshToken }\n\n const row = await tokenHelper.findByQB(this.db, search).executeTakeFirst()\n return row ? this.toTokenInfo(row) : null\n }\n\n async findTokenByCode(code: Code): Promise<TokenInfo | null> {\n const row = await tokenHelper.findByQB(this.db, { code }).executeTakeFirst()\n return row ? this.toTokenInfo(row) : null\n }\n\n async verifyEmailRequest({\n sub: did,\n locale,\n }: VerifyEmailRequestInput): Promise<void> {\n // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`\n assert(isDidString(did), 'sub must be a valid DID string')\n\n try {\n await this.accountManager.requestEmailConfirmation(did, { locale })\n } catch (err) {\n if (err instanceof XrpcAuthRequiredError) {\n throw new InvalidRequestError(err.message, err)\n }\n\n throw err\n }\n }\n\n async verifyEmailConfirm({\n sub: did,\n email,\n token,\n }: VerifyEmailConfirmInput): Promise<Account | null> {\n // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`\n assert(isDidString(did), 'sub must be a valid DID string')\n\n try {\n const account = await this.accountManager.confirmEmail(did, email, token)\n\n return this.buildAccount(account)\n } catch (err) {\n if (err instanceof XrpcInvalidRequestError) {\n return null\n }\n\n throw err\n }\n }\n\n async updateEmailRequest({\n sub: did,\n locale,\n }: UpdateEmailRequestInput): Promise<UpdateEmailRequestOutput> {\n // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`\n assert(isDidString(did), 'sub must be a valid DID string')\n\n return this.accountManager.requestEmailUpdate(did, { locale })\n }\n\n async updateEmailConfirm({\n sub: did,\n token,\n email,\n locale,\n }: UpdateEmailConfirmInput): Promise<Account | null> {\n // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`\n assert(isDidString(did), 'sub must be a valid DID string')\n\n try {\n const account = await this.accountManager.updateEmail(did, email, token, {\n sendConfirmationEmail: true,\n locale,\n })\n\n return this.buildAccount(account)\n } catch (cause) {\n if (cause instanceof UserAlreadyExistsError) {\n throw new InvalidRequestError(cause.message, cause)\n }\n\n throw cause\n }\n }\n\n async updateHandle({ sub: did, handle }: UpdateHandleData): Promise<Account> {\n // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`\n assert(isDidString(did), 'sub must be a valid DID string')\n\n try {\n const account = await this.accountManager.updateHandle(did, handle)\n\n return this.buildAccount(account)\n } catch (err) {\n throw toHandleUnavailableError(err)\n }\n }\n\n private async toTokenInfo(\n row: ActorAccount & Selectable<schemas.Token>,\n ): Promise<TokenInfo> {\n return {\n id: row.tokenId,\n data: tokenHelper.toTokenData(row),\n account: await this.buildAccount(row),\n currentRefreshToken: row.currentRefreshToken,\n }\n }\n\n private async buildAccount(row: ActorAccount): Promise<Account> {\n const account: Account = {\n sub: row.did,\n aud: this.serviceDid,\n email: row.email || undefined,\n email_verified: row.email ? row.emailConfirmedAt != null : undefined,\n preferred_username: row.handle || undefined,\n }\n\n if (!account.name || !account.picture) {\n const did = account.sub\n\n const profile = await this.actorStore\n .read(did, async (store) => {\n return store.record.getProfileRecord()\n })\n .catch((err) => {\n dbLogger.error({ err }, 'Failed to get profile record')\n return null // No need to propagate\n })\n\n if (profile) {\n const { avatar, displayName } = profile\n\n account.name ||= displayName\n account.picture ||= avatar\n ? this.imageUrlBuilder.build('avatar', did, getBlobCidString(avatar))\n : undefined\n }\n }\n\n return account\n }\n}\n\nfunction toHandleUnavailableError(err: unknown): unknown {\n if (err instanceof XrpcInvalidRequestError) {\n const reason = toHandleUnavailableReason(err)\n if (reason) throw new HandleUnavailableError(reason, err.message, err)\n\n return new InvalidRequestError(err.message, err)\n }\n\n return err\n}\n\n/**\n * This function maps specific `XrpcInvalidRequestError`, thrown by the\n * `AccountManager` when validating a handle, to a more specific\n * `HandleUnavailableError` with a reason. This allows the OAuthProvider to\n * provide properly localized and specific error messages to the user when a\n * handle is not available.\n */\nfunction toHandleUnavailableReason(\n err: XrpcInvalidRequestError,\n): HandleUnavailableReason | undefined {\n switch (err.error) {\n case 'HandleNotAvailable': {\n if (err.message === 'Reserved handle') return 'reserved'\n return 'taken'\n }\n\n case 'UnsupportedDomain': {\n return 'unsupported'\n }\n\n case 'InvalidHandle': {\n if (err.message === 'Inappropriate language in handle') return 'slur'\n if (err.message === 'Handle TLD is invalid or disallowed') return 'domain'\n return 'syntax'\n }\n\n case 'InvalidRequest': {\n if (err.message === 'External handle did not resolve to DID') {\n return 'resolution'\n }\n return undefined\n }\n }\n}\n"]}
package/dist/api/com/atproto/admin/deleteAccount.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"deleteAccount.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/admin/deleteAccount.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAE7C,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAGnD,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QAcvD"}
1
+ {"version":3,"file":"deleteAccount.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/admin/deleteAccount.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAGnD,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QAiBvD"}
package/dist/api/com/atproto/admin/deleteAccount.js CHANGED
@@ -1,14 +1,19 @@
1
- import { AccountStatus } from '../../../../account-manager/account-manager.js';
2
1
  import { com } from '../../../../lexicons/index.js';
3
2
  export default function (server, ctx) {
4
3
  server.add(com.atproto.admin.deleteAccount, {
5
4
  auth: ctx.authVerifier.adminToken,
6
5
  handler: async ({ input }) => {
7
6
  const { did } = input.body;
8
- await ctx.actorStore.destroy(did);
7
+ // @NOTE Order matters here: first "unlink" the account by removing it
8
+ // from the account manager database ("source of truth"), then notify the
9
+ // sequencer, and finally cleanup files from the file system.
9
10
  await ctx.accountManager.deleteAccount(did);
10
- const accountSeq = await ctx.sequencer.sequenceAccountEvt(did, AccountStatus.Deleted);
11
- await ctx.sequencer.deleteAllForUser(did, [accountSeq]);
11
+ try {
12
+ await ctx.sequencer.sequenceAccountDeletion(did);
13
+ }
14
+ finally {
15
+ await ctx.actorStore.destroy(did);
16
+ }
12
17
  },
13
18
  });
14
19
  }
package/dist/api/com/atproto/admin/deleteAccount.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"deleteAccount.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/admin/deleteAccount.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,gDAAgD,CAAA;AAE9E,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AAEnD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE;QAC1C,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,UAAU;QACjC,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;YAC3B,MAAM,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,IAAI,CAAA;YAC1B,MAAM,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;YACjC,MAAM,GAAG,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;YAC3C,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC,kBAAkB,CACvD,GAAG,EACH,aAAa,CAAC,OAAO,CACtB,CAAA;YACD,MAAM,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;QACzD,CAAC;KACF,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import { Server } from '@atproto/xrpc-server'\nimport { AccountStatus } from '../../../../account-manager/account-manager.js'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.admin.deleteAccount, {\n auth: ctx.authVerifier.adminToken,\n handler: async ({ input }) => {\n const { did } = input.body\n await ctx.actorStore.destroy(did)\n await ctx.accountManager.deleteAccount(did)\n const accountSeq = await ctx.sequencer.sequenceAccountEvt(\n did,\n AccountStatus.Deleted,\n )\n await ctx.sequencer.deleteAllForUser(did, [accountSeq])\n },\n })\n}\n"]}
1
+ {"version":3,"file":"deleteAccount.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/admin/deleteAccount.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AAEnD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE;QAC1C,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,UAAU;QACjC,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;YAC3B,MAAM,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,IAAI,CAAA;YAE1B,sEAAsE;YACtE,yEAAyE;YACzE,6DAA6D;YAC7D,MAAM,GAAG,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;YAC3C,IAAI,CAAC;gBACH,MAAM,GAAG,CAAC,SAAS,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAA;YAClD,CAAC;oBAAS,CAAC;gBACT,MAAM,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;YACnC,CAAC;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import { Server } from '@atproto/xrpc-server'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.admin.deleteAccount, {\n auth: ctx.authVerifier.adminToken,\n handler: async ({ input }) => {\n const { did } = input.body\n\n // @NOTE Order matters here: first \"unlink\" the account by removing it\n // from the account manager database (\"source of truth\"), then notify the\n // sequencer, and finally cleanup files from the file system.\n await ctx.accountManager.deleteAccount(did)\n try {\n await ctx.sequencer.sequenceAccountDeletion(did)\n } finally {\n await ctx.actorStore.destroy(did)\n }\n },\n })\n}\n"]}
package/dist/api/com/atproto/admin/updateSubjectStatus.js CHANGED
@@ -38,7 +38,7 @@ export default function (server, ctx) {
38
38
  }
39
39
  if (com.atproto.admin.defs.repoRef.$isTypeOf(subject)) {
40
40
  const status = await ctx.accountManager.getAccountStatus(subject.did);
41
- await ctx.sequencer.sequenceAccountEvt(subject.did, status);
41
+ await ctx.sequencer.sequenceAccount(subject.did, status);
42
42
  }
43
43
  return {
44
44
  encoding: 'application/json',
package/dist/api/com/atproto/admin/updateSubjectStatus.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"updateSubjectStatus.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/admin/updateSubjectStatus.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAA;AAC5C,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAA;AACvC,OAAO,EAAE,mBAAmB,EAAU,MAAM,sBAAsB,CAAA;AAElE,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AAEnD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,mBAAmB,EAAE;QAChD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,SAAS;QAChC,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;YAC3B,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,KAAK,CAAC,IAAI,CAAA;YACrD,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtD,MAAM,GAAG,CAAC,cAAc,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;gBACjE,CAAC;qBAAM,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;oBACzD,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;oBAClC,MAAM,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;wBAC1D,MAAM,KAAK,CAAC,MAAM,CAAC,0BAA0B,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;oBAC9D,CAAC,CAAC,CAAA;gBACJ,CAAC;qBAAM,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;oBACjE,MAAM,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;wBACzD,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAC5C,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EACrB,QAAQ,CACT,CAAA;oBACH,CAAC,CAAC,CAAA;gBACJ,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,mBAAmB,CAAC,oBAAoB,OAAO,CAAC,KAAK,GAAG,CAAC,CAAA;gBACrE,CAAC;YACH,CAAC;YAED,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtD,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;wBACxB,MAAM,GAAG,CAAC,cAAc,CAAC,iBAAiB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;oBAC/D,CAAC;yBAAM,CAAC;wBACN,MAAM,GAAG,CAAC,cAAc,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;oBACvD,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;gBACtD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,gBAAgB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBACrE,MAAM,GAAG,CAAC,SAAS,CAAC,kBAAkB,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;YAC7D,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE,kBAA2B;gBACrC,IAAI,EAAE;oBACJ,OAAO;oBACP,QAAQ;iBACT;aACF,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import { parseCid } from '@atproto/lex-data'\nimport { AtUri } from '@atproto/syntax'\nimport { InvalidRequestError, Server } from '@atproto/xrpc-server'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.admin.updateSubjectStatus, {\n auth: ctx.authVerifier.moderator,\n handler: async ({ input }) => {\n const { subject, takedown, deactivated } = input.body\n if (takedown) {\n if (com.atproto.admin.defs.repoRef.$isTypeOf(subject)) {\n await ctx.accountManager.takedownAccount(subject.did, takedown)\n } else if (com.atproto.repo.strongRef.$isTypeOf(subject)) {\n const uri = new AtUri(subject.uri)\n await ctx.actorStore.transact(uri.hostname, async (store) => {\n await store.record.updateRecordTakedownStatus(uri, takedown)\n })\n } else if (com.atproto.admin.defs.repoBlobRef.$isTypeOf(subject)) {\n await ctx.actorStore.transact(subject.did, async (store) => {\n await store.repo.blob.updateBlobTakedownStatus(\n parseCid(subject.cid),\n takedown,\n )\n })\n } else {\n throw new InvalidRequestError(`Invalid subject (${subject.$type})`)\n }\n }\n\n if (deactivated) {\n if (com.atproto.admin.defs.repoRef.$isTypeOf(subject)) {\n if (deactivated.applied) {\n await ctx.accountManager.deactivateAccount(subject.did, null)\n } else {\n await ctx.accountManager.activateAccount(subject.did)\n }\n }\n }\n\n if (com.atproto.admin.defs.repoRef.$isTypeOf(subject)) {\n const status = await ctx.accountManager.getAccountStatus(subject.did)\n await ctx.sequencer.sequenceAccountEvt(subject.did, status)\n }\n\n return {\n encoding: 'application/json' as const,\n body: {\n subject,\n takedown,\n },\n }\n },\n })\n}\n"]}
1
+ {"version":3,"file":"updateSubjectStatus.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/admin/updateSubjectStatus.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAA;AAC5C,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAA;AACvC,OAAO,EAAE,mBAAmB,EAAU,MAAM,sBAAsB,CAAA;AAElE,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AAEnD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,mBAAmB,EAAE;QAChD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,SAAS;QAChC,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;YAC3B,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,KAAK,CAAC,IAAI,CAAA;YACrD,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtD,MAAM,GAAG,CAAC,cAAc,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;gBACjE,CAAC;qBAAM,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;oBACzD,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;oBAClC,MAAM,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;wBAC1D,MAAM,KAAK,CAAC,MAAM,CAAC,0BAA0B,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;oBAC9D,CAAC,CAAC,CAAA;gBACJ,CAAC;qBAAM,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;oBACjE,MAAM,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;wBACzD,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAC5C,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EACrB,QAAQ,CACT,CAAA;oBACH,CAAC,CAAC,CAAA;gBACJ,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,mBAAmB,CAAC,oBAAoB,OAAO,CAAC,KAAK,GAAG,CAAC,CAAA;gBACrE,CAAC;YACH,CAAC;YAED,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtD,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;wBACxB,MAAM,GAAG,CAAC,cAAc,CAAC,iBAAiB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;oBAC/D,CAAC;yBAAM,CAAC;wBACN,MAAM,GAAG,CAAC,cAAc,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;oBACvD,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;gBACtD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,gBAAgB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBACrE,MAAM,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;YAC1D,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE,kBAA2B;gBACrC,IAAI,EAAE;oBACJ,OAAO;oBACP,QAAQ;iBACT;aACF,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import { parseCid } from '@atproto/lex-data'\nimport { AtUri } from '@atproto/syntax'\nimport { InvalidRequestError, Server } from '@atproto/xrpc-server'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.admin.updateSubjectStatus, {\n auth: ctx.authVerifier.moderator,\n handler: async ({ input }) => {\n const { subject, takedown, deactivated } = input.body\n if (takedown) {\n if (com.atproto.admin.defs.repoRef.$isTypeOf(subject)) {\n await ctx.accountManager.takedownAccount(subject.did, takedown)\n } else if (com.atproto.repo.strongRef.$isTypeOf(subject)) {\n const uri = new AtUri(subject.uri)\n await ctx.actorStore.transact(uri.hostname, async (store) => {\n await store.record.updateRecordTakedownStatus(uri, takedown)\n })\n } else if (com.atproto.admin.defs.repoBlobRef.$isTypeOf(subject)) {\n await ctx.actorStore.transact(subject.did, async (store) => {\n await store.repo.blob.updateBlobTakedownStatus(\n parseCid(subject.cid),\n takedown,\n )\n })\n } else {\n throw new InvalidRequestError(`Invalid subject (${subject.$type})`)\n }\n }\n\n if (deactivated) {\n if (com.atproto.admin.defs.repoRef.$isTypeOf(subject)) {\n if (deactivated.applied) {\n await ctx.accountManager.deactivateAccount(subject.did, null)\n } else {\n await ctx.accountManager.activateAccount(subject.did)\n }\n }\n }\n\n if (com.atproto.admin.defs.repoRef.$isTypeOf(subject)) {\n const status = await ctx.accountManager.getAccountStatus(subject.did)\n await ctx.sequencer.sequenceAccount(subject.did, status)\n }\n\n return {\n encoding: 'application/json' as const,\n body: {\n subject,\n takedown,\n },\n }\n },\n })\n}\n"]}
package/dist/api/com/atproto/identity/submitPlcOperation.js CHANGED
@@ -38,7 +38,7 @@ export default function (server, ctx) {
38
38
  throw new InvalidRequestError('Incorrect handle in alsoKnownAs');
39
39
  }
40
40
  await ctx.plcClient.sendOperation(requester, op);
41
- await ctx.sequencer.sequenceIdentityEvt(requester);
41
+ await ctx.sequencer.sequenceIdentity(requester);
42
42
  try {
43
43
  await ctx.idResolver.did.resolve(requester, true);
44
44
  }
package/dist/api/com/atproto/identity/submitPlcOperation.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"submitPlcOperation.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/identity/submitPlcOperation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,cAAc,CAAA;AACnC,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAA;AACvC,OAAO,EAAE,mBAAmB,EAAU,MAAM,sBAAsB,CAAA;AAElE,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACnD,OAAO,EAAE,UAAU,IAAI,GAAG,EAAE,MAAM,uBAAuB,CAAA;AAEzD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,EAAE;QAClD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC;YACnC,SAAS,EAAE,CAAC,WAAW,EAAE,EAAE;gBACzB,WAAW,CAAC,cAAc,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAA;YAC3C,CAAC;SACF,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;YACjC,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAA;YACtC,MAAM,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,SAAS,CAAA;YAE/B,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrC,MAAM,IAAI,mBAAmB,CAAC,mBAAmB,CAAC,CAAA;YACpD,CAAC;YAED,MAAM,WAAW,GACf,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,EAAE,CAAA;YAC9D,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3C,MAAM,IAAI,mBAAmB,CAC3B,oDAAoD,CACrD,CAAA;YACH,CAAC;YACD,IAAI,EAAE,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,IAAI,KAAK,2BAA2B,EAAE,CAAC;gBACrE,MAAM,IAAI,mBAAmB,CAAC,uCAAuC,CAAC,CAAA;YACxE,CAAC;YACD,IAAI,EAAE,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,QAAQ,KAAK,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;gBACvE,MAAM,IAAI,mBAAmB,CAC3B,2CAA2C,CAC5C,CAAA;YACH,CAAC;YACD,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;YAC1D,IAAI,EAAE,CAAC,mBAAmB,CAAC,SAAS,CAAC,KAAK,UAAU,CAAC,GAAG,EAAE,EAAE,CAAC;gBAC3D,MAAM,IAAI,mBAAmB,CAAC,uBAAuB,CAAC,CAAA;YACxD,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,EAAE;gBAC7D,kBAAkB,EAAE,IAAI;aACzB,CAAC,CAAA;YACF,IACE,OAAO,EAAE,MAAM;gBACf,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,QAAQ,OAAO,CAAC,MAAM,EAAE,EACjD,CAAC;gBACD,MAAM,IAAI,mBAAmB,CAAC,iCAAiC,CAAC,CAAA;YAClE,CAAC;YAED,MAAM,GAAG,CAAC,SAAS,CAAC,aAAa,CAAC,SAAS,EAAE,EAAE,CAAC,CAAA;YAChD,MAAM,GAAG,CAAC,SAAS,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAA;YAElD,IAAI,CAAC;gBACH,MAAM,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;YACnD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,KAAK,CACP,EAAE,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,EACvB,wCAAwC,CACzC,CAAA;YACH,CAAC;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import * as plc from '@did-plc/lib'\nimport { check } from '@atproto/common'\nimport { InvalidRequestError, Server } from '@atproto/xrpc-server'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\nimport { httpLogger as log } from '../../../../logger.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.identity.submitPlcOperation, {\n auth: ctx.authVerifier.authorization({\n authorize: (permissions) => {\n permissions.assertIdentity({ attr: '*' })\n },\n }),\n handler: async ({ auth, input }) => {\n const requester = auth.credentials.did\n const op = input.body.operation\n\n if (!check.is(op, plc.def.operation)) {\n throw new InvalidRequestError('Invalid operation')\n }\n\n const rotationKey =\n ctx.cfg.entryway?.plcRotationKey ?? ctx.plcRotationKey.did()\n if (!op.rotationKeys.includes(rotationKey)) {\n throw new InvalidRequestError(\n \"Rotation keys do not include server's rotation key\",\n )\n }\n if (op.services['atproto_pds']?.type !== 'AtprotoPersonalDataServer') {\n throw new InvalidRequestError('Incorrect type on atproto_pds service')\n }\n if (op.services['atproto_pds']?.endpoint !== ctx.cfg.service.publicUrl) {\n throw new InvalidRequestError(\n 'Incorrect endpoint on atproto_pds service',\n )\n }\n const signingKey = await ctx.actorStore.keypair(requester)\n if (op.verificationMethods['atproto'] !== signingKey.did()) {\n throw new InvalidRequestError('Incorrect signing key')\n }\n const account = await ctx.accountManager.getAccount(requester, {\n includeDeactivated: true,\n })\n if (\n account?.handle &&\n op.alsoKnownAs.at(0) !== `at://${account.handle}`\n ) {\n throw new InvalidRequestError('Incorrect handle in alsoKnownAs')\n }\n\n await ctx.plcClient.sendOperation(requester, op)\n await ctx.sequencer.sequenceIdentityEvt(requester)\n\n try {\n await ctx.idResolver.did.resolve(requester, true)\n } catch (err) {\n log.error(\n { err, did: requester },\n 'failed to refresh did after plc update',\n )\n }\n },\n })\n}\n"]}
1
+ {"version":3,"file":"submitPlcOperation.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/identity/submitPlcOperation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,cAAc,CAAA;AACnC,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAA;AACvC,OAAO,EAAE,mBAAmB,EAAU,MAAM,sBAAsB,CAAA;AAElE,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACnD,OAAO,EAAE,UAAU,IAAI,GAAG,EAAE,MAAM,uBAAuB,CAAA;AAEzD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,EAAE;QAClD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC;YACnC,SAAS,EAAE,CAAC,WAAW,EAAE,EAAE;gBACzB,WAAW,CAAC,cAAc,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAA;YAC3C,CAAC;SACF,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;YACjC,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAA;YACtC,MAAM,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,SAAS,CAAA;YAE/B,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrC,MAAM,IAAI,mBAAmB,CAAC,mBAAmB,CAAC,CAAA;YACpD,CAAC;YAED,MAAM,WAAW,GACf,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,EAAE,CAAA;YAC9D,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3C,MAAM,IAAI,mBAAmB,CAC3B,oDAAoD,CACrD,CAAA;YACH,CAAC;YACD,IAAI,EAAE,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,IAAI,KAAK,2BAA2B,EAAE,CAAC;gBACrE,MAAM,IAAI,mBAAmB,CAAC,uCAAuC,CAAC,CAAA;YACxE,CAAC;YACD,IAAI,EAAE,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,QAAQ,KAAK,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;gBACvE,MAAM,IAAI,mBAAmB,CAC3B,2CAA2C,CAC5C,CAAA;YACH,CAAC;YACD,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;YAC1D,IAAI,EAAE,CAAC,mBAAmB,CAAC,SAAS,CAAC,KAAK,UAAU,CAAC,GAAG,EAAE,EAAE,CAAC;gBAC3D,MAAM,IAAI,mBAAmB,CAAC,uBAAuB,CAAC,CAAA;YACxD,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,EAAE;gBAC7D,kBAAkB,EAAE,IAAI;aACzB,CAAC,CAAA;YACF,IACE,OAAO,EAAE,MAAM;gBACf,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,QAAQ,OAAO,CAAC,MAAM,EAAE,EACjD,CAAC;gBACD,MAAM,IAAI,mBAAmB,CAAC,iCAAiC,CAAC,CAAA;YAClE,CAAC;YAED,MAAM,GAAG,CAAC,SAAS,CAAC,aAAa,CAAC,SAAS,EAAE,EAAE,CAAC,CAAA;YAChD,MAAM,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAA;YAE/C,IAAI,CAAC;gBACH,MAAM,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;YACnD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,KAAK,CACP,EAAE,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,EACvB,wCAAwC,CACzC,CAAA;YACH,CAAC;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import * as plc from '@did-plc/lib'\nimport { check } from '@atproto/common'\nimport { InvalidRequestError, Server } from '@atproto/xrpc-server'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\nimport { httpLogger as log } from '../../../../logger.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.identity.submitPlcOperation, {\n auth: ctx.authVerifier.authorization({\n authorize: (permissions) => {\n permissions.assertIdentity({ attr: '*' })\n },\n }),\n handler: async ({ auth, input }) => {\n const requester = auth.credentials.did\n const op = input.body.operation\n\n if (!check.is(op, plc.def.operation)) {\n throw new InvalidRequestError('Invalid operation')\n }\n\n const rotationKey =\n ctx.cfg.entryway?.plcRotationKey ?? ctx.plcRotationKey.did()\n if (!op.rotationKeys.includes(rotationKey)) {\n throw new InvalidRequestError(\n \"Rotation keys do not include server's rotation key\",\n )\n }\n if (op.services['atproto_pds']?.type !== 'AtprotoPersonalDataServer') {\n throw new InvalidRequestError('Incorrect type on atproto_pds service')\n }\n if (op.services['atproto_pds']?.endpoint !== ctx.cfg.service.publicUrl) {\n throw new InvalidRequestError(\n 'Incorrect endpoint on atproto_pds service',\n )\n }\n const signingKey = await ctx.actorStore.keypair(requester)\n if (op.verificationMethods['atproto'] !== signingKey.did()) {\n throw new InvalidRequestError('Incorrect signing key')\n }\n const account = await ctx.accountManager.getAccount(requester, {\n includeDeactivated: true,\n })\n if (\n account?.handle &&\n op.alsoKnownAs.at(0) !== `at://${account.handle}`\n ) {\n throw new InvalidRequestError('Incorrect handle in alsoKnownAs')\n }\n\n await ctx.plcClient.sendOperation(requester, op)\n await ctx.sequencer.sequenceIdentity(requester)\n\n try {\n await ctx.idResolver.did.resolve(requester, true)\n } catch (err) {\n log.error(\n { err, did: requester },\n 'failed to refresh did after plc update',\n )\n }\n },\n })\n}\n"]}
package/dist/api/com/atproto/server/activateAccount.js CHANGED
@@ -32,9 +32,7 @@ export default function (server, ctx) {
32
32
  const syncData = await ctx.actorStore.read(requester, (store) => store.repo.getSyncEventData());
33
33
  // @NOTE: we're over-emitting for now for backwards compatibility, can reduce this in the future
34
34
  const status = await ctx.accountManager.getAccountStatus(requester);
35
- await ctx.sequencer.sequenceAccountEvt(requester, status);
36
- await ctx.sequencer.sequenceIdentityEvt(requester, account.handle ?? INVALID_HANDLE);
37
- await ctx.sequencer.sequenceSyncEvt(requester, syncData);
35
+ await ctx.sequencer.sequenceAccountActivation(requester, account.handle ?? INVALID_HANDLE, status, syncData);
38
36
  },
39
37
  });
40
38
  }
package/dist/api/com/atproto/server/activateAccount.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"activateAccount.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/activateAccount.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAA;AAChD,OAAO,EACL,cAAc,EACd,mBAAmB,GAEpB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAA;AAEvD,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACnD,OAAO,EAAE,gCAAgC,EAAE,MAAM,WAAW,CAAA;AAE5D,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE;QAC7C,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC;YACnC,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,GAAG,EAAE;gBACd,MAAM,IAAI,cAAc,CACtB,uDAAuD,CACxD,CAAA;YACH,CAAC;SACF,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE;YAC/B,4HAA4H;YAC5H,IAAI,GAAG,CAAC,cAAc,EAAE,CAAC;gBACvB,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAA;gBACpD,MAAM,GAAG,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE;oBAChE,OAAO;iBACR,CAAC,CAAA;gBACF,OAAM;YACR,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAA;YAEtC,MAAM,gCAAgC,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;YAEtD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,EAAE;gBAC7D,kBAAkB,EAAE,IAAI;aACzB,CAAC,CAAA;YACF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,mBAAmB,CAAC,gBAAgB,EAAE,iBAAiB,CAAC,CAAA;YACpE,CAAC;YAED,MAAM,GAAG,CAAC,cAAc,CAAC,eAAe,CAAC,SAAS,CAAC,CAAA;YAEnD,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,CAC9D,KAAK,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAC9B,CAAA;YAED,gGAAgG;YAChG,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAA;YACnE,MAAM,GAAG,CAAC,SAAS,CAAC,kBAAkB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;YACzD,MAAM,GAAG,CAAC,SAAS,CAAC,mBAAmB,CACrC,SAAS,EACT,OAAO,CAAC,MAAM,IAAI,cAAc,CACjC,CAAA;YACD,MAAM,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAA;QAC1D,CAAC;KACF,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import { INVALID_HANDLE } from '@atproto/syntax'\nimport {\n ForbiddenError,\n InvalidRequestError,\n Server,\n} from '@atproto/xrpc-server'\nimport { ACCESS_FULL } from '../../../../auth-scope.js'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\nimport { assertValidDidDocumentForService } from './util.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.server.activateAccount, {\n auth: ctx.authVerifier.authorization({\n scopes: ACCESS_FULL,\n authorize: () => {\n throw new ForbiddenError(\n 'OAuth credentials are not supported for this endpoint',\n )\n },\n }),\n handler: async ({ req, auth }) => {\n // in the case of entryway, the full flow is activateAccount (PDS) -> activateAccount (Entryway) -> updateSubjectStatus(PDS)\n if (ctx.entrywayClient) {\n const { headers } = ctx.entrywayPassthruHeaders(req)\n await ctx.entrywayClient.xrpc(com.atproto.server.activateAccount, {\n headers,\n })\n return\n }\n\n const requester = auth.credentials.did\n\n await assertValidDidDocumentForService(ctx, requester)\n\n const account = await ctx.accountManager.getAccount(requester, {\n includeDeactivated: true,\n })\n if (!account) {\n throw new InvalidRequestError('user not found', 'AccountNotFound')\n }\n\n await ctx.accountManager.activateAccount(requester)\n\n const syncData = await ctx.actorStore.read(requester, (store) =>\n store.repo.getSyncEventData(),\n )\n\n // @NOTE: we're over-emitting for now for backwards compatibility, can reduce this in the future\n const status = await ctx.accountManager.getAccountStatus(requester)\n await ctx.sequencer.sequenceAccountEvt(requester, status)\n await ctx.sequencer.sequenceIdentityEvt(\n requester,\n account.handle ?? INVALID_HANDLE,\n )\n await ctx.sequencer.sequenceSyncEvt(requester, syncData)\n },\n })\n}\n"]}
1
+ {"version":3,"file":"activateAccount.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/activateAccount.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAA;AAChD,OAAO,EACL,cAAc,EACd,mBAAmB,GAEpB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAA;AAEvD,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACnD,OAAO,EAAE,gCAAgC,EAAE,MAAM,WAAW,CAAA;AAE5D,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE;QAC7C,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC;YACnC,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,GAAG,EAAE;gBACd,MAAM,IAAI,cAAc,CACtB,uDAAuD,CACxD,CAAA;YACH,CAAC;SACF,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE;YAC/B,4HAA4H;YAC5H,IAAI,GAAG,CAAC,cAAc,EAAE,CAAC;gBACvB,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAA;gBACpD,MAAM,GAAG,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE;oBAChE,OAAO;iBACR,CAAC,CAAA;gBACF,OAAM;YACR,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAA;YAEtC,MAAM,gCAAgC,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;YAEtD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,EAAE;gBAC7D,kBAAkB,EAAE,IAAI;aACzB,CAAC,CAAA;YACF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,mBAAmB,CAAC,gBAAgB,EAAE,iBAAiB,CAAC,CAAA;YACpE,CAAC;YAED,MAAM,GAAG,CAAC,cAAc,CAAC,eAAe,CAAC,SAAS,CAAC,CAAA;YAEnD,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,CAC9D,KAAK,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAC9B,CAAA;YAED,gGAAgG;YAChG,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAA;YACnE,MAAM,GAAG,CAAC,SAAS,CAAC,yBAAyB,CAC3C,SAAS,EACT,OAAO,CAAC,MAAM,IAAI,cAAc,EAChC,MAAM,EACN,QAAQ,CACT,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import { INVALID_HANDLE } from '@atproto/syntax'\nimport {\n ForbiddenError,\n InvalidRequestError,\n Server,\n} from '@atproto/xrpc-server'\nimport { ACCESS_FULL } from '../../../../auth-scope.js'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\nimport { assertValidDidDocumentForService } from './util.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.server.activateAccount, {\n auth: ctx.authVerifier.authorization({\n scopes: ACCESS_FULL,\n authorize: () => {\n throw new ForbiddenError(\n 'OAuth credentials are not supported for this endpoint',\n )\n },\n }),\n handler: async ({ req, auth }) => {\n // in the case of entryway, the full flow is activateAccount (PDS) -> activateAccount (Entryway) -> updateSubjectStatus(PDS)\n if (ctx.entrywayClient) {\n const { headers } = ctx.entrywayPassthruHeaders(req)\n await ctx.entrywayClient.xrpc(com.atproto.server.activateAccount, {\n headers,\n })\n return\n }\n\n const requester = auth.credentials.did\n\n await assertValidDidDocumentForService(ctx, requester)\n\n const account = await ctx.accountManager.getAccount(requester, {\n includeDeactivated: true,\n })\n if (!account) {\n throw new InvalidRequestError('user not found', 'AccountNotFound')\n }\n\n await ctx.accountManager.activateAccount(requester)\n\n const syncData = await ctx.actorStore.read(requester, (store) =>\n store.repo.getSyncEventData(),\n )\n\n // @NOTE: we're over-emitting for now for backwards compatibility, can reduce this in the future\n const status = await ctx.accountManager.getAccountStatus(requester)\n await ctx.sequencer.sequenceAccountActivation(\n requester,\n account.handle ?? INVALID_HANDLE,\n status,\n syncData,\n )\n },\n })\n}\n"]}
package/dist/api/com/atproto/server/createAccount.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"createAccount.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/createAccount.ts"],"names":[],"mappings":"AAOA,OAAO,EAGL,MAAM,EACP,MAAM,sBAAsB,CAAA;AAG7B,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAMnD,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QA6FvD"}
1
+ {"version":3,"file":"createAccount.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/createAccount.ts"],"names":[],"mappings":"AAOA,OAAO,EAGL,MAAM,EACP,MAAM,sBAAsB,CAAA;AAE7B,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAKnD,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QA8GvD"}
package/dist/api/com/atproto/server/createAccount.js CHANGED
@@ -5,11 +5,9 @@ import { MINUTE, check } from '@atproto/common';
5
5
  import { Secp256k1Keypair } from '@atproto/crypto';
6
6
  import { ensureAtpDocument } from '@atproto/identity';
7
7
  import { AuthRequiredError, InvalidRequestError, } from '@atproto/xrpc-server';
8
- import { AccountStatus } from '../../../../account-manager/account-manager.js';
9
8
  import { NEW_PASSWORD_MAX_LENGTH } from '../../../../account-manager/helpers/scrypt.js';
10
9
  import { baseNormalizeAndValidate } from '../../../../handle/index.js';
11
10
  import { com } from '../../../../lexicons/index.js';
12
- import { syncEvtDataFromCommit } from '../../../../sequencer/index.js';
13
11
  import { safeResolveDidDoc } from './util.js';
14
12
  export default function (server, ctx) {
15
13
  server.add(com.atproto.server.createAccount, {
@@ -25,64 +23,86 @@ export default function (server, ctx) {
25
23
  const { did, handle, email, password, inviteCode, signingKey, plcOp, deactivated, } = ctx.entrywayClient
26
24
  ? await validateInputsForEntrywayPds(ctx, input.body)
27
25
  : await validateInputsForLocalPds(ctx, input.body, requester);
28
- let didDoc;
29
- let creds;
30
26
  await ctx.actorStore.create(did, signingKey);
31
27
  try {
32
- const commit = await ctx.actorStore.transact(did, (actorTxn) => actorTxn.repo.createRepo([]));
28
+ const commit = await ctx.actorStore.transact(did, (actorTxn) => {
29
+ return actorTxn.repo.createRepo([]);
30
+ });
31
+ const canTombstone =
32
+ // @NOTE IMPORTANT Because the user may be bringing their own did, we
33
+ // must make sure not to tombstone their did on failure if we didn't
34
+ // create it here.
35
+ !ctx.entrywayClient && !input.body.did && !!plcOp;
33
36
  // Generate a real did with PLC
34
37
  if (plcOp) {
38
+ await ctx.plcClient.sendOperation(did, plcOp);
39
+ }
40
+ try {
41
+ const didDoc = await safeResolveDidDoc(ctx, did, true);
42
+ const creds = await ctx.accountManager.createAccountAndSession({
43
+ did,
44
+ handle,
45
+ email,
46
+ password,
47
+ repoCid: commit.cid,
48
+ repoRev: commit.rev,
49
+ inviteCode,
50
+ deactivated,
51
+ });
35
52
  try {
36
- await ctx.plcClient.sendOperation(did, plcOp);
53
+ const sequenceEvt = !deactivated;
54
+ if (sequenceEvt) {
55
+ await ctx.sequencer.sequenceAccountCreation(did, handle, commit);
56
+ }
57
+ try {
58
+ await ctx.actorStore
59
+ .clearReservedKeypair(signingKey.did(), did)
60
+ .catch((err) => {
61
+ // @NOTE This is a cleanup operation so we won't fail the whole
62
+ // flow if it fails, but we log it just in case
63
+ req.log.error({ did, signingKeyDid: signingKey.did(), err }, 'Failed to clear reserved keypair');
64
+ });
65
+ return {
66
+ encoding: 'application/json',
67
+ body: {
68
+ handle,
69
+ did: did,
70
+ // @ts-expect-error https://github.com/bluesky-social/atproto/pull/4406
71
+ didDoc,
72
+ accessJwt: creds.accessJwt,
73
+ refreshJwt: creds.refreshJwt,
74
+ },
75
+ };
76
+ }
77
+ catch (err) {
78
+ if (sequenceEvt)
79
+ await ctx.sequencer.sequenceAccountDeletion(did);
80
+ throw err;
81
+ }
37
82
  }
38
83
  catch (err) {
39
- req.log.error({ didKey: ctx.plcRotationKey.did(), handle }, 'failed to create did:plc');
84
+ await ctx.accountManager.deleteAccount(did);
40
85
  throw err;
41
86
  }
42
87
  }
43
- didDoc = await safeResolveDidDoc(ctx, did, true);
44
- creds = await ctx.accountManager.createAccountAndSession({
45
- did,
46
- handle,
47
- email,
48
- password,
49
- repoCid: commit.cid,
50
- repoRev: commit.rev,
51
- inviteCode,
52
- deactivated,
53
- });
54
- if (!deactivated) {
55
- await ctx.sequencer.sequenceIdentityEvt(did, handle);
56
- await ctx.sequencer.sequenceAccountEvt(did, AccountStatus.Active);
57
- await ctx.sequencer.sequenceCommit(did, commit);
58
- await ctx.sequencer.sequenceSyncEvt(did, syncEvtDataFromCommit(commit));
88
+ catch (err) {
89
+ if (canTombstone) {
90
+ await ctx.plcClient.tombstone(did, ctx.plcRotationKey);
91
+ }
92
+ throw err;
59
93
  }
60
- await ctx.accountManager.updateRepoRoot(did, commit.cid, commit.rev);
61
- await ctx.actorStore.clearReservedKeypair(signingKey.did(), did);
62
94
  }
63
95
  catch (err) {
64
- // this will only be reached if the actor store _did not_ exist before
65
96
  await ctx.actorStore.destroy(did);
66
97
  throw err;
67
98
  }
68
- return {
69
- encoding: 'application/json',
70
- body: {
71
- handle,
72
- did: did,
73
- // @ts-expect-error https://github.com/bluesky-social/atproto/pull/4406
74
- didDoc,
75
- accessJwt: creds.accessJwt,
76
- refreshJwt: creds.refreshJwt,
77
- },
78
- };
79
99
  },
80
100
  });
81
101
  }
82
102
  const validateInputsForEntrywayPds = async (ctx, input) => {
83
- const { did, plcOp } = input;
84
103
  const handle = baseNormalizeAndValidate(input.handle);
85
- if (!did || !input.plcOp) {
104
+ const { did, plcOp } = input;
105
+ if (!did || !plcOp) {
86
106
  throw new InvalidRequestError('non-entryway pds requires bringing a DID and plcOp');
87
107
  }
88
108
  if (!check.is(plcOp, plc.def.operation)) {
@@ -178,7 +198,7 @@ const validateInputsForLocalPds = async (ctx, input, requester) => {
178
198
  else {
179
199
  const formatted = await formatDidAndPlcOp(ctx, handle, input, signingKey);
180
200
  did = formatted.did;
181
- plcOp = formatted.plcOp;
201
+ plcOp = formatted.op;
182
202
  }
183
203
  return {
184
204
  did,
@@ -200,17 +220,13 @@ const formatDidAndPlcOp = async (ctx, handle, input, signingKey) => {
200
220
  if (input.recoveryKey) {
201
221
  rotationKeys.unshift(input.recoveryKey);
202
222
  }
203
- const plcCreate = await plc.createOp({
223
+ return plc.createOp({
204
224
  signingKey: signingKey.did(),
205
225
  rotationKeys,
206
226
  handle,
207
227
  pds: ctx.cfg.service.publicUrl,
208
228
  signer: ctx.plcRotationKey,
209
229
  });
210
- return {
211
- did: plcCreate.did,
212
- plcOp: plcCreate.op,
213
- };
214
230
  };
215
231
  const validateAtprotoData = (data, expected) => {
216
232
  // if the user is bringing their own did: