@atproto/pds 0.5.3 → 0.5.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +11 -0
- package/dist/account-manager/account-manager.d.ts.map +1 -1
- package/dist/account-manager/account-manager.js +16 -19
- package/dist/account-manager/account-manager.js.map +1 -1
- package/dist/account-manager/oauth-store.d.ts.map +1 -1
- package/dist/account-manager/oauth-store.js +46 -26
- package/dist/account-manager/oauth-store.js.map +1 -1
- package/dist/api/com/atproto/admin/deleteAccount.d.ts.map +1 -1
- package/dist/api/com/atproto/admin/deleteAccount.js +9 -4
- package/dist/api/com/atproto/admin/deleteAccount.js.map +1 -1
- package/dist/api/com/atproto/admin/updateSubjectStatus.js +1 -1
- package/dist/api/com/atproto/admin/updateSubjectStatus.js.map +1 -1
- package/dist/api/com/atproto/identity/submitPlcOperation.js +1 -1
- package/dist/api/com/atproto/identity/submitPlcOperation.js.map +1 -1
- package/dist/api/com/atproto/server/activateAccount.js +1 -3
- package/dist/api/com/atproto/server/activateAccount.js.map +1 -1
- package/dist/api/com/atproto/server/createAccount.d.ts.map +1 -1
- package/dist/api/com/atproto/server/createAccount.js +61 -45
- package/dist/api/com/atproto/server/createAccount.js.map +1 -1
- package/dist/api/com/atproto/server/deactivateAccount.js +1 -1
- package/dist/api/com/atproto/server/deactivateAccount.js.map +1 -1
- package/dist/api/com/atproto/server/deleteAccount.d.ts.map +1 -1
- package/dist/api/com/atproto/server/deleteAccount.js +9 -4
- package/dist/api/com/atproto/server/deleteAccount.js.map +1 -1
- package/dist/api/com/atproto/sync/getRepo.d.ts.map +1 -1
- package/dist/api/com/atproto/sync/getRepo.js +5 -1
- package/dist/api/com/atproto/sync/getRepo.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -39
- package/dist/index.js.map +1 -1
- package/dist/rate-limits.d.ts +7 -0
- package/dist/rate-limits.d.ts.map +1 -0
- package/dist/rate-limits.js +50 -0
- package/dist/rate-limits.js.map +1 -0
- package/dist/scripts/publish-identity.js +1 -1
- package/dist/scripts/publish-identity.js.map +1 -1
- package/dist/scripts/rebuild-repo.js +1 -1
- package/dist/scripts/rebuild-repo.js.map +1 -1
- package/dist/scripts/rotate-keys.js +2 -2
- package/dist/scripts/rotate-keys.js.map +1 -1
- package/dist/scripts/sequencer-recovery/recoverer.js +7 -5
- package/dist/scripts/sequencer-recovery/recoverer.js.map +1 -1
- package/dist/sequencer/sequencer.d.ts +8 -6
- package/dist/sequencer/sequencer.d.ts.map +1 -1
- package/dist/sequencer/sequencer.js +40 -21
- package/dist/sequencer/sequencer.js.map +1 -1
- package/package.json +7 -7
- package/src/account-manager/account-manager.ts +26 -23
- package/src/account-manager/oauth-store.ts +55 -36
- package/src/api/com/atproto/admin/deleteAccount.ts +9 -7
- package/src/api/com/atproto/admin/updateSubjectStatus.ts +1 -1
- package/src/api/com/atproto/identity/submitPlcOperation.ts +1 -1
- package/src/api/com/atproto/server/activateAccount.ts +3 -3
- package/src/api/com/atproto/server/createAccount.ts +72 -63
- package/src/api/com/atproto/server/deactivateAccount.ts +1 -1
- package/src/api/com/atproto/server/deleteAccount.ts +9 -7
- package/src/api/com/atproto/sync/getRepo.ts +9 -1
- package/src/index.ts +3 -42
- package/src/rate-limits.ts +59 -0
- package/src/scripts/publish-identity.ts +1 -1
- package/src/scripts/rebuild-repo.ts +1 -1
- package/src/scripts/rotate-keys.ts +2 -2
- package/src/scripts/sequencer-recovery/recoverer.ts +9 -5
- package/src/sequencer/sequencer.ts +52 -23
- package/tsconfig.build.tsbuildinfo +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"createAccount.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/createAccount.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,cAAc,CAAA;AACnC,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAA;AAC/D,OAAO,EAAe,MAAM,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAA;AAC5D,OAAO,EAA8B,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAC9E,OAAO,EAAe,iBAAiB,EAAE,MAAM,mBAAmB,CAAA;AAElE,OAAO,EACL,iBAAiB,EACjB,mBAAmB,GAEpB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,gDAAgD,CAAA;AAC9E,OAAO,EAAE,uBAAuB,EAAE,MAAM,+CAA+C,CAAA;AAEvF,OAAO,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAA;AACtE,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACnD,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAA;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAA;AAE7C,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE;QAC3C,SAAS,EAAE;YACT,UAAU,EAAE,CAAC,GAAG,MAAM;YACtB,MAAM,EAAE,GAAG;SACZ;QACD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,uBAAuB;QAC9C,OAAO,EAAE,KAAK,EAAE,EACd,KAAK,EACL,IAAI,EACJ,GAAG,GACJ,EAAqD,EAAE;YACtD,iEAAiE;YACjE,0EAA0E;YAE1E,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,GAAG,IAAI,IAAI,CAAA;YAC/C,MAAM,EACJ,GAAG,EACH,MAAM,EACN,KAAK,EACL,QAAQ,EACR,UAAU,EACV,UAAU,EACV,KAAK,EACL,WAAW,GACZ,GAAG,GAAG,CAAC,cAAc;gBACpB,CAAC,CAAC,MAAM,4BAA4B,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC;gBACrD,CAAC,CAAC,MAAM,yBAAyB,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,EAAE,SAAS,CAAC,CAAA;YAE/D,IAAI,MAA+B,CAAA;YACnC,IAAI,KAAgD,CAAA;YACpD,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,CAAA;YAC5C,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE,CAC7D,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAC7B,CAAA;gBAED,+BAA+B;gBAC/B,IAAI,KAAK,EAAE,CAAC;oBACV,IAAI,CAAC;wBACH,MAAM,GAAG,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;oBAC/C,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,GAAG,CAAC,GAAG,CAAC,KAAK,CACX,EAAE,MAAM,EAAE,GAAG,CAAC,cAAc,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,EAC5C,0BAA0B,CAC3B,CAAA;wBACD,MAAM,GAAG,CAAA;oBACX,CAAC;gBACH,CAAC;gBAED,MAAM,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;gBAEhD,KAAK,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,uBAAuB,CAAC;oBACvD,GAAG;oBACH,MAAM;oBACN,KAAK;oBACL,QAAQ;oBACR,OAAO,EAAE,MAAM,CAAC,GAAG;oBACnB,OAAO,EAAE,MAAM,CAAC,GAAG;oBACnB,UAAU;oBACV,WAAW;iBACZ,CAAC,CAAA;gBAEF,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,GAAG,CAAC,SAAS,CAAC,mBAAmB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;oBACpD,MAAM,GAAG,CAAC,SAAS,CAAC,kBAAkB,CAAC,GAAG,EAAE,aAAa,CAAC,MAAM,CAAC,CAAA;oBACjE,MAAM,GAAG,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;oBAC/C,MAAM,GAAG,CAAC,SAAS,CAAC,eAAe,CACjC,GAAG,EACH,qBAAqB,CAAC,MAAM,CAAC,CAC9B,CAAA;gBACH,CAAC;gBACD,MAAM,GAAG,CAAC,cAAc,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAA;gBACpE,MAAM,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,UAAU,CAAC,GAAG,EAAE,EAAE,GAAG,CAAC,CAAA;YAClE,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,sEAAsE;gBACtE,MAAM,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBACjC,MAAM,GAAG,CAAA;YACX,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE,kBAA2B;gBACrC,IAAI,EAAE;oBACJ,MAAM;oBACN,GAAG,EAAE,GAAG;oBACR,uEAAuE;oBACvE,MAAM;oBACN,SAAS,EAAE,KAAK,CAAC,SAAS;oBAC1B,UAAU,EAAE,KAAK,CAAC,UAAU;iBAC7B;aACF,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED,MAAM,4BAA4B,GAAG,KAAK,EACxC,GAAe,EACf,KAAkD,EAClD,EAAE;IACF,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,KAAK,CAAA;IAC5B,MAAM,MAAM,GAAG,wBAAwB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;IACrD,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACzB,MAAM,IAAI,mBAAmB,CAC3B,oDAAoD,CACrD,CAAA;IACH,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,mBAAmB,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,CAAA;IAC9E,CAAC;IACD,MAAM,cAAc,GAAG,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAA;IACvD,IAAI,CAAC,cAAc,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QACpE,MAAM,IAAI,mBAAmB,CAC3B,+CAA+C,EAC/C,oBAAoB,CACrB,CAAA;IACH,CAAC;IACD,IAAI,CAAC;QACH,MAAM,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,CAAA;QAC9B,MAAM,GAAG,CAAC,cAAc,CAAC,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC,CAAA;IACnD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,mBAAmB,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,CAAA;IAC9E,CAAC;IACD,MAAM,GAAG,GAAG,GAAG,CAAC,YAAY,CAAC,EAAE,GAAG,EAAE,GAAG,KAAK,EAAE,CAAC,CAAA;IAC/C,MAAM,IAAI,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAA;IAEnC,IAAI,UAAyC,CAAA;IAC7C,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,UAAU,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACjE,CAAC;IACD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,UAAU,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IACvE,CAAC;IACD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,mBAAmB,CAAC,qCAAqC,CAAC,CAAA;IACtE,CAAC;IAED,mBAAmB,CAAC,IAAI,EAAE;QACxB,MAAM;QACN,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS;QAC9B,UAAU,EAAE,UAAU,CAAC,GAAG,EAAE;KAC7B,CAAC,CAAA;IAEF,OAAO;QACL,GAAG;QACH,MAAM;QACN,KAAK,EAAE,SAAS;QAChB,QAAQ,EAAE,SAAS;QACnB,UAAU,EAAE,SAAS;QACrB,UAAU;QACV,KAAK;QACL,WAAW,EAAE,KAAK;KACnB,CAAA;AACH,CAAC,CAAA;AAED,MAAM,yBAAyB,GAAG,KAAK,EACrC,GAAe,EACf,KAAkD,EAClD,SAAwB,EACxB,EAAE;IACF,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,KAAK,CAAA;IAC7C,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,MAAM,IAAI,mBAAmB,CAAC,4BAA4B,CAAC,CAAA;IAC7D,CAAC;IAED,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,uBAAuB,EAAE,CAAC;QAC1D,MAAM,IAAI,mBAAmB,CAC3B,wCAAwC,uBAAuB,cAAc,CAC9E,CAAA;IACH,CAAC;IAED,IAAI,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,CAAC,UAAU,EAAE,CAAC;QAC5C,MAAM,IAAI,mBAAmB,CAC3B,yBAAyB,EACzB,mBAAmB,CACpB,CAAA;IACH,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,mBAAmB,CAAC,mBAAmB,CAAC,CAAA;IACpD,CAAC;SAAM,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5D,MAAM,IAAI,mBAAmB,CAC3B,oEAAoE,CACrE,CAAA;IACH,CAAC;IAED,kCAAkC;IAClC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,0BAA0B,CAChE,KAAK,CAAC,MAAM,EACZ,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,CACnB,CAAA;IAED,4CAA4C;IAC5C,IAAI,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,UAAU,EAAE,CAAC;QAC3C,MAAM,GAAG,CAAC,cAAc,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAA;IAC9D,CAAC;IAED,gDAAgD;IAChD,MAAM,CAAC,WAAW,EAAE,SAAS,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACjD,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC;QACrC,GAAG,CAAC,cAAc,CAAC,iBAAiB,CAAC,KAAK,CAAC;KAC5C,CAAC,CAAA;IACF,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,IAAI,mBAAmB,CAAC,yBAAyB,MAAM,EAAE,CAAC,CAAA;IAClE,CAAC;SAAM,IAAI,SAAS,EAAE,CAAC;QACrB,MAAM,IAAI,mBAAmB,CAAC,wBAAwB,KAAK,EAAE,CAAC,CAAA;IAChE,CAAC;IAED,kDAAkD;IAClD,yDAAyD;IACzD,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAA;IAEtE,IAAI,GAAc,CAAA;IAClB,IAAI,KAA2B,CAAA;IAC/B,IAAI,WAAW,GAAG,KAAK,CAAA;IACvB,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,IAAI,KAAK,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,IAAI,iBAAiB,CACzB,4CAA4C,KAAK,CAAC,GAAG,EAAE,CACxD,CAAA;QACH,CAAC;QACD,GAAG,GAAG,KAAK,CAAC,GAAG,CAAA;QACf,KAAK,GAAG,IAAI,CAAA;QACZ,WAAW,GAAG,IAAI,CAAA;IACpB,CAAC;SAAM,CAAC;QACN,MAAM,SAAS,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC,CAAA;QACzE,GAAG,GAAG,SAAS,CAAC,GAAgB,CAAA;QAChC,KAAK,GAAG,SAAS,CAAC,KAAK,CAAA;IACzB,CAAC;IAED,OAAO;QACL,GAAG;QACH,MAAM;QACN,KAAK;QACL,QAAQ;QACR,UAAU;QACV,UAAU;QACV,KAAK;QACL,WAAW;KACZ,CAAA;AACH,CAAC,CAAA;AAED,MAAM,iBAAiB,GAAG,KAAK,EAC7B,GAAe,EACf,MAAc,EACd,KAAkD,EAClD,UAAmB,EAIlB,EAAE;IACH,wEAAwE;IACxE,MAAM,YAAY,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC,CAAA;IAC/C,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;QACpC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;IACvD,CAAC;IACD,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;QACtB,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAA;IACzC,CAAC;IACD,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC;QACnC,UAAU,EAAE,UAAU,CAAC,GAAG,EAAE;QAC5B,YAAY;QACZ,MAAM;QACN,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS;QAC9B,MAAM,EAAE,GAAG,CAAC,cAAc;KAC3B,CAAC,CAAA;IACF,OAAO;QACL,GAAG,EAAE,SAAS,CAAC,GAAG;QAClB,KAAK,EAAE,SAAS,CAAC,EAAE;KACpB,CAAA;AACH,CAAC,CAAA;AACD,MAAM,mBAAmB,GAAG,CAC1B,IAAiB,EACjB,QAIC,EACD,EAAE;IACF,yCAAyC;IACzC,qEAAqE;IACrE,mEAAmE;IACnE,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;QACpC,MAAM,IAAI,mBAAmB,CAC3B,oDAAoD,EACpD,oBAAoB,CACrB,CAAA;IACH,CAAC;SAAM,IAAI,IAAI,CAAC,GAAG,KAAK,QAAQ,CAAC,GAAG,EAAE,CAAC;QACrC,MAAM,IAAI,mBAAmB,CAC3B,2DAA2D,EAC3D,oBAAoB,CACrB,CAAA;IACH,CAAC;SAAM,IAAI,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,UAAU,EAAE,CAAC;QACnD,MAAM,IAAI,mBAAmB,CAC3B,6DAA6D,EAC7D,oBAAoB,CACrB,CAAA;IACH,CAAC;AACH,CAAC,CAAA","sourcesContent":["import * as plc from '@did-plc/lib'\nimport { isEmailValid } from '@hapi/address'\nimport { isDisposableEmail } from 'disposable-email-domains-js'\nimport { DidDocument, MINUTE, check } from '@atproto/common'\nimport { ExportableKeypair, Keypair, Secp256k1Keypair } from '@atproto/crypto'\nimport { AtprotoData, ensureAtpDocument } from '@atproto/identity'\nimport { DidString } from '@atproto/syntax'\nimport {\n AuthRequiredError,\n InvalidRequestError,\n Server,\n} from '@atproto/xrpc-server'\nimport { AccountStatus } from '../../../../account-manager/account-manager.js'\nimport { NEW_PASSWORD_MAX_LENGTH } from '../../../../account-manager/helpers/scrypt.js'\nimport { AppContext } from '../../../../context.js'\nimport { baseNormalizeAndValidate } from '../../../../handle/index.js'\nimport { com } from '../../../../lexicons/index.js'\nimport { syncEvtDataFromCommit } from '../../../../sequencer/index.js'\nimport { safeResolveDidDoc } from './util.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.server.createAccount, {\n rateLimit: {\n durationMs: 5 * MINUTE,\n points: 100,\n },\n auth: ctx.authVerifier.userServiceAuthOptional,\n handler: async ({\n input,\n auth,\n req,\n }): Promise<com.atproto.server.createAccount.$Output> => {\n // @NOTE Until this code and the OAuthStore's `createAccount` are\n // refactored together, any change made here must be reflected over there.\n\n const requester = auth.credentials?.did ?? null\n const {\n did,\n handle,\n email,\n password,\n inviteCode,\n signingKey,\n plcOp,\n deactivated,\n } = ctx.entrywayClient\n ? await validateInputsForEntrywayPds(ctx, input.body)\n : await validateInputsForLocalPds(ctx, input.body, requester)\n\n let didDoc: DidDocument | undefined\n let creds: { accessJwt: string; refreshJwt: string }\n await ctx.actorStore.create(did, signingKey)\n try {\n const commit = await ctx.actorStore.transact(did, (actorTxn) =>\n actorTxn.repo.createRepo([]),\n )\n\n // Generate a real did with PLC\n if (plcOp) {\n try {\n await ctx.plcClient.sendOperation(did, plcOp)\n } catch (err) {\n req.log.error(\n { didKey: ctx.plcRotationKey.did(), handle },\n 'failed to create did:plc',\n )\n throw err\n }\n }\n\n didDoc = await safeResolveDidDoc(ctx, did, true)\n\n creds = await ctx.accountManager.createAccountAndSession({\n did,\n handle,\n email,\n password,\n repoCid: commit.cid,\n repoRev: commit.rev,\n inviteCode,\n deactivated,\n })\n\n if (!deactivated) {\n await ctx.sequencer.sequenceIdentityEvt(did, handle)\n await ctx.sequencer.sequenceAccountEvt(did, AccountStatus.Active)\n await ctx.sequencer.sequenceCommit(did, commit)\n await ctx.sequencer.sequenceSyncEvt(\n did,\n syncEvtDataFromCommit(commit),\n )\n }\n await ctx.accountManager.updateRepoRoot(did, commit.cid, commit.rev)\n await ctx.actorStore.clearReservedKeypair(signingKey.did(), did)\n } catch (err) {\n // this will only be reached if the actor store _did not_ exist before\n await ctx.actorStore.destroy(did)\n throw err\n }\n\n return {\n encoding: 'application/json' as const,\n body: {\n handle,\n did: did,\n // @ts-expect-error https://github.com/bluesky-social/atproto/pull/4406\n didDoc,\n accessJwt: creds.accessJwt,\n refreshJwt: creds.refreshJwt,\n },\n }\n },\n })\n}\n\nconst validateInputsForEntrywayPds = async (\n ctx: AppContext,\n input: com.atproto.server.createAccount.$InputBody,\n) => {\n const { did, plcOp } = input\n const handle = baseNormalizeAndValidate(input.handle)\n if (!did || !input.plcOp) {\n throw new InvalidRequestError(\n 'non-entryway pds requires bringing a DID and plcOp',\n )\n }\n if (!check.is(plcOp, plc.def.operation)) {\n throw new InvalidRequestError('invalid plc operation', 'IncompatibleDidDoc')\n }\n const plcRotationKey = ctx.cfg.entryway?.plcRotationKey\n if (!plcRotationKey || !plcOp.rotationKeys.includes(plcRotationKey)) {\n throw new InvalidRequestError(\n 'PLC DID does not include service rotation key',\n 'IncompatibleDidDoc',\n )\n }\n try {\n await plc.assureValidOp(plcOp)\n await plc.assureValidSig([plcRotationKey], plcOp)\n } catch (err) {\n throw new InvalidRequestError('invalid plc operation', 'IncompatibleDidDoc')\n }\n const doc = plc.formatDidDoc({ did, ...plcOp })\n const data = ensureAtpDocument(doc)\n\n let signingKey: ExportableKeypair | undefined\n if (input.did) {\n signingKey = await ctx.actorStore.getReservedKeypair(input.did)\n }\n if (!signingKey) {\n signingKey = await ctx.actorStore.getReservedKeypair(data.signingKey)\n }\n if (!signingKey) {\n throw new InvalidRequestError('reserved signing key does not exist')\n }\n\n validateAtprotoData(data, {\n handle,\n pds: ctx.cfg.service.publicUrl,\n signingKey: signingKey.did(),\n })\n\n return {\n did,\n handle,\n email: undefined,\n password: undefined,\n inviteCode: undefined,\n signingKey,\n plcOp,\n deactivated: false,\n }\n}\n\nconst validateInputsForLocalPds = async (\n ctx: AppContext,\n input: com.atproto.server.createAccount.$InputBody,\n requester: string | null,\n) => {\n const { email, password, inviteCode } = input\n if (input.plcOp) {\n throw new InvalidRequestError('Unsupported input: \"plcOp\"')\n }\n\n if (password && password.length > NEW_PASSWORD_MAX_LENGTH) {\n throw new InvalidRequestError(\n `Password too long. Maximum length is ${NEW_PASSWORD_MAX_LENGTH} characters.`,\n )\n }\n\n if (ctx.cfg.invites.required && !inviteCode) {\n throw new InvalidRequestError(\n 'No invite code provided',\n 'InvalidInviteCode',\n )\n }\n\n if (!email) {\n throw new InvalidRequestError('Email is required')\n } else if (!isEmailValid(email) || isDisposableEmail(email)) {\n throw new InvalidRequestError(\n 'This email address is not supported, please use a different email.',\n )\n }\n\n // normalize & ensure valid handle\n const handle = await ctx.accountManager.normalizeAndValidateHandle(\n input.handle,\n { did: input.did },\n )\n\n // check that the invite code still has uses\n if (ctx.cfg.invites.required && inviteCode) {\n await ctx.accountManager.ensureInviteIsAvailable(inviteCode)\n }\n\n // check that the handle and email are available\n const [handleAccnt, emailAcct] = await Promise.all([\n ctx.accountManager.getAccount(handle),\n ctx.accountManager.getAccountByEmail(email),\n ])\n if (handleAccnt) {\n throw new InvalidRequestError(`Handle already taken: ${handle}`)\n } else if (emailAcct) {\n throw new InvalidRequestError(`Email already taken: ${email}`)\n }\n\n // determine the did & any plc ops we need to send\n // if the provided did document is poorly setup, we throw\n const signingKey = await Secp256k1Keypair.create({ exportable: true })\n\n let did: DidString\n let plcOp: plc.Operation | null\n let deactivated = false\n if (input.did) {\n if (input.did !== requester) {\n throw new AuthRequiredError(\n `Missing auth to create account with did: ${input.did}`,\n )\n }\n did = input.did\n plcOp = null\n deactivated = true\n } else {\n const formatted = await formatDidAndPlcOp(ctx, handle, input, signingKey)\n did = formatted.did as DidString\n plcOp = formatted.plcOp\n }\n\n return {\n did,\n handle,\n email,\n password,\n inviteCode,\n signingKey,\n plcOp,\n deactivated,\n }\n}\n\nconst formatDidAndPlcOp = async (\n ctx: AppContext,\n handle: string,\n input: com.atproto.server.createAccount.$InputBody,\n signingKey: Keypair,\n): Promise<{\n did: string\n plcOp: plc.Operation | null\n}> => {\n // if the user is not bringing a DID, then we format a create op for PLC\n const rotationKeys = [ctx.plcRotationKey.did()]\n if (ctx.cfg.identity.recoveryDidKey) {\n rotationKeys.unshift(ctx.cfg.identity.recoveryDidKey)\n }\n if (input.recoveryKey) {\n rotationKeys.unshift(input.recoveryKey)\n }\n const plcCreate = await plc.createOp({\n signingKey: signingKey.did(),\n rotationKeys,\n handle,\n pds: ctx.cfg.service.publicUrl,\n signer: ctx.plcRotationKey,\n })\n return {\n did: plcCreate.did,\n plcOp: plcCreate.op,\n }\n}\nconst validateAtprotoData = (\n data: AtprotoData,\n expected: {\n handle: string\n pds: string\n signingKey: string\n },\n) => {\n // if the user is bringing their own did:\n // resolve the user's did doc data, including rotationKeys if did:plc\n // determine if we have the capability to make changes to their DID\n if (data.handle !== expected.handle) {\n throw new InvalidRequestError(\n 'provided handle does not match DID document handle',\n 'IncompatibleDidDoc',\n )\n } else if (data.pds !== expected.pds) {\n throw new InvalidRequestError(\n 'DID document pds endpoint does not match service endpoint',\n 'IncompatibleDidDoc',\n )\n } else if (data.signingKey !== expected.signingKey) {\n throw new InvalidRequestError(\n 'DID document signing key does not match service signing key',\n 'IncompatibleDidDoc',\n )\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"createAccount.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/createAccount.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,cAAc,CAAA;AACnC,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAA;AAC/D,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAA;AAC/C,OAAO,EAA8B,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAC9E,OAAO,EAAe,iBAAiB,EAAE,MAAM,mBAAmB,CAAA;AAElE,OAAO,EACL,iBAAiB,EACjB,mBAAmB,GAEpB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,uBAAuB,EAAE,MAAM,+CAA+C,CAAA;AAEvF,OAAO,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAA;AACtE,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAA;AAE7C,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE;QAC3C,SAAS,EAAE;YACT,UAAU,EAAE,CAAC,GAAG,MAAM;YACtB,MAAM,EAAE,GAAG;SACZ;QACD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,uBAAuB;QAC9C,OAAO,EAAE,KAAK,EAAE,EACd,KAAK,EACL,IAAI,EACJ,GAAG,GACJ,EAAqD,EAAE;YACtD,iEAAiE;YACjE,0EAA0E;YAE1E,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,GAAG,IAAI,IAAI,CAAA;YAC/C,MAAM,EACJ,GAAG,EACH,MAAM,EACN,KAAK,EACL,QAAQ,EACR,UAAU,EACV,UAAU,EACV,KAAK,EACL,WAAW,GACZ,GAAG,GAAG,CAAC,cAAc;gBACpB,CAAC,CAAC,MAAM,4BAA4B,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC;gBACrD,CAAC,CAAC,MAAM,yBAAyB,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,EAAE,SAAS,CAAC,CAAA;YAE/D,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,CAAA;YAE5C,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE;oBAC7D,OAAO,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAA;gBACrC,CAAC,CAAC,CAAA;gBAEF,MAAM,YAAY;gBAChB,qEAAqE;gBACrE,oEAAoE;gBACpE,kBAAkB;gBAClB,CAAC,GAAG,CAAC,cAAc,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC,KAAK,CAAA;gBAEnD,+BAA+B;gBAC/B,IAAI,KAAK,EAAE,CAAC;oBACV,MAAM,GAAG,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;gBAC/C,CAAC;gBAED,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;oBAEtD,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,uBAAuB,CAAC;wBAC7D,GAAG;wBACH,MAAM;wBACN,KAAK;wBACL,QAAQ;wBACR,OAAO,EAAE,MAAM,CAAC,GAAG;wBACnB,OAAO,EAAE,MAAM,CAAC,GAAG;wBACnB,UAAU;wBACV,WAAW;qBACZ,CAAC,CAAA;oBAEF,IAAI,CAAC;wBACH,MAAM,WAAW,GAAG,CAAC,WAAW,CAAA;wBAChC,IAAI,WAAW,EAAE,CAAC;4BAChB,MAAM,GAAG,CAAC,SAAS,CAAC,uBAAuB,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;wBAClE,CAAC;wBAED,IAAI,CAAC;4BACH,MAAM,GAAG,CAAC,UAAU;iCACjB,oBAAoB,CAAC,UAAU,CAAC,GAAG,EAAE,EAAE,GAAG,CAAC;iCAC3C,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gCACb,+DAA+D;gCAC/D,+CAA+C;gCAC/C,GAAG,CAAC,GAAG,CAAC,KAAK,CACX,EAAE,GAAG,EAAE,aAAa,EAAE,UAAU,CAAC,GAAG,EAAE,EAAE,GAAG,EAAE,EAC7C,kCAAkC,CACnC,CAAA;4BACH,CAAC,CAAC,CAAA;4BAEJ,OAAO;gCACL,QAAQ,EAAE,kBAA2B;gCACrC,IAAI,EAAE;oCACJ,MAAM;oCACN,GAAG,EAAE,GAAG;oCACR,uEAAuE;oCACvE,MAAM;oCACN,SAAS,EAAE,KAAK,CAAC,SAAS;oCAC1B,UAAU,EAAE,KAAK,CAAC,UAAU;iCAC7B;6BACF,CAAA;wBACH,CAAC;wBAAC,OAAO,GAAG,EAAE,CAAC;4BACb,IAAI,WAAW;gCAAE,MAAM,GAAG,CAAC,SAAS,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAA;4BACjE,MAAM,GAAG,CAAA;wBACX,CAAC;oBACH,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,MAAM,GAAG,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;wBAC3C,MAAM,GAAG,CAAA;oBACX,CAAC;gBACH,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,IAAI,YAAY,EAAE,CAAC;wBACjB,MAAM,GAAG,CAAC,SAAS,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,cAAc,CAAC,CAAA;oBACxD,CAAC;oBACD,MAAM,GAAG,CAAA;gBACX,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBACjC,MAAM,GAAG,CAAA;YACX,CAAC;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED,MAAM,4BAA4B,GAAG,KAAK,EACxC,GAAe,EACf,KAAkD,EAClD,EAAE;IACF,MAAM,MAAM,GAAG,wBAAwB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;IAErD,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,KAAK,CAAA;IAC5B,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;QACnB,MAAM,IAAI,mBAAmB,CAC3B,oDAAoD,CACrD,CAAA;IACH,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,mBAAmB,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,CAAA;IAC9E,CAAC;IACD,MAAM,cAAc,GAAG,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAA;IACvD,IAAI,CAAC,cAAc,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QACpE,MAAM,IAAI,mBAAmB,CAC3B,+CAA+C,EAC/C,oBAAoB,CACrB,CAAA;IACH,CAAC;IACD,IAAI,CAAC;QACH,MAAM,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,CAAA;QAC9B,MAAM,GAAG,CAAC,cAAc,CAAC,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC,CAAA;IACnD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,mBAAmB,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,CAAA;IAC9E,CAAC;IACD,MAAM,GAAG,GAAG,GAAG,CAAC,YAAY,CAAC,EAAE,GAAG,EAAE,GAAG,KAAK,EAAE,CAAC,CAAA;IAC/C,MAAM,IAAI,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAA;IAEnC,IAAI,UAAyC,CAAA;IAC7C,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,UAAU,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACjE,CAAC;IACD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,UAAU,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IACvE,CAAC;IACD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,mBAAmB,CAAC,qCAAqC,CAAC,CAAA;IACtE,CAAC;IAED,mBAAmB,CAAC,IAAI,EAAE;QACxB,MAAM;QACN,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS;QAC9B,UAAU,EAAE,UAAU,CAAC,GAAG,EAAE;KAC7B,CAAC,CAAA;IAEF,OAAO;QACL,GAAG;QACH,MAAM;QACN,KAAK,EAAE,SAAS;QAChB,QAAQ,EAAE,SAAS;QACnB,UAAU,EAAE,SAAS;QACrB,UAAU;QACV,KAAK;QACL,WAAW,EAAE,KAAK;KACnB,CAAA;AACH,CAAC,CAAA;AAED,MAAM,yBAAyB,GAAG,KAAK,EACrC,GAAe,EACf,KAAkD,EAClD,SAAwB,EACxB,EAAE;IACF,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,KAAK,CAAA;IAC7C,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,MAAM,IAAI,mBAAmB,CAAC,4BAA4B,CAAC,CAAA;IAC7D,CAAC;IAED,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,uBAAuB,EAAE,CAAC;QAC1D,MAAM,IAAI,mBAAmB,CAC3B,wCAAwC,uBAAuB,cAAc,CAC9E,CAAA;IACH,CAAC;IAED,IAAI,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,CAAC,UAAU,EAAE,CAAC;QAC5C,MAAM,IAAI,mBAAmB,CAC3B,yBAAyB,EACzB,mBAAmB,CACpB,CAAA;IACH,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,mBAAmB,CAAC,mBAAmB,CAAC,CAAA;IACpD,CAAC;SAAM,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5D,MAAM,IAAI,mBAAmB,CAC3B,oEAAoE,CACrE,CAAA;IACH,CAAC;IAED,kCAAkC;IAClC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,0BAA0B,CAChE,KAAK,CAAC,MAAM,EACZ,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,CACnB,CAAA;IAED,4CAA4C;IAC5C,IAAI,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,UAAU,EAAE,CAAC;QAC3C,MAAM,GAAG,CAAC,cAAc,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAA;IAC9D,CAAC;IAED,gDAAgD;IAChD,MAAM,CAAC,WAAW,EAAE,SAAS,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACjD,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC;QACrC,GAAG,CAAC,cAAc,CAAC,iBAAiB,CAAC,KAAK,CAAC;KAC5C,CAAC,CAAA;IACF,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,IAAI,mBAAmB,CAAC,yBAAyB,MAAM,EAAE,CAAC,CAAA;IAClE,CAAC;SAAM,IAAI,SAAS,EAAE,CAAC;QACrB,MAAM,IAAI,mBAAmB,CAAC,wBAAwB,KAAK,EAAE,CAAC,CAAA;IAChE,CAAC;IAED,kDAAkD;IAClD,yDAAyD;IACzD,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAA;IAEtE,IAAI,GAAc,CAAA;IAClB,IAAI,KAA2B,CAAA;IAC/B,IAAI,WAAW,GAAG,KAAK,CAAA;IACvB,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,IAAI,KAAK,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,IAAI,iBAAiB,CACzB,4CAA4C,KAAK,CAAC,GAAG,EAAE,CACxD,CAAA;QACH,CAAC;QACD,GAAG,GAAG,KAAK,CAAC,GAAG,CAAA;QACf,KAAK,GAAG,IAAI,CAAA;QACZ,WAAW,GAAG,IAAI,CAAA;IACpB,CAAC;SAAM,CAAC;QACN,MAAM,SAAS,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC,CAAA;QACzE,GAAG,GAAG,SAAS,CAAC,GAAgB,CAAA;QAChC,KAAK,GAAG,SAAS,CAAC,EAAE,CAAA;IACtB,CAAC;IAED,OAAO;QACL,GAAG;QACH,MAAM;QACN,KAAK;QACL,QAAQ;QACR,UAAU;QACV,UAAU;QACV,KAAK;QACL,WAAW;KACZ,CAAA;AACH,CAAC,CAAA;AAED,MAAM,iBAAiB,GAAG,KAAK,EAC7B,GAAe,EACf,MAAc,EACd,KAAkD,EAClD,UAAmB,EACnB,EAAE;IACF,wEAAwE;IACxE,MAAM,YAAY,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC,CAAA;IAC/C,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;QACpC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;IACvD,CAAC;IACD,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;QACtB,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAA;IACzC,CAAC;IACD,OAAO,GAAG,CAAC,QAAQ,CAAC;QAClB,UAAU,EAAE,UAAU,CAAC,GAAG,EAAE;QAC5B,YAAY;QACZ,MAAM;QACN,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS;QAC9B,MAAM,EAAE,GAAG,CAAC,cAAc;KAC3B,CAAC,CAAA;AACJ,CAAC,CAAA;AACD,MAAM,mBAAmB,GAAG,CAC1B,IAAiB,EACjB,QAIC,EACD,EAAE;IACF,yCAAyC;IACzC,qEAAqE;IACrE,mEAAmE;IACnE,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;QACpC,MAAM,IAAI,mBAAmB,CAC3B,oDAAoD,EACpD,oBAAoB,CACrB,CAAA;IACH,CAAC;SAAM,IAAI,IAAI,CAAC,GAAG,KAAK,QAAQ,CAAC,GAAG,EAAE,CAAC;QACrC,MAAM,IAAI,mBAAmB,CAC3B,2DAA2D,EAC3D,oBAAoB,CACrB,CAAA;IACH,CAAC;SAAM,IAAI,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,UAAU,EAAE,CAAC;QACnD,MAAM,IAAI,mBAAmB,CAC3B,6DAA6D,EAC7D,oBAAoB,CACrB,CAAA;IACH,CAAC;AACH,CAAC,CAAA","sourcesContent":["import * as plc from '@did-plc/lib'\nimport { isEmailValid } from '@hapi/address'\nimport { isDisposableEmail } from 'disposable-email-domains-js'\nimport { MINUTE, check } from '@atproto/common'\nimport { ExportableKeypair, Keypair, Secp256k1Keypair } from '@atproto/crypto'\nimport { AtprotoData, ensureAtpDocument } from '@atproto/identity'\nimport { DidString } from '@atproto/syntax'\nimport {\n AuthRequiredError,\n InvalidRequestError,\n Server,\n} from '@atproto/xrpc-server'\nimport { NEW_PASSWORD_MAX_LENGTH } from '../../../../account-manager/helpers/scrypt.js'\nimport { AppContext } from '../../../../context.js'\nimport { baseNormalizeAndValidate } from '../../../../handle/index.js'\nimport { com } from '../../../../lexicons/index.js'\nimport { safeResolveDidDoc } from './util.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.server.createAccount, {\n rateLimit: {\n durationMs: 5 * MINUTE,\n points: 100,\n },\n auth: ctx.authVerifier.userServiceAuthOptional,\n handler: async ({\n input,\n auth,\n req,\n }): Promise<com.atproto.server.createAccount.$Output> => {\n // @NOTE Until this code and the OAuthStore's `createAccount` are\n // refactored together, any change made here must be reflected over there.\n\n const requester = auth.credentials?.did ?? null\n const {\n did,\n handle,\n email,\n password,\n inviteCode,\n signingKey,\n plcOp,\n deactivated,\n } = ctx.entrywayClient\n ? await validateInputsForEntrywayPds(ctx, input.body)\n : await validateInputsForLocalPds(ctx, input.body, requester)\n\n await ctx.actorStore.create(did, signingKey)\n\n try {\n const commit = await ctx.actorStore.transact(did, (actorTxn) => {\n return actorTxn.repo.createRepo([])\n })\n\n const canTombstone =\n // @NOTE IMPORTANT Because the user may be bringing their own did, we\n // must make sure not to tombstone their did on failure if we didn't\n // create it here.\n !ctx.entrywayClient && !input.body.did && !!plcOp\n\n // Generate a real did with PLC\n if (plcOp) {\n await ctx.plcClient.sendOperation(did, plcOp)\n }\n\n try {\n const didDoc = await safeResolveDidDoc(ctx, did, true)\n\n const creds = await ctx.accountManager.createAccountAndSession({\n did,\n handle,\n email,\n password,\n repoCid: commit.cid,\n repoRev: commit.rev,\n inviteCode,\n deactivated,\n })\n\n try {\n const sequenceEvt = !deactivated\n if (sequenceEvt) {\n await ctx.sequencer.sequenceAccountCreation(did, handle, commit)\n }\n\n try {\n await ctx.actorStore\n .clearReservedKeypair(signingKey.did(), did)\n .catch((err) => {\n // @NOTE This is a cleanup operation so we won't fail the whole\n // flow if it fails, but we log it just in case\n req.log.error(\n { did, signingKeyDid: signingKey.did(), err },\n 'Failed to clear reserved keypair',\n )\n })\n\n return {\n encoding: 'application/json' as const,\n body: {\n handle,\n did: did,\n // @ts-expect-error https://github.com/bluesky-social/atproto/pull/4406\n didDoc,\n accessJwt: creds.accessJwt,\n refreshJwt: creds.refreshJwt,\n },\n }\n } catch (err) {\n if (sequenceEvt) await ctx.sequencer.sequenceAccountDeletion(did)\n throw err\n }\n } catch (err) {\n await ctx.accountManager.deleteAccount(did)\n throw err\n }\n } catch (err) {\n if (canTombstone) {\n await ctx.plcClient.tombstone(did, ctx.plcRotationKey)\n }\n throw err\n }\n } catch (err) {\n await ctx.actorStore.destroy(did)\n throw err\n }\n },\n })\n}\n\nconst validateInputsForEntrywayPds = async (\n ctx: AppContext,\n input: com.atproto.server.createAccount.$InputBody,\n) => {\n const handle = baseNormalizeAndValidate(input.handle)\n\n const { did, plcOp } = input\n if (!did || !plcOp) {\n throw new InvalidRequestError(\n 'non-entryway pds requires bringing a DID and plcOp',\n )\n }\n if (!check.is(plcOp, plc.def.operation)) {\n throw new InvalidRequestError('invalid plc operation', 'IncompatibleDidDoc')\n }\n const plcRotationKey = ctx.cfg.entryway?.plcRotationKey\n if (!plcRotationKey || !plcOp.rotationKeys.includes(plcRotationKey)) {\n throw new InvalidRequestError(\n 'PLC DID does not include service rotation key',\n 'IncompatibleDidDoc',\n )\n }\n try {\n await plc.assureValidOp(plcOp)\n await plc.assureValidSig([plcRotationKey], plcOp)\n } catch (err) {\n throw new InvalidRequestError('invalid plc operation', 'IncompatibleDidDoc')\n }\n const doc = plc.formatDidDoc({ did, ...plcOp })\n const data = ensureAtpDocument(doc)\n\n let signingKey: ExportableKeypair | undefined\n if (input.did) {\n signingKey = await ctx.actorStore.getReservedKeypair(input.did)\n }\n if (!signingKey) {\n signingKey = await ctx.actorStore.getReservedKeypair(data.signingKey)\n }\n if (!signingKey) {\n throw new InvalidRequestError('reserved signing key does not exist')\n }\n\n validateAtprotoData(data, {\n handle,\n pds: ctx.cfg.service.publicUrl,\n signingKey: signingKey.did(),\n })\n\n return {\n did,\n handle,\n email: undefined,\n password: undefined,\n inviteCode: undefined,\n signingKey,\n plcOp,\n deactivated: false,\n }\n}\n\nconst validateInputsForLocalPds = async (\n ctx: AppContext,\n input: com.atproto.server.createAccount.$InputBody,\n requester: string | null,\n) => {\n const { email, password, inviteCode } = input\n if (input.plcOp) {\n throw new InvalidRequestError('Unsupported input: \"plcOp\"')\n }\n\n if (password && password.length > NEW_PASSWORD_MAX_LENGTH) {\n throw new InvalidRequestError(\n `Password too long. Maximum length is ${NEW_PASSWORD_MAX_LENGTH} characters.`,\n )\n }\n\n if (ctx.cfg.invites.required && !inviteCode) {\n throw new InvalidRequestError(\n 'No invite code provided',\n 'InvalidInviteCode',\n )\n }\n\n if (!email) {\n throw new InvalidRequestError('Email is required')\n } else if (!isEmailValid(email) || isDisposableEmail(email)) {\n throw new InvalidRequestError(\n 'This email address is not supported, please use a different email.',\n )\n }\n\n // normalize & ensure valid handle\n const handle = await ctx.accountManager.normalizeAndValidateHandle(\n input.handle,\n { did: input.did },\n )\n\n // check that the invite code still has uses\n if (ctx.cfg.invites.required && inviteCode) {\n await ctx.accountManager.ensureInviteIsAvailable(inviteCode)\n }\n\n // check that the handle and email are available\n const [handleAccnt, emailAcct] = await Promise.all([\n ctx.accountManager.getAccount(handle),\n ctx.accountManager.getAccountByEmail(email),\n ])\n if (handleAccnt) {\n throw new InvalidRequestError(`Handle already taken: ${handle}`)\n } else if (emailAcct) {\n throw new InvalidRequestError(`Email already taken: ${email}`)\n }\n\n // determine the did & any plc ops we need to send\n // if the provided did document is poorly setup, we throw\n const signingKey = await Secp256k1Keypair.create({ exportable: true })\n\n let did: DidString\n let plcOp: plc.Operation | null\n let deactivated = false\n if (input.did) {\n if (input.did !== requester) {\n throw new AuthRequiredError(\n `Missing auth to create account with did: ${input.did}`,\n )\n }\n did = input.did\n plcOp = null\n deactivated = true\n } else {\n const formatted = await formatDidAndPlcOp(ctx, handle, input, signingKey)\n did = formatted.did as DidString\n plcOp = formatted.op\n }\n\n return {\n did,\n handle,\n email,\n password,\n inviteCode,\n signingKey,\n plcOp,\n deactivated,\n }\n}\n\nconst formatDidAndPlcOp = async (\n ctx: AppContext,\n handle: string,\n input: com.atproto.server.createAccount.$InputBody,\n signingKey: Keypair,\n) => {\n // if the user is not bringing a DID, then we format a create op for PLC\n const rotationKeys = [ctx.plcRotationKey.did()]\n if (ctx.cfg.identity.recoveryDidKey) {\n rotationKeys.unshift(ctx.cfg.identity.recoveryDidKey)\n }\n if (input.recoveryKey) {\n rotationKeys.unshift(input.recoveryKey)\n }\n return plc.createOp({\n signingKey: signingKey.did(),\n rotationKeys,\n handle,\n pds: ctx.cfg.service.publicUrl,\n signer: ctx.plcRotationKey,\n })\n}\nconst validateAtprotoData = (\n data: AtprotoData,\n expected: {\n handle: string\n pds: string\n signingKey: string\n },\n) => {\n // if the user is bringing their own did:\n // resolve the user's did doc data, including rotationKeys if did:plc\n // determine if we have the capability to make changes to their DID\n if (data.handle !== expected.handle) {\n throw new InvalidRequestError(\n 'provided handle does not match DID document handle',\n 'IncompatibleDidDoc',\n )\n } else if (data.pds !== expected.pds) {\n throw new InvalidRequestError(\n 'DID document pds endpoint does not match service endpoint',\n 'IncompatibleDidDoc',\n )\n } else if (data.signingKey !== expected.signingKey) {\n throw new InvalidRequestError(\n 'DID document signing key does not match service signing key',\n 'IncompatibleDidDoc',\n )\n }\n}\n"]}
|
|
@@ -30,7 +30,7 @@ export default function (server, ctx) {
|
|
|
30
30
|
const requester = auth.credentials.did;
|
|
31
31
|
await ctx.accountManager.deactivateAccount(requester, body.deleteAfter ?? null);
|
|
32
32
|
const status = await ctx.accountManager.getAccountStatus(requester);
|
|
33
|
-
await ctx.sequencer.
|
|
33
|
+
await ctx.sequencer.sequenceAccount(requester, status);
|
|
34
34
|
},
|
|
35
35
|
});
|
|
36
36
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"deactivateAccount.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/deactivateAccount.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAU,MAAM,sBAAsB,CAAA;AAC7D,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAElE,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AAEnD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,EAAE,cAAc,EAAE,GAAG,GAAG,CAAA;IAE9B,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC;QAC1C,UAAU,EAAE,CAAC,SAAS,CAAC,SAAS,CAAC;QACjC,MAAM,EAAE,WAAW;QACnB,SAAS,EAAE,GAAG,EAAE;YACd,MAAM,IAAI,cAAc,CACtB,uDAAuD,CACxD,CAAA;QACH,CAAC;KACF,CAAC,CAAA;IAEF,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE;YAC/C,IAAI;YACJ,gIAAgI;YAChI,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;gBAC1C,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAA;gBACpD,MAAM,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE;oBAC9D,OAAO;oBACP,IAAI;iBACL,CAAC,CAAA;YACJ,CAAC;SACF,CAAC,CAAA;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE;YAC/C,IAAI;YACJ,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;gBAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAA;gBACtC,MAAM,GAAG,CAAC,cAAc,CAAC,iBAAiB,CACxC,SAAS,EACT,IAAI,CAAC,WAAW,IAAI,IAAI,CACzB,CAAA;gBACD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAA;gBACnE,MAAM,GAAG,CAAC,SAAS,CAAC,
|
|
1
|
+
{"version":3,"file":"deactivateAccount.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/deactivateAccount.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAU,MAAM,sBAAsB,CAAA;AAC7D,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAElE,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AAEnD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,EAAE,cAAc,EAAE,GAAG,GAAG,CAAA;IAE9B,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC;QAC1C,UAAU,EAAE,CAAC,SAAS,CAAC,SAAS,CAAC;QACjC,MAAM,EAAE,WAAW;QACnB,SAAS,EAAE,GAAG,EAAE;YACd,MAAM,IAAI,cAAc,CACtB,uDAAuD,CACxD,CAAA;QACH,CAAC;KACF,CAAC,CAAA;IAEF,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE;YAC/C,IAAI;YACJ,gIAAgI;YAChI,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;gBAC1C,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAA;gBACpD,MAAM,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE;oBAC9D,OAAO;oBACP,IAAI;iBACL,CAAC,CAAA;YACJ,CAAC;SACF,CAAC,CAAA;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE;YAC/C,IAAI;YACJ,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;gBAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAA;gBACtC,MAAM,GAAG,CAAC,cAAc,CAAC,iBAAiB,CACxC,SAAS,EACT,IAAI,CAAC,WAAW,IAAI,IAAI,CACzB,CAAA;gBACD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAA;gBACnE,MAAM,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;YACxD,CAAC;SACF,CAAC,CAAA;IACJ,CAAC;AACH,CAAC","sourcesContent":["import { ForbiddenError, Server } from '@atproto/xrpc-server'\nimport { ACCESS_FULL, AuthScope } from '../../../../auth-scope.js'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\n\nexport default function (server: Server, ctx: AppContext) {\n const { entrywayClient } = ctx\n\n const auth = ctx.authVerifier.authorization({\n additional: [AuthScope.Takendown],\n scopes: ACCESS_FULL,\n authorize: () => {\n throw new ForbiddenError(\n 'OAuth credentials are not supported for this endpoint',\n )\n },\n })\n\n if (entrywayClient) {\n server.add(com.atproto.server.deactivateAccount, {\n auth,\n // in the case of entryway, the full flow is deactivateAccount (PDS) -> deactivateAccount (Entryway) -> updateSubjectStatus(PDS)\n handler: async ({ input: { body }, req }) => {\n const { headers } = ctx.entrywayPassthruHeaders(req)\n await entrywayClient.xrpc(com.atproto.server.deactivateAccount, {\n headers,\n body,\n })\n },\n })\n } else {\n server.add(com.atproto.server.deactivateAccount, {\n auth,\n handler: async ({ input: { body }, auth }) => {\n const requester = auth.credentials.did\n await ctx.accountManager.deactivateAccount(\n requester,\n body.deleteAfter ?? null,\n )\n const status = await ctx.accountManager.getAccountStatus(requester)\n await ctx.sequencer.sequenceAccount(requester, status)\n },\n })\n }\n}\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"deleteAccount.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/deleteAccount.ts"],"names":[],"mappings":"AACA,OAAO,EAGL,MAAM,EACP,MAAM,sBAAsB,CAAA;
|
|
1
|
+
{"version":3,"file":"deleteAccount.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/deleteAccount.ts"],"names":[],"mappings":"AACA,OAAO,EAGL,MAAM,EACP,MAAM,sBAAsB,CAAA;AAE7B,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAGnD,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QAyDvD"}
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
import { MINUTE } from '@atproto/common';
|
|
2
2
|
import { AuthRequiredError, InvalidRequestError, } from '@atproto/xrpc-server';
|
|
3
|
-
import { AccountStatus } from '../../../../account-manager/account-manager.js';
|
|
4
3
|
import { OLD_PASSWORD_MAX_LENGTH } from '../../../../account-manager/helpers/scrypt.js';
|
|
5
4
|
import { com } from '../../../../lexicons/index.js';
|
|
6
5
|
export default function (server, ctx) {
|
|
@@ -35,10 +34,16 @@ export default function (server, ctx) {
|
|
|
35
34
|
throw new AuthRequiredError('Invalid did or password');
|
|
36
35
|
}
|
|
37
36
|
await ctx.accountManager.assertValidEmailToken(did, 'delete_account', token);
|
|
38
|
-
|
|
37
|
+
// @NOTE Order matters here: first "unlink" the account by removing it
|
|
38
|
+
// from the account manager database ("source of truth"), then notify the
|
|
39
|
+
// sequencer, and finally cleanup files from the file system.
|
|
39
40
|
await ctx.accountManager.deleteAccount(did);
|
|
40
|
-
|
|
41
|
-
|
|
41
|
+
try {
|
|
42
|
+
await ctx.sequencer.sequenceAccountDeletion(did);
|
|
43
|
+
}
|
|
44
|
+
finally {
|
|
45
|
+
await ctx.actorStore.destroy(did);
|
|
46
|
+
}
|
|
42
47
|
},
|
|
43
48
|
});
|
|
44
49
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"deleteAccount.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/deleteAccount.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AACxC,OAAO,EACL,iBAAiB,EACjB,mBAAmB,GAEpB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"deleteAccount.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/deleteAccount.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AACxC,OAAO,EACL,iBAAiB,EACjB,mBAAmB,GAEpB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,uBAAuB,EAAE,MAAM,+CAA+C,CAAA;AAEvF,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AAEnD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,EAAE,cAAc,EAAE,GAAG,GAAG,CAAA;IAE9B,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE;QAC3C,SAAS,EAAE;YACT,UAAU,EAAE,CAAC,GAAG,MAAM;YACtB,MAAM,EAAE,EAAE;SACX;QACD,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;YAC1C,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;YAErC,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,EAAE;gBACvD,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CAAC,CAAA;YACF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,mBAAmB,CAAC,mBAAmB,CAAC,CAAA;YACpD,CAAC;YAED,IAAI,cAAc,EAAE,CAAC;gBACnB,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAA;gBACpD,MAAM,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE;oBAC1D,IAAI;oBACJ,OAAO;iBACR,CAAC,CAAA;gBACF,OAAM;YACR,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,GAAG,uBAAuB,EAAE,CAAC;gBAC9C,MAAM,IAAI,mBAAmB,CAAC,0BAA0B,CAAC,CAAA;YAC3D,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,qBAAqB,CAC9D,GAAG,EACH,QAAQ,CACT,CAAA;YACD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,iBAAiB,CAAC,yBAAyB,CAAC,CAAA;YACxD,CAAC;YAED,MAAM,GAAG,CAAC,cAAc,CAAC,qBAAqB,CAC5C,GAAG,EACH,gBAAgB,EAChB,KAAK,CACN,CAAA;YAED,sEAAsE;YACtE,yEAAyE;YACzE,6DAA6D;YAC7D,MAAM,GAAG,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;YAC3C,IAAI,CAAC;gBACH,MAAM,GAAG,CAAC,SAAS,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAA;YAClD,CAAC;oBAAS,CAAC;gBACT,MAAM,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;YACnC,CAAC;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import { MINUTE } from '@atproto/common'\nimport {\n AuthRequiredError,\n InvalidRequestError,\n Server,\n} from '@atproto/xrpc-server'\nimport { OLD_PASSWORD_MAX_LENGTH } from '../../../../account-manager/helpers/scrypt.js'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\n\nexport default function (server: Server, ctx: AppContext) {\n const { entrywayClient } = ctx\n\n server.add(com.atproto.server.deleteAccount, {\n rateLimit: {\n durationMs: 5 * MINUTE,\n points: 50,\n },\n handler: async ({ input: { body }, req }) => {\n const { did, password, token } = body\n\n const account = await ctx.accountManager.getAccount(did, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n if (!account) {\n throw new InvalidRequestError('account not found')\n }\n\n if (entrywayClient) {\n const { headers } = ctx.entrywayPassthruHeaders(req)\n await entrywayClient.xrpc(com.atproto.server.deleteAccount, {\n body,\n headers,\n })\n return\n }\n\n if (password.length > OLD_PASSWORD_MAX_LENGTH) {\n throw new InvalidRequestError('Invalid password length.')\n }\n\n const validPass = await ctx.accountManager.verifyAccountPassword(\n did,\n password,\n )\n if (!validPass) {\n throw new AuthRequiredError('Invalid did or password')\n }\n\n await ctx.accountManager.assertValidEmailToken(\n did,\n 'delete_account',\n token,\n )\n\n // @NOTE Order matters here: first \"unlink\" the account by removing it\n // from the account manager database (\"source of truth\"), then notify the\n // sequencer, and finally cleanup files from the file system.\n await ctx.accountManager.deleteAccount(did)\n try {\n await ctx.sequencer.sequenceAccountDeletion(did)\n } finally {\n await ctx.actorStore.destroy(did)\n }\n },\n })\n}\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getRepo.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/getRepo.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAA;
|
|
1
|
+
{"version":3,"file":"getRepo.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/getRepo.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAA;AAMhC,OAAO,EAAuB,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAOlE,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAMnD,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QAgCvD;AAED,eAAO,MAAM,YAAY,GACvB,KAAK,UAAU,EACf,KAAK,MAAM,EACX,QAAQ,MAAM,KACb,OAAO,CAAC,MAAM,CAAC,QAAQ,CAiBzB,CAAA"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { byteIterableToStream, coalesceByteStream } from '@atproto/common';
|
|
1
|
+
import { MINUTE, byteIterableToStream, coalesceByteStream, } from '@atproto/common';
|
|
2
2
|
import { InvalidRequestError } from '@atproto/xrpc-server';
|
|
3
3
|
import { RepoRootNotFoundError, SqlRepoReader, } from '../../../../actor-store/repo/sql-repo-reader.js';
|
|
4
4
|
import { AuthScope } from '../../../../auth-scope.js';
|
|
@@ -14,6 +14,10 @@ export default function (server, ctx) {
|
|
|
14
14
|
// always allow
|
|
15
15
|
},
|
|
16
16
|
}),
|
|
17
|
+
rateLimit: {
|
|
18
|
+
durationMs: 5 * MINUTE,
|
|
19
|
+
points: 6000,
|
|
20
|
+
},
|
|
17
21
|
handler: async ({ req, params, auth }) => {
|
|
18
22
|
const { did, since } = params;
|
|
19
23
|
await assertRepoAvailability(ctx, did, isUserOrAdmin(auth, did));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getRepo.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/getRepo.ts"],"names":[],"mappings":"AACA,OAAO,
|
|
1
|
+
{"version":3,"file":"getRepo.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/getRepo.ts"],"names":[],"mappings":"AACA,OAAO,EACL,MAAM,EACN,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,iBAAiB,CAAA;AACxB,OAAO,EAAE,mBAAmB,EAAU,MAAM,sBAAsB,CAAA;AAClE,OAAO,EACL,qBAAqB,EACrB,aAAa,GACd,MAAM,iDAAiD,CAAA;AACxD,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAA;AAE5D,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACnD,OAAO,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAA;AAElD,MAAM,qBAAqB,GAAG,EAAE,GAAG,IAAI,CAAA;AAEvC,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE;QACnC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,iCAAiC,CAAC;YACvD,UAAU,EAAE,CAAC,SAAS,CAAC,SAAS,CAAC;YACjC,SAAS,EAAE,GAAG,EAAE;gBACd,eAAe;YACjB,CAAC;SACF,CAAC;QACF,SAAS,EAAE;YACT,UAAU,EAAE,CAAC,GAAG,MAAM;YACtB,MAAM,EAAE,IAAI;SACb;QACD,OAAO,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE;YACvC,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,MAAM,CAAA;YAC7B,MAAM,sBAAsB,CAAC,GAAG,EAAE,GAAG,EAAE,aAAa,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAA;YAEhE,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;YAErD,OAAO;gBACL,QAAQ,EAAE,0BAAmC;gBAC7C,wEAAwE;gBACxE,oEAAoE;gBACpE,sEAAsE;gBACtE,EAAE;gBACF,+DAA+D;gBAC/D,oEAAoE;gBACpE,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC;oBAClC,CAAC,CAAC,kBAAkB,CAAC,SAAS,EAAE,qBAAqB,CAAC;oBACtD,CAAC,CAAC,SAAS;aACd,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAC/B,GAAe,EACf,GAAW,EACX,KAAc,EACY,EAAE;IAC5B,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;IAChD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC,OAAO,CAAC,CAAA;QAC1C,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,CAAA;QACjD,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;QAC/C,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,CAAA;QACrC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAC9B,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAC9B,OAAO,SAAS,CAAA;IAClB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,CAAC,KAAK,EAAE,CAAA;QACrB,IAAI,GAAG,YAAY,qBAAqB,EAAE,CAAC;YACzC,MAAM,IAAI,mBAAmB,CAAC,gCAAgC,GAAG,EAAE,CAAC,CAAA;QACtE,CAAC;QACD,MAAM,GAAG,CAAA;IACX,CAAC;AACH,CAAC,CAAA","sourcesContent":["import stream from 'node:stream'\nimport {\n MINUTE,\n byteIterableToStream,\n coalesceByteStream,\n} from '@atproto/common'\nimport { InvalidRequestError, Server } from '@atproto/xrpc-server'\nimport {\n RepoRootNotFoundError,\n SqlRepoReader,\n} from '../../../../actor-store/repo/sql-repo-reader.js'\nimport { AuthScope } from '../../../../auth-scope.js'\nimport { isUserOrAdmin } from '../../../../auth-verifier.js'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\nimport { assertRepoAvailability } from './util.js'\n\nconst CAR_STREAM_CHUNK_SIZE = 64 * 1024\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.sync.getRepo, {\n auth: ctx.authVerifier.authorizationOrAdminTokenOptional({\n additional: [AuthScope.Takendown],\n authorize: () => {\n // always allow\n },\n }),\n rateLimit: {\n durationMs: 5 * MINUTE,\n points: 6000,\n },\n handler: async ({ req, params, auth }) => {\n const { did, since } = params\n await assertRepoAvailability(ctx, did, isUserOrAdmin(auth, did))\n\n const carStream = await getCarStream(ctx, did, since)\n\n return {\n encoding: 'application/vnd.ipld.car' as const,\n // @NOTE If the client asked for compression (via \"accept-encoding\"), we\n // coalesce the CAR stream into larger chunks to improve compression\n // efficiency. See https://github.com/bluesky-social/atproto/pull/5078\n //\n // @TODO This would be better handled by xrpc-server and/or the\n // compression middleware instead of manually coalescing the stream.\n body: req.headers['accept-encoding']\n ? coalesceByteStream(carStream, CAR_STREAM_CHUNK_SIZE)\n : carStream,\n }\n },\n })\n}\n\nexport const getCarStream = async (\n ctx: AppContext,\n did: string,\n since?: string,\n): Promise<stream.Readable> => {\n const actorDb = await ctx.actorStore.openDb(did)\n try {\n const storage = new SqlRepoReader(actorDb)\n const carIter = await storage.getCarStream(since)\n const carStream = byteIterableToStream(carIter)\n const closeDb = () => actorDb.close()\n carStream.on('error', closeDb)\n carStream.on('close', closeDb)\n return carStream\n } catch (err) {\n await actorDb.close()\n if (err instanceof RepoRootNotFoundError) {\n throw new InvalidRequestError(`Could not find repo for DID: ${did}`)\n }\n throw err\n }\n}\n"]}
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,sBAAsB,CAAA;AAG7B,OAAO,IAAI,MAAM,WAAW,CAAA;AAG5B,OAAO,OAAO,MAAM,SAAS,CAAA;AAO7B,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,sBAAsB,CAAA;AAG7B,OAAO,IAAI,MAAM,WAAW,CAAA;AAG5B,OAAO,OAAO,MAAM,SAAS,CAAA;AAO7B,OAAO,EACL,aAAa,EAId,MAAM,sBAAsB,CAAA;AAI7B,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAC/D,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAA;AAE5D,OAAO,EAAE,GAAG,EAAE,MAAM,eAAe,CAAA;AAOnC,cAAc,eAAe,CAAA;AAC7B,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,oBAAoB,CAAA;AAC3B,cAAc,mBAAmB,CAAA;AACjC,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AACzC,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,OAAO,EAAE,KAAK,iBAAiB,EAAE,KAAK,aAAa,EAAE,MAAM,iBAAiB,CAAA;AAC5E,OAAO,KAAK,WAAW,MAAM,mBAAmB,CAAA;AAChD,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAA;AAC5C,OAAO,KAAK,SAAS,MAAM,sBAAsB,CAAA;AAEjD;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,aAAa,CACzC,IAAI,EACJ,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,OAAO,EACrC,IAAI,EACJ,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,OAAO,CACtC,CAAA;AAED,qBAAa,GAAG;IACP,GAAG,EAAE,UAAU,CAAA;IACf,GAAG,EAAE,OAAO,CAAC,WAAW,CAAA;IACxB,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAA;IAC3B,OAAO,CAAC,UAAU,CAAC,CAAgB;IACnC,OAAO,CAAC,eAAe,CAAC,CAAgB;IACxC,OAAO,CAAC,sBAAsB,CAAC,CAAgB;gBAEnC,IAAI,EAAE;QAAE,GAAG,EAAE,UAAU,CAAC;QAAC,GAAG,EAAE,OAAO,CAAC,WAAW,CAAA;KAAE;WAKlD,MAAM,CACjB,GAAG,EAAE,YAAY,EACjB,OAAO,EAAE,aAAa,EACtB,SAAS,CAAC,EAAE,OAAO,CAAC,iBAAiB,CAAC,GACrC,OAAO,CAAC,GAAG,CAAC;IAgET,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC;IAU7B,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAU/B;AAED,eAAe,GAAG,CAAA"}
|
package/dist/index.js
CHANGED
|
@@ -11,8 +11,8 @@ import express from 'express';
|
|
|
11
11
|
import httpTerminator from 'http-terminator';
|
|
12
12
|
// eslint-disable-next-line import/no-named-as-default-member
|
|
13
13
|
const { createHttpTerminator } = httpTerminator;
|
|
14
|
-
import { DAY,
|
|
15
|
-
import {
|
|
14
|
+
import { DAY, SECOND } from '@atproto/common';
|
|
15
|
+
import { ResponseType, XRPCError, createServer, } from '@atproto/xrpc-server';
|
|
16
16
|
import apiRoutes from './api/index.js';
|
|
17
17
|
import * as authRoutes from './auth-routes.js';
|
|
18
18
|
import * as basicRoutes from './basic-routes.js';
|
|
@@ -20,6 +20,7 @@ import { AppContext } from './context.js';
|
|
|
20
20
|
import * as error from './error.js';
|
|
21
21
|
import { loggerMiddleware } from './logger.js';
|
|
22
22
|
import { proxyHandler } from './pipethrough.js';
|
|
23
|
+
import { buildRateLimitsConfig } from './rate-limits.js';
|
|
23
24
|
import compression from './util/compression.js';
|
|
24
25
|
import * as wellKnown from './well-known.js';
|
|
25
26
|
export * from './lexicons.js';
|
|
@@ -62,43 +63,7 @@ export class PDS {
|
|
|
62
63
|
}
|
|
63
64
|
return XRPCError.fromError(err);
|
|
64
65
|
},
|
|
65
|
-
rateLimits: rateLimits.
|
|
66
|
-
? {
|
|
67
|
-
creator: ctx.redisScratch
|
|
68
|
-
? (opts) => new RedisRateLimiter(ctx.redisScratch, opts)
|
|
69
|
-
: (opts) => new MemoryRateLimiter(opts),
|
|
70
|
-
bypass: ({ req }) => {
|
|
71
|
-
const { bypassKey, bypassIps } = rateLimits;
|
|
72
|
-
if (bypassKey &&
|
|
73
|
-
bypassKey === req.headers['x-ratelimit-bypass']) {
|
|
74
|
-
return true;
|
|
75
|
-
}
|
|
76
|
-
if (bypassIps && bypassIps.includes(req.ip)) {
|
|
77
|
-
return true;
|
|
78
|
-
}
|
|
79
|
-
return false;
|
|
80
|
-
},
|
|
81
|
-
global: [
|
|
82
|
-
{
|
|
83
|
-
name: 'global-ip',
|
|
84
|
-
durationMs: 5 * MINUTE,
|
|
85
|
-
points: 3000,
|
|
86
|
-
},
|
|
87
|
-
],
|
|
88
|
-
shared: [
|
|
89
|
-
{
|
|
90
|
-
name: 'repo-write-hour',
|
|
91
|
-
durationMs: HOUR,
|
|
92
|
-
points: 5000, // creates=3, puts=2, deletes=1
|
|
93
|
-
},
|
|
94
|
-
{
|
|
95
|
-
name: 'repo-write-day',
|
|
96
|
-
durationMs: DAY,
|
|
97
|
-
points: 35000, // creates=3, puts=2, deletes=1
|
|
98
|
-
},
|
|
99
|
-
],
|
|
100
|
-
}
|
|
101
|
-
: undefined,
|
|
66
|
+
rateLimits: buildRateLimitsConfig(rateLimits, ctx.redisScratch),
|
|
102
67
|
});
|
|
103
68
|
apiRoutes(server, ctx);
|
|
104
69
|
const app = express();
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,sDAAsD;AACtD,mDAAmD;AACnD,+CAA+C;AAC/C,OAAO,sBAAsB,CAAA;AAE7B,OAAO,MAAM,MAAM,aAAa,CAAA;AAEhC,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,IAAI,MAAM,MAAM,CAAA;AACvB,OAAO,OAAO,MAAM,SAAS,CAAA;AAC7B,6EAA6E;AAC7E,OAAO,cAAc,MAAM,iBAAiB,CAAA;AAC5C,6DAA6D;AAC7D,MAAM,EAAE,oBAAoB,EAAE,GAAG,cAAc,CAAA;AAE/C,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AAC3D,OAAO,EACL,iBAAiB,EAEjB,gBAAgB,EAChB,YAAY,EACZ,SAAS,EACT,YAAY,GACb,MAAM,sBAAsB,CAAA;AAC7B,OAAO,SAAS,MAAM,gBAAgB,CAAA;AACtC,OAAO,KAAK,UAAU,MAAM,kBAAkB,CAAA;AAC9C,OAAO,KAAK,WAAW,MAAM,mBAAmB,CAAA;AAEhD,OAAO,EAAE,UAAU,EAAqB,MAAM,cAAc,CAAA;AAC5D,OAAO,KAAK,KAAK,MAAM,YAAY,CAAA;AAEnC,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAA;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAC/C,OAAO,WAAW,MAAM,uBAAuB,CAAA;AAC/C,OAAO,KAAK,SAAS,MAAM,iBAAiB,CAAA;AAE5C,cAAc,eAAe,CAAA;AAC7B,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,oBAAoB,CAAA;AAC3B,cAAc,mBAAmB,CAAA;AACjC,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AACzC,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAExC,OAAO,KAAK,WAAW,MAAM,mBAAmB,CAAA;AAChD,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAA;AAC5C,OAAO,KAAK,SAAS,MAAM,sBAAsB,CAAA;AAYjD,MAAM,OAAO,GAAG;IAQd,YAAY,IAAmD;QAC7D,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAA;QACnB,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAA;IACrB,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,MAAM,CACjB,GAAiB,EACjB,OAAsB,EACtB,SAAsC;QAEtC,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,GAAG,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;QAEhE,MAAM,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC,GAAG,CAAA;QAE9B,MAAM,MAAM,GAAG,YAAY,CAAC,EAAE,EAAE;YAC9B,gBAAgB,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YACrC,OAAO,EAAE;gBACP,SAAS,EAAE,GAAG,GAAG,IAAI,EAAE,QAAQ;gBAC/B,SAAS,EAAE,GAAG,GAAG,IAAI,EAAE,QAAQ;gBAC/B,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,eAAe;aACvC;YACD,QAAQ,EAAE,YAAY,CAAC,GAAG,CAAC;YAC3B,WAAW,EAAE,CAAC,GAAG,EAAE,EAAE;gBACnB,IAAI,GAAG,YAAY,cAAc,EAAE,CAAC;oBAClC,MAAM,cAAc,GAClB,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ;wBAC5B,GAAG,CAAC,IAAI,IAAI,IAAI;wBAChB,SAAS,IAAI,GAAG,CAAC,IAAI;wBACrB,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,KAAK,QAAQ;wBACpC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAA;oBAElB,MAAM,IAAI,GACR,GAAG,CAAC,MAAM,IAAI,GAAG;wBACf,CAAC,CAAC,YAAY,CAAC,eAAe;wBAC9B,CAAC,CAAC,YAAY,CAAC,cAAc,CAAA;oBAEjC,OAAO,IAAI,SAAS,CAClB,IAAI,EACJ,cAAc,IAAI,iCAAiC,CACpD,CAAA;gBACH,CAAC;gBAED,OAAO,SAAS,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;YACjC,CAAC;YACD,UAAU,EAAE,UAAU,CAAC,OAAO;gBAC5B,CAAC,CAAC;oBACE,OAAO,EAAE,GAAG,CAAC,YAAY;wBACvB,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,gBAAgB,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC;wBACxD,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,iBAAiB,CAAC,IAAI,CAAC;oBACzC,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE;wBAClB,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,UAAU,CAAA;wBAC3C,IACE,SAAS;4BACT,SAAS,KAAK,GAAG,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAC/C,CAAC;4BACD,OAAO,IAAI,CAAA;wBACb,CAAC;wBACD,IAAI,SAAS,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;4BAC5C,OAAO,IAAI,CAAA;wBACb,CAAC;wBACD,OAAO,KAAK,CAAA;oBACd,CAAC;oBACD,MAAM,EAAE;wBACN;4BACE,IAAI,EAAE,WAAW;4BACjB,UAAU,EAAE,CAAC,GAAG,MAAM;4BACtB,MAAM,EAAE,IAAI;yBACb;qBACF;oBACD,MAAM,EAAE;wBACN;4BACE,IAAI,EAAE,iBAAiB;4BACvB,UAAU,EAAE,IAAI;4BAChB,MAAM,EAAE,IAAI,EAAE,+BAA+B;yBAC9C;wBACD;4BACE,IAAI,EAAE,gBAAgB;4BACtB,UAAU,EAAE,GAAG;4BACf,MAAM,EAAE,KAAK,EAAE,+BAA+B;yBAC/C;qBACF;iBACF;gBACH,CAAC,CAAC,SAAS;SACd,CAAC,CAAA;QAEF,SAAS,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;QAEtB,MAAM,GAAG,GAAG,OAAO,EAAE,CAAA;QACrB,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE;YACrB,qBAAqB;YACrB,UAAU;YACV,WAAW;YACX,aAAa;YACb,6CAA6C;YAC7C,GAAG,aAAa,CAAC,GAAG,CAAC;SACtB,CAAC,CAAA;QACF,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAA;QACzB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAA;QACtB,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA,CAAC,cAAc;QACpD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,GAAG,MAAM,EAAE,CAAC,CAAC,CAAA;QACvC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA;QACtC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA;QACpC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QACtB,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAEtB,OAAO,IAAI,GAAG,CAAC;YACb,GAAG;YACH,GAAG;SACJ,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;QAChC,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;QACzD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,MAAM,CAAC,gBAAgB,GAAG,KAAK,CAAA;QACpC,IAAI,CAAC,UAAU,GAAG,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC,CAAA;QAClD,MAAM,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAA;QACtC,OAAO,MAAM,CAAA;IACf,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,CAAA;QAClC,MAAM,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,CAAA;QAClC,MAAM,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,OAAO,EAAE,CAAA;QACxC,MAAM,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,EAAE,CAAA;QACrC,MAAM,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,EAAE,CAAA;QACnC,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,EAAE,CAAA;QACnC,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;QACnC,aAAa,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAA;IAC5C,CAAC;CACF;AAED,eAAe,GAAG,CAAA;AAElB,MAAM,aAAa,GAAG,CAAC,GAAiB,EAAE,EAAE;IAC1C,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO;QAAE,OAAO,EAAE,CAAA;IACtC,OAAO,GAAG,CAAC,UAAU,CAAC,SAAS,IAAI,EAAE,CAAA;AACvC,CAAC,CAAA","sourcesContent":["// catch errors that get thrown in async route handlers\n// this is a relatively non-invasive change to express\n// they get handled in the error.handler middleware\n// leave at top of file before importing Routes\nimport 'express-async-errors'\n\nimport events from 'node:events'\nimport http from 'node:http'\nimport { PlcClientError } from '@did-plc/lib'\nimport cors from 'cors'\nimport express from 'express'\n// eslint-disable-next-line import/default, import/no-named-as-default-member\nimport httpTerminator from 'http-terminator'\n// eslint-disable-next-line import/no-named-as-default-member\nconst { createHttpTerminator } = httpTerminator\ntype HttpTerminator = ReturnType<typeof createHttpTerminator>\nimport { DAY, HOUR, MINUTE, SECOND } from '@atproto/common'\nimport {\n MemoryRateLimiter,\n MethodHandler,\n RedisRateLimiter,\n ResponseType,\n XRPCError,\n createServer,\n} from '@atproto/xrpc-server'\nimport apiRoutes from './api/index.js'\nimport * as authRoutes from './auth-routes.js'\nimport * as basicRoutes from './basic-routes.js'\nimport { ServerConfig, ServerSecrets } from './config/index.js'\nimport { AppContext, AppContextOptions } from './context.js'\nimport * as error from './error.js'\nimport { app } from './lexicons.js'\nimport { loggerMiddleware } from './logger.js'\nimport { proxyHandler } from './pipethrough.js'\nimport compression from './util/compression.js'\nimport * as wellKnown from './well-known.js'\n\nexport * from './lexicons.js'\nexport {\n bearerTokenFromReq,\n createPublicKeyObject,\n createSecretKeyObject,\n} from './auth-verifier.js'\nexport * from './config/index.js'\nexport { AppContext } from './context.js'\nexport { Database } from './db/index.js'\nexport { DiskBlobStore } from './disk-blobstore.js'\nexport { httpLogger } from './logger.js'\nexport { type CommitDataWithOps, type PreparedWrite } from './repo/index.js'\nexport * as repoPrepare from './repo/prepare.js'\nexport { scripts } from './scripts/index.js'\nexport * as sequencer from './sequencer/index.js'\n\n/**\n * @deprecated Legacy export for backwards compatibility\n */\nexport type SkeletonHandler = MethodHandler<\n void,\n app.bsky.feed.getFeedSkeleton.$Params,\n void,\n app.bsky.feed.getFeedSkeleton.$Output\n>\n\nexport class PDS {\n public ctx: AppContext\n public app: express.Application\n public server?: http.Server\n private terminator?: HttpTerminator\n private dbStatsInterval?: NodeJS.Timeout\n private sequencerStatsInterval?: NodeJS.Timeout\n\n constructor(opts: { ctx: AppContext; app: express.Application }) {\n this.ctx = opts.ctx\n this.app = opts.app\n }\n\n static async create(\n cfg: ServerConfig,\n secrets: ServerSecrets,\n overrides?: Partial<AppContextOptions>,\n ): Promise<PDS> {\n const ctx = await AppContext.fromConfig(cfg, secrets, overrides)\n\n const { rateLimits } = ctx.cfg\n\n const server = createServer([], {\n validateResponse: cfg.service.devMode,\n payload: {\n jsonLimit: 150 * 1024, // 150kb\n textLimit: 100 * 1024, // 100kb\n blobLimit: cfg.service.blobUploadLimit,\n },\n catchall: proxyHandler(ctx),\n errorParser: (err) => {\n if (err instanceof PlcClientError) {\n const payloadMessage =\n typeof err.data === 'object' &&\n err.data != null &&\n 'message' in err.data &&\n typeof err.data.message === 'string' &&\n err.data.message\n\n const type =\n err.status >= 500\n ? ResponseType.UpstreamFailure\n : ResponseType.InvalidRequest\n\n return new XRPCError(\n type,\n payloadMessage || 'Unable to perform PLC operation',\n )\n }\n\n return XRPCError.fromError(err)\n },\n rateLimits: rateLimits.enabled\n ? {\n creator: ctx.redisScratch\n ? (opts) => new RedisRateLimiter(ctx.redisScratch, opts)\n : (opts) => new MemoryRateLimiter(opts),\n bypass: ({ req }) => {\n const { bypassKey, bypassIps } = rateLimits\n if (\n bypassKey &&\n bypassKey === req.headers['x-ratelimit-bypass']\n ) {\n return true\n }\n if (bypassIps && bypassIps.includes(req.ip)) {\n return true\n }\n return false\n },\n global: [\n {\n name: 'global-ip',\n durationMs: 5 * MINUTE,\n points: 3000,\n },\n ],\n shared: [\n {\n name: 'repo-write-hour',\n durationMs: HOUR,\n points: 5000, // creates=3, puts=2, deletes=1\n },\n {\n name: 'repo-write-day',\n durationMs: DAY,\n points: 35000, // creates=3, puts=2, deletes=1\n },\n ],\n }\n : undefined,\n })\n\n apiRoutes(server, ctx)\n\n const app = express()\n app.set('trust proxy', [\n // e.g. load balancer\n 'loopback',\n 'linklocal',\n 'uniquelocal',\n // e.g. trust x-forwarded-for via entryway ip\n ...getTrustedIps(cfg),\n ])\n app.use(loggerMiddleware)\n app.use(compression())\n app.use(authRoutes.createRouter(ctx)) // Before CORS\n app.use(cors({ maxAge: DAY / SECOND }))\n app.use(basicRoutes.createRouter(ctx))\n app.use(wellKnown.createRouter(ctx))\n app.use(server.router)\n app.use(error.handler)\n\n return new PDS({\n ctx,\n app,\n })\n }\n\n async start(): Promise<http.Server> {\n await this.ctx.sequencer.start()\n const server = this.app.listen(this.ctx.cfg.service.port)\n this.server = server\n this.server.keepAliveTimeout = 90000\n this.terminator = createHttpTerminator({ server })\n await events.once(server, 'listening')\n return server\n }\n\n async destroy(): Promise<void> {\n await this.ctx.sequencer.destroy()\n await this.terminator?.terminate()\n await this.ctx.backgroundQueue.destroy()\n await this.ctx.accountManager.close()\n await this.ctx.redisScratch?.quit()\n await this.ctx.proxyAgent.destroy()\n clearInterval(this.dbStatsInterval)\n clearInterval(this.sequencerStatsInterval)\n }\n}\n\nexport default PDS\n\nconst getTrustedIps = (cfg: ServerConfig) => {\n if (!cfg.rateLimits.enabled) return []\n return cfg.rateLimits.bypassIps ?? []\n}\n"]}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,sDAAsD;AACtD,mDAAmD;AACnD,+CAA+C;AAC/C,OAAO,sBAAsB,CAAA;AAE7B,OAAO,MAAM,MAAM,aAAa,CAAA;AAEhC,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,IAAI,MAAM,MAAM,CAAA;AACvB,OAAO,OAAO,MAAM,SAAS,CAAA;AAC7B,6EAA6E;AAC7E,OAAO,cAAc,MAAM,iBAAiB,CAAA;AAC5C,6DAA6D;AAC7D,MAAM,EAAE,oBAAoB,EAAE,GAAG,cAAc,CAAA;AAE/C,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AAC7C,OAAO,EAEL,YAAY,EACZ,SAAS,EACT,YAAY,GACb,MAAM,sBAAsB,CAAA;AAC7B,OAAO,SAAS,MAAM,gBAAgB,CAAA;AACtC,OAAO,KAAK,UAAU,MAAM,kBAAkB,CAAA;AAC9C,OAAO,KAAK,WAAW,MAAM,mBAAmB,CAAA;AAEhD,OAAO,EAAE,UAAU,EAAqB,MAAM,cAAc,CAAA;AAC5D,OAAO,KAAK,KAAK,MAAM,YAAY,CAAA;AAEnC,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAA;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAC/C,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAA;AACxD,OAAO,WAAW,MAAM,uBAAuB,CAAA;AAC/C,OAAO,KAAK,SAAS,MAAM,iBAAiB,CAAA;AAE5C,cAAc,eAAe,CAAA;AAC7B,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,oBAAoB,CAAA;AAC3B,cAAc,mBAAmB,CAAA;AACjC,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AACzC,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAExC,OAAO,KAAK,WAAW,MAAM,mBAAmB,CAAA;AAChD,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAA;AAC5C,OAAO,KAAK,SAAS,MAAM,sBAAsB,CAAA;AAYjD,MAAM,OAAO,GAAG;IAQd,YAAY,IAAmD;QAC7D,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAA;QACnB,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAA;IACrB,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,MAAM,CACjB,GAAiB,EACjB,OAAsB,EACtB,SAAsC;QAEtC,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,GAAG,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;QAEhE,MAAM,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC,GAAG,CAAA;QAE9B,MAAM,MAAM,GAAG,YAAY,CAAC,EAAE,EAAE;YAC9B,gBAAgB,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YACrC,OAAO,EAAE;gBACP,SAAS,EAAE,GAAG,GAAG,IAAI,EAAE,QAAQ;gBAC/B,SAAS,EAAE,GAAG,GAAG,IAAI,EAAE,QAAQ;gBAC/B,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,eAAe;aACvC;YACD,QAAQ,EAAE,YAAY,CAAC,GAAG,CAAC;YAC3B,WAAW,EAAE,CAAC,GAAG,EAAE,EAAE;gBACnB,IAAI,GAAG,YAAY,cAAc,EAAE,CAAC;oBAClC,MAAM,cAAc,GAClB,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ;wBAC5B,GAAG,CAAC,IAAI,IAAI,IAAI;wBAChB,SAAS,IAAI,GAAG,CAAC,IAAI;wBACrB,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,KAAK,QAAQ;wBACpC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAA;oBAElB,MAAM,IAAI,GACR,GAAG,CAAC,MAAM,IAAI,GAAG;wBACf,CAAC,CAAC,YAAY,CAAC,eAAe;wBAC9B,CAAC,CAAC,YAAY,CAAC,cAAc,CAAA;oBAEjC,OAAO,IAAI,SAAS,CAClB,IAAI,EACJ,cAAc,IAAI,iCAAiC,CACpD,CAAA;gBACH,CAAC;gBAED,OAAO,SAAS,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;YACjC,CAAC;YACD,UAAU,EAAE,qBAAqB,CAAC,UAAU,EAAE,GAAG,CAAC,YAAY,CAAC;SAChE,CAAC,CAAA;QAEF,SAAS,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;QAEtB,MAAM,GAAG,GAAG,OAAO,EAAE,CAAA;QACrB,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE;YACrB,qBAAqB;YACrB,UAAU;YACV,WAAW;YACX,aAAa;YACb,6CAA6C;YAC7C,GAAG,aAAa,CAAC,GAAG,CAAC;SACtB,CAAC,CAAA;QACF,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAA;QACzB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAA;QACtB,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA,CAAC,cAAc;QACpD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,GAAG,MAAM,EAAE,CAAC,CAAC,CAAA;QACvC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA;QACtC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA;QACpC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QACtB,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAEtB,OAAO,IAAI,GAAG,CAAC;YACb,GAAG;YACH,GAAG;SACJ,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;QAChC,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;QACzD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,MAAM,CAAC,gBAAgB,GAAG,KAAK,CAAA;QACpC,IAAI,CAAC,UAAU,GAAG,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC,CAAA;QAClD,MAAM,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAA;QACtC,OAAO,MAAM,CAAA;IACf,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,CAAA;QAClC,MAAM,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,CAAA;QAClC,MAAM,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,OAAO,EAAE,CAAA;QACxC,MAAM,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,EAAE,CAAA;QACrC,MAAM,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,EAAE,CAAA;QACnC,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,EAAE,CAAA;QACnC,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;QACnC,aAAa,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAA;IAC5C,CAAC;CACF;AAED,eAAe,GAAG,CAAA;AAElB,MAAM,aAAa,GAAG,CAAC,GAAiB,EAAE,EAAE;IAC1C,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO;QAAE,OAAO,EAAE,CAAA;IACtC,OAAO,GAAG,CAAC,UAAU,CAAC,SAAS,IAAI,EAAE,CAAA;AACvC,CAAC,CAAA","sourcesContent":["// catch errors that get thrown in async route handlers\n// this is a relatively non-invasive change to express\n// they get handled in the error.handler middleware\n// leave at top of file before importing Routes\nimport 'express-async-errors'\n\nimport events from 'node:events'\nimport http from 'node:http'\nimport { PlcClientError } from '@did-plc/lib'\nimport cors from 'cors'\nimport express from 'express'\n// eslint-disable-next-line import/default, import/no-named-as-default-member\nimport httpTerminator from 'http-terminator'\n// eslint-disable-next-line import/no-named-as-default-member\nconst { createHttpTerminator } = httpTerminator\ntype HttpTerminator = ReturnType<typeof createHttpTerminator>\nimport { DAY, SECOND } from '@atproto/common'\nimport {\n MethodHandler,\n ResponseType,\n XRPCError,\n createServer,\n} from '@atproto/xrpc-server'\nimport apiRoutes from './api/index.js'\nimport * as authRoutes from './auth-routes.js'\nimport * as basicRoutes from './basic-routes.js'\nimport { ServerConfig, ServerSecrets } from './config/index.js'\nimport { AppContext, AppContextOptions } from './context.js'\nimport * as error from './error.js'\nimport { app } from './lexicons.js'\nimport { loggerMiddleware } from './logger.js'\nimport { proxyHandler } from './pipethrough.js'\nimport { buildRateLimitsConfig } from './rate-limits.js'\nimport compression from './util/compression.js'\nimport * as wellKnown from './well-known.js'\n\nexport * from './lexicons.js'\nexport {\n bearerTokenFromReq,\n createPublicKeyObject,\n createSecretKeyObject,\n} from './auth-verifier.js'\nexport * from './config/index.js'\nexport { AppContext } from './context.js'\nexport { Database } from './db/index.js'\nexport { DiskBlobStore } from './disk-blobstore.js'\nexport { httpLogger } from './logger.js'\nexport { type CommitDataWithOps, type PreparedWrite } from './repo/index.js'\nexport * as repoPrepare from './repo/prepare.js'\nexport { scripts } from './scripts/index.js'\nexport * as sequencer from './sequencer/index.js'\n\n/**\n * @deprecated Legacy export for backwards compatibility\n */\nexport type SkeletonHandler = MethodHandler<\n void,\n app.bsky.feed.getFeedSkeleton.$Params,\n void,\n app.bsky.feed.getFeedSkeleton.$Output\n>\n\nexport class PDS {\n public ctx: AppContext\n public app: express.Application\n public server?: http.Server\n private terminator?: HttpTerminator\n private dbStatsInterval?: NodeJS.Timeout\n private sequencerStatsInterval?: NodeJS.Timeout\n\n constructor(opts: { ctx: AppContext; app: express.Application }) {\n this.ctx = opts.ctx\n this.app = opts.app\n }\n\n static async create(\n cfg: ServerConfig,\n secrets: ServerSecrets,\n overrides?: Partial<AppContextOptions>,\n ): Promise<PDS> {\n const ctx = await AppContext.fromConfig(cfg, secrets, overrides)\n\n const { rateLimits } = ctx.cfg\n\n const server = createServer([], {\n validateResponse: cfg.service.devMode,\n payload: {\n jsonLimit: 150 * 1024, // 150kb\n textLimit: 100 * 1024, // 100kb\n blobLimit: cfg.service.blobUploadLimit,\n },\n catchall: proxyHandler(ctx),\n errorParser: (err) => {\n if (err instanceof PlcClientError) {\n const payloadMessage =\n typeof err.data === 'object' &&\n err.data != null &&\n 'message' in err.data &&\n typeof err.data.message === 'string' &&\n err.data.message\n\n const type =\n err.status >= 500\n ? ResponseType.UpstreamFailure\n : ResponseType.InvalidRequest\n\n return new XRPCError(\n type,\n payloadMessage || 'Unable to perform PLC operation',\n )\n }\n\n return XRPCError.fromError(err)\n },\n rateLimits: buildRateLimitsConfig(rateLimits, ctx.redisScratch),\n })\n\n apiRoutes(server, ctx)\n\n const app = express()\n app.set('trust proxy', [\n // e.g. load balancer\n 'loopback',\n 'linklocal',\n 'uniquelocal',\n // e.g. trust x-forwarded-for via entryway ip\n ...getTrustedIps(cfg),\n ])\n app.use(loggerMiddleware)\n app.use(compression())\n app.use(authRoutes.createRouter(ctx)) // Before CORS\n app.use(cors({ maxAge: DAY / SECOND }))\n app.use(basicRoutes.createRouter(ctx))\n app.use(wellKnown.createRouter(ctx))\n app.use(server.router)\n app.use(error.handler)\n\n return new PDS({\n ctx,\n app,\n })\n }\n\n async start(): Promise<http.Server> {\n await this.ctx.sequencer.start()\n const server = this.app.listen(this.ctx.cfg.service.port)\n this.server = server\n this.server.keepAliveTimeout = 90000\n this.terminator = createHttpTerminator({ server })\n await events.once(server, 'listening')\n return server\n }\n\n async destroy(): Promise<void> {\n await this.ctx.sequencer.destroy()\n await this.terminator?.terminate()\n await this.ctx.backgroundQueue.destroy()\n await this.ctx.accountManager.close()\n await this.ctx.redisScratch?.quit()\n await this.ctx.proxyAgent.destroy()\n clearInterval(this.dbStatsInterval)\n clearInterval(this.sequencerStatsInterval)\n }\n}\n\nexport default PDS\n\nconst getTrustedIps = (cfg: ServerConfig) => {\n if (!cfg.rateLimits.enabled) return []\n return cfg.rateLimits.bypassIps ?? []\n}\n"]}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import type { Redis } from 'ioredis';
|
|
2
|
+
import type { Options } from '@atproto/xrpc-server';
|
|
3
|
+
import type { RateLimitsConfig } from './config/index.js';
|
|
4
|
+
type RateLimitDescriptions = NonNullable<Options['rateLimits']>;
|
|
5
|
+
export declare const buildRateLimitsConfig: (rateLimits: RateLimitsConfig, redisScratch?: Redis) => RateLimitDescriptions | undefined;
|
|
6
|
+
export {};
|
|
7
|
+
//# sourceMappingURL=rate-limits.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rate-limits.d.ts","sourceRoot":"","sources":["../src/rate-limits.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAA;AAGpC,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAA;AACnD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAA;AAEzD,KAAK,qBAAqB,GAAG,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAA;AAI/D,eAAO,MAAM,qBAAqB,GAChC,YAAY,gBAAgB,EAC5B,eAAe,KAAK,KACnB,qBAAqB,GAAG,SA6C1B,CAAA"}
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
import { DAY, HOUR, MINUTE } from '@atproto/common';
|
|
2
|
+
import { MemoryRateLimiter, RedisRateLimiter } from '@atproto/xrpc-server';
|
|
3
|
+
const SYNC_GET_REPO_PATH = '/xrpc/com.atproto.sync.getRepo';
|
|
4
|
+
export const buildRateLimitsConfig = (rateLimits, redisScratch) => {
|
|
5
|
+
if (!rateLimits.enabled)
|
|
6
|
+
return undefined;
|
|
7
|
+
return {
|
|
8
|
+
creator: redisScratch
|
|
9
|
+
? (opts) => new RedisRateLimiter(redisScratch, opts)
|
|
10
|
+
: (opts) => new MemoryRateLimiter(opts),
|
|
11
|
+
bypass: ({ req }) => {
|
|
12
|
+
const { bypassKey, bypassIps } = rateLimits;
|
|
13
|
+
if (bypassKey && bypassKey === req.headers['x-ratelimit-bypass']) {
|
|
14
|
+
return true;
|
|
15
|
+
}
|
|
16
|
+
if (bypassIps && bypassIps.includes(req.ip)) {
|
|
17
|
+
return true;
|
|
18
|
+
}
|
|
19
|
+
return false;
|
|
20
|
+
},
|
|
21
|
+
global: [
|
|
22
|
+
{
|
|
23
|
+
name: 'global-ip',
|
|
24
|
+
durationMs: 5 * MINUTE,
|
|
25
|
+
points: 3000,
|
|
26
|
+
// getRepo can be a high-volume sync path, so it has its own endpoint
|
|
27
|
+
// limit and should not consume the shared global read bucket.
|
|
28
|
+
calcKey: ({ req }) => {
|
|
29
|
+
if (req.path === SYNC_GET_REPO_PATH) {
|
|
30
|
+
return null;
|
|
31
|
+
}
|
|
32
|
+
return req.ip;
|
|
33
|
+
},
|
|
34
|
+
},
|
|
35
|
+
],
|
|
36
|
+
shared: [
|
|
37
|
+
{
|
|
38
|
+
name: 'repo-write-hour',
|
|
39
|
+
durationMs: HOUR,
|
|
40
|
+
points: 5000, // creates=3, puts=2, deletes=1
|
|
41
|
+
},
|
|
42
|
+
{
|
|
43
|
+
name: 'repo-write-day',
|
|
44
|
+
durationMs: DAY,
|
|
45
|
+
points: 35000, // creates=3, puts=2, deletes=1
|
|
46
|
+
},
|
|
47
|
+
],
|
|
48
|
+
};
|
|
49
|
+
};
|
|
50
|
+
//# sourceMappingURL=rate-limits.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rate-limits.js","sourceRoot":"","sources":["../src/rate-limits.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AACnD,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AAM1E,MAAM,kBAAkB,GAAG,gCAAgC,CAAA;AAE3D,MAAM,CAAC,MAAM,qBAAqB,GAAG,CACnC,UAA4B,EAC5B,YAAoB,EACe,EAAE;IACrC,IAAI,CAAC,UAAU,CAAC,OAAO;QAAE,OAAO,SAAS,CAAA;IAEzC,OAAO;QACL,OAAO,EAAE,YAAY;YACnB,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,gBAAgB,CAAC,YAAY,EAAE,IAAI,CAAC;YACpD,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,iBAAiB,CAAC,IAAI,CAAC;QACzC,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE;YAClB,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,UAAU,CAAA;YAC3C,IAAI,SAAS,IAAI,SAAS,KAAK,GAAG,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBACjE,OAAO,IAAI,CAAA;YACb,CAAC;YACD,IAAI,SAAS,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC5C,OAAO,IAAI,CAAA;YACb,CAAC;YACD,OAAO,KAAK,CAAA;QACd,CAAC;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,WAAW;gBACjB,UAAU,EAAE,CAAC,GAAG,MAAM;gBACtB,MAAM,EAAE,IAAI;gBACZ,qEAAqE;gBACrE,8DAA8D;gBAC9D,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE;oBACnB,IAAI,GAAG,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;wBACpC,OAAO,IAAI,CAAA;oBACb,CAAC;oBACD,OAAO,GAAG,CAAC,EAAE,CAAA;gBACf,CAAC;aACF;SACF;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,iBAAiB;gBACvB,UAAU,EAAE,IAAI;gBAChB,MAAM,EAAE,IAAI,EAAE,+BAA+B;aAC9C;YACD;gBACE,IAAI,EAAE,gBAAgB;gBACtB,UAAU,EAAE,GAAG;gBACf,MAAM,EAAE,KAAK,EAAE,+BAA+B;aAC/C;SACF;KACF,CAAA;AACH,CAAC,CAAA","sourcesContent":["import type { Redis } from 'ioredis'\nimport { DAY, HOUR, MINUTE } from '@atproto/common'\nimport { MemoryRateLimiter, RedisRateLimiter } from '@atproto/xrpc-server'\nimport type { Options } from '@atproto/xrpc-server'\nimport type { RateLimitsConfig } from './config/index.js'\n\ntype RateLimitDescriptions = NonNullable<Options['rateLimits']>\n\nconst SYNC_GET_REPO_PATH = '/xrpc/com.atproto.sync.getRepo'\n\nexport const buildRateLimitsConfig = (\n rateLimits: RateLimitsConfig,\n redisScratch?: Redis,\n): RateLimitDescriptions | undefined => {\n if (!rateLimits.enabled) return undefined\n\n return {\n creator: redisScratch\n ? (opts) => new RedisRateLimiter(redisScratch, opts)\n : (opts) => new MemoryRateLimiter(opts),\n bypass: ({ req }) => {\n const { bypassKey, bypassIps } = rateLimits\n if (bypassKey && bypassKey === req.headers['x-ratelimit-bypass']) {\n return true\n }\n if (bypassIps && bypassIps.includes(req.ip)) {\n return true\n }\n return false\n },\n global: [\n {\n name: 'global-ip',\n durationMs: 5 * MINUTE,\n points: 3000,\n // getRepo can be a high-volume sync path, so it has its own endpoint\n // limit and should not consume the shared global read bucket.\n calcKey: ({ req }) => {\n if (req.path === SYNC_GET_REPO_PATH) {\n return null\n }\n return req.ip\n },\n },\n ],\n shared: [\n {\n name: 'repo-write-hour',\n durationMs: HOUR,\n points: 5000, // creates=3, puts=2, deletes=1\n },\n {\n name: 'repo-write-day',\n durationMs: DAY,\n points: 35000, // creates=3, puts=2, deletes=1\n },\n ],\n }\n}\n"]}
|
|
@@ -27,7 +27,7 @@ export const publishIdentityFromFile = async (ctx, args) => {
|
|
|
27
27
|
export const publishIdentityEvtForDids = async (ctx, dids, timeBetween = 0) => {
|
|
28
28
|
for (const did of dids) {
|
|
29
29
|
try {
|
|
30
|
-
await ctx.sequencer.
|
|
30
|
+
await ctx.sequencer.sequenceIdentity(did);
|
|
31
31
|
console.log(`published identity evt for ${did}`);
|
|
32
32
|
}
|
|
33
33
|
catch (err) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"publish-identity.js","sourceRoot":"","sources":["../../src/scripts/publish-identity.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAA;AAChC,OAAO,EAAE,MAAM,kBAAkB,CAAA;AACjC,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAA;AACtC,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AAG1C,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAA;AAMvC,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,EAClC,GAA2B,EAC3B,IAAc,EACd,EAAE;IACF,MAAM,IAAI,GAAG,IAAI,CAAA;IACjB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,4BAA4B,CAAC,CAAA;IAC7D,MAAM,yBAAyB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;IAC1C,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;AACrB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,uBAAuB,GAAG,KAAK,EAC1C,GAA2B,EAC3B,IAAc,EACd,EAAE;IACF,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;IACxB,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IACD,MAAM,WAAW,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACtD,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACxC,MAAM,IAAI,GAAG,IAAI;SACd,QAAQ,EAAE;SACV,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAA;IAE3B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,4BAA4B,CAAC,CAAA;IAE7D,MAAM,yBAAyB,CAAC,GAAG,EAAE,IAAI,EAAE,WAAW,CAAC,CAAA;IACvD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;AACrB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,yBAAyB,GAAG,KAAK,EAC5C,GAA2B,EAC3B,IAAiB,EACjB,WAAW,GAAG,CAAC,EACf,EAAE;IACF,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,GAAG,CAAC,SAAS,CAAC,
|
|
1
|
+
{"version":3,"file":"publish-identity.js","sourceRoot":"","sources":["../../src/scripts/publish-identity.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAA;AAChC,OAAO,EAAE,MAAM,kBAAkB,CAAA;AACjC,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAA;AACtC,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AAG1C,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAA;AAMvC,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,EAClC,GAA2B,EAC3B,IAAc,EACd,EAAE;IACF,MAAM,IAAI,GAAG,IAAI,CAAA;IACjB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,4BAA4B,CAAC,CAAA;IAC7D,MAAM,yBAAyB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;IAC1C,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;AACrB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,uBAAuB,GAAG,KAAK,EAC1C,GAA2B,EAC3B,IAAc,EACd,EAAE;IACF,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;IACxB,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IACD,MAAM,WAAW,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACtD,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACxC,MAAM,IAAI,GAAG,IAAI;SACd,QAAQ,EAAE;SACV,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAA;IAE3B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,4BAA4B,CAAC,CAAA;IAE7D,MAAM,yBAAyB,CAAC,GAAG,EAAE,IAAI,EAAE,WAAW,CAAC,CAAA;IACvD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;AACrB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,yBAAyB,GAAG,KAAK,EAC5C,GAA2B,EAC3B,IAAiB,EACjB,WAAW,GAAG,CAAC,EACf,EAAE;IACF,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;YACzC,OAAO,CAAC,GAAG,CAAC,8BAA8B,GAAG,EAAE,CAAC,CAAA;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,2CAA2C,GAAG,KAAK,GAAG,EAAE,CAAC,CAAA;QACzE,CAAC;QACD,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;YACpB,MAAM,IAAI,CAAC,WAAW,CAAC,CAAA;QACzB,CAAC;IACH,CAAC;AACH,CAAC,CAAA","sourcesContent":["import assert from 'node:assert'\nimport fs from 'node:fs/promises'\nimport { wait } from '@atproto/common'\nimport { isDidString } from '@atproto/lex'\nimport { DidString } from '@atproto/syntax'\nimport { Sequencer } from '../sequencer/index.js'\nimport { parseIntArg } from './util.js'\n\nexport type PublishIdentityContext = {\n sequencer: Sequencer\n}\n\nexport const publishIdentity = async (\n ctx: PublishIdentityContext,\n args: string[],\n) => {\n const dids = args\n assert(dids.every(isDidString), 'All arguments must be DIDs')\n await publishIdentityEvtForDids(ctx, dids)\n console.log('DONE')\n}\n\nexport const publishIdentityFromFile = async (\n ctx: PublishIdentityContext,\n args: string[],\n) => {\n const filepath = args[0]\n if (!filepath) {\n throw new Error('Expected filepath as argument')\n }\n const timeBetween = args[1] ? parseIntArg(args[1]) : 5\n const file = await fs.readFile(filepath)\n const dids = file\n .toString()\n .split('\\n')\n .map((did) => did.trim())\n\n assert(dids.every(isDidString), 'File contains invalid DIDs')\n\n await publishIdentityEvtForDids(ctx, dids, timeBetween)\n console.log('DONE')\n}\n\nexport const publishIdentityEvtForDids = async (\n ctx: PublishIdentityContext,\n dids: DidString[],\n timeBetween = 0,\n) => {\n for (const did of dids) {\n try {\n await ctx.sequencer.sequenceIdentity(did)\n console.log(`published identity evt for ${did}`)\n } catch (err) {\n console.error(`failed to sequence new identity evt for ${did}: ${err}`)\n }\n if (timeBetween > 0) {\n await wait(timeBetween)\n }\n }\n}\n"]}
|
|
@@ -69,7 +69,7 @@ export const rebuildRepo = async (ctx, did, promptUser) => {
|
|
|
69
69
|
});
|
|
70
70
|
await ctx.accountManager.updateRepoRoot(did, commit.cid, commit.rev);
|
|
71
71
|
const syncData = await ctx.actorStore.read(did, (store) => store.repo.getSyncEventData());
|
|
72
|
-
await ctx.sequencer.
|
|
72
|
+
await ctx.sequencer.sequenceSync(did, syncData);
|
|
73
73
|
};
|
|
74
74
|
const promptContinue = async () => {
|
|
75
75
|
const rl = readline.createInterface({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rebuild-repo.js","sourceRoot":"","sources":["../../src/scripts/rebuild-repo.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAA;AAChC,OAAO,QAAQ,MAAM,wBAAwB,CAAA;AAC7C,OAAO,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAA;AACrC,OAAO,EAAa,WAAW,EAAE,MAAM,cAAc,CAAA;AACrD,OAAO,EACL,QAAQ,EACR,MAAM,EACN,GAAG,EACH,gBAAgB,EAChB,UAAU,GACX,MAAM,eAAe,CAAA;AAWtB,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,GAAmB,EACnB,IAAc,EACd,EAAE;IACF,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;IACnB,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,0BAA0B,CAAC,CAAA;IACpD,OAAO,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;AACpC,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,KAAK,EAC9B,GAAmB,EACnB,GAAc,EACd,UAAmB,EACnB,EAAE;IACF,MAAM,WAAW,GAAG,IAAI,gBAAgB,EAAE,CAAA;IAC1C,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;QAChE,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAA;QAC9D,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,CAAA;QAC5C,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAA;QAE5D,iCAAiC;QACjC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;QAC3C,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,CACtB,MAAM,CAAC,SAAS,EAAE,GAAG,CAAC,EACtB,MAAM,CAAC,OAAO,EAAE,CACjB,CAAC,QAAQ,EAAE,CAAA;QAEZ,IAAI,GAAG,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;QACvC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,GAAG,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,CAAA;QAC9C,CAAC;QACD,MAAM,SAAS,GAAG,IAAI,QAAQ,EAAE,CAAA;QAChC,IAAI,KAAK,EAAE,MAAM,IAAI,IAAI,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;YACpC,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;gBAClB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAA;gBACvC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC/B,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAA;oBACzC,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,CAAA;gBACjD,CAAC;YACH,CAAC;QACH,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,OAAO,EAAE,CAAA;QACnC,MAAM,QAAQ,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;QACvE,MAAM,SAAS,GAAG,MAAM,UAAU,CAChC;YACE,GAAG;YACH,OAAO,EAAE,CAAC;YACV,GAAG;YACH,IAAI,EAAE,IAAI;YACV,IAAI,EAAE,MAAM,GAAG,CAAC,UAAU,EAAE;SAC7B,EACD,KAAK,CAAC,IAAI,CAAC,UAAU,CACtB,CAAA;QACD,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAEhD,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,MAAM,CAAC,CAAA;YAC7C,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAA;YAC9D,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAA;YACzD,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,SAAS,CAAC,IAAI,CAAC,CAAA;YAE9C,MAAM,cAAc,GAAG,MAAM,cAAc,EAAE,CAAA;YAC7C,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,SAAS,CAAC,CAAA;YAC5B,CAAC;QACH,CAAC;QAED,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;QACtD,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAA;QAChD,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,EAAE,GAAG,CAAC,CAAA;QACnD,OAAO;YACL,GAAG,EAAE,SAAS;YACd,GAAG;YACH,KAAK,EAAE,IAAI;YACX,IAAI,EAAE,IAAI;YACV,SAAS;YACT,cAAc,EAAE,SAAS;YACzB,WAAW,EAAE,QAAQ;YACrB,GAAG,EAAE,EAAE;YACP,KAAK,EAAE,IAAI,MAAM,EAAE;YACnB,QAAQ,EAAE,IAAI;SACf,CAAA;IACH,CAAC,CAAC,CAAA;IACF,MAAM,GAAG,CAAC,cAAc,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAA;IACpE,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,KAAK,EAAE,EAAE,CACxD,KAAK,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAC9B,CAAA;IACD,MAAM,GAAG,CAAC,SAAS,CAAC,
|
|
1
|
+
{"version":3,"file":"rebuild-repo.js","sourceRoot":"","sources":["../../src/scripts/rebuild-repo.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAA;AAChC,OAAO,QAAQ,MAAM,wBAAwB,CAAA;AAC7C,OAAO,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAA;AACrC,OAAO,EAAa,WAAW,EAAE,MAAM,cAAc,CAAA;AACrD,OAAO,EACL,QAAQ,EACR,MAAM,EACN,GAAG,EACH,gBAAgB,EAChB,UAAU,GACX,MAAM,eAAe,CAAA;AAWtB,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,GAAmB,EACnB,IAAc,EACd,EAAE;IACF,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;IACnB,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,0BAA0B,CAAC,CAAA;IACpD,OAAO,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;AACpC,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,KAAK,EAC9B,GAAmB,EACnB,GAAc,EACd,UAAmB,EACnB,EAAE;IACF,MAAM,WAAW,GAAG,IAAI,gBAAgB,EAAE,CAAA;IAC1C,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;QAChE,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAA;QAC9D,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,CAAA;QAC5C,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAA;QAE5D,iCAAiC;QACjC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;QAC3C,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,CACtB,MAAM,CAAC,SAAS,EAAE,GAAG,CAAC,EACtB,MAAM,CAAC,OAAO,EAAE,CACjB,CAAC,QAAQ,EAAE,CAAA;QAEZ,IAAI,GAAG,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;QACvC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,GAAG,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,CAAA;QAC9C,CAAC;QACD,MAAM,SAAS,GAAG,IAAI,QAAQ,EAAE,CAAA;QAChC,IAAI,KAAK,EAAE,MAAM,IAAI,IAAI,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;YACpC,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;gBAClB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAA;gBACvC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC/B,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAA;oBACzC,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,CAAA;gBACjD,CAAC;YACH,CAAC;QACH,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,OAAO,EAAE,CAAA;QACnC,MAAM,QAAQ,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;QACvE,MAAM,SAAS,GAAG,MAAM,UAAU,CAChC;YACE,GAAG;YACH,OAAO,EAAE,CAAC;YACV,GAAG;YACH,IAAI,EAAE,IAAI;YACV,IAAI,EAAE,MAAM,GAAG,CAAC,UAAU,EAAE;SAC7B,EACD,KAAK,CAAC,IAAI,CAAC,UAAU,CACtB,CAAA;QACD,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAEhD,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,MAAM,CAAC,CAAA;YAC7C,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAA;YAC9D,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAA;YACzD,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,SAAS,CAAC,IAAI,CAAC,CAAA;YAE9C,MAAM,cAAc,GAAG,MAAM,cAAc,EAAE,CAAA;YAC7C,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,SAAS,CAAC,CAAA;YAC5B,CAAC;QACH,CAAC;QAED,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;QACtD,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAA;QAChD,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,EAAE,GAAG,CAAC,CAAA;QACnD,OAAO;YACL,GAAG,EAAE,SAAS;YACd,GAAG;YACH,KAAK,EAAE,IAAI;YACX,IAAI,EAAE,IAAI;YACV,SAAS;YACT,cAAc,EAAE,SAAS;YACzB,WAAW,EAAE,QAAQ;YACrB,GAAG,EAAE,EAAE;YACP,KAAK,EAAE,IAAI,MAAM,EAAE;YACnB,QAAQ,EAAE,IAAI;SACf,CAAA;IACH,CAAC,CAAC,CAAA;IACF,MAAM,GAAG,CAAC,cAAc,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAA;IACpE,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,KAAK,EAAE,EAAE,CACxD,KAAK,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAC9B,CAAA;IACD,MAAM,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;AACjD,CAAC,CAAA;AAED,MAAM,cAAc,GAAG,KAAK,IAAsB,EAAE;IAClD,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC;QAClC,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC,CAAA;IACF,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAA;IAClD,OAAO,MAAM,KAAK,EAAE,CAAA;AACtB,CAAC,CAAA","sourcesContent":["import assert from 'node:assert'\nimport readline from 'node:readline/promises'\nimport { TID } from '@atproto/common'\nimport { DidString, isDidString } from '@atproto/lex'\nimport {\n BlockMap,\n CidSet,\n MST,\n MemoryBlockstore,\n signCommit,\n} from '@atproto/repo'\nimport { AccountManager } from '../account-manager/account-manager.js'\nimport { ActorStore } from '../actor-store/actor-store.js'\nimport { Sequencer } from '../sequencer/index.js'\n\nexport interface RebuildContext {\n sequencer: Sequencer\n accountManager: AccountManager\n actorStore: ActorStore\n}\n\nexport const rebuildRepoScript = async (\n ctx: RebuildContext,\n args: string[],\n) => {\n const did = args[0]\n assert(isDidString(did), 'Expected DID as argument')\n return rebuildRepo(ctx, did, true)\n}\n\nexport const rebuildRepo = async (\n ctx: RebuildContext,\n did: DidString,\n promptUser: boolean,\n) => {\n const memoryStore = new MemoryBlockstore()\n const commit = await ctx.actorStore.transact(did, async (store) => {\n const rootDetails = await store.repo.storage.getRootDetailed()\n const records = await store.record.listAll()\n const existingCids = await store.record.listExistingBlocks()\n\n // increment existing rev by 1 ms\n const revTid = TID.fromStr(rootDetails.rev)\n const rev = TID.fromTime(\n revTid.timestamp() + 1,\n revTid.clockid(),\n ).toString()\n\n let mst = await MST.create(memoryStore)\n for (const record of records) {\n mst = await mst.add(record.path, record.cid)\n }\n const newBlocks = new BlockMap()\n for await (const node of mst.walk()) {\n if (node.isTree()) {\n const pointer = await node.getPointer()\n if (!existingCids.has(pointer)) {\n const serialized = await node.serialize()\n newBlocks.set(serialized.cid, serialized.bytes)\n }\n }\n }\n const mstCids = await mst.allCids()\n const toDelete = new CidSet(existingCids.toList()).subtractSet(mstCids)\n const newCommit = await signCommit(\n {\n did,\n version: 3,\n rev,\n prev: null,\n data: await mst.getPointer(),\n },\n store.repo.signingKey,\n )\n const commitCid = await newBlocks.add(newCommit)\n\n if (promptUser) {\n console.log('Record count: ', records.length)\n console.log('Existing blocks: ', existingCids.toList().length)\n console.log('Deleting blocks:', toDelete.toList().length)\n console.log('Adding blocks: ', newBlocks.size)\n\n const shouldContinue = await promptContinue()\n if (!shouldContinue) {\n throw new Error('Aborted')\n }\n }\n\n await store.repo.storage.deleteMany(toDelete.toList())\n await store.repo.storage.putMany(newBlocks, rev)\n await store.repo.storage.updateRoot(commitCid, rev)\n return {\n cid: commitCid,\n rev,\n since: null,\n prev: null,\n newBlocks,\n relevantBlocks: newBlocks,\n removedCids: toDelete,\n ops: [],\n blobs: new CidSet(),\n prevData: null,\n }\n })\n await ctx.accountManager.updateRepoRoot(did, commit.cid, commit.rev)\n const syncData = await ctx.actorStore.read(did, (store) =>\n store.repo.getSyncEventData(),\n )\n await ctx.sequencer.sequenceSync(did, syncData)\n}\n\nconst promptContinue = async (): Promise<boolean> => {\n const rl = readline.createInterface({\n input: process.stdin,\n output: process.stdout,\n })\n const answer = await rl.question('Continue? y/n ')\n return answer === ''\n}\n"]}
|
|
@@ -65,14 +65,14 @@ const rotateKeysForRepos = async (ctx, dids, concurrency, onSuccess) => {
|
|
|
65
65
|
return;
|
|
66
66
|
}
|
|
67
67
|
try {
|
|
68
|
-
await ctx.sequencer.
|
|
68
|
+
await ctx.sequencer.sequenceIdentity(did);
|
|
69
69
|
}
|
|
70
70
|
catch (err) {
|
|
71
71
|
console.error(`failed to sequence new identity evt for ${did}: ${err}`);
|
|
72
72
|
return;
|
|
73
73
|
}
|
|
74
74
|
try {
|
|
75
|
-
await ctx.sequencer.
|
|
75
|
+
await ctx.sequencer.sequenceSync(did, syncData);
|
|
76
76
|
}
|
|
77
77
|
catch (err) {
|
|
78
78
|
console.error(`failed to sequence for ${did}: ${err}`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rotate-keys.js","sourceRoot":"","sources":["../../src/scripts/rotate-keys.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAA;AAChC,OAAO,EAAE,MAAM,kBAAkB,CAAA;AAEjC,OAAO,MAAM,MAAM,SAAS,CAAA;AAI5B,OAAO,EAAa,WAAW,EAAE,MAAM,cAAc,CAAA;AAIrD,OAAO,EAAE,6BAA6B,EAAE,MAAM,qCAAqC,CAAA;AACnF,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAA;AAWvC,MAAM,CAAC,MAAM,UAAU,GAAG,KAAK,EAAE,GAAsB,EAAE,IAAc,EAAE,EAAE;IACzE,MAAM,IAAI,GAAG,IAAI,CAAA;IACjB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,4BAA4B,CAAC,CAAA;IAC7D,MAAM,kBAAkB,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,CAAA;AACzC,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EACrC,GAAsB,EACtB,IAAc,EACd,EAAE;IACF,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;IACxB,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IACD,MAAM,WAAW,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;IACvD,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACxC,MAAM,IAAI,GAAG,IAAI;SACd,QAAQ,EAAE;SACV,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;SACxB,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAA;IAE7C,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,4BAA4B,CAAC,CAAA;IAE7D,MAAM,kBAAkB,CAAC,GAAG,EAAE,IAAI,EAAE,WAAW,CAAC,CAAA;AAClD,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EACrC,GAAsB,EACtB,IAAc,EACd,EAAE;IACF,MAAM,WAAW,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;IAEvD,MAAM,UAAU,GAAG,MAAM,6BAA6B,CACpD,GAAG,CAAC,SAAS,CAAC,UAAU,CACzB,CAAA;IACD,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,EAAE;SAC7B,UAAU,CAAC,aAAa,CAAC;SACzB,MAAM,CAAC,KAAK,CAAC;SACb,KAAK,CAAC,uBAAuB,EAAE,GAAG,EAAE,CAAC,CAAC;SACtC,OAAO,EAAE,CAAA;IACZ,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAgB,CAAC,CAAA;IAEhD,MAAM,kBAAkB,CAAC,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QAC7D,MAAM,UAAU,CAAC,EAAE;aAChB,WAAW,CAAC,aAAa,CAAC;aAC1B,GAAG,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC;aACrB,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;aACtB,OAAO,EAAE,CAAA;IACd,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA;AAED,MAAM,kBAAkB,GAAG,KAAK,EAC9B,GAAsB,EACtB,IAAiB,EACjB,WAAmB,EACnB,SAA6C,EAC7C,EAAE;IACF,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,EAAE,WAAW,EAAE,CAAC,CAAA;IACzC,IAAI,SAAS,GAAG,CAAC,CAAA;IACjB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,KAAK,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE;YACnB,IAAI,CAAC;gBACH,MAAM,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;YACrC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,4BAA4B,GAAG,KAAK,GAAG,EAAE,CAAC,CAAA;gBACxD,OAAM;YACR,CAAC;YACD,IAAI,QAAqB,CAAA;YACzB,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE;oBAC/D,MAAM,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC,CAAA;oBACrC,OAAO,QAAQ,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAA;gBACzC,CAAC,CAAC,CAAA;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,kCAAkC,GAAG,KAAK,GAAG,EAAE,CAAC,CAAA;gBAC9D,OAAM;YACR,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,GAAG,CAAC,SAAS,CAAC,
|
|
1
|
+
{"version":3,"file":"rotate-keys.js","sourceRoot":"","sources":["../../src/scripts/rotate-keys.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAA;AAChC,OAAO,EAAE,MAAM,kBAAkB,CAAA;AAEjC,OAAO,MAAM,MAAM,SAAS,CAAA;AAI5B,OAAO,EAAa,WAAW,EAAE,MAAM,cAAc,CAAA;AAIrD,OAAO,EAAE,6BAA6B,EAAE,MAAM,qCAAqC,CAAA;AACnF,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAA;AAWvC,MAAM,CAAC,MAAM,UAAU,GAAG,KAAK,EAAE,GAAsB,EAAE,IAAc,EAAE,EAAE;IACzE,MAAM,IAAI,GAAG,IAAI,CAAA;IACjB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,4BAA4B,CAAC,CAAA;IAC7D,MAAM,kBAAkB,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,CAAA;AACzC,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EACrC,GAAsB,EACtB,IAAc,EACd,EAAE;IACF,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;IACxB,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IACD,MAAM,WAAW,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;IACvD,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACxC,MAAM,IAAI,GAAG,IAAI;SACd,QAAQ,EAAE;SACV,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;SACxB,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAA;IAE7C,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,4BAA4B,CAAC,CAAA;IAE7D,MAAM,kBAAkB,CAAC,GAAG,EAAE,IAAI,EAAE,WAAW,CAAC,CAAA;AAClD,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EACrC,GAAsB,EACtB,IAAc,EACd,EAAE;IACF,MAAM,WAAW,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;IAEvD,MAAM,UAAU,GAAG,MAAM,6BAA6B,CACpD,GAAG,CAAC,SAAS,CAAC,UAAU,CACzB,CAAA;IACD,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,EAAE;SAC7B,UAAU,CAAC,aAAa,CAAC;SACzB,MAAM,CAAC,KAAK,CAAC;SACb,KAAK,CAAC,uBAAuB,EAAE,GAAG,EAAE,CAAC,CAAC;SACtC,OAAO,EAAE,CAAA;IACZ,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAgB,CAAC,CAAA;IAEhD,MAAM,kBAAkB,CAAC,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QAC7D,MAAM,UAAU,CAAC,EAAE;aAChB,WAAW,CAAC,aAAa,CAAC;aAC1B,GAAG,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC;aACrB,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;aACtB,OAAO,EAAE,CAAA;IACd,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA;AAED,MAAM,kBAAkB,GAAG,KAAK,EAC9B,GAAsB,EACtB,IAAiB,EACjB,WAAmB,EACnB,SAA6C,EAC7C,EAAE;IACF,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,EAAE,WAAW,EAAE,CAAC,CAAA;IACzC,IAAI,SAAS,GAAG,CAAC,CAAA;IACjB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,KAAK,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE;YACnB,IAAI,CAAC;gBACH,MAAM,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;YACrC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,4BAA4B,GAAG,KAAK,GAAG,EAAE,CAAC,CAAA;gBACxD,OAAM;YACR,CAAC;YACD,IAAI,QAAqB,CAAA;YACzB,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE;oBAC/D,MAAM,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC,CAAA;oBACrC,OAAO,QAAQ,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAA;gBACzC,CAAC,CAAC,CAAA;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,kCAAkC,GAAG,KAAK,GAAG,EAAE,CAAC,CAAA;gBAC9D,OAAM;YACR,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;YAC3C,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,2CAA2C,GAAG,KAAK,GAAG,EAAE,CAAC,CAAA;gBACvE,OAAM;YACR,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;YACjD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,0BAA0B,GAAG,KAAK,GAAG,EAAE,CAAC,CAAA;gBACtD,OAAM;YACR,CAAC;YACD,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,SAAS,CAAC,GAAG,CAAC,CAAA;YACtB,CAAC;YACD,SAAS,EAAE,CAAA;YACX,IAAI,SAAS,GAAG,EAAE,KAAK,CAAC,EAAE,CAAC;gBACzB,OAAO,CAAC,GAAG,CAAC,GAAG,SAAS,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,CAAA;YAC5C,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IACD,MAAM,KAAK,CAAC,MAAM,EAAE,CAAA;IACpB,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;AACrB,CAAC,CAAA;AAED,MAAM,mBAAmB,GAAG,KAAK,EAAE,GAAsB,EAAE,GAAc,EAAE,EAAE;IAC3E,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAClD,MAAM,cAAc,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,iBAAiB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;IAC5E,IAAI,QAAQ,CAAC,GAAG,EAAE,KAAK,cAAc,EAAE,CAAC;QACtC,qBAAqB;QACrB,OAAM;IACR,CAAC;IACD,IAAI,GAAG,CAAC,kBAAkB,EAAE,CAAC;QAC3B,MAAM,GAAG,CAAC,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC;YACzE,GAAG;YACH,UAAU,EAAE,QAAQ,CAAC,GAAG,EAAE;SAC3B,CAAC,CAAA;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAClC,GAAG,EACH,GAAG,CAAC,cAAc,EAClB,QAAQ,CAAC,GAAG,EAAE,CACf,CAAA;IACH,CAAC;AACH,CAAC,CAAA","sourcesContent":["import assert from 'node:assert'\nimport fs from 'node:fs/promises'\nimport * as plc from '@did-plc/lib'\nimport PQueue from 'p-queue'\nimport AtpAgent from '@atproto/api'\nimport { Keypair } from '@atproto/crypto'\nimport { IdResolver } from '@atproto/identity'\nimport { DidString, isDidString } from '@atproto/lex'\nimport { ActorStore } from '../actor-store/actor-store.js'\nimport { SyncEvtData } from '../repo/index.js'\nimport { Sequencer } from '../sequencer/index.js'\nimport { getRecoveryDbFromSequencerLoc } from './sequencer-recovery/recovery-db.js'\nimport { parseIntArg } from './util.js'\n\nexport type RotateKeysContext = {\n sequencer: Sequencer\n actorStore: ActorStore\n idResolver: IdResolver\n plcClient: plc.Client\n plcRotationKey: Keypair\n entrywayAdminAgent?: AtpAgent\n}\n\nexport const rotateKeys = async (ctx: RotateKeysContext, args: string[]) => {\n const dids = args\n assert(dids.every(isDidString), 'All arguments must be DIDs')\n await rotateKeysForRepos(ctx, dids, 10)\n}\n\nexport const rotateKeysFromFile = async (\n ctx: RotateKeysContext,\n args: string[],\n) => {\n const filepath = args[0]\n if (!filepath) {\n throw new Error('Expected filepath as argument')\n }\n const concurrency = args[1] ? parseIntArg(args[1]) : 25\n const file = await fs.readFile(filepath)\n const dids = file\n .toString()\n .split('\\n')\n .map((did) => did.trim())\n .filter((did) => did.startsWith('did:plc'))\n\n assert(dids.every(isDidString), 'File contains invalid DIDs')\n\n await rotateKeysForRepos(ctx, dids, concurrency)\n}\n\nexport const rotateKeysRecovery = async (\n ctx: RotateKeysContext,\n args: string[],\n) => {\n const concurrency = args[1] ? parseIntArg(args[0]) : 10\n\n const recoveryDb = await getRecoveryDbFromSequencerLoc(\n ctx.sequencer.dbLocation,\n )\n const rows = await recoveryDb.db\n .selectFrom('new_account')\n .select('did')\n .where('new_account.published', '=', 0)\n .execute()\n const dids = rows.map((r) => r.did as DidString)\n\n await rotateKeysForRepos(ctx, dids, concurrency, async (did) => {\n await recoveryDb.db\n .updateTable('new_account')\n .set({ published: 1 })\n .where('did', '=', did)\n .execute()\n })\n}\n\nconst rotateKeysForRepos = async (\n ctx: RotateKeysContext,\n dids: DidString[],\n concurrency: number,\n onSuccess?: (did: DidString) => Promise<void>,\n) => {\n const queue = new PQueue({ concurrency })\n let completed = 0\n for (const did of dids) {\n queue.add(async () => {\n try {\n await updatePlcSigningKey(ctx, did)\n } catch (err) {\n console.error(`failed to update key for ${did}: ${err}`)\n return\n }\n let syncData: SyncEvtData\n try {\n syncData = await ctx.actorStore.transact(did, async (actorTxn) => {\n await actorTxn.repo.processWrites([])\n return actorTxn.repo.getSyncEventData()\n })\n } catch (err) {\n console.error(`failed to write new commit for ${did}: ${err}`)\n return\n }\n try {\n await ctx.sequencer.sequenceIdentity(did)\n } catch (err) {\n console.error(`failed to sequence new identity evt for ${did}: ${err}`)\n return\n }\n try {\n await ctx.sequencer.sequenceSync(did, syncData)\n } catch (err) {\n console.error(`failed to sequence for ${did}: ${err}`)\n return\n }\n if (onSuccess) {\n await onSuccess(did)\n }\n completed++\n if (completed % 10 === 0) {\n console.log(`${completed}/${dids.length}`)\n }\n })\n }\n await queue.onIdle()\n console.log('DONE')\n}\n\nconst updatePlcSigningKey = async (ctx: RotateKeysContext, did: DidString) => {\n const updateTo = await ctx.actorStore.keypair(did)\n const currSigningKey = await ctx.idResolver.did.resolveAtprotoKey(did, true)\n if (updateTo.did() === currSigningKey) {\n // already up to date\n return\n }\n if (ctx.entrywayAdminAgent) {\n await ctx.entrywayAdminAgent.api.com.atproto.admin.updateAccountSigningKey({\n did,\n signingKey: updateTo.did(),\n })\n } else {\n await ctx.plcClient.updateAtprotoKey(\n did,\n ctx.plcRotationKey,\n updateTo.did(),\n )\n }\n}\n"]}
|
|
@@ -119,12 +119,14 @@ const processRepoCreation = async (ctx, evt, writes, blocks) => {
|
|
|
119
119
|
};
|
|
120
120
|
const processAccountEvt = async (ctx, evt) => {
|
|
121
121
|
// do not need to process deactivation/takedowns because we backup account DB as well
|
|
122
|
-
if (evt.status
|
|
123
|
-
|
|
122
|
+
if (evt.status === AccountStatus.Deleted) {
|
|
123
|
+
// In case an account deletion was sequenced, let's make sure to (first)
|
|
124
|
+
// delete the accounts database, and (then) unlink the actor store from the
|
|
125
|
+
// file system. Order matters here.
|
|
126
|
+
await ctx.accountManager.deleteAccount(evt.did);
|
|
127
|
+
const { directory } = await ctx.actorStore.getLocation(evt.did);
|
|
128
|
+
await rmIfExists(directory, true);
|
|
124
129
|
}
|
|
125
|
-
const { directory } = await ctx.actorStore.getLocation(evt.did);
|
|
126
|
-
await rmIfExists(directory, true);
|
|
127
|
-
await ctx.accountManager.deleteAccount(evt.did);
|
|
128
130
|
};
|
|
129
131
|
const trackBlobs = async (store, writes) => {
|
|
130
132
|
await store.repo.blob.deleteDereferencedBlobs(writes);
|