@atproto/pds 0.5.5 → 0.5.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (147) hide show
  1. package/CHANGELOG.md +15 -0
  2. package/dist/account-manager/account-manager.d.ts +51 -13
  3. package/dist/account-manager/account-manager.d.ts.map +1 -1
  4. package/dist/account-manager/account-manager.js +86 -26
  5. package/dist/account-manager/account-manager.js.map +1 -1
  6. package/dist/account-manager/db/migrations/005-oauth-account-management.d.ts.map +1 -1
  7. package/dist/account-manager/db/migrations/005-oauth-account-management.js +3 -4
  8. package/dist/account-manager/db/migrations/005-oauth-account-management.js.map +1 -1
  9. package/dist/account-manager/db/schema/authorization-request.d.ts +2 -2
  10. package/dist/account-manager/db/schema/authorization-request.d.ts.map +1 -1
  11. package/dist/account-manager/db/schema/authorization-request.js.map +1 -1
  12. package/dist/account-manager/db/schema/authorized-client.d.ts +2 -2
  13. package/dist/account-manager/db/schema/authorized-client.d.ts.map +1 -1
  14. package/dist/account-manager/db/schema/authorized-client.js.map +1 -1
  15. package/dist/account-manager/db/schema/token.d.ts +2 -2
  16. package/dist/account-manager/db/schema/token.d.ts.map +1 -1
  17. package/dist/account-manager/db/schema/token.js.map +1 -1
  18. package/dist/account-manager/helpers/account-device.d.ts +23 -196
  19. package/dist/account-manager/helpers/account-device.d.ts.map +1 -1
  20. package/dist/account-manager/helpers/account-device.js +3 -3
  21. package/dist/account-manager/helpers/account-device.js.map +1 -1
  22. package/dist/account-manager/helpers/account.d.ts +14 -4
  23. package/dist/account-manager/helpers/account.d.ts.map +1 -1
  24. package/dist/account-manager/helpers/account.js +17 -11
  25. package/dist/account-manager/helpers/account.js.map +1 -1
  26. package/dist/account-manager/helpers/auth.js +1 -1
  27. package/dist/account-manager/helpers/auth.js.map +1 -1
  28. package/dist/account-manager/helpers/authorization-request.d.ts +83 -5
  29. package/dist/account-manager/helpers/authorization-request.d.ts.map +1 -1
  30. package/dist/account-manager/helpers/authorization-request.js +8 -8
  31. package/dist/account-manager/helpers/authorization-request.js.map +1 -1
  32. package/dist/account-manager/helpers/authorized-client.d.ts +5 -4
  33. package/dist/account-manager/helpers/authorized-client.d.ts.map +1 -1
  34. package/dist/account-manager/helpers/authorized-client.js +3 -0
  35. package/dist/account-manager/helpers/authorized-client.js.map +1 -1
  36. package/dist/account-manager/helpers/device.d.ts +9 -3
  37. package/dist/account-manager/helpers/device.d.ts.map +1 -1
  38. package/dist/account-manager/helpers/device.js +4 -4
  39. package/dist/account-manager/helpers/device.js.map +1 -1
  40. package/dist/account-manager/helpers/invite.d.ts +35 -2
  41. package/dist/account-manager/helpers/invite.d.ts.map +1 -1
  42. package/dist/account-manager/helpers/lexicon.d.ts.map +1 -1
  43. package/dist/account-manager/helpers/lexicon.js +6 -0
  44. package/dist/account-manager/helpers/lexicon.js.map +1 -1
  45. package/dist/account-manager/helpers/password.d.ts +1 -0
  46. package/dist/account-manager/helpers/password.d.ts.map +1 -1
  47. package/dist/account-manager/helpers/password.js +3 -0
  48. package/dist/account-manager/helpers/password.js.map +1 -1
  49. package/dist/account-manager/helpers/token.d.ts +72 -1031
  50. package/dist/account-manager/helpers/token.d.ts.map +1 -1
  51. package/dist/account-manager/helpers/token.js +13 -10
  52. package/dist/account-manager/helpers/token.js.map +1 -1
  53. package/dist/account-manager/helpers/used-refresh-token.d.ts +6 -2
  54. package/dist/account-manager/helpers/used-refresh-token.d.ts.map +1 -1
  55. package/dist/account-manager/oauth-store.d.ts +17 -13
  56. package/dist/account-manager/oauth-store.d.ts.map +1 -1
  57. package/dist/account-manager/oauth-store.js +89 -39
  58. package/dist/account-manager/oauth-store.js.map +1 -1
  59. package/dist/actor-store/blob/reader.d.ts.map +1 -1
  60. package/dist/actor-store/blob/reader.js +2 -3
  61. package/dist/actor-store/blob/reader.js.map +1 -1
  62. package/dist/actor-store/record/reader.js +3 -3
  63. package/dist/actor-store/record/reader.js.map +1 -1
  64. package/dist/actor-store/repo/sql-repo-reader.d.ts +5 -1
  65. package/dist/actor-store/repo/sql-repo-reader.d.ts.map +1 -1
  66. package/dist/actor-store/repo/sql-repo-reader.js.map +1 -1
  67. package/dist/api/com/atproto/admin/updateSubjectStatus.d.ts.map +1 -1
  68. package/dist/api/com/atproto/admin/updateSubjectStatus.js +12 -4
  69. package/dist/api/com/atproto/admin/updateSubjectStatus.js.map +1 -1
  70. package/dist/api/com/atproto/server/activateAccount.d.ts.map +1 -1
  71. package/dist/api/com/atproto/server/activateAccount.js +25 -31
  72. package/dist/api/com/atproto/server/activateAccount.js.map +1 -1
  73. package/dist/api/com/atproto/server/deactivateAccount.d.ts.map +1 -1
  74. package/dist/api/com/atproto/server/deactivateAccount.js +3 -4
  75. package/dist/api/com/atproto/server/deactivateAccount.js.map +1 -1
  76. package/dist/api/com/atproto/server/deleteAccount.d.ts.map +1 -1
  77. package/dist/api/com/atproto/server/deleteAccount.js +51 -37
  78. package/dist/api/com/atproto/server/deleteAccount.js.map +1 -1
  79. package/dist/api/com/atproto/server/util.d.ts +25 -6
  80. package/dist/api/com/atproto/server/util.d.ts.map +1 -1
  81. package/dist/api/com/atproto/server/util.js.map +1 -1
  82. package/dist/config/config.d.ts +2 -1
  83. package/dist/config/config.d.ts.map +1 -1
  84. package/dist/config/config.js +4 -1
  85. package/dist/config/config.js.map +1 -1
  86. package/dist/context.d.ts.map +1 -1
  87. package/dist/context.js +1 -1
  88. package/dist/context.js.map +1 -1
  89. package/dist/db/migrator.d.ts +4 -3
  90. package/dist/db/migrator.d.ts.map +1 -1
  91. package/dist/db/migrator.js +1 -1
  92. package/dist/db/migrator.js.map +1 -1
  93. package/dist/db/pagination.d.ts +2 -1
  94. package/dist/db/pagination.d.ts.map +1 -1
  95. package/dist/db/pagination.js +2 -2
  96. package/dist/db/pagination.js.map +1 -1
  97. package/dist/db/util.d.ts +3 -3
  98. package/dist/db/util.d.ts.map +1 -1
  99. package/dist/db/util.js.map +1 -1
  100. package/dist/mailer/index.d.ts +2 -0
  101. package/dist/mailer/index.d.ts.map +1 -1
  102. package/dist/mailer/index.js +2 -0
  103. package/dist/mailer/index.js.map +1 -1
  104. package/dist/scripts/sequencer-recovery/recovery-db.js.map +1 -1
  105. package/dist/sequencer/events.d.ts.map +1 -1
  106. package/dist/sequencer/events.js +6 -13
  107. package/dist/sequencer/events.js.map +1 -1
  108. package/dist/sequencer/sequencer.d.ts +1 -1
  109. package/dist/sequencer/sequencer.d.ts.map +1 -1
  110. package/dist/sequencer/sequencer.js.map +1 -1
  111. package/package.json +13 -13
  112. package/src/account-manager/account-manager.ts +135 -36
  113. package/src/account-manager/db/migrations/005-oauth-account-management.ts +6 -5
  114. package/src/account-manager/db/schema/authorization-request.ts +2 -1
  115. package/src/account-manager/db/schema/authorized-client.ts +6 -2
  116. package/src/account-manager/db/schema/token.ts +2 -2
  117. package/src/account-manager/helpers/account-device.ts +5 -11
  118. package/src/account-manager/helpers/account.ts +39 -16
  119. package/src/account-manager/helpers/auth.ts +2 -2
  120. package/src/account-manager/helpers/authorization-request.ts +12 -8
  121. package/src/account-manager/helpers/authorized-client.ts +12 -6
  122. package/src/account-manager/helpers/device.ts +4 -4
  123. package/src/account-manager/helpers/lexicon.ts +8 -3
  124. package/src/account-manager/helpers/password.ts +6 -0
  125. package/src/account-manager/helpers/token.ts +17 -11
  126. package/src/account-manager/oauth-store.ts +129 -61
  127. package/src/actor-store/blob/reader.ts +8 -5
  128. package/src/actor-store/record/reader.ts +3 -3
  129. package/src/actor-store/repo/sql-repo-reader.ts +1 -1
  130. package/src/api/com/atproto/admin/updateSubjectStatus.ts +16 -4
  131. package/src/api/com/atproto/server/activateAccount.ts +27 -49
  132. package/src/api/com/atproto/server/deactivateAccount.ts +3 -7
  133. package/src/api/com/atproto/server/deleteAccount.ts +60 -43
  134. package/src/api/com/atproto/server/util.ts +24 -7
  135. package/src/config/config.ts +7 -2
  136. package/src/context.ts +2 -3
  137. package/src/db/migrator.ts +2 -1
  138. package/src/db/pagination.ts +7 -7
  139. package/src/db/util.ts +5 -2
  140. package/src/mailer/index.ts +4 -2
  141. package/src/scripts/sequencer-recovery/recovery-db.ts +1 -1
  142. package/src/sequencer/events.ts +8 -13
  143. package/src/sequencer/sequencer.ts +1 -3
  144. package/tests/account-manager.test.ts +79 -0
  145. package/tests/account-status.test.ts +206 -0
  146. package/tests/db.test.ts +3 -3
  147. package/tests/oauth.test.ts +91 -0
@@ -1 +1 @@
1
- {"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AACnC,OAAO,EACL,IAAI,EACJ,YAAY,EACZ,YAAY,EACZ,SAAS,EACT,OAAO,EACR,MAAM,yBAAyB,CAAA;AAEhC,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAA;AAGjD,wBAAgB,WAAW,CAAC,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,GAAG,SAAS,CAa7D;AAuBD,eAAO,MAAM,QAAQ,OACf,SAAS,WACJ,OAAO,QACV,SAAS,iBACA,YAAY,yHAiB5B,CAAA;AAED,eAAO,MAAM,WAAW,OAAQ,SAAS,MAAM,OAAO,mMAKZ,CAAA;AAE1C,eAAO,MAAM,QAAQ,OACf,SAAS,UACL;IACN,EAAE,CAAC,EAAE,MAAM,CAAA;IACX,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,IAAI,CAAC,EAAE,IAAI,CAAA;IACX,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB,mBAAmB,CAAC,EAAE,YAAY,CAAA;CACnC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8SAoCF,CAAA;AAED,eAAO,MAAM,aAAa,OAAQ,SAAS,OAAO,MAAM,yLAEN,CAAA;AAElD,eAAO,MAAM,QAAQ,OACf,SAAS,MACT,MAAM,cACE,OAAO,mBACF,YAAY,WACpB,YAAY,kMAcE,CAAA;AAEzB,eAAO,MAAM,QAAQ,OAAQ,SAAS,WAAW,OAAO,yLAEE,CAAA"}
1
+ {"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AACnC,OAAO,EACL,IAAI,EACJ,GAAG,EACH,YAAY,EACZ,YAAY,EACZ,SAAS,EACT,OAAO,EACR,MAAM,yBAAyB,CAAA;AAEhC,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAA;AAGjD,wBAAgB,WAAW,CAAC,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,GAAG,SAAS,CAa7D;AAuBD,eAAO,MAAM,QAAQ,OACf,SAAS,WACJ,OAAO,QACV,SAAS,iBACA,YAAY,yHAiB5B,CAAA;AAED,eAAO,MAAM,WAAW,OAAQ,SAAS,MAAM,OAAO;;;EAKZ,CAAA;AAE1C,eAAO,MAAM,QAAQ,OACf,SAAS,UACL;IACN,EAAE,CAAC,EAAE,MAAM,CAAA;IACX,GAAG,CAAC,EAAE,GAAG,CAAA;IACT,IAAI,CAAC,EAAE,IAAI,CAAA;IACX,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB,mBAAmB,CAAC,EAAE,YAAY,CAAA;CACnC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8TAoCF,CAAA;AAED,eAAO,MAAM,WAAW,OAAc,SAAS,OAAO,GAAG,kBAOxD,CAAA;AAED,eAAO,MAAM,QAAQ,OACf,SAAS,MACT,MAAM,cACE,OAAO,mBACF,YAAY,WACpB,YAAY,kIAcE,CAAA;AAEzB,eAAO,MAAM,QAAQ,OAAQ,SAAS,WAAW,OAAO,yHAEE,CAAA"}
@@ -8,7 +8,7 @@ export function toTokenData(row) {
8
8
  clientId: row.clientId,
9
9
  clientAuth: fromJson(row.clientAuth),
10
10
  deviceId: row.deviceId,
11
- sub: row.did,
11
+ did: row.did,
12
12
  parameters: fromJson(row.parameters),
13
13
  code: row.code,
14
14
  scope: row.scope,
@@ -42,7 +42,7 @@ export const createQB = (db, tokenId, data, refreshToken) => {
42
42
  clientId: data.clientId,
43
43
  clientAuth: toJson(data.clientAuth),
44
44
  deviceId: data.deviceId,
45
- did: data.sub,
45
+ did: data.did,
46
46
  parameters: toJson(data.parameters),
47
47
  details: data.details ? toJson(data.details) : null,
48
48
  code: data.code,
@@ -65,27 +65,30 @@ export const findByQB = (db, search) => {
65
65
  throw new TypeError('At least one search parameter is required');
66
66
  }
67
67
  return selectTokenInfoQB(db)
68
- .if(search.id !== undefined, (qb) =>
68
+ .$if(search.id !== undefined, (qb) =>
69
69
  // uses primary key index
70
70
  qb.where('token.id', '=', search.id))
71
- .if(search.did !== undefined, (qb) =>
71
+ .$if(search.did !== undefined, (qb) =>
72
72
  // uses "token_did_idx" index
73
73
  qb.where('token.did', '=', search.did))
74
- .if(search.code !== undefined, (qb) =>
74
+ .$if(search.code !== undefined, (qb) =>
75
75
  // uses "token_code_idx" partial index (hence the null check)
76
76
  qb
77
77
  .where('token.code', '=', search.code)
78
78
  .where('token.code', 'is not', null))
79
- .if(search.tokenId !== undefined, (qb) =>
79
+ .$if(search.tokenId !== undefined, (qb) =>
80
80
  // uses "token_token_id_idx"
81
81
  qb.where('token.tokenId', '=', search.tokenId))
82
- .if(search.currentRefreshToken !== undefined, (qb) =>
82
+ .$if(search.currentRefreshToken !== undefined, (qb) =>
83
83
  // uses "token_refresh_token_unique_idx"
84
84
  qb.where('token.currentRefreshToken', '=', search.currentRefreshToken));
85
85
  };
86
- export const removeByDidQB = (db, did) =>
87
- // uses "token_did_idx" index
88
- db.db.deleteFrom('token').where('did', '=', did);
86
+ export const removeByDid = async (db, did) => {
87
+ await db.executeWithRetry(db.db
88
+ .deleteFrom('token')
89
+ // uses "token_did_idx" index
90
+ .where('did', '=', did));
91
+ };
89
92
  export const rotateQB = (db, id, newTokenId, newRefreshToken, newData) => db.db
90
93
  .updateTable('token')
91
94
  .set({
@@ -1 +1 @@
1
- {"version":3,"file":"token.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/token.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAE5E,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAE9C,MAAM,UAAU,WAAW,CAAC,GAAsB;IAChD,OAAO;QACL,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC;QACrC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC;QACrC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC;QACrC,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC;QACpC,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC;QACpC,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,KAAK,EAAE,GAAG,CAAC,KAAK;KACjB,CAAA;AACH,CAAC;AAED,MAAM,iBAAiB,GAAG,CAAC,EAAa,EAAE,EAAE,CAC1C,eAAe,CAAC,EAAE,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC;IAC/C,2DAA2D;KAC1D,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,WAAW,CAAC;KAC5C,MAAM,CAAC;IACN,UAAU;IACV,eAAe;IACf,iBAAiB;IACjB,iBAAiB;IACjB,iBAAiB;IACjB,gBAAgB;IAChB,kBAAkB;IAClB,gBAAgB;IAChB,WAAW;IACX,kBAAkB;IAClB,eAAe;IACf,YAAY;IACZ,2BAA2B;IAC3B,aAAa;CACd,CAAC,CAAA;AAEN,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,OAAgB,EAChB,IAAe,EACf,YAA2B,EAC3B,EAAE;IACF,OAAO,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;QACtC,OAAO;QACP,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;QACpC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;QACpC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;QACpC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;QACnC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;QACnC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI;QACnD,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,mBAAmB,EAAE,YAAY,IAAI,IAAI;QACzC,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC,CAAA;AACJ,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,EAAa,EAAE,EAAW,EAAE,EAAE,CACxD,EAAE,CAAC,EAAE;KACF,UAAU,CAAC,OAAO,CAAC;KACnB,KAAK,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC;KACzB,KAAK,CAAC,qBAAqB,EAAE,QAAQ,EAAE,IAAI,CAAC;KAC5C,MAAM,CAAC,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC,CAAA;AAE1C,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,MAMC,EACD,EAAE;IACF,IACE,MAAM,CAAC,EAAE,KAAK,SAAS;QACvB,MAAM,CAAC,GAAG,KAAK,SAAS;QACxB,MAAM,CAAC,IAAI,KAAK,SAAS;QACzB,MAAM,CAAC,OAAO,KAAK,SAAS;QAC5B,MAAM,CAAC,mBAAmB,KAAK,SAAS,EACxC,CAAC;QACD,0BAA0B;QAC1B,MAAM,IAAI,SAAS,CAAC,2CAA2C,CAAC,CAAA;IAClE,CAAC;IAED,OAAO,iBAAiB,CAAC,EAAE,CAAC;SACzB,EAAE,CAAC,MAAM,CAAC,EAAE,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IAClC,yBAAyB;IACzB,EAAE,CAAC,KAAK,CAAC,UAAU,EAAE,GAAG,EAAE,MAAM,CAAC,EAAG,CAAC,CACtC;SACA,EAAE,CAAC,MAAM,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACnC,6BAA6B;IAC7B,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,MAAM,CAAC,GAAI,CAAC,CACxC;SACA,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACpC,6DAA6D;IAC7D,EAAE;SACC,KAAK,CAAC,YAAY,EAAE,GAAG,EAAE,MAAM,CAAC,IAAK,CAAC;SACtC,KAAK,CAAC,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC,CACvC;SACA,EAAE,CAAC,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACvC,4BAA4B;IAC5B,EAAE,CAAC,KAAK,CAAC,eAAe,EAAE,GAAG,EAAE,MAAM,CAAC,OAAQ,CAAC,CAChD;SACA,EAAE,CAAC,MAAM,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACnD,wCAAwC;IACxC,EAAE,CAAC,KAAK,CAAC,2BAA2B,EAAE,GAAG,EAAE,MAAM,CAAC,mBAAoB,CAAC,CACxE,CAAA;AACL,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,EAAa,EAAE,GAAW,EAAE,EAAE;AAC1D,6BAA6B;AAC7B,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;AAElD,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,EAAU,EACV,UAAmB,EACnB,eAA6B,EAC7B,OAAqB,EACrB,EAAE,CACF,EAAE,CAAC,EAAE;KACF,WAAW,CAAC,OAAO,CAAC;KACpB,GAAG,CAAC;IACH,OAAO,EAAE,UAAU;IACnB,mBAAmB,EAAE,eAAe;IAEpC,SAAS,EAAE,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC;IACvC,SAAS,EAAE,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC;IACvC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;IACtC,KAAK,EAAE,OAAO,CAAC,KAAK;CACrB,CAAC;IACF,yBAAyB;KACxB,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,CAAA;AAEzB,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,EAAa,EAAE,OAAgB,EAAE,EAAE;AAC1D,iDAAiD;AACjD,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,SAAS,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA","sourcesContent":["import { Selectable } from 'kysely'\nimport {\n Code,\n NewTokenData,\n RefreshToken,\n TokenData,\n TokenId,\n} from '@atproto/oauth-provider'\nimport { fromDateISO, fromJson, toDateISO, toJson } from '../../db/index.js'\nimport { AccountDb, Token } from '../db/index.js'\nimport { selectAccountQB } from './account.js'\n\nexport function toTokenData(row: Selectable<Token>): TokenData {\n return {\n createdAt: fromDateISO(row.createdAt),\n expiresAt: fromDateISO(row.expiresAt),\n updatedAt: fromDateISO(row.updatedAt),\n clientId: row.clientId,\n clientAuth: fromJson(row.clientAuth),\n deviceId: row.deviceId,\n sub: row.did,\n parameters: fromJson(row.parameters),\n code: row.code,\n scope: row.scope,\n }\n}\n\nconst selectTokenInfoQB = (db: AccountDb) =>\n selectAccountQB(db, { includeDeactivated: true })\n // uses \"token_did_idx\" index (though unlikely in practice)\n .innerJoin('token', 'token.did', 'actor.did')\n .select([\n 'token.id',\n 'token.tokenId',\n 'token.createdAt',\n 'token.updatedAt',\n 'token.expiresAt',\n 'token.clientId',\n 'token.clientAuth',\n 'token.deviceId',\n 'token.did',\n 'token.parameters',\n 'token.details',\n 'token.code',\n 'token.currentRefreshToken',\n 'token.scope',\n ])\n\nexport const createQB = (\n db: AccountDb,\n tokenId: TokenId,\n data: TokenData,\n refreshToken?: RefreshToken,\n) => {\n return db.db.insertInto('token').values({\n tokenId,\n createdAt: toDateISO(data.createdAt),\n expiresAt: toDateISO(data.expiresAt),\n updatedAt: toDateISO(data.updatedAt),\n clientId: data.clientId,\n clientAuth: toJson(data.clientAuth),\n deviceId: data.deviceId,\n did: data.sub,\n parameters: toJson(data.parameters),\n details: data.details ? toJson(data.details) : null,\n code: data.code,\n currentRefreshToken: refreshToken || null,\n scope: data.scope,\n })\n}\n\nexport const forRotateQB = (db: AccountDb, id: TokenId) =>\n db.db\n .selectFrom('token')\n .where('tokenId', '=', id)\n .where('currentRefreshToken', 'is not', null)\n .select(['id', 'currentRefreshToken'])\n\nexport const findByQB = (\n db: AccountDb,\n search: {\n id?: number\n did?: string\n code?: Code\n tokenId?: TokenId\n currentRefreshToken?: RefreshToken\n },\n) => {\n if (\n search.id === undefined &&\n search.did === undefined &&\n search.code === undefined &&\n search.tokenId === undefined &&\n search.currentRefreshToken === undefined\n ) {\n // Prevent accidental scan\n throw new TypeError('At least one search parameter is required')\n }\n\n return selectTokenInfoQB(db)\n .if(search.id !== undefined, (qb) =>\n // uses primary key index\n qb.where('token.id', '=', search.id!),\n )\n .if(search.did !== undefined, (qb) =>\n // uses \"token_did_idx\" index\n qb.where('token.did', '=', search.did!),\n )\n .if(search.code !== undefined, (qb) =>\n // uses \"token_code_idx\" partial index (hence the null check)\n qb\n .where('token.code', '=', search.code!)\n .where('token.code', 'is not', null),\n )\n .if(search.tokenId !== undefined, (qb) =>\n // uses \"token_token_id_idx\"\n qb.where('token.tokenId', '=', search.tokenId!),\n )\n .if(search.currentRefreshToken !== undefined, (qb) =>\n // uses \"token_refresh_token_unique_idx\"\n qb.where('token.currentRefreshToken', '=', search.currentRefreshToken!),\n )\n}\n\nexport const removeByDidQB = (db: AccountDb, did: string) =>\n // uses \"token_did_idx\" index\n db.db.deleteFrom('token').where('did', '=', did)\n\nexport const rotateQB = (\n db: AccountDb,\n id: number,\n newTokenId: TokenId,\n newRefreshToken: RefreshToken,\n newData: NewTokenData,\n) =>\n db.db\n .updateTable('token')\n .set({\n tokenId: newTokenId,\n currentRefreshToken: newRefreshToken,\n\n expiresAt: toDateISO(newData.expiresAt),\n updatedAt: toDateISO(newData.updatedAt),\n clientAuth: toJson(newData.clientAuth),\n scope: newData.scope,\n })\n // uses primary key index\n .where('id', '=', id)\n\nexport const removeQB = (db: AccountDb, tokenId: TokenId) =>\n // uses \"used_refresh_token_fk\" to cascade delete\n db.db.deleteFrom('token').where('tokenId', '=', tokenId)\n"]}
1
+ {"version":3,"file":"token.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/token.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAE5E,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAE9C,MAAM,UAAU,WAAW,CAAC,GAAsB;IAChD,OAAO;QACL,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC;QACrC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC;QACrC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC;QACrC,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC;QACpC,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC;QACpC,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,KAAK,EAAE,GAAG,CAAC,KAAK;KACjB,CAAA;AACH,CAAC;AAED,MAAM,iBAAiB,GAAG,CAAC,EAAa,EAAE,EAAE,CAC1C,eAAe,CAAC,EAAE,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC;IAC/C,2DAA2D;KAC1D,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,WAAW,CAAC;KAC5C,MAAM,CAAC;IACN,UAAU;IACV,eAAe;IACf,iBAAiB;IACjB,iBAAiB;IACjB,iBAAiB;IACjB,gBAAgB;IAChB,kBAAkB;IAClB,gBAAgB;IAChB,WAAW;IACX,kBAAkB;IAClB,eAAe;IACf,YAAY;IACZ,2BAA2B;IAC3B,aAAa;CACd,CAAC,CAAA;AAEN,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,OAAgB,EAChB,IAAe,EACf,YAA2B,EAC3B,EAAE;IACF,OAAO,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;QACtC,OAAO;QACP,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;QACpC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;QACpC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;QACpC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;QACnC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;QACnC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI;QACnD,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,mBAAmB,EAAE,YAAY,IAAI,IAAI;QACzC,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC,CAAA;AACJ,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,EAAa,EAAE,EAAW,EAAE,EAAE,CACxD,EAAE,CAAC,EAAE;KACF,UAAU,CAAC,OAAO,CAAC;KACnB,KAAK,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC;KACzB,KAAK,CAAC,qBAAqB,EAAE,QAAQ,EAAE,IAAI,CAAC;KAC5C,MAAM,CAAC,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC,CAAA;AAE1C,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,MAMC,EACD,EAAE;IACF,IACE,MAAM,CAAC,EAAE,KAAK,SAAS;QACvB,MAAM,CAAC,GAAG,KAAK,SAAS;QACxB,MAAM,CAAC,IAAI,KAAK,SAAS;QACzB,MAAM,CAAC,OAAO,KAAK,SAAS;QAC5B,MAAM,CAAC,mBAAmB,KAAK,SAAS,EACxC,CAAC;QACD,0BAA0B;QAC1B,MAAM,IAAI,SAAS,CAAC,2CAA2C,CAAC,CAAA;IAClE,CAAC;IAED,OAAO,iBAAiB,CAAC,EAAE,CAAC;SACzB,GAAG,CAAC,MAAM,CAAC,EAAE,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACnC,yBAAyB;IACzB,EAAE,CAAC,KAAK,CAAC,UAAU,EAAE,GAAG,EAAE,MAAM,CAAC,EAAG,CAAC,CACtC;SACA,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACpC,6BAA6B;IAC7B,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,MAAM,CAAC,GAAI,CAAC,CACxC;SACA,GAAG,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACrC,6DAA6D;IAC7D,EAAE;SACC,KAAK,CAAC,YAAY,EAAE,GAAG,EAAE,MAAM,CAAC,IAAK,CAAC;SACtC,KAAK,CAAC,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC,CACvC;SACA,GAAG,CAAC,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACxC,4BAA4B;IAC5B,EAAE,CAAC,KAAK,CAAC,eAAe,EAAE,GAAG,EAAE,MAAM,CAAC,OAAQ,CAAC,CAChD;SACA,GAAG,CAAC,MAAM,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACpD,wCAAwC;IACxC,EAAE,CAAC,KAAK,CAAC,2BAA2B,EAAE,GAAG,EAAE,MAAM,CAAC,mBAAoB,CAAC,CACxE,CAAA;AACL,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,KAAK,EAAE,EAAa,EAAE,GAAQ,EAAE,EAAE;IAC3D,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,OAAO,CAAC;QACpB,6BAA6B;SAC5B,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAC1B,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,EAAU,EACV,UAAmB,EACnB,eAA6B,EAC7B,OAAqB,EACrB,EAAE,CACF,EAAE,CAAC,EAAE;KACF,WAAW,CAAC,OAAO,CAAC;KACpB,GAAG,CAAC;IACH,OAAO,EAAE,UAAU;IACnB,mBAAmB,EAAE,eAAe;IAEpC,SAAS,EAAE,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC;IACvC,SAAS,EAAE,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC;IACvC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;IACtC,KAAK,EAAE,OAAO,CAAC,KAAK;CACrB,CAAC;IACF,yBAAyB;KACxB,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,CAAA;AAEzB,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,EAAa,EAAE,OAAgB,EAAE,EAAE;AAC1D,iDAAiD;AACjD,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,SAAS,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA","sourcesContent":["import { Selectable } from 'kysely'\nimport {\n Code,\n Did,\n NewTokenData,\n RefreshToken,\n TokenData,\n TokenId,\n} from '@atproto/oauth-provider'\nimport { fromDateISO, fromJson, toDateISO, toJson } from '../../db/index.js'\nimport { AccountDb, Token } from '../db/index.js'\nimport { selectAccountQB } from './account.js'\n\nexport function toTokenData(row: Selectable<Token>): TokenData {\n return {\n createdAt: fromDateISO(row.createdAt),\n expiresAt: fromDateISO(row.expiresAt),\n updatedAt: fromDateISO(row.updatedAt),\n clientId: row.clientId,\n clientAuth: fromJson(row.clientAuth),\n deviceId: row.deviceId,\n did: row.did,\n parameters: fromJson(row.parameters),\n code: row.code,\n scope: row.scope,\n }\n}\n\nconst selectTokenInfoQB = (db: AccountDb) =>\n selectAccountQB(db, { includeDeactivated: true })\n // uses \"token_did_idx\" index (though unlikely in practice)\n .innerJoin('token', 'token.did', 'actor.did')\n .select([\n 'token.id',\n 'token.tokenId',\n 'token.createdAt',\n 'token.updatedAt',\n 'token.expiresAt',\n 'token.clientId',\n 'token.clientAuth',\n 'token.deviceId',\n 'token.did',\n 'token.parameters',\n 'token.details',\n 'token.code',\n 'token.currentRefreshToken',\n 'token.scope',\n ])\n\nexport const createQB = (\n db: AccountDb,\n tokenId: TokenId,\n data: TokenData,\n refreshToken?: RefreshToken,\n) => {\n return db.db.insertInto('token').values({\n tokenId,\n createdAt: toDateISO(data.createdAt),\n expiresAt: toDateISO(data.expiresAt),\n updatedAt: toDateISO(data.updatedAt),\n clientId: data.clientId,\n clientAuth: toJson(data.clientAuth),\n deviceId: data.deviceId,\n did: data.did,\n parameters: toJson(data.parameters),\n details: data.details ? toJson(data.details) : null,\n code: data.code,\n currentRefreshToken: refreshToken || null,\n scope: data.scope,\n })\n}\n\nexport const forRotateQB = (db: AccountDb, id: TokenId) =>\n db.db\n .selectFrom('token')\n .where('tokenId', '=', id)\n .where('currentRefreshToken', 'is not', null)\n .select(['id', 'currentRefreshToken'])\n\nexport const findByQB = (\n db: AccountDb,\n search: {\n id?: number\n did?: Did\n code?: Code\n tokenId?: TokenId\n currentRefreshToken?: RefreshToken\n },\n) => {\n if (\n search.id === undefined &&\n search.did === undefined &&\n search.code === undefined &&\n search.tokenId === undefined &&\n search.currentRefreshToken === undefined\n ) {\n // Prevent accidental scan\n throw new TypeError('At least one search parameter is required')\n }\n\n return selectTokenInfoQB(db)\n .$if(search.id !== undefined, (qb) =>\n // uses primary key index\n qb.where('token.id', '=', search.id!),\n )\n .$if(search.did !== undefined, (qb) =>\n // uses \"token_did_idx\" index\n qb.where('token.did', '=', search.did!),\n )\n .$if(search.code !== undefined, (qb) =>\n // uses \"token_code_idx\" partial index (hence the null check)\n qb\n .where('token.code', '=', search.code!)\n .where('token.code', 'is not', null),\n )\n .$if(search.tokenId !== undefined, (qb) =>\n // uses \"token_token_id_idx\"\n qb.where('token.tokenId', '=', search.tokenId!),\n )\n .$if(search.currentRefreshToken !== undefined, (qb) =>\n // uses \"token_refresh_token_unique_idx\"\n qb.where('token.currentRefreshToken', '=', search.currentRefreshToken!),\n )\n}\n\nexport const removeByDid = async (db: AccountDb, did: Did) => {\n await db.executeWithRetry(\n db.db\n .deleteFrom('token')\n // uses \"token_did_idx\" index\n .where('did', '=', did),\n )\n}\n\nexport const rotateQB = (\n db: AccountDb,\n id: number,\n newTokenId: TokenId,\n newRefreshToken: RefreshToken,\n newData: NewTokenData,\n) =>\n db.db\n .updateTable('token')\n .set({\n tokenId: newTokenId,\n currentRefreshToken: newRefreshToken,\n\n expiresAt: toDateISO(newData.expiresAt),\n updatedAt: toDateISO(newData.updatedAt),\n clientAuth: toJson(newData.clientAuth),\n scope: newData.scope,\n })\n // uses primary key index\n .where('id', '=', id)\n\nexport const removeQB = (db: AccountDb, tokenId: TokenId) =>\n // uses \"used_refresh_token_fk\" to cascade delete\n db.db.deleteFrom('token').where('tokenId', '=', tokenId)\n"]}
@@ -5,6 +5,10 @@ import { AccountDb } from '../db/index.js';
5
5
  * This is done through the foreign key constraint in the database.
6
6
  */
7
7
  export declare const insertQB: (db: AccountDb, tokenId: number, refreshToken: RefreshToken) => import("kysely").InsertQueryBuilder<import("../db/index.js").DatabaseSchema, "used_refresh_token", import("kysely").InsertResult>;
8
- export declare const findByTokenQB: (db: AccountDb, refreshToken: RefreshToken) => import("kysely").QueryBuilderWithSelection<import("kysely/dist/esm/parser/table-parser.js").From<import("../db/index.js").DatabaseSchema, "used_refresh_token">, "used_refresh_token", {}, "tokenId">;
9
- export declare const countQB: (db: AccountDb, refreshToken: RefreshToken) => import("kysely").QueryBuilderWithSelection<import("kysely/dist/esm/parser/table-parser.js").From<import("../db/index.js").DatabaseSchema, "used_refresh_token">, "used_refresh_token", {}, (qb: import("kysely").ExpressionBuilder<import("kysely/dist/esm/parser/table-parser.js").From<import("../db/index.js").DatabaseSchema, "used_refresh_token">, "used_refresh_token">) => import("kysely").AliasedAggregateFunctionBuilder<import("kysely/dist/esm/parser/table-parser.js").From<import("../db/index.js").DatabaseSchema, "used_refresh_token">, "used_refresh_token", number, "count">>;
8
+ export declare const findByTokenQB: (db: AccountDb, refreshToken: RefreshToken) => import("kysely").SelectQueryBuilder<import("../db/index.js").DatabaseSchema, "used_refresh_token", {
9
+ tokenId: number;
10
+ }>;
11
+ export declare const countQB: (db: AccountDb, refreshToken: RefreshToken) => import("kysely").SelectQueryBuilder<import("../db/index.js").DatabaseSchema, "used_refresh_token", {
12
+ count: number;
13
+ }>;
10
14
  //# sourceMappingURL=used-refresh-token.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"used-refresh-token.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/used-refresh-token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAA;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAE1C;;;GAGG;AACH,eAAO,MAAM,QAAQ,OACf,SAAS,WACJ,MAAM,gBACD,YAAY,sIAKW,CAAA;AAEvC,eAAO,MAAM,aAAa,OAAQ,SAAS,gBAAgB,YAAY,0MAKjD,CAAA;AAEtB,eAAO,MAAM,OAAO,OAAQ,SAAS,gBAAgB,YAAY,skBAKG,CAAA"}
1
+ {"version":3,"file":"used-refresh-token.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/used-refresh-token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAA;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAE1C;;;GAGG;AACH,eAAO,MAAM,QAAQ,OACf,SAAS,WACJ,MAAM,gBACD,YAAY,sIAKW,CAAA;AAEvC,eAAO,MAAM,aAAa,OAAQ,SAAS,gBAAgB,YAAY;;EAKjD,CAAA;AAEtB,eAAO,MAAM,OAAO,OAAQ,SAAS,gBAAgB,YAAY;;EAKG,CAAA"}
@@ -1,7 +1,7 @@
1
1
  import { Client } from '@did-plc/lib';
2
2
  import { Keypair } from '@atproto/crypto';
3
3
  import { HandleString } from '@atproto/lex';
4
- import { Account, AccountStore, AuthenticateAccountData, AuthorizedClientData, AuthorizedClients, ClientId, Code, DeviceAccount, DeviceData, DeviceId, DeviceStore, FoundRequestResult, LexiconData, LexiconStore, NewTokenData, RefreshToken, RequestData, RequestId, RequestStore, ResetPasswordConfirmInput, ResetPasswordRequestInput, SignUpData, Sub, TokenData, TokenId, TokenInfo, TokenStore, UpdateEmailConfirmInput, UpdateEmailRequestInput, UpdateEmailRequestOutput, UpdateHandleData, UpdateRequestData, VerifyEmailConfirmInput, VerifyEmailRequestInput } from '@atproto/oauth-provider';
4
+ import { Account, AccountStore, AuthenticateAccountData, AuthorizedClientData, AuthorizedClients, ClientId, Code, DeactivateAccountData, DeleteAccountConfirmInput, DeleteAccountRequestInput, DeviceAccount, DeviceData, DeviceId, DeviceStore, Did, FoundRequestResult, LexiconData, LexiconStore, NewTokenData, ReactivateAccountData, RefreshToken, RequestData, RequestId, RequestStore, ResetPasswordConfirmInput, ResetPasswordRequestInput, SignUpData, TokenData, TokenId, TokenInfo, TokenStore, UpdateEmailConfirmInput, UpdateEmailRequestInput, UpdateEmailRequestOutput, UpdateHandleData, UpdateRequestData, VerifyEmailConfirmInput, VerifyEmailRequestInput } from '@atproto/oauth-provider';
5
5
  import { ActorStore } from '../actor-store/actor-store.js';
6
6
  import { BackgroundQueue } from '../background.js';
7
7
  import { ImageUrlBuilder } from '../image/image-url-builder.js';
@@ -32,20 +32,20 @@ export declare class OAuthStore implements AccountStore, RequestStore, DeviceSto
32
32
  private verifyInviteCode;
33
33
  createAccount({ locale: _locale, inviteCode, handle, email, password, }: SignUpData): Promise<Account>;
34
34
  authenticateAccount({ locale: _locale, username: identifier, password, emailOtp, }: AuthenticateAccountData): Promise<Account>;
35
- setAuthorizedClient(sub: Sub, clientId: ClientId, data: AuthorizedClientData): Promise<void>;
36
- getAccount(sub: Sub): Promise<{
35
+ setAuthorizedClient(did: Did, clientId: ClientId, data: AuthorizedClientData): Promise<void>;
36
+ getAccount(did: Did): Promise<{
37
37
  account: Account;
38
38
  authorizedClients: AuthorizedClients;
39
39
  }>;
40
40
  upsertDeviceAccount(deviceId: DeviceId, sub: string): Promise<void>;
41
- getDeviceAccount(deviceId: DeviceId, sub: string): Promise<DeviceAccount | null>;
42
- removeDeviceAccount(deviceId: DeviceId, sub: Sub): Promise<void>;
41
+ getDeviceAccount(deviceId: DeviceId, did: Did): Promise<DeviceAccount | null>;
42
+ removeDeviceAccount(deviceId: DeviceId, did: Did): Promise<void>;
43
43
  listDeviceAccounts(filter: {
44
- sub: Sub;
44
+ did: Did;
45
45
  } | {
46
46
  deviceId: DeviceId;
47
47
  }): Promise<DeviceAccount[]>;
48
- resetPasswordRequest({ locale: _locale, email, }: ResetPasswordRequestInput): Promise<Account | null>;
48
+ resetPasswordRequest({ email, locale, }: ResetPasswordRequestInput): Promise<Account | null>;
49
49
  resetPasswordConfirm(data: ResetPasswordConfirmInput): Promise<Account | null>;
50
50
  verifyHandleAvailability(handle: HandleString): Promise<void>;
51
51
  createRequest(id: RequestId, data: RequestData): Promise<void>;
@@ -61,17 +61,21 @@ export declare class OAuthStore implements AccountStore, RequestStore, DeviceSto
61
61
  storeLexicon(nsid: string, data: LexiconData): Promise<void>;
62
62
  deleteLexicon(nsid: string): Promise<void>;
63
63
  createToken(id: TokenId, data: TokenData, refreshToken?: RefreshToken): Promise<void>;
64
- listAccountTokens(sub: Sub): Promise<TokenInfo[]>;
64
+ listAccountTokens(did: Did): Promise<TokenInfo[]>;
65
65
  readToken(tokenId: TokenId): Promise<TokenInfo | null>;
66
66
  deleteToken(tokenId: TokenId): Promise<void>;
67
67
  rotateToken(tokenId: TokenId, newTokenId: TokenId, newRefreshToken: RefreshToken, newData: NewTokenData): Promise<void>;
68
68
  findTokenByRefreshToken(refreshToken: RefreshToken): Promise<TokenInfo | null>;
69
69
  findTokenByCode(code: Code): Promise<TokenInfo | null>;
70
- verifyEmailRequest({ sub: did, locale, }: VerifyEmailRequestInput): Promise<void>;
71
- verifyEmailConfirm({ sub: did, email, token, }: VerifyEmailConfirmInput): Promise<Account | null>;
72
- updateEmailRequest({ sub: did, locale, }: UpdateEmailRequestInput): Promise<UpdateEmailRequestOutput>;
73
- updateEmailConfirm({ sub: did, token, email, locale, }: UpdateEmailConfirmInput): Promise<Account | null>;
74
- updateHandle({ sub: did, handle }: UpdateHandleData): Promise<Account>;
70
+ verifyEmailRequest({ did, locale, }: VerifyEmailRequestInput): Promise<void>;
71
+ verifyEmailConfirm({ did, email, token, }: VerifyEmailConfirmInput): Promise<Account | null>;
72
+ updateEmailRequest({ did, locale, }: UpdateEmailRequestInput): Promise<UpdateEmailRequestOutput>;
73
+ updateEmailConfirm({ did, token, email, locale, }: UpdateEmailConfirmInput): Promise<Account | null>;
74
+ updateHandle({ did, handle }: UpdateHandleData): Promise<Account>;
75
+ deactivateAccount({ did }: DeactivateAccountData): Promise<Account>;
76
+ reactivateAccount({ did }: ReactivateAccountData): Promise<Account>;
77
+ deleteAccountRequest({ did, locale, }: DeleteAccountRequestInput): Promise<void>;
78
+ deleteAccountConfirm({ did, token, password, }: DeleteAccountConfirmInput): Promise<void>;
75
79
  private toTokenInfo;
76
80
  private buildAccount;
77
81
  }
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-store.d.ts","sourceRoot":"","sources":["../../src/account-manager/oauth-store.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAA2B,MAAM,cAAc,CAAA;AAE9D,OAAO,EAAE,OAAO,EAAoB,MAAM,iBAAiB,CAAA;AAC3D,OAAO,EAEL,YAAY,EAKb,MAAM,cAAc,CAAA;AACrB,OAAO,EACL,OAAO,EACP,YAAY,EACZ,uBAAuB,EACvB,oBAAoB,EACpB,iBAAiB,EACjB,QAAQ,EACR,IAAI,EACJ,aAAa,EACb,UAAU,EACV,QAAQ,EACR,WAAW,EACX,kBAAkB,EAMlB,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,SAAS,EACT,YAAY,EACZ,yBAAyB,EACzB,yBAAyB,EACzB,UAAU,EACV,GAAG,EACH,SAAS,EACT,OAAO,EACP,SAAS,EACT,UAAU,EACV,uBAAuB,EACvB,uBAAuB,EACvB,wBAAwB,EACxB,gBAAgB,EAChB,iBAAiB,EACjB,uBAAuB,EACvB,uBAAuB,EACxB,MAAM,yBAAyB,CAAA;AAKhC,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAA;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAElD,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAA;AAE/D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAA;AACjD,OAAO,EAAE,cAAc,EAAwB,MAAM,sBAAsB,CAAA;AAW3E;;;;;GAKG;AACH,qBAAa,UACX,YAAW,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU;IAG1E,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAVjC,YACmB,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU,EACtB,eAAe,EAAE,eAAe,EAChC,eAAe,EAAE,eAAe,EAChC,MAAM,EAAE,YAAY,EACpB,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,OAAO,EACvB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,MAAM,GAAG,IAAI,EAC5C;IAEJ,OAAO,KAAK,EAAE,GAIb;IAED,OAAO,KAAK,UAAU,GAErB;YAEa,uBAAuB;YAavB,gBAAgB;IAYxB,aAAa,CAAC,EAClB,MAAM,EAAE,OAAO,EACf,UAAU,EACV,MAAM,EACN,KAAK,EACL,QAAQ,GACT,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,CAqG/B;IAEK,mBAAmB,CAAC,EACxB,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,UAAU,EACpB,QAAQ,EAER,QAAoB,GACrB,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,CAAC,CAiC5C;IAEK,mBAAmB,CACvB,GAAG,EAAE,GAAG,EACR,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,oBAAoB,GACzB,OAAO,CAAC,IAAI,CAAC,CAEf;IAEK,UAAU,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC;QAClC,OAAO,EAAE,OAAO,CAAA;QAChB,iBAAiB,EAAE,iBAAiB,CAAA;KACrC,CAAC,CAmBD;IAEK,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAIxE;IAEK,gBAAgB,CACpB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAkB/B;IAEK,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAIrE;IAEK,kBAAkB,CACtB,MAAM,EAAE;QAAE,GAAG,EAAE,GAAG,CAAA;KAAE,GAAG;QAAE,QAAQ,EAAE,QAAQ,CAAA;KAAE,GAC5C,OAAO,CAAC,aAAa,EAAE,CAAC,CA6B1B;IAEK,oBAAoB,CAAC,EACzB,MAAM,EAAE,OAAO,EACf,KAAK,GACN,EAAE,yBAAyB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAqBrD;IAEK,oBAAoB,CACxB,IAAI,EAAE,yBAAyB,GAC9B,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAgBzB;IAEK,wBAAwB,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAwBlE;IAIK,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAInE;IAEK,WAAW,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAe5D;IAEK,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAIzE;IAEK,aAAa,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAEhD;IAEK,kBAAkB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAKvE;IAIK,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAItE;IAEK,UAAU,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,GAAG,UAAU,CAAC,CAG/D;IAEK,YAAY,CAChB,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,GACxB,OAAO,CAAC,IAAI,CAAC,CAIf;IAEK,YAAY,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAGpD;IAIK,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAE3D;IAEK,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAEjE;IAEK,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAE/C;IAIK,WAAW,CACf,EAAE,EAAE,OAAO,EACX,IAAI,EAAE,SAAS,EACf,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,IAAI,CAAC,CAcf;IAEK,iBAAiB,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CAGtD;IAEK,SAAS,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAK3D;IAEK,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAGjD;IAEK,WAAW,CACf,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,OAAO,EACnB,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,IAAI,CAAC,CA2Bf;IAEK,uBAAuB,CAC3B,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAW3B;IAEK,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAG3D;IAEK,kBAAkB,CAAC,EACvB,GAAG,EAAE,GAAG,EACR,MAAM,GACP,EAAE,uBAAuB,GAAG,OAAO,CAAC,IAAI,CAAC,CAazC;IAEK,kBAAkB,CAAC,EACvB,GAAG,EAAE,GAAG,EACR,KAAK,EACL,KAAK,GACN,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAenD;IAEK,kBAAkB,CAAC,EACvB,GAAG,EAAE,GAAG,EACR,MAAM,GACP,EAAE,uBAAuB,GAAG,OAAO,CAAC,wBAAwB,CAAC,CAK7D;IAEK,kBAAkB,CAAC,EACvB,GAAG,EAAE,GAAG,EACR,KAAK,EACL,KAAK,EACL,MAAM,GACP,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAkBnD;IAEK,YAAY,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,CAW3E;YAEa,WAAW;YAWX,YAAY;CAiC3B"}
1
+ {"version":3,"file":"oauth-store.d.ts","sourceRoot":"","sources":["../../src/account-manager/oauth-store.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAA2B,MAAM,cAAc,CAAA;AAE9D,OAAO,EAAE,OAAO,EAAoB,MAAM,iBAAiB,CAAA;AAC3D,OAAO,EAAa,YAAY,EAAoB,MAAM,cAAc,CAAA;AACxE,OAAO,EACL,OAAO,EACP,YAAY,EACZ,uBAAuB,EACvB,oBAAoB,EACpB,iBAAiB,EACjB,QAAQ,EACR,IAAI,EACJ,qBAAqB,EACrB,yBAAyB,EACzB,yBAAyB,EACzB,aAAa,EACb,UAAU,EACV,QAAQ,EACR,WAAW,EACX,GAAG,EACH,kBAAkB,EAMlB,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,qBAAqB,EACrB,YAAY,EACZ,WAAW,EACX,SAAS,EACT,YAAY,EACZ,yBAAyB,EACzB,yBAAyB,EACzB,UAAU,EACV,SAAS,EACT,OAAO,EACP,SAAS,EACT,UAAU,EACV,uBAAuB,EACvB,uBAAuB,EACvB,wBAAwB,EACxB,gBAAgB,EAChB,iBAAiB,EACjB,uBAAuB,EACvB,uBAAuB,EACxB,MAAM,yBAAyB,CAAA;AAKhC,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAA;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAElD,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAA;AAE/D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAA;AACjD,OAAO,EAAE,cAAc,EAAwB,MAAM,sBAAsB,CAAA;AAW3E;;;;;GAKG;AACH,qBAAa,UACX,YAAW,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU;IAG1E,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAVjC,YACmB,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU,EACtB,eAAe,EAAE,eAAe,EAChC,eAAe,EAAE,eAAe,EAChC,MAAM,EAAE,YAAY,EACpB,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,OAAO,EACvB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,MAAM,GAAG,IAAI,EAC5C;IAEJ,OAAO,KAAK,EAAE,GAIb;IAED,OAAO,KAAK,UAAU,GAErB;YAEa,uBAAuB;YAavB,gBAAgB;IAYxB,aAAa,CAAC,EAClB,MAAM,EAAE,OAAO,EACf,UAAU,EACV,MAAM,EACN,KAAK,EACL,QAAQ,GACT,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,CAmG/B;IAEK,mBAAmB,CAAC,EACxB,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,UAAU,EACpB,QAAQ,EAER,QAAoB,GACrB,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,CAAC,CAiC5C;IAEK,mBAAmB,CACvB,GAAG,EAAE,GAAG,EACR,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,oBAAoB,GACzB,OAAO,CAAC,IAAI,CAAC,CAEf;IAEK,UAAU,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC;QAClC,OAAO,EAAE,OAAO,CAAA;QAChB,iBAAiB,EAAE,iBAAiB,CAAA;KACrC,CAAC,CAeD;IAEK,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAIxE;IAEK,gBAAgB,CACpB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAkB/B;IAEK,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAIrE;IAEK,kBAAkB,CACtB,MAAM,EAAE;QAAE,GAAG,EAAE,GAAG,CAAA;KAAE,GAAG;QAAE,QAAQ,EAAE,QAAQ,CAAA;KAAE,GAC5C,OAAO,CAAC,aAAa,EAAE,CAAC,CA6B1B;IAEK,oBAAoB,CAAC,EACzB,KAAK,EACL,MAAM,GACP,EAAE,yBAAyB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAoBrD;IAEK,oBAAoB,CACxB,IAAI,EAAE,yBAAyB,GAC9B,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAgBzB;IAEK,wBAAwB,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAwBlE;IAIK,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAInE;IAEK,WAAW,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAe5D;IAEK,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAIzE;IAEK,aAAa,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAEhD;IAEK,kBAAkB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAKvE;IAIK,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAItE;IAEK,UAAU,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,GAAG,UAAU,CAAC,CAG/D;IAEK,YAAY,CAChB,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,GACxB,OAAO,CAAC,IAAI,CAAC,CAIf;IAEK,YAAY,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAGpD;IAIK,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAE3D;IAEK,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAEjE;IAEK,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAE/C;IAIK,WAAW,CACf,EAAE,EAAE,OAAO,EACX,IAAI,EAAE,SAAS,EACf,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,IAAI,CAAC,CAcf;IAEK,iBAAiB,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CAGtD;IAEK,SAAS,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAK3D;IAEK,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAGjD;IAEK,WAAW,CACf,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,OAAO,EACnB,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,IAAI,CAAC,CA2Bf;IAEK,uBAAuB,CAC3B,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAW3B;IAEK,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAG3D;IAEK,kBAAkB,CAAC,EACvB,GAAG,EACH,MAAM,GACP,EAAE,uBAAuB,GAAG,OAAO,CAAC,IAAI,CAAC,CAUzC;IAEK,kBAAkB,CAAC,EACvB,GAAG,EACH,KAAK,EACL,KAAK,GACN,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAYnD;IAEK,kBAAkB,CAAC,EACvB,GAAG,EACH,MAAM,GACP,EAAE,uBAAuB,GAAG,OAAO,CAAC,wBAAwB,CAAC,CAE7D;IAEK,kBAAkB,CAAC,EACvB,GAAG,EACH,KAAK,EACL,KAAK,EACL,MAAM,GACP,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAenD;IAEK,YAAY,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,CAQtE;IAEK,iBAAiB,CAAC,EAAE,GAAG,EAAE,EAAE,qBAAqB,GAAG,OAAO,CAAC,OAAO,CAAC,CAMxE;IAEK,iBAAiB,CAAC,EAAE,GAAG,EAAE,EAAE,qBAAqB,GAAG,OAAO,CAAC,OAAO,CAAC,CAYxE;IAEK,oBAAoB,CAAC,EACzB,GAAG,EACH,MAAM,GACP,EAAE,yBAAyB,GAAG,OAAO,CAAC,IAAI,CAAC,CAuB3C;IAEK,oBAAoB,CAAC,EACzB,GAAG,EACH,KAAK,EACL,QAAQ,GACT,EAAE,yBAAyB,GAAG,OAAO,CAAC,IAAI,CAAC,CAoC3C;YAEa,WAAW;YAWX,YAAY;CAkC3B"}
@@ -1,7 +1,7 @@
1
1
  import assert from 'node:assert';
2
2
  import { createOp as createPlcOp } from '@did-plc/lib';
3
3
  import { Secp256k1Keypair } from '@atproto/crypto';
4
- import { asAtIdentifierString, getBlobCidString, isDidString, isHandleString, } from '@atproto/lex';
4
+ import { getBlobCidString } from '@atproto/lex';
5
5
  import { HandleUnavailableError, InvalidCredentialsError, InvalidInviteCodeError, InvalidRequestError, } from '@atproto/oauth-provider';
6
6
  import { AuthRequiredError as XrpcAuthRequiredError, InvalidRequestError as XrpcInvalidRequestError, } from '@atproto/xrpc-server';
7
7
  import { fromDateISO } from '../db/index.js';
@@ -66,7 +66,6 @@ export class OAuthStore {
66
66
  async createAccount({ locale: _locale, inviteCode, handle, email, password, }) {
67
67
  // @TODO Send an account creation confirmation email (+verification link) to the user (in their locale)
68
68
  // @NOTE Password strength & length already enforced by the OAuthProvider
69
- assert(isHandleString(handle), 'Handle must be a valid HandleString');
70
69
  await Promise.all([
71
70
  this.verifyEmailAvailability(email),
72
71
  this.verifyHandleAvailability(handle),
@@ -184,27 +183,25 @@ export class OAuthStore {
184
183
  throw err;
185
184
  }
186
185
  }
187
- async setAuthorizedClient(sub, clientId, data) {
188
- await authorizedClientHelper.upsert(this.db, sub, clientId, data);
186
+ async setAuthorizedClient(did, clientId, data) {
187
+ await authorizedClientHelper.upsert(this.db, did, clientId, data);
189
188
  }
190
- async getAccount(sub) {
191
- const accountRow = await this.accountManager.getAccount(
192
- // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
193
- asAtIdentifierString(sub), {
189
+ async getAccount(did) {
190
+ const accountRow = await this.accountManager.getAccount(did, {
194
191
  includeDeactivated: true,
195
192
  includeTakenDown: false,
196
193
  });
197
194
  assert(accountRow, 'Account not found');
198
195
  const account = await this.buildAccount(accountRow);
199
- const authorizedClients = await authorizedClientHelper.getAuthorizedClients(this.db, sub);
196
+ const authorizedClients = await authorizedClientHelper.getAuthorizedClients(this.db, did);
200
197
  return { account, authorizedClients };
201
198
  }
202
199
  async upsertDeviceAccount(deviceId, sub) {
203
200
  await this.db.executeWithRetry(accountDeviceHelper.upsertQB(this.db, deviceId, sub));
204
201
  }
205
- async getDeviceAccount(deviceId, sub) {
202
+ async getDeviceAccount(deviceId, did) {
206
203
  const row = await accountDeviceHelper
207
- .selectQB(this.db, { deviceId, sub })
204
+ .selectQB(this.db, { deviceId, did })
208
205
  .executeTakeFirst();
209
206
  if (!row)
210
207
  return null;
@@ -212,13 +209,13 @@ export class OAuthStore {
212
209
  deviceId,
213
210
  deviceData: deviceHelper.rowToDeviceData(row),
214
211
  account: await this.buildAccount(row),
215
- authorizedClients: await authorizedClientHelper.getAuthorizedClients(this.db, sub),
212
+ authorizedClients: await authorizedClientHelper.getAuthorizedClients(this.db, did),
216
213
  createdAt: fromDateISO(row.adCreatedAt),
217
214
  updatedAt: fromDateISO(row.adUpdatedAt),
218
215
  };
219
216
  }
220
- async removeDeviceAccount(deviceId, sub) {
221
- await this.db.executeWithRetry(accountDeviceHelper.removeQB(this.db, deviceId, sub));
217
+ async removeDeviceAccount(deviceId, did) {
218
+ await this.db.executeWithRetry(accountDeviceHelper.removeQB(this.db, deviceId, did));
222
219
  }
223
220
  async listDeviceAccounts(filter) {
224
221
  const rows = await accountDeviceHelper.selectQB(this.db, filter).execute();
@@ -238,7 +235,7 @@ export class OAuthStore {
238
235
  updatedAt: fromDateISO(row.adUpdatedAt),
239
236
  }));
240
237
  }
241
- async resetPasswordRequest({ locale: _locale, email, }) {
238
+ async resetPasswordRequest({ email, locale, }) {
242
239
  const account = await this.accountManager.getAccountByEmail(email, {
243
240
  includeDeactivated: true,
244
241
  includeTakenDown: false,
@@ -247,8 +244,7 @@ export class OAuthStore {
247
244
  return null;
248
245
  const { handle } = account;
249
246
  const token = await this.accountManager.createEmailToken(account.did, 'reset_password');
250
- // @TODO Use the locale to send the email in the right language
251
- await this.mailer.sendResetPassword({ handle, token }, { to: account.email });
247
+ await this.mailer.sendResetPassword({ handle, token, locale }, { to: account.email });
252
248
  return this.buildAccount(account);
253
249
  }
254
250
  async resetPasswordConfirm(data) {
@@ -360,8 +356,8 @@ export class OAuthStore {
360
356
  return tokenHelper.createQB(dbTxn, id, data, refreshToken).execute();
361
357
  });
362
358
  }
363
- async listAccountTokens(sub) {
364
- const rows = await tokenHelper.findByQB(this.db, { did: sub }).execute();
359
+ async listAccountTokens(did) {
360
+ const rows = await tokenHelper.findByQB(this.db, { did }).execute();
365
361
  return Promise.all(rows.map((row) => this.toTokenInfo(row)));
366
362
  }
367
363
  async readToken(tokenId) {
@@ -412,9 +408,7 @@ export class OAuthStore {
412
408
  const row = await tokenHelper.findByQB(this.db, { code }).executeTakeFirst();
413
409
  return row ? this.toTokenInfo(row) : null;
414
410
  }
415
- async verifyEmailRequest({ sub: did, locale, }) {
416
- // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
417
- assert(isDidString(did), 'sub must be a valid DID string');
411
+ async verifyEmailRequest({ did, locale, }) {
418
412
  try {
419
413
  await this.accountManager.requestEmailConfirmation(did, { locale });
420
414
  }
@@ -425,9 +419,7 @@ export class OAuthStore {
425
419
  throw err;
426
420
  }
427
421
  }
428
- async verifyEmailConfirm({ sub: did, email, token, }) {
429
- // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
430
- assert(isDidString(did), 'sub must be a valid DID string');
422
+ async verifyEmailConfirm({ did, email, token, }) {
431
423
  try {
432
424
  const account = await this.accountManager.confirmEmail(did, email, token);
433
425
  return this.buildAccount(account);
@@ -439,14 +431,10 @@ export class OAuthStore {
439
431
  throw err;
440
432
  }
441
433
  }
442
- async updateEmailRequest({ sub: did, locale, }) {
443
- // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
444
- assert(isDidString(did), 'sub must be a valid DID string');
434
+ async updateEmailRequest({ did, locale, }) {
445
435
  return this.accountManager.requestEmailUpdate(did, { locale });
446
436
  }
447
- async updateEmailConfirm({ sub: did, token, email, locale, }) {
448
- // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
449
- assert(isDidString(did), 'sub must be a valid DID string');
437
+ async updateEmailConfirm({ did, token, email, locale, }) {
450
438
  try {
451
439
  const account = await this.accountManager.updateEmail(did, email, token, {
452
440
  sendConfirmationEmail: true,
@@ -461,9 +449,7 @@ export class OAuthStore {
461
449
  throw cause;
462
450
  }
463
451
  }
464
- async updateHandle({ sub: did, handle }) {
465
- // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
466
- assert(isDidString(did), 'sub must be a valid DID string');
452
+ async updateHandle({ did, handle }) {
467
453
  try {
468
454
  const account = await this.accountManager.updateHandle(did, handle);
469
455
  return this.buildAccount(account);
@@ -472,6 +458,69 @@ export class OAuthStore {
472
458
  throw toHandleUnavailableError(err);
473
459
  }
474
460
  }
461
+ async deactivateAccount({ did }) {
462
+ const { account } = await this.accountManager.deactivateAccount(did, {
463
+ deleteCredentials: true,
464
+ });
465
+ return this.buildAccount(account);
466
+ }
467
+ async reactivateAccount({ did }) {
468
+ try {
469
+ const { account } = await this.accountManager.activateAccount(did);
470
+ return this.buildAccount(account);
471
+ }
472
+ catch (err) {
473
+ if (err instanceof XrpcInvalidRequestError) {
474
+ throw new InvalidRequestError(err.message, err);
475
+ }
476
+ throw err;
477
+ }
478
+ }
479
+ async deleteAccountRequest({ did, locale, }) {
480
+ // Mirror the XRPC `com.atproto.server.requestAccountDelete` flow
481
+ // (no-entryway path): generate an email confirmation token and dispatch
482
+ // it to the account's email address.
483
+ const account = await this.accountManager.getAccount(did, {
484
+ includeDeactivated: true,
485
+ includeTakenDown: true,
486
+ });
487
+ if (!account) {
488
+ throw new InvalidRequestError('Account not found');
489
+ }
490
+ if (!account.email) {
491
+ throw new InvalidRequestError('Account does not have an email address');
492
+ }
493
+ const token = await this.accountManager.createEmailToken(did, 'delete_account');
494
+ await this.mailer.sendAccountDelete({ token, locale }, { to: account.email });
495
+ }
496
+ async deleteAccountConfirm({ did, token, password, }) {
497
+ // Mirror the XRPC `com.atproto.server.deleteAccount` flow (no-entryway
498
+ // path): verify the password, validate the email confirmation token,
499
+ // destroy the actor store, delete the account row, and emit the
500
+ // tombstone account event.
501
+ const account = await this.accountManager.getAccount(did, {
502
+ includeDeactivated: true,
503
+ includeTakenDown: true,
504
+ });
505
+ if (!account) {
506
+ throw new InvalidRequestError('Account not found');
507
+ }
508
+ const validPass = await this.accountManager.verifyAccountPassword(did, password);
509
+ if (!validPass) {
510
+ throw new InvalidCredentialsError('Invalid did or password', did);
511
+ }
512
+ await this.accountManager.assertValidEmailToken(did, 'delete_account', token);
513
+ // @NOTE Order matters here: first "unlink" the account by removing it
514
+ // from the account manager database ("source of truth"), then notify the
515
+ // sequencer, and finally cleanup files from the file system.
516
+ await this.accountManager.deleteAccount(did);
517
+ try {
518
+ await this.sequencer.sequenceAccountDeletion(did);
519
+ }
520
+ finally {
521
+ await this.actorStore.destroy(did);
522
+ }
523
+ }
475
524
  async toTokenInfo(row) {
476
525
  return {
477
526
  id: row.tokenId,
@@ -482,14 +531,15 @@ export class OAuthStore {
482
531
  }
483
532
  async buildAccount(row) {
484
533
  const account = {
485
- sub: row.did,
486
- aud: this.serviceDid,
534
+ did: row.did,
535
+ pds: this.serviceDid,
487
536
  email: row.email || undefined,
488
- email_verified: row.email ? row.emailConfirmedAt != null : undefined,
489
- preferred_username: row.handle || undefined,
537
+ emailVerified: row.email ? row.emailConfirmedAt != null : undefined,
538
+ handle: row.handle || undefined,
539
+ deactivated: row.deactivatedAt != null,
490
540
  };
491
541
  if (!account.name || !account.picture) {
492
- const did = account.sub;
542
+ const { did } = account;
493
543
  const profile = await this.actorStore
494
544
  .read(did, async (store) => {
495
545
  return store.record.getProfileRecord();