@atproto/pds 0.5.5 → 0.5.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (147) hide show
  1. package/CHANGELOG.md +15 -0
  2. package/dist/account-manager/account-manager.d.ts +51 -13
  3. package/dist/account-manager/account-manager.d.ts.map +1 -1
  4. package/dist/account-manager/account-manager.js +86 -26
  5. package/dist/account-manager/account-manager.js.map +1 -1
  6. package/dist/account-manager/db/migrations/005-oauth-account-management.d.ts.map +1 -1
  7. package/dist/account-manager/db/migrations/005-oauth-account-management.js +3 -4
  8. package/dist/account-manager/db/migrations/005-oauth-account-management.js.map +1 -1
  9. package/dist/account-manager/db/schema/authorization-request.d.ts +2 -2
  10. package/dist/account-manager/db/schema/authorization-request.d.ts.map +1 -1
  11. package/dist/account-manager/db/schema/authorization-request.js.map +1 -1
  12. package/dist/account-manager/db/schema/authorized-client.d.ts +2 -2
  13. package/dist/account-manager/db/schema/authorized-client.d.ts.map +1 -1
  14. package/dist/account-manager/db/schema/authorized-client.js.map +1 -1
  15. package/dist/account-manager/db/schema/token.d.ts +2 -2
  16. package/dist/account-manager/db/schema/token.d.ts.map +1 -1
  17. package/dist/account-manager/db/schema/token.js.map +1 -1
  18. package/dist/account-manager/helpers/account-device.d.ts +23 -196
  19. package/dist/account-manager/helpers/account-device.d.ts.map +1 -1
  20. package/dist/account-manager/helpers/account-device.js +3 -3
  21. package/dist/account-manager/helpers/account-device.js.map +1 -1
  22. package/dist/account-manager/helpers/account.d.ts +14 -4
  23. package/dist/account-manager/helpers/account.d.ts.map +1 -1
  24. package/dist/account-manager/helpers/account.js +17 -11
  25. package/dist/account-manager/helpers/account.js.map +1 -1
  26. package/dist/account-manager/helpers/auth.js +1 -1
  27. package/dist/account-manager/helpers/auth.js.map +1 -1
  28. package/dist/account-manager/helpers/authorization-request.d.ts +83 -5
  29. package/dist/account-manager/helpers/authorization-request.d.ts.map +1 -1
  30. package/dist/account-manager/helpers/authorization-request.js +8 -8
  31. package/dist/account-manager/helpers/authorization-request.js.map +1 -1
  32. package/dist/account-manager/helpers/authorized-client.d.ts +5 -4
  33. package/dist/account-manager/helpers/authorized-client.d.ts.map +1 -1
  34. package/dist/account-manager/helpers/authorized-client.js +3 -0
  35. package/dist/account-manager/helpers/authorized-client.js.map +1 -1
  36. package/dist/account-manager/helpers/device.d.ts +9 -3
  37. package/dist/account-manager/helpers/device.d.ts.map +1 -1
  38. package/dist/account-manager/helpers/device.js +4 -4
  39. package/dist/account-manager/helpers/device.js.map +1 -1
  40. package/dist/account-manager/helpers/invite.d.ts +35 -2
  41. package/dist/account-manager/helpers/invite.d.ts.map +1 -1
  42. package/dist/account-manager/helpers/lexicon.d.ts.map +1 -1
  43. package/dist/account-manager/helpers/lexicon.js +6 -0
  44. package/dist/account-manager/helpers/lexicon.js.map +1 -1
  45. package/dist/account-manager/helpers/password.d.ts +1 -0
  46. package/dist/account-manager/helpers/password.d.ts.map +1 -1
  47. package/dist/account-manager/helpers/password.js +3 -0
  48. package/dist/account-manager/helpers/password.js.map +1 -1
  49. package/dist/account-manager/helpers/token.d.ts +72 -1031
  50. package/dist/account-manager/helpers/token.d.ts.map +1 -1
  51. package/dist/account-manager/helpers/token.js +13 -10
  52. package/dist/account-manager/helpers/token.js.map +1 -1
  53. package/dist/account-manager/helpers/used-refresh-token.d.ts +6 -2
  54. package/dist/account-manager/helpers/used-refresh-token.d.ts.map +1 -1
  55. package/dist/account-manager/oauth-store.d.ts +17 -13
  56. package/dist/account-manager/oauth-store.d.ts.map +1 -1
  57. package/dist/account-manager/oauth-store.js +89 -39
  58. package/dist/account-manager/oauth-store.js.map +1 -1
  59. package/dist/actor-store/blob/reader.d.ts.map +1 -1
  60. package/dist/actor-store/blob/reader.js +2 -3
  61. package/dist/actor-store/blob/reader.js.map +1 -1
  62. package/dist/actor-store/record/reader.js +3 -3
  63. package/dist/actor-store/record/reader.js.map +1 -1
  64. package/dist/actor-store/repo/sql-repo-reader.d.ts +5 -1
  65. package/dist/actor-store/repo/sql-repo-reader.d.ts.map +1 -1
  66. package/dist/actor-store/repo/sql-repo-reader.js.map +1 -1
  67. package/dist/api/com/atproto/admin/updateSubjectStatus.d.ts.map +1 -1
  68. package/dist/api/com/atproto/admin/updateSubjectStatus.js +12 -4
  69. package/dist/api/com/atproto/admin/updateSubjectStatus.js.map +1 -1
  70. package/dist/api/com/atproto/server/activateAccount.d.ts.map +1 -1
  71. package/dist/api/com/atproto/server/activateAccount.js +25 -31
  72. package/dist/api/com/atproto/server/activateAccount.js.map +1 -1
  73. package/dist/api/com/atproto/server/deactivateAccount.d.ts.map +1 -1
  74. package/dist/api/com/atproto/server/deactivateAccount.js +3 -4
  75. package/dist/api/com/atproto/server/deactivateAccount.js.map +1 -1
  76. package/dist/api/com/atproto/server/deleteAccount.d.ts.map +1 -1
  77. package/dist/api/com/atproto/server/deleteAccount.js +51 -37
  78. package/dist/api/com/atproto/server/deleteAccount.js.map +1 -1
  79. package/dist/api/com/atproto/server/util.d.ts +25 -6
  80. package/dist/api/com/atproto/server/util.d.ts.map +1 -1
  81. package/dist/api/com/atproto/server/util.js.map +1 -1
  82. package/dist/config/config.d.ts +2 -1
  83. package/dist/config/config.d.ts.map +1 -1
  84. package/dist/config/config.js +4 -1
  85. package/dist/config/config.js.map +1 -1
  86. package/dist/context.d.ts.map +1 -1
  87. package/dist/context.js +1 -1
  88. package/dist/context.js.map +1 -1
  89. package/dist/db/migrator.d.ts +4 -3
  90. package/dist/db/migrator.d.ts.map +1 -1
  91. package/dist/db/migrator.js +1 -1
  92. package/dist/db/migrator.js.map +1 -1
  93. package/dist/db/pagination.d.ts +2 -1
  94. package/dist/db/pagination.d.ts.map +1 -1
  95. package/dist/db/pagination.js +2 -2
  96. package/dist/db/pagination.js.map +1 -1
  97. package/dist/db/util.d.ts +3 -3
  98. package/dist/db/util.d.ts.map +1 -1
  99. package/dist/db/util.js.map +1 -1
  100. package/dist/mailer/index.d.ts +2 -0
  101. package/dist/mailer/index.d.ts.map +1 -1
  102. package/dist/mailer/index.js +2 -0
  103. package/dist/mailer/index.js.map +1 -1
  104. package/dist/scripts/sequencer-recovery/recovery-db.js.map +1 -1
  105. package/dist/sequencer/events.d.ts.map +1 -1
  106. package/dist/sequencer/events.js +6 -13
  107. package/dist/sequencer/events.js.map +1 -1
  108. package/dist/sequencer/sequencer.d.ts +1 -1
  109. package/dist/sequencer/sequencer.d.ts.map +1 -1
  110. package/dist/sequencer/sequencer.js.map +1 -1
  111. package/package.json +13 -13
  112. package/src/account-manager/account-manager.ts +135 -36
  113. package/src/account-manager/db/migrations/005-oauth-account-management.ts +6 -5
  114. package/src/account-manager/db/schema/authorization-request.ts +2 -1
  115. package/src/account-manager/db/schema/authorized-client.ts +6 -2
  116. package/src/account-manager/db/schema/token.ts +2 -2
  117. package/src/account-manager/helpers/account-device.ts +5 -11
  118. package/src/account-manager/helpers/account.ts +39 -16
  119. package/src/account-manager/helpers/auth.ts +2 -2
  120. package/src/account-manager/helpers/authorization-request.ts +12 -8
  121. package/src/account-manager/helpers/authorized-client.ts +12 -6
  122. package/src/account-manager/helpers/device.ts +4 -4
  123. package/src/account-manager/helpers/lexicon.ts +8 -3
  124. package/src/account-manager/helpers/password.ts +6 -0
  125. package/src/account-manager/helpers/token.ts +17 -11
  126. package/src/account-manager/oauth-store.ts +129 -61
  127. package/src/actor-store/blob/reader.ts +8 -5
  128. package/src/actor-store/record/reader.ts +3 -3
  129. package/src/actor-store/repo/sql-repo-reader.ts +1 -1
  130. package/src/api/com/atproto/admin/updateSubjectStatus.ts +16 -4
  131. package/src/api/com/atproto/server/activateAccount.ts +27 -49
  132. package/src/api/com/atproto/server/deactivateAccount.ts +3 -7
  133. package/src/api/com/atproto/server/deleteAccount.ts +60 -43
  134. package/src/api/com/atproto/server/util.ts +24 -7
  135. package/src/config/config.ts +7 -2
  136. package/src/context.ts +2 -3
  137. package/src/db/migrator.ts +2 -1
  138. package/src/db/pagination.ts +7 -7
  139. package/src/db/util.ts +5 -2
  140. package/src/mailer/index.ts +4 -2
  141. package/src/scripts/sequencer-recovery/recovery-db.ts +1 -1
  142. package/src/sequencer/events.ts +8 -13
  143. package/src/sequencer/sequencer.ts +1 -3
  144. package/tests/account-manager.test.ts +79 -0
  145. package/tests/account-status.test.ts +206 -0
  146. package/tests/db.test.ts +3 -3
  147. package/tests/oauth.test.ts +91 -0
@@ -1 +1 @@
1
- {"version":3,"file":"password.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/password.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAC3C,OAAO,EAAkB,qBAAqB,EAAE,MAAM,cAAc,CAAA;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAG1D,OAAO,KAAK,MAAM,MAAM,aAAa,CAAA;AAOrC,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EACxC,EAAa,EACb,GAAW,EACX,QAAgB,EACE,EAAE;IACpB,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,EAAE;SACtB,UAAU,CAAC,SAAS,CAAC;SACrB,SAAS,EAAE;SACX,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,gBAAgB,EAAE,CAAA;IACrB,OAAO,KAAK,CAAC,CAAC,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;AAC5E,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,EAAa,EACb,GAAW,EACX,QAAgB,EACiB,EAAE;IACnC,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;IAClE,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,EAAE;SACtB,UAAU,CAAC,cAAc,CAAC;SAC1B,SAAS,EAAE;SACX,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,KAAK,CAAC,gBAAgB,EAAE,GAAG,EAAE,cAAc,CAAC;SAC5C,gBAAgB,EAAE,CAAA;IACrB,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IACvB,OAAO;QACL,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,UAAU,EAAE,KAAK,CAAC,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK;KAClD,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EACrC,EAAa,EACb,IAGC,EACD,EAAE;IACF,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,WAAW,CAAC,SAAS,CAAC;SACtB,GAAG,CAAC,EAAE,cAAc,EAAE,IAAI,CAAC,cAAc,EAAE,CAAC;SAC5C,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAC/B,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,EAAa,EACb,GAAW,EACX,IAAY,EACZ,UAAmB,EACwC,EAAE;IAC7D,sCAAsC;IACtC,sBAAsB;IACtB,MAAM,GAAG,GAAG,SAAS,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IAChD,MAAM,MAAM,GAAG;QACb,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QACf,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QACf,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;QAChB,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;KAClB,CAAA;IACD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACjC,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;IAClE,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CACrC,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,cAAc,CAAC;SAC1B,MAAM,CAAC;QACN,GAAG;QACH,IAAI;QACJ,cAAc;QACd,SAAS,EAAE,qBAAqB,EAAE;QAClC,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;KAC/B,CAAC;SACD,YAAY,EAAE,CAClB,CAAA;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,mBAAmB,CAAC,wCAAwC,CAAC,CAAA;IACzE,CAAC;IACD,OAAO;QACL,IAAI;QACJ,QAAQ;QACR,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,UAAU;KACX,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,EACnC,EAAa,EACb,GAAW,EAGX,EAAE;IACF,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,EAAE;SACpB,UAAU,CAAC,cAAc,CAAC;SAC1B,MAAM,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;SAC3C,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC;SAC5B,OAAO,EAAE,CAAA;IACZ,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACvB,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,UAAU,EAAE,GAAG,CAAC,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK;KAChD,CAAC,CAAC,CAAA;AACL,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,EAAa,EACb,GAAW,EACX,IAAY,EACZ,EAAE;IACF,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,cAAc,CAAC;SAC1B,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,KAAK,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,CAC5B,CAAA;AACH,CAAC,CAAA","sourcesContent":["import { randomStr } from '@atproto/crypto'\nimport { DatetimeString, currentDatetimeString } from '@atproto/lex'\nimport { InvalidRequestError } from '@atproto/xrpc-server'\nimport { com } from '../../lexicons/index.js'\nimport { AccountDb } from '../db/index.js'\nimport * as scrypt from './scrypt.js'\n\nexport type AppPassDescript = {\n name: string\n privileged: boolean\n}\n\nexport const verifyAccountPassword = async (\n db: AccountDb,\n did: string,\n password: string,\n): Promise<boolean> => {\n const found = await db.db\n .selectFrom('account')\n .selectAll()\n .where('did', '=', did)\n .executeTakeFirst()\n return found ? await scrypt.verify(password, found.passwordScrypt) : false\n}\n\nexport const verifyAppPassword = async (\n db: AccountDb,\n did: string,\n password: string,\n): Promise<AppPassDescript | null> => {\n const passwordScrypt = await scrypt.hashAppPassword(did, password)\n const found = await db.db\n .selectFrom('app_password')\n .selectAll()\n .where('did', '=', did)\n .where('passwordScrypt', '=', passwordScrypt)\n .executeTakeFirst()\n if (!found) return null\n return {\n name: found.name,\n privileged: found.privileged === 1 ? true : false,\n }\n}\n\nexport const updateUserPassword = async (\n db: AccountDb,\n opts: {\n did: string\n passwordScrypt: string\n },\n) => {\n await db.executeWithRetry(\n db.db\n .updateTable('account')\n .set({ passwordScrypt: opts.passwordScrypt })\n .where('did', '=', opts.did),\n )\n}\n\nexport const createAppPassword = async (\n db: AccountDb,\n did: string,\n name: string,\n privileged: boolean,\n): Promise<com.atproto.server.createAppPassword.AppPassword> => {\n // create an app password with format:\n // 1234-abcd-5678-efgh\n const str = randomStr(16, 'base32').slice(0, 16)\n const chunks = [\n str.slice(0, 4),\n str.slice(4, 8),\n str.slice(8, 12),\n str.slice(12, 16),\n ]\n const password = chunks.join('-')\n const passwordScrypt = await scrypt.hashAppPassword(did, password)\n const [got] = await db.executeWithRetry(\n db.db\n .insertInto('app_password')\n .values({\n did,\n name,\n passwordScrypt,\n createdAt: currentDatetimeString(),\n privileged: privileged ? 1 : 0,\n })\n .returningAll(),\n )\n if (!got) {\n throw new InvalidRequestError('could not create app-specific password')\n }\n return {\n name,\n password,\n createdAt: got.createdAt,\n privileged,\n }\n}\n\nexport const listAppPasswords = async (\n db: AccountDb,\n did: string,\n): Promise<\n { name: string; createdAt: DatetimeString; privileged: boolean }[]\n> => {\n const res = await db.db\n .selectFrom('app_password')\n .select(['name', 'createdAt', 'privileged'])\n .where('did', '=', did)\n .orderBy('createdAt', 'desc')\n .execute()\n return res.map((row) => ({\n name: row.name,\n createdAt: row.createdAt,\n privileged: row.privileged === 1 ? true : false,\n }))\n}\n\nexport const deleteAppPassword = async (\n db: AccountDb,\n did: string,\n name: string,\n) => {\n await db.executeWithRetry(\n db.db\n .deleteFrom('app_password')\n .where('did', '=', did)\n .where('name', '=', name),\n )\n}\n"]}
1
+ {"version":3,"file":"password.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/password.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAC3C,OAAO,EAAkB,qBAAqB,EAAE,MAAM,cAAc,CAAA;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAG1D,OAAO,KAAK,MAAM,MAAM,aAAa,CAAA;AAOrC,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EACxC,EAAa,EACb,GAAW,EACX,QAAgB,EACE,EAAE;IACpB,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,EAAE;SACtB,UAAU,CAAC,SAAS,CAAC;SACrB,SAAS,EAAE;SACX,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,gBAAgB,EAAE,CAAA;IACrB,OAAO,KAAK,CAAC,CAAC,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;AAC5E,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,EAAa,EACb,GAAW,EACX,QAAgB,EACiB,EAAE;IACnC,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;IAClE,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,EAAE;SACtB,UAAU,CAAC,cAAc,CAAC;SAC1B,SAAS,EAAE;SACX,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,KAAK,CAAC,gBAAgB,EAAE,GAAG,EAAE,cAAc,CAAC;SAC5C,gBAAgB,EAAE,CAAA;IACrB,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IACvB,OAAO;QACL,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,UAAU,EAAE,KAAK,CAAC,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK;KAClD,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EACrC,EAAa,EACb,IAGC,EACD,EAAE;IACF,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,WAAW,CAAC,SAAS,CAAC;SACtB,GAAG,CAAC,EAAE,cAAc,EAAE,IAAI,CAAC,cAAc,EAAE,CAAC;SAC5C,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAC/B,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,EAAa,EACb,GAAW,EACX,IAAY,EACZ,UAAmB,EACwC,EAAE;IAC7D,sCAAsC;IACtC,sBAAsB;IACtB,MAAM,GAAG,GAAG,SAAS,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IAChD,MAAM,MAAM,GAAG;QACb,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QACf,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QACf,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;QAChB,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;KAClB,CAAA;IACD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACjC,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;IAClE,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CACrC,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,cAAc,CAAC;SAC1B,MAAM,CAAC;QACN,GAAG;QACH,IAAI;QACJ,cAAc;QACd,SAAS,EAAE,qBAAqB,EAAE;QAClC,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;KAC/B,CAAC;SACD,YAAY,EAAE,CAClB,CAAA;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,mBAAmB,CAAC,wCAAwC,CAAC,CAAA;IACzE,CAAC;IACD,OAAO;QACL,IAAI;QACJ,QAAQ;QACR,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,UAAU;KACX,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,EACnC,EAAa,EACb,GAAW,EAGX,EAAE;IACF,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,EAAE;SACpB,UAAU,CAAC,cAAc,CAAC;SAC1B,MAAM,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;SAC3C,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC;SAC5B,OAAO,EAAE,CAAA;IACZ,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACvB,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,UAAU,EAAE,GAAG,CAAC,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK;KAChD,CAAC,CAAC,CAAA;AACL,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,EAAa,EACb,GAAW,EACX,IAAY,EACZ,EAAE;IACF,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,cAAc,CAAC;SAC1B,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,KAAK,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,CAC5B,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EAAE,EAAa,EAAE,GAAW,EAAE,EAAE;IACxE,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CACxD,CAAA;AACH,CAAC,CAAA","sourcesContent":["import { randomStr } from '@atproto/crypto'\nimport { DatetimeString, currentDatetimeString } from '@atproto/lex'\nimport { InvalidRequestError } from '@atproto/xrpc-server'\nimport { com } from '../../lexicons/index.js'\nimport { AccountDb } from '../db/index.js'\nimport * as scrypt from './scrypt.js'\n\nexport type AppPassDescript = {\n name: string\n privileged: boolean\n}\n\nexport const verifyAccountPassword = async (\n db: AccountDb,\n did: string,\n password: string,\n): Promise<boolean> => {\n const found = await db.db\n .selectFrom('account')\n .selectAll()\n .where('did', '=', did)\n .executeTakeFirst()\n return found ? await scrypt.verify(password, found.passwordScrypt) : false\n}\n\nexport const verifyAppPassword = async (\n db: AccountDb,\n did: string,\n password: string,\n): Promise<AppPassDescript | null> => {\n const passwordScrypt = await scrypt.hashAppPassword(did, password)\n const found = await db.db\n .selectFrom('app_password')\n .selectAll()\n .where('did', '=', did)\n .where('passwordScrypt', '=', passwordScrypt)\n .executeTakeFirst()\n if (!found) return null\n return {\n name: found.name,\n privileged: found.privileged === 1 ? true : false,\n }\n}\n\nexport const updateUserPassword = async (\n db: AccountDb,\n opts: {\n did: string\n passwordScrypt: string\n },\n) => {\n await db.executeWithRetry(\n db.db\n .updateTable('account')\n .set({ passwordScrypt: opts.passwordScrypt })\n .where('did', '=', opts.did),\n )\n}\n\nexport const createAppPassword = async (\n db: AccountDb,\n did: string,\n name: string,\n privileged: boolean,\n): Promise<com.atproto.server.createAppPassword.AppPassword> => {\n // create an app password with format:\n // 1234-abcd-5678-efgh\n const str = randomStr(16, 'base32').slice(0, 16)\n const chunks = [\n str.slice(0, 4),\n str.slice(4, 8),\n str.slice(8, 12),\n str.slice(12, 16),\n ]\n const password = chunks.join('-')\n const passwordScrypt = await scrypt.hashAppPassword(did, password)\n const [got] = await db.executeWithRetry(\n db.db\n .insertInto('app_password')\n .values({\n did,\n name,\n passwordScrypt,\n createdAt: currentDatetimeString(),\n privileged: privileged ? 1 : 0,\n })\n .returningAll(),\n )\n if (!got) {\n throw new InvalidRequestError('could not create app-specific password')\n }\n return {\n name,\n password,\n createdAt: got.createdAt,\n privileged,\n }\n}\n\nexport const listAppPasswords = async (\n db: AccountDb,\n did: string,\n): Promise<\n { name: string; createdAt: DatetimeString; privileged: boolean }[]\n> => {\n const res = await db.db\n .selectFrom('app_password')\n .select(['name', 'createdAt', 'privileged'])\n .where('did', '=', did)\n .orderBy('createdAt', 'desc')\n .execute()\n return res.map((row) => ({\n name: row.name,\n createdAt: row.createdAt,\n privileged: row.privileged === 1 ? true : false,\n }))\n}\n\nexport const deleteAppPassword = async (\n db: AccountDb,\n did: string,\n name: string,\n) => {\n await db.executeWithRetry(\n db.db\n .deleteFrom('app_password')\n .where('did', '=', did)\n .where('name', '=', name),\n )\n}\n\nexport const deleteAllAppPasswords = async (db: AccountDb, did: string) => {\n await db.executeWithRetry(\n db.db.deleteFrom('app_password').where('did', '=', did),\n )\n}\n"]}