@atproto/pds 0.5.3 → 0.5.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (275) hide show
  1. package/CHANGELOG.md +39 -0
  2. package/dist/account-manager/account-manager.d.ts +1 -1
  3. package/dist/account-manager/account-manager.d.ts.map +1 -1
  4. package/dist/account-manager/account-manager.js +16 -19
  5. package/dist/account-manager/account-manager.js.map +1 -1
  6. package/dist/account-manager/db/index.d.ts.map +1 -1
  7. package/dist/account-manager/db/migrations/index.d.ts.map +1 -1
  8. package/dist/account-manager/helpers/account-device.d.ts +91 -91
  9. package/dist/account-manager/helpers/account.d.ts +7 -7
  10. package/dist/account-manager/helpers/account.d.ts.map +1 -1
  11. package/dist/account-manager/helpers/auth.d.ts.map +1 -1
  12. package/dist/account-manager/helpers/authorization-request.d.ts.map +1 -1
  13. package/dist/account-manager/helpers/device.d.ts +1 -1
  14. package/dist/account-manager/helpers/device.d.ts.map +1 -1
  15. package/dist/account-manager/helpers/email-token.d.ts.map +1 -1
  16. package/dist/account-manager/helpers/invite.d.ts +1 -1
  17. package/dist/account-manager/helpers/invite.d.ts.map +1 -1
  18. package/dist/account-manager/helpers/password.d.ts.map +1 -1
  19. package/dist/account-manager/helpers/repo.d.ts.map +1 -1
  20. package/dist/account-manager/helpers/scrypt.d.ts.map +1 -1
  21. package/dist/account-manager/helpers/token.d.ts +457 -457
  22. package/dist/account-manager/helpers/token.d.ts.map +1 -1
  23. package/dist/account-manager/helpers/used-refresh-token.d.ts.map +1 -1
  24. package/dist/account-manager/oauth-store.d.ts.map +1 -1
  25. package/dist/account-manager/oauth-store.js +46 -26
  26. package/dist/account-manager/oauth-store.js.map +1 -1
  27. package/dist/account-manager/scope-reference-getter.d.ts.map +1 -1
  28. package/dist/account-manager/scope-reference-getter.js.map +1 -1
  29. package/dist/actor-store/actor-store-reader.d.ts.map +1 -1
  30. package/dist/actor-store/actor-store-reader.js.map +1 -1
  31. package/dist/actor-store/actor-store-transactor.d.ts.map +1 -1
  32. package/dist/actor-store/actor-store-transactor.js.map +1 -1
  33. package/dist/actor-store/actor-store-writer.d.ts.map +1 -1
  34. package/dist/actor-store/actor-store.d.ts.map +1 -1
  35. package/dist/actor-store/actor-store.js.map +1 -1
  36. package/dist/actor-store/blob/reader.d.ts.map +1 -1
  37. package/dist/actor-store/blob/reader.js.map +1 -1
  38. package/dist/actor-store/blob/transactor.d.ts.map +1 -1
  39. package/dist/actor-store/blob/transactor.js.map +1 -1
  40. package/dist/actor-store/db/index.d.ts.map +1 -1
  41. package/dist/actor-store/db/migrations/index.d.ts.map +1 -1
  42. package/dist/actor-store/migrate.d.ts.map +1 -1
  43. package/dist/actor-store/preference/reader.d.ts.map +1 -1
  44. package/dist/actor-store/preference/reader.js.map +1 -1
  45. package/dist/actor-store/preference/transactor.d.ts.map +1 -1
  46. package/dist/actor-store/record/reader.d.ts +3 -3
  47. package/dist/actor-store/record/reader.d.ts.map +1 -1
  48. package/dist/actor-store/record/reader.js.map +1 -1
  49. package/dist/actor-store/record/transactor.d.ts.map +1 -1
  50. package/dist/actor-store/record/transactor.js.map +1 -1
  51. package/dist/actor-store/repo/reader.d.ts.map +1 -1
  52. package/dist/actor-store/repo/reader.js.map +1 -1
  53. package/dist/actor-store/repo/sql-repo-reader.d.ts +1 -1
  54. package/dist/actor-store/repo/sql-repo-reader.d.ts.map +1 -1
  55. package/dist/actor-store/repo/sql-repo-transactor.d.ts.map +1 -1
  56. package/dist/actor-store/repo/transactor.d.ts.map +1 -1
  57. package/dist/actor-store/repo/transactor.js.map +1 -1
  58. package/dist/api/app/bsky/util/resolver.d.ts +4 -4
  59. package/dist/api/app/bsky/util/resolver.d.ts.map +1 -1
  60. package/dist/api/com/atproto/admin/deleteAccount.d.ts.map +1 -1
  61. package/dist/api/com/atproto/admin/deleteAccount.js +9 -4
  62. package/dist/api/com/atproto/admin/deleteAccount.js.map +1 -1
  63. package/dist/api/com/atproto/admin/getInviteCodes.d.ts.map +1 -1
  64. package/dist/api/com/atproto/admin/updateSubjectStatus.js +1 -1
  65. package/dist/api/com/atproto/admin/updateSubjectStatus.js.map +1 -1
  66. package/dist/api/com/atproto/identity/submitPlcOperation.js +1 -1
  67. package/dist/api/com/atproto/identity/submitPlcOperation.js.map +1 -1
  68. package/dist/api/com/atproto/server/activateAccount.js +1 -3
  69. package/dist/api/com/atproto/server/activateAccount.js.map +1 -1
  70. package/dist/api/com/atproto/server/createAccount.d.ts.map +1 -1
  71. package/dist/api/com/atproto/server/createAccount.js +61 -45
  72. package/dist/api/com/atproto/server/createAccount.js.map +1 -1
  73. package/dist/api/com/atproto/server/deactivateAccount.js +1 -1
  74. package/dist/api/com/atproto/server/deactivateAccount.js.map +1 -1
  75. package/dist/api/com/atproto/server/deleteAccount.d.ts.map +1 -1
  76. package/dist/api/com/atproto/server/deleteAccount.js +9 -4
  77. package/dist/api/com/atproto/server/deleteAccount.js.map +1 -1
  78. package/dist/api/com/atproto/server/util.d.ts.map +1 -1
  79. package/dist/api/com/atproto/sync/getRepo.d.ts.map +1 -1
  80. package/dist/api/com/atproto/sync/getRepo.js +5 -1
  81. package/dist/api/com/atproto/sync/getRepo.js.map +1 -1
  82. package/dist/api/com/atproto/sync/listRepos.d.ts.map +1 -1
  83. package/dist/api/com/atproto/sync/util.d.ts.map +1 -1
  84. package/dist/api/proxy.d.ts.map +1 -1
  85. package/dist/app-view.d.ts.map +1 -1
  86. package/dist/auth-routes.d.ts.map +1 -1
  87. package/dist/auth-verifier.d.ts.map +1 -1
  88. package/dist/background.d.ts.map +1 -1
  89. package/dist/basic-routes.d.ts.map +1 -1
  90. package/dist/bsky-app-view.d.ts.map +1 -1
  91. package/dist/config/config.d.ts.map +1 -1
  92. package/dist/config/env.d.ts.map +1 -1
  93. package/dist/config/secrets.d.ts.map +1 -1
  94. package/dist/context.d.ts.map +1 -1
  95. package/dist/crawlers.d.ts.map +1 -1
  96. package/dist/db/db.d.ts.map +1 -1
  97. package/dist/db/migrator.d.ts.map +1 -1
  98. package/dist/db/migrator.js.map +1 -1
  99. package/dist/db/pagination.d.ts +1 -1
  100. package/dist/db/pagination.d.ts.map +1 -1
  101. package/dist/db/pagination.js.map +1 -1
  102. package/dist/db/util.d.ts.map +1 -1
  103. package/dist/did-cache/db/index.d.ts.map +1 -1
  104. package/dist/did-cache/db/migrations.d.ts.map +1 -1
  105. package/dist/did-cache/index.d.ts.map +1 -1
  106. package/dist/did-cache/index.js.map +1 -1
  107. package/dist/disk-blobstore.d.ts.map +1 -1
  108. package/dist/disk-blobstore.js.map +1 -1
  109. package/dist/handle/explicit-slurs.d.ts.map +1 -1
  110. package/dist/handle/index.d.ts.map +1 -1
  111. package/dist/image/image-url-builder.d.ts.map +1 -1
  112. package/dist/image/image-url-builder.js.map +1 -1
  113. package/dist/index.d.ts.map +1 -1
  114. package/dist/index.js +4 -39
  115. package/dist/index.js.map +1 -1
  116. package/dist/lexicons/app/bsky/actor/defs.defs.d.ts +75 -155
  117. package/dist/lexicons/app/bsky/actor/defs.defs.d.ts.map +1 -1
  118. package/dist/lexicons/app/bsky/actor/profile.defs.d.ts +100 -300
  119. package/dist/lexicons/app/bsky/actor/profile.defs.d.ts.map +1 -1
  120. package/dist/lexicons/app/bsky/actor/status.defs.d.ts +40 -40
  121. package/dist/lexicons/app/bsky/actor/status.defs.d.ts.map +1 -1
  122. package/dist/lexicons/app/bsky/authCreatePosts.defs.d.ts +1 -1
  123. package/dist/lexicons/app/bsky/authDeleteContent.defs.d.ts +1 -1
  124. package/dist/lexicons/app/bsky/authFullApp.defs.d.ts +1 -1
  125. package/dist/lexicons/app/bsky/authManageFeedDeclarations.defs.d.ts +1 -1
  126. package/dist/lexicons/app/bsky/authManageLabelerService.defs.d.ts +1 -1
  127. package/dist/lexicons/app/bsky/authManageModeration.defs.d.ts +1 -1
  128. package/dist/lexicons/app/bsky/authManageNotifications.defs.d.ts +1 -1
  129. package/dist/lexicons/app/bsky/authManageProfile.defs.d.ts +1 -1
  130. package/dist/lexicons/app/bsky/authViewAll.defs.d.ts +1 -1
  131. package/dist/lexicons/app/bsky/draft/defs.defs.d.ts +4 -4
  132. package/dist/lexicons/app/bsky/draft/defs.defs.d.ts.map +1 -1
  133. package/dist/lexicons/app/bsky/embed/external.defs.d.ts +10 -10
  134. package/dist/lexicons/app/bsky/embed/gallery.defs.d.ts +10 -42
  135. package/dist/lexicons/app/bsky/embed/gallery.defs.d.ts.map +1 -1
  136. package/dist/lexicons/app/bsky/embed/images.defs.d.ts +10 -10
  137. package/dist/lexicons/app/bsky/embed/record.defs.d.ts +10 -10
  138. package/dist/lexicons/app/bsky/embed/recordWithMedia.defs.d.ts +10 -10
  139. package/dist/lexicons/app/bsky/embed/video.defs.d.ts +50 -162
  140. package/dist/lexicons/app/bsky/embed/video.defs.d.ts.map +1 -1
  141. package/dist/lexicons/app/bsky/feed/generator.defs.d.ts +80 -160
  142. package/dist/lexicons/app/bsky/feed/generator.defs.d.ts.map +1 -1
  143. package/dist/lexicons/app/bsky/feed/like.defs.d.ts +30 -30
  144. package/dist/lexicons/app/bsky/feed/like.defs.d.ts.map +1 -1
  145. package/dist/lexicons/app/bsky/feed/post.defs.d.ts +80 -200
  146. package/dist/lexicons/app/bsky/feed/post.defs.d.ts.map +1 -1
  147. package/dist/lexicons/app/bsky/feed/postgate.defs.d.ts +40 -80
  148. package/dist/lexicons/app/bsky/feed/postgate.defs.d.ts.map +1 -1
  149. package/dist/lexicons/app/bsky/feed/repost.defs.d.ts +30 -30
  150. package/dist/lexicons/app/bsky/feed/repost.defs.d.ts.map +1 -1
  151. package/dist/lexicons/app/bsky/feed/threadgate.defs.d.ts +30 -30
  152. package/dist/lexicons/app/bsky/feed/threadgate.defs.d.ts.map +1 -1
  153. package/dist/lexicons/app/bsky/graph/block.defs.d.ts +20 -20
  154. package/dist/lexicons/app/bsky/graph/block.defs.d.ts.map +1 -1
  155. package/dist/lexicons/app/bsky/graph/follow.defs.d.ts +30 -30
  156. package/dist/lexicons/app/bsky/graph/follow.defs.d.ts.map +1 -1
  157. package/dist/lexicons/app/bsky/graph/list.defs.d.ts +60 -60
  158. package/dist/lexicons/app/bsky/graph/list.defs.d.ts.map +1 -1
  159. package/dist/lexicons/app/bsky/graph/listblock.defs.d.ts +20 -20
  160. package/dist/lexicons/app/bsky/graph/listblock.defs.d.ts.map +1 -1
  161. package/dist/lexicons/app/bsky/graph/listitem.defs.d.ts +20 -20
  162. package/dist/lexicons/app/bsky/graph/listitem.defs.d.ts.map +1 -1
  163. package/dist/lexicons/app/bsky/graph/starterpack.defs.d.ts +50 -90
  164. package/dist/lexicons/app/bsky/graph/starterpack.defs.d.ts.map +1 -1
  165. package/dist/lexicons/app/bsky/graph/verification.defs.d.ts +30 -30
  166. package/dist/lexicons/app/bsky/graph/verification.defs.d.ts.map +1 -1
  167. package/dist/lexicons/app/bsky/labeler/service.defs.d.ts +50 -130
  168. package/dist/lexicons/app/bsky/labeler/service.defs.d.ts.map +1 -1
  169. package/dist/lexicons/app/bsky/notification/declaration.defs.d.ts +10 -10
  170. package/dist/lexicons/app/bsky/notification/declaration.defs.d.ts.map +1 -1
  171. package/dist/lexicons/app/bsky/richtext/facet.defs.d.ts +10 -10
  172. package/dist/lexicons/chat/bsky/actor/declaration.defs.d.ts +20 -20
  173. package/dist/lexicons/chat/bsky/actor/declaration.defs.d.ts.map +1 -1
  174. package/dist/lexicons/chat/bsky/authFullChatClient.defs.d.ts +1 -1
  175. package/dist/lexicons/chat/bsky/convo/defs.defs.d.ts +17 -0
  176. package/dist/lexicons/chat/bsky/convo/defs.defs.d.ts.map +1 -1
  177. package/dist/lexicons/chat/bsky/convo/defs.defs.js +11 -0
  178. package/dist/lexicons/chat/bsky/convo/defs.defs.js.map +1 -1
  179. package/dist/lexicons/chat/bsky/convo/sendMessage.defs.d.ts +1 -1
  180. package/dist/lexicons/chat/bsky/convo/sendMessage.defs.d.ts.map +1 -1
  181. package/dist/lexicons/chat/bsky/convo/sendMessage.defs.js +1 -0
  182. package/dist/lexicons/chat/bsky/convo/sendMessage.defs.js.map +1 -1
  183. package/dist/lexicons/chat/bsky/convo/sendMessageBatch.defs.d.ts +1 -1
  184. package/dist/lexicons/chat/bsky/convo/sendMessageBatch.defs.d.ts.map +1 -1
  185. package/dist/lexicons/chat/bsky/convo/sendMessageBatch.defs.js +1 -0
  186. package/dist/lexicons/chat/bsky/convo/sendMessageBatch.defs.js.map +1 -1
  187. package/dist/lexicons/chat/bsky/embed/joinLink.defs.d.ts +10 -42
  188. package/dist/lexicons/chat/bsky/embed/joinLink.defs.d.ts.map +1 -1
  189. package/dist/lexicons/com/atproto/lexicon/schema.defs.d.ts +10 -10
  190. package/dist/lexicons/com/atproto/lexicon/schema.defs.d.ts.map +1 -1
  191. package/dist/lexicons/com/atproto/repo/strongRef.defs.d.ts +10 -10
  192. package/dist/lexicons/com/germnetwork/declaration.defs.d.ts +40 -120
  193. package/dist/lexicons/com/germnetwork/declaration.defs.d.ts.map +1 -1
  194. package/dist/lexicons/site/standard/document.defs.d.ts +130 -450
  195. package/dist/lexicons/site/standard/document.defs.d.ts.map +1 -1
  196. package/dist/lexicons/site/standard/graph/recommend.defs.d.ts +10 -10
  197. package/dist/lexicons/site/standard/graph/recommend.defs.d.ts.map +1 -1
  198. package/dist/lexicons/site/standard/graph/subscription.defs.d.ts +20 -60
  199. package/dist/lexicons/site/standard/graph/subscription.defs.d.ts.map +1 -1
  200. package/dist/lexicons/site/standard/publication.defs.d.ts +60 -220
  201. package/dist/lexicons/site/standard/publication.defs.d.ts.map +1 -1
  202. package/dist/lexicons/site/standard/theme/basic.defs.d.ts +10 -10
  203. package/dist/lexicons/site/standard/theme/basic.defs.d.ts.map +1 -1
  204. package/dist/lexicons/tools/ozone/moderation/queryStatuses.defs.d.ts +2 -2
  205. package/dist/lexicons/tools/ozone/set/querySets.defs.d.ts +2 -2
  206. package/dist/logger.d.ts +14 -14
  207. package/dist/logger.d.ts.map +1 -1
  208. package/dist/mailer/index.d.ts.map +1 -1
  209. package/dist/mailer/index.js.map +1 -1
  210. package/dist/mailer/moderation.d.ts.map +1 -1
  211. package/dist/pipethrough.d.ts +1 -1
  212. package/dist/pipethrough.d.ts.map +1 -1
  213. package/dist/pipethrough.js.map +1 -1
  214. package/dist/rate-limits.d.ts +7 -0
  215. package/dist/rate-limits.d.ts.map +1 -0
  216. package/dist/rate-limits.js +50 -0
  217. package/dist/rate-limits.js.map +1 -0
  218. package/dist/read-after-write/util.d.ts.map +1 -1
  219. package/dist/read-after-write/viewer.d.ts +8 -8
  220. package/dist/read-after-write/viewer.d.ts.map +1 -1
  221. package/dist/read-after-write/viewer.js.map +1 -1
  222. package/dist/redis.d.ts.map +1 -1
  223. package/dist/repo/prepare.d.ts.map +1 -1
  224. package/dist/repo/types.d.ts.map +1 -1
  225. package/dist/repo/types.js.map +1 -1
  226. package/dist/scripts/index.d.ts.map +1 -1
  227. package/dist/scripts/publish-identity.d.ts.map +1 -1
  228. package/dist/scripts/publish-identity.js +1 -1
  229. package/dist/scripts/publish-identity.js.map +1 -1
  230. package/dist/scripts/rebuild-repo.d.ts.map +1 -1
  231. package/dist/scripts/rebuild-repo.js +1 -1
  232. package/dist/scripts/rebuild-repo.js.map +1 -1
  233. package/dist/scripts/rotate-keys.d.ts.map +1 -1
  234. package/dist/scripts/rotate-keys.js +2 -2
  235. package/dist/scripts/rotate-keys.js.map +1 -1
  236. package/dist/scripts/sequencer-recovery/index.d.ts.map +1 -1
  237. package/dist/scripts/sequencer-recovery/recoverer.d.ts.map +1 -1
  238. package/dist/scripts/sequencer-recovery/recoverer.js +7 -5
  239. package/dist/scripts/sequencer-recovery/recoverer.js.map +1 -1
  240. package/dist/scripts/sequencer-recovery/recovery-db.d.ts.map +1 -1
  241. package/dist/scripts/sequencer-recovery/repair-repos.d.ts.map +1 -1
  242. package/dist/scripts/sequencer-recovery/user-queues.d.ts.map +1 -1
  243. package/dist/scripts/util.d.ts.map +1 -1
  244. package/dist/sequencer/db/index.d.ts.map +1 -1
  245. package/dist/sequencer/db/migrations/index.d.ts.map +1 -1
  246. package/dist/sequencer/events.d.ts +19 -19
  247. package/dist/sequencer/events.d.ts.map +1 -1
  248. package/dist/sequencer/outbox.d.ts.map +1 -1
  249. package/dist/sequencer/outbox.js.map +1 -1
  250. package/dist/sequencer/sequencer.d.ts +8 -6
  251. package/dist/sequencer/sequencer.d.ts.map +1 -1
  252. package/dist/sequencer/sequencer.js +40 -21
  253. package/dist/sequencer/sequencer.js.map +1 -1
  254. package/dist/util/debug.d.ts.map +1 -1
  255. package/dist/well-known.d.ts.map +1 -1
  256. package/package.json +25 -26
  257. package/src/account-manager/account-manager.ts +26 -23
  258. package/src/account-manager/oauth-store.ts +55 -36
  259. package/src/api/com/atproto/admin/deleteAccount.ts +9 -7
  260. package/src/api/com/atproto/admin/updateSubjectStatus.ts +1 -1
  261. package/src/api/com/atproto/identity/submitPlcOperation.ts +1 -1
  262. package/src/api/com/atproto/server/activateAccount.ts +3 -3
  263. package/src/api/com/atproto/server/createAccount.ts +72 -63
  264. package/src/api/com/atproto/server/deactivateAccount.ts +1 -1
  265. package/src/api/com/atproto/server/deleteAccount.ts +9 -7
  266. package/src/api/com/atproto/sync/getRepo.ts +9 -1
  267. package/src/index.ts +3 -42
  268. package/src/rate-limits.ts +59 -0
  269. package/src/scripts/publish-identity.ts +1 -1
  270. package/src/scripts/rebuild-repo.ts +1 -1
  271. package/src/scripts/rotate-keys.ts +2 -2
  272. package/src/scripts/sequencer-recovery/recoverer.ts +9 -5
  273. package/src/sequencer/sequencer.ts +52 -23
  274. package/tests/db.test.ts +3 -3
  275. package/tsconfig.build.tsbuildinfo +1 -1
package/dist/api/com/atproto/admin/deleteAccount.js CHANGED
@@ -1,14 +1,19 @@
1
- import { AccountStatus } from '../../../../account-manager/account-manager.js';
2
1
  import { com } from '../../../../lexicons/index.js';
3
2
  export default function (server, ctx) {
4
3
  server.add(com.atproto.admin.deleteAccount, {
5
4
  auth: ctx.authVerifier.adminToken,
6
5
  handler: async ({ input }) => {
7
6
  const { did } = input.body;
8
- await ctx.actorStore.destroy(did);
7
+ // @NOTE Order matters here: first "unlink" the account by removing it
8
+ // from the account manager database ("source of truth"), then notify the
9
+ // sequencer, and finally cleanup files from the file system.
9
10
  await ctx.accountManager.deleteAccount(did);
10
- const accountSeq = await ctx.sequencer.sequenceAccountEvt(did, AccountStatus.Deleted);
11
- await ctx.sequencer.deleteAllForUser(did, [accountSeq]);
11
+ try {
12
+ await ctx.sequencer.sequenceAccountDeletion(did);
13
+ }
14
+ finally {
15
+ await ctx.actorStore.destroy(did);
16
+ }
12
17
  },
13
18
  });
14
19
  }
package/dist/api/com/atproto/admin/deleteAccount.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"deleteAccount.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/admin/deleteAccount.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,gDAAgD,CAAA;AAE9E,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AAEnD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE;QAC1C,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,UAAU;QACjC,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;YAC3B,MAAM,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,IAAI,CAAA;YAC1B,MAAM,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;YACjC,MAAM,GAAG,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;YAC3C,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC,kBAAkB,CACvD,GAAG,EACH,aAAa,CAAC,OAAO,CACtB,CAAA;YACD,MAAM,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;QACzD,CAAC;KACF,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import { Server } from '@atproto/xrpc-server'\nimport { AccountStatus } from '../../../../account-manager/account-manager.js'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.admin.deleteAccount, {\n auth: ctx.authVerifier.adminToken,\n handler: async ({ input }) => {\n const { did } = input.body\n await ctx.actorStore.destroy(did)\n await ctx.accountManager.deleteAccount(did)\n const accountSeq = await ctx.sequencer.sequenceAccountEvt(\n did,\n AccountStatus.Deleted,\n )\n await ctx.sequencer.deleteAllForUser(did, [accountSeq])\n },\n })\n}\n"]}
1
+ {"version":3,"file":"deleteAccount.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/admin/deleteAccount.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AAEnD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE;QAC1C,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,UAAU;QACjC,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;YAC3B,MAAM,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,IAAI,CAAA;YAE1B,sEAAsE;YACtE,yEAAyE;YACzE,6DAA6D;YAC7D,MAAM,GAAG,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;YAC3C,IAAI,CAAC;gBACH,MAAM,GAAG,CAAC,SAAS,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAA;YAClD,CAAC;oBAAS,CAAC;gBACT,MAAM,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;YACnC,CAAC;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import { Server } from '@atproto/xrpc-server'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.admin.deleteAccount, {\n auth: ctx.authVerifier.adminToken,\n handler: async ({ input }) => {\n const { did } = input.body\n\n // @NOTE Order matters here: first \"unlink\" the account by removing it\n // from the account manager database (\"source of truth\"), then notify the\n // sequencer, and finally cleanup files from the file system.\n await ctx.accountManager.deleteAccount(did)\n try {\n await ctx.sequencer.sequenceAccountDeletion(did)\n } finally {\n await ctx.actorStore.destroy(did)\n }\n },\n })\n}\n"]}
package/dist/api/com/atproto/admin/getInviteCodes.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"getInviteCodes.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/admin/getInviteCodes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAuB,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAKlE,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AACnD,OAAO,EACL,MAAM,EACN,aAAa,EACb,aAAa,EAEd,MAAM,8BAA8B,CAAA;AAGrC,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QAiDvD;AAgBD,KAAK,cAAc,GAAG;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAA;AAEzD,qBAAa,cAAe,SAAQ,aAAa,CAAC,cAAc,EAAE,MAAM,CAAC;IACvE,WAAW,CAAC,MAAM,EAAE,cAAc,GAAG,MAAM;IAG3C,qBAAqB,CAAC,OAAO,EAAE,MAAM;;;;IAMrC,qBAAqB,CAAC,MAAM,EAAE,MAAM;;;;CAUrC;AAED,KAAK,aAAa,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAA;AAEnD,qBAAa,aAAc,SAAQ,aAAa,CAAC,aAAa,EAAE,aAAa,CAAC;IAC5E,WAAW,CAAC,MAAM,EAAE,aAAa,GAAG,aAAa;IAGjD,qBAAqB,CAAC,OAAO,EAAE,MAAM;;;;IAMrC,qBAAqB,CAAC,MAAM,EAAE,MAAM;;;;CAUrC"}
1
+ {"version":3,"file":"getInviteCodes.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/admin/getInviteCodes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAuB,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAKlE,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AACnD,OAAO,EACL,MAAM,EACN,aAAa,EACb,aAAa,EAEd,MAAM,8BAA8B,CAAA;AAGrC,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QAiDvD;AAgBD,KAAK,cAAc,GAAG;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAA;AAEzD,qBAAa,cAAe,SAAQ,aAAa,CAAC,cAAc,EAAE,MAAM,CAAC;IACvE,WAAW,CAAC,MAAM,EAAE,cAAc,GAAG,MAAM,CAE1C;IACD,qBAAqB,CAAC,OAAO,EAAE,MAAM;QAEjC,OAAO;QACP,SAAS;MAEZ;IACD,qBAAqB,CAAC,MAAM,EAAE,MAAM;QAMhC,OAAO;QACP,SAAS;MAEZ;CACF;AAED,KAAK,aAAa,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAA;AAEnD,qBAAa,aAAc,SAAQ,aAAa,CAAC,aAAa,EAAE,aAAa,CAAC;IAC5E,WAAW,CAAC,MAAM,EAAE,aAAa,GAAG,aAAa,CAEhD;IACD,qBAAqB,CAAC,OAAO,EAAE,MAAM;QAEjC,OAAO;QACP,SAAS;MAEZ;IACD,qBAAqB,CAAC,MAAM,EAAE,MAAM;QAMhC,OAAO;QACP,SAAS;MAEZ;CACF"}
package/dist/api/com/atproto/admin/updateSubjectStatus.js CHANGED
@@ -38,7 +38,7 @@ export default function (server, ctx) {
38
38
  }
39
39
  if (com.atproto.admin.defs.repoRef.$isTypeOf(subject)) {
40
40
  const status = await ctx.accountManager.getAccountStatus(subject.did);
41
- await ctx.sequencer.sequenceAccountEvt(subject.did, status);
41
+ await ctx.sequencer.sequenceAccount(subject.did, status);
42
42
  }
43
43
  return {
44
44
  encoding: 'application/json',
package/dist/api/com/atproto/admin/updateSubjectStatus.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"updateSubjectStatus.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/admin/updateSubjectStatus.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAA;AAC5C,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAA;AACvC,OAAO,EAAE,mBAAmB,EAAU,MAAM,sBAAsB,CAAA;AAElE,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AAEnD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,mBAAmB,EAAE;QAChD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,SAAS;QAChC,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;YAC3B,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,KAAK,CAAC,IAAI,CAAA;YACrD,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtD,MAAM,GAAG,CAAC,cAAc,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;gBACjE,CAAC;qBAAM,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;oBACzD,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;oBAClC,MAAM,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;wBAC1D,MAAM,KAAK,CAAC,MAAM,CAAC,0BAA0B,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;oBAC9D,CAAC,CAAC,CAAA;gBACJ,CAAC;qBAAM,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;oBACjE,MAAM,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;wBACzD,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAC5C,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EACrB,QAAQ,CACT,CAAA;oBACH,CAAC,CAAC,CAAA;gBACJ,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,mBAAmB,CAAC,oBAAoB,OAAO,CAAC,KAAK,GAAG,CAAC,CAAA;gBACrE,CAAC;YACH,CAAC;YAED,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtD,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;wBACxB,MAAM,GAAG,CAAC,cAAc,CAAC,iBAAiB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;oBAC/D,CAAC;yBAAM,CAAC;wBACN,MAAM,GAAG,CAAC,cAAc,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;oBACvD,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;gBACtD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,gBAAgB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBACrE,MAAM,GAAG,CAAC,SAAS,CAAC,kBAAkB,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;YAC7D,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE,kBAA2B;gBACrC,IAAI,EAAE;oBACJ,OAAO;oBACP,QAAQ;iBACT;aACF,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import { parseCid } from '@atproto/lex-data'\nimport { AtUri } from '@atproto/syntax'\nimport { InvalidRequestError, Server } from '@atproto/xrpc-server'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.admin.updateSubjectStatus, {\n auth: ctx.authVerifier.moderator,\n handler: async ({ input }) => {\n const { subject, takedown, deactivated } = input.body\n if (takedown) {\n if (com.atproto.admin.defs.repoRef.$isTypeOf(subject)) {\n await ctx.accountManager.takedownAccount(subject.did, takedown)\n } else if (com.atproto.repo.strongRef.$isTypeOf(subject)) {\n const uri = new AtUri(subject.uri)\n await ctx.actorStore.transact(uri.hostname, async (store) => {\n await store.record.updateRecordTakedownStatus(uri, takedown)\n })\n } else if (com.atproto.admin.defs.repoBlobRef.$isTypeOf(subject)) {\n await ctx.actorStore.transact(subject.did, async (store) => {\n await store.repo.blob.updateBlobTakedownStatus(\n parseCid(subject.cid),\n takedown,\n )\n })\n } else {\n throw new InvalidRequestError(`Invalid subject (${subject.$type})`)\n }\n }\n\n if (deactivated) {\n if (com.atproto.admin.defs.repoRef.$isTypeOf(subject)) {\n if (deactivated.applied) {\n await ctx.accountManager.deactivateAccount(subject.did, null)\n } else {\n await ctx.accountManager.activateAccount(subject.did)\n }\n }\n }\n\n if (com.atproto.admin.defs.repoRef.$isTypeOf(subject)) {\n const status = await ctx.accountManager.getAccountStatus(subject.did)\n await ctx.sequencer.sequenceAccountEvt(subject.did, status)\n }\n\n return {\n encoding: 'application/json' as const,\n body: {\n subject,\n takedown,\n },\n }\n },\n })\n}\n"]}
1
+ {"version":3,"file":"updateSubjectStatus.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/admin/updateSubjectStatus.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAA;AAC5C,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAA;AACvC,OAAO,EAAE,mBAAmB,EAAU,MAAM,sBAAsB,CAAA;AAElE,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AAEnD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,mBAAmB,EAAE;QAChD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,SAAS;QAChC,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;YAC3B,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,KAAK,CAAC,IAAI,CAAA;YACrD,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtD,MAAM,GAAG,CAAC,cAAc,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;gBACjE,CAAC;qBAAM,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;oBACzD,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;oBAClC,MAAM,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;wBAC1D,MAAM,KAAK,CAAC,MAAM,CAAC,0BAA0B,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;oBAC9D,CAAC,CAAC,CAAA;gBACJ,CAAC;qBAAM,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;oBACjE,MAAM,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;wBACzD,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAC5C,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EACrB,QAAQ,CACT,CAAA;oBACH,CAAC,CAAC,CAAA;gBACJ,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,mBAAmB,CAAC,oBAAoB,OAAO,CAAC,KAAK,GAAG,CAAC,CAAA;gBACrE,CAAC;YACH,CAAC;YAED,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtD,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;wBACxB,MAAM,GAAG,CAAC,cAAc,CAAC,iBAAiB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;oBAC/D,CAAC;yBAAM,CAAC;wBACN,MAAM,GAAG,CAAC,cAAc,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;oBACvD,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;gBACtD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,gBAAgB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBACrE,MAAM,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;YAC1D,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE,kBAA2B;gBACrC,IAAI,EAAE;oBACJ,OAAO;oBACP,QAAQ;iBACT;aACF,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import { parseCid } from '@atproto/lex-data'\nimport { AtUri } from '@atproto/syntax'\nimport { InvalidRequestError, Server } from '@atproto/xrpc-server'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.admin.updateSubjectStatus, {\n auth: ctx.authVerifier.moderator,\n handler: async ({ input }) => {\n const { subject, takedown, deactivated } = input.body\n if (takedown) {\n if (com.atproto.admin.defs.repoRef.$isTypeOf(subject)) {\n await ctx.accountManager.takedownAccount(subject.did, takedown)\n } else if (com.atproto.repo.strongRef.$isTypeOf(subject)) {\n const uri = new AtUri(subject.uri)\n await ctx.actorStore.transact(uri.hostname, async (store) => {\n await store.record.updateRecordTakedownStatus(uri, takedown)\n })\n } else if (com.atproto.admin.defs.repoBlobRef.$isTypeOf(subject)) {\n await ctx.actorStore.transact(subject.did, async (store) => {\n await store.repo.blob.updateBlobTakedownStatus(\n parseCid(subject.cid),\n takedown,\n )\n })\n } else {\n throw new InvalidRequestError(`Invalid subject (${subject.$type})`)\n }\n }\n\n if (deactivated) {\n if (com.atproto.admin.defs.repoRef.$isTypeOf(subject)) {\n if (deactivated.applied) {\n await ctx.accountManager.deactivateAccount(subject.did, null)\n } else {\n await ctx.accountManager.activateAccount(subject.did)\n }\n }\n }\n\n if (com.atproto.admin.defs.repoRef.$isTypeOf(subject)) {\n const status = await ctx.accountManager.getAccountStatus(subject.did)\n await ctx.sequencer.sequenceAccount(subject.did, status)\n }\n\n return {\n encoding: 'application/json' as const,\n body: {\n subject,\n takedown,\n },\n }\n },\n })\n}\n"]}
package/dist/api/com/atproto/identity/submitPlcOperation.js CHANGED
@@ -38,7 +38,7 @@ export default function (server, ctx) {
38
38
  throw new InvalidRequestError('Incorrect handle in alsoKnownAs');
39
39
  }
40
40
  await ctx.plcClient.sendOperation(requester, op);
41
- await ctx.sequencer.sequenceIdentityEvt(requester);
41
+ await ctx.sequencer.sequenceIdentity(requester);
42
42
  try {
43
43
  await ctx.idResolver.did.resolve(requester, true);
44
44
  }
package/dist/api/com/atproto/identity/submitPlcOperation.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"submitPlcOperation.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/identity/submitPlcOperation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,cAAc,CAAA;AACnC,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAA;AACvC,OAAO,EAAE,mBAAmB,EAAU,MAAM,sBAAsB,CAAA;AAElE,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACnD,OAAO,EAAE,UAAU,IAAI,GAAG,EAAE,MAAM,uBAAuB,CAAA;AAEzD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,EAAE;QAClD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC;YACnC,SAAS,EAAE,CAAC,WAAW,EAAE,EAAE;gBACzB,WAAW,CAAC,cAAc,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAA;YAC3C,CAAC;SACF,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;YACjC,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAA;YACtC,MAAM,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,SAAS,CAAA;YAE/B,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrC,MAAM,IAAI,mBAAmB,CAAC,mBAAmB,CAAC,CAAA;YACpD,CAAC;YAED,MAAM,WAAW,GACf,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,EAAE,CAAA;YAC9D,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3C,MAAM,IAAI,mBAAmB,CAC3B,oDAAoD,CACrD,CAAA;YACH,CAAC;YACD,IAAI,EAAE,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,IAAI,KAAK,2BAA2B,EAAE,CAAC;gBACrE,MAAM,IAAI,mBAAmB,CAAC,uCAAuC,CAAC,CAAA;YACxE,CAAC;YACD,IAAI,EAAE,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,QAAQ,KAAK,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;gBACvE,MAAM,IAAI,mBAAmB,CAC3B,2CAA2C,CAC5C,CAAA;YACH,CAAC;YACD,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;YAC1D,IAAI,EAAE,CAAC,mBAAmB,CAAC,SAAS,CAAC,KAAK,UAAU,CAAC,GAAG,EAAE,EAAE,CAAC;gBAC3D,MAAM,IAAI,mBAAmB,CAAC,uBAAuB,CAAC,CAAA;YACxD,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,EAAE;gBAC7D,kBAAkB,EAAE,IAAI;aACzB,CAAC,CAAA;YACF,IACE,OAAO,EAAE,MAAM;gBACf,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,QAAQ,OAAO,CAAC,MAAM,EAAE,EACjD,CAAC;gBACD,MAAM,IAAI,mBAAmB,CAAC,iCAAiC,CAAC,CAAA;YAClE,CAAC;YAED,MAAM,GAAG,CAAC,SAAS,CAAC,aAAa,CAAC,SAAS,EAAE,EAAE,CAAC,CAAA;YAChD,MAAM,GAAG,CAAC,SAAS,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAA;YAElD,IAAI,CAAC;gBACH,MAAM,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;YACnD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,KAAK,CACP,EAAE,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,EACvB,wCAAwC,CACzC,CAAA;YACH,CAAC;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import * as plc from '@did-plc/lib'\nimport { check } from '@atproto/common'\nimport { InvalidRequestError, Server } from '@atproto/xrpc-server'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\nimport { httpLogger as log } from '../../../../logger.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.identity.submitPlcOperation, {\n auth: ctx.authVerifier.authorization({\n authorize: (permissions) => {\n permissions.assertIdentity({ attr: '*' })\n },\n }),\n handler: async ({ auth, input }) => {\n const requester = auth.credentials.did\n const op = input.body.operation\n\n if (!check.is(op, plc.def.operation)) {\n throw new InvalidRequestError('Invalid operation')\n }\n\n const rotationKey =\n ctx.cfg.entryway?.plcRotationKey ?? ctx.plcRotationKey.did()\n if (!op.rotationKeys.includes(rotationKey)) {\n throw new InvalidRequestError(\n \"Rotation keys do not include server's rotation key\",\n )\n }\n if (op.services['atproto_pds']?.type !== 'AtprotoPersonalDataServer') {\n throw new InvalidRequestError('Incorrect type on atproto_pds service')\n }\n if (op.services['atproto_pds']?.endpoint !== ctx.cfg.service.publicUrl) {\n throw new InvalidRequestError(\n 'Incorrect endpoint on atproto_pds service',\n )\n }\n const signingKey = await ctx.actorStore.keypair(requester)\n if (op.verificationMethods['atproto'] !== signingKey.did()) {\n throw new InvalidRequestError('Incorrect signing key')\n }\n const account = await ctx.accountManager.getAccount(requester, {\n includeDeactivated: true,\n })\n if (\n account?.handle &&\n op.alsoKnownAs.at(0) !== `at://${account.handle}`\n ) {\n throw new InvalidRequestError('Incorrect handle in alsoKnownAs')\n }\n\n await ctx.plcClient.sendOperation(requester, op)\n await ctx.sequencer.sequenceIdentityEvt(requester)\n\n try {\n await ctx.idResolver.did.resolve(requester, true)\n } catch (err) {\n log.error(\n { err, did: requester },\n 'failed to refresh did after plc update',\n )\n }\n },\n })\n}\n"]}
1
+ {"version":3,"file":"submitPlcOperation.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/identity/submitPlcOperation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,cAAc,CAAA;AACnC,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAA;AACvC,OAAO,EAAE,mBAAmB,EAAU,MAAM,sBAAsB,CAAA;AAElE,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACnD,OAAO,EAAE,UAAU,IAAI,GAAG,EAAE,MAAM,uBAAuB,CAAA;AAEzD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,EAAE;QAClD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC;YACnC,SAAS,EAAE,CAAC,WAAW,EAAE,EAAE;gBACzB,WAAW,CAAC,cAAc,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAA;YAC3C,CAAC;SACF,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;YACjC,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAA;YACtC,MAAM,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,SAAS,CAAA;YAE/B,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrC,MAAM,IAAI,mBAAmB,CAAC,mBAAmB,CAAC,CAAA;YACpD,CAAC;YAED,MAAM,WAAW,GACf,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,EAAE,CAAA;YAC9D,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3C,MAAM,IAAI,mBAAmB,CAC3B,oDAAoD,CACrD,CAAA;YACH,CAAC;YACD,IAAI,EAAE,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,IAAI,KAAK,2BAA2B,EAAE,CAAC;gBACrE,MAAM,IAAI,mBAAmB,CAAC,uCAAuC,CAAC,CAAA;YACxE,CAAC;YACD,IAAI,EAAE,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,QAAQ,KAAK,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;gBACvE,MAAM,IAAI,mBAAmB,CAC3B,2CAA2C,CAC5C,CAAA;YACH,CAAC;YACD,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;YAC1D,IAAI,EAAE,CAAC,mBAAmB,CAAC,SAAS,CAAC,KAAK,UAAU,CAAC,GAAG,EAAE,EAAE,CAAC;gBAC3D,MAAM,IAAI,mBAAmB,CAAC,uBAAuB,CAAC,CAAA;YACxD,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,EAAE;gBAC7D,kBAAkB,EAAE,IAAI;aACzB,CAAC,CAAA;YACF,IACE,OAAO,EAAE,MAAM;gBACf,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,QAAQ,OAAO,CAAC,MAAM,EAAE,EACjD,CAAC;gBACD,MAAM,IAAI,mBAAmB,CAAC,iCAAiC,CAAC,CAAA;YAClE,CAAC;YAED,MAAM,GAAG,CAAC,SAAS,CAAC,aAAa,CAAC,SAAS,EAAE,EAAE,CAAC,CAAA;YAChD,MAAM,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAA;YAE/C,IAAI,CAAC;gBACH,MAAM,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;YACnD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,KAAK,CACP,EAAE,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,EACvB,wCAAwC,CACzC,CAAA;YACH,CAAC;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import * as plc from '@did-plc/lib'\nimport { check } from '@atproto/common'\nimport { InvalidRequestError, Server } from '@atproto/xrpc-server'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\nimport { httpLogger as log } from '../../../../logger.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.identity.submitPlcOperation, {\n auth: ctx.authVerifier.authorization({\n authorize: (permissions) => {\n permissions.assertIdentity({ attr: '*' })\n },\n }),\n handler: async ({ auth, input }) => {\n const requester = auth.credentials.did\n const op = input.body.operation\n\n if (!check.is(op, plc.def.operation)) {\n throw new InvalidRequestError('Invalid operation')\n }\n\n const rotationKey =\n ctx.cfg.entryway?.plcRotationKey ?? ctx.plcRotationKey.did()\n if (!op.rotationKeys.includes(rotationKey)) {\n throw new InvalidRequestError(\n \"Rotation keys do not include server's rotation key\",\n )\n }\n if (op.services['atproto_pds']?.type !== 'AtprotoPersonalDataServer') {\n throw new InvalidRequestError('Incorrect type on atproto_pds service')\n }\n if (op.services['atproto_pds']?.endpoint !== ctx.cfg.service.publicUrl) {\n throw new InvalidRequestError(\n 'Incorrect endpoint on atproto_pds service',\n )\n }\n const signingKey = await ctx.actorStore.keypair(requester)\n if (op.verificationMethods['atproto'] !== signingKey.did()) {\n throw new InvalidRequestError('Incorrect signing key')\n }\n const account = await ctx.accountManager.getAccount(requester, {\n includeDeactivated: true,\n })\n if (\n account?.handle &&\n op.alsoKnownAs.at(0) !== `at://${account.handle}`\n ) {\n throw new InvalidRequestError('Incorrect handle in alsoKnownAs')\n }\n\n await ctx.plcClient.sendOperation(requester, op)\n await ctx.sequencer.sequenceIdentity(requester)\n\n try {\n await ctx.idResolver.did.resolve(requester, true)\n } catch (err) {\n log.error(\n { err, did: requester },\n 'failed to refresh did after plc update',\n )\n }\n },\n })\n}\n"]}
package/dist/api/com/atproto/server/activateAccount.js CHANGED
@@ -32,9 +32,7 @@ export default function (server, ctx) {
32
32
  const syncData = await ctx.actorStore.read(requester, (store) => store.repo.getSyncEventData());
33
33
  // @NOTE: we're over-emitting for now for backwards compatibility, can reduce this in the future
34
34
  const status = await ctx.accountManager.getAccountStatus(requester);
35
- await ctx.sequencer.sequenceAccountEvt(requester, status);
36
- await ctx.sequencer.sequenceIdentityEvt(requester, account.handle ?? INVALID_HANDLE);
37
- await ctx.sequencer.sequenceSyncEvt(requester, syncData);
35
+ await ctx.sequencer.sequenceAccountActivation(requester, account.handle ?? INVALID_HANDLE, status, syncData);
38
36
  },
39
37
  });
40
38
  }
package/dist/api/com/atproto/server/activateAccount.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"activateAccount.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/activateAccount.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAA;AAChD,OAAO,EACL,cAAc,EACd,mBAAmB,GAEpB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAA;AAEvD,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACnD,OAAO,EAAE,gCAAgC,EAAE,MAAM,WAAW,CAAA;AAE5D,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE;QAC7C,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC;YACnC,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,GAAG,EAAE;gBACd,MAAM,IAAI,cAAc,CACtB,uDAAuD,CACxD,CAAA;YACH,CAAC;SACF,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE;YAC/B,4HAA4H;YAC5H,IAAI,GAAG,CAAC,cAAc,EAAE,CAAC;gBACvB,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAA;gBACpD,MAAM,GAAG,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE;oBAChE,OAAO;iBACR,CAAC,CAAA;gBACF,OAAM;YACR,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAA;YAEtC,MAAM,gCAAgC,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;YAEtD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,EAAE;gBAC7D,kBAAkB,EAAE,IAAI;aACzB,CAAC,CAAA;YACF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,mBAAmB,CAAC,gBAAgB,EAAE,iBAAiB,CAAC,CAAA;YACpE,CAAC;YAED,MAAM,GAAG,CAAC,cAAc,CAAC,eAAe,CAAC,SAAS,CAAC,CAAA;YAEnD,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,CAC9D,KAAK,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAC9B,CAAA;YAED,gGAAgG;YAChG,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAA;YACnE,MAAM,GAAG,CAAC,SAAS,CAAC,kBAAkB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;YACzD,MAAM,GAAG,CAAC,SAAS,CAAC,mBAAmB,CACrC,SAAS,EACT,OAAO,CAAC,MAAM,IAAI,cAAc,CACjC,CAAA;YACD,MAAM,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAA;QAC1D,CAAC;KACF,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import { INVALID_HANDLE } from '@atproto/syntax'\nimport {\n ForbiddenError,\n InvalidRequestError,\n Server,\n} from '@atproto/xrpc-server'\nimport { ACCESS_FULL } from '../../../../auth-scope.js'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\nimport { assertValidDidDocumentForService } from './util.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.server.activateAccount, {\n auth: ctx.authVerifier.authorization({\n scopes: ACCESS_FULL,\n authorize: () => {\n throw new ForbiddenError(\n 'OAuth credentials are not supported for this endpoint',\n )\n },\n }),\n handler: async ({ req, auth }) => {\n // in the case of entryway, the full flow is activateAccount (PDS) -> activateAccount (Entryway) -> updateSubjectStatus(PDS)\n if (ctx.entrywayClient) {\n const { headers } = ctx.entrywayPassthruHeaders(req)\n await ctx.entrywayClient.xrpc(com.atproto.server.activateAccount, {\n headers,\n })\n return\n }\n\n const requester = auth.credentials.did\n\n await assertValidDidDocumentForService(ctx, requester)\n\n const account = await ctx.accountManager.getAccount(requester, {\n includeDeactivated: true,\n })\n if (!account) {\n throw new InvalidRequestError('user not found', 'AccountNotFound')\n }\n\n await ctx.accountManager.activateAccount(requester)\n\n const syncData = await ctx.actorStore.read(requester, (store) =>\n store.repo.getSyncEventData(),\n )\n\n // @NOTE: we're over-emitting for now for backwards compatibility, can reduce this in the future\n const status = await ctx.accountManager.getAccountStatus(requester)\n await ctx.sequencer.sequenceAccountEvt(requester, status)\n await ctx.sequencer.sequenceIdentityEvt(\n requester,\n account.handle ?? INVALID_HANDLE,\n )\n await ctx.sequencer.sequenceSyncEvt(requester, syncData)\n },\n })\n}\n"]}
1
+ {"version":3,"file":"activateAccount.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/activateAccount.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAA;AAChD,OAAO,EACL,cAAc,EACd,mBAAmB,GAEpB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAA;AAEvD,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACnD,OAAO,EAAE,gCAAgC,EAAE,MAAM,WAAW,CAAA;AAE5D,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE;QAC7C,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC;YACnC,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,GAAG,EAAE;gBACd,MAAM,IAAI,cAAc,CACtB,uDAAuD,CACxD,CAAA;YACH,CAAC;SACF,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE;YAC/B,4HAA4H;YAC5H,IAAI,GAAG,CAAC,cAAc,EAAE,CAAC;gBACvB,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAA;gBACpD,MAAM,GAAG,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE;oBAChE,OAAO;iBACR,CAAC,CAAA;gBACF,OAAM;YACR,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAA;YAEtC,MAAM,gCAAgC,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;YAEtD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,EAAE;gBAC7D,kBAAkB,EAAE,IAAI;aACzB,CAAC,CAAA;YACF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,mBAAmB,CAAC,gBAAgB,EAAE,iBAAiB,CAAC,CAAA;YACpE,CAAC;YAED,MAAM,GAAG,CAAC,cAAc,CAAC,eAAe,CAAC,SAAS,CAAC,CAAA;YAEnD,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,CAC9D,KAAK,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAC9B,CAAA;YAED,gGAAgG;YAChG,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAA;YACnE,MAAM,GAAG,CAAC,SAAS,CAAC,yBAAyB,CAC3C,SAAS,EACT,OAAO,CAAC,MAAM,IAAI,cAAc,EAChC,MAAM,EACN,QAAQ,CACT,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import { INVALID_HANDLE } from '@atproto/syntax'\nimport {\n ForbiddenError,\n InvalidRequestError,\n Server,\n} from '@atproto/xrpc-server'\nimport { ACCESS_FULL } from '../../../../auth-scope.js'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\nimport { assertValidDidDocumentForService } from './util.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.server.activateAccount, {\n auth: ctx.authVerifier.authorization({\n scopes: ACCESS_FULL,\n authorize: () => {\n throw new ForbiddenError(\n 'OAuth credentials are not supported for this endpoint',\n )\n },\n }),\n handler: async ({ req, auth }) => {\n // in the case of entryway, the full flow is activateAccount (PDS) -> activateAccount (Entryway) -> updateSubjectStatus(PDS)\n if (ctx.entrywayClient) {\n const { headers } = ctx.entrywayPassthruHeaders(req)\n await ctx.entrywayClient.xrpc(com.atproto.server.activateAccount, {\n headers,\n })\n return\n }\n\n const requester = auth.credentials.did\n\n await assertValidDidDocumentForService(ctx, requester)\n\n const account = await ctx.accountManager.getAccount(requester, {\n includeDeactivated: true,\n })\n if (!account) {\n throw new InvalidRequestError('user not found', 'AccountNotFound')\n }\n\n await ctx.accountManager.activateAccount(requester)\n\n const syncData = await ctx.actorStore.read(requester, (store) =>\n store.repo.getSyncEventData(),\n )\n\n // @NOTE: we're over-emitting for now for backwards compatibility, can reduce this in the future\n const status = await ctx.accountManager.getAccountStatus(requester)\n await ctx.sequencer.sequenceAccountActivation(\n requester,\n account.handle ?? INVALID_HANDLE,\n status,\n syncData,\n )\n },\n })\n}\n"]}
package/dist/api/com/atproto/server/createAccount.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"createAccount.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/createAccount.ts"],"names":[],"mappings":"AAOA,OAAO,EAGL,MAAM,EACP,MAAM,sBAAsB,CAAA;AAG7B,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAMnD,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QA6FvD"}
1
+ {"version":3,"file":"createAccount.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/createAccount.ts"],"names":[],"mappings":"AAOA,OAAO,EAGL,MAAM,EACP,MAAM,sBAAsB,CAAA;AAE7B,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAKnD,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QA8GvD"}
package/dist/api/com/atproto/server/createAccount.js CHANGED
@@ -5,11 +5,9 @@ import { MINUTE, check } from '@atproto/common';
5
5
  import { Secp256k1Keypair } from '@atproto/crypto';
6
6
  import { ensureAtpDocument } from '@atproto/identity';
7
7
  import { AuthRequiredError, InvalidRequestError, } from '@atproto/xrpc-server';
8
- import { AccountStatus } from '../../../../account-manager/account-manager.js';
9
8
  import { NEW_PASSWORD_MAX_LENGTH } from '../../../../account-manager/helpers/scrypt.js';
10
9
  import { baseNormalizeAndValidate } from '../../../../handle/index.js';
11
10
  import { com } from '../../../../lexicons/index.js';
12
- import { syncEvtDataFromCommit } from '../../../../sequencer/index.js';
13
11
  import { safeResolveDidDoc } from './util.js';
14
12
  export default function (server, ctx) {
15
13
  server.add(com.atproto.server.createAccount, {
@@ -25,64 +23,86 @@ export default function (server, ctx) {
25
23
  const { did, handle, email, password, inviteCode, signingKey, plcOp, deactivated, } = ctx.entrywayClient
26
24
  ? await validateInputsForEntrywayPds(ctx, input.body)
27
25
  : await validateInputsForLocalPds(ctx, input.body, requester);
28
- let didDoc;
29
- let creds;
30
26
  await ctx.actorStore.create(did, signingKey);
31
27
  try {
32
- const commit = await ctx.actorStore.transact(did, (actorTxn) => actorTxn.repo.createRepo([]));
28
+ const commit = await ctx.actorStore.transact(did, (actorTxn) => {
29
+ return actorTxn.repo.createRepo([]);
30
+ });
31
+ const canTombstone =
32
+ // @NOTE IMPORTANT Because the user may be bringing their own did, we
33
+ // must make sure not to tombstone their did on failure if we didn't
34
+ // create it here.
35
+ !ctx.entrywayClient && !input.body.did && !!plcOp;
33
36
  // Generate a real did with PLC
34
37
  if (plcOp) {
38
+ await ctx.plcClient.sendOperation(did, plcOp);
39
+ }
40
+ try {
41
+ const didDoc = await safeResolveDidDoc(ctx, did, true);
42
+ const creds = await ctx.accountManager.createAccountAndSession({
43
+ did,
44
+ handle,
45
+ email,
46
+ password,
47
+ repoCid: commit.cid,
48
+ repoRev: commit.rev,
49
+ inviteCode,
50
+ deactivated,
51
+ });
35
52
  try {
36
- await ctx.plcClient.sendOperation(did, plcOp);
53
+ const sequenceEvt = !deactivated;
54
+ if (sequenceEvt) {
55
+ await ctx.sequencer.sequenceAccountCreation(did, handle, commit);
56
+ }
57
+ try {
58
+ await ctx.actorStore
59
+ .clearReservedKeypair(signingKey.did(), did)
60
+ .catch((err) => {
61
+ // @NOTE This is a cleanup operation so we won't fail the whole
62
+ // flow if it fails, but we log it just in case
63
+ req.log.error({ did, signingKeyDid: signingKey.did(), err }, 'Failed to clear reserved keypair');
64
+ });
65
+ return {
66
+ encoding: 'application/json',
67
+ body: {
68
+ handle,
69
+ did: did,
70
+ // @ts-expect-error https://github.com/bluesky-social/atproto/pull/4406
71
+ didDoc,
72
+ accessJwt: creds.accessJwt,
73
+ refreshJwt: creds.refreshJwt,
74
+ },
75
+ };
76
+ }
77
+ catch (err) {
78
+ if (sequenceEvt)
79
+ await ctx.sequencer.sequenceAccountDeletion(did);
80
+ throw err;
81
+ }
37
82
  }
38
83
  catch (err) {
39
- req.log.error({ didKey: ctx.plcRotationKey.did(), handle }, 'failed to create did:plc');
84
+ await ctx.accountManager.deleteAccount(did);
40
85
  throw err;
41
86
  }
42
87
  }
43
- didDoc = await safeResolveDidDoc(ctx, did, true);
44
- creds = await ctx.accountManager.createAccountAndSession({
45
- did,
46
- handle,
47
- email,
48
- password,
49
- repoCid: commit.cid,
50
- repoRev: commit.rev,
51
- inviteCode,
52
- deactivated,
53
- });
54
- if (!deactivated) {
55
- await ctx.sequencer.sequenceIdentityEvt(did, handle);
56
- await ctx.sequencer.sequenceAccountEvt(did, AccountStatus.Active);
57
- await ctx.sequencer.sequenceCommit(did, commit);
58
- await ctx.sequencer.sequenceSyncEvt(did, syncEvtDataFromCommit(commit));
88
+ catch (err) {
89
+ if (canTombstone) {
90
+ await ctx.plcClient.tombstone(did, ctx.plcRotationKey);
91
+ }
92
+ throw err;
59
93
  }
60
- await ctx.accountManager.updateRepoRoot(did, commit.cid, commit.rev);
61
- await ctx.actorStore.clearReservedKeypair(signingKey.did(), did);
62
94
  }
63
95
  catch (err) {
64
- // this will only be reached if the actor store _did not_ exist before
65
96
  await ctx.actorStore.destroy(did);
66
97
  throw err;
67
98
  }
68
- return {
69
- encoding: 'application/json',
70
- body: {
71
- handle,
72
- did: did,
73
- // @ts-expect-error https://github.com/bluesky-social/atproto/pull/4406
74
- didDoc,
75
- accessJwt: creds.accessJwt,
76
- refreshJwt: creds.refreshJwt,
77
- },
78
- };
79
99
  },
80
100
  });
81
101
  }
82
102
  const validateInputsForEntrywayPds = async (ctx, input) => {
83
- const { did, plcOp } = input;
84
103
  const handle = baseNormalizeAndValidate(input.handle);
85
- if (!did || !input.plcOp) {
104
+ const { did, plcOp } = input;
105
+ if (!did || !plcOp) {
86
106
  throw new InvalidRequestError('non-entryway pds requires bringing a DID and plcOp');
87
107
  }
88
108
  if (!check.is(plcOp, plc.def.operation)) {
@@ -178,7 +198,7 @@ const validateInputsForLocalPds = async (ctx, input, requester) => {
178
198
  else {
179
199
  const formatted = await formatDidAndPlcOp(ctx, handle, input, signingKey);
180
200
  did = formatted.did;
181
- plcOp = formatted.plcOp;
201
+ plcOp = formatted.op;
182
202
  }
183
203
  return {
184
204
  did,
@@ -200,17 +220,13 @@ const formatDidAndPlcOp = async (ctx, handle, input, signingKey) => {
200
220
  if (input.recoveryKey) {
201
221
  rotationKeys.unshift(input.recoveryKey);
202
222
  }
203
- const plcCreate = await plc.createOp({
223
+ return plc.createOp({
204
224
  signingKey: signingKey.did(),
205
225
  rotationKeys,
206
226
  handle,
207
227
  pds: ctx.cfg.service.publicUrl,
208
228
  signer: ctx.plcRotationKey,
209
229
  });
210
- return {
211
- did: plcCreate.did,
212
- plcOp: plcCreate.op,
213
- };
214
230
  };
215
231
  const validateAtprotoData = (data, expected) => {
216
232
  // if the user is bringing their own did:
package/dist/api/com/atproto/server/createAccount.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"createAccount.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/createAccount.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,cAAc,CAAA;AACnC,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAA;AAC/D,OAAO,EAAe,MAAM,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAA;AAC5D,OAAO,EAA8B,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAC9E,OAAO,EAAe,iBAAiB,EAAE,MAAM,mBAAmB,CAAA;AAElE,OAAO,EACL,iBAAiB,EACjB,mBAAmB,GAEpB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,gDAAgD,CAAA;AAC9E,OAAO,EAAE,uBAAuB,EAAE,MAAM,+CAA+C,CAAA;AAEvF,OAAO,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAA;AACtE,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACnD,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAA;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAA;AAE7C,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE;QAC3C,SAAS,EAAE;YACT,UAAU,EAAE,CAAC,GAAG,MAAM;YACtB,MAAM,EAAE,GAAG;SACZ;QACD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,uBAAuB;QAC9C,OAAO,EAAE,KAAK,EAAE,EACd,KAAK,EACL,IAAI,EACJ,GAAG,GACJ,EAAqD,EAAE;YACtD,iEAAiE;YACjE,0EAA0E;YAE1E,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,GAAG,IAAI,IAAI,CAAA;YAC/C,MAAM,EACJ,GAAG,EACH,MAAM,EACN,KAAK,EACL,QAAQ,EACR,UAAU,EACV,UAAU,EACV,KAAK,EACL,WAAW,GACZ,GAAG,GAAG,CAAC,cAAc;gBACpB,CAAC,CAAC,MAAM,4BAA4B,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC;gBACrD,CAAC,CAAC,MAAM,yBAAyB,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,EAAE,SAAS,CAAC,CAAA;YAE/D,IAAI,MAA+B,CAAA;YACnC,IAAI,KAAgD,CAAA;YACpD,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,CAAA;YAC5C,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE,CAC7D,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAC7B,CAAA;gBAED,+BAA+B;gBAC/B,IAAI,KAAK,EAAE,CAAC;oBACV,IAAI,CAAC;wBACH,MAAM,GAAG,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;oBAC/C,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,GAAG,CAAC,GAAG,CAAC,KAAK,CACX,EAAE,MAAM,EAAE,GAAG,CAAC,cAAc,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,EAC5C,0BAA0B,CAC3B,CAAA;wBACD,MAAM,GAAG,CAAA;oBACX,CAAC;gBACH,CAAC;gBAED,MAAM,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;gBAEhD,KAAK,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,uBAAuB,CAAC;oBACvD,GAAG;oBACH,MAAM;oBACN,KAAK;oBACL,QAAQ;oBACR,OAAO,EAAE,MAAM,CAAC,GAAG;oBACnB,OAAO,EAAE,MAAM,CAAC,GAAG;oBACnB,UAAU;oBACV,WAAW;iBACZ,CAAC,CAAA;gBAEF,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,GAAG,CAAC,SAAS,CAAC,mBAAmB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;oBACpD,MAAM,GAAG,CAAC,SAAS,CAAC,kBAAkB,CAAC,GAAG,EAAE,aAAa,CAAC,MAAM,CAAC,CAAA;oBACjE,MAAM,GAAG,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;oBAC/C,MAAM,GAAG,CAAC,SAAS,CAAC,eAAe,CACjC,GAAG,EACH,qBAAqB,CAAC,MAAM,CAAC,CAC9B,CAAA;gBACH,CAAC;gBACD,MAAM,GAAG,CAAC,cAAc,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAA;gBACpE,MAAM,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,UAAU,CAAC,GAAG,EAAE,EAAE,GAAG,CAAC,CAAA;YAClE,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,sEAAsE;gBACtE,MAAM,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBACjC,MAAM,GAAG,CAAA;YACX,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE,kBAA2B;gBACrC,IAAI,EAAE;oBACJ,MAAM;oBACN,GAAG,EAAE,GAAG;oBACR,uEAAuE;oBACvE,MAAM;oBACN,SAAS,EAAE,KAAK,CAAC,SAAS;oBAC1B,UAAU,EAAE,KAAK,CAAC,UAAU;iBAC7B;aACF,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED,MAAM,4BAA4B,GAAG,KAAK,EACxC,GAAe,EACf,KAAkD,EAClD,EAAE;IACF,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,KAAK,CAAA;IAC5B,MAAM,MAAM,GAAG,wBAAwB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;IACrD,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACzB,MAAM,IAAI,mBAAmB,CAC3B,oDAAoD,CACrD,CAAA;IACH,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,mBAAmB,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,CAAA;IAC9E,CAAC;IACD,MAAM,cAAc,GAAG,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAA;IACvD,IAAI,CAAC,cAAc,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QACpE,MAAM,IAAI,mBAAmB,CAC3B,+CAA+C,EAC/C,oBAAoB,CACrB,CAAA;IACH,CAAC;IACD,IAAI,CAAC;QACH,MAAM,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,CAAA;QAC9B,MAAM,GAAG,CAAC,cAAc,CAAC,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC,CAAA;IACnD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,mBAAmB,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,CAAA;IAC9E,CAAC;IACD,MAAM,GAAG,GAAG,GAAG,CAAC,YAAY,CAAC,EAAE,GAAG,EAAE,GAAG,KAAK,EAAE,CAAC,CAAA;IAC/C,MAAM,IAAI,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAA;IAEnC,IAAI,UAAyC,CAAA;IAC7C,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,UAAU,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACjE,CAAC;IACD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,UAAU,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IACvE,CAAC;IACD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,mBAAmB,CAAC,qCAAqC,CAAC,CAAA;IACtE,CAAC;IAED,mBAAmB,CAAC,IAAI,EAAE;QACxB,MAAM;QACN,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS;QAC9B,UAAU,EAAE,UAAU,CAAC,GAAG,EAAE;KAC7B,CAAC,CAAA;IAEF,OAAO;QACL,GAAG;QACH,MAAM;QACN,KAAK,EAAE,SAAS;QAChB,QAAQ,EAAE,SAAS;QACnB,UAAU,EAAE,SAAS;QACrB,UAAU;QACV,KAAK;QACL,WAAW,EAAE,KAAK;KACnB,CAAA;AACH,CAAC,CAAA;AAED,MAAM,yBAAyB,GAAG,KAAK,EACrC,GAAe,EACf,KAAkD,EAClD,SAAwB,EACxB,EAAE;IACF,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,KAAK,CAAA;IAC7C,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,MAAM,IAAI,mBAAmB,CAAC,4BAA4B,CAAC,CAAA;IAC7D,CAAC;IAED,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,uBAAuB,EAAE,CAAC;QAC1D,MAAM,IAAI,mBAAmB,CAC3B,wCAAwC,uBAAuB,cAAc,CAC9E,CAAA;IACH,CAAC;IAED,IAAI,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,CAAC,UAAU,EAAE,CAAC;QAC5C,MAAM,IAAI,mBAAmB,CAC3B,yBAAyB,EACzB,mBAAmB,CACpB,CAAA;IACH,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,mBAAmB,CAAC,mBAAmB,CAAC,CAAA;IACpD,CAAC;SAAM,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5D,MAAM,IAAI,mBAAmB,CAC3B,oEAAoE,CACrE,CAAA;IACH,CAAC;IAED,kCAAkC;IAClC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,0BAA0B,CAChE,KAAK,CAAC,MAAM,EACZ,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,CACnB,CAAA;IAED,4CAA4C;IAC5C,IAAI,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,UAAU,EAAE,CAAC;QAC3C,MAAM,GAAG,CAAC,cAAc,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAA;IAC9D,CAAC;IAED,gDAAgD;IAChD,MAAM,CAAC,WAAW,EAAE,SAAS,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACjD,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC;QACrC,GAAG,CAAC,cAAc,CAAC,iBAAiB,CAAC,KAAK,CAAC;KAC5C,CAAC,CAAA;IACF,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,IAAI,mBAAmB,CAAC,yBAAyB,MAAM,EAAE,CAAC,CAAA;IAClE,CAAC;SAAM,IAAI,SAAS,EAAE,CAAC;QACrB,MAAM,IAAI,mBAAmB,CAAC,wBAAwB,KAAK,EAAE,CAAC,CAAA;IAChE,CAAC;IAED,kDAAkD;IAClD,yDAAyD;IACzD,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAA;IAEtE,IAAI,GAAc,CAAA;IAClB,IAAI,KAA2B,CAAA;IAC/B,IAAI,WAAW,GAAG,KAAK,CAAA;IACvB,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,IAAI,KAAK,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,IAAI,iBAAiB,CACzB,4CAA4C,KAAK,CAAC,GAAG,EAAE,CACxD,CAAA;QACH,CAAC;QACD,GAAG,GAAG,KAAK,CAAC,GAAG,CAAA;QACf,KAAK,GAAG,IAAI,CAAA;QACZ,WAAW,GAAG,IAAI,CAAA;IACpB,CAAC;SAAM,CAAC;QACN,MAAM,SAAS,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC,CAAA;QACzE,GAAG,GAAG,SAAS,CAAC,GAAgB,CAAA;QAChC,KAAK,GAAG,SAAS,CAAC,KAAK,CAAA;IACzB,CAAC;IAED,OAAO;QACL,GAAG;QACH,MAAM;QACN,KAAK;QACL,QAAQ;QACR,UAAU;QACV,UAAU;QACV,KAAK;QACL,WAAW;KACZ,CAAA;AACH,CAAC,CAAA;AAED,MAAM,iBAAiB,GAAG,KAAK,EAC7B,GAAe,EACf,MAAc,EACd,KAAkD,EAClD,UAAmB,EAIlB,EAAE;IACH,wEAAwE;IACxE,MAAM,YAAY,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC,CAAA;IAC/C,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;QACpC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;IACvD,CAAC;IACD,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;QACtB,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAA;IACzC,CAAC;IACD,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC;QACnC,UAAU,EAAE,UAAU,CAAC,GAAG,EAAE;QAC5B,YAAY;QACZ,MAAM;QACN,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS;QAC9B,MAAM,EAAE,GAAG,CAAC,cAAc;KAC3B,CAAC,CAAA;IACF,OAAO;QACL,GAAG,EAAE,SAAS,CAAC,GAAG;QAClB,KAAK,EAAE,SAAS,CAAC,EAAE;KACpB,CAAA;AACH,CAAC,CAAA;AACD,MAAM,mBAAmB,GAAG,CAC1B,IAAiB,EACjB,QAIC,EACD,EAAE;IACF,yCAAyC;IACzC,qEAAqE;IACrE,mEAAmE;IACnE,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;QACpC,MAAM,IAAI,mBAAmB,CAC3B,oDAAoD,EACpD,oBAAoB,CACrB,CAAA;IACH,CAAC;SAAM,IAAI,IAAI,CAAC,GAAG,KAAK,QAAQ,CAAC,GAAG,EAAE,CAAC;QACrC,MAAM,IAAI,mBAAmB,CAC3B,2DAA2D,EAC3D,oBAAoB,CACrB,CAAA;IACH,CAAC;SAAM,IAAI,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,UAAU,EAAE,CAAC;QACnD,MAAM,IAAI,mBAAmB,CAC3B,6DAA6D,EAC7D,oBAAoB,CACrB,CAAA;IACH,CAAC;AACH,CAAC,CAAA","sourcesContent":["import * as plc from '@did-plc/lib'\nimport { isEmailValid } from '@hapi/address'\nimport { isDisposableEmail } from 'disposable-email-domains-js'\nimport { DidDocument, MINUTE, check } from '@atproto/common'\nimport { ExportableKeypair, Keypair, Secp256k1Keypair } from '@atproto/crypto'\nimport { AtprotoData, ensureAtpDocument } from '@atproto/identity'\nimport { DidString } from '@atproto/syntax'\nimport {\n AuthRequiredError,\n InvalidRequestError,\n Server,\n} from '@atproto/xrpc-server'\nimport { AccountStatus } from '../../../../account-manager/account-manager.js'\nimport { NEW_PASSWORD_MAX_LENGTH } from '../../../../account-manager/helpers/scrypt.js'\nimport { AppContext } from '../../../../context.js'\nimport { baseNormalizeAndValidate } from '../../../../handle/index.js'\nimport { com } from '../../../../lexicons/index.js'\nimport { syncEvtDataFromCommit } from '../../../../sequencer/index.js'\nimport { safeResolveDidDoc } from './util.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.server.createAccount, {\n rateLimit: {\n durationMs: 5 * MINUTE,\n points: 100,\n },\n auth: ctx.authVerifier.userServiceAuthOptional,\n handler: async ({\n input,\n auth,\n req,\n }): Promise<com.atproto.server.createAccount.$Output> => {\n // @NOTE Until this code and the OAuthStore's `createAccount` are\n // refactored together, any change made here must be reflected over there.\n\n const requester = auth.credentials?.did ?? null\n const {\n did,\n handle,\n email,\n password,\n inviteCode,\n signingKey,\n plcOp,\n deactivated,\n } = ctx.entrywayClient\n ? await validateInputsForEntrywayPds(ctx, input.body)\n : await validateInputsForLocalPds(ctx, input.body, requester)\n\n let didDoc: DidDocument | undefined\n let creds: { accessJwt: string; refreshJwt: string }\n await ctx.actorStore.create(did, signingKey)\n try {\n const commit = await ctx.actorStore.transact(did, (actorTxn) =>\n actorTxn.repo.createRepo([]),\n )\n\n // Generate a real did with PLC\n if (plcOp) {\n try {\n await ctx.plcClient.sendOperation(did, plcOp)\n } catch (err) {\n req.log.error(\n { didKey: ctx.plcRotationKey.did(), handle },\n 'failed to create did:plc',\n )\n throw err\n }\n }\n\n didDoc = await safeResolveDidDoc(ctx, did, true)\n\n creds = await ctx.accountManager.createAccountAndSession({\n did,\n handle,\n email,\n password,\n repoCid: commit.cid,\n repoRev: commit.rev,\n inviteCode,\n deactivated,\n })\n\n if (!deactivated) {\n await ctx.sequencer.sequenceIdentityEvt(did, handle)\n await ctx.sequencer.sequenceAccountEvt(did, AccountStatus.Active)\n await ctx.sequencer.sequenceCommit(did, commit)\n await ctx.sequencer.sequenceSyncEvt(\n did,\n syncEvtDataFromCommit(commit),\n )\n }\n await ctx.accountManager.updateRepoRoot(did, commit.cid, commit.rev)\n await ctx.actorStore.clearReservedKeypair(signingKey.did(), did)\n } catch (err) {\n // this will only be reached if the actor store _did not_ exist before\n await ctx.actorStore.destroy(did)\n throw err\n }\n\n return {\n encoding: 'application/json' as const,\n body: {\n handle,\n did: did,\n // @ts-expect-error https://github.com/bluesky-social/atproto/pull/4406\n didDoc,\n accessJwt: creds.accessJwt,\n refreshJwt: creds.refreshJwt,\n },\n }\n },\n })\n}\n\nconst validateInputsForEntrywayPds = async (\n ctx: AppContext,\n input: com.atproto.server.createAccount.$InputBody,\n) => {\n const { did, plcOp } = input\n const handle = baseNormalizeAndValidate(input.handle)\n if (!did || !input.plcOp) {\n throw new InvalidRequestError(\n 'non-entryway pds requires bringing a DID and plcOp',\n )\n }\n if (!check.is(plcOp, plc.def.operation)) {\n throw new InvalidRequestError('invalid plc operation', 'IncompatibleDidDoc')\n }\n const plcRotationKey = ctx.cfg.entryway?.plcRotationKey\n if (!plcRotationKey || !plcOp.rotationKeys.includes(plcRotationKey)) {\n throw new InvalidRequestError(\n 'PLC DID does not include service rotation key',\n 'IncompatibleDidDoc',\n )\n }\n try {\n await plc.assureValidOp(plcOp)\n await plc.assureValidSig([plcRotationKey], plcOp)\n } catch (err) {\n throw new InvalidRequestError('invalid plc operation', 'IncompatibleDidDoc')\n }\n const doc = plc.formatDidDoc({ did, ...plcOp })\n const data = ensureAtpDocument(doc)\n\n let signingKey: ExportableKeypair | undefined\n if (input.did) {\n signingKey = await ctx.actorStore.getReservedKeypair(input.did)\n }\n if (!signingKey) {\n signingKey = await ctx.actorStore.getReservedKeypair(data.signingKey)\n }\n if (!signingKey) {\n throw new InvalidRequestError('reserved signing key does not exist')\n }\n\n validateAtprotoData(data, {\n handle,\n pds: ctx.cfg.service.publicUrl,\n signingKey: signingKey.did(),\n })\n\n return {\n did,\n handle,\n email: undefined,\n password: undefined,\n inviteCode: undefined,\n signingKey,\n plcOp,\n deactivated: false,\n }\n}\n\nconst validateInputsForLocalPds = async (\n ctx: AppContext,\n input: com.atproto.server.createAccount.$InputBody,\n requester: string | null,\n) => {\n const { email, password, inviteCode } = input\n if (input.plcOp) {\n throw new InvalidRequestError('Unsupported input: \"plcOp\"')\n }\n\n if (password && password.length > NEW_PASSWORD_MAX_LENGTH) {\n throw new InvalidRequestError(\n `Password too long. Maximum length is ${NEW_PASSWORD_MAX_LENGTH} characters.`,\n )\n }\n\n if (ctx.cfg.invites.required && !inviteCode) {\n throw new InvalidRequestError(\n 'No invite code provided',\n 'InvalidInviteCode',\n )\n }\n\n if (!email) {\n throw new InvalidRequestError('Email is required')\n } else if (!isEmailValid(email) || isDisposableEmail(email)) {\n throw new InvalidRequestError(\n 'This email address is not supported, please use a different email.',\n )\n }\n\n // normalize & ensure valid handle\n const handle = await ctx.accountManager.normalizeAndValidateHandle(\n input.handle,\n { did: input.did },\n )\n\n // check that the invite code still has uses\n if (ctx.cfg.invites.required && inviteCode) {\n await ctx.accountManager.ensureInviteIsAvailable(inviteCode)\n }\n\n // check that the handle and email are available\n const [handleAccnt, emailAcct] = await Promise.all([\n ctx.accountManager.getAccount(handle),\n ctx.accountManager.getAccountByEmail(email),\n ])\n if (handleAccnt) {\n throw new InvalidRequestError(`Handle already taken: ${handle}`)\n } else if (emailAcct) {\n throw new InvalidRequestError(`Email already taken: ${email}`)\n }\n\n // determine the did & any plc ops we need to send\n // if the provided did document is poorly setup, we throw\n const signingKey = await Secp256k1Keypair.create({ exportable: true })\n\n let did: DidString\n let plcOp: plc.Operation | null\n let deactivated = false\n if (input.did) {\n if (input.did !== requester) {\n throw new AuthRequiredError(\n `Missing auth to create account with did: ${input.did}`,\n )\n }\n did = input.did\n plcOp = null\n deactivated = true\n } else {\n const formatted = await formatDidAndPlcOp(ctx, handle, input, signingKey)\n did = formatted.did as DidString\n plcOp = formatted.plcOp\n }\n\n return {\n did,\n handle,\n email,\n password,\n inviteCode,\n signingKey,\n plcOp,\n deactivated,\n }\n}\n\nconst formatDidAndPlcOp = async (\n ctx: AppContext,\n handle: string,\n input: com.atproto.server.createAccount.$InputBody,\n signingKey: Keypair,\n): Promise<{\n did: string\n plcOp: plc.Operation | null\n}> => {\n // if the user is not bringing a DID, then we format a create op for PLC\n const rotationKeys = [ctx.plcRotationKey.did()]\n if (ctx.cfg.identity.recoveryDidKey) {\n rotationKeys.unshift(ctx.cfg.identity.recoveryDidKey)\n }\n if (input.recoveryKey) {\n rotationKeys.unshift(input.recoveryKey)\n }\n const plcCreate = await plc.createOp({\n signingKey: signingKey.did(),\n rotationKeys,\n handle,\n pds: ctx.cfg.service.publicUrl,\n signer: ctx.plcRotationKey,\n })\n return {\n did: plcCreate.did,\n plcOp: plcCreate.op,\n }\n}\nconst validateAtprotoData = (\n data: AtprotoData,\n expected: {\n handle: string\n pds: string\n signingKey: string\n },\n) => {\n // if the user is bringing their own did:\n // resolve the user's did doc data, including rotationKeys if did:plc\n // determine if we have the capability to make changes to their DID\n if (data.handle !== expected.handle) {\n throw new InvalidRequestError(\n 'provided handle does not match DID document handle',\n 'IncompatibleDidDoc',\n )\n } else if (data.pds !== expected.pds) {\n throw new InvalidRequestError(\n 'DID document pds endpoint does not match service endpoint',\n 'IncompatibleDidDoc',\n )\n } else if (data.signingKey !== expected.signingKey) {\n throw new InvalidRequestError(\n 'DID document signing key does not match service signing key',\n 'IncompatibleDidDoc',\n )\n }\n}\n"]}
1
+ {"version":3,"file":"createAccount.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/createAccount.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,cAAc,CAAA;AACnC,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAA;AAC/D,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAA;AAC/C,OAAO,EAA8B,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAC9E,OAAO,EAAe,iBAAiB,EAAE,MAAM,mBAAmB,CAAA;AAElE,OAAO,EACL,iBAAiB,EACjB,mBAAmB,GAEpB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,uBAAuB,EAAE,MAAM,+CAA+C,CAAA;AAEvF,OAAO,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAA;AACtE,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAA;AAE7C,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE;QAC3C,SAAS,EAAE;YACT,UAAU,EAAE,CAAC,GAAG,MAAM;YACtB,MAAM,EAAE,GAAG;SACZ;QACD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,uBAAuB;QAC9C,OAAO,EAAE,KAAK,EAAE,EACd,KAAK,EACL,IAAI,EACJ,GAAG,GACJ,EAAqD,EAAE;YACtD,iEAAiE;YACjE,0EAA0E;YAE1E,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,GAAG,IAAI,IAAI,CAAA;YAC/C,MAAM,EACJ,GAAG,EACH,MAAM,EACN,KAAK,EACL,QAAQ,EACR,UAAU,EACV,UAAU,EACV,KAAK,EACL,WAAW,GACZ,GAAG,GAAG,CAAC,cAAc;gBACpB,CAAC,CAAC,MAAM,4BAA4B,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC;gBACrD,CAAC,CAAC,MAAM,yBAAyB,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,EAAE,SAAS,CAAC,CAAA;YAE/D,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,CAAA;YAE5C,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE;oBAC7D,OAAO,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAA;gBACrC,CAAC,CAAC,CAAA;gBAEF,MAAM,YAAY;gBAChB,qEAAqE;gBACrE,oEAAoE;gBACpE,kBAAkB;gBAClB,CAAC,GAAG,CAAC,cAAc,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC,KAAK,CAAA;gBAEnD,+BAA+B;gBAC/B,IAAI,KAAK,EAAE,CAAC;oBACV,MAAM,GAAG,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;gBAC/C,CAAC;gBAED,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;oBAEtD,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,uBAAuB,CAAC;wBAC7D,GAAG;wBACH,MAAM;wBACN,KAAK;wBACL,QAAQ;wBACR,OAAO,EAAE,MAAM,CAAC,GAAG;wBACnB,OAAO,EAAE,MAAM,CAAC,GAAG;wBACnB,UAAU;wBACV,WAAW;qBACZ,CAAC,CAAA;oBAEF,IAAI,CAAC;wBACH,MAAM,WAAW,GAAG,CAAC,WAAW,CAAA;wBAChC,IAAI,WAAW,EAAE,CAAC;4BAChB,MAAM,GAAG,CAAC,SAAS,CAAC,uBAAuB,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;wBAClE,CAAC;wBAED,IAAI,CAAC;4BACH,MAAM,GAAG,CAAC,UAAU;iCACjB,oBAAoB,CAAC,UAAU,CAAC,GAAG,EAAE,EAAE,GAAG,CAAC;iCAC3C,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gCACb,+DAA+D;gCAC/D,+CAA+C;gCAC/C,GAAG,CAAC,GAAG,CAAC,KAAK,CACX,EAAE,GAAG,EAAE,aAAa,EAAE,UAAU,CAAC,GAAG,EAAE,EAAE,GAAG,EAAE,EAC7C,kCAAkC,CACnC,CAAA;4BACH,CAAC,CAAC,CAAA;4BAEJ,OAAO;gCACL,QAAQ,EAAE,kBAA2B;gCACrC,IAAI,EAAE;oCACJ,MAAM;oCACN,GAAG,EAAE,GAAG;oCACR,uEAAuE;oCACvE,MAAM;oCACN,SAAS,EAAE,KAAK,CAAC,SAAS;oCAC1B,UAAU,EAAE,KAAK,CAAC,UAAU;iCAC7B;6BACF,CAAA;wBACH,CAAC;wBAAC,OAAO,GAAG,EAAE,CAAC;4BACb,IAAI,WAAW;gCAAE,MAAM,GAAG,CAAC,SAAS,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAA;4BACjE,MAAM,GAAG,CAAA;wBACX,CAAC;oBACH,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,MAAM,GAAG,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;wBAC3C,MAAM,GAAG,CAAA;oBACX,CAAC;gBACH,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,IAAI,YAAY,EAAE,CAAC;wBACjB,MAAM,GAAG,CAAC,SAAS,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,cAAc,CAAC,CAAA;oBACxD,CAAC;oBACD,MAAM,GAAG,CAAA;gBACX,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBACjC,MAAM,GAAG,CAAA;YACX,CAAC;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED,MAAM,4BAA4B,GAAG,KAAK,EACxC,GAAe,EACf,KAAkD,EAClD,EAAE;IACF,MAAM,MAAM,GAAG,wBAAwB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;IAErD,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,KAAK,CAAA;IAC5B,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;QACnB,MAAM,IAAI,mBAAmB,CAC3B,oDAAoD,CACrD,CAAA;IACH,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,mBAAmB,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,CAAA;IAC9E,CAAC;IACD,MAAM,cAAc,GAAG,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAA;IACvD,IAAI,CAAC,cAAc,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QACpE,MAAM,IAAI,mBAAmB,CAC3B,+CAA+C,EAC/C,oBAAoB,CACrB,CAAA;IACH,CAAC;IACD,IAAI,CAAC;QACH,MAAM,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,CAAA;QAC9B,MAAM,GAAG,CAAC,cAAc,CAAC,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC,CAAA;IACnD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,mBAAmB,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,CAAA;IAC9E,CAAC;IACD,MAAM,GAAG,GAAG,GAAG,CAAC,YAAY,CAAC,EAAE,GAAG,EAAE,GAAG,KAAK,EAAE,CAAC,CAAA;IAC/C,MAAM,IAAI,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAA;IAEnC,IAAI,UAAyC,CAAA;IAC7C,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,UAAU,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACjE,CAAC;IACD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,UAAU,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IACvE,CAAC;IACD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,mBAAmB,CAAC,qCAAqC,CAAC,CAAA;IACtE,CAAC;IAED,mBAAmB,CAAC,IAAI,EAAE;QACxB,MAAM;QACN,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS;QAC9B,UAAU,EAAE,UAAU,CAAC,GAAG,EAAE;KAC7B,CAAC,CAAA;IAEF,OAAO;QACL,GAAG;QACH,MAAM;QACN,KAAK,EAAE,SAAS;QAChB,QAAQ,EAAE,SAAS;QACnB,UAAU,EAAE,SAAS;QACrB,UAAU;QACV,KAAK;QACL,WAAW,EAAE,KAAK;KACnB,CAAA;AACH,CAAC,CAAA;AAED,MAAM,yBAAyB,GAAG,KAAK,EACrC,GAAe,EACf,KAAkD,EAClD,SAAwB,EACxB,EAAE;IACF,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,KAAK,CAAA;IAC7C,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,MAAM,IAAI,mBAAmB,CAAC,4BAA4B,CAAC,CAAA;IAC7D,CAAC;IAED,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,uBAAuB,EAAE,CAAC;QAC1D,MAAM,IAAI,mBAAmB,CAC3B,wCAAwC,uBAAuB,cAAc,CAC9E,CAAA;IACH,CAAC;IAED,IAAI,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,CAAC,UAAU,EAAE,CAAC;QAC5C,MAAM,IAAI,mBAAmB,CAC3B,yBAAyB,EACzB,mBAAmB,CACpB,CAAA;IACH,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,mBAAmB,CAAC,mBAAmB,CAAC,CAAA;IACpD,CAAC;SAAM,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5D,MAAM,IAAI,mBAAmB,CAC3B,oEAAoE,CACrE,CAAA;IACH,CAAC;IAED,kCAAkC;IAClC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,0BAA0B,CAChE,KAAK,CAAC,MAAM,EACZ,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,CACnB,CAAA;IAED,4CAA4C;IAC5C,IAAI,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,UAAU,EAAE,CAAC;QAC3C,MAAM,GAAG,CAAC,cAAc,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAA;IAC9D,CAAC;IAED,gDAAgD;IAChD,MAAM,CAAC,WAAW,EAAE,SAAS,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACjD,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC;QACrC,GAAG,CAAC,cAAc,CAAC,iBAAiB,CAAC,KAAK,CAAC;KAC5C,CAAC,CAAA;IACF,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,IAAI,mBAAmB,CAAC,yBAAyB,MAAM,EAAE,CAAC,CAAA;IAClE,CAAC;SAAM,IAAI,SAAS,EAAE,CAAC;QACrB,MAAM,IAAI,mBAAmB,CAAC,wBAAwB,KAAK,EAAE,CAAC,CAAA;IAChE,CAAC;IAED,kDAAkD;IAClD,yDAAyD;IACzD,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAA;IAEtE,IAAI,GAAc,CAAA;IAClB,IAAI,KAA2B,CAAA;IAC/B,IAAI,WAAW,GAAG,KAAK,CAAA;IACvB,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,IAAI,KAAK,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,IAAI,iBAAiB,CACzB,4CAA4C,KAAK,CAAC,GAAG,EAAE,CACxD,CAAA;QACH,CAAC;QACD,GAAG,GAAG,KAAK,CAAC,GAAG,CAAA;QACf,KAAK,GAAG,IAAI,CAAA;QACZ,WAAW,GAAG,IAAI,CAAA;IACpB,CAAC;SAAM,CAAC;QACN,MAAM,SAAS,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC,CAAA;QACzE,GAAG,GAAG,SAAS,CAAC,GAAgB,CAAA;QAChC,KAAK,GAAG,SAAS,CAAC,EAAE,CAAA;IACtB,CAAC;IAED,OAAO;QACL,GAAG;QACH,MAAM;QACN,KAAK;QACL,QAAQ;QACR,UAAU;QACV,UAAU;QACV,KAAK;QACL,WAAW;KACZ,CAAA;AACH,CAAC,CAAA;AAED,MAAM,iBAAiB,GAAG,KAAK,EAC7B,GAAe,EACf,MAAc,EACd,KAAkD,EAClD,UAAmB,EACnB,EAAE;IACF,wEAAwE;IACxE,MAAM,YAAY,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC,CAAA;IAC/C,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;QACpC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;IACvD,CAAC;IACD,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;QACtB,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAA;IACzC,CAAC;IACD,OAAO,GAAG,CAAC,QAAQ,CAAC;QAClB,UAAU,EAAE,UAAU,CAAC,GAAG,EAAE;QAC5B,YAAY;QACZ,MAAM;QACN,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS;QAC9B,MAAM,EAAE,GAAG,CAAC,cAAc;KAC3B,CAAC,CAAA;AACJ,CAAC,CAAA;AACD,MAAM,mBAAmB,GAAG,CAC1B,IAAiB,EACjB,QAIC,EACD,EAAE;IACF,yCAAyC;IACzC,qEAAqE;IACrE,mEAAmE;IACnE,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;QACpC,MAAM,IAAI,mBAAmB,CAC3B,oDAAoD,EACpD,oBAAoB,CACrB,CAAA;IACH,CAAC;SAAM,IAAI,IAAI,CAAC,GAAG,KAAK,QAAQ,CAAC,GAAG,EAAE,CAAC;QACrC,MAAM,IAAI,mBAAmB,CAC3B,2DAA2D,EAC3D,oBAAoB,CACrB,CAAA;IACH,CAAC;SAAM,IAAI,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,UAAU,EAAE,CAAC;QACnD,MAAM,IAAI,mBAAmB,CAC3B,6DAA6D,EAC7D,oBAAoB,CACrB,CAAA;IACH,CAAC;AACH,CAAC,CAAA","sourcesContent":["import * as plc from '@did-plc/lib'\nimport { isEmailValid } from '@hapi/address'\nimport { isDisposableEmail } from 'disposable-email-domains-js'\nimport { MINUTE, check } from '@atproto/common'\nimport { ExportableKeypair, Keypair, Secp256k1Keypair } from '@atproto/crypto'\nimport { AtprotoData, ensureAtpDocument } from '@atproto/identity'\nimport { DidString } from '@atproto/syntax'\nimport {\n AuthRequiredError,\n InvalidRequestError,\n Server,\n} from '@atproto/xrpc-server'\nimport { NEW_PASSWORD_MAX_LENGTH } from '../../../../account-manager/helpers/scrypt.js'\nimport { AppContext } from '../../../../context.js'\nimport { baseNormalizeAndValidate } from '../../../../handle/index.js'\nimport { com } from '../../../../lexicons/index.js'\nimport { safeResolveDidDoc } from './util.js'\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.server.createAccount, {\n rateLimit: {\n durationMs: 5 * MINUTE,\n points: 100,\n },\n auth: ctx.authVerifier.userServiceAuthOptional,\n handler: async ({\n input,\n auth,\n req,\n }): Promise<com.atproto.server.createAccount.$Output> => {\n // @NOTE Until this code and the OAuthStore's `createAccount` are\n // refactored together, any change made here must be reflected over there.\n\n const requester = auth.credentials?.did ?? null\n const {\n did,\n handle,\n email,\n password,\n inviteCode,\n signingKey,\n plcOp,\n deactivated,\n } = ctx.entrywayClient\n ? await validateInputsForEntrywayPds(ctx, input.body)\n : await validateInputsForLocalPds(ctx, input.body, requester)\n\n await ctx.actorStore.create(did, signingKey)\n\n try {\n const commit = await ctx.actorStore.transact(did, (actorTxn) => {\n return actorTxn.repo.createRepo([])\n })\n\n const canTombstone =\n // @NOTE IMPORTANT Because the user may be bringing their own did, we\n // must make sure not to tombstone their did on failure if we didn't\n // create it here.\n !ctx.entrywayClient && !input.body.did && !!plcOp\n\n // Generate a real did with PLC\n if (plcOp) {\n await ctx.plcClient.sendOperation(did, plcOp)\n }\n\n try {\n const didDoc = await safeResolveDidDoc(ctx, did, true)\n\n const creds = await ctx.accountManager.createAccountAndSession({\n did,\n handle,\n email,\n password,\n repoCid: commit.cid,\n repoRev: commit.rev,\n inviteCode,\n deactivated,\n })\n\n try {\n const sequenceEvt = !deactivated\n if (sequenceEvt) {\n await ctx.sequencer.sequenceAccountCreation(did, handle, commit)\n }\n\n try {\n await ctx.actorStore\n .clearReservedKeypair(signingKey.did(), did)\n .catch((err) => {\n // @NOTE This is a cleanup operation so we won't fail the whole\n // flow if it fails, but we log it just in case\n req.log.error(\n { did, signingKeyDid: signingKey.did(), err },\n 'Failed to clear reserved keypair',\n )\n })\n\n return {\n encoding: 'application/json' as const,\n body: {\n handle,\n did: did,\n // @ts-expect-error https://github.com/bluesky-social/atproto/pull/4406\n didDoc,\n accessJwt: creds.accessJwt,\n refreshJwt: creds.refreshJwt,\n },\n }\n } catch (err) {\n if (sequenceEvt) await ctx.sequencer.sequenceAccountDeletion(did)\n throw err\n }\n } catch (err) {\n await ctx.accountManager.deleteAccount(did)\n throw err\n }\n } catch (err) {\n if (canTombstone) {\n await ctx.plcClient.tombstone(did, ctx.plcRotationKey)\n }\n throw err\n }\n } catch (err) {\n await ctx.actorStore.destroy(did)\n throw err\n }\n },\n })\n}\n\nconst validateInputsForEntrywayPds = async (\n ctx: AppContext,\n input: com.atproto.server.createAccount.$InputBody,\n) => {\n const handle = baseNormalizeAndValidate(input.handle)\n\n const { did, plcOp } = input\n if (!did || !plcOp) {\n throw new InvalidRequestError(\n 'non-entryway pds requires bringing a DID and plcOp',\n )\n }\n if (!check.is(plcOp, plc.def.operation)) {\n throw new InvalidRequestError('invalid plc operation', 'IncompatibleDidDoc')\n }\n const plcRotationKey = ctx.cfg.entryway?.plcRotationKey\n if (!plcRotationKey || !plcOp.rotationKeys.includes(plcRotationKey)) {\n throw new InvalidRequestError(\n 'PLC DID does not include service rotation key',\n 'IncompatibleDidDoc',\n )\n }\n try {\n await plc.assureValidOp(plcOp)\n await plc.assureValidSig([plcRotationKey], plcOp)\n } catch (err) {\n throw new InvalidRequestError('invalid plc operation', 'IncompatibleDidDoc')\n }\n const doc = plc.formatDidDoc({ did, ...plcOp })\n const data = ensureAtpDocument(doc)\n\n let signingKey: ExportableKeypair | undefined\n if (input.did) {\n signingKey = await ctx.actorStore.getReservedKeypair(input.did)\n }\n if (!signingKey) {\n signingKey = await ctx.actorStore.getReservedKeypair(data.signingKey)\n }\n if (!signingKey) {\n throw new InvalidRequestError('reserved signing key does not exist')\n }\n\n validateAtprotoData(data, {\n handle,\n pds: ctx.cfg.service.publicUrl,\n signingKey: signingKey.did(),\n })\n\n return {\n did,\n handle,\n email: undefined,\n password: undefined,\n inviteCode: undefined,\n signingKey,\n plcOp,\n deactivated: false,\n }\n}\n\nconst validateInputsForLocalPds = async (\n ctx: AppContext,\n input: com.atproto.server.createAccount.$InputBody,\n requester: string | null,\n) => {\n const { email, password, inviteCode } = input\n if (input.plcOp) {\n throw new InvalidRequestError('Unsupported input: \"plcOp\"')\n }\n\n if (password && password.length > NEW_PASSWORD_MAX_LENGTH) {\n throw new InvalidRequestError(\n `Password too long. Maximum length is ${NEW_PASSWORD_MAX_LENGTH} characters.`,\n )\n }\n\n if (ctx.cfg.invites.required && !inviteCode) {\n throw new InvalidRequestError(\n 'No invite code provided',\n 'InvalidInviteCode',\n )\n }\n\n if (!email) {\n throw new InvalidRequestError('Email is required')\n } else if (!isEmailValid(email) || isDisposableEmail(email)) {\n throw new InvalidRequestError(\n 'This email address is not supported, please use a different email.',\n )\n }\n\n // normalize & ensure valid handle\n const handle = await ctx.accountManager.normalizeAndValidateHandle(\n input.handle,\n { did: input.did },\n )\n\n // check that the invite code still has uses\n if (ctx.cfg.invites.required && inviteCode) {\n await ctx.accountManager.ensureInviteIsAvailable(inviteCode)\n }\n\n // check that the handle and email are available\n const [handleAccnt, emailAcct] = await Promise.all([\n ctx.accountManager.getAccount(handle),\n ctx.accountManager.getAccountByEmail(email),\n ])\n if (handleAccnt) {\n throw new InvalidRequestError(`Handle already taken: ${handle}`)\n } else if (emailAcct) {\n throw new InvalidRequestError(`Email already taken: ${email}`)\n }\n\n // determine the did & any plc ops we need to send\n // if the provided did document is poorly setup, we throw\n const signingKey = await Secp256k1Keypair.create({ exportable: true })\n\n let did: DidString\n let plcOp: plc.Operation | null\n let deactivated = false\n if (input.did) {\n if (input.did !== requester) {\n throw new AuthRequiredError(\n `Missing auth to create account with did: ${input.did}`,\n )\n }\n did = input.did\n plcOp = null\n deactivated = true\n } else {\n const formatted = await formatDidAndPlcOp(ctx, handle, input, signingKey)\n did = formatted.did as DidString\n plcOp = formatted.op\n }\n\n return {\n did,\n handle,\n email,\n password,\n inviteCode,\n signingKey,\n plcOp,\n deactivated,\n }\n}\n\nconst formatDidAndPlcOp = async (\n ctx: AppContext,\n handle: string,\n input: com.atproto.server.createAccount.$InputBody,\n signingKey: Keypair,\n) => {\n // if the user is not bringing a DID, then we format a create op for PLC\n const rotationKeys = [ctx.plcRotationKey.did()]\n if (ctx.cfg.identity.recoveryDidKey) {\n rotationKeys.unshift(ctx.cfg.identity.recoveryDidKey)\n }\n if (input.recoveryKey) {\n rotationKeys.unshift(input.recoveryKey)\n }\n return plc.createOp({\n signingKey: signingKey.did(),\n rotationKeys,\n handle,\n pds: ctx.cfg.service.publicUrl,\n signer: ctx.plcRotationKey,\n })\n}\nconst validateAtprotoData = (\n data: AtprotoData,\n expected: {\n handle: string\n pds: string\n signingKey: string\n },\n) => {\n // if the user is bringing their own did:\n // resolve the user's did doc data, including rotationKeys if did:plc\n // determine if we have the capability to make changes to their DID\n if (data.handle !== expected.handle) {\n throw new InvalidRequestError(\n 'provided handle does not match DID document handle',\n 'IncompatibleDidDoc',\n )\n } else if (data.pds !== expected.pds) {\n throw new InvalidRequestError(\n 'DID document pds endpoint does not match service endpoint',\n 'IncompatibleDidDoc',\n )\n } else if (data.signingKey !== expected.signingKey) {\n throw new InvalidRequestError(\n 'DID document signing key does not match service signing key',\n 'IncompatibleDidDoc',\n )\n }\n}\n"]}
package/dist/api/com/atproto/server/deactivateAccount.js CHANGED
@@ -30,7 +30,7 @@ export default function (server, ctx) {
30
30
  const requester = auth.credentials.did;
31
31
  await ctx.accountManager.deactivateAccount(requester, body.deleteAfter ?? null);
32
32
  const status = await ctx.accountManager.getAccountStatus(requester);
33
- await ctx.sequencer.sequenceAccountEvt(requester, status);
33
+ await ctx.sequencer.sequenceAccount(requester, status);
34
34
  },
35
35
  });
36
36
  }
package/dist/api/com/atproto/server/deactivateAccount.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"deactivateAccount.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/deactivateAccount.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAU,MAAM,sBAAsB,CAAA;AAC7D,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAElE,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AAEnD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,EAAE,cAAc,EAAE,GAAG,GAAG,CAAA;IAE9B,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC;QAC1C,UAAU,EAAE,CAAC,SAAS,CAAC,SAAS,CAAC;QACjC,MAAM,EAAE,WAAW;QACnB,SAAS,EAAE,GAAG,EAAE;YACd,MAAM,IAAI,cAAc,CACtB,uDAAuD,CACxD,CAAA;QACH,CAAC;KACF,CAAC,CAAA;IAEF,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE;YAC/C,IAAI;YACJ,gIAAgI;YAChI,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;gBAC1C,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAA;gBACpD,MAAM,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE;oBAC9D,OAAO;oBACP,IAAI;iBACL,CAAC,CAAA;YACJ,CAAC;SACF,CAAC,CAAA;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE;YAC/C,IAAI;YACJ,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;gBAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAA;gBACtC,MAAM,GAAG,CAAC,cAAc,CAAC,iBAAiB,CACxC,SAAS,EACT,IAAI,CAAC,WAAW,IAAI,IAAI,CACzB,CAAA;gBACD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAA;gBACnE,MAAM,GAAG,CAAC,SAAS,CAAC,kBAAkB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;YAC3D,CAAC;SACF,CAAC,CAAA;IACJ,CAAC;AACH,CAAC","sourcesContent":["import { ForbiddenError, Server } from '@atproto/xrpc-server'\nimport { ACCESS_FULL, AuthScope } from '../../../../auth-scope.js'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\n\nexport default function (server: Server, ctx: AppContext) {\n const { entrywayClient } = ctx\n\n const auth = ctx.authVerifier.authorization({\n additional: [AuthScope.Takendown],\n scopes: ACCESS_FULL,\n authorize: () => {\n throw new ForbiddenError(\n 'OAuth credentials are not supported for this endpoint',\n )\n },\n })\n\n if (entrywayClient) {\n server.add(com.atproto.server.deactivateAccount, {\n auth,\n // in the case of entryway, the full flow is deactivateAccount (PDS) -> deactivateAccount (Entryway) -> updateSubjectStatus(PDS)\n handler: async ({ input: { body }, req }) => {\n const { headers } = ctx.entrywayPassthruHeaders(req)\n await entrywayClient.xrpc(com.atproto.server.deactivateAccount, {\n headers,\n body,\n })\n },\n })\n } else {\n server.add(com.atproto.server.deactivateAccount, {\n auth,\n handler: async ({ input: { body }, auth }) => {\n const requester = auth.credentials.did\n await ctx.accountManager.deactivateAccount(\n requester,\n body.deleteAfter ?? null,\n )\n const status = await ctx.accountManager.getAccountStatus(requester)\n await ctx.sequencer.sequenceAccountEvt(requester, status)\n },\n })\n }\n}\n"]}
1
+ {"version":3,"file":"deactivateAccount.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/deactivateAccount.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAU,MAAM,sBAAsB,CAAA;AAC7D,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAElE,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AAEnD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,EAAE,cAAc,EAAE,GAAG,GAAG,CAAA;IAE9B,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC;QAC1C,UAAU,EAAE,CAAC,SAAS,CAAC,SAAS,CAAC;QACjC,MAAM,EAAE,WAAW;QACnB,SAAS,EAAE,GAAG,EAAE;YACd,MAAM,IAAI,cAAc,CACtB,uDAAuD,CACxD,CAAA;QACH,CAAC;KACF,CAAC,CAAA;IAEF,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE;YAC/C,IAAI;YACJ,gIAAgI;YAChI,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;gBAC1C,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAA;gBACpD,MAAM,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE;oBAC9D,OAAO;oBACP,IAAI;iBACL,CAAC,CAAA;YACJ,CAAC;SACF,CAAC,CAAA;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE;YAC/C,IAAI;YACJ,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;gBAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAA;gBACtC,MAAM,GAAG,CAAC,cAAc,CAAC,iBAAiB,CACxC,SAAS,EACT,IAAI,CAAC,WAAW,IAAI,IAAI,CACzB,CAAA;gBACD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAA;gBACnE,MAAM,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;YACxD,CAAC;SACF,CAAC,CAAA;IACJ,CAAC;AACH,CAAC","sourcesContent":["import { ForbiddenError, Server } from '@atproto/xrpc-server'\nimport { ACCESS_FULL, AuthScope } from '../../../../auth-scope.js'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\n\nexport default function (server: Server, ctx: AppContext) {\n const { entrywayClient } = ctx\n\n const auth = ctx.authVerifier.authorization({\n additional: [AuthScope.Takendown],\n scopes: ACCESS_FULL,\n authorize: () => {\n throw new ForbiddenError(\n 'OAuth credentials are not supported for this endpoint',\n )\n },\n })\n\n if (entrywayClient) {\n server.add(com.atproto.server.deactivateAccount, {\n auth,\n // in the case of entryway, the full flow is deactivateAccount (PDS) -> deactivateAccount (Entryway) -> updateSubjectStatus(PDS)\n handler: async ({ input: { body }, req }) => {\n const { headers } = ctx.entrywayPassthruHeaders(req)\n await entrywayClient.xrpc(com.atproto.server.deactivateAccount, {\n headers,\n body,\n })\n },\n })\n } else {\n server.add(com.atproto.server.deactivateAccount, {\n auth,\n handler: async ({ input: { body }, auth }) => {\n const requester = auth.credentials.did\n await ctx.accountManager.deactivateAccount(\n requester,\n body.deleteAfter ?? null,\n )\n const status = await ctx.accountManager.getAccountStatus(requester)\n await ctx.sequencer.sequenceAccount(requester, status)\n },\n })\n }\n}\n"]}
package/dist/api/com/atproto/server/deleteAccount.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"deleteAccount.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/deleteAccount.ts"],"names":[],"mappings":"AACA,OAAO,EAGL,MAAM,EACP,MAAM,sBAAsB,CAAA;AAG7B,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAGnD,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QAsDvD"}
1
+ {"version":3,"file":"deleteAccount.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/deleteAccount.ts"],"names":[],"mappings":"AACA,OAAO,EAGL,MAAM,EACP,MAAM,sBAAsB,CAAA;AAE7B,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAGnD,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QAyDvD"}
package/dist/api/com/atproto/server/deleteAccount.js CHANGED
@@ -1,6 +1,5 @@
1
1
  import { MINUTE } from '@atproto/common';
2
2
  import { AuthRequiredError, InvalidRequestError, } from '@atproto/xrpc-server';
3
- import { AccountStatus } from '../../../../account-manager/account-manager.js';
4
3
  import { OLD_PASSWORD_MAX_LENGTH } from '../../../../account-manager/helpers/scrypt.js';
5
4
  import { com } from '../../../../lexicons/index.js';
6
5
  export default function (server, ctx) {
@@ -35,10 +34,16 @@ export default function (server, ctx) {
35
34
  throw new AuthRequiredError('Invalid did or password');
36
35
  }
37
36
  await ctx.accountManager.assertValidEmailToken(did, 'delete_account', token);
38
- await ctx.actorStore.destroy(did);
37
+ // @NOTE Order matters here: first "unlink" the account by removing it
38
+ // from the account manager database ("source of truth"), then notify the
39
+ // sequencer, and finally cleanup files from the file system.
39
40
  await ctx.accountManager.deleteAccount(did);
40
- const accountSeq = await ctx.sequencer.sequenceAccountEvt(did, AccountStatus.Deleted);
41
- await ctx.sequencer.deleteAllForUser(did, [accountSeq]);
41
+ try {
42
+ await ctx.sequencer.sequenceAccountDeletion(did);
43
+ }
44
+ finally {
45
+ await ctx.actorStore.destroy(did);
46
+ }
42
47
  },
43
48
  });
44
49
  }
package/dist/api/com/atproto/server/deleteAccount.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"deleteAccount.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/deleteAccount.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AACxC,OAAO,EACL,iBAAiB,EACjB,mBAAmB,GAEpB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,gDAAgD,CAAA;AAC9E,OAAO,EAAE,uBAAuB,EAAE,MAAM,+CAA+C,CAAA;AAEvF,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AAEnD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,EAAE,cAAc,EAAE,GAAG,GAAG,CAAA;IAE9B,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE;QAC3C,SAAS,EAAE;YACT,UAAU,EAAE,CAAC,GAAG,MAAM;YACtB,MAAM,EAAE,EAAE;SACX;QACD,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;YAC1C,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;YAErC,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,EAAE;gBACvD,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CAAC,CAAA;YACF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,mBAAmB,CAAC,mBAAmB,CAAC,CAAA;YACpD,CAAC;YAED,IAAI,cAAc,EAAE,CAAC;gBACnB,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAA;gBACpD,MAAM,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE;oBAC1D,IAAI;oBACJ,OAAO;iBACR,CAAC,CAAA;gBACF,OAAM;YACR,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,GAAG,uBAAuB,EAAE,CAAC;gBAC9C,MAAM,IAAI,mBAAmB,CAAC,0BAA0B,CAAC,CAAA;YAC3D,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,qBAAqB,CAC9D,GAAG,EACH,QAAQ,CACT,CAAA;YACD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,iBAAiB,CAAC,yBAAyB,CAAC,CAAA;YACxD,CAAC;YAED,MAAM,GAAG,CAAC,cAAc,CAAC,qBAAqB,CAC5C,GAAG,EACH,gBAAgB,EAChB,KAAK,CACN,CAAA;YACD,MAAM,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;YACjC,MAAM,GAAG,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;YAC3C,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC,kBAAkB,CACvD,GAAG,EACH,aAAa,CAAC,OAAO,CACtB,CAAA;YACD,MAAM,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;QACzD,CAAC;KACF,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import { MINUTE } from '@atproto/common'\nimport {\n AuthRequiredError,\n InvalidRequestError,\n Server,\n} from '@atproto/xrpc-server'\nimport { AccountStatus } from '../../../../account-manager/account-manager.js'\nimport { OLD_PASSWORD_MAX_LENGTH } from '../../../../account-manager/helpers/scrypt.js'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\n\nexport default function (server: Server, ctx: AppContext) {\n const { entrywayClient } = ctx\n\n server.add(com.atproto.server.deleteAccount, {\n rateLimit: {\n durationMs: 5 * MINUTE,\n points: 50,\n },\n handler: async ({ input: { body }, req }) => {\n const { did, password, token } = body\n\n const account = await ctx.accountManager.getAccount(did, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n if (!account) {\n throw new InvalidRequestError('account not found')\n }\n\n if (entrywayClient) {\n const { headers } = ctx.entrywayPassthruHeaders(req)\n await entrywayClient.xrpc(com.atproto.server.deleteAccount, {\n body,\n headers,\n })\n return\n }\n\n if (password.length > OLD_PASSWORD_MAX_LENGTH) {\n throw new InvalidRequestError('Invalid password length.')\n }\n\n const validPass = await ctx.accountManager.verifyAccountPassword(\n did,\n password,\n )\n if (!validPass) {\n throw new AuthRequiredError('Invalid did or password')\n }\n\n await ctx.accountManager.assertValidEmailToken(\n did,\n 'delete_account',\n token,\n )\n await ctx.actorStore.destroy(did)\n await ctx.accountManager.deleteAccount(did)\n const accountSeq = await ctx.sequencer.sequenceAccountEvt(\n did,\n AccountStatus.Deleted,\n )\n await ctx.sequencer.deleteAllForUser(did, [accountSeq])\n },\n })\n}\n"]}
1
+ {"version":3,"file":"deleteAccount.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/deleteAccount.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AACxC,OAAO,EACL,iBAAiB,EACjB,mBAAmB,GAEpB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,uBAAuB,EAAE,MAAM,+CAA+C,CAAA;AAEvF,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AAEnD,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,EAAE,cAAc,EAAE,GAAG,GAAG,CAAA;IAE9B,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE;QAC3C,SAAS,EAAE;YACT,UAAU,EAAE,CAAC,GAAG,MAAM;YACtB,MAAM,EAAE,EAAE;SACX;QACD,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;YAC1C,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;YAErC,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,EAAE;gBACvD,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CAAC,CAAA;YACF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,mBAAmB,CAAC,mBAAmB,CAAC,CAAA;YACpD,CAAC;YAED,IAAI,cAAc,EAAE,CAAC;gBACnB,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAA;gBACpD,MAAM,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE;oBAC1D,IAAI;oBACJ,OAAO;iBACR,CAAC,CAAA;gBACF,OAAM;YACR,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,GAAG,uBAAuB,EAAE,CAAC;gBAC9C,MAAM,IAAI,mBAAmB,CAAC,0BAA0B,CAAC,CAAA;YAC3D,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,qBAAqB,CAC9D,GAAG,EACH,QAAQ,CACT,CAAA;YACD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,iBAAiB,CAAC,yBAAyB,CAAC,CAAA;YACxD,CAAC;YAED,MAAM,GAAG,CAAC,cAAc,CAAC,qBAAqB,CAC5C,GAAG,EACH,gBAAgB,EAChB,KAAK,CACN,CAAA;YAED,sEAAsE;YACtE,yEAAyE;YACzE,6DAA6D;YAC7D,MAAM,GAAG,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;YAC3C,IAAI,CAAC;gBACH,MAAM,GAAG,CAAC,SAAS,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAA;YAClD,CAAC;oBAAS,CAAC;gBACT,MAAM,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;YACnC,CAAC;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import { MINUTE } from '@atproto/common'\nimport {\n AuthRequiredError,\n InvalidRequestError,\n Server,\n} from '@atproto/xrpc-server'\nimport { OLD_PASSWORD_MAX_LENGTH } from '../../../../account-manager/helpers/scrypt.js'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\n\nexport default function (server: Server, ctx: AppContext) {\n const { entrywayClient } = ctx\n\n server.add(com.atproto.server.deleteAccount, {\n rateLimit: {\n durationMs: 5 * MINUTE,\n points: 50,\n },\n handler: async ({ input: { body }, req }) => {\n const { did, password, token } = body\n\n const account = await ctx.accountManager.getAccount(did, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n if (!account) {\n throw new InvalidRequestError('account not found')\n }\n\n if (entrywayClient) {\n const { headers } = ctx.entrywayPassthruHeaders(req)\n await entrywayClient.xrpc(com.atproto.server.deleteAccount, {\n body,\n headers,\n })\n return\n }\n\n if (password.length > OLD_PASSWORD_MAX_LENGTH) {\n throw new InvalidRequestError('Invalid password length.')\n }\n\n const validPass = await ctx.accountManager.verifyAccountPassword(\n did,\n password,\n )\n if (!validPass) {\n throw new AuthRequiredError('Invalid did or password')\n }\n\n await ctx.accountManager.assertValidEmailToken(\n did,\n 'delete_account',\n token,\n )\n\n // @NOTE Order matters here: first \"unlink\" the account by removing it\n // from the account manager database (\"source of truth\"), then notify the\n // sequencer, and finally cleanup files from the file system.\n await ctx.accountManager.deleteAccount(did)\n try {\n await ctx.sequencer.sequenceAccountDeletion(did)\n } finally {\n await ctx.actorStore.destroy(did)\n }\n },\n })\n}\n"]}
package/dist/api/com/atproto/server/util.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/util.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAE/C,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAA;AAC1D,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAOnD,eAAO,MAAM,UAAU,GAAI,KAAK,YAAY,KAAG,MAE9C,CAAA;AAED,eAAO,MAAM,WAAW,GAAI,KAAK,YAAY,EAAE,OAAO,MAAM,KAAG,MAAM,EAMpE,CAAA;AAGD,eAAO,MAAM,cAAc,cAG1B,CAAA;AAED,eAAO,MAAM,iBAAiB,GAC5B,KAAK,UAAU,EACf,KAAK,MAAM,EACX,eAAe,OAAO,KACrB,OAAO,CAAC,WAAW,GAAG,SAAS,CAOjC,CAAA;AAED,eAAO,MAAM,gBAAgB,GAC3B,KAAK,UAAU,EACf,KAAK,MAAM,EACX,eAAe,OAAO,KACrB,OAAO,CAAC,WAAW,GAAG,SAAS,CAGjC,CAAA;AAED,eAAO,MAAM,uBAAuB,GAClC,KAAK,UAAU,EACf,KAAK,MAAM,KACV,OAAO,CAAC,OAAO,CAOjB,CAAA;AAED,eAAO,MAAM,gCAAgC,GAC3C,KAAK,UAAU,EACf,KAAK,MAAM,kBAmBZ,CAAA"}
1
+ {"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/util.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAE/C,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAA;AAC1D,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAOnD,eAAO,MAAM,UAAU,QAAS,YAAY,KAAG,MAE9C,CAAA;AAED,eAAO,MAAM,WAAW,QAAS,YAAY,SAAS,MAAM,KAAG,MAAM,EAMpE,CAAA;AAGD,eAAO,MAAM,cAAc,cAG1B,CAAA;AAED,eAAO,MAAM,iBAAiB,QACvB,UAAU,OACV,MAAM,iBACI,OAAO,KACrB,OAAO,CAAC,WAAW,GAAG,SAAS,CAOjC,CAAA;AAED,eAAO,MAAM,gBAAgB,QACtB,UAAU,OACV,MAAM,iBACI,OAAO,KACrB,OAAO,CAAC,WAAW,GAAG,SAAS,CAGjC,CAAA;AAED,eAAO,MAAM,uBAAuB,QAC7B,UAAU,OACV,MAAM,KACV,OAAO,CAAC,OAAO,CAOjB,CAAA;AAED,eAAO,MAAM,gCAAgC,QACtC,UAAU,OACV,MAAM,kBAmBZ,CAAA"}
package/dist/api/com/atproto/sync/getRepo.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"getRepo.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/getRepo.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAA;AAEhC,OAAO,EAAuB,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAOlE,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAMnD,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QA4BvD;AAED,eAAO,MAAM,YAAY,GACvB,KAAK,UAAU,EACf,KAAK,MAAM,EACX,QAAQ,MAAM,KACb,OAAO,CAAC,MAAM,CAAC,QAAQ,CAiBzB,CAAA"}
1
+ {"version":3,"file":"getRepo.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/getRepo.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAA;AAMhC,OAAO,EAAuB,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAOlE,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAMnD,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QAgCvD;AAED,eAAO,MAAM,YAAY,QAClB,UAAU,OACV,MAAM,UACH,MAAM,KACb,OAAO,CAAC,MAAM,CAAC,QAAQ,CAiBzB,CAAA"}
package/dist/api/com/atproto/sync/getRepo.js CHANGED
@@ -1,4 +1,4 @@
1
- import { byteIterableToStream, coalesceByteStream } from '@atproto/common';
1
+ import { MINUTE, byteIterableToStream, coalesceByteStream, } from '@atproto/common';
2
2
  import { InvalidRequestError } from '@atproto/xrpc-server';
3
3
  import { RepoRootNotFoundError, SqlRepoReader, } from '../../../../actor-store/repo/sql-repo-reader.js';
4
4
  import { AuthScope } from '../../../../auth-scope.js';
@@ -14,6 +14,10 @@ export default function (server, ctx) {
14
14
  // always allow
15
15
  },
16
16
  }),
17
+ rateLimit: {
18
+ durationMs: 5 * MINUTE,
19
+ points: 6000,
20
+ },
17
21
  handler: async ({ req, params, auth }) => {
18
22
  const { did, since } = params;
19
23
  await assertRepoAvailability(ctx, did, isUserOrAdmin(auth, did));
package/dist/api/com/atproto/sync/getRepo.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"getRepo.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/getRepo.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AAC1E,OAAO,EAAE,mBAAmB,EAAU,MAAM,sBAAsB,CAAA;AAClE,OAAO,EACL,qBAAqB,EACrB,aAAa,GACd,MAAM,iDAAiD,CAAA;AACxD,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAA;AAE5D,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACnD,OAAO,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAA;AAElD,MAAM,qBAAqB,GAAG,EAAE,GAAG,IAAI,CAAA;AAEvC,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE;QACnC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,iCAAiC,CAAC;YACvD,UAAU,EAAE,CAAC,SAAS,CAAC,SAAS,CAAC;YACjC,SAAS,EAAE,GAAG,EAAE;gBACd,eAAe;YACjB,CAAC;SACF,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE;YACvC,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,MAAM,CAAA;YAC7B,MAAM,sBAAsB,CAAC,GAAG,EAAE,GAAG,EAAE,aAAa,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAA;YAEhE,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;YAErD,OAAO;gBACL,QAAQ,EAAE,0BAAmC;gBAC7C,wEAAwE;gBACxE,oEAAoE;gBACpE,sEAAsE;gBACtE,EAAE;gBACF,+DAA+D;gBAC/D,oEAAoE;gBACpE,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC;oBAClC,CAAC,CAAC,kBAAkB,CAAC,SAAS,EAAE,qBAAqB,CAAC;oBACtD,CAAC,CAAC,SAAS;aACd,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAC/B,GAAe,EACf,GAAW,EACX,KAAc,EACY,EAAE;IAC5B,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;IAChD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC,OAAO,CAAC,CAAA;QAC1C,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,CAAA;QACjD,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;QAC/C,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,CAAA;QACrC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAC9B,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAC9B,OAAO,SAAS,CAAA;IAClB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,CAAC,KAAK,EAAE,CAAA;QACrB,IAAI,GAAG,YAAY,qBAAqB,EAAE,CAAC;YACzC,MAAM,IAAI,mBAAmB,CAAC,gCAAgC,GAAG,EAAE,CAAC,CAAA;QACtE,CAAC;QACD,MAAM,GAAG,CAAA;IACX,CAAC;AACH,CAAC,CAAA","sourcesContent":["import stream from 'node:stream'\nimport { byteIterableToStream, coalesceByteStream } from '@atproto/common'\nimport { InvalidRequestError, Server } from '@atproto/xrpc-server'\nimport {\n RepoRootNotFoundError,\n SqlRepoReader,\n} from '../../../../actor-store/repo/sql-repo-reader.js'\nimport { AuthScope } from '../../../../auth-scope.js'\nimport { isUserOrAdmin } from '../../../../auth-verifier.js'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\nimport { assertRepoAvailability } from './util.js'\n\nconst CAR_STREAM_CHUNK_SIZE = 64 * 1024\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.sync.getRepo, {\n auth: ctx.authVerifier.authorizationOrAdminTokenOptional({\n additional: [AuthScope.Takendown],\n authorize: () => {\n // always allow\n },\n }),\n handler: async ({ req, params, auth }) => {\n const { did, since } = params\n await assertRepoAvailability(ctx, did, isUserOrAdmin(auth, did))\n\n const carStream = await getCarStream(ctx, did, since)\n\n return {\n encoding: 'application/vnd.ipld.car' as const,\n // @NOTE If the client asked for compression (via \"accept-encoding\"), we\n // coalesce the CAR stream into larger chunks to improve compression\n // efficiency. See https://github.com/bluesky-social/atproto/pull/5078\n //\n // @TODO This would be better handled by xrpc-server and/or the\n // compression middleware instead of manually coalescing the stream.\n body: req.headers['accept-encoding']\n ? coalesceByteStream(carStream, CAR_STREAM_CHUNK_SIZE)\n : carStream,\n }\n },\n })\n}\n\nexport const getCarStream = async (\n ctx: AppContext,\n did: string,\n since?: string,\n): Promise<stream.Readable> => {\n const actorDb = await ctx.actorStore.openDb(did)\n try {\n const storage = new SqlRepoReader(actorDb)\n const carIter = await storage.getCarStream(since)\n const carStream = byteIterableToStream(carIter)\n const closeDb = () => actorDb.close()\n carStream.on('error', closeDb)\n carStream.on('close', closeDb)\n return carStream\n } catch (err) {\n await actorDb.close()\n if (err instanceof RepoRootNotFoundError) {\n throw new InvalidRequestError(`Could not find repo for DID: ${did}`)\n }\n throw err\n }\n}\n"]}
1
+ {"version":3,"file":"getRepo.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/getRepo.ts"],"names":[],"mappings":"AACA,OAAO,EACL,MAAM,EACN,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,iBAAiB,CAAA;AACxB,OAAO,EAAE,mBAAmB,EAAU,MAAM,sBAAsB,CAAA;AAClE,OAAO,EACL,qBAAqB,EACrB,aAAa,GACd,MAAM,iDAAiD,CAAA;AACxD,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAA;AAE5D,OAAO,EAAE,GAAG,EAAE,MAAM,+BAA+B,CAAA;AACnD,OAAO,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAA;AAElD,MAAM,qBAAqB,GAAG,EAAE,GAAG,IAAI,CAAA;AAEvC,MAAM,CAAC,OAAO,WAAW,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE;QACnC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,iCAAiC,CAAC;YACvD,UAAU,EAAE,CAAC,SAAS,CAAC,SAAS,CAAC;YACjC,SAAS,EAAE,GAAG,EAAE;gBACd,eAAe;YACjB,CAAC;SACF,CAAC;QACF,SAAS,EAAE;YACT,UAAU,EAAE,CAAC,GAAG,MAAM;YACtB,MAAM,EAAE,IAAI;SACb;QACD,OAAO,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE;YACvC,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,MAAM,CAAA;YAC7B,MAAM,sBAAsB,CAAC,GAAG,EAAE,GAAG,EAAE,aAAa,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAA;YAEhE,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;YAErD,OAAO;gBACL,QAAQ,EAAE,0BAAmC;gBAC7C,wEAAwE;gBACxE,oEAAoE;gBACpE,sEAAsE;gBACtE,EAAE;gBACF,+DAA+D;gBAC/D,oEAAoE;gBACpE,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC;oBAClC,CAAC,CAAC,kBAAkB,CAAC,SAAS,EAAE,qBAAqB,CAAC;oBACtD,CAAC,CAAC,SAAS;aACd,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAC/B,GAAe,EACf,GAAW,EACX,KAAc,EACY,EAAE;IAC5B,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;IAChD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC,OAAO,CAAC,CAAA;QAC1C,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,CAAA;QACjD,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;QAC/C,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,CAAA;QACrC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAC9B,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAC9B,OAAO,SAAS,CAAA;IAClB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,CAAC,KAAK,EAAE,CAAA;QACrB,IAAI,GAAG,YAAY,qBAAqB,EAAE,CAAC;YACzC,MAAM,IAAI,mBAAmB,CAAC,gCAAgC,GAAG,EAAE,CAAC,CAAA;QACtE,CAAC;QACD,MAAM,GAAG,CAAA;IACX,CAAC;AACH,CAAC,CAAA","sourcesContent":["import stream from 'node:stream'\nimport {\n MINUTE,\n byteIterableToStream,\n coalesceByteStream,\n} from '@atproto/common'\nimport { InvalidRequestError, Server } from '@atproto/xrpc-server'\nimport {\n RepoRootNotFoundError,\n SqlRepoReader,\n} from '../../../../actor-store/repo/sql-repo-reader.js'\nimport { AuthScope } from '../../../../auth-scope.js'\nimport { isUserOrAdmin } from '../../../../auth-verifier.js'\nimport { AppContext } from '../../../../context.js'\nimport { com } from '../../../../lexicons/index.js'\nimport { assertRepoAvailability } from './util.js'\n\nconst CAR_STREAM_CHUNK_SIZE = 64 * 1024\n\nexport default function (server: Server, ctx: AppContext) {\n server.add(com.atproto.sync.getRepo, {\n auth: ctx.authVerifier.authorizationOrAdminTokenOptional({\n additional: [AuthScope.Takendown],\n authorize: () => {\n // always allow\n },\n }),\n rateLimit: {\n durationMs: 5 * MINUTE,\n points: 6000,\n },\n handler: async ({ req, params, auth }) => {\n const { did, since } = params\n await assertRepoAvailability(ctx, did, isUserOrAdmin(auth, did))\n\n const carStream = await getCarStream(ctx, did, since)\n\n return {\n encoding: 'application/vnd.ipld.car' as const,\n // @NOTE If the client asked for compression (via \"accept-encoding\"), we\n // coalesce the CAR stream into larger chunks to improve compression\n // efficiency. See https://github.com/bluesky-social/atproto/pull/5078\n //\n // @TODO This would be better handled by xrpc-server and/or the\n // compression middleware instead of manually coalescing the stream.\n body: req.headers['accept-encoding']\n ? coalesceByteStream(carStream, CAR_STREAM_CHUNK_SIZE)\n : carStream,\n }\n },\n })\n}\n\nexport const getCarStream = async (\n ctx: AppContext,\n did: string,\n since?: string,\n): Promise<stream.Readable> => {\n const actorDb = await ctx.actorStore.openDb(did)\n try {\n const storage = new SqlRepoReader(actorDb)\n const carIter = await storage.getCarStream(since)\n const carStream = byteIterableToStream(carIter)\n const closeDb = () => actorDb.close()\n carStream.on('error', closeDb)\n carStream.on('close', closeDb)\n return carStream\n } catch (err) {\n await actorDb.close()\n if (err instanceof RepoRootNotFoundError) {\n throw new InvalidRequestError(`Could not find repo for DID: ${did}`)\n }\n throw err\n }\n}\n"]}
package/dist/api/com/atproto/sync/listRepos.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"listRepos.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/listRepos.ts"],"names":[],"mappings":"AAAA,OAAO,EAAuB,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAElE,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AACnD,OAAO,EAAE,MAAM,EAAE,aAAa,EAAY,MAAM,8BAA8B,CAAA;AAG9E,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QA2CvD;AAED,KAAK,aAAa,GAAG;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAAA;AAEvD,qBAAa,aAAc,SAAQ,aAAa,CAAC,aAAa,EAAE,MAAM,CAAC;IACrE,WAAW,CAAC,MAAM,EAAE,aAAa,GAAG,MAAM;IAG1C,qBAAqB,CAAC,OAAO,EAAE,MAAM;;;;IAMrC,qBAAqB,CAAC,MAAM,EAAE,MAAM;;;;CAUrC"}
1
+ {"version":3,"file":"listRepos.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/listRepos.ts"],"names":[],"mappings":"AAAA,OAAO,EAAuB,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAElE,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AACnD,OAAO,EAAE,MAAM,EAAE,aAAa,EAAY,MAAM,8BAA8B,CAAA;AAG9E,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QA2CvD;AAED,KAAK,aAAa,GAAG;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAAA;AAEvD,qBAAa,aAAc,SAAQ,aAAa,CAAC,aAAa,EAAE,MAAM,CAAC;IACrE,WAAW,CAAC,MAAM,EAAE,aAAa,GAAG,MAAM,CAEzC;IACD,qBAAqB,CAAC,OAAO,EAAE,MAAM;QAEjC,OAAO;QACP,SAAS;MAEZ;IACD,qBAAqB,CAAC,MAAM,EAAE,MAAM;QAMhC,OAAO;QACP,SAAS;MAEZ;CACF"}
package/dist/api/com/atproto/sync/util.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/util.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AAEpD,OAAO,EAAE,YAAY,EAAE,MAAM,gDAAgD,CAAA;AAC7E,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAEnD,eAAO,MAAM,sBAAsB,GACjC,KAAK,UAAU,EACf,aAAa,kBAAkB,EAC/B,eAAe,OAAO,KACrB,OAAO,CAAC,YAAY,CA2BtB,CAAA"}
1
+ {"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/util.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AAEpD,OAAO,EAAE,YAAY,EAAE,MAAM,gDAAgD,CAAA;AAC7E,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAEnD,eAAO,MAAM,sBAAsB,QAC5B,UAAU,eACF,kBAAkB,iBAChB,OAAO,KACrB,OAAO,CAAC,YAAY,CA2BtB,CAAA"}
package/dist/api/proxy.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"proxy.d.ts","sourceRoot":"","sources":["../../src/api/proxy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAC3C,OAAO,OAAO,MAAM,SAAS,CAAA;AAG7B,wBAAgB,YAAY,CAAC,GAAG,EAAE,eAAe;;;;cAuBhD;AAID,eAAO,MAAM,YAAY,GACvB,KAAK,OAAO,CAAC,OAAO,EACpB,QAAQ,YAAY,GAAG,SAAS,iBAQjC,CAAA;AAED,KAAK,YAAY,GAAG;IAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAAE,CAAA"}
1
+ {"version":3,"file":"proxy.d.ts","sourceRoot":"","sources":["../../src/api/proxy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAC3C,OAAO,OAAO,MAAM,SAAS,CAAA;AAG7B,wBAAgB,YAAY,CAAC,GAAG,EAAE,eAAe;;;;cAuBhD;AAID,eAAO,MAAM,YAAY,QAClB,OAAO,CAAC,OAAO,UACZ,YAAY,GAAG,SAAS,iBAQjC,CAAA;AAED,KAAK,YAAY,GAAG;IAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAAE,CAAA"}
package/dist/app-view.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"app-view.d.ts","sourceRoot":"","sources":["../src/app-view.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AAErC,MAAM,MAAM,cAAc,GAAG;IAC3B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,qBAAa,OAAO;IACX,GAAG,EAAE,MAAM,CAAA;IACX,MAAM,EAAE,MAAM,CAAA;IACrB,OAAO,CAAC,aAAa,CAAC,CAAQ;gBAElB,OAAO,EAAE,cAAc;IAMnC,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;CAG3E"}
1
+ {"version":3,"file":"app-view.d.ts","sourceRoot":"","sources":["../src/app-view.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AAErC,MAAM,MAAM,cAAc,GAAG;IAC3B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,qBAAa,OAAO;IACX,GAAG,EAAE,MAAM,CAAA;IACX,MAAM,EAAE,MAAM,CAAA;IACrB,OAAO,CAAC,aAAa,CAAC,CAAQ;IAE9B,YAAY,OAAO,EAAE,cAAc,EAIlC;IAED,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAEzE;CACF"}
package/dist/auth-routes.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth-routes.d.ts","sourceRoot":"","sources":["../src/auth-routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAA;AAShC,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AAGzC,eAAO,MAAM,YAAY,GAAI,wBAAwB,UAAU,KAAG,MAuCjE,CAAA"}
1
+ {"version":3,"file":"auth-routes.d.ts","sourceRoot":"","sources":["../src/auth-routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAA;AAShC,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AAGzC,eAAO,MAAM,YAAY,2BAA4B,UAAU,KAAG,MAuCjE,CAAA"}