@atproto/pds 0.5.4 → 0.5.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (330) hide show
  1. package/CHANGELOG.md +43 -0
  2. package/dist/account-manager/account-manager.d.ts +52 -14
  3. package/dist/account-manager/account-manager.d.ts.map +1 -1
  4. package/dist/account-manager/account-manager.js +86 -26
  5. package/dist/account-manager/account-manager.js.map +1 -1
  6. package/dist/account-manager/db/index.d.ts.map +1 -1
  7. package/dist/account-manager/db/migrations/005-oauth-account-management.d.ts.map +1 -1
  8. package/dist/account-manager/db/migrations/005-oauth-account-management.js +3 -4
  9. package/dist/account-manager/db/migrations/005-oauth-account-management.js.map +1 -1
  10. package/dist/account-manager/db/migrations/index.d.ts.map +1 -1
  11. package/dist/account-manager/db/schema/authorization-request.d.ts +2 -2
  12. package/dist/account-manager/db/schema/authorization-request.d.ts.map +1 -1
  13. package/dist/account-manager/db/schema/authorization-request.js.map +1 -1
  14. package/dist/account-manager/db/schema/authorized-client.d.ts +2 -2
  15. package/dist/account-manager/db/schema/authorized-client.d.ts.map +1 -1
  16. package/dist/account-manager/db/schema/authorized-client.js.map +1 -1
  17. package/dist/account-manager/db/schema/token.d.ts +2 -2
  18. package/dist/account-manager/db/schema/token.d.ts.map +1 -1
  19. package/dist/account-manager/db/schema/token.js.map +1 -1
  20. package/dist/account-manager/helpers/account-device.d.ts +23 -196
  21. package/dist/account-manager/helpers/account-device.d.ts.map +1 -1
  22. package/dist/account-manager/helpers/account-device.js +3 -3
  23. package/dist/account-manager/helpers/account-device.js.map +1 -1
  24. package/dist/account-manager/helpers/account.d.ts +20 -10
  25. package/dist/account-manager/helpers/account.d.ts.map +1 -1
  26. package/dist/account-manager/helpers/account.js +17 -11
  27. package/dist/account-manager/helpers/account.js.map +1 -1
  28. package/dist/account-manager/helpers/auth.d.ts.map +1 -1
  29. package/dist/account-manager/helpers/auth.js +1 -1
  30. package/dist/account-manager/helpers/auth.js.map +1 -1
  31. package/dist/account-manager/helpers/authorization-request.d.ts +83 -5
  32. package/dist/account-manager/helpers/authorization-request.d.ts.map +1 -1
  33. package/dist/account-manager/helpers/authorization-request.js +8 -8
  34. package/dist/account-manager/helpers/authorization-request.js.map +1 -1
  35. package/dist/account-manager/helpers/authorized-client.d.ts +5 -4
  36. package/dist/account-manager/helpers/authorized-client.d.ts.map +1 -1
  37. package/dist/account-manager/helpers/authorized-client.js +3 -0
  38. package/dist/account-manager/helpers/authorized-client.js.map +1 -1
  39. package/dist/account-manager/helpers/device.d.ts +10 -4
  40. package/dist/account-manager/helpers/device.d.ts.map +1 -1
  41. package/dist/account-manager/helpers/device.js +4 -4
  42. package/dist/account-manager/helpers/device.js.map +1 -1
  43. package/dist/account-manager/helpers/email-token.d.ts.map +1 -1
  44. package/dist/account-manager/helpers/invite.d.ts +35 -2
  45. package/dist/account-manager/helpers/invite.d.ts.map +1 -1
  46. package/dist/account-manager/helpers/lexicon.d.ts.map +1 -1
  47. package/dist/account-manager/helpers/lexicon.js +6 -0
  48. package/dist/account-manager/helpers/lexicon.js.map +1 -1
  49. package/dist/account-manager/helpers/password.d.ts +1 -0
  50. package/dist/account-manager/helpers/password.d.ts.map +1 -1
  51. package/dist/account-manager/helpers/password.js +3 -0
  52. package/dist/account-manager/helpers/password.js.map +1 -1
  53. package/dist/account-manager/helpers/repo.d.ts.map +1 -1
  54. package/dist/account-manager/helpers/scrypt.d.ts.map +1 -1
  55. package/dist/account-manager/helpers/token.d.ts +72 -1031
  56. package/dist/account-manager/helpers/token.d.ts.map +1 -1
  57. package/dist/account-manager/helpers/token.js +13 -10
  58. package/dist/account-manager/helpers/token.js.map +1 -1
  59. package/dist/account-manager/helpers/used-refresh-token.d.ts +6 -2
  60. package/dist/account-manager/helpers/used-refresh-token.d.ts.map +1 -1
  61. package/dist/account-manager/oauth-store.d.ts +17 -13
  62. package/dist/account-manager/oauth-store.d.ts.map +1 -1
  63. package/dist/account-manager/oauth-store.js +89 -39
  64. package/dist/account-manager/oauth-store.js.map +1 -1
  65. package/dist/account-manager/scope-reference-getter.d.ts.map +1 -1
  66. package/dist/account-manager/scope-reference-getter.js.map +1 -1
  67. package/dist/actor-store/actor-store-reader.d.ts.map +1 -1
  68. package/dist/actor-store/actor-store-reader.js.map +1 -1
  69. package/dist/actor-store/actor-store-transactor.d.ts.map +1 -1
  70. package/dist/actor-store/actor-store-transactor.js.map +1 -1
  71. package/dist/actor-store/actor-store-writer.d.ts.map +1 -1
  72. package/dist/actor-store/actor-store.d.ts.map +1 -1
  73. package/dist/actor-store/actor-store.js.map +1 -1
  74. package/dist/actor-store/blob/reader.d.ts.map +1 -1
  75. package/dist/actor-store/blob/reader.js +2 -3
  76. package/dist/actor-store/blob/reader.js.map +1 -1
  77. package/dist/actor-store/blob/transactor.d.ts.map +1 -1
  78. package/dist/actor-store/blob/transactor.js.map +1 -1
  79. package/dist/actor-store/db/index.d.ts.map +1 -1
  80. package/dist/actor-store/db/migrations/index.d.ts.map +1 -1
  81. package/dist/actor-store/migrate.d.ts.map +1 -1
  82. package/dist/actor-store/preference/reader.d.ts.map +1 -1
  83. package/dist/actor-store/preference/reader.js.map +1 -1
  84. package/dist/actor-store/preference/transactor.d.ts.map +1 -1
  85. package/dist/actor-store/record/reader.d.ts +3 -3
  86. package/dist/actor-store/record/reader.d.ts.map +1 -1
  87. package/dist/actor-store/record/reader.js +3 -3
  88. package/dist/actor-store/record/reader.js.map +1 -1
  89. package/dist/actor-store/record/transactor.d.ts.map +1 -1
  90. package/dist/actor-store/record/transactor.js.map +1 -1
  91. package/dist/actor-store/repo/reader.d.ts.map +1 -1
  92. package/dist/actor-store/repo/reader.js.map +1 -1
  93. package/dist/actor-store/repo/sql-repo-reader.d.ts +5 -1
  94. package/dist/actor-store/repo/sql-repo-reader.d.ts.map +1 -1
  95. package/dist/actor-store/repo/sql-repo-reader.js.map +1 -1
  96. package/dist/actor-store/repo/sql-repo-transactor.d.ts.map +1 -1
  97. package/dist/actor-store/repo/transactor.d.ts.map +1 -1
  98. package/dist/actor-store/repo/transactor.js.map +1 -1
  99. package/dist/api/app/bsky/util/resolver.d.ts +4 -4
  100. package/dist/api/app/bsky/util/resolver.d.ts.map +1 -1
  101. package/dist/api/com/atproto/admin/getInviteCodes.d.ts.map +1 -1
  102. package/dist/api/com/atproto/admin/updateSubjectStatus.d.ts.map +1 -1
  103. package/dist/api/com/atproto/admin/updateSubjectStatus.js +12 -4
  104. package/dist/api/com/atproto/admin/updateSubjectStatus.js.map +1 -1
  105. package/dist/api/com/atproto/server/activateAccount.d.ts.map +1 -1
  106. package/dist/api/com/atproto/server/activateAccount.js +25 -31
  107. package/dist/api/com/atproto/server/activateAccount.js.map +1 -1
  108. package/dist/api/com/atproto/server/deactivateAccount.d.ts.map +1 -1
  109. package/dist/api/com/atproto/server/deactivateAccount.js +3 -4
  110. package/dist/api/com/atproto/server/deactivateAccount.js.map +1 -1
  111. package/dist/api/com/atproto/server/deleteAccount.d.ts.map +1 -1
  112. package/dist/api/com/atproto/server/deleteAccount.js +51 -37
  113. package/dist/api/com/atproto/server/deleteAccount.js.map +1 -1
  114. package/dist/api/com/atproto/server/util.d.ts +25 -6
  115. package/dist/api/com/atproto/server/util.d.ts.map +1 -1
  116. package/dist/api/com/atproto/server/util.js.map +1 -1
  117. package/dist/api/com/atproto/sync/getRepo.d.ts.map +1 -1
  118. package/dist/api/com/atproto/sync/listRepos.d.ts.map +1 -1
  119. package/dist/api/com/atproto/sync/util.d.ts.map +1 -1
  120. package/dist/api/proxy.d.ts.map +1 -1
  121. package/dist/app-view.d.ts.map +1 -1
  122. package/dist/auth-routes.d.ts.map +1 -1
  123. package/dist/auth-verifier.d.ts.map +1 -1
  124. package/dist/background.d.ts.map +1 -1
  125. package/dist/basic-routes.d.ts.map +1 -1
  126. package/dist/bsky-app-view.d.ts.map +1 -1
  127. package/dist/config/config.d.ts +2 -1
  128. package/dist/config/config.d.ts.map +1 -1
  129. package/dist/config/config.js +4 -1
  130. package/dist/config/config.js.map +1 -1
  131. package/dist/config/env.d.ts.map +1 -1
  132. package/dist/config/secrets.d.ts.map +1 -1
  133. package/dist/context.d.ts.map +1 -1
  134. package/dist/context.js +1 -1
  135. package/dist/context.js.map +1 -1
  136. package/dist/crawlers.d.ts.map +1 -1
  137. package/dist/db/db.d.ts.map +1 -1
  138. package/dist/db/migrator.d.ts +4 -3
  139. package/dist/db/migrator.d.ts.map +1 -1
  140. package/dist/db/migrator.js +1 -1
  141. package/dist/db/migrator.js.map +1 -1
  142. package/dist/db/pagination.d.ts +3 -2
  143. package/dist/db/pagination.d.ts.map +1 -1
  144. package/dist/db/pagination.js +2 -2
  145. package/dist/db/pagination.js.map +1 -1
  146. package/dist/db/util.d.ts +3 -3
  147. package/dist/db/util.d.ts.map +1 -1
  148. package/dist/db/util.js.map +1 -1
  149. package/dist/did-cache/db/index.d.ts.map +1 -1
  150. package/dist/did-cache/db/migrations.d.ts.map +1 -1
  151. package/dist/did-cache/index.d.ts.map +1 -1
  152. package/dist/did-cache/index.js.map +1 -1
  153. package/dist/disk-blobstore.d.ts.map +1 -1
  154. package/dist/disk-blobstore.js.map +1 -1
  155. package/dist/handle/explicit-slurs.d.ts.map +1 -1
  156. package/dist/handle/index.d.ts.map +1 -1
  157. package/dist/image/image-url-builder.d.ts.map +1 -1
  158. package/dist/image/image-url-builder.js.map +1 -1
  159. package/dist/index.d.ts.map +1 -1
  160. package/dist/lexicons/app/bsky/actor/defs.defs.d.ts +75 -155
  161. package/dist/lexicons/app/bsky/actor/defs.defs.d.ts.map +1 -1
  162. package/dist/lexicons/app/bsky/actor/profile.defs.d.ts +100 -300
  163. package/dist/lexicons/app/bsky/actor/profile.defs.d.ts.map +1 -1
  164. package/dist/lexicons/app/bsky/actor/status.defs.d.ts +40 -40
  165. package/dist/lexicons/app/bsky/actor/status.defs.d.ts.map +1 -1
  166. package/dist/lexicons/app/bsky/authCreatePosts.defs.d.ts +1 -1
  167. package/dist/lexicons/app/bsky/authDeleteContent.defs.d.ts +1 -1
  168. package/dist/lexicons/app/bsky/authFullApp.defs.d.ts +1 -1
  169. package/dist/lexicons/app/bsky/authManageFeedDeclarations.defs.d.ts +1 -1
  170. package/dist/lexicons/app/bsky/authManageLabelerService.defs.d.ts +1 -1
  171. package/dist/lexicons/app/bsky/authManageModeration.defs.d.ts +1 -1
  172. package/dist/lexicons/app/bsky/authManageNotifications.defs.d.ts +1 -1
  173. package/dist/lexicons/app/bsky/authManageProfile.defs.d.ts +1 -1
  174. package/dist/lexicons/app/bsky/authViewAll.defs.d.ts +1 -1
  175. package/dist/lexicons/app/bsky/draft/defs.defs.d.ts +4 -4
  176. package/dist/lexicons/app/bsky/draft/defs.defs.d.ts.map +1 -1
  177. package/dist/lexicons/app/bsky/embed/external.defs.d.ts +10 -10
  178. package/dist/lexicons/app/bsky/embed/gallery.defs.d.ts +10 -42
  179. package/dist/lexicons/app/bsky/embed/gallery.defs.d.ts.map +1 -1
  180. package/dist/lexicons/app/bsky/embed/images.defs.d.ts +10 -10
  181. package/dist/lexicons/app/bsky/embed/record.defs.d.ts +10 -10
  182. package/dist/lexicons/app/bsky/embed/recordWithMedia.defs.d.ts +10 -10
  183. package/dist/lexicons/app/bsky/embed/video.defs.d.ts +50 -162
  184. package/dist/lexicons/app/bsky/embed/video.defs.d.ts.map +1 -1
  185. package/dist/lexicons/app/bsky/feed/generator.defs.d.ts +80 -160
  186. package/dist/lexicons/app/bsky/feed/generator.defs.d.ts.map +1 -1
  187. package/dist/lexicons/app/bsky/feed/like.defs.d.ts +30 -30
  188. package/dist/lexicons/app/bsky/feed/like.defs.d.ts.map +1 -1
  189. package/dist/lexicons/app/bsky/feed/post.defs.d.ts +80 -200
  190. package/dist/lexicons/app/bsky/feed/post.defs.d.ts.map +1 -1
  191. package/dist/lexicons/app/bsky/feed/postgate.defs.d.ts +40 -80
  192. package/dist/lexicons/app/bsky/feed/postgate.defs.d.ts.map +1 -1
  193. package/dist/lexicons/app/bsky/feed/repost.defs.d.ts +30 -30
  194. package/dist/lexicons/app/bsky/feed/repost.defs.d.ts.map +1 -1
  195. package/dist/lexicons/app/bsky/feed/threadgate.defs.d.ts +30 -30
  196. package/dist/lexicons/app/bsky/feed/threadgate.defs.d.ts.map +1 -1
  197. package/dist/lexicons/app/bsky/graph/block.defs.d.ts +20 -20
  198. package/dist/lexicons/app/bsky/graph/block.defs.d.ts.map +1 -1
  199. package/dist/lexicons/app/bsky/graph/follow.defs.d.ts +30 -30
  200. package/dist/lexicons/app/bsky/graph/follow.defs.d.ts.map +1 -1
  201. package/dist/lexicons/app/bsky/graph/list.defs.d.ts +60 -60
  202. package/dist/lexicons/app/bsky/graph/list.defs.d.ts.map +1 -1
  203. package/dist/lexicons/app/bsky/graph/listblock.defs.d.ts +20 -20
  204. package/dist/lexicons/app/bsky/graph/listblock.defs.d.ts.map +1 -1
  205. package/dist/lexicons/app/bsky/graph/listitem.defs.d.ts +20 -20
  206. package/dist/lexicons/app/bsky/graph/listitem.defs.d.ts.map +1 -1
  207. package/dist/lexicons/app/bsky/graph/starterpack.defs.d.ts +50 -90
  208. package/dist/lexicons/app/bsky/graph/starterpack.defs.d.ts.map +1 -1
  209. package/dist/lexicons/app/bsky/graph/verification.defs.d.ts +30 -30
  210. package/dist/lexicons/app/bsky/graph/verification.defs.d.ts.map +1 -1
  211. package/dist/lexicons/app/bsky/labeler/service.defs.d.ts +50 -130
  212. package/dist/lexicons/app/bsky/labeler/service.defs.d.ts.map +1 -1
  213. package/dist/lexicons/app/bsky/notification/declaration.defs.d.ts +10 -10
  214. package/dist/lexicons/app/bsky/notification/declaration.defs.d.ts.map +1 -1
  215. package/dist/lexicons/app/bsky/richtext/facet.defs.d.ts +10 -10
  216. package/dist/lexicons/chat/bsky/actor/declaration.defs.d.ts +20 -20
  217. package/dist/lexicons/chat/bsky/actor/declaration.defs.d.ts.map +1 -1
  218. package/dist/lexicons/chat/bsky/authFullChatClient.defs.d.ts +1 -1
  219. package/dist/lexicons/chat/bsky/convo/defs.defs.d.ts +17 -0
  220. package/dist/lexicons/chat/bsky/convo/defs.defs.d.ts.map +1 -1
  221. package/dist/lexicons/chat/bsky/convo/defs.defs.js +11 -0
  222. package/dist/lexicons/chat/bsky/convo/defs.defs.js.map +1 -1
  223. package/dist/lexicons/chat/bsky/convo/sendMessage.defs.d.ts +1 -1
  224. package/dist/lexicons/chat/bsky/convo/sendMessage.defs.d.ts.map +1 -1
  225. package/dist/lexicons/chat/bsky/convo/sendMessage.defs.js +1 -0
  226. package/dist/lexicons/chat/bsky/convo/sendMessage.defs.js.map +1 -1
  227. package/dist/lexicons/chat/bsky/convo/sendMessageBatch.defs.d.ts +1 -1
  228. package/dist/lexicons/chat/bsky/convo/sendMessageBatch.defs.d.ts.map +1 -1
  229. package/dist/lexicons/chat/bsky/convo/sendMessageBatch.defs.js +1 -0
  230. package/dist/lexicons/chat/bsky/convo/sendMessageBatch.defs.js.map +1 -1
  231. package/dist/lexicons/chat/bsky/embed/joinLink.defs.d.ts +10 -42
  232. package/dist/lexicons/chat/bsky/embed/joinLink.defs.d.ts.map +1 -1
  233. package/dist/lexicons/com/atproto/lexicon/schema.defs.d.ts +10 -10
  234. package/dist/lexicons/com/atproto/lexicon/schema.defs.d.ts.map +1 -1
  235. package/dist/lexicons/com/atproto/repo/strongRef.defs.d.ts +10 -10
  236. package/dist/lexicons/com/germnetwork/declaration.defs.d.ts +40 -120
  237. package/dist/lexicons/com/germnetwork/declaration.defs.d.ts.map +1 -1
  238. package/dist/lexicons/site/standard/document.defs.d.ts +130 -450
  239. package/dist/lexicons/site/standard/document.defs.d.ts.map +1 -1
  240. package/dist/lexicons/site/standard/graph/recommend.defs.d.ts +10 -10
  241. package/dist/lexicons/site/standard/graph/recommend.defs.d.ts.map +1 -1
  242. package/dist/lexicons/site/standard/graph/subscription.defs.d.ts +20 -60
  243. package/dist/lexicons/site/standard/graph/subscription.defs.d.ts.map +1 -1
  244. package/dist/lexicons/site/standard/publication.defs.d.ts +60 -220
  245. package/dist/lexicons/site/standard/publication.defs.d.ts.map +1 -1
  246. package/dist/lexicons/site/standard/theme/basic.defs.d.ts +10 -10
  247. package/dist/lexicons/site/standard/theme/basic.defs.d.ts.map +1 -1
  248. package/dist/lexicons/tools/ozone/moderation/queryStatuses.defs.d.ts +2 -2
  249. package/dist/lexicons/tools/ozone/set/querySets.defs.d.ts +2 -2
  250. package/dist/logger.d.ts +14 -14
  251. package/dist/logger.d.ts.map +1 -1
  252. package/dist/mailer/index.d.ts +2 -0
  253. package/dist/mailer/index.d.ts.map +1 -1
  254. package/dist/mailer/index.js +2 -0
  255. package/dist/mailer/index.js.map +1 -1
  256. package/dist/mailer/moderation.d.ts.map +1 -1
  257. package/dist/pipethrough.d.ts +1 -1
  258. package/dist/pipethrough.d.ts.map +1 -1
  259. package/dist/pipethrough.js.map +1 -1
  260. package/dist/rate-limits.d.ts.map +1 -1
  261. package/dist/read-after-write/util.d.ts.map +1 -1
  262. package/dist/read-after-write/viewer.d.ts +8 -8
  263. package/dist/read-after-write/viewer.d.ts.map +1 -1
  264. package/dist/read-after-write/viewer.js.map +1 -1
  265. package/dist/redis.d.ts.map +1 -1
  266. package/dist/repo/prepare.d.ts.map +1 -1
  267. package/dist/repo/types.d.ts.map +1 -1
  268. package/dist/repo/types.js.map +1 -1
  269. package/dist/scripts/index.d.ts.map +1 -1
  270. package/dist/scripts/publish-identity.d.ts.map +1 -1
  271. package/dist/scripts/rebuild-repo.d.ts.map +1 -1
  272. package/dist/scripts/rotate-keys.d.ts.map +1 -1
  273. package/dist/scripts/sequencer-recovery/index.d.ts.map +1 -1
  274. package/dist/scripts/sequencer-recovery/recoverer.d.ts.map +1 -1
  275. package/dist/scripts/sequencer-recovery/recoverer.js.map +1 -1
  276. package/dist/scripts/sequencer-recovery/recovery-db.d.ts.map +1 -1
  277. package/dist/scripts/sequencer-recovery/recovery-db.js.map +1 -1
  278. package/dist/scripts/sequencer-recovery/repair-repos.d.ts.map +1 -1
  279. package/dist/scripts/sequencer-recovery/user-queues.d.ts.map +1 -1
  280. package/dist/scripts/util.d.ts.map +1 -1
  281. package/dist/sequencer/db/index.d.ts.map +1 -1
  282. package/dist/sequencer/db/migrations/index.d.ts.map +1 -1
  283. package/dist/sequencer/events.d.ts +19 -19
  284. package/dist/sequencer/events.d.ts.map +1 -1
  285. package/dist/sequencer/events.js +6 -13
  286. package/dist/sequencer/events.js.map +1 -1
  287. package/dist/sequencer/outbox.d.ts.map +1 -1
  288. package/dist/sequencer/outbox.js.map +1 -1
  289. package/dist/sequencer/sequencer.d.ts +1 -1
  290. package/dist/sequencer/sequencer.d.ts.map +1 -1
  291. package/dist/sequencer/sequencer.js.map +1 -1
  292. package/dist/util/debug.d.ts.map +1 -1
  293. package/dist/well-known.d.ts.map +1 -1
  294. package/package.json +26 -27
  295. package/src/account-manager/account-manager.ts +135 -36
  296. package/src/account-manager/db/migrations/005-oauth-account-management.ts +6 -5
  297. package/src/account-manager/db/schema/authorization-request.ts +2 -1
  298. package/src/account-manager/db/schema/authorized-client.ts +6 -2
  299. package/src/account-manager/db/schema/token.ts +2 -2
  300. package/src/account-manager/helpers/account-device.ts +5 -11
  301. package/src/account-manager/helpers/account.ts +39 -16
  302. package/src/account-manager/helpers/auth.ts +2 -2
  303. package/src/account-manager/helpers/authorization-request.ts +12 -8
  304. package/src/account-manager/helpers/authorized-client.ts +12 -6
  305. package/src/account-manager/helpers/device.ts +4 -4
  306. package/src/account-manager/helpers/lexicon.ts +8 -3
  307. package/src/account-manager/helpers/password.ts +6 -0
  308. package/src/account-manager/helpers/token.ts +17 -11
  309. package/src/account-manager/oauth-store.ts +129 -61
  310. package/src/actor-store/blob/reader.ts +8 -5
  311. package/src/actor-store/record/reader.ts +3 -3
  312. package/src/actor-store/repo/sql-repo-reader.ts +1 -1
  313. package/src/api/com/atproto/admin/updateSubjectStatus.ts +16 -4
  314. package/src/api/com/atproto/server/activateAccount.ts +27 -49
  315. package/src/api/com/atproto/server/deactivateAccount.ts +3 -7
  316. package/src/api/com/atproto/server/deleteAccount.ts +60 -43
  317. package/src/api/com/atproto/server/util.ts +24 -7
  318. package/src/config/config.ts +7 -2
  319. package/src/context.ts +2 -3
  320. package/src/db/migrator.ts +2 -1
  321. package/src/db/pagination.ts +7 -7
  322. package/src/db/util.ts +5 -2
  323. package/src/mailer/index.ts +4 -2
  324. package/src/scripts/sequencer-recovery/recovery-db.ts +1 -1
  325. package/src/sequencer/events.ts +8 -13
  326. package/src/sequencer/sequencer.ts +1 -3
  327. package/tests/account-manager.test.ts +79 -0
  328. package/tests/account-status.test.ts +206 -0
  329. package/tests/oauth.test.ts +91 -0
  330. package/tsconfig.build.tsbuildinfo +1 -1
@@ -1 +1 @@
1
- {"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AACnC,OAAO,EACL,IAAI,EACJ,YAAY,EACZ,YAAY,EACZ,SAAS,EACT,OAAO,EACR,MAAM,yBAAyB,CAAA;AAEhC,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAA;AAGjD,wBAAgB,WAAW,CAAC,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,GAAG,SAAS,CAa7D;AAuBD,eAAO,MAAM,QAAQ,GACnB,IAAI,SAAS,EACb,SAAS,OAAO,EAChB,MAAM,SAAS,EACf,eAAe,YAAY,yHAiB5B,CAAA;AAED,eAAO,MAAM,WAAW,GAAI,IAAI,SAAS,EAAE,IAAI,OAAO,mMAKZ,CAAA;AAE1C,eAAO,MAAM,QAAQ,GACnB,IAAI,SAAS,EACb,QAAQ;IACN,EAAE,CAAC,EAAE,MAAM,CAAA;IACX,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,IAAI,CAAC,EAAE,IAAI,CAAA;IACX,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB,mBAAmB,CAAC,EAAE,YAAY,CAAA;CACnC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8SAoCF,CAAA;AAED,eAAO,MAAM,aAAa,GAAI,IAAI,SAAS,EAAE,KAAK,MAAM,yLAEN,CAAA;AAElD,eAAO,MAAM,QAAQ,GACnB,IAAI,SAAS,EACb,IAAI,MAAM,EACV,YAAY,OAAO,EACnB,iBAAiB,YAAY,EAC7B,SAAS,YAAY,kMAcE,CAAA;AAEzB,eAAO,MAAM,QAAQ,GAAI,IAAI,SAAS,EAAE,SAAS,OAAO,yLAEE,CAAA"}
1
+ {"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AACnC,OAAO,EACL,IAAI,EACJ,GAAG,EACH,YAAY,EACZ,YAAY,EACZ,SAAS,EACT,OAAO,EACR,MAAM,yBAAyB,CAAA;AAEhC,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAA;AAGjD,wBAAgB,WAAW,CAAC,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,GAAG,SAAS,CAa7D;AAuBD,eAAO,MAAM,QAAQ,OACf,SAAS,WACJ,OAAO,QACV,SAAS,iBACA,YAAY,yHAiB5B,CAAA;AAED,eAAO,MAAM,WAAW,OAAQ,SAAS,MAAM,OAAO;;;EAKZ,CAAA;AAE1C,eAAO,MAAM,QAAQ,OACf,SAAS,UACL;IACN,EAAE,CAAC,EAAE,MAAM,CAAA;IACX,GAAG,CAAC,EAAE,GAAG,CAAA;IACT,IAAI,CAAC,EAAE,IAAI,CAAA;IACX,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB,mBAAmB,CAAC,EAAE,YAAY,CAAA;CACnC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8TAoCF,CAAA;AAED,eAAO,MAAM,WAAW,OAAc,SAAS,OAAO,GAAG,kBAOxD,CAAA;AAED,eAAO,MAAM,QAAQ,OACf,SAAS,MACT,MAAM,cACE,OAAO,mBACF,YAAY,WACpB,YAAY,kIAcE,CAAA;AAEzB,eAAO,MAAM,QAAQ,OAAQ,SAAS,WAAW,OAAO,yHAEE,CAAA"}
@@ -8,7 +8,7 @@ export function toTokenData(row) {
8
8
  clientId: row.clientId,
9
9
  clientAuth: fromJson(row.clientAuth),
10
10
  deviceId: row.deviceId,
11
- sub: row.did,
11
+ did: row.did,
12
12
  parameters: fromJson(row.parameters),
13
13
  code: row.code,
14
14
  scope: row.scope,
@@ -42,7 +42,7 @@ export const createQB = (db, tokenId, data, refreshToken) => {
42
42
  clientId: data.clientId,
43
43
  clientAuth: toJson(data.clientAuth),
44
44
  deviceId: data.deviceId,
45
- did: data.sub,
45
+ did: data.did,
46
46
  parameters: toJson(data.parameters),
47
47
  details: data.details ? toJson(data.details) : null,
48
48
  code: data.code,
@@ -65,27 +65,30 @@ export const findByQB = (db, search) => {
65
65
  throw new TypeError('At least one search parameter is required');
66
66
  }
67
67
  return selectTokenInfoQB(db)
68
- .if(search.id !== undefined, (qb) =>
68
+ .$if(search.id !== undefined, (qb) =>
69
69
  // uses primary key index
70
70
  qb.where('token.id', '=', search.id))
71
- .if(search.did !== undefined, (qb) =>
71
+ .$if(search.did !== undefined, (qb) =>
72
72
  // uses "token_did_idx" index
73
73
  qb.where('token.did', '=', search.did))
74
- .if(search.code !== undefined, (qb) =>
74
+ .$if(search.code !== undefined, (qb) =>
75
75
  // uses "token_code_idx" partial index (hence the null check)
76
76
  qb
77
77
  .where('token.code', '=', search.code)
78
78
  .where('token.code', 'is not', null))
79
- .if(search.tokenId !== undefined, (qb) =>
79
+ .$if(search.tokenId !== undefined, (qb) =>
80
80
  // uses "token_token_id_idx"
81
81
  qb.where('token.tokenId', '=', search.tokenId))
82
- .if(search.currentRefreshToken !== undefined, (qb) =>
82
+ .$if(search.currentRefreshToken !== undefined, (qb) =>
83
83
  // uses "token_refresh_token_unique_idx"
84
84
  qb.where('token.currentRefreshToken', '=', search.currentRefreshToken));
85
85
  };
86
- export const removeByDidQB = (db, did) =>
87
- // uses "token_did_idx" index
88
- db.db.deleteFrom('token').where('did', '=', did);
86
+ export const removeByDid = async (db, did) => {
87
+ await db.executeWithRetry(db.db
88
+ .deleteFrom('token')
89
+ // uses "token_did_idx" index
90
+ .where('did', '=', did));
91
+ };
89
92
  export const rotateQB = (db, id, newTokenId, newRefreshToken, newData) => db.db
90
93
  .updateTable('token')
91
94
  .set({
@@ -1 +1 @@
1
- {"version":3,"file":"token.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/token.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAE5E,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAE9C,MAAM,UAAU,WAAW,CAAC,GAAsB;IAChD,OAAO;QACL,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC;QACrC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC;QACrC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC;QACrC,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC;QACpC,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC;QACpC,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,KAAK,EAAE,GAAG,CAAC,KAAK;KACjB,CAAA;AACH,CAAC;AAED,MAAM,iBAAiB,GAAG,CAAC,EAAa,EAAE,EAAE,CAC1C,eAAe,CAAC,EAAE,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC;IAC/C,2DAA2D;KAC1D,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,WAAW,CAAC;KAC5C,MAAM,CAAC;IACN,UAAU;IACV,eAAe;IACf,iBAAiB;IACjB,iBAAiB;IACjB,iBAAiB;IACjB,gBAAgB;IAChB,kBAAkB;IAClB,gBAAgB;IAChB,WAAW;IACX,kBAAkB;IAClB,eAAe;IACf,YAAY;IACZ,2BAA2B;IAC3B,aAAa;CACd,CAAC,CAAA;AAEN,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,OAAgB,EAChB,IAAe,EACf,YAA2B,EAC3B,EAAE;IACF,OAAO,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;QACtC,OAAO;QACP,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;QACpC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;QACpC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;QACpC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;QACnC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;QACnC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI;QACnD,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,mBAAmB,EAAE,YAAY,IAAI,IAAI;QACzC,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC,CAAA;AACJ,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,EAAa,EAAE,EAAW,EAAE,EAAE,CACxD,EAAE,CAAC,EAAE;KACF,UAAU,CAAC,OAAO,CAAC;KACnB,KAAK,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC;KACzB,KAAK,CAAC,qBAAqB,EAAE,QAAQ,EAAE,IAAI,CAAC;KAC5C,MAAM,CAAC,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC,CAAA;AAE1C,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,MAMC,EACD,EAAE;IACF,IACE,MAAM,CAAC,EAAE,KAAK,SAAS;QACvB,MAAM,CAAC,GAAG,KAAK,SAAS;QACxB,MAAM,CAAC,IAAI,KAAK,SAAS;QACzB,MAAM,CAAC,OAAO,KAAK,SAAS;QAC5B,MAAM,CAAC,mBAAmB,KAAK,SAAS,EACxC,CAAC;QACD,0BAA0B;QAC1B,MAAM,IAAI,SAAS,CAAC,2CAA2C,CAAC,CAAA;IAClE,CAAC;IAED,OAAO,iBAAiB,CAAC,EAAE,CAAC;SACzB,EAAE,CAAC,MAAM,CAAC,EAAE,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IAClC,yBAAyB;IACzB,EAAE,CAAC,KAAK,CAAC,UAAU,EAAE,GAAG,EAAE,MAAM,CAAC,EAAG,CAAC,CACtC;SACA,EAAE,CAAC,MAAM,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACnC,6BAA6B;IAC7B,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,MAAM,CAAC,GAAI,CAAC,CACxC;SACA,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACpC,6DAA6D;IAC7D,EAAE;SACC,KAAK,CAAC,YAAY,EAAE,GAAG,EAAE,MAAM,CAAC,IAAK,CAAC;SACtC,KAAK,CAAC,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC,CACvC;SACA,EAAE,CAAC,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACvC,4BAA4B;IAC5B,EAAE,CAAC,KAAK,CAAC,eAAe,EAAE,GAAG,EAAE,MAAM,CAAC,OAAQ,CAAC,CAChD;SACA,EAAE,CAAC,MAAM,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACnD,wCAAwC;IACxC,EAAE,CAAC,KAAK,CAAC,2BAA2B,EAAE,GAAG,EAAE,MAAM,CAAC,mBAAoB,CAAC,CACxE,CAAA;AACL,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,EAAa,EAAE,GAAW,EAAE,EAAE;AAC1D,6BAA6B;AAC7B,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;AAElD,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,EAAU,EACV,UAAmB,EACnB,eAA6B,EAC7B,OAAqB,EACrB,EAAE,CACF,EAAE,CAAC,EAAE;KACF,WAAW,CAAC,OAAO,CAAC;KACpB,GAAG,CAAC;IACH,OAAO,EAAE,UAAU;IACnB,mBAAmB,EAAE,eAAe;IAEpC,SAAS,EAAE,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC;IACvC,SAAS,EAAE,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC;IACvC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;IACtC,KAAK,EAAE,OAAO,CAAC,KAAK;CACrB,CAAC;IACF,yBAAyB;KACxB,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,CAAA;AAEzB,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,EAAa,EAAE,OAAgB,EAAE,EAAE;AAC1D,iDAAiD;AACjD,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,SAAS,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA","sourcesContent":["import { Selectable } from 'kysely'\nimport {\n Code,\n NewTokenData,\n RefreshToken,\n TokenData,\n TokenId,\n} from '@atproto/oauth-provider'\nimport { fromDateISO, fromJson, toDateISO, toJson } from '../../db/index.js'\nimport { AccountDb, Token } from '../db/index.js'\nimport { selectAccountQB } from './account.js'\n\nexport function toTokenData(row: Selectable<Token>): TokenData {\n return {\n createdAt: fromDateISO(row.createdAt),\n expiresAt: fromDateISO(row.expiresAt),\n updatedAt: fromDateISO(row.updatedAt),\n clientId: row.clientId,\n clientAuth: fromJson(row.clientAuth),\n deviceId: row.deviceId,\n sub: row.did,\n parameters: fromJson(row.parameters),\n code: row.code,\n scope: row.scope,\n }\n}\n\nconst selectTokenInfoQB = (db: AccountDb) =>\n selectAccountQB(db, { includeDeactivated: true })\n // uses \"token_did_idx\" index (though unlikely in practice)\n .innerJoin('token', 'token.did', 'actor.did')\n .select([\n 'token.id',\n 'token.tokenId',\n 'token.createdAt',\n 'token.updatedAt',\n 'token.expiresAt',\n 'token.clientId',\n 'token.clientAuth',\n 'token.deviceId',\n 'token.did',\n 'token.parameters',\n 'token.details',\n 'token.code',\n 'token.currentRefreshToken',\n 'token.scope',\n ])\n\nexport const createQB = (\n db: AccountDb,\n tokenId: TokenId,\n data: TokenData,\n refreshToken?: RefreshToken,\n) => {\n return db.db.insertInto('token').values({\n tokenId,\n createdAt: toDateISO(data.createdAt),\n expiresAt: toDateISO(data.expiresAt),\n updatedAt: toDateISO(data.updatedAt),\n clientId: data.clientId,\n clientAuth: toJson(data.clientAuth),\n deviceId: data.deviceId,\n did: data.sub,\n parameters: toJson(data.parameters),\n details: data.details ? toJson(data.details) : null,\n code: data.code,\n currentRefreshToken: refreshToken || null,\n scope: data.scope,\n })\n}\n\nexport const forRotateQB = (db: AccountDb, id: TokenId) =>\n db.db\n .selectFrom('token')\n .where('tokenId', '=', id)\n .where('currentRefreshToken', 'is not', null)\n .select(['id', 'currentRefreshToken'])\n\nexport const findByQB = (\n db: AccountDb,\n search: {\n id?: number\n did?: string\n code?: Code\n tokenId?: TokenId\n currentRefreshToken?: RefreshToken\n },\n) => {\n if (\n search.id === undefined &&\n search.did === undefined &&\n search.code === undefined &&\n search.tokenId === undefined &&\n search.currentRefreshToken === undefined\n ) {\n // Prevent accidental scan\n throw new TypeError('At least one search parameter is required')\n }\n\n return selectTokenInfoQB(db)\n .if(search.id !== undefined, (qb) =>\n // uses primary key index\n qb.where('token.id', '=', search.id!),\n )\n .if(search.did !== undefined, (qb) =>\n // uses \"token_did_idx\" index\n qb.where('token.did', '=', search.did!),\n )\n .if(search.code !== undefined, (qb) =>\n // uses \"token_code_idx\" partial index (hence the null check)\n qb\n .where('token.code', '=', search.code!)\n .where('token.code', 'is not', null),\n )\n .if(search.tokenId !== undefined, (qb) =>\n // uses \"token_token_id_idx\"\n qb.where('token.tokenId', '=', search.tokenId!),\n )\n .if(search.currentRefreshToken !== undefined, (qb) =>\n // uses \"token_refresh_token_unique_idx\"\n qb.where('token.currentRefreshToken', '=', search.currentRefreshToken!),\n )\n}\n\nexport const removeByDidQB = (db: AccountDb, did: string) =>\n // uses \"token_did_idx\" index\n db.db.deleteFrom('token').where('did', '=', did)\n\nexport const rotateQB = (\n db: AccountDb,\n id: number,\n newTokenId: TokenId,\n newRefreshToken: RefreshToken,\n newData: NewTokenData,\n) =>\n db.db\n .updateTable('token')\n .set({\n tokenId: newTokenId,\n currentRefreshToken: newRefreshToken,\n\n expiresAt: toDateISO(newData.expiresAt),\n updatedAt: toDateISO(newData.updatedAt),\n clientAuth: toJson(newData.clientAuth),\n scope: newData.scope,\n })\n // uses primary key index\n .where('id', '=', id)\n\nexport const removeQB = (db: AccountDb, tokenId: TokenId) =>\n // uses \"used_refresh_token_fk\" to cascade delete\n db.db.deleteFrom('token').where('tokenId', '=', tokenId)\n"]}
1
+ {"version":3,"file":"token.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/token.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAE5E,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAE9C,MAAM,UAAU,WAAW,CAAC,GAAsB;IAChD,OAAO;QACL,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC;QACrC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC;QACrC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC;QACrC,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC;QACpC,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC;QACpC,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,KAAK,EAAE,GAAG,CAAC,KAAK;KACjB,CAAA;AACH,CAAC;AAED,MAAM,iBAAiB,GAAG,CAAC,EAAa,EAAE,EAAE,CAC1C,eAAe,CAAC,EAAE,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC;IAC/C,2DAA2D;KAC1D,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,WAAW,CAAC;KAC5C,MAAM,CAAC;IACN,UAAU;IACV,eAAe;IACf,iBAAiB;IACjB,iBAAiB;IACjB,iBAAiB;IACjB,gBAAgB;IAChB,kBAAkB;IAClB,gBAAgB;IAChB,WAAW;IACX,kBAAkB;IAClB,eAAe;IACf,YAAY;IACZ,2BAA2B;IAC3B,aAAa;CACd,CAAC,CAAA;AAEN,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,OAAgB,EAChB,IAAe,EACf,YAA2B,EAC3B,EAAE;IACF,OAAO,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;QACtC,OAAO;QACP,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;QACpC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;QACpC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;QACpC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;QACnC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;QACnC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI;QACnD,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,mBAAmB,EAAE,YAAY,IAAI,IAAI;QACzC,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC,CAAA;AACJ,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,EAAa,EAAE,EAAW,EAAE,EAAE,CACxD,EAAE,CAAC,EAAE;KACF,UAAU,CAAC,OAAO,CAAC;KACnB,KAAK,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC;KACzB,KAAK,CAAC,qBAAqB,EAAE,QAAQ,EAAE,IAAI,CAAC;KAC5C,MAAM,CAAC,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC,CAAA;AAE1C,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,MAMC,EACD,EAAE;IACF,IACE,MAAM,CAAC,EAAE,KAAK,SAAS;QACvB,MAAM,CAAC,GAAG,KAAK,SAAS;QACxB,MAAM,CAAC,IAAI,KAAK,SAAS;QACzB,MAAM,CAAC,OAAO,KAAK,SAAS;QAC5B,MAAM,CAAC,mBAAmB,KAAK,SAAS,EACxC,CAAC;QACD,0BAA0B;QAC1B,MAAM,IAAI,SAAS,CAAC,2CAA2C,CAAC,CAAA;IAClE,CAAC;IAED,OAAO,iBAAiB,CAAC,EAAE,CAAC;SACzB,GAAG,CAAC,MAAM,CAAC,EAAE,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACnC,yBAAyB;IACzB,EAAE,CAAC,KAAK,CAAC,UAAU,EAAE,GAAG,EAAE,MAAM,CAAC,EAAG,CAAC,CACtC;SACA,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACpC,6BAA6B;IAC7B,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,MAAM,CAAC,GAAI,CAAC,CACxC;SACA,GAAG,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACrC,6DAA6D;IAC7D,EAAE;SACC,KAAK,CAAC,YAAY,EAAE,GAAG,EAAE,MAAM,CAAC,IAAK,CAAC;SACtC,KAAK,CAAC,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC,CACvC;SACA,GAAG,CAAC,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACxC,4BAA4B;IAC5B,EAAE,CAAC,KAAK,CAAC,eAAe,EAAE,GAAG,EAAE,MAAM,CAAC,OAAQ,CAAC,CAChD;SACA,GAAG,CAAC,MAAM,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACpD,wCAAwC;IACxC,EAAE,CAAC,KAAK,CAAC,2BAA2B,EAAE,GAAG,EAAE,MAAM,CAAC,mBAAoB,CAAC,CACxE,CAAA;AACL,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,KAAK,EAAE,EAAa,EAAE,GAAQ,EAAE,EAAE;IAC3D,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,OAAO,CAAC;QACpB,6BAA6B;SAC5B,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAC1B,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,EAAU,EACV,UAAmB,EACnB,eAA6B,EAC7B,OAAqB,EACrB,EAAE,CACF,EAAE,CAAC,EAAE;KACF,WAAW,CAAC,OAAO,CAAC;KACpB,GAAG,CAAC;IACH,OAAO,EAAE,UAAU;IACnB,mBAAmB,EAAE,eAAe;IAEpC,SAAS,EAAE,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC;IACvC,SAAS,EAAE,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC;IACvC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;IACtC,KAAK,EAAE,OAAO,CAAC,KAAK;CACrB,CAAC;IACF,yBAAyB;KACxB,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,CAAA;AAEzB,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,EAAa,EAAE,OAAgB,EAAE,EAAE;AAC1D,iDAAiD;AACjD,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,SAAS,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA","sourcesContent":["import { Selectable } from 'kysely'\nimport {\n Code,\n Did,\n NewTokenData,\n RefreshToken,\n TokenData,\n TokenId,\n} from '@atproto/oauth-provider'\nimport { fromDateISO, fromJson, toDateISO, toJson } from '../../db/index.js'\nimport { AccountDb, Token } from '../db/index.js'\nimport { selectAccountQB } from './account.js'\n\nexport function toTokenData(row: Selectable<Token>): TokenData {\n return {\n createdAt: fromDateISO(row.createdAt),\n expiresAt: fromDateISO(row.expiresAt),\n updatedAt: fromDateISO(row.updatedAt),\n clientId: row.clientId,\n clientAuth: fromJson(row.clientAuth),\n deviceId: row.deviceId,\n did: row.did,\n parameters: fromJson(row.parameters),\n code: row.code,\n scope: row.scope,\n }\n}\n\nconst selectTokenInfoQB = (db: AccountDb) =>\n selectAccountQB(db, { includeDeactivated: true })\n // uses \"token_did_idx\" index (though unlikely in practice)\n .innerJoin('token', 'token.did', 'actor.did')\n .select([\n 'token.id',\n 'token.tokenId',\n 'token.createdAt',\n 'token.updatedAt',\n 'token.expiresAt',\n 'token.clientId',\n 'token.clientAuth',\n 'token.deviceId',\n 'token.did',\n 'token.parameters',\n 'token.details',\n 'token.code',\n 'token.currentRefreshToken',\n 'token.scope',\n ])\n\nexport const createQB = (\n db: AccountDb,\n tokenId: TokenId,\n data: TokenData,\n refreshToken?: RefreshToken,\n) => {\n return db.db.insertInto('token').values({\n tokenId,\n createdAt: toDateISO(data.createdAt),\n expiresAt: toDateISO(data.expiresAt),\n updatedAt: toDateISO(data.updatedAt),\n clientId: data.clientId,\n clientAuth: toJson(data.clientAuth),\n deviceId: data.deviceId,\n did: data.did,\n parameters: toJson(data.parameters),\n details: data.details ? toJson(data.details) : null,\n code: data.code,\n currentRefreshToken: refreshToken || null,\n scope: data.scope,\n })\n}\n\nexport const forRotateQB = (db: AccountDb, id: TokenId) =>\n db.db\n .selectFrom('token')\n .where('tokenId', '=', id)\n .where('currentRefreshToken', 'is not', null)\n .select(['id', 'currentRefreshToken'])\n\nexport const findByQB = (\n db: AccountDb,\n search: {\n id?: number\n did?: Did\n code?: Code\n tokenId?: TokenId\n currentRefreshToken?: RefreshToken\n },\n) => {\n if (\n search.id === undefined &&\n search.did === undefined &&\n search.code === undefined &&\n search.tokenId === undefined &&\n search.currentRefreshToken === undefined\n ) {\n // Prevent accidental scan\n throw new TypeError('At least one search parameter is required')\n }\n\n return selectTokenInfoQB(db)\n .$if(search.id !== undefined, (qb) =>\n // uses primary key index\n qb.where('token.id', '=', search.id!),\n )\n .$if(search.did !== undefined, (qb) =>\n // uses \"token_did_idx\" index\n qb.where('token.did', '=', search.did!),\n )\n .$if(search.code !== undefined, (qb) =>\n // uses \"token_code_idx\" partial index (hence the null check)\n qb\n .where('token.code', '=', search.code!)\n .where('token.code', 'is not', null),\n )\n .$if(search.tokenId !== undefined, (qb) =>\n // uses \"token_token_id_idx\"\n qb.where('token.tokenId', '=', search.tokenId!),\n )\n .$if(search.currentRefreshToken !== undefined, (qb) =>\n // uses \"token_refresh_token_unique_idx\"\n qb.where('token.currentRefreshToken', '=', search.currentRefreshToken!),\n )\n}\n\nexport const removeByDid = async (db: AccountDb, did: Did) => {\n await db.executeWithRetry(\n db.db\n .deleteFrom('token')\n // uses \"token_did_idx\" index\n .where('did', '=', did),\n )\n}\n\nexport const rotateQB = (\n db: AccountDb,\n id: number,\n newTokenId: TokenId,\n newRefreshToken: RefreshToken,\n newData: NewTokenData,\n) =>\n db.db\n .updateTable('token')\n .set({\n tokenId: newTokenId,\n currentRefreshToken: newRefreshToken,\n\n expiresAt: toDateISO(newData.expiresAt),\n updatedAt: toDateISO(newData.updatedAt),\n clientAuth: toJson(newData.clientAuth),\n scope: newData.scope,\n })\n // uses primary key index\n .where('id', '=', id)\n\nexport const removeQB = (db: AccountDb, tokenId: TokenId) =>\n // uses \"used_refresh_token_fk\" to cascade delete\n db.db.deleteFrom('token').where('tokenId', '=', tokenId)\n"]}
@@ -5,6 +5,10 @@ import { AccountDb } from '../db/index.js';
5
5
  * This is done through the foreign key constraint in the database.
6
6
  */
7
7
  export declare const insertQB: (db: AccountDb, tokenId: number, refreshToken: RefreshToken) => import("kysely").InsertQueryBuilder<import("../db/index.js").DatabaseSchema, "used_refresh_token", import("kysely").InsertResult>;
8
- export declare const findByTokenQB: (db: AccountDb, refreshToken: RefreshToken) => import("kysely").QueryBuilderWithSelection<import("kysely/dist/esm/parser/table-parser.js").From<import("../db/index.js").DatabaseSchema, "used_refresh_token">, "used_refresh_token", {}, "tokenId">;
9
- export declare const countQB: (db: AccountDb, refreshToken: RefreshToken) => import("kysely").QueryBuilderWithSelection<import("kysely/dist/esm/parser/table-parser.js").From<import("../db/index.js").DatabaseSchema, "used_refresh_token">, "used_refresh_token", {}, (qb: import("kysely").ExpressionBuilder<import("kysely/dist/esm/parser/table-parser.js").From<import("../db/index.js").DatabaseSchema, "used_refresh_token">, "used_refresh_token">) => import("kysely").AliasedAggregateFunctionBuilder<import("kysely/dist/esm/parser/table-parser.js").From<import("../db/index.js").DatabaseSchema, "used_refresh_token">, "used_refresh_token", number, "count">>;
8
+ export declare const findByTokenQB: (db: AccountDb, refreshToken: RefreshToken) => import("kysely").SelectQueryBuilder<import("../db/index.js").DatabaseSchema, "used_refresh_token", {
9
+ tokenId: number;
10
+ }>;
11
+ export declare const countQB: (db: AccountDb, refreshToken: RefreshToken) => import("kysely").SelectQueryBuilder<import("../db/index.js").DatabaseSchema, "used_refresh_token", {
12
+ count: number;
13
+ }>;
10
14
  //# sourceMappingURL=used-refresh-token.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"used-refresh-token.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/used-refresh-token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAA;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAE1C;;;GAGG;AACH,eAAO,MAAM,QAAQ,GACnB,IAAI,SAAS,EACb,SAAS,MAAM,EACf,cAAc,YAAY,sIAKW,CAAA;AAEvC,eAAO,MAAM,aAAa,GAAI,IAAI,SAAS,EAAE,cAAc,YAAY,0MAKjD,CAAA;AAEtB,eAAO,MAAM,OAAO,GAAI,IAAI,SAAS,EAAE,cAAc,YAAY,skBAKG,CAAA"}
1
+ {"version":3,"file":"used-refresh-token.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/used-refresh-token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAA;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAE1C;;;GAGG;AACH,eAAO,MAAM,QAAQ,OACf,SAAS,WACJ,MAAM,gBACD,YAAY,sIAKW,CAAA;AAEvC,eAAO,MAAM,aAAa,OAAQ,SAAS,gBAAgB,YAAY;;EAKjD,CAAA;AAEtB,eAAO,MAAM,OAAO,OAAQ,SAAS,gBAAgB,YAAY;;EAKG,CAAA"}
@@ -1,7 +1,7 @@
1
1
  import { Client } from '@did-plc/lib';
2
2
  import { Keypair } from '@atproto/crypto';
3
3
  import { HandleString } from '@atproto/lex';
4
- import { Account, AccountStore, AuthenticateAccountData, AuthorizedClientData, AuthorizedClients, ClientId, Code, DeviceAccount, DeviceData, DeviceId, DeviceStore, FoundRequestResult, LexiconData, LexiconStore, NewTokenData, RefreshToken, RequestData, RequestId, RequestStore, ResetPasswordConfirmInput, ResetPasswordRequestInput, SignUpData, Sub, TokenData, TokenId, TokenInfo, TokenStore, UpdateEmailConfirmInput, UpdateEmailRequestInput, UpdateEmailRequestOutput, UpdateHandleData, UpdateRequestData, VerifyEmailConfirmInput, VerifyEmailRequestInput } from '@atproto/oauth-provider';
4
+ import { Account, AccountStore, AuthenticateAccountData, AuthorizedClientData, AuthorizedClients, ClientId, Code, DeactivateAccountData, DeleteAccountConfirmInput, DeleteAccountRequestInput, DeviceAccount, DeviceData, DeviceId, DeviceStore, Did, FoundRequestResult, LexiconData, LexiconStore, NewTokenData, ReactivateAccountData, RefreshToken, RequestData, RequestId, RequestStore, ResetPasswordConfirmInput, ResetPasswordRequestInput, SignUpData, TokenData, TokenId, TokenInfo, TokenStore, UpdateEmailConfirmInput, UpdateEmailRequestInput, UpdateEmailRequestOutput, UpdateHandleData, UpdateRequestData, VerifyEmailConfirmInput, VerifyEmailRequestInput } from '@atproto/oauth-provider';
5
5
  import { ActorStore } from '../actor-store/actor-store.js';
6
6
  import { BackgroundQueue } from '../background.js';
7
7
  import { ImageUrlBuilder } from '../image/image-url-builder.js';
@@ -32,20 +32,20 @@ export declare class OAuthStore implements AccountStore, RequestStore, DeviceSto
32
32
  private verifyInviteCode;
33
33
  createAccount({ locale: _locale, inviteCode, handle, email, password, }: SignUpData): Promise<Account>;
34
34
  authenticateAccount({ locale: _locale, username: identifier, password, emailOtp, }: AuthenticateAccountData): Promise<Account>;
35
- setAuthorizedClient(sub: Sub, clientId: ClientId, data: AuthorizedClientData): Promise<void>;
36
- getAccount(sub: Sub): Promise<{
35
+ setAuthorizedClient(did: Did, clientId: ClientId, data: AuthorizedClientData): Promise<void>;
36
+ getAccount(did: Did): Promise<{
37
37
  account: Account;
38
38
  authorizedClients: AuthorizedClients;
39
39
  }>;
40
40
  upsertDeviceAccount(deviceId: DeviceId, sub: string): Promise<void>;
41
- getDeviceAccount(deviceId: DeviceId, sub: string): Promise<DeviceAccount | null>;
42
- removeDeviceAccount(deviceId: DeviceId, sub: Sub): Promise<void>;
41
+ getDeviceAccount(deviceId: DeviceId, did: Did): Promise<DeviceAccount | null>;
42
+ removeDeviceAccount(deviceId: DeviceId, did: Did): Promise<void>;
43
43
  listDeviceAccounts(filter: {
44
- sub: Sub;
44
+ did: Did;
45
45
  } | {
46
46
  deviceId: DeviceId;
47
47
  }): Promise<DeviceAccount[]>;
48
- resetPasswordRequest({ locale: _locale, email, }: ResetPasswordRequestInput): Promise<Account | null>;
48
+ resetPasswordRequest({ email, locale, }: ResetPasswordRequestInput): Promise<Account | null>;
49
49
  resetPasswordConfirm(data: ResetPasswordConfirmInput): Promise<Account | null>;
50
50
  verifyHandleAvailability(handle: HandleString): Promise<void>;
51
51
  createRequest(id: RequestId, data: RequestData): Promise<void>;
@@ -61,17 +61,21 @@ export declare class OAuthStore implements AccountStore, RequestStore, DeviceSto
61
61
  storeLexicon(nsid: string, data: LexiconData): Promise<void>;
62
62
  deleteLexicon(nsid: string): Promise<void>;
63
63
  createToken(id: TokenId, data: TokenData, refreshToken?: RefreshToken): Promise<void>;
64
- listAccountTokens(sub: Sub): Promise<TokenInfo[]>;
64
+ listAccountTokens(did: Did): Promise<TokenInfo[]>;
65
65
  readToken(tokenId: TokenId): Promise<TokenInfo | null>;
66
66
  deleteToken(tokenId: TokenId): Promise<void>;
67
67
  rotateToken(tokenId: TokenId, newTokenId: TokenId, newRefreshToken: RefreshToken, newData: NewTokenData): Promise<void>;
68
68
  findTokenByRefreshToken(refreshToken: RefreshToken): Promise<TokenInfo | null>;
69
69
  findTokenByCode(code: Code): Promise<TokenInfo | null>;
70
- verifyEmailRequest({ sub: did, locale, }: VerifyEmailRequestInput): Promise<void>;
71
- verifyEmailConfirm({ sub: did, email, token, }: VerifyEmailConfirmInput): Promise<Account | null>;
72
- updateEmailRequest({ sub: did, locale, }: UpdateEmailRequestInput): Promise<UpdateEmailRequestOutput>;
73
- updateEmailConfirm({ sub: did, token, email, locale, }: UpdateEmailConfirmInput): Promise<Account | null>;
74
- updateHandle({ sub: did, handle }: UpdateHandleData): Promise<Account>;
70
+ verifyEmailRequest({ did, locale, }: VerifyEmailRequestInput): Promise<void>;
71
+ verifyEmailConfirm({ did, email, token, }: VerifyEmailConfirmInput): Promise<Account | null>;
72
+ updateEmailRequest({ did, locale, }: UpdateEmailRequestInput): Promise<UpdateEmailRequestOutput>;
73
+ updateEmailConfirm({ did, token, email, locale, }: UpdateEmailConfirmInput): Promise<Account | null>;
74
+ updateHandle({ did, handle }: UpdateHandleData): Promise<Account>;
75
+ deactivateAccount({ did }: DeactivateAccountData): Promise<Account>;
76
+ reactivateAccount({ did }: ReactivateAccountData): Promise<Account>;
77
+ deleteAccountRequest({ did, locale, }: DeleteAccountRequestInput): Promise<void>;
78
+ deleteAccountConfirm({ did, token, password, }: DeleteAccountConfirmInput): Promise<void>;
75
79
  private toTokenInfo;
76
80
  private buildAccount;
77
81
  }
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-store.d.ts","sourceRoot":"","sources":["../../src/account-manager/oauth-store.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAA2B,MAAM,cAAc,CAAA;AAE9D,OAAO,EAAE,OAAO,EAAoB,MAAM,iBAAiB,CAAA;AAC3D,OAAO,EAEL,YAAY,EAKb,MAAM,cAAc,CAAA;AACrB,OAAO,EACL,OAAO,EACP,YAAY,EACZ,uBAAuB,EACvB,oBAAoB,EACpB,iBAAiB,EACjB,QAAQ,EACR,IAAI,EACJ,aAAa,EACb,UAAU,EACV,QAAQ,EACR,WAAW,EACX,kBAAkB,EAMlB,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,SAAS,EACT,YAAY,EACZ,yBAAyB,EACzB,yBAAyB,EACzB,UAAU,EACV,GAAG,EACH,SAAS,EACT,OAAO,EACP,SAAS,EACT,UAAU,EACV,uBAAuB,EACvB,uBAAuB,EACvB,wBAAwB,EACxB,gBAAgB,EAChB,iBAAiB,EACjB,uBAAuB,EACvB,uBAAuB,EACxB,MAAM,yBAAyB,CAAA;AAKhC,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAA;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAElD,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAA;AAE/D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAA;AACjD,OAAO,EAAE,cAAc,EAAwB,MAAM,sBAAsB,CAAA;AAW3E;;;;;GAKG;AACH,qBAAa,UACX,YAAW,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU;IAG1E,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;gBATd,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU,EACtB,eAAe,EAAE,eAAe,EAChC,eAAe,EAAE,eAAe,EAChC,MAAM,EAAE,YAAY,EACpB,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,OAAO,EACvB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,MAAM,GAAG,IAAI;IAGhD,OAAO,KAAK,EAAE,GAIb;IAED,OAAO,KAAK,UAAU,GAErB;YAEa,uBAAuB;YAavB,gBAAgB;IAYxB,aAAa,CAAC,EAClB,MAAM,EAAE,OAAO,EACf,UAAU,EACV,MAAM,EACN,KAAK,EACL,QAAQ,GACT,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC;IAuG1B,mBAAmB,CAAC,EACxB,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,UAAU,EACpB,QAAQ,EAER,QAAoB,GACrB,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,CAAC;IAmCvC,mBAAmB,CACvB,GAAG,EAAE,GAAG,EACR,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,oBAAoB,GACzB,OAAO,CAAC,IAAI,CAAC;IAIV,UAAU,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC;QAClC,OAAO,EAAE,OAAO,CAAA;QAChB,iBAAiB,EAAE,iBAAiB,CAAA;KACrC,CAAC;IAqBI,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMnE,gBAAgB,CACpB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAoB1B,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;IAMhE,kBAAkB,CACtB,MAAM,EAAE;QAAE,GAAG,EAAE,GAAG,CAAA;KAAE,GAAG;QAAE,QAAQ,EAAE,QAAQ,CAAA;KAAE,GAC5C,OAAO,CAAC,aAAa,EAAE,CAAC;IA+BrB,oBAAoB,CAAC,EACzB,MAAM,EAAE,OAAO,EACf,KAAK,GACN,EAAE,yBAAyB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAuBhD,oBAAoB,CACxB,IAAI,EAAE,yBAAyB,GAC9B,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAkBpB,wBAAwB,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IA4B7D,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAM9D,WAAW,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAiBvD,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAMpE,aAAa,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAI3C,kBAAkB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IASlE,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAMjE,UAAU,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,GAAG,UAAU,CAAC;IAK1D,YAAY,CAChB,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,GACxB,OAAO,CAAC,IAAI,CAAC;IAMV,YAAY,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAO/C,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAItD,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAI5D,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAM1C,WAAW,CACf,EAAE,EAAE,OAAO,EACX,IAAI,EAAE,SAAS,EACf,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,IAAI,CAAC;IAgBV,iBAAiB,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAKjD,SAAS,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAOtD,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAK5C,WAAW,CACf,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,OAAO,EACnB,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,IAAI,CAAC;IA6BV,uBAAuB,CAC3B,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAatB,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAKtD,kBAAkB,CAAC,EACvB,GAAG,EAAE,GAAG,EACR,MAAM,GACP,EAAE,uBAAuB,GAAG,OAAO,CAAC,IAAI,CAAC;IAepC,kBAAkB,CAAC,EACvB,GAAG,EAAE,GAAG,EACR,KAAK,EACL,KAAK,GACN,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAiB9C,kBAAkB,CAAC,EACvB,GAAG,EAAE,GAAG,EACR,MAAM,GACP,EAAE,uBAAuB,GAAG,OAAO,CAAC,wBAAwB,CAAC;IAOxD,kBAAkB,CAAC,EACvB,GAAG,EAAE,GAAG,EACR,KAAK,EACL,KAAK,EACL,MAAM,GACP,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAoB9C,YAAY,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;YAa9D,WAAW;YAWX,YAAY;CAiC3B"}
1
+ {"version":3,"file":"oauth-store.d.ts","sourceRoot":"","sources":["../../src/account-manager/oauth-store.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAA2B,MAAM,cAAc,CAAA;AAE9D,OAAO,EAAE,OAAO,EAAoB,MAAM,iBAAiB,CAAA;AAC3D,OAAO,EAAa,YAAY,EAAoB,MAAM,cAAc,CAAA;AACxE,OAAO,EACL,OAAO,EACP,YAAY,EACZ,uBAAuB,EACvB,oBAAoB,EACpB,iBAAiB,EACjB,QAAQ,EACR,IAAI,EACJ,qBAAqB,EACrB,yBAAyB,EACzB,yBAAyB,EACzB,aAAa,EACb,UAAU,EACV,QAAQ,EACR,WAAW,EACX,GAAG,EACH,kBAAkB,EAMlB,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,qBAAqB,EACrB,YAAY,EACZ,WAAW,EACX,SAAS,EACT,YAAY,EACZ,yBAAyB,EACzB,yBAAyB,EACzB,UAAU,EACV,SAAS,EACT,OAAO,EACP,SAAS,EACT,UAAU,EACV,uBAAuB,EACvB,uBAAuB,EACvB,wBAAwB,EACxB,gBAAgB,EAChB,iBAAiB,EACjB,uBAAuB,EACvB,uBAAuB,EACxB,MAAM,yBAAyB,CAAA;AAKhC,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAA;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAElD,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAA;AAE/D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAA;AACjD,OAAO,EAAE,cAAc,EAAwB,MAAM,sBAAsB,CAAA;AAW3E;;;;;GAKG;AACH,qBAAa,UACX,YAAW,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU;IAG1E,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAVjC,YACmB,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU,EACtB,eAAe,EAAE,eAAe,EAChC,eAAe,EAAE,eAAe,EAChC,MAAM,EAAE,YAAY,EACpB,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,OAAO,EACvB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,MAAM,GAAG,IAAI,EAC5C;IAEJ,OAAO,KAAK,EAAE,GAIb;IAED,OAAO,KAAK,UAAU,GAErB;YAEa,uBAAuB;YAavB,gBAAgB;IAYxB,aAAa,CAAC,EAClB,MAAM,EAAE,OAAO,EACf,UAAU,EACV,MAAM,EACN,KAAK,EACL,QAAQ,GACT,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,CAmG/B;IAEK,mBAAmB,CAAC,EACxB,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,UAAU,EACpB,QAAQ,EAER,QAAoB,GACrB,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,CAAC,CAiC5C;IAEK,mBAAmB,CACvB,GAAG,EAAE,GAAG,EACR,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,oBAAoB,GACzB,OAAO,CAAC,IAAI,CAAC,CAEf;IAEK,UAAU,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC;QAClC,OAAO,EAAE,OAAO,CAAA;QAChB,iBAAiB,EAAE,iBAAiB,CAAA;KACrC,CAAC,CAeD;IAEK,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAIxE;IAEK,gBAAgB,CACpB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAkB/B;IAEK,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAIrE;IAEK,kBAAkB,CACtB,MAAM,EAAE;QAAE,GAAG,EAAE,GAAG,CAAA;KAAE,GAAG;QAAE,QAAQ,EAAE,QAAQ,CAAA;KAAE,GAC5C,OAAO,CAAC,aAAa,EAAE,CAAC,CA6B1B;IAEK,oBAAoB,CAAC,EACzB,KAAK,EACL,MAAM,GACP,EAAE,yBAAyB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAoBrD;IAEK,oBAAoB,CACxB,IAAI,EAAE,yBAAyB,GAC9B,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAgBzB;IAEK,wBAAwB,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAwBlE;IAIK,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAInE;IAEK,WAAW,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAe5D;IAEK,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAIzE;IAEK,aAAa,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAEhD;IAEK,kBAAkB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAKvE;IAIK,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAItE;IAEK,UAAU,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,GAAG,UAAU,CAAC,CAG/D;IAEK,YAAY,CAChB,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,GACxB,OAAO,CAAC,IAAI,CAAC,CAIf;IAEK,YAAY,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAGpD;IAIK,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAE3D;IAEK,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAEjE;IAEK,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAE/C;IAIK,WAAW,CACf,EAAE,EAAE,OAAO,EACX,IAAI,EAAE,SAAS,EACf,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,IAAI,CAAC,CAcf;IAEK,iBAAiB,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CAGtD;IAEK,SAAS,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAK3D;IAEK,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAGjD;IAEK,WAAW,CACf,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,OAAO,EACnB,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,IAAI,CAAC,CA2Bf;IAEK,uBAAuB,CAC3B,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAW3B;IAEK,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAG3D;IAEK,kBAAkB,CAAC,EACvB,GAAG,EACH,MAAM,GACP,EAAE,uBAAuB,GAAG,OAAO,CAAC,IAAI,CAAC,CAUzC;IAEK,kBAAkB,CAAC,EACvB,GAAG,EACH,KAAK,EACL,KAAK,GACN,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAYnD;IAEK,kBAAkB,CAAC,EACvB,GAAG,EACH,MAAM,GACP,EAAE,uBAAuB,GAAG,OAAO,CAAC,wBAAwB,CAAC,CAE7D;IAEK,kBAAkB,CAAC,EACvB,GAAG,EACH,KAAK,EACL,KAAK,EACL,MAAM,GACP,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAenD;IAEK,YAAY,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,CAQtE;IAEK,iBAAiB,CAAC,EAAE,GAAG,EAAE,EAAE,qBAAqB,GAAG,OAAO,CAAC,OAAO,CAAC,CAMxE;IAEK,iBAAiB,CAAC,EAAE,GAAG,EAAE,EAAE,qBAAqB,GAAG,OAAO,CAAC,OAAO,CAAC,CAYxE;IAEK,oBAAoB,CAAC,EACzB,GAAG,EACH,MAAM,GACP,EAAE,yBAAyB,GAAG,OAAO,CAAC,IAAI,CAAC,CAuB3C;IAEK,oBAAoB,CAAC,EACzB,GAAG,EACH,KAAK,EACL,QAAQ,GACT,EAAE,yBAAyB,GAAG,OAAO,CAAC,IAAI,CAAC,CAoC3C;YAEa,WAAW;YAWX,YAAY;CAkC3B"}
@@ -1,7 +1,7 @@
1
1
  import assert from 'node:assert';
2
2
  import { createOp as createPlcOp } from '@did-plc/lib';
3
3
  import { Secp256k1Keypair } from '@atproto/crypto';
4
- import { asAtIdentifierString, getBlobCidString, isDidString, isHandleString, } from '@atproto/lex';
4
+ import { getBlobCidString } from '@atproto/lex';
5
5
  import { HandleUnavailableError, InvalidCredentialsError, InvalidInviteCodeError, InvalidRequestError, } from '@atproto/oauth-provider';
6
6
  import { AuthRequiredError as XrpcAuthRequiredError, InvalidRequestError as XrpcInvalidRequestError, } from '@atproto/xrpc-server';
7
7
  import { fromDateISO } from '../db/index.js';
@@ -66,7 +66,6 @@ export class OAuthStore {
66
66
  async createAccount({ locale: _locale, inviteCode, handle, email, password, }) {
67
67
  // @TODO Send an account creation confirmation email (+verification link) to the user (in their locale)
68
68
  // @NOTE Password strength & length already enforced by the OAuthProvider
69
- assert(isHandleString(handle), 'Handle must be a valid HandleString');
70
69
  await Promise.all([
71
70
  this.verifyEmailAvailability(email),
72
71
  this.verifyHandleAvailability(handle),
@@ -184,27 +183,25 @@ export class OAuthStore {
184
183
  throw err;
185
184
  }
186
185
  }
187
- async setAuthorizedClient(sub, clientId, data) {
188
- await authorizedClientHelper.upsert(this.db, sub, clientId, data);
186
+ async setAuthorizedClient(did, clientId, data) {
187
+ await authorizedClientHelper.upsert(this.db, did, clientId, data);
189
188
  }
190
- async getAccount(sub) {
191
- const accountRow = await this.accountManager.getAccount(
192
- // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
193
- asAtIdentifierString(sub), {
189
+ async getAccount(did) {
190
+ const accountRow = await this.accountManager.getAccount(did, {
194
191
  includeDeactivated: true,
195
192
  includeTakenDown: false,
196
193
  });
197
194
  assert(accountRow, 'Account not found');
198
195
  const account = await this.buildAccount(accountRow);
199
- const authorizedClients = await authorizedClientHelper.getAuthorizedClients(this.db, sub);
196
+ const authorizedClients = await authorizedClientHelper.getAuthorizedClients(this.db, did);
200
197
  return { account, authorizedClients };
201
198
  }
202
199
  async upsertDeviceAccount(deviceId, sub) {
203
200
  await this.db.executeWithRetry(accountDeviceHelper.upsertQB(this.db, deviceId, sub));
204
201
  }
205
- async getDeviceAccount(deviceId, sub) {
202
+ async getDeviceAccount(deviceId, did) {
206
203
  const row = await accountDeviceHelper
207
- .selectQB(this.db, { deviceId, sub })
204
+ .selectQB(this.db, { deviceId, did })
208
205
  .executeTakeFirst();
209
206
  if (!row)
210
207
  return null;
@@ -212,13 +209,13 @@ export class OAuthStore {
212
209
  deviceId,
213
210
  deviceData: deviceHelper.rowToDeviceData(row),
214
211
  account: await this.buildAccount(row),
215
- authorizedClients: await authorizedClientHelper.getAuthorizedClients(this.db, sub),
212
+ authorizedClients: await authorizedClientHelper.getAuthorizedClients(this.db, did),
216
213
  createdAt: fromDateISO(row.adCreatedAt),
217
214
  updatedAt: fromDateISO(row.adUpdatedAt),
218
215
  };
219
216
  }
220
- async removeDeviceAccount(deviceId, sub) {
221
- await this.db.executeWithRetry(accountDeviceHelper.removeQB(this.db, deviceId, sub));
217
+ async removeDeviceAccount(deviceId, did) {
218
+ await this.db.executeWithRetry(accountDeviceHelper.removeQB(this.db, deviceId, did));
222
219
  }
223
220
  async listDeviceAccounts(filter) {
224
221
  const rows = await accountDeviceHelper.selectQB(this.db, filter).execute();
@@ -238,7 +235,7 @@ export class OAuthStore {
238
235
  updatedAt: fromDateISO(row.adUpdatedAt),
239
236
  }));
240
237
  }
241
- async resetPasswordRequest({ locale: _locale, email, }) {
238
+ async resetPasswordRequest({ email, locale, }) {
242
239
  const account = await this.accountManager.getAccountByEmail(email, {
243
240
  includeDeactivated: true,
244
241
  includeTakenDown: false,
@@ -247,8 +244,7 @@ export class OAuthStore {
247
244
  return null;
248
245
  const { handle } = account;
249
246
  const token = await this.accountManager.createEmailToken(account.did, 'reset_password');
250
- // @TODO Use the locale to send the email in the right language
251
- await this.mailer.sendResetPassword({ handle, token }, { to: account.email });
247
+ await this.mailer.sendResetPassword({ handle, token, locale }, { to: account.email });
252
248
  return this.buildAccount(account);
253
249
  }
254
250
  async resetPasswordConfirm(data) {
@@ -360,8 +356,8 @@ export class OAuthStore {
360
356
  return tokenHelper.createQB(dbTxn, id, data, refreshToken).execute();
361
357
  });
362
358
  }
363
- async listAccountTokens(sub) {
364
- const rows = await tokenHelper.findByQB(this.db, { did: sub }).execute();
359
+ async listAccountTokens(did) {
360
+ const rows = await tokenHelper.findByQB(this.db, { did }).execute();
365
361
  return Promise.all(rows.map((row) => this.toTokenInfo(row)));
366
362
  }
367
363
  async readToken(tokenId) {
@@ -412,9 +408,7 @@ export class OAuthStore {
412
408
  const row = await tokenHelper.findByQB(this.db, { code }).executeTakeFirst();
413
409
  return row ? this.toTokenInfo(row) : null;
414
410
  }
415
- async verifyEmailRequest({ sub: did, locale, }) {
416
- // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
417
- assert(isDidString(did), 'sub must be a valid DID string');
411
+ async verifyEmailRequest({ did, locale, }) {
418
412
  try {
419
413
  await this.accountManager.requestEmailConfirmation(did, { locale });
420
414
  }
@@ -425,9 +419,7 @@ export class OAuthStore {
425
419
  throw err;
426
420
  }
427
421
  }
428
- async verifyEmailConfirm({ sub: did, email, token, }) {
429
- // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
430
- assert(isDidString(did), 'sub must be a valid DID string');
422
+ async verifyEmailConfirm({ did, email, token, }) {
431
423
  try {
432
424
  const account = await this.accountManager.confirmEmail(did, email, token);
433
425
  return this.buildAccount(account);
@@ -439,14 +431,10 @@ export class OAuthStore {
439
431
  throw err;
440
432
  }
441
433
  }
442
- async updateEmailRequest({ sub: did, locale, }) {
443
- // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
444
- assert(isDidString(did), 'sub must be a valid DID string');
434
+ async updateEmailRequest({ did, locale, }) {
445
435
  return this.accountManager.requestEmailUpdate(did, { locale });
446
436
  }
447
- async updateEmailConfirm({ sub: did, token, email, locale, }) {
448
- // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
449
- assert(isDidString(did), 'sub must be a valid DID string');
437
+ async updateEmailConfirm({ did, token, email, locale, }) {
450
438
  try {
451
439
  const account = await this.accountManager.updateEmail(did, email, token, {
452
440
  sendConfirmationEmail: true,
@@ -461,9 +449,7 @@ export class OAuthStore {
461
449
  throw cause;
462
450
  }
463
451
  }
464
- async updateHandle({ sub: did, handle }) {
465
- // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
466
- assert(isDidString(did), 'sub must be a valid DID string');
452
+ async updateHandle({ did, handle }) {
467
453
  try {
468
454
  const account = await this.accountManager.updateHandle(did, handle);
469
455
  return this.buildAccount(account);
@@ -472,6 +458,69 @@ export class OAuthStore {
472
458
  throw toHandleUnavailableError(err);
473
459
  }
474
460
  }
461
+ async deactivateAccount({ did }) {
462
+ const { account } = await this.accountManager.deactivateAccount(did, {
463
+ deleteCredentials: true,
464
+ });
465
+ return this.buildAccount(account);
466
+ }
467
+ async reactivateAccount({ did }) {
468
+ try {
469
+ const { account } = await this.accountManager.activateAccount(did);
470
+ return this.buildAccount(account);
471
+ }
472
+ catch (err) {
473
+ if (err instanceof XrpcInvalidRequestError) {
474
+ throw new InvalidRequestError(err.message, err);
475
+ }
476
+ throw err;
477
+ }
478
+ }
479
+ async deleteAccountRequest({ did, locale, }) {
480
+ // Mirror the XRPC `com.atproto.server.requestAccountDelete` flow
481
+ // (no-entryway path): generate an email confirmation token and dispatch
482
+ // it to the account's email address.
483
+ const account = await this.accountManager.getAccount(did, {
484
+ includeDeactivated: true,
485
+ includeTakenDown: true,
486
+ });
487
+ if (!account) {
488
+ throw new InvalidRequestError('Account not found');
489
+ }
490
+ if (!account.email) {
491
+ throw new InvalidRequestError('Account does not have an email address');
492
+ }
493
+ const token = await this.accountManager.createEmailToken(did, 'delete_account');
494
+ await this.mailer.sendAccountDelete({ token, locale }, { to: account.email });
495
+ }
496
+ async deleteAccountConfirm({ did, token, password, }) {
497
+ // Mirror the XRPC `com.atproto.server.deleteAccount` flow (no-entryway
498
+ // path): verify the password, validate the email confirmation token,
499
+ // destroy the actor store, delete the account row, and emit the
500
+ // tombstone account event.
501
+ const account = await this.accountManager.getAccount(did, {
502
+ includeDeactivated: true,
503
+ includeTakenDown: true,
504
+ });
505
+ if (!account) {
506
+ throw new InvalidRequestError('Account not found');
507
+ }
508
+ const validPass = await this.accountManager.verifyAccountPassword(did, password);
509
+ if (!validPass) {
510
+ throw new InvalidCredentialsError('Invalid did or password', did);
511
+ }
512
+ await this.accountManager.assertValidEmailToken(did, 'delete_account', token);
513
+ // @NOTE Order matters here: first "unlink" the account by removing it
514
+ // from the account manager database ("source of truth"), then notify the
515
+ // sequencer, and finally cleanup files from the file system.
516
+ await this.accountManager.deleteAccount(did);
517
+ try {
518
+ await this.sequencer.sequenceAccountDeletion(did);
519
+ }
520
+ finally {
521
+ await this.actorStore.destroy(did);
522
+ }
523
+ }
475
524
  async toTokenInfo(row) {
476
525
  return {
477
526
  id: row.tokenId,
@@ -482,14 +531,15 @@ export class OAuthStore {
482
531
  }
483
532
  async buildAccount(row) {
484
533
  const account = {
485
- sub: row.did,
486
- aud: this.serviceDid,
534
+ did: row.did,
535
+ pds: this.serviceDid,
487
536
  email: row.email || undefined,
488
- email_verified: row.email ? row.emailConfirmedAt != null : undefined,
489
- preferred_username: row.handle || undefined,
537
+ emailVerified: row.email ? row.emailConfirmedAt != null : undefined,
538
+ handle: row.handle || undefined,
539
+ deactivated: row.deactivatedAt != null,
490
540
  };
491
541
  if (!account.name || !account.picture) {
492
- const did = account.sub;
542
+ const { did } = account;
493
543
  const profile = await this.actorStore
494
544
  .read(did, async (store) => {
495
545
  return store.record.getProfileRecord();