@atproto/pds 0.5.4 → 0.5.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +43 -0
- package/dist/account-manager/account-manager.d.ts +52 -14
- package/dist/account-manager/account-manager.d.ts.map +1 -1
- package/dist/account-manager/account-manager.js +86 -26
- package/dist/account-manager/account-manager.js.map +1 -1
- package/dist/account-manager/db/index.d.ts.map +1 -1
- package/dist/account-manager/db/migrations/005-oauth-account-management.d.ts.map +1 -1
- package/dist/account-manager/db/migrations/005-oauth-account-management.js +3 -4
- package/dist/account-manager/db/migrations/005-oauth-account-management.js.map +1 -1
- package/dist/account-manager/db/migrations/index.d.ts.map +1 -1
- package/dist/account-manager/db/schema/authorization-request.d.ts +2 -2
- package/dist/account-manager/db/schema/authorization-request.d.ts.map +1 -1
- package/dist/account-manager/db/schema/authorization-request.js.map +1 -1
- package/dist/account-manager/db/schema/authorized-client.d.ts +2 -2
- package/dist/account-manager/db/schema/authorized-client.d.ts.map +1 -1
- package/dist/account-manager/db/schema/authorized-client.js.map +1 -1
- package/dist/account-manager/db/schema/token.d.ts +2 -2
- package/dist/account-manager/db/schema/token.d.ts.map +1 -1
- package/dist/account-manager/db/schema/token.js.map +1 -1
- package/dist/account-manager/helpers/account-device.d.ts +23 -196
- package/dist/account-manager/helpers/account-device.d.ts.map +1 -1
- package/dist/account-manager/helpers/account-device.js +3 -3
- package/dist/account-manager/helpers/account-device.js.map +1 -1
- package/dist/account-manager/helpers/account.d.ts +20 -10
- package/dist/account-manager/helpers/account.d.ts.map +1 -1
- package/dist/account-manager/helpers/account.js +17 -11
- package/dist/account-manager/helpers/account.js.map +1 -1
- package/dist/account-manager/helpers/auth.d.ts.map +1 -1
- package/dist/account-manager/helpers/auth.js +1 -1
- package/dist/account-manager/helpers/auth.js.map +1 -1
- package/dist/account-manager/helpers/authorization-request.d.ts +83 -5
- package/dist/account-manager/helpers/authorization-request.d.ts.map +1 -1
- package/dist/account-manager/helpers/authorization-request.js +8 -8
- package/dist/account-manager/helpers/authorization-request.js.map +1 -1
- package/dist/account-manager/helpers/authorized-client.d.ts +5 -4
- package/dist/account-manager/helpers/authorized-client.d.ts.map +1 -1
- package/dist/account-manager/helpers/authorized-client.js +3 -0
- package/dist/account-manager/helpers/authorized-client.js.map +1 -1
- package/dist/account-manager/helpers/device.d.ts +10 -4
- package/dist/account-manager/helpers/device.d.ts.map +1 -1
- package/dist/account-manager/helpers/device.js +4 -4
- package/dist/account-manager/helpers/device.js.map +1 -1
- package/dist/account-manager/helpers/email-token.d.ts.map +1 -1
- package/dist/account-manager/helpers/invite.d.ts +35 -2
- package/dist/account-manager/helpers/invite.d.ts.map +1 -1
- package/dist/account-manager/helpers/lexicon.d.ts.map +1 -1
- package/dist/account-manager/helpers/lexicon.js +6 -0
- package/dist/account-manager/helpers/lexicon.js.map +1 -1
- package/dist/account-manager/helpers/password.d.ts +1 -0
- package/dist/account-manager/helpers/password.d.ts.map +1 -1
- package/dist/account-manager/helpers/password.js +3 -0
- package/dist/account-manager/helpers/password.js.map +1 -1
- package/dist/account-manager/helpers/repo.d.ts.map +1 -1
- package/dist/account-manager/helpers/scrypt.d.ts.map +1 -1
- package/dist/account-manager/helpers/token.d.ts +72 -1031
- package/dist/account-manager/helpers/token.d.ts.map +1 -1
- package/dist/account-manager/helpers/token.js +13 -10
- package/dist/account-manager/helpers/token.js.map +1 -1
- package/dist/account-manager/helpers/used-refresh-token.d.ts +6 -2
- package/dist/account-manager/helpers/used-refresh-token.d.ts.map +1 -1
- package/dist/account-manager/oauth-store.d.ts +17 -13
- package/dist/account-manager/oauth-store.d.ts.map +1 -1
- package/dist/account-manager/oauth-store.js +89 -39
- package/dist/account-manager/oauth-store.js.map +1 -1
- package/dist/account-manager/scope-reference-getter.d.ts.map +1 -1
- package/dist/account-manager/scope-reference-getter.js.map +1 -1
- package/dist/actor-store/actor-store-reader.d.ts.map +1 -1
- package/dist/actor-store/actor-store-reader.js.map +1 -1
- package/dist/actor-store/actor-store-transactor.d.ts.map +1 -1
- package/dist/actor-store/actor-store-transactor.js.map +1 -1
- package/dist/actor-store/actor-store-writer.d.ts.map +1 -1
- package/dist/actor-store/actor-store.d.ts.map +1 -1
- package/dist/actor-store/actor-store.js.map +1 -1
- package/dist/actor-store/blob/reader.d.ts.map +1 -1
- package/dist/actor-store/blob/reader.js +2 -3
- package/dist/actor-store/blob/reader.js.map +1 -1
- package/dist/actor-store/blob/transactor.d.ts.map +1 -1
- package/dist/actor-store/blob/transactor.js.map +1 -1
- package/dist/actor-store/db/index.d.ts.map +1 -1
- package/dist/actor-store/db/migrations/index.d.ts.map +1 -1
- package/dist/actor-store/migrate.d.ts.map +1 -1
- package/dist/actor-store/preference/reader.d.ts.map +1 -1
- package/dist/actor-store/preference/reader.js.map +1 -1
- package/dist/actor-store/preference/transactor.d.ts.map +1 -1
- package/dist/actor-store/record/reader.d.ts +3 -3
- package/dist/actor-store/record/reader.d.ts.map +1 -1
- package/dist/actor-store/record/reader.js +3 -3
- package/dist/actor-store/record/reader.js.map +1 -1
- package/dist/actor-store/record/transactor.d.ts.map +1 -1
- package/dist/actor-store/record/transactor.js.map +1 -1
- package/dist/actor-store/repo/reader.d.ts.map +1 -1
- package/dist/actor-store/repo/reader.js.map +1 -1
- package/dist/actor-store/repo/sql-repo-reader.d.ts +5 -1
- package/dist/actor-store/repo/sql-repo-reader.d.ts.map +1 -1
- package/dist/actor-store/repo/sql-repo-reader.js.map +1 -1
- package/dist/actor-store/repo/sql-repo-transactor.d.ts.map +1 -1
- package/dist/actor-store/repo/transactor.d.ts.map +1 -1
- package/dist/actor-store/repo/transactor.js.map +1 -1
- package/dist/api/app/bsky/util/resolver.d.ts +4 -4
- package/dist/api/app/bsky/util/resolver.d.ts.map +1 -1
- package/dist/api/com/atproto/admin/getInviteCodes.d.ts.map +1 -1
- package/dist/api/com/atproto/admin/updateSubjectStatus.d.ts.map +1 -1
- package/dist/api/com/atproto/admin/updateSubjectStatus.js +12 -4
- package/dist/api/com/atproto/admin/updateSubjectStatus.js.map +1 -1
- package/dist/api/com/atproto/server/activateAccount.d.ts.map +1 -1
- package/dist/api/com/atproto/server/activateAccount.js +25 -31
- package/dist/api/com/atproto/server/activateAccount.js.map +1 -1
- package/dist/api/com/atproto/server/deactivateAccount.d.ts.map +1 -1
- package/dist/api/com/atproto/server/deactivateAccount.js +3 -4
- package/dist/api/com/atproto/server/deactivateAccount.js.map +1 -1
- package/dist/api/com/atproto/server/deleteAccount.d.ts.map +1 -1
- package/dist/api/com/atproto/server/deleteAccount.js +51 -37
- package/dist/api/com/atproto/server/deleteAccount.js.map +1 -1
- package/dist/api/com/atproto/server/util.d.ts +25 -6
- package/dist/api/com/atproto/server/util.d.ts.map +1 -1
- package/dist/api/com/atproto/server/util.js.map +1 -1
- package/dist/api/com/atproto/sync/getRepo.d.ts.map +1 -1
- package/dist/api/com/atproto/sync/listRepos.d.ts.map +1 -1
- package/dist/api/com/atproto/sync/util.d.ts.map +1 -1
- package/dist/api/proxy.d.ts.map +1 -1
- package/dist/app-view.d.ts.map +1 -1
- package/dist/auth-routes.d.ts.map +1 -1
- package/dist/auth-verifier.d.ts.map +1 -1
- package/dist/background.d.ts.map +1 -1
- package/dist/basic-routes.d.ts.map +1 -1
- package/dist/bsky-app-view.d.ts.map +1 -1
- package/dist/config/config.d.ts +2 -1
- package/dist/config/config.d.ts.map +1 -1
- package/dist/config/config.js +4 -1
- package/dist/config/config.js.map +1 -1
- package/dist/config/env.d.ts.map +1 -1
- package/dist/config/secrets.d.ts.map +1 -1
- package/dist/context.d.ts.map +1 -1
- package/dist/context.js +1 -1
- package/dist/context.js.map +1 -1
- package/dist/crawlers.d.ts.map +1 -1
- package/dist/db/db.d.ts.map +1 -1
- package/dist/db/migrator.d.ts +4 -3
- package/dist/db/migrator.d.ts.map +1 -1
- package/dist/db/migrator.js +1 -1
- package/dist/db/migrator.js.map +1 -1
- package/dist/db/pagination.d.ts +3 -2
- package/dist/db/pagination.d.ts.map +1 -1
- package/dist/db/pagination.js +2 -2
- package/dist/db/pagination.js.map +1 -1
- package/dist/db/util.d.ts +3 -3
- package/dist/db/util.d.ts.map +1 -1
- package/dist/db/util.js.map +1 -1
- package/dist/did-cache/db/index.d.ts.map +1 -1
- package/dist/did-cache/db/migrations.d.ts.map +1 -1
- package/dist/did-cache/index.d.ts.map +1 -1
- package/dist/did-cache/index.js.map +1 -1
- package/dist/disk-blobstore.d.ts.map +1 -1
- package/dist/disk-blobstore.js.map +1 -1
- package/dist/handle/explicit-slurs.d.ts.map +1 -1
- package/dist/handle/index.d.ts.map +1 -1
- package/dist/image/image-url-builder.d.ts.map +1 -1
- package/dist/image/image-url-builder.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/actor/defs.defs.d.ts +75 -155
- package/dist/lexicons/app/bsky/actor/defs.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/actor/profile.defs.d.ts +100 -300
- package/dist/lexicons/app/bsky/actor/profile.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/actor/status.defs.d.ts +40 -40
- package/dist/lexicons/app/bsky/actor/status.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/authCreatePosts.defs.d.ts +1 -1
- package/dist/lexicons/app/bsky/authDeleteContent.defs.d.ts +1 -1
- package/dist/lexicons/app/bsky/authFullApp.defs.d.ts +1 -1
- package/dist/lexicons/app/bsky/authManageFeedDeclarations.defs.d.ts +1 -1
- package/dist/lexicons/app/bsky/authManageLabelerService.defs.d.ts +1 -1
- package/dist/lexicons/app/bsky/authManageModeration.defs.d.ts +1 -1
- package/dist/lexicons/app/bsky/authManageNotifications.defs.d.ts +1 -1
- package/dist/lexicons/app/bsky/authManageProfile.defs.d.ts +1 -1
- package/dist/lexicons/app/bsky/authViewAll.defs.d.ts +1 -1
- package/dist/lexicons/app/bsky/draft/defs.defs.d.ts +4 -4
- package/dist/lexicons/app/bsky/draft/defs.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/embed/external.defs.d.ts +10 -10
- package/dist/lexicons/app/bsky/embed/gallery.defs.d.ts +10 -42
- package/dist/lexicons/app/bsky/embed/gallery.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/embed/images.defs.d.ts +10 -10
- package/dist/lexicons/app/bsky/embed/record.defs.d.ts +10 -10
- package/dist/lexicons/app/bsky/embed/recordWithMedia.defs.d.ts +10 -10
- package/dist/lexicons/app/bsky/embed/video.defs.d.ts +50 -162
- package/dist/lexicons/app/bsky/embed/video.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/feed/generator.defs.d.ts +80 -160
- package/dist/lexicons/app/bsky/feed/generator.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/feed/like.defs.d.ts +30 -30
- package/dist/lexicons/app/bsky/feed/like.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/feed/post.defs.d.ts +80 -200
- package/dist/lexicons/app/bsky/feed/post.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/feed/postgate.defs.d.ts +40 -80
- package/dist/lexicons/app/bsky/feed/postgate.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/feed/repost.defs.d.ts +30 -30
- package/dist/lexicons/app/bsky/feed/repost.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/feed/threadgate.defs.d.ts +30 -30
- package/dist/lexicons/app/bsky/feed/threadgate.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/graph/block.defs.d.ts +20 -20
- package/dist/lexicons/app/bsky/graph/block.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/graph/follow.defs.d.ts +30 -30
- package/dist/lexicons/app/bsky/graph/follow.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/graph/list.defs.d.ts +60 -60
- package/dist/lexicons/app/bsky/graph/list.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/graph/listblock.defs.d.ts +20 -20
- package/dist/lexicons/app/bsky/graph/listblock.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/graph/listitem.defs.d.ts +20 -20
- package/dist/lexicons/app/bsky/graph/listitem.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/graph/starterpack.defs.d.ts +50 -90
- package/dist/lexicons/app/bsky/graph/starterpack.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/graph/verification.defs.d.ts +30 -30
- package/dist/lexicons/app/bsky/graph/verification.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/labeler/service.defs.d.ts +50 -130
- package/dist/lexicons/app/bsky/labeler/service.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/notification/declaration.defs.d.ts +10 -10
- package/dist/lexicons/app/bsky/notification/declaration.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/richtext/facet.defs.d.ts +10 -10
- package/dist/lexicons/chat/bsky/actor/declaration.defs.d.ts +20 -20
- package/dist/lexicons/chat/bsky/actor/declaration.defs.d.ts.map +1 -1
- package/dist/lexicons/chat/bsky/authFullChatClient.defs.d.ts +1 -1
- package/dist/lexicons/chat/bsky/convo/defs.defs.d.ts +17 -0
- package/dist/lexicons/chat/bsky/convo/defs.defs.d.ts.map +1 -1
- package/dist/lexicons/chat/bsky/convo/defs.defs.js +11 -0
- package/dist/lexicons/chat/bsky/convo/defs.defs.js.map +1 -1
- package/dist/lexicons/chat/bsky/convo/sendMessage.defs.d.ts +1 -1
- package/dist/lexicons/chat/bsky/convo/sendMessage.defs.d.ts.map +1 -1
- package/dist/lexicons/chat/bsky/convo/sendMessage.defs.js +1 -0
- package/dist/lexicons/chat/bsky/convo/sendMessage.defs.js.map +1 -1
- package/dist/lexicons/chat/bsky/convo/sendMessageBatch.defs.d.ts +1 -1
- package/dist/lexicons/chat/bsky/convo/sendMessageBatch.defs.d.ts.map +1 -1
- package/dist/lexicons/chat/bsky/convo/sendMessageBatch.defs.js +1 -0
- package/dist/lexicons/chat/bsky/convo/sendMessageBatch.defs.js.map +1 -1
- package/dist/lexicons/chat/bsky/embed/joinLink.defs.d.ts +10 -42
- package/dist/lexicons/chat/bsky/embed/joinLink.defs.d.ts.map +1 -1
- package/dist/lexicons/com/atproto/lexicon/schema.defs.d.ts +10 -10
- package/dist/lexicons/com/atproto/lexicon/schema.defs.d.ts.map +1 -1
- package/dist/lexicons/com/atproto/repo/strongRef.defs.d.ts +10 -10
- package/dist/lexicons/com/germnetwork/declaration.defs.d.ts +40 -120
- package/dist/lexicons/com/germnetwork/declaration.defs.d.ts.map +1 -1
- package/dist/lexicons/site/standard/document.defs.d.ts +130 -450
- package/dist/lexicons/site/standard/document.defs.d.ts.map +1 -1
- package/dist/lexicons/site/standard/graph/recommend.defs.d.ts +10 -10
- package/dist/lexicons/site/standard/graph/recommend.defs.d.ts.map +1 -1
- package/dist/lexicons/site/standard/graph/subscription.defs.d.ts +20 -60
- package/dist/lexicons/site/standard/graph/subscription.defs.d.ts.map +1 -1
- package/dist/lexicons/site/standard/publication.defs.d.ts +60 -220
- package/dist/lexicons/site/standard/publication.defs.d.ts.map +1 -1
- package/dist/lexicons/site/standard/theme/basic.defs.d.ts +10 -10
- package/dist/lexicons/site/standard/theme/basic.defs.d.ts.map +1 -1
- package/dist/lexicons/tools/ozone/moderation/queryStatuses.defs.d.ts +2 -2
- package/dist/lexicons/tools/ozone/set/querySets.defs.d.ts +2 -2
- package/dist/logger.d.ts +14 -14
- package/dist/logger.d.ts.map +1 -1
- package/dist/mailer/index.d.ts +2 -0
- package/dist/mailer/index.d.ts.map +1 -1
- package/dist/mailer/index.js +2 -0
- package/dist/mailer/index.js.map +1 -1
- package/dist/mailer/moderation.d.ts.map +1 -1
- package/dist/pipethrough.d.ts +1 -1
- package/dist/pipethrough.d.ts.map +1 -1
- package/dist/pipethrough.js.map +1 -1
- package/dist/rate-limits.d.ts.map +1 -1
- package/dist/read-after-write/util.d.ts.map +1 -1
- package/dist/read-after-write/viewer.d.ts +8 -8
- package/dist/read-after-write/viewer.d.ts.map +1 -1
- package/dist/read-after-write/viewer.js.map +1 -1
- package/dist/redis.d.ts.map +1 -1
- package/dist/repo/prepare.d.ts.map +1 -1
- package/dist/repo/types.d.ts.map +1 -1
- package/dist/repo/types.js.map +1 -1
- package/dist/scripts/index.d.ts.map +1 -1
- package/dist/scripts/publish-identity.d.ts.map +1 -1
- package/dist/scripts/rebuild-repo.d.ts.map +1 -1
- package/dist/scripts/rotate-keys.d.ts.map +1 -1
- package/dist/scripts/sequencer-recovery/index.d.ts.map +1 -1
- package/dist/scripts/sequencer-recovery/recoverer.d.ts.map +1 -1
- package/dist/scripts/sequencer-recovery/recoverer.js.map +1 -1
- package/dist/scripts/sequencer-recovery/recovery-db.d.ts.map +1 -1
- package/dist/scripts/sequencer-recovery/recovery-db.js.map +1 -1
- package/dist/scripts/sequencer-recovery/repair-repos.d.ts.map +1 -1
- package/dist/scripts/sequencer-recovery/user-queues.d.ts.map +1 -1
- package/dist/scripts/util.d.ts.map +1 -1
- package/dist/sequencer/db/index.d.ts.map +1 -1
- package/dist/sequencer/db/migrations/index.d.ts.map +1 -1
- package/dist/sequencer/events.d.ts +19 -19
- package/dist/sequencer/events.d.ts.map +1 -1
- package/dist/sequencer/events.js +6 -13
- package/dist/sequencer/events.js.map +1 -1
- package/dist/sequencer/outbox.d.ts.map +1 -1
- package/dist/sequencer/outbox.js.map +1 -1
- package/dist/sequencer/sequencer.d.ts +1 -1
- package/dist/sequencer/sequencer.d.ts.map +1 -1
- package/dist/sequencer/sequencer.js.map +1 -1
- package/dist/util/debug.d.ts.map +1 -1
- package/dist/well-known.d.ts.map +1 -1
- package/package.json +26 -27
- package/src/account-manager/account-manager.ts +135 -36
- package/src/account-manager/db/migrations/005-oauth-account-management.ts +6 -5
- package/src/account-manager/db/schema/authorization-request.ts +2 -1
- package/src/account-manager/db/schema/authorized-client.ts +6 -2
- package/src/account-manager/db/schema/token.ts +2 -2
- package/src/account-manager/helpers/account-device.ts +5 -11
- package/src/account-manager/helpers/account.ts +39 -16
- package/src/account-manager/helpers/auth.ts +2 -2
- package/src/account-manager/helpers/authorization-request.ts +12 -8
- package/src/account-manager/helpers/authorized-client.ts +12 -6
- package/src/account-manager/helpers/device.ts +4 -4
- package/src/account-manager/helpers/lexicon.ts +8 -3
- package/src/account-manager/helpers/password.ts +6 -0
- package/src/account-manager/helpers/token.ts +17 -11
- package/src/account-manager/oauth-store.ts +129 -61
- package/src/actor-store/blob/reader.ts +8 -5
- package/src/actor-store/record/reader.ts +3 -3
- package/src/actor-store/repo/sql-repo-reader.ts +1 -1
- package/src/api/com/atproto/admin/updateSubjectStatus.ts +16 -4
- package/src/api/com/atproto/server/activateAccount.ts +27 -49
- package/src/api/com/atproto/server/deactivateAccount.ts +3 -7
- package/src/api/com/atproto/server/deleteAccount.ts +60 -43
- package/src/api/com/atproto/server/util.ts +24 -7
- package/src/config/config.ts +7 -2
- package/src/context.ts +2 -3
- package/src/db/migrator.ts +2 -1
- package/src/db/pagination.ts +7 -7
- package/src/db/util.ts +5 -2
- package/src/mailer/index.ts +4 -2
- package/src/scripts/sequencer-recovery/recovery-db.ts +1 -1
- package/src/sequencer/events.ts +8 -13
- package/src/sequencer/sequencer.ts +1 -3
- package/tests/account-manager.test.ts +79 -0
- package/tests/account-status.test.ts +206 -0
- package/tests/oauth.test.ts +91 -0
- package/tsconfig.build.tsbuildinfo +1 -1
|
@@ -2,14 +2,14 @@ import {
|
|
|
2
2
|
AuthorizedClientData,
|
|
3
3
|
AuthorizedClients,
|
|
4
4
|
ClientId,
|
|
5
|
-
|
|
5
|
+
Did,
|
|
6
6
|
} from '@atproto/oauth-provider'
|
|
7
7
|
import { fromJson, toDateISO, toJson } from '../../db/index.js'
|
|
8
8
|
import { AccountDb } from '../db/index.js'
|
|
9
9
|
|
|
10
10
|
export async function upsert(
|
|
11
11
|
db: AccountDb,
|
|
12
|
-
did:
|
|
12
|
+
did: Did,
|
|
13
13
|
clientId: ClientId,
|
|
14
14
|
data: AuthorizedClientData,
|
|
15
15
|
) {
|
|
@@ -36,17 +36,23 @@ export async function upsert(
|
|
|
36
36
|
|
|
37
37
|
export async function getAuthorizedClients(
|
|
38
38
|
db: AccountDb,
|
|
39
|
-
did:
|
|
39
|
+
did: Did,
|
|
40
40
|
): Promise<AuthorizedClients> {
|
|
41
41
|
return (await getAuthorizedClientsMulti(db, [did])).get(did)!
|
|
42
42
|
}
|
|
43
43
|
|
|
44
|
+
export async function deleteAllAuthorizedClients(db: AccountDb, did: Did) {
|
|
45
|
+
await db.executeWithRetry(
|
|
46
|
+
db.db.deleteFrom('authorized_client').where('did', '=', did),
|
|
47
|
+
)
|
|
48
|
+
}
|
|
49
|
+
|
|
44
50
|
export async function getAuthorizedClientsMulti(
|
|
45
51
|
db: AccountDb,
|
|
46
|
-
dids: Iterable<
|
|
47
|
-
): Promise<Map<
|
|
52
|
+
dids: Iterable<Did>,
|
|
53
|
+
): Promise<Map<Did, AuthorizedClients>> {
|
|
48
54
|
// Using a Map will ensure unicity of dids (through unicity of keys)
|
|
49
|
-
const map = new Map<
|
|
55
|
+
const map = new Map<Did, AuthorizedClients>(
|
|
50
56
|
Array.from(dids, (did) => [did, new Map()]),
|
|
51
57
|
)
|
|
52
58
|
|
|
@@ -35,10 +35,10 @@ export const updateQB = (
|
|
|
35
35
|
) =>
|
|
36
36
|
db.db
|
|
37
37
|
.updateTable('device')
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
38
|
+
.$if(sessionId != null, (qb) => qb.set({ sessionId }))
|
|
39
|
+
.$if(userAgent != null, (qb) => qb.set({ userAgent }))
|
|
40
|
+
.$if(ipAddress != null, (qb) => qb.set({ ipAddress }))
|
|
41
|
+
.$if(lastSeenAt != null, (qb) =>
|
|
42
42
|
qb.set({ lastSeenAt: toDateISO(lastSeenAt!) }),
|
|
43
43
|
)
|
|
44
44
|
.where('id', '=', deviceId)
|
|
@@ -1,10 +1,15 @@
|
|
|
1
|
-
import { Insertable } from 'kysely'
|
|
2
1
|
import { LEXICON_REFRESH_FREQUENCY, LexiconData } from '@atproto/oauth-provider'
|
|
3
2
|
import { fromDateISO, fromJson, toDateISO, toJson } from '../../db/index.js'
|
|
4
|
-
import { AccountDb
|
|
3
|
+
import { AccountDb } from '../db/index.js'
|
|
5
4
|
|
|
6
5
|
export async function upsert(db: AccountDb, nsid: string, data: LexiconData) {
|
|
7
|
-
|
|
6
|
+
// @TODO not annotated as `Omit<Insertable<Lexicon>, 'nsid'>`. Insertable's
|
|
7
|
+
// nullable/non-nullable key partition evaluates `IsNullable<InsertType<…>>`
|
|
8
|
+
// per column, which for the recursive `JsonEncoded<LexiconDocument>` column
|
|
9
|
+
// overflows the tsgo (TS7) checker's instantiation depth (TS2589). The older
|
|
10
|
+
// tsc handled it; the `.values()`/`.doUpdateSet()` calls below still
|
|
11
|
+
// type-check this object against the insert type regardless.
|
|
12
|
+
const updates = {
|
|
8
13
|
...data,
|
|
9
14
|
createdAt: toDateISO(data.createdAt),
|
|
10
15
|
updatedAt: toDateISO(data.updatedAt),
|
|
@@ -128,3 +128,9 @@ export const deleteAppPassword = async (
|
|
|
128
128
|
.where('name', '=', name),
|
|
129
129
|
)
|
|
130
130
|
}
|
|
131
|
+
|
|
132
|
+
export const deleteAllAppPasswords = async (db: AccountDb, did: string) => {
|
|
133
|
+
await db.executeWithRetry(
|
|
134
|
+
db.db.deleteFrom('app_password').where('did', '=', did),
|
|
135
|
+
)
|
|
136
|
+
}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { Selectable } from 'kysely'
|
|
2
2
|
import {
|
|
3
3
|
Code,
|
|
4
|
+
Did,
|
|
4
5
|
NewTokenData,
|
|
5
6
|
RefreshToken,
|
|
6
7
|
TokenData,
|
|
@@ -18,7 +19,7 @@ export function toTokenData(row: Selectable<Token>): TokenData {
|
|
|
18
19
|
clientId: row.clientId,
|
|
19
20
|
clientAuth: fromJson(row.clientAuth),
|
|
20
21
|
deviceId: row.deviceId,
|
|
21
|
-
|
|
22
|
+
did: row.did,
|
|
22
23
|
parameters: fromJson(row.parameters),
|
|
23
24
|
code: row.code,
|
|
24
25
|
scope: row.scope,
|
|
@@ -60,7 +61,7 @@ export const createQB = (
|
|
|
60
61
|
clientId: data.clientId,
|
|
61
62
|
clientAuth: toJson(data.clientAuth),
|
|
62
63
|
deviceId: data.deviceId,
|
|
63
|
-
did: data.
|
|
64
|
+
did: data.did,
|
|
64
65
|
parameters: toJson(data.parameters),
|
|
65
66
|
details: data.details ? toJson(data.details) : null,
|
|
66
67
|
code: data.code,
|
|
@@ -80,7 +81,7 @@ export const findByQB = (
|
|
|
80
81
|
db: AccountDb,
|
|
81
82
|
search: {
|
|
82
83
|
id?: number
|
|
83
|
-
did?:
|
|
84
|
+
did?: Did
|
|
84
85
|
code?: Code
|
|
85
86
|
tokenId?: TokenId
|
|
86
87
|
currentRefreshToken?: RefreshToken
|
|
@@ -98,33 +99,38 @@ export const findByQB = (
|
|
|
98
99
|
}
|
|
99
100
|
|
|
100
101
|
return selectTokenInfoQB(db)
|
|
101
|
-
|
|
102
|
+
.$if(search.id !== undefined, (qb) =>
|
|
102
103
|
// uses primary key index
|
|
103
104
|
qb.where('token.id', '=', search.id!),
|
|
104
105
|
)
|
|
105
|
-
|
|
106
|
+
.$if(search.did !== undefined, (qb) =>
|
|
106
107
|
// uses "token_did_idx" index
|
|
107
108
|
qb.where('token.did', '=', search.did!),
|
|
108
109
|
)
|
|
109
|
-
|
|
110
|
+
.$if(search.code !== undefined, (qb) =>
|
|
110
111
|
// uses "token_code_idx" partial index (hence the null check)
|
|
111
112
|
qb
|
|
112
113
|
.where('token.code', '=', search.code!)
|
|
113
114
|
.where('token.code', 'is not', null),
|
|
114
115
|
)
|
|
115
|
-
|
|
116
|
+
.$if(search.tokenId !== undefined, (qb) =>
|
|
116
117
|
// uses "token_token_id_idx"
|
|
117
118
|
qb.where('token.tokenId', '=', search.tokenId!),
|
|
118
119
|
)
|
|
119
|
-
|
|
120
|
+
.$if(search.currentRefreshToken !== undefined, (qb) =>
|
|
120
121
|
// uses "token_refresh_token_unique_idx"
|
|
121
122
|
qb.where('token.currentRefreshToken', '=', search.currentRefreshToken!),
|
|
122
123
|
)
|
|
123
124
|
}
|
|
124
125
|
|
|
125
|
-
export const
|
|
126
|
-
|
|
127
|
-
|
|
126
|
+
export const removeByDid = async (db: AccountDb, did: Did) => {
|
|
127
|
+
await db.executeWithRetry(
|
|
128
|
+
db.db
|
|
129
|
+
.deleteFrom('token')
|
|
130
|
+
// uses "token_did_idx" index
|
|
131
|
+
.where('did', '=', did),
|
|
132
|
+
)
|
|
133
|
+
}
|
|
128
134
|
|
|
129
135
|
export const rotateQB = (
|
|
130
136
|
db: AccountDb,
|
|
@@ -2,14 +2,7 @@ import assert from 'node:assert'
|
|
|
2
2
|
import { Client, createOp as createPlcOp } from '@did-plc/lib'
|
|
3
3
|
import { Selectable } from 'kysely'
|
|
4
4
|
import { Keypair, Secp256k1Keypair } from '@atproto/crypto'
|
|
5
|
-
import {
|
|
6
|
-
DidString,
|
|
7
|
-
HandleString,
|
|
8
|
-
asAtIdentifierString,
|
|
9
|
-
getBlobCidString,
|
|
10
|
-
isDidString,
|
|
11
|
-
isHandleString,
|
|
12
|
-
} from '@atproto/lex'
|
|
5
|
+
import { DidString, HandleString, getBlobCidString } from '@atproto/lex'
|
|
13
6
|
import {
|
|
14
7
|
Account,
|
|
15
8
|
AccountStore,
|
|
@@ -18,10 +11,14 @@ import {
|
|
|
18
11
|
AuthorizedClients,
|
|
19
12
|
ClientId,
|
|
20
13
|
Code,
|
|
14
|
+
DeactivateAccountData,
|
|
15
|
+
DeleteAccountConfirmInput,
|
|
16
|
+
DeleteAccountRequestInput,
|
|
21
17
|
DeviceAccount,
|
|
22
18
|
DeviceData,
|
|
23
19
|
DeviceId,
|
|
24
20
|
DeviceStore,
|
|
21
|
+
Did,
|
|
25
22
|
FoundRequestResult,
|
|
26
23
|
HandleUnavailableError,
|
|
27
24
|
HandleUnavailableReason,
|
|
@@ -31,6 +28,7 @@ import {
|
|
|
31
28
|
LexiconData,
|
|
32
29
|
LexiconStore,
|
|
33
30
|
NewTokenData,
|
|
31
|
+
ReactivateAccountData,
|
|
34
32
|
RefreshToken,
|
|
35
33
|
RequestData,
|
|
36
34
|
RequestId,
|
|
@@ -38,7 +36,6 @@ import {
|
|
|
38
36
|
ResetPasswordConfirmInput,
|
|
39
37
|
ResetPasswordRequestInput,
|
|
40
38
|
SignUpData,
|
|
41
|
-
Sub,
|
|
42
39
|
TokenData,
|
|
43
40
|
TokenId,
|
|
44
41
|
TokenInfo,
|
|
@@ -140,8 +137,6 @@ export class OAuthStore
|
|
|
140
137
|
// @TODO Send an account creation confirmation email (+verification link) to the user (in their locale)
|
|
141
138
|
// @NOTE Password strength & length already enforced by the OAuthProvider
|
|
142
139
|
|
|
143
|
-
assert(isHandleString(handle), 'Handle must be a valid HandleString')
|
|
144
|
-
|
|
145
140
|
await Promise.all([
|
|
146
141
|
this.verifyEmailAvailability(email),
|
|
147
142
|
this.verifyHandleAvailability(handle),
|
|
@@ -281,32 +276,28 @@ export class OAuthStore
|
|
|
281
276
|
}
|
|
282
277
|
|
|
283
278
|
async setAuthorizedClient(
|
|
284
|
-
|
|
279
|
+
did: Did,
|
|
285
280
|
clientId: ClientId,
|
|
286
281
|
data: AuthorizedClientData,
|
|
287
282
|
): Promise<void> {
|
|
288
|
-
await authorizedClientHelper.upsert(this.db,
|
|
283
|
+
await authorizedClientHelper.upsert(this.db, did, clientId, data)
|
|
289
284
|
}
|
|
290
285
|
|
|
291
|
-
async getAccount(
|
|
286
|
+
async getAccount(did: Did): Promise<{
|
|
292
287
|
account: Account
|
|
293
288
|
authorizedClients: AuthorizedClients
|
|
294
289
|
}> {
|
|
295
|
-
const accountRow = await this.accountManager.getAccount(
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
includeDeactivated: true,
|
|
300
|
-
includeTakenDown: false,
|
|
301
|
-
},
|
|
302
|
-
)
|
|
290
|
+
const accountRow = await this.accountManager.getAccount(did, {
|
|
291
|
+
includeDeactivated: true,
|
|
292
|
+
includeTakenDown: false,
|
|
293
|
+
})
|
|
303
294
|
|
|
304
295
|
assert(accountRow, 'Account not found')
|
|
305
296
|
|
|
306
297
|
const account = await this.buildAccount(accountRow)
|
|
307
298
|
const authorizedClients = await authorizedClientHelper.getAuthorizedClients(
|
|
308
299
|
this.db,
|
|
309
|
-
|
|
300
|
+
did,
|
|
310
301
|
)
|
|
311
302
|
|
|
312
303
|
return { account, authorizedClients }
|
|
@@ -320,10 +311,10 @@ export class OAuthStore
|
|
|
320
311
|
|
|
321
312
|
async getDeviceAccount(
|
|
322
313
|
deviceId: DeviceId,
|
|
323
|
-
|
|
314
|
+
did: Did,
|
|
324
315
|
): Promise<DeviceAccount | null> {
|
|
325
316
|
const row = await accountDeviceHelper
|
|
326
|
-
.selectQB(this.db, { deviceId,
|
|
317
|
+
.selectQB(this.db, { deviceId, did })
|
|
327
318
|
.executeTakeFirst()
|
|
328
319
|
|
|
329
320
|
if (!row) return null
|
|
@@ -334,30 +325,30 @@ export class OAuthStore
|
|
|
334
325
|
account: await this.buildAccount(row),
|
|
335
326
|
authorizedClients: await authorizedClientHelper.getAuthorizedClients(
|
|
336
327
|
this.db,
|
|
337
|
-
|
|
328
|
+
did,
|
|
338
329
|
),
|
|
339
330
|
createdAt: fromDateISO(row.adCreatedAt),
|
|
340
331
|
updatedAt: fromDateISO(row.adUpdatedAt),
|
|
341
332
|
}
|
|
342
333
|
}
|
|
343
334
|
|
|
344
|
-
async removeDeviceAccount(deviceId: DeviceId,
|
|
335
|
+
async removeDeviceAccount(deviceId: DeviceId, did: Did): Promise<void> {
|
|
345
336
|
await this.db.executeWithRetry(
|
|
346
|
-
accountDeviceHelper.removeQB(this.db, deviceId,
|
|
337
|
+
accountDeviceHelper.removeQB(this.db, deviceId, did),
|
|
347
338
|
)
|
|
348
339
|
}
|
|
349
340
|
|
|
350
341
|
async listDeviceAccounts(
|
|
351
|
-
filter: {
|
|
342
|
+
filter: { did: Did } | { deviceId: DeviceId },
|
|
352
343
|
): Promise<DeviceAccount[]> {
|
|
353
344
|
const rows = await accountDeviceHelper.selectQB(this.db, filter).execute()
|
|
354
345
|
|
|
355
|
-
const uniqueDids
|
|
346
|
+
const uniqueDids = [...new Set(rows.map((row) => row.did))]
|
|
356
347
|
|
|
357
348
|
// Enrich all distinct account with their profile data
|
|
358
349
|
const accounts = new Map(
|
|
359
350
|
await Promise.all(
|
|
360
|
-
Array.from(uniqueDids, async (did): Promise<[
|
|
351
|
+
Array.from(uniqueDids, async (did): Promise<[Did, Account]> => {
|
|
361
352
|
const row = rows.find((r) => r.did === did)!
|
|
362
353
|
return [did, await this.buildAccount(row)]
|
|
363
354
|
}),
|
|
@@ -381,8 +372,8 @@ export class OAuthStore
|
|
|
381
372
|
}
|
|
382
373
|
|
|
383
374
|
async resetPasswordRequest({
|
|
384
|
-
locale: _locale,
|
|
385
375
|
email,
|
|
376
|
+
locale,
|
|
386
377
|
}: ResetPasswordRequestInput): Promise<Account | null> {
|
|
387
378
|
const account = await this.accountManager.getAccountByEmail(email, {
|
|
388
379
|
includeDeactivated: true,
|
|
@@ -397,9 +388,8 @@ export class OAuthStore
|
|
|
397
388
|
'reset_password',
|
|
398
389
|
)
|
|
399
390
|
|
|
400
|
-
// @TODO Use the locale to send the email in the right language
|
|
401
391
|
await this.mailer.sendResetPassword(
|
|
402
|
-
{ handle, token },
|
|
392
|
+
{ handle, token, locale },
|
|
403
393
|
{ to: account.email },
|
|
404
394
|
)
|
|
405
395
|
|
|
@@ -557,8 +547,8 @@ export class OAuthStore
|
|
|
557
547
|
})
|
|
558
548
|
}
|
|
559
549
|
|
|
560
|
-
async listAccountTokens(
|
|
561
|
-
const rows = await tokenHelper.findByQB(this.db, { did
|
|
550
|
+
async listAccountTokens(did: Did): Promise<TokenInfo[]> {
|
|
551
|
+
const rows = await tokenHelper.findByQB(this.db, { did }).execute()
|
|
562
552
|
return Promise.all(rows.map((row) => this.toTokenInfo(row)))
|
|
563
553
|
}
|
|
564
554
|
|
|
@@ -629,12 +619,9 @@ export class OAuthStore
|
|
|
629
619
|
}
|
|
630
620
|
|
|
631
621
|
async verifyEmailRequest({
|
|
632
|
-
|
|
622
|
+
did,
|
|
633
623
|
locale,
|
|
634
624
|
}: VerifyEmailRequestInput): Promise<void> {
|
|
635
|
-
// @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
|
|
636
|
-
assert(isDidString(did), 'sub must be a valid DID string')
|
|
637
|
-
|
|
638
625
|
try {
|
|
639
626
|
await this.accountManager.requestEmailConfirmation(did, { locale })
|
|
640
627
|
} catch (err) {
|
|
@@ -647,13 +634,10 @@ export class OAuthStore
|
|
|
647
634
|
}
|
|
648
635
|
|
|
649
636
|
async verifyEmailConfirm({
|
|
650
|
-
|
|
637
|
+
did,
|
|
651
638
|
email,
|
|
652
639
|
token,
|
|
653
640
|
}: VerifyEmailConfirmInput): Promise<Account | null> {
|
|
654
|
-
// @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
|
|
655
|
-
assert(isDidString(did), 'sub must be a valid DID string')
|
|
656
|
-
|
|
657
641
|
try {
|
|
658
642
|
const account = await this.accountManager.confirmEmail(did, email, token)
|
|
659
643
|
|
|
@@ -668,24 +652,18 @@ export class OAuthStore
|
|
|
668
652
|
}
|
|
669
653
|
|
|
670
654
|
async updateEmailRequest({
|
|
671
|
-
|
|
655
|
+
did,
|
|
672
656
|
locale,
|
|
673
657
|
}: UpdateEmailRequestInput): Promise<UpdateEmailRequestOutput> {
|
|
674
|
-
// @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
|
|
675
|
-
assert(isDidString(did), 'sub must be a valid DID string')
|
|
676
|
-
|
|
677
658
|
return this.accountManager.requestEmailUpdate(did, { locale })
|
|
678
659
|
}
|
|
679
660
|
|
|
680
661
|
async updateEmailConfirm({
|
|
681
|
-
|
|
662
|
+
did,
|
|
682
663
|
token,
|
|
683
664
|
email,
|
|
684
665
|
locale,
|
|
685
666
|
}: UpdateEmailConfirmInput): Promise<Account | null> {
|
|
686
|
-
// @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
|
|
687
|
-
assert(isDidString(did), 'sub must be a valid DID string')
|
|
688
|
-
|
|
689
667
|
try {
|
|
690
668
|
const account = await this.accountManager.updateEmail(did, email, token, {
|
|
691
669
|
sendConfirmationEmail: true,
|
|
@@ -702,10 +680,7 @@ export class OAuthStore
|
|
|
702
680
|
}
|
|
703
681
|
}
|
|
704
682
|
|
|
705
|
-
async updateHandle({
|
|
706
|
-
// @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
|
|
707
|
-
assert(isDidString(did), 'sub must be a valid DID string')
|
|
708
|
-
|
|
683
|
+
async updateHandle({ did, handle }: UpdateHandleData): Promise<Account> {
|
|
709
684
|
try {
|
|
710
685
|
const account = await this.accountManager.updateHandle(did, handle)
|
|
711
686
|
|
|
@@ -715,6 +690,98 @@ export class OAuthStore
|
|
|
715
690
|
}
|
|
716
691
|
}
|
|
717
692
|
|
|
693
|
+
async deactivateAccount({ did }: DeactivateAccountData): Promise<Account> {
|
|
694
|
+
const { account } = await this.accountManager.deactivateAccount(did, {
|
|
695
|
+
deleteCredentials: true,
|
|
696
|
+
})
|
|
697
|
+
|
|
698
|
+
return this.buildAccount(account)
|
|
699
|
+
}
|
|
700
|
+
|
|
701
|
+
async reactivateAccount({ did }: ReactivateAccountData): Promise<Account> {
|
|
702
|
+
try {
|
|
703
|
+
const { account } = await this.accountManager.activateAccount(did)
|
|
704
|
+
|
|
705
|
+
return this.buildAccount(account)
|
|
706
|
+
} catch (err) {
|
|
707
|
+
if (err instanceof XrpcInvalidRequestError) {
|
|
708
|
+
throw new InvalidRequestError(err.message, err)
|
|
709
|
+
}
|
|
710
|
+
|
|
711
|
+
throw err
|
|
712
|
+
}
|
|
713
|
+
}
|
|
714
|
+
|
|
715
|
+
async deleteAccountRequest({
|
|
716
|
+
did,
|
|
717
|
+
locale,
|
|
718
|
+
}: DeleteAccountRequestInput): Promise<void> {
|
|
719
|
+
// Mirror the XRPC `com.atproto.server.requestAccountDelete` flow
|
|
720
|
+
// (no-entryway path): generate an email confirmation token and dispatch
|
|
721
|
+
// it to the account's email address.
|
|
722
|
+
const account = await this.accountManager.getAccount(did, {
|
|
723
|
+
includeDeactivated: true,
|
|
724
|
+
includeTakenDown: true,
|
|
725
|
+
})
|
|
726
|
+
if (!account) {
|
|
727
|
+
throw new InvalidRequestError('Account not found')
|
|
728
|
+
}
|
|
729
|
+
if (!account.email) {
|
|
730
|
+
throw new InvalidRequestError('Account does not have an email address')
|
|
731
|
+
}
|
|
732
|
+
|
|
733
|
+
const token = await this.accountManager.createEmailToken(
|
|
734
|
+
did,
|
|
735
|
+
'delete_account',
|
|
736
|
+
)
|
|
737
|
+
await this.mailer.sendAccountDelete(
|
|
738
|
+
{ token, locale },
|
|
739
|
+
{ to: account.email },
|
|
740
|
+
)
|
|
741
|
+
}
|
|
742
|
+
|
|
743
|
+
async deleteAccountConfirm({
|
|
744
|
+
did,
|
|
745
|
+
token,
|
|
746
|
+
password,
|
|
747
|
+
}: DeleteAccountConfirmInput): Promise<void> {
|
|
748
|
+
// Mirror the XRPC `com.atproto.server.deleteAccount` flow (no-entryway
|
|
749
|
+
// path): verify the password, validate the email confirmation token,
|
|
750
|
+
// destroy the actor store, delete the account row, and emit the
|
|
751
|
+
// tombstone account event.
|
|
752
|
+
const account = await this.accountManager.getAccount(did, {
|
|
753
|
+
includeDeactivated: true,
|
|
754
|
+
includeTakenDown: true,
|
|
755
|
+
})
|
|
756
|
+
if (!account) {
|
|
757
|
+
throw new InvalidRequestError('Account not found')
|
|
758
|
+
}
|
|
759
|
+
|
|
760
|
+
const validPass = await this.accountManager.verifyAccountPassword(
|
|
761
|
+
did,
|
|
762
|
+
password,
|
|
763
|
+
)
|
|
764
|
+
if (!validPass) {
|
|
765
|
+
throw new InvalidCredentialsError('Invalid did or password', did)
|
|
766
|
+
}
|
|
767
|
+
|
|
768
|
+
await this.accountManager.assertValidEmailToken(
|
|
769
|
+
did,
|
|
770
|
+
'delete_account',
|
|
771
|
+
token,
|
|
772
|
+
)
|
|
773
|
+
|
|
774
|
+
// @NOTE Order matters here: first "unlink" the account by removing it
|
|
775
|
+
// from the account manager database ("source of truth"), then notify the
|
|
776
|
+
// sequencer, and finally cleanup files from the file system.
|
|
777
|
+
await this.accountManager.deleteAccount(did)
|
|
778
|
+
try {
|
|
779
|
+
await this.sequencer.sequenceAccountDeletion(did)
|
|
780
|
+
} finally {
|
|
781
|
+
await this.actorStore.destroy(did)
|
|
782
|
+
}
|
|
783
|
+
}
|
|
784
|
+
|
|
718
785
|
private async toTokenInfo(
|
|
719
786
|
row: ActorAccount & Selectable<schemas.Token>,
|
|
720
787
|
): Promise<TokenInfo> {
|
|
@@ -728,15 +795,16 @@ export class OAuthStore
|
|
|
728
795
|
|
|
729
796
|
private async buildAccount(row: ActorAccount): Promise<Account> {
|
|
730
797
|
const account: Account = {
|
|
731
|
-
|
|
732
|
-
|
|
798
|
+
did: row.did,
|
|
799
|
+
pds: this.serviceDid,
|
|
733
800
|
email: row.email || undefined,
|
|
734
|
-
|
|
735
|
-
|
|
801
|
+
emailVerified: row.email ? row.emailConfirmedAt != null : undefined,
|
|
802
|
+
handle: row.handle || undefined,
|
|
803
|
+
deactivated: row.deactivatedAt != null,
|
|
736
804
|
}
|
|
737
805
|
|
|
738
806
|
if (!account.name || !account.picture) {
|
|
739
|
-
const did = account
|
|
807
|
+
const { did } = account
|
|
740
808
|
|
|
741
809
|
const profile = await this.actorStore
|
|
742
810
|
.read(did, async (store) => {
|
|
@@ -130,11 +130,14 @@ export class BlobReader {
|
|
|
130
130
|
const { cursor, limit } = opts
|
|
131
131
|
let builder = this.db.db
|
|
132
132
|
.selectFrom('record_blob')
|
|
133
|
-
.
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
133
|
+
.where(({ not, exists, selectFrom }) =>
|
|
134
|
+
not(
|
|
135
|
+
exists(
|
|
136
|
+
selectFrom('blob')
|
|
137
|
+
.selectAll()
|
|
138
|
+
.whereRef('blob.cid', '=', 'record_blob.blobCid'),
|
|
139
|
+
),
|
|
140
|
+
),
|
|
138
141
|
)
|
|
139
142
|
.selectAll()
|
|
140
143
|
.orderBy('blobCid', 'asc')
|
|
@@ -88,7 +88,7 @@ export class RecordReader {
|
|
|
88
88
|
.selectFrom('record')
|
|
89
89
|
.innerJoin('repo_block', 'repo_block.cid', 'record.cid')
|
|
90
90
|
.where('record.collection', '=', collection)
|
|
91
|
-
|
|
91
|
+
.$if(!includeSoftDeleted, (qb) =>
|
|
92
92
|
qb.where(notSoftDeletedClause(ref('record'))),
|
|
93
93
|
)
|
|
94
94
|
.orderBy('record.rkey', reverse ? 'asc' : 'desc')
|
|
@@ -135,7 +135,7 @@ export class RecordReader {
|
|
|
135
135
|
.innerJoin('repo_block', 'repo_block.cid', 'record.cid')
|
|
136
136
|
.where('record.uri', '=', uri.toString())
|
|
137
137
|
.selectAll()
|
|
138
|
-
|
|
138
|
+
.$if(!includeSoftDeleted, (qb) =>
|
|
139
139
|
qb.where(notSoftDeletedClause(ref('record'))),
|
|
140
140
|
)
|
|
141
141
|
if (cid) {
|
|
@@ -162,7 +162,7 @@ export class RecordReader {
|
|
|
162
162
|
.selectFrom('record')
|
|
163
163
|
.select('uri')
|
|
164
164
|
.where('record.uri', '=', uri.toString())
|
|
165
|
-
|
|
165
|
+
.$if(!includeSoftDeleted, (qb) =>
|
|
166
166
|
qb.where(notSoftDeletedClause(ref('record'))),
|
|
167
167
|
)
|
|
168
168
|
if (cid) {
|
|
@@ -118,7 +118,7 @@ export class SqlRepoReader extends ReadableBlockstore {
|
|
|
118
118
|
if (cursor) {
|
|
119
119
|
// use this syntax to ensure we hit the index
|
|
120
120
|
builder = builder.where(
|
|
121
|
-
sql
|
|
121
|
+
sql<boolean>`((${ref('repoRev')}, ${ref('cid')}) < (${
|
|
122
122
|
cursor.rev
|
|
123
123
|
}, ${cursor.cid.toString()}))`,
|
|
124
124
|
)
|
|
@@ -9,6 +9,13 @@ export default function (server: Server, ctx: AppContext) {
|
|
|
9
9
|
auth: ctx.authVerifier.moderator,
|
|
10
10
|
handler: async ({ input }) => {
|
|
11
11
|
const { subject, takedown, deactivated } = input.body
|
|
12
|
+
|
|
13
|
+
if (takedown?.applied && deactivated != null && !deactivated.applied) {
|
|
14
|
+
throw new InvalidRequestError(
|
|
15
|
+
`Cannot activate and takedown an account at the same time`,
|
|
16
|
+
)
|
|
17
|
+
}
|
|
18
|
+
|
|
12
19
|
if (takedown) {
|
|
13
20
|
if (com.atproto.admin.defs.repoRef.$isTypeOf(subject)) {
|
|
14
21
|
await ctx.accountManager.takedownAccount(subject.did, takedown)
|
|
@@ -32,16 +39,21 @@ export default function (server: Server, ctx: AppContext) {
|
|
|
32
39
|
if (deactivated) {
|
|
33
40
|
if (com.atproto.admin.defs.repoRef.$isTypeOf(subject)) {
|
|
34
41
|
if (deactivated.applied) {
|
|
35
|
-
await ctx.accountManager.deactivateAccount(subject.did
|
|
42
|
+
await ctx.accountManager.deactivateAccount(subject.did)
|
|
36
43
|
} else {
|
|
37
44
|
await ctx.accountManager.activateAccount(subject.did)
|
|
38
45
|
}
|
|
39
46
|
}
|
|
40
47
|
}
|
|
41
48
|
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
49
|
+
// @NOTE accountManager will sequence an account status when updating the
|
|
50
|
+
// status, so we don't *need* to sequence the account status here.
|
|
51
|
+
// However, this endpoint historically has always sequenced the account
|
|
52
|
+
// status.
|
|
53
|
+
if (!takedown && !deactivated) {
|
|
54
|
+
if (com.atproto.admin.defs.repoRef.$isTypeOf(subject)) {
|
|
55
|
+
await ctx.accountManager.sequenceAccountStatus(subject.did)
|
|
56
|
+
}
|
|
45
57
|
}
|
|
46
58
|
|
|
47
59
|
return {
|