@atproto/pds 0.5.5 → 0.5.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +31 -0
- package/dist/account-manager/account-manager.d.ts +51 -13
- package/dist/account-manager/account-manager.d.ts.map +1 -1
- package/dist/account-manager/account-manager.js +86 -26
- package/dist/account-manager/account-manager.js.map +1 -1
- package/dist/account-manager/db/migrations/005-oauth-account-management.d.ts.map +1 -1
- package/dist/account-manager/db/migrations/005-oauth-account-management.js +3 -4
- package/dist/account-manager/db/migrations/005-oauth-account-management.js.map +1 -1
- package/dist/account-manager/db/schema/authorization-request.d.ts +2 -2
- package/dist/account-manager/db/schema/authorization-request.d.ts.map +1 -1
- package/dist/account-manager/db/schema/authorization-request.js.map +1 -1
- package/dist/account-manager/db/schema/authorized-client.d.ts +2 -2
- package/dist/account-manager/db/schema/authorized-client.d.ts.map +1 -1
- package/dist/account-manager/db/schema/authorized-client.js.map +1 -1
- package/dist/account-manager/db/schema/token.d.ts +2 -2
- package/dist/account-manager/db/schema/token.d.ts.map +1 -1
- package/dist/account-manager/db/schema/token.js.map +1 -1
- package/dist/account-manager/helpers/account-device.d.ts +23 -196
- package/dist/account-manager/helpers/account-device.d.ts.map +1 -1
- package/dist/account-manager/helpers/account-device.js +3 -3
- package/dist/account-manager/helpers/account-device.js.map +1 -1
- package/dist/account-manager/helpers/account.d.ts +14 -4
- package/dist/account-manager/helpers/account.d.ts.map +1 -1
- package/dist/account-manager/helpers/account.js +17 -11
- package/dist/account-manager/helpers/account.js.map +1 -1
- package/dist/account-manager/helpers/auth.js +1 -1
- package/dist/account-manager/helpers/auth.js.map +1 -1
- package/dist/account-manager/helpers/authorization-request.d.ts +83 -5
- package/dist/account-manager/helpers/authorization-request.d.ts.map +1 -1
- package/dist/account-manager/helpers/authorization-request.js +8 -8
- package/dist/account-manager/helpers/authorization-request.js.map +1 -1
- package/dist/account-manager/helpers/authorized-client.d.ts +5 -4
- package/dist/account-manager/helpers/authorized-client.d.ts.map +1 -1
- package/dist/account-manager/helpers/authorized-client.js +3 -0
- package/dist/account-manager/helpers/authorized-client.js.map +1 -1
- package/dist/account-manager/helpers/device.d.ts +9 -3
- package/dist/account-manager/helpers/device.d.ts.map +1 -1
- package/dist/account-manager/helpers/device.js +4 -4
- package/dist/account-manager/helpers/device.js.map +1 -1
- package/dist/account-manager/helpers/invite.d.ts +35 -2
- package/dist/account-manager/helpers/invite.d.ts.map +1 -1
- package/dist/account-manager/helpers/lexicon.d.ts.map +1 -1
- package/dist/account-manager/helpers/lexicon.js +6 -0
- package/dist/account-manager/helpers/lexicon.js.map +1 -1
- package/dist/account-manager/helpers/password.d.ts +1 -0
- package/dist/account-manager/helpers/password.d.ts.map +1 -1
- package/dist/account-manager/helpers/password.js +3 -0
- package/dist/account-manager/helpers/password.js.map +1 -1
- package/dist/account-manager/helpers/token.d.ts +72 -1031
- package/dist/account-manager/helpers/token.d.ts.map +1 -1
- package/dist/account-manager/helpers/token.js +13 -10
- package/dist/account-manager/helpers/token.js.map +1 -1
- package/dist/account-manager/helpers/used-refresh-token.d.ts +6 -2
- package/dist/account-manager/helpers/used-refresh-token.d.ts.map +1 -1
- package/dist/account-manager/oauth-store.d.ts +17 -13
- package/dist/account-manager/oauth-store.d.ts.map +1 -1
- package/dist/account-manager/oauth-store.js +89 -39
- package/dist/account-manager/oauth-store.js.map +1 -1
- package/dist/actor-store/blob/reader.d.ts.map +1 -1
- package/dist/actor-store/blob/reader.js +2 -3
- package/dist/actor-store/blob/reader.js.map +1 -1
- package/dist/actor-store/record/reader.js +3 -3
- package/dist/actor-store/record/reader.js.map +1 -1
- package/dist/actor-store/repo/sql-repo-reader.d.ts +5 -1
- package/dist/actor-store/repo/sql-repo-reader.d.ts.map +1 -1
- package/dist/actor-store/repo/sql-repo-reader.js.map +1 -1
- package/dist/api/com/atproto/admin/updateSubjectStatus.d.ts.map +1 -1
- package/dist/api/com/atproto/admin/updateSubjectStatus.js +12 -4
- package/dist/api/com/atproto/admin/updateSubjectStatus.js.map +1 -1
- package/dist/api/com/atproto/server/activateAccount.d.ts.map +1 -1
- package/dist/api/com/atproto/server/activateAccount.js +25 -31
- package/dist/api/com/atproto/server/activateAccount.js.map +1 -1
- package/dist/api/com/atproto/server/deactivateAccount.d.ts.map +1 -1
- package/dist/api/com/atproto/server/deactivateAccount.js +3 -4
- package/dist/api/com/atproto/server/deactivateAccount.js.map +1 -1
- package/dist/api/com/atproto/server/deleteAccount.d.ts.map +1 -1
- package/dist/api/com/atproto/server/deleteAccount.js +51 -37
- package/dist/api/com/atproto/server/deleteAccount.js.map +1 -1
- package/dist/api/com/atproto/server/util.d.ts +25 -6
- package/dist/api/com/atproto/server/util.d.ts.map +1 -1
- package/dist/api/com/atproto/server/util.js.map +1 -1
- package/dist/background.d.ts +12 -6
- package/dist/background.d.ts.map +1 -1
- package/dist/background.js +32 -13
- package/dist/background.js.map +1 -1
- package/dist/config/config.d.ts +2 -1
- package/dist/config/config.d.ts.map +1 -1
- package/dist/config/config.js +4 -1
- package/dist/config/config.js.map +1 -1
- package/dist/context.d.ts.map +1 -1
- package/dist/context.js +5 -32
- package/dist/context.js.map +1 -1
- package/dist/db/migrator.d.ts +4 -3
- package/dist/db/migrator.d.ts.map +1 -1
- package/dist/db/migrator.js +1 -1
- package/dist/db/migrator.js.map +1 -1
- package/dist/db/pagination.d.ts +2 -1
- package/dist/db/pagination.d.ts.map +1 -1
- package/dist/db/pagination.js +2 -2
- package/dist/db/pagination.js.map +1 -1
- package/dist/db/util.d.ts +3 -3
- package/dist/db/util.d.ts.map +1 -1
- package/dist/db/util.js.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +33 -11
- package/dist/index.js.map +1 -1
- package/dist/lexicons/app/bsky/notification/defs.defs.d.ts +5 -0
- package/dist/lexicons/app/bsky/notification/defs.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/notification/defs.defs.js +1 -0
- package/dist/lexicons/app/bsky/notification/defs.defs.js.map +1 -1
- package/dist/lexicons/chat/bsky/notification/defs.d.ts +2 -0
- package/dist/lexicons/chat/bsky/notification/defs.d.ts.map +1 -0
- package/dist/lexicons/chat/bsky/notification/defs.defs.d.ts +20 -0
- package/dist/lexicons/chat/bsky/notification/defs.defs.d.ts.map +1 -0
- package/dist/lexicons/chat/bsky/notification/defs.defs.js +19 -0
- package/dist/lexicons/chat/bsky/notification/defs.defs.js.map +1 -0
- package/dist/lexicons/chat/bsky/notification/defs.js +5 -0
- package/dist/lexicons/chat/bsky/notification/defs.js.map +1 -0
- package/dist/lexicons/chat/bsky/notification/getPreferences.d.ts +3 -0
- package/dist/lexicons/chat/bsky/notification/getPreferences.d.ts.map +1 -0
- package/dist/lexicons/chat/bsky/notification/getPreferences.defs.d.ts +18 -0
- package/dist/lexicons/chat/bsky/notification/getPreferences.defs.d.ts.map +1 -0
- package/dist/lexicons/chat/bsky/notification/getPreferences.defs.js +16 -0
- package/dist/lexicons/chat/bsky/notification/getPreferences.defs.js.map +1 -0
- package/dist/lexicons/chat/bsky/notification/getPreferences.js +6 -0
- package/dist/lexicons/chat/bsky/notification/getPreferences.js.map +1 -0
- package/dist/lexicons/chat/bsky/notification/putPreferences.d.ts +3 -0
- package/dist/lexicons/chat/bsky/notification/putPreferences.d.ts.map +1 -0
- package/dist/lexicons/chat/bsky/notification/putPreferences.defs.d.ts +27 -0
- package/dist/lexicons/chat/bsky/notification/putPreferences.defs.d.ts.map +1 -0
- package/dist/lexicons/chat/bsky/notification/putPreferences.defs.js +22 -0
- package/dist/lexicons/chat/bsky/notification/putPreferences.defs.js.map +1 -0
- package/dist/lexicons/chat/bsky/notification/putPreferences.js +6 -0
- package/dist/lexicons/chat/bsky/notification/putPreferences.js.map +1 -0
- package/dist/lexicons/chat/bsky/notification.d.ts +4 -0
- package/dist/lexicons/chat/bsky/notification.d.ts.map +1 -0
- package/dist/lexicons/chat/bsky/notification.js +7 -0
- package/dist/lexicons/chat/bsky/notification.js.map +1 -0
- package/dist/lexicons/chat/bsky.d.ts +1 -0
- package/dist/lexicons/chat/bsky.d.ts.map +1 -1
- package/dist/lexicons/chat/bsky.js +1 -0
- package/dist/lexicons/chat/bsky.js.map +1 -1
- package/dist/lexicons/tools/ozone/report/defs.defs.d.ts +4 -0
- package/dist/lexicons/tools/ozone/report/defs.defs.d.ts.map +1 -1
- package/dist/lexicons/tools/ozone/report/defs.defs.js +2 -0
- package/dist/lexicons/tools/ozone/report/defs.defs.js.map +1 -1
- package/dist/lexicons/tools/ozone/report/queryActivities.d.ts +3 -0
- package/dist/lexicons/tools/ozone/report/queryActivities.d.ts.map +1 -0
- package/dist/lexicons/tools/ozone/report/queryActivities.defs.d.ts +42 -0
- package/dist/lexicons/tools/ozone/report/queryActivities.defs.d.ts.map +1 -0
- package/dist/lexicons/tools/ozone/report/queryActivities.defs.js +31 -0
- package/dist/lexicons/tools/ozone/report/queryActivities.defs.js.map +1 -0
- package/dist/lexicons/tools/ozone/report/queryActivities.js +6 -0
- package/dist/lexicons/tools/ozone/report/queryActivities.js.map +1 -0
- package/dist/lexicons/tools/ozone/report.d.ts +1 -0
- package/dist/lexicons/tools/ozone/report.d.ts.map +1 -1
- package/dist/lexicons/tools/ozone/report.js +1 -0
- package/dist/lexicons/tools/ozone/report.js.map +1 -1
- package/dist/mailer/index.d.ts +2 -0
- package/dist/mailer/index.d.ts.map +1 -1
- package/dist/mailer/index.js +2 -0
- package/dist/mailer/index.js.map +1 -1
- package/dist/pipethrough.d.ts +3 -0
- package/dist/pipethrough.d.ts.map +1 -1
- package/dist/pipethrough.js +32 -0
- package/dist/pipethrough.js.map +1 -1
- package/dist/scripts/sequencer-recovery/recovery-db.js.map +1 -1
- package/dist/sequencer/events.d.ts.map +1 -1
- package/dist/sequencer/events.js +6 -13
- package/dist/sequencer/events.js.map +1 -1
- package/dist/sequencer/sequencer.d.ts +1 -1
- package/dist/sequencer/sequencer.d.ts.map +1 -1
- package/dist/sequencer/sequencer.js.map +1 -1
- package/package.json +14 -14
- package/src/account-manager/account-manager.ts +135 -36
- package/src/account-manager/db/migrations/005-oauth-account-management.ts +6 -5
- package/src/account-manager/db/schema/authorization-request.ts +2 -1
- package/src/account-manager/db/schema/authorized-client.ts +6 -2
- package/src/account-manager/db/schema/token.ts +2 -2
- package/src/account-manager/helpers/account-device.ts +5 -11
- package/src/account-manager/helpers/account.ts +39 -16
- package/src/account-manager/helpers/auth.ts +2 -2
- package/src/account-manager/helpers/authorization-request.ts +12 -8
- package/src/account-manager/helpers/authorized-client.ts +12 -6
- package/src/account-manager/helpers/device.ts +4 -4
- package/src/account-manager/helpers/lexicon.ts +8 -3
- package/src/account-manager/helpers/password.ts +6 -0
- package/src/account-manager/helpers/token.ts +17 -11
- package/src/account-manager/oauth-store.ts +129 -61
- package/src/actor-store/blob/reader.ts +8 -5
- package/src/actor-store/record/reader.ts +3 -3
- package/src/actor-store/repo/sql-repo-reader.ts +1 -1
- package/src/api/com/atproto/admin/updateSubjectStatus.ts +16 -4
- package/src/api/com/atproto/server/activateAccount.ts +27 -49
- package/src/api/com/atproto/server/deactivateAccount.ts +3 -7
- package/src/api/com/atproto/server/deleteAccount.ts +60 -43
- package/src/api/com/atproto/server/util.ts +24 -7
- package/src/background.ts +49 -18
- package/src/config/config.ts +7 -2
- package/src/context.ts +6 -40
- package/src/db/migrator.ts +2 -1
- package/src/db/pagination.ts +7 -7
- package/src/db/util.ts +5 -2
- package/src/index.ts +31 -13
- package/src/mailer/index.ts +4 -2
- package/src/pipethrough.ts +38 -1
- package/src/scripts/sequencer-recovery/recovery-db.ts +1 -1
- package/src/sequencer/events.ts +8 -13
- package/src/sequencer/sequencer.ts +1 -3
- package/tests/_util.ts +8 -25
- package/tests/account-deactivation.test.ts +1 -1
- package/tests/account-deletion.test.ts +1 -1
- package/tests/account-manager.test.ts +79 -0
- package/tests/account-migration.test.ts +2 -2
- package/tests/account-status.test.ts +206 -0
- package/tests/account.test.ts +1 -1
- package/tests/app-passwords.test.ts +1 -1
- package/tests/auth.test.ts +1 -1
- package/tests/blob-deletes.test.ts +1 -1
- package/tests/create-post.test.ts +1 -1
- package/tests/crud.test.ts +1 -1
- package/tests/db.test.ts +4 -4
- package/tests/email-confirmation.test.ts +1 -1
- package/tests/file-uploads.test.ts +2 -2
- package/tests/get-service-auth.test.ts +1 -1
- package/tests/handles.test.ts +1 -1
- package/tests/invite-codes.test.ts +1 -1
- package/tests/invites-admin.test.ts +1 -1
- package/tests/moderation.test.ts +1 -1
- package/tests/moderator-auth.test.ts +1 -1
- package/tests/oauth.test.ts +91 -0
- package/tests/plc-operations.test.ts +1 -1
- package/tests/preferences.test.ts +1 -1
- package/tests/proxied/admin.test.ts +1 -1
- package/tests/proxied/feedgen.test.ts +1 -1
- package/tests/proxied/notif.test.ts +6 -13
- package/tests/proxied/procedures.test.ts +1 -1
- package/tests/proxied/proxy-catchall.test.ts +9 -8
- package/tests/proxied/proxy-header.test.ts +12 -8
- package/tests/proxied/proxy-oauth-aud.test.ts +17 -10
- package/tests/proxied/read-after-write.test.ts +4 -5
- package/tests/proxied/views.test.ts +1 -1
- package/tests/races.test.ts +1 -1
- package/tests/rate-limits.test.ts +1 -1
- package/tests/recovery.test.ts +1 -1
- package/tests/seeds/basic.ts +2 -2
- package/tests/seeds/users.ts +4 -1
- package/tests/sequencer.test.ts +1 -1
- package/tests/server.test.ts +9 -12
- package/tests/sync/invertible-ops.test.ts +1 -1
- package/tests/sync/list.test.ts +1 -1
- package/tests/sync/subscribe-repos.test.ts +1 -1
- package/tests/sync/sync.test.ts +1 -1
- package/tests/takedown-appeal.test.ts +1 -1
- package/tsconfig.build.tsbuildinfo +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"account.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/account.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAA;AACrC,OAAO,EAKL,qBAAqB,EACrB,eAAe,GAChB,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAA;AAI9E,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IAE/C,YACE,OAAO,GAAG,qEAAqE,EAC/E,OAAsB;QAEtB,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QALzB,SAAI,GAAG,wBAAwB,CAAA;IAM/B,CAAC;CACF;AAaD,MAAM,CAAN,IAAY,aAMX;AAND,WAAY,aAAa;IACvB,kCAAiB,CAAA;IACjB,wCAAuB,CAAA;IACvB,wCAAuB,CAAA;IACvB,oCAAmB,CAAA;IACnB,4CAA2B,CAAA;AAC7B,CAAC,EANW,aAAa,KAAb,aAAa,QAMxB;AAED,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,EAAa,EAAE,KAAyB,EAAE,EAAE;IAC1E,MAAM,EAAE,gBAAgB,GAAG,KAAK,EAAE,kBAAkB,GAAG,KAAK,EAAE,GAAG,KAAK,IAAI,EAAE,CAAA;IAC5E,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,OAAO,CAAA;IAC7B,OAAO,EAAE,CAAC,EAAE;SACT,UAAU,CAAC,OAAO,CAAC;SACnB,QAAQ,CAAC,SAAS,EAAE,WAAW,EAAE,aAAa,CAAC;SAC/C,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,CAAC,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;SAC3E,EAAE,CAAC,CAAC,kBAAkB,EAAE,CAAC,EAAE,EAAE,EAAE,CAC9B,EAAE,CAAC,KAAK,CAAC,qBAAqB,EAAE,IAAI,EAAE,IAAI,CAAC,CAC5C;SACA,MAAM,CAAC;QACN,WAAW;QACX,cAAc;QACd,iBAAiB;QACjB,mBAAmB;QACnB,qBAAqB;QACrB,mBAAmB;QACnB,eAAe;QACf,0BAA0B;QAC1B,yBAAyB;KAC1B,CAAC,CAAA;AACN,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,UAAU,GAAG,KAAK,EAC7B,EAAa,EACb,WAA+B,EAC/B,KAAyB,EACK,EAAE;IAChC,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,EAAE,EAAE,KAAK,CAAC;SAC3C,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;QACZ,IAAI,eAAe,CAAC,WAAW,CAAC,EAAE,CAAC;YACjC,OAAO,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;QAChD,CAAC;aAAM,CAAC;YACN,OAAO,EAAE,CAAC,KAAK,CAAC,cAAc,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;QACnD,CAAC;IACH,CAAC,CAAC;SACD,gBAAgB,EAAE,CAAA;IACrB,OAAO,KAAK,IAAI,IAAI,CAAA;AACtB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,KAAK,EAC9B,EAAa,EACb,IAAiB,EACjB,KAAyB,EACW,EAAE;IACtC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAwB,CAAA;IAE/C,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,EAAE,EAAE,KAAK,CAAC;SAC9C,KAAK,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,CAAC;SAC9B,OAAO,EAAE,CAAA;IAEZ,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC3B,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;IACnC,CAAC,CAAC,CAAA;IAEF,OAAO,OAAO,CAAA;AAChB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,EAAa,EACb,KAAa,EACb,KAAyB,EACK,EAAE;IAChC,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,EAAE,EAAE,KAAK,CAAC;SAC3C,KAAK,CAAC,OAAO,EAAE,GAAG,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;SACxC,gBAAgB,EAAE,CAAA;IACrB,OAAO,KAAK,IAAI,IAAI,CAAA;AACtB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAChC,EAAa,EACb,IAIC,EACD,EAAE;IACF,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,IAAI,CAAA;IACzC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IACtB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAA;IAC7C,MAAM,CAAC,UAAU,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAC5C,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,OAAO,CAAC;SACnB,MAAM,CAAC;QACN,GAAG;QACH,MAAM;QACN,SAAS;QACT,aAAa,EAAE,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI;QAC7C,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI;KACxE,CAAC;SACD,UAAU,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;SAClC,SAAS,CAAC,KAAK,CAAC,CACpB,CAAA;IACD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,sBAAsB,EAAE,CAAA;IACpC,CAAC;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,EAClC,EAAa,EACb,IAIC,EACD,EAAE;IACF,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,cAAc,EAAE,GAAG,IAAI,CAAA;IAC3C,MAAM,CAAC,UAAU,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAC5C,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,SAAS,CAAC;SACrB,MAAM,CAAC;QACN,GAAG;QACH,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE;QAC1B,cAAc;KACf,CAAC;SACD,UAAU,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;SAClC,SAAS,CAAC,KAAK,CAAC,CACpB,CAAA;IACD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,sBAAsB,EAAE,CAAA;IACpC,CAAC;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAChC,EAAa,EACb,GAAc,EACC,EAAE;IACjB,6EAA6E;IAC7E,2DAA2D;IAC3D,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CACrD,CAAA;IACD,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CACvD,CAAA;IACD,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CACzD,CAAA;IACD,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,aAAa,EAAE,GAAG,EAAE,GAAG,CAAC,CAC3D,CAAA;IACD,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,GAAG,CAAC,CACvD,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAC/B,EAAa,EACb,GAAc,EACd,MAAoB,EACpB,EAAE;IACF,6EAA6E;IAC7E,wDAAwD;IACxD,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CACrC,EAAE,CAAC,EAAE;SACF,WAAW,CAAC,OAAO,CAAC;SACpB,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;SACf,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,cAAc,CACb,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,OAAO,CAAC;SACnB,KAAK,CAAC,QAAQ,EAAE,GAAG,EAAE,MAAM,CAAC;SAC5B,KAAK,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,CAAC;SACvB,SAAS,EAAE,CACf,CACJ,CAAA;IACD,IAAI,GAAG,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,sBAAsB,CAC9B,6DAA6D,CAC9D,CAAA;IACH,CAAC;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,KAAK,EAC9B,EAAa,EACb,GAAc,EACd,KAAa,EACb,EAAE;IACF,IAAI,CAAC;QACH,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;aACF,WAAW,CAAC,SAAS,CAAC;aACtB,GAAG,CAAC;YACH,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE;YAC1B,gBAAgB,EAAE,IAAI;SACvB,CAAC;aACD,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAC1B,CAAA;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,oBAAoB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,sBAAsB,EAAE,CAAA;QACpC,CAAC;QACD,MAAM,GAAG,CAAA;IACX,CAAC;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAG,KAAK,EACtC,EAAa,EACb,GAAc,EACd,gBAAgC,EAChC,EAAE;IACF,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,WAAW,CAAC,SAAS,CAAC;SACtB,GAAG,CAAC,EAAE,gBAAgB,EAAE,CAAC;SACzB,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAC1B,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EACxC,EAAa,EACb,GAAc,EAIN,EAAE;IACV,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,EAAE;SACpB,UAAU,CAAC,OAAO,CAAC;SACnB,MAAM,CAAC,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;SACxC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,gBAAgB,EAAE,CAAA;IACrB,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAA;IACrB,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW;QAC9B,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACzC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;IACtB,MAAM,WAAW,GAAG,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;IAC9E,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAA;AAClC,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,2BAA2B,GAAG,KAAK,EAC9C,EAAa,EACb,GAAc,EACd,QAA2C,EAC3C,EAAE;IACF,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO;QAClC,CAAC,CAAC,QAAQ,CAAC,GAAG,IAAI,qBAAqB,EAAE;QACzC,CAAC,CAAC,IAAI,CAAA;IACR,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CACvE,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,EAAa,EACb,GAAc,EACd,WAA0B,EAC1B,EAAE;IACF,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,WAAW,CAAC,OAAO,CAAC;SACpB,GAAG,CAAC;QACH,aAAa,EAAE,qBAAqB,EAAE;QACtC,WAAW;KACZ,CAAC;SACD,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAC1B,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,EAAE,EAAa,EAAE,GAAc,EAAE,EAAE;IACrE,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,WAAW,CAAC,OAAO,CAAC;SACpB,GAAG,CAAC;QACH,aAAa,EAAE,IAAI;QACnB,WAAW,EAAE,IAAI;KAClB,CAAC;SACD,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAC1B,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAG,CACjC,OAGC,EACD,EAAE;IACF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,OAAO,EAAW,CAAA;IAClE,CAAC;SAAM,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAC/B,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,SAAS,EAAW,CAAA;IACpE,CAAC;SAAM,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;QACjC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,WAAW,EAAW,CAAA;IACtE,CAAC;SAAM,CAAC;QACN,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAW,CAAA;IACrD,CAAC;AACH,CAAC,CAAA","sourcesContent":["import { DAY } from '@atproto/common'\nimport {\n AtIdentifierString,\n DatetimeString,\n DidString,\n HandleString,\n currentDatetimeString,\n isDidIdentifier,\n} from '@atproto/lex'\nimport { isErrUniqueViolation, notSoftDeletedClause } from '../../db/index.js'\nimport { com } from '../../lexicons/index.js'\nimport { AccountDb, ActorEntry } from '../db/index.js'\n\nexport class UserAlreadyExistsError extends Error {\n name = 'UserAlreadyExistsError'\n constructor(\n message = 'This email address is already in use, please use a different email.',\n options?: ErrorOptions,\n ) {\n super(message, options)\n }\n}\n\nexport type ActorAccount = ActorEntry & {\n email: string | null\n emailConfirmedAt: string | null\n invitesDisabled: 0 | 1 | null\n}\n\nexport type AvailabilityFlags = {\n includeTakenDown?: boolean\n includeDeactivated?: boolean\n}\n\nexport enum AccountStatus {\n Active = 'active',\n Takendown = 'takendown',\n Suspended = 'suspended',\n Deleted = 'deleted',\n Deactivated = 'deactivated',\n}\n\nexport const selectAccountQB = (db: AccountDb, flags?: AvailabilityFlags) => {\n const { includeTakenDown = false, includeDeactivated = false } = flags ?? {}\n const { ref } = db.db.dynamic\n return db.db\n .selectFrom('actor')\n .leftJoin('account', 'actor.did', 'account.did')\n .if(!includeTakenDown, (qb) => qb.where(notSoftDeletedClause(ref('actor'))))\n .if(!includeDeactivated, (qb) =>\n qb.where('actor.deactivatedAt', 'is', null),\n )\n .select([\n 'actor.did',\n 'actor.handle',\n 'actor.createdAt',\n 'actor.takedownRef',\n 'actor.deactivatedAt',\n 'actor.deleteAfter',\n 'account.email',\n 'account.emailConfirmedAt',\n 'account.invitesDisabled',\n ])\n}\n\nexport const getAccount = async (\n db: AccountDb,\n handleOrDid: AtIdentifierString,\n flags?: AvailabilityFlags,\n): Promise<ActorAccount | null> => {\n const found = await selectAccountQB(db, flags)\n .where((qb) => {\n if (isDidIdentifier(handleOrDid)) {\n return qb.where('actor.did', '=', handleOrDid)\n } else {\n return qb.where('actor.handle', '=', handleOrDid)\n }\n })\n .executeTakeFirst()\n return found || null\n}\n\nexport const getAccounts = async (\n db: AccountDb,\n dids: DidString[],\n flags?: AvailabilityFlags,\n): Promise<Map<string, ActorAccount>> => {\n const results = new Map<string, ActorAccount>()\n\n if (!dids.length) {\n return results\n }\n\n const accounts = await selectAccountQB(db, flags)\n .where('actor.did', 'in', dids)\n .execute()\n\n accounts.forEach((account) => {\n results.set(account.did, account)\n })\n\n return results\n}\n\nexport const getAccountByEmail = async (\n db: AccountDb,\n email: string,\n flags?: AvailabilityFlags,\n): Promise<ActorAccount | null> => {\n const found = await selectAccountQB(db, flags)\n .where('email', '=', email.toLowerCase())\n .executeTakeFirst()\n return found || null\n}\n\nexport const registerActor = async (\n db: AccountDb,\n opts: {\n did: DidString\n handle: HandleString\n deactivated?: boolean\n },\n) => {\n const { did, handle, deactivated } = opts\n const now = Date.now()\n const createdAt = new Date(now).toISOString()\n const [registered] = await db.executeWithRetry(\n db.db\n .insertInto('actor')\n .values({\n did,\n handle,\n createdAt,\n deactivatedAt: deactivated ? createdAt : null,\n deleteAfter: deactivated ? new Date(now + 3 * DAY).toISOString() : null,\n })\n .onConflict((oc) => oc.doNothing())\n .returning('did'),\n )\n if (!registered) {\n throw new UserAlreadyExistsError()\n }\n}\n\nexport const registerAccount = async (\n db: AccountDb,\n opts: {\n did: string\n email: string\n passwordScrypt: string\n },\n) => {\n const { did, email, passwordScrypt } = opts\n const [registered] = await db.executeWithRetry(\n db.db\n .insertInto('account')\n .values({\n did,\n email: email.toLowerCase(),\n passwordScrypt,\n })\n .onConflict((oc) => oc.doNothing())\n .returning('did'),\n )\n if (!registered) {\n throw new UserAlreadyExistsError()\n }\n}\n\nexport const deleteAccount = async (\n db: AccountDb,\n did: DidString,\n): Promise<void> => {\n // Not done in transaction because it would be too long, prone to contention.\n // Also, this can safely be run multiple times if it fails.\n await db.executeWithRetry(\n db.db.deleteFrom('repo_root').where('did', '=', did),\n )\n await db.executeWithRetry(\n db.db.deleteFrom('email_token').where('did', '=', did),\n )\n await db.executeWithRetry(\n db.db.deleteFrom('refresh_token').where('did', '=', did),\n )\n await db.executeWithRetry(\n db.db.deleteFrom('account').where('account.did', '=', did),\n )\n await db.executeWithRetry(\n db.db.deleteFrom('actor').where('actor.did', '=', did),\n )\n}\n\nexport const updateHandle = async (\n db: AccountDb,\n did: DidString,\n handle: HandleString,\n) => {\n // No-op if the handle is the same, but still returns 1 row affected, so that\n // it can be used to check for existence of the account.\n const [res] = await db.executeWithRetry(\n db.db\n .updateTable('actor')\n .set({ handle })\n .where('did', '=', did)\n .whereNotExists(\n db.db\n .selectFrom('actor')\n .where('handle', '=', handle)\n .where('did', '!=', did)\n .selectAll(),\n ),\n )\n if (res.numUpdatedRows < 1) {\n throw new UserAlreadyExistsError(\n 'Handle is already in use, please choose a different handle.',\n )\n }\n}\n\nexport const updateEmail = async (\n db: AccountDb,\n did: DidString,\n email: string,\n) => {\n try {\n await db.executeWithRetry(\n db.db\n .updateTable('account')\n .set({\n email: email.toLowerCase(),\n emailConfirmedAt: null,\n })\n .where('did', '=', did),\n )\n } catch (err) {\n if (isErrUniqueViolation(err)) {\n throw new UserAlreadyExistsError()\n }\n throw err\n }\n}\n\nexport const setEmailConfirmedAt = async (\n db: AccountDb,\n did: DidString,\n emailConfirmedAt: DatetimeString,\n) => {\n await db.executeWithRetry(\n db.db\n .updateTable('account')\n .set({ emailConfirmedAt })\n .where('did', '=', did),\n )\n}\n\nexport const getAccountAdminStatus = async (\n db: AccountDb,\n did: DidString,\n): Promise<{\n takedown: com.atproto.admin.defs.StatusAttr\n deactivated: com.atproto.admin.defs.StatusAttr\n} | null> => {\n const res = await db.db\n .selectFrom('actor')\n .select(['takedownRef', 'deactivatedAt'])\n .where('did', '=', did)\n .executeTakeFirst()\n if (!res) return null\n const takedown = res.takedownRef\n ? { applied: true, ref: res.takedownRef }\n : { applied: false }\n const deactivated = res.deactivatedAt ? { applied: true } : { applied: false }\n return { takedown, deactivated }\n}\n\nexport const updateAccountTakedownStatus = async (\n db: AccountDb,\n did: DidString,\n takedown: com.atproto.admin.defs.StatusAttr,\n) => {\n const takedownRef = takedown.applied\n ? takedown.ref ?? currentDatetimeString()\n : null\n await db.executeWithRetry(\n db.db.updateTable('actor').set({ takedownRef }).where('did', '=', did),\n )\n}\n\nexport const deactivateAccount = async (\n db: AccountDb,\n did: DidString,\n deleteAfter: string | null,\n) => {\n await db.executeWithRetry(\n db.db\n .updateTable('actor')\n .set({\n deactivatedAt: currentDatetimeString(),\n deleteAfter,\n })\n .where('did', '=', did),\n )\n}\n\nexport const activateAccount = async (db: AccountDb, did: DidString) => {\n await db.executeWithRetry(\n db.db\n .updateTable('actor')\n .set({\n deactivatedAt: null,\n deleteAfter: null,\n })\n .where('did', '=', did),\n )\n}\n\nexport const formatAccountStatus = (\n account: null | {\n takedownRef: string | null\n deactivatedAt: string | null\n },\n) => {\n if (!account) {\n return { active: false, status: AccountStatus.Deleted } as const\n } else if (account.takedownRef) {\n return { active: false, status: AccountStatus.Takendown } as const\n } else if (account.deactivatedAt) {\n return { active: false, status: AccountStatus.Deactivated } as const\n } else {\n return { active: true, status: undefined } as const\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"account.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/account.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAA;AACrC,OAAO,EAKL,qBAAqB,EACrB,eAAe,GAChB,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAA;AAI9E,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IAE/C,YACE,OAAO,GAAG,qEAAqE,EAC/E,OAAsB;QAEtB,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QALzB,SAAI,GAAG,wBAAwB,CAAA;IAM/B,CAAC;CACF;AAaD,MAAM,CAAN,IAAY,aAMX;AAND,WAAY,aAAa;IACvB,kCAAiB,CAAA;IACjB,wCAAuB,CAAA;IACvB,wCAAuB,CAAA;IACvB,oCAAmB,CAAA;IACnB,4CAA2B,CAAA;AAC7B,CAAC,EANW,aAAa,KAAb,aAAa,QAMxB;AAED,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,EAAa,EAAE,KAAyB,EAAE,EAAE;IAC1E,MAAM,EAAE,gBAAgB,GAAG,KAAK,EAAE,kBAAkB,GAAG,KAAK,EAAE,GAAG,KAAK,IAAI,EAAE,CAAA;IAC5E,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,OAAO,CAAA;IAC7B,OAAO,EAAE,CAAC,EAAE;SACT,UAAU,CAAC,OAAO,CAAC;SACnB,QAAQ,CAAC,SAAS,EAAE,WAAW,EAAE,aAAa,CAAC;SAC/C,GAAG,CAAC,CAAC,gBAAgB,EAAE,CAAC,EAAE,EAAE,EAAE,CAC7B,EAAE,CAAC,KAAK,CAAC,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAC7C;SACA,GAAG,CAAC,CAAC,kBAAkB,EAAE,CAAC,EAAE,EAAE,EAAE,CAC/B,EAAE,CAAC,KAAK,CAAC,qBAAqB,EAAE,IAAI,EAAE,IAAI,CAAC,CAC5C;SACA,MAAM,CAAC;QACN,WAAW;QACX,cAAc;QACd,iBAAiB;QACjB,mBAAmB;QACnB,qBAAqB;QACrB,mBAAmB;QACnB,eAAe;QACf,0BAA0B;QAC1B,yBAAyB;KAC1B,CAAC,CAAA;AACN,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,UAAU,GAAG,KAAK,EAC7B,EAAa,EACb,WAA+B,EAC/B,KAAyB,EACK,EAAE;IAChC,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,EAAE,EAAE,KAAK,CAAC;SAC3C,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;QACZ,IAAI,eAAe,CAAC,WAAW,CAAC,EAAE,CAAC;YACjC,OAAO,EAAE,CAAC,WAAW,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;QAC1C,CAAC;aAAM,CAAC;YACN,OAAO,EAAE,CAAC,cAAc,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;QAC7C,CAAC;IACH,CAAC,CAAC;SACD,gBAAgB,EAAE,CAAA;IACrB,OAAO,KAAK,IAAI,IAAI,CAAA;AACtB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,KAAK,EAC9B,EAAa,EACb,IAAiB,EACjB,KAAyB,EACW,EAAE;IACtC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAwB,CAAA;IAE/C,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,EAAE,EAAE,KAAK,CAAC;SAC9C,KAAK,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,CAAC;SAC9B,OAAO,EAAE,CAAA;IAEZ,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC3B,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;IACnC,CAAC,CAAC,CAAA;IAEF,OAAO,OAAO,CAAA;AAChB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,EAAa,EACb,KAAa,EACb,KAAyB,EACK,EAAE;IAChC,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,EAAE,EAAE,KAAK,CAAC;SAC3C,KAAK,CAAC,OAAO,EAAE,GAAG,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;SACxC,gBAAgB,EAAE,CAAA;IACrB,OAAO,KAAK,IAAI,IAAI,CAAA;AACtB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAChC,EAAa,EACb,IAIC,EACD,EAAE;IACF,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,IAAI,CAAA;IACzC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IACtB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAA;IAC7C,MAAM,CAAC,UAAU,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAC5C,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,OAAO,CAAC;SACnB,MAAM,CAAC;QACN,GAAG;QACH,MAAM;QACN,SAAS;QACT,aAAa,EAAE,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI;QAC7C,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI;KACxE,CAAC;SACD,UAAU,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;SAClC,SAAS,CAAC,KAAK,CAAC,CACpB,CAAA;IACD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,sBAAsB,EAAE,CAAA;IACpC,CAAC;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,EAClC,EAAa,EACb,IAIC,EACD,EAAE;IACF,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,cAAc,EAAE,GAAG,IAAI,CAAA;IAC3C,MAAM,CAAC,UAAU,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAC5C,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,SAAS,CAAC;SACrB,MAAM,CAAC;QACN,GAAG;QACH,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE;QAC1B,cAAc;KACf,CAAC;SACD,UAAU,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;SAClC,SAAS,CAAC,KAAK,CAAC,CACpB,CAAA;IACD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,sBAAsB,EAAE,CAAA;IACpC,CAAC;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAChC,EAAa,EACb,GAAc,EACC,EAAE;IACjB,6EAA6E;IAC7E,2DAA2D;IAC3D,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CACrD,CAAA;IACD,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CACvD,CAAA;IACD,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CACzD,CAAA;IACD,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,aAAa,EAAE,GAAG,EAAE,GAAG,CAAC,CAC3D,CAAA;IACD,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,GAAG,CAAC,CACvD,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAC/B,EAAa,EACb,GAAc,EACd,MAAoB,EACpB,EAAE;IACF,6EAA6E;IAC7E,wDAAwD;IACxD,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CACrC,EAAE,CAAC,EAAE;SACF,WAAW,CAAC,OAAO,CAAC;SACpB,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;SACf,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,KAAK,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,EAAE,CACzB,GAAG,CACD,MAAM,CACJ,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,OAAO,CAAC;SACnB,KAAK,CAAC,QAAQ,EAAE,GAAG,EAAE,MAAM,CAAC;SAC5B,KAAK,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,CAAC;SACvB,SAAS,EAAE,CACf,CACF,CACF,CACJ,CAAA;IACD,IAAI,GAAG,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,sBAAsB,CAC9B,6DAA6D,CAC9D,CAAA;IACH,CAAC;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,KAAK,EAC9B,EAAa,EACb,GAAc,EACd,KAAa,EACb,EAAE;IACF,IAAI,CAAC;QACH,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;aACF,WAAW,CAAC,SAAS,CAAC;aACtB,GAAG,CAAC;YACH,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE;YAC1B,gBAAgB,EAAE,IAAI;SACvB,CAAC;aACD,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAC1B,CAAA;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,oBAAoB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,sBAAsB,EAAE,CAAA;QACpC,CAAC;QACD,MAAM,GAAG,CAAA;IACX,CAAC;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAG,KAAK,EACtC,EAAa,EACb,GAAc,EACd,gBAAgC,EAChC,EAAE;IACF,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,WAAW,CAAC,SAAS,CAAC;SACtB,GAAG,CAAC,EAAE,gBAAgB,EAAE,CAAC;SACzB,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAC1B,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EACxC,EAAa,EACb,GAAc,EAIN,EAAE;IACV,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,EAAE;SACpB,UAAU,CAAC,OAAO,CAAC;SACnB,MAAM,CAAC,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;SACxC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,gBAAgB,EAAE,CAAA;IACrB,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAA;IACrB,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW;QAC9B,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACzC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;IACtB,MAAM,WAAW,GAAG,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;IAC9E,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAA;AAClC,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,2BAA2B,GAAG,KAAK,EAC9C,EAAa,EACb,GAAc,EACd,QAA2C,EAC3C,EAAE;IACF,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO;QAClC,CAAC,CAAC,QAAQ,CAAC,GAAG,IAAI,qBAAqB,EAAE;QACzC,CAAC,CAAC,IAAI,CAAA;IACR,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CACvE,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,EAAa,EACb,GAAc,EACd,WAA0B,EACR,EAAE;IACpB,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CACrC,EAAE,CAAC,EAAE;SACF,WAAW,CAAC,OAAO,CAAC;SACpB,GAAG,CAAC;QACH,aAAa,EAAE,qBAAqB,EAAE;QACtC,WAAW;KACZ,CAAC;SACD,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAC1B,CAAA;IAED,OAAO,GAAG,CAAC,cAAc,GAAG,CAAC,CAAA;AAC/B,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,EAClC,EAAa,EACb,GAAc,EACd,KAAyB,EACP,EAAE;IACpB,MAAM,EAAE,gBAAgB,GAAG,KAAK,EAAE,kBAAkB,GAAG,IAAI,EAAE,GAAG,KAAK,IAAI,EAAE,CAAA;IAC3E,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,OAAO,CAAA;IAE7B,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CACrC,EAAE,CAAC,EAAE;SACF,WAAW,CAAC,OAAO,CAAC;SACpB,GAAG,CAAC;QACH,aAAa,EAAE,IAAI;QACnB,WAAW,EAAE,IAAI;KAClB,CAAC;SACD,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,GAAG,CAAC,CAAC,gBAAgB,EAAE,CAAC,CAAC,EAAE,EAAE,CAC5B,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAC5C;SACA,GAAG,CAAC,CAAC,kBAAkB,EAAE,CAAC,CAAC,EAAE,EAAE,CAC9B,CAAC,CAAC,KAAK,CAAC,qBAAqB,EAAE,QAAQ,EAAE,IAAI,CAAC,CAC/C,CACJ,CAAA;IAED,OAAO,GAAG,CAAC,cAAc,GAAG,CAAC,CAAA;AAC/B,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAG,CACjC,OAGC,EACD,EAAE;IACF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,OAAO,EAAW,CAAA;IAClE,CAAC;SAAM,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAC/B,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,SAAS,EAAW,CAAA;IACpE,CAAC;SAAM,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;QACjC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,WAAW,EAAW,CAAA;IACtE,CAAC;SAAM,CAAC;QACN,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAW,CAAA;IACrD,CAAC;AACH,CAAC,CAAA","sourcesContent":["import { DAY } from '@atproto/common'\nimport {\n AtIdentifierString,\n DatetimeString,\n DidString,\n HandleString,\n currentDatetimeString,\n isDidIdentifier,\n} from '@atproto/lex'\nimport { isErrUniqueViolation, notSoftDeletedClause } from '../../db/index.js'\nimport { com } from '../../lexicons/index.js'\nimport { AccountDb, ActorEntry } from '../db/index.js'\n\nexport class UserAlreadyExistsError extends Error {\n name = 'UserAlreadyExistsError'\n constructor(\n message = 'This email address is already in use, please use a different email.',\n options?: ErrorOptions,\n ) {\n super(message, options)\n }\n}\n\nexport type ActorAccount = ActorEntry & {\n email: string | null\n emailConfirmedAt: string | null\n invitesDisabled: 0 | 1 | null\n}\n\nexport type AvailabilityFlags = {\n includeTakenDown?: boolean\n includeDeactivated?: boolean\n}\n\nexport enum AccountStatus {\n Active = 'active',\n Takendown = 'takendown',\n Suspended = 'suspended',\n Deleted = 'deleted',\n Deactivated = 'deactivated',\n}\n\nexport const selectAccountQB = (db: AccountDb, flags?: AvailabilityFlags) => {\n const { includeTakenDown = false, includeDeactivated = false } = flags ?? {}\n const { ref } = db.db.dynamic\n return db.db\n .selectFrom('actor')\n .leftJoin('account', 'actor.did', 'account.did')\n .$if(!includeTakenDown, (qb) =>\n qb.where(notSoftDeletedClause(ref('actor'))),\n )\n .$if(!includeDeactivated, (qb) =>\n qb.where('actor.deactivatedAt', 'is', null),\n )\n .select([\n 'actor.did',\n 'actor.handle',\n 'actor.createdAt',\n 'actor.takedownRef',\n 'actor.deactivatedAt',\n 'actor.deleteAfter',\n 'account.email',\n 'account.emailConfirmedAt',\n 'account.invitesDisabled',\n ])\n}\n\nexport const getAccount = async (\n db: AccountDb,\n handleOrDid: AtIdentifierString,\n flags?: AvailabilityFlags,\n): Promise<ActorAccount | null> => {\n const found = await selectAccountQB(db, flags)\n .where((eb) => {\n if (isDidIdentifier(handleOrDid)) {\n return eb('actor.did', '=', handleOrDid)\n } else {\n return eb('actor.handle', '=', handleOrDid)\n }\n })\n .executeTakeFirst()\n return found || null\n}\n\nexport const getAccounts = async (\n db: AccountDb,\n dids: DidString[],\n flags?: AvailabilityFlags,\n): Promise<Map<string, ActorAccount>> => {\n const results = new Map<string, ActorAccount>()\n\n if (!dids.length) {\n return results\n }\n\n const accounts = await selectAccountQB(db, flags)\n .where('actor.did', 'in', dids)\n .execute()\n\n accounts.forEach((account) => {\n results.set(account.did, account)\n })\n\n return results\n}\n\nexport const getAccountByEmail = async (\n db: AccountDb,\n email: string,\n flags?: AvailabilityFlags,\n): Promise<ActorAccount | null> => {\n const found = await selectAccountQB(db, flags)\n .where('email', '=', email.toLowerCase())\n .executeTakeFirst()\n return found || null\n}\n\nexport const registerActor = async (\n db: AccountDb,\n opts: {\n did: DidString\n handle: HandleString\n deactivated?: boolean\n },\n) => {\n const { did, handle, deactivated } = opts\n const now = Date.now()\n const createdAt = new Date(now).toISOString()\n const [registered] = await db.executeWithRetry(\n db.db\n .insertInto('actor')\n .values({\n did,\n handle,\n createdAt,\n deactivatedAt: deactivated ? createdAt : null,\n deleteAfter: deactivated ? new Date(now + 3 * DAY).toISOString() : null,\n })\n .onConflict((oc) => oc.doNothing())\n .returning('did'),\n )\n if (!registered) {\n throw new UserAlreadyExistsError()\n }\n}\n\nexport const registerAccount = async (\n db: AccountDb,\n opts: {\n did: string\n email: string\n passwordScrypt: string\n },\n) => {\n const { did, email, passwordScrypt } = opts\n const [registered] = await db.executeWithRetry(\n db.db\n .insertInto('account')\n .values({\n did,\n email: email.toLowerCase(),\n passwordScrypt,\n })\n .onConflict((oc) => oc.doNothing())\n .returning('did'),\n )\n if (!registered) {\n throw new UserAlreadyExistsError()\n }\n}\n\nexport const deleteAccount = async (\n db: AccountDb,\n did: DidString,\n): Promise<void> => {\n // Not done in transaction because it would be too long, prone to contention.\n // Also, this can safely be run multiple times if it fails.\n await db.executeWithRetry(\n db.db.deleteFrom('repo_root').where('did', '=', did),\n )\n await db.executeWithRetry(\n db.db.deleteFrom('email_token').where('did', '=', did),\n )\n await db.executeWithRetry(\n db.db.deleteFrom('refresh_token').where('did', '=', did),\n )\n await db.executeWithRetry(\n db.db.deleteFrom('account').where('account.did', '=', did),\n )\n await db.executeWithRetry(\n db.db.deleteFrom('actor').where('actor.did', '=', did),\n )\n}\n\nexport const updateHandle = async (\n db: AccountDb,\n did: DidString,\n handle: HandleString,\n) => {\n // No-op if the handle is the same, but still returns 1 row affected, so that\n // it can be used to check for existence of the account.\n const [res] = await db.executeWithRetry(\n db.db\n .updateTable('actor')\n .set({ handle })\n .where('did', '=', did)\n .where(({ not, exists }) =>\n not(\n exists(\n db.db\n .selectFrom('actor')\n .where('handle', '=', handle)\n .where('did', '!=', did)\n .selectAll(),\n ),\n ),\n ),\n )\n if (res.numUpdatedRows < 1) {\n throw new UserAlreadyExistsError(\n 'Handle is already in use, please choose a different handle.',\n )\n }\n}\n\nexport const updateEmail = async (\n db: AccountDb,\n did: DidString,\n email: string,\n) => {\n try {\n await db.executeWithRetry(\n db.db\n .updateTable('account')\n .set({\n email: email.toLowerCase(),\n emailConfirmedAt: null,\n })\n .where('did', '=', did),\n )\n } catch (err) {\n if (isErrUniqueViolation(err)) {\n throw new UserAlreadyExistsError()\n }\n throw err\n }\n}\n\nexport const setEmailConfirmedAt = async (\n db: AccountDb,\n did: DidString,\n emailConfirmedAt: DatetimeString,\n) => {\n await db.executeWithRetry(\n db.db\n .updateTable('account')\n .set({ emailConfirmedAt })\n .where('did', '=', did),\n )\n}\n\nexport const getAccountAdminStatus = async (\n db: AccountDb,\n did: DidString,\n): Promise<{\n takedown: com.atproto.admin.defs.StatusAttr\n deactivated: com.atproto.admin.defs.StatusAttr\n} | null> => {\n const res = await db.db\n .selectFrom('actor')\n .select(['takedownRef', 'deactivatedAt'])\n .where('did', '=', did)\n .executeTakeFirst()\n if (!res) return null\n const takedown = res.takedownRef\n ? { applied: true, ref: res.takedownRef }\n : { applied: false }\n const deactivated = res.deactivatedAt ? { applied: true } : { applied: false }\n return { takedown, deactivated }\n}\n\nexport const updateAccountTakedownStatus = async (\n db: AccountDb,\n did: DidString,\n takedown: com.atproto.admin.defs.StatusAttr,\n) => {\n const takedownRef = takedown.applied\n ? takedown.ref ?? currentDatetimeString()\n : null\n await db.executeWithRetry(\n db.db.updateTable('actor').set({ takedownRef }).where('did', '=', did),\n )\n}\n\nexport const deactivateAccount = async (\n db: AccountDb,\n did: DidString,\n deleteAfter: string | null,\n): Promise<boolean> => {\n const [res] = await db.executeWithRetry(\n db.db\n .updateTable('actor')\n .set({\n deactivatedAt: currentDatetimeString(),\n deleteAfter,\n })\n .where('did', '=', did),\n )\n\n return res.numUpdatedRows > 0\n}\n\nexport const activateAccount = async (\n db: AccountDb,\n did: DidString,\n flags?: AvailabilityFlags,\n): Promise<boolean> => {\n const { includeTakenDown = false, includeDeactivated = true } = flags ?? {}\n const { ref } = db.db.dynamic\n\n const [res] = await db.executeWithRetry(\n db.db\n .updateTable('actor')\n .set({\n deactivatedAt: null,\n deleteAfter: null,\n })\n .where('did', '=', did)\n .$if(!includeTakenDown, (q) =>\n q.where(notSoftDeletedClause(ref('actor'))),\n )\n .$if(!includeDeactivated, (q) =>\n q.where('actor.deactivatedAt', 'is not', null),\n ),\n )\n\n return res.numUpdatedRows > 0\n}\n\nexport const formatAccountStatus = (\n account: null | {\n takedownRef: string | null\n deactivatedAt: string | null\n },\n) => {\n if (!account) {\n return { active: false, status: AccountStatus.Deleted } as const\n } else if (account.takedownRef) {\n return { active: false, status: AccountStatus.Takendown } as const\n } else if (account.deactivatedAt) {\n return { active: false, status: AccountStatus.Deactivated } as const\n } else {\n return { active: true, status: undefined } as const\n }\n}\n"]}
|
|
@@ -93,7 +93,7 @@ export const addRefreshGracePeriod = async (db, opts) => {
|
|
|
93
93
|
const [res] = await db.executeWithRetry(db.db
|
|
94
94
|
.updateTable('refresh_token')
|
|
95
95
|
.where('id', '=', id)
|
|
96
|
-
.where((
|
|
96
|
+
.where((eb) => eb.or([eb('nextId', 'is', null), eb('nextId', '=', nextId)]))
|
|
97
97
|
.set({ expiresAt, nextId })
|
|
98
98
|
.returningAll());
|
|
99
99
|
if (!res) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/auth.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAA;AAEhC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAC5B,OAAO,KAAK,GAAG,MAAM,aAAa,CAAA;AAClC,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAA;AAY/C,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAAE,IAOlC,EAAE,EAAE;IACH,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,IAAI,CAAA;IAC/D,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAChD,iBAAiB,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QAChE,kBAAkB,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;KAChE,CAAC,CAAA;IACF,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;AAClC,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,IAMjC,EAAmB,EAAE;IACpB,MAAM,EACJ,GAAG,EACH,MAAM,EACN,UAAU,EACV,KAAK,GAAG,SAAS,CAAC,MAAM,EACxB,SAAS,GAAG,SAAS,GACtB,GAAG,IAAI,CAAA;IACR,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,CAAC;SACvC,kBAAkB,CAAC;QAClB,GAAG,EAAE,QAAQ,EAAE,8CAA8C;QAC7D,GAAG,EAAE,OAAO,EAAE,gCAAgC;KAC/C,CAAC;SACD,WAAW,CAAC,UAAU,CAAC;SACvB,UAAU,CAAC,GAAG,CAAC;SACf,WAAW,EAAE;SACb,iBAAiB,CAAC,SAAS,CAAC,CAAA;IAC/B,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;AAC5B,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,IAMlC,EAAmB,EAAE;IACpB,MAAM,EACJ,GAAG,EACH,MAAM,EACN,UAAU,EACV,GAAG,GAAG,iBAAiB,EAAE,EACzB,SAAS,GAAG,QAAQ,GACrB,GAAG,IAAI,CAAA;IACR,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC;SAC1D,kBAAkB,CAAC;QAClB,GAAG,EAAE,aAAa;QAClB,GAAG,EAAE,OAAO,EAAE,gCAAgC;KAC/C,CAAC;SACD,WAAW,CAAC,UAAU,CAAC;SACvB,UAAU,CAAC,GAAG,CAAC;SACf,MAAM,CAAC,GAAG,CAAC;SACX,WAAW,EAAE;SACb,iBAAiB,CAAC,SAAS,CAAC,CAAA;IAC/B,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;AAC5B,CAAC,CAAA;AAED,kHAAkH;AAClH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,GAAW,EAAE,EAAE;IAChD,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;IACjC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,KAAK,SAAS,CAAC,OAAO,EAAE,qBAAqB,CAAC,CAAA;IACnE,OAAO,KAAqB,CAAA;AAC9B,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,EAAa,EACb,OAAqB,EACrB,WAAmC,EACnC,EAAE;IACF,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CACxC,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,eAAe,CAAC;SAC3B,MAAM,CAAC;QACN,EAAE,EAAE,OAAO,CAAC,GAAG;QACf,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,eAAe,EAAE,WAAW,EAAE,IAAI;QAClC,SAAS,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;KACtD,CAAC;SACD,UAAU,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,CACtC,CAAA;IACD,OAAO,MAAM,CAAA;AACf,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,EAAE,EAAa,EAAE,EAAU,EAAE,EAAE;IACjE,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,EAAE;SACpB,UAAU,CAAC,eAAe,CAAC;SAC3B,QAAQ,CAAC,cAAc,EAAE,CAAC,IAAI,EAAE,EAAE,CACjC,IAAI;SACD,KAAK,CAAC,kBAAkB,EAAE,GAAG,EAAE,mBAAmB,CAAC;SACnD,KAAK,CAAC,mBAAmB,EAAE,GAAG,EAAE,+BAA+B,CAAC,CACpE;SACA,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC;SACpB,SAAS,CAAC,eAAe,CAAC;SAC1B,MAAM,CAAC,yBAAyB,CAAC;SACjC,gBAAgB,EAAE,CAAA;IACrB,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAA;IACrB,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,GAAG,CAAA;IACnE,OAAO;QACL,EAAE;QACF,GAAG;QACH,SAAS;QACT,MAAM;QACN,WAAW,EAAE,eAAe;YAC1B,CAAC,CAAC;gBACE,IAAI,EAAE,eAAe;gBACrB,UAAU,EAAE,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK;aAC5C;YACH,CAAC,CAAC,IAAI;KACT,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,0BAA0B,GAAG,KAAK,EAC7C,EAAa,EACb,GAAW,EACX,GAAW,EACX,EAAE;IACF,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,eAAe,CAAC;SAC3B,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,KAAK,CAAC,WAAW,EAAE,IAAI,EAAE,GAAG,CAAC,CACjC,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EACxC,EAAa,EACb,IAIC,EACD,EAAE;IACF,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;IACtC,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CACrC,EAAE,CAAC,EAAE;SACF,WAAW,CAAC,eAAe,CAAC;SAC5B,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC;SACpB,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CACf,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,GAAG,EAAE,MAAM,CAAC,CACjE;SACA,GAAG,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;SAC1B,YAAY,EAAE,CAClB,CAAA;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,sBAAsB,EAAE,CAAA;IACpC,CAAC;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EAAE,EAAa,EAAE,EAAU,EAAE,EAAE;IACpE,MAAM,CAAC,EAAE,cAAc,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CACpD,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,CACvD,CAAA;IACD,OAAO,cAAc,GAAG,CAAC,CAAA;AAC3B,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,wBAAwB,GAAG,KAAK,EAAE,EAAa,EAAE,GAAW,EAAE,EAAE;IAC3E,MAAM,CAAC,EAAE,cAAc,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CACpD,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CACzD,CAAA;IACD,OAAO,cAAc,GAAG,CAAC,CAAA;AAC3B,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,6BAA6B,GAAG,KAAK,EAChD,EAAa,EACb,GAAW,EACX,WAAmB,EACnB,EAAE;IACF,MAAM,CAAC,EAAE,cAAc,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CACpD,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,eAAe,CAAC;SAC3B,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,KAAK,CAAC,iBAAiB,EAAE,GAAG,EAAE,WAAW,CAAC,CAC9C,CAAA;IAED,OAAO,cAAc,GAAG,CAAC,CAAA;AAC3B,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,GAAG,EAAE;IACpC,OAAO,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,EAAE,QAAQ,CAAC,CAAA;AACvD,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,CACzB,WAAmC,EACnC,aAAuB,EACZ,EAAE;IACb,IAAI,aAAa;QAAE,OAAO,SAAS,CAAC,SAAS,CAAA;IAC7C,IAAI,CAAC,WAAW;QAAE,OAAO,SAAS,CAAC,MAAM,CAAA;IACzC,OAAO,WAAW,CAAC,UAAU;QAC3B,CAAC,CAAC,SAAS,CAAC,iBAAiB;QAC7B,CAAC,CAAC,SAAS,CAAC,OAAO,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,OAAO,sBAAuB,SAAQ,KAAK;CAAG","sourcesContent":["import assert from 'node:assert'\nimport { KeyObject } from 'node:crypto'\nimport * as jose from 'jose'\nimport * as ui8 from 'uint8arrays'\nimport * as crypto from '@atproto/crypto'\nimport { AuthScope } from '../../auth-scope.js'\nimport { AccountDb } from '../db/index.js'\nimport { AppPassDescript } from './password.js'\n\nexport type AuthToken = {\n scope: AuthScope\n sub: string\n exp: number\n}\n\nexport type RefreshToken = AuthToken & { scope: AuthScope.Refresh; jti: string }\n\nexport const createTokens = async (opts: {\n did: string\n jwtKey: KeyObject\n serviceDid: string\n scope?: AuthScope\n jti?: string\n expiresIn?: string | number\n}) => {\n const { did, jwtKey, serviceDid, scope, jti, expiresIn } = opts\n const [accessJwt, refreshJwt] = await Promise.all([\n createAccessToken({ did, jwtKey, serviceDid, scope, expiresIn }),\n createRefreshToken({ did, jwtKey, serviceDid, jti, expiresIn }),\n ])\n return { accessJwt, refreshJwt }\n}\n\nexport const createAccessToken = (opts: {\n did: string\n jwtKey: KeyObject\n serviceDid: string\n scope?: AuthScope\n expiresIn?: string | number\n}): Promise<string> => {\n const {\n did,\n jwtKey,\n serviceDid,\n scope = AuthScope.Access,\n expiresIn = '120mins',\n } = opts\n const signer = new jose.SignJWT({ scope })\n .setProtectedHeader({\n typ: 'at+jwt', // https://www.rfc-editor.org/rfc/rfc9068.html\n alg: 'HS256', // only symmetric keys supported\n })\n .setAudience(serviceDid)\n .setSubject(did)\n .setIssuedAt()\n .setExpirationTime(expiresIn)\n return signer.sign(jwtKey)\n}\n\nexport const createRefreshToken = (opts: {\n did: string\n jwtKey: KeyObject\n serviceDid: string\n jti?: string\n expiresIn?: string | number\n}): Promise<string> => {\n const {\n did,\n jwtKey,\n serviceDid,\n jti = getRefreshTokenId(),\n expiresIn = '90days',\n } = opts\n const signer = new jose.SignJWT({ scope: AuthScope.Refresh })\n .setProtectedHeader({\n typ: 'refresh+jwt',\n alg: 'HS256', // only symmetric keys supported\n })\n .setAudience(serviceDid)\n .setSubject(did)\n .setJti(jti)\n .setIssuedAt()\n .setExpirationTime(expiresIn)\n return signer.sign(jwtKey)\n}\n\n// @NOTE unsafe for verification, should only be used w/ direct output from createRefreshToken() or createTokens()\nexport const decodeRefreshToken = (jwt: string) => {\n const token = jose.decodeJwt(jwt)\n assert.ok(token.scope === AuthScope.Refresh, 'not a refresh token')\n return token as RefreshToken\n}\n\nexport const storeRefreshToken = async (\n db: AccountDb,\n payload: RefreshToken,\n appPassword: AppPassDescript | null,\n) => {\n const [result] = await db.executeWithRetry(\n db.db\n .insertInto('refresh_token')\n .values({\n id: payload.jti,\n did: payload.sub,\n appPasswordName: appPassword?.name,\n expiresAt: new Date(payload.exp * 1000).toISOString(),\n })\n .onConflict((oc) => oc.doNothing()), // E.g. when re-granting during a refresh grace period\n )\n return result\n}\n\nexport const getRefreshToken = async (db: AccountDb, id: string) => {\n const res = await db.db\n .selectFrom('refresh_token')\n .leftJoin('app_password', (join) =>\n join\n .onRef('app_password.did', '=', 'refresh_token.did')\n .onRef('app_password.name', '=', 'refresh_token.appPasswordName'),\n )\n .where('id', '=', id)\n .selectAll('refresh_token')\n .select('app_password.privileged')\n .executeTakeFirst()\n if (!res) return null\n const { did, expiresAt, appPasswordName, nextId, privileged } = res\n return {\n id,\n did,\n expiresAt,\n nextId,\n appPassword: appPasswordName\n ? {\n name: appPasswordName,\n privileged: privileged === 1 ? true : false,\n }\n : null,\n }\n}\n\nexport const deleteExpiredRefreshTokens = async (\n db: AccountDb,\n did: string,\n now: string,\n) => {\n await db.executeWithRetry(\n db.db\n .deleteFrom('refresh_token')\n .where('did', '=', did)\n .where('expiresAt', '<=', now),\n )\n}\n\nexport const addRefreshGracePeriod = async (\n db: AccountDb,\n opts: {\n id: string\n expiresAt: string\n nextId: string\n },\n) => {\n const { id, expiresAt, nextId } = opts\n const [res] = await db.executeWithRetry(\n db.db\n .updateTable('refresh_token')\n .where('id', '=', id)\n .where((inner) =>\n inner.where('nextId', 'is', null).orWhere('nextId', '=', nextId),\n )\n .set({ expiresAt, nextId })\n .returningAll(),\n )\n if (!res) {\n throw new ConcurrentRefreshError()\n }\n}\n\nexport const revokeRefreshToken = async (db: AccountDb, id: string) => {\n const [{ numDeletedRows }] = await db.executeWithRetry(\n db.db.deleteFrom('refresh_token').where('id', '=', id),\n )\n return numDeletedRows > 0\n}\n\nexport const revokeRefreshTokensByDid = async (db: AccountDb, did: string) => {\n const [{ numDeletedRows }] = await db.executeWithRetry(\n db.db.deleteFrom('refresh_token').where('did', '=', did),\n )\n return numDeletedRows > 0\n}\n\nexport const revokeAppPasswordRefreshToken = async (\n db: AccountDb,\n did: string,\n appPassName: string,\n) => {\n const [{ numDeletedRows }] = await db.executeWithRetry(\n db.db\n .deleteFrom('refresh_token')\n .where('did', '=', did)\n .where('appPasswordName', '=', appPassName),\n )\n\n return numDeletedRows > 0\n}\n\nexport const getRefreshTokenId = () => {\n return ui8.toString(crypto.randomBytes(32), 'base64')\n}\n\nexport const formatScope = (\n appPassword: AppPassDescript | null,\n isSoftDeleted?: boolean,\n): AuthScope => {\n if (isSoftDeleted) return AuthScope.Takendown\n if (!appPassword) return AuthScope.Access\n return appPassword.privileged\n ? AuthScope.AppPassPrivileged\n : AuthScope.AppPass\n}\n\nexport class ConcurrentRefreshError extends Error {}\n"]}
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/auth.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAA;AAEhC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAC5B,OAAO,KAAK,GAAG,MAAM,aAAa,CAAA;AAClC,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAA;AAY/C,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAAE,IAOlC,EAAE,EAAE;IACH,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,IAAI,CAAA;IAC/D,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAChD,iBAAiB,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QAChE,kBAAkB,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;KAChE,CAAC,CAAA;IACF,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;AAClC,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,IAMjC,EAAmB,EAAE;IACpB,MAAM,EACJ,GAAG,EACH,MAAM,EACN,UAAU,EACV,KAAK,GAAG,SAAS,CAAC,MAAM,EACxB,SAAS,GAAG,SAAS,GACtB,GAAG,IAAI,CAAA;IACR,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,CAAC;SACvC,kBAAkB,CAAC;QAClB,GAAG,EAAE,QAAQ,EAAE,8CAA8C;QAC7D,GAAG,EAAE,OAAO,EAAE,gCAAgC;KAC/C,CAAC;SACD,WAAW,CAAC,UAAU,CAAC;SACvB,UAAU,CAAC,GAAG,CAAC;SACf,WAAW,EAAE;SACb,iBAAiB,CAAC,SAAS,CAAC,CAAA;IAC/B,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;AAC5B,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,IAMlC,EAAmB,EAAE;IACpB,MAAM,EACJ,GAAG,EACH,MAAM,EACN,UAAU,EACV,GAAG,GAAG,iBAAiB,EAAE,EACzB,SAAS,GAAG,QAAQ,GACrB,GAAG,IAAI,CAAA;IACR,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC;SAC1D,kBAAkB,CAAC;QAClB,GAAG,EAAE,aAAa;QAClB,GAAG,EAAE,OAAO,EAAE,gCAAgC;KAC/C,CAAC;SACD,WAAW,CAAC,UAAU,CAAC;SACvB,UAAU,CAAC,GAAG,CAAC;SACf,MAAM,CAAC,GAAG,CAAC;SACX,WAAW,EAAE;SACb,iBAAiB,CAAC,SAAS,CAAC,CAAA;IAC/B,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;AAC5B,CAAC,CAAA;AAED,kHAAkH;AAClH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,GAAW,EAAE,EAAE;IAChD,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;IACjC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,KAAK,SAAS,CAAC,OAAO,EAAE,qBAAqB,CAAC,CAAA;IACnE,OAAO,KAAqB,CAAA;AAC9B,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,EAAa,EACb,OAAqB,EACrB,WAAmC,EACnC,EAAE;IACF,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CACxC,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,eAAe,CAAC;SAC3B,MAAM,CAAC;QACN,EAAE,EAAE,OAAO,CAAC,GAAG;QACf,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,eAAe,EAAE,WAAW,EAAE,IAAI;QAClC,SAAS,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;KACtD,CAAC;SACD,UAAU,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,CACtC,CAAA;IACD,OAAO,MAAM,CAAA;AACf,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,EAAE,EAAa,EAAE,EAAU,EAAE,EAAE;IACjE,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,EAAE;SACpB,UAAU,CAAC,eAAe,CAAC;SAC3B,QAAQ,CAAC,cAAc,EAAE,CAAC,IAAI,EAAE,EAAE,CACjC,IAAI;SACD,KAAK,CAAC,kBAAkB,EAAE,GAAG,EAAE,mBAAmB,CAAC;SACnD,KAAK,CAAC,mBAAmB,EAAE,GAAG,EAAE,+BAA+B,CAAC,CACpE;SACA,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC;SACpB,SAAS,CAAC,eAAe,CAAC;SAC1B,MAAM,CAAC,yBAAyB,CAAC;SACjC,gBAAgB,EAAE,CAAA;IACrB,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAA;IACrB,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,GAAG,CAAA;IACnE,OAAO;QACL,EAAE;QACF,GAAG;QACH,SAAS;QACT,MAAM;QACN,WAAW,EAAE,eAAe;YAC1B,CAAC,CAAC;gBACE,IAAI,EAAE,eAAe;gBACrB,UAAU,EAAE,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK;aAC5C;YACH,CAAC,CAAC,IAAI;KACT,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,0BAA0B,GAAG,KAAK,EAC7C,EAAa,EACb,GAAW,EACX,GAAW,EACX,EAAE;IACF,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,eAAe,CAAC;SAC3B,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,KAAK,CAAC,WAAW,EAAE,IAAI,EAAE,GAAG,CAAC,CACjC,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EACxC,EAAa,EACb,IAIC,EACD,EAAE;IACF,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;IACtC,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CACrC,EAAE,CAAC,EAAE;SACF,WAAW,CAAC,eAAe,CAAC;SAC5B,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC;SACpB,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE,CACZ,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,CAC7D;SACA,GAAG,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;SAC1B,YAAY,EAAE,CAClB,CAAA;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,sBAAsB,EAAE,CAAA;IACpC,CAAC;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EAAE,EAAa,EAAE,EAAU,EAAE,EAAE;IACpE,MAAM,CAAC,EAAE,cAAc,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CACpD,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,CACvD,CAAA;IACD,OAAO,cAAc,GAAG,CAAC,CAAA;AAC3B,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,wBAAwB,GAAG,KAAK,EAAE,EAAa,EAAE,GAAW,EAAE,EAAE;IAC3E,MAAM,CAAC,EAAE,cAAc,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CACpD,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CACzD,CAAA;IACD,OAAO,cAAc,GAAG,CAAC,CAAA;AAC3B,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,6BAA6B,GAAG,KAAK,EAChD,EAAa,EACb,GAAW,EACX,WAAmB,EACnB,EAAE;IACF,MAAM,CAAC,EAAE,cAAc,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CACpD,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,eAAe,CAAC;SAC3B,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,KAAK,CAAC,iBAAiB,EAAE,GAAG,EAAE,WAAW,CAAC,CAC9C,CAAA;IAED,OAAO,cAAc,GAAG,CAAC,CAAA;AAC3B,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,GAAG,EAAE;IACpC,OAAO,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,EAAE,QAAQ,CAAC,CAAA;AACvD,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,CACzB,WAAmC,EACnC,aAAuB,EACZ,EAAE;IACb,IAAI,aAAa;QAAE,OAAO,SAAS,CAAC,SAAS,CAAA;IAC7C,IAAI,CAAC,WAAW;QAAE,OAAO,SAAS,CAAC,MAAM,CAAA;IACzC,OAAO,WAAW,CAAC,UAAU;QAC3B,CAAC,CAAC,SAAS,CAAC,iBAAiB;QAC7B,CAAC,CAAC,SAAS,CAAC,OAAO,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,OAAO,sBAAuB,SAAQ,KAAK;CAAG","sourcesContent":["import assert from 'node:assert'\nimport { KeyObject } from 'node:crypto'\nimport * as jose from 'jose'\nimport * as ui8 from 'uint8arrays'\nimport * as crypto from '@atproto/crypto'\nimport { AuthScope } from '../../auth-scope.js'\nimport { AccountDb } from '../db/index.js'\nimport { AppPassDescript } from './password.js'\n\nexport type AuthToken = {\n scope: AuthScope\n sub: string\n exp: number\n}\n\nexport type RefreshToken = AuthToken & { scope: AuthScope.Refresh; jti: string }\n\nexport const createTokens = async (opts: {\n did: string\n jwtKey: KeyObject\n serviceDid: string\n scope?: AuthScope\n jti?: string\n expiresIn?: string | number\n}) => {\n const { did, jwtKey, serviceDid, scope, jti, expiresIn } = opts\n const [accessJwt, refreshJwt] = await Promise.all([\n createAccessToken({ did, jwtKey, serviceDid, scope, expiresIn }),\n createRefreshToken({ did, jwtKey, serviceDid, jti, expiresIn }),\n ])\n return { accessJwt, refreshJwt }\n}\n\nexport const createAccessToken = (opts: {\n did: string\n jwtKey: KeyObject\n serviceDid: string\n scope?: AuthScope\n expiresIn?: string | number\n}): Promise<string> => {\n const {\n did,\n jwtKey,\n serviceDid,\n scope = AuthScope.Access,\n expiresIn = '120mins',\n } = opts\n const signer = new jose.SignJWT({ scope })\n .setProtectedHeader({\n typ: 'at+jwt', // https://www.rfc-editor.org/rfc/rfc9068.html\n alg: 'HS256', // only symmetric keys supported\n })\n .setAudience(serviceDid)\n .setSubject(did)\n .setIssuedAt()\n .setExpirationTime(expiresIn)\n return signer.sign(jwtKey)\n}\n\nexport const createRefreshToken = (opts: {\n did: string\n jwtKey: KeyObject\n serviceDid: string\n jti?: string\n expiresIn?: string | number\n}): Promise<string> => {\n const {\n did,\n jwtKey,\n serviceDid,\n jti = getRefreshTokenId(),\n expiresIn = '90days',\n } = opts\n const signer = new jose.SignJWT({ scope: AuthScope.Refresh })\n .setProtectedHeader({\n typ: 'refresh+jwt',\n alg: 'HS256', // only symmetric keys supported\n })\n .setAudience(serviceDid)\n .setSubject(did)\n .setJti(jti)\n .setIssuedAt()\n .setExpirationTime(expiresIn)\n return signer.sign(jwtKey)\n}\n\n// @NOTE unsafe for verification, should only be used w/ direct output from createRefreshToken() or createTokens()\nexport const decodeRefreshToken = (jwt: string) => {\n const token = jose.decodeJwt(jwt)\n assert.ok(token.scope === AuthScope.Refresh, 'not a refresh token')\n return token as RefreshToken\n}\n\nexport const storeRefreshToken = async (\n db: AccountDb,\n payload: RefreshToken,\n appPassword: AppPassDescript | null,\n) => {\n const [result] = await db.executeWithRetry(\n db.db\n .insertInto('refresh_token')\n .values({\n id: payload.jti,\n did: payload.sub,\n appPasswordName: appPassword?.name,\n expiresAt: new Date(payload.exp * 1000).toISOString(),\n })\n .onConflict((oc) => oc.doNothing()), // E.g. when re-granting during a refresh grace period\n )\n return result\n}\n\nexport const getRefreshToken = async (db: AccountDb, id: string) => {\n const res = await db.db\n .selectFrom('refresh_token')\n .leftJoin('app_password', (join) =>\n join\n .onRef('app_password.did', '=', 'refresh_token.did')\n .onRef('app_password.name', '=', 'refresh_token.appPasswordName'),\n )\n .where('id', '=', id)\n .selectAll('refresh_token')\n .select('app_password.privileged')\n .executeTakeFirst()\n if (!res) return null\n const { did, expiresAt, appPasswordName, nextId, privileged } = res\n return {\n id,\n did,\n expiresAt,\n nextId,\n appPassword: appPasswordName\n ? {\n name: appPasswordName,\n privileged: privileged === 1 ? true : false,\n }\n : null,\n }\n}\n\nexport const deleteExpiredRefreshTokens = async (\n db: AccountDb,\n did: string,\n now: string,\n) => {\n await db.executeWithRetry(\n db.db\n .deleteFrom('refresh_token')\n .where('did', '=', did)\n .where('expiresAt', '<=', now),\n )\n}\n\nexport const addRefreshGracePeriod = async (\n db: AccountDb,\n opts: {\n id: string\n expiresAt: string\n nextId: string\n },\n) => {\n const { id, expiresAt, nextId } = opts\n const [res] = await db.executeWithRetry(\n db.db\n .updateTable('refresh_token')\n .where('id', '=', id)\n .where((eb) =>\n eb.or([eb('nextId', 'is', null), eb('nextId', '=', nextId)]),\n )\n .set({ expiresAt, nextId })\n .returningAll(),\n )\n if (!res) {\n throw new ConcurrentRefreshError()\n }\n}\n\nexport const revokeRefreshToken = async (db: AccountDb, id: string) => {\n const [{ numDeletedRows }] = await db.executeWithRetry(\n db.db.deleteFrom('refresh_token').where('id', '=', id),\n )\n return numDeletedRows > 0\n}\n\nexport const revokeRefreshTokensByDid = async (db: AccountDb, did: string) => {\n const [{ numDeletedRows }] = await db.executeWithRetry(\n db.db.deleteFrom('refresh_token').where('did', '=', did),\n )\n return numDeletedRows > 0\n}\n\nexport const revokeAppPasswordRefreshToken = async (\n db: AccountDb,\n did: string,\n appPassName: string,\n) => {\n const [{ numDeletedRows }] = await db.executeWithRetry(\n db.db\n .deleteFrom('refresh_token')\n .where('did', '=', did)\n .where('appPasswordName', '=', appPassName),\n )\n\n return numDeletedRows > 0\n}\n\nexport const getRefreshTokenId = () => {\n return ui8.toString(crypto.randomBytes(32), 'base64')\n}\n\nexport const formatScope = (\n appPassword: AppPassDescript | null,\n isSoftDeleted?: boolean,\n): AuthScope => {\n if (isSoftDeleted) return AuthScope.Takendown\n if (!appPassword) return AuthScope.Access\n return appPassword.privileged\n ? AuthScope.AppPassPrivileged\n : AuthScope.AppPass\n}\n\nexport class ConcurrentRefreshError extends Error {}\n"]}
|
|
@@ -4,9 +4,87 @@ import { AccountDb, AuthorizationRequest } from '../db/index.js';
|
|
|
4
4
|
export declare const rowToRequestData: (row: Selectable<AuthorizationRequest>) => RequestData;
|
|
5
5
|
export declare const rowToFoundRequestResult: (row: Selectable<AuthorizationRequest>) => FoundRequestResult;
|
|
6
6
|
export declare const createQB: (db: AccountDb, id: RequestId, data: RequestData) => import("kysely").InsertQueryBuilder<import("../db/index.js").DatabaseSchema, "authorization_request", import("kysely").InsertResult>;
|
|
7
|
-
export declare const readQB: (db: AccountDb, id: RequestId) => import("kysely
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
7
|
+
export declare const readQB: (db: AccountDb, id: RequestId) => import("kysely").SelectQueryBuilder<import("../db/index.js").DatabaseSchema, "authorization_request", {
|
|
8
|
+
clientAuth: import("../../db/cast.js").JsonEncoded<import("@atproto/oauth-provider").ClientAuthLegacy | import("@atproto/oauth-provider").ClientAuth | null>;
|
|
9
|
+
clientId: string;
|
|
10
|
+
code: `cod-${string}` | null;
|
|
11
|
+
deviceId: `dev-${string}` | null;
|
|
12
|
+
did: `did:${string}:${string}` | null;
|
|
13
|
+
expiresAt: `${string}T${string}Z`;
|
|
14
|
+
id: `req-${string}`;
|
|
15
|
+
parameters: import("../../db/cast.js").JsonEncoded<{
|
|
16
|
+
client_id: string;
|
|
17
|
+
state?: string | undefined;
|
|
18
|
+
redirect_uri?: "http://127.0.0.1" | `${string}.${string}:/${string}` | `http://127.0.0.1#${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `http://127.0.0.1?${string}` | `http://[::1]${string}` | `https://${string}` | undefined;
|
|
19
|
+
scope?: string | undefined;
|
|
20
|
+
response_type: "code" | "code id_token" | "code id_token token" | "code token" | "id_token" | "id_token token" | "none" | "token";
|
|
21
|
+
code_challenge?: string | undefined;
|
|
22
|
+
code_challenge_method?: "S256" | "plain" | undefined;
|
|
23
|
+
dpop_jkt?: string | undefined;
|
|
24
|
+
response_mode?: "form_post" | "fragment" | "query" | undefined;
|
|
25
|
+
nonce?: string | undefined;
|
|
26
|
+
max_age?: number | undefined;
|
|
27
|
+
claims?: Partial<Record<"id_token" | "userinfo", Partial<Record<"acr" | "address" | "auth_time" | "birthdate" | "email" | "email_verified" | "family_name" | "gender" | "given_name" | "locale" | "middle_name" | "name" | "nickname" | "nonce" | "phone_number" | "phone_number_verified" | "picture" | "preferred_username" | "profile" | "updated_at" | "website" | "zoneinfo", {
|
|
28
|
+
essential?: boolean | undefined;
|
|
29
|
+
value?: string | number | boolean | undefined;
|
|
30
|
+
values?: (string | number | boolean)[] | undefined;
|
|
31
|
+
} | null>>>> | undefined;
|
|
32
|
+
login_hint?: string | undefined;
|
|
33
|
+
ui_locales?: string | undefined;
|
|
34
|
+
id_token_hint?: `${string}.${string}.${string}` | undefined;
|
|
35
|
+
display?: "page" | "popup" | "touch" | "wap" | undefined;
|
|
36
|
+
prompt?: "consent" | "create" | "login" | "none" | "select_account" | undefined;
|
|
37
|
+
authorization_details?: {
|
|
38
|
+
type: string;
|
|
39
|
+
locations?: `${string}:${string}`[] | undefined;
|
|
40
|
+
actions?: string[] | undefined;
|
|
41
|
+
datatypes?: string[] | undefined;
|
|
42
|
+
identifier?: string | undefined;
|
|
43
|
+
privileges?: string[] | undefined;
|
|
44
|
+
}[] | undefined;
|
|
45
|
+
}>;
|
|
46
|
+
}>;
|
|
47
|
+
export declare const updateQB: (db: AccountDb, id: RequestId, { code, did, deviceId, expiresAt, parameters, ...rest }: UpdateRequestData) => import("kysely").UpdateQueryBuilder<import("../db/index.js").DatabaseSchema, "authorization_request", "authorization_request", import("kysely").UpdateResult>;
|
|
48
|
+
export declare const removeOldExpiredQB: (db: AccountDb, delay?: number) => import("kysely").DeleteQueryBuilder<import("../db/index.js").DatabaseSchema, "authorization_request", import("kysely").DeleteResult>;
|
|
49
|
+
export declare const removeByIdQB: (db: AccountDb, id: RequestId) => import("kysely").DeleteQueryBuilder<import("../db/index.js").DatabaseSchema, "authorization_request", import("kysely").DeleteResult>;
|
|
50
|
+
export declare const consumeByCodeQB: (db: AccountDb, code: Code) => import("kysely").DeleteQueryBuilder<import("../db/index.js").DatabaseSchema, "authorization_request", {
|
|
51
|
+
clientAuth: import("../../db/cast.js").JsonEncoded<import("@atproto/oauth-provider").ClientAuthLegacy | import("@atproto/oauth-provider").ClientAuth | null>;
|
|
52
|
+
clientId: string;
|
|
53
|
+
code: `cod-${string}` | null;
|
|
54
|
+
deviceId: `dev-${string}` | null;
|
|
55
|
+
did: `did:${string}:${string}` | null;
|
|
56
|
+
expiresAt: `${string}T${string}Z`;
|
|
57
|
+
id: `req-${string}`;
|
|
58
|
+
parameters: import("../../db/cast.js").JsonEncoded<{
|
|
59
|
+
client_id: string;
|
|
60
|
+
state?: string | undefined;
|
|
61
|
+
redirect_uri?: "http://127.0.0.1" | `${string}.${string}:/${string}` | `http://127.0.0.1#${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `http://127.0.0.1?${string}` | `http://[::1]${string}` | `https://${string}` | undefined;
|
|
62
|
+
scope?: string | undefined;
|
|
63
|
+
response_type: "code" | "code id_token" | "code id_token token" | "code token" | "id_token" | "id_token token" | "none" | "token";
|
|
64
|
+
code_challenge?: string | undefined;
|
|
65
|
+
code_challenge_method?: "S256" | "plain" | undefined;
|
|
66
|
+
dpop_jkt?: string | undefined;
|
|
67
|
+
response_mode?: "form_post" | "fragment" | "query" | undefined;
|
|
68
|
+
nonce?: string | undefined;
|
|
69
|
+
max_age?: number | undefined;
|
|
70
|
+
claims?: Partial<Record<"id_token" | "userinfo", Partial<Record<"acr" | "address" | "auth_time" | "birthdate" | "email" | "email_verified" | "family_name" | "gender" | "given_name" | "locale" | "middle_name" | "name" | "nickname" | "nonce" | "phone_number" | "phone_number_verified" | "picture" | "preferred_username" | "profile" | "updated_at" | "website" | "zoneinfo", {
|
|
71
|
+
essential?: boolean | undefined;
|
|
72
|
+
value?: string | number | boolean | undefined;
|
|
73
|
+
values?: (string | number | boolean)[] | undefined;
|
|
74
|
+
} | null>>>> | undefined;
|
|
75
|
+
login_hint?: string | undefined;
|
|
76
|
+
ui_locales?: string | undefined;
|
|
77
|
+
id_token_hint?: `${string}.${string}.${string}` | undefined;
|
|
78
|
+
display?: "page" | "popup" | "touch" | "wap" | undefined;
|
|
79
|
+
prompt?: "consent" | "create" | "login" | "none" | "select_account" | undefined;
|
|
80
|
+
authorization_details?: {
|
|
81
|
+
type: string;
|
|
82
|
+
locations?: `${string}:${string}`[] | undefined;
|
|
83
|
+
actions?: string[] | undefined;
|
|
84
|
+
datatypes?: string[] | undefined;
|
|
85
|
+
identifier?: string | undefined;
|
|
86
|
+
privileges?: string[] | undefined;
|
|
87
|
+
}[] | undefined;
|
|
88
|
+
}>;
|
|
89
|
+
}>;
|
|
12
90
|
//# sourceMappingURL=authorization-request.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-request.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/authorization-request.ts"],"names":[],"mappings":"AACA,OAAO,EAAc,UAAU,EAAE,MAAM,QAAQ,CAAA;AAC/C,OAAO,EACL,IAAI,EACJ,kBAAkB,EAClB,WAAW,EACX,SAAS,EACT,iBAAiB,EAClB,MAAM,yBAAyB,CAAA;AAEhC,OAAO,EAAE,SAAS,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAEhE,eAAO,MAAM,gBAAgB,QACtB,UAAU,CAAC,oBAAoB,CAAC,KACpC,WAQD,CAAA;AAEF,eAAO,MAAM,uBAAuB,QAC7B,UAAU,CAAC,oBAAoB,CAAC,KACpC,kBAGD,CAAA;AAiBF,eAAO,MAAM,QAAQ,OAAQ,SAAS,MAAM,SAAS,QAAQ,WAAW,yIACM,CAAA;AAE9E,eAAO,MAAM,MAAM,OAAQ,SAAS,MAAM,SAAS,
|
|
1
|
+
{"version":3,"file":"authorization-request.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/authorization-request.ts"],"names":[],"mappings":"AACA,OAAO,EAAc,UAAU,EAAE,MAAM,QAAQ,CAAA;AAC/C,OAAO,EACL,IAAI,EACJ,kBAAkB,EAClB,WAAW,EACX,SAAS,EACT,iBAAiB,EAClB,MAAM,yBAAyB,CAAA;AAEhC,OAAO,EAAE,SAAS,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAEhE,eAAO,MAAM,gBAAgB,QACtB,UAAU,CAAC,oBAAoB,CAAC,KACpC,WAQD,CAAA;AAEF,eAAO,MAAM,uBAAuB,QAC7B,UAAU,CAAC,oBAAoB,CAAC,KACpC,kBAGD,CAAA;AAiBF,eAAO,MAAM,QAAQ,OAAQ,SAAS,MAAM,SAAS,QAAQ,WAAW,yIACM,CAAA;AAE9E,eAAO,MAAM,MAAM,OAAQ,SAAS,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EACyB,CAAA;AAE5E,eAAO,MAAM,QAAQ,OACf,SAAS,MACT,SAAS,2DAC4C,iBAAiB,kKAe3E,CAAA;AAED,eAAO,MAAM,kBAAkB,OAAQ,SAAS,yJAMqB,CAAA;AAErE,eAAO,MAAM,YAAY,OAAQ,SAAS,MAAM,SAAS,yIACO,CAAA;AAEhE,eAAO,MAAM,eAAe,OAAQ,SAAS,QAAQ,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAMtC,CAAA"}
|
|
@@ -6,7 +6,7 @@ export const rowToRequestData = (row) => ({
|
|
|
6
6
|
parameters: fromJson(row.parameters),
|
|
7
7
|
expiresAt: fromDateISO(row.expiresAt),
|
|
8
8
|
deviceId: row.deviceId,
|
|
9
|
-
|
|
9
|
+
did: row.did,
|
|
10
10
|
code: row.code,
|
|
11
11
|
});
|
|
12
12
|
export const rowToFoundRequestResult = (row) => ({
|
|
@@ -15,7 +15,7 @@ export const rowToFoundRequestResult = (row) => ({
|
|
|
15
15
|
});
|
|
16
16
|
const requestDataToRow = (id, data) => ({
|
|
17
17
|
id,
|
|
18
|
-
did: data.
|
|
18
|
+
did: data.did,
|
|
19
19
|
deviceId: data.deviceId,
|
|
20
20
|
clientId: data.clientId,
|
|
21
21
|
clientAuth: toJson(data.clientAuth),
|
|
@@ -25,15 +25,15 @@ const requestDataToRow = (id, data) => ({
|
|
|
25
25
|
});
|
|
26
26
|
export const createQB = (db, id, data) => db.db.insertInto('authorization_request').values(requestDataToRow(id, data));
|
|
27
27
|
export const readQB = (db, id) => db.db.selectFrom('authorization_request').where('id', '=', id).selectAll();
|
|
28
|
-
export const updateQB = (db, id, { code,
|
|
28
|
+
export const updateQB = (db, id, { code, did, deviceId, expiresAt, parameters, ...rest }) => {
|
|
29
29
|
assert(!Object.keys(rest).length, 'Unexpected fields in UpdateRequestData');
|
|
30
30
|
return db.db
|
|
31
31
|
.updateTable('authorization_request')
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
32
|
+
.$if(code !== undefined, (qb) => qb.set({ code }))
|
|
33
|
+
.$if(did !== undefined, (qb) => qb.set({ did }))
|
|
34
|
+
.$if(deviceId !== undefined, (qb) => qb.set({ deviceId }))
|
|
35
|
+
.$if(expiresAt != null, (qb) => qb.set({ expiresAt: toDateISO(expiresAt) }))
|
|
36
|
+
.$if(parameters != null, (qb) => qb.set({ parameters: toJson(parameters) }))
|
|
37
37
|
.where('id', '=', id);
|
|
38
38
|
};
|
|
39
39
|
export const removeOldExpiredQB = (db, delay = 600e3) =>
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-request.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/authorization-request.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAA;AAShC,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAG5E,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC9B,GAAqC,EACxB,EAAE,CAAC,CAAC;IACjB,QAAQ,EAAE,GAAG,CAAC,QAAQ;IACtB,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC;IACpC,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC;IACpC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC;IACrC,QAAQ,EAAE,GAAG,CAAC,QAAQ;IACtB,GAAG,EAAE,GAAG,CAAC,GAAG;IACZ,IAAI,EAAE,GAAG,CAAC,IAAI;CACf,CAAC,CAAA;AAEF,MAAM,CAAC,MAAM,uBAAuB,GAAG,CACrC,GAAqC,EACjB,EAAE,CAAC,CAAC;IACxB,SAAS,EAAE,GAAG,CAAC,EAAE;IACjB,IAAI,EAAE,gBAAgB,CAAC,GAAG,CAAC;CAC5B,CAAC,CAAA;AAEF,MAAM,gBAAgB,GAAG,CACvB,EAAa,EACb,IAAiB,EACiB,EAAE,CAAC,CAAC;IACtC,EAAE;IACF,GAAG,EAAE,IAAI,CAAC,GAAG;IACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;IAEvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;IACvB,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;IACnC,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;IACnC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;IACpC,IAAI,EAAE,IAAI,CAAC,IAAI;CAChB,CAAC,CAAA;AAEF,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,EAAa,EAAE,EAAa,EAAE,IAAiB,EAAE,EAAE,CAC1E,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,CAAA;AAE9E,MAAM,CAAC,MAAM,MAAM,GAAG,CAAC,EAAa,EAAE,EAAa,EAAE,EAAE,CACrD,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,SAAS,EAAE,CAAA;AAE5E,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,EAAa,EACb,EAAE,IAAI,EAAE,GAAG,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,IAAI,EAAqB,EAC1E,EAAE;IACF,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,wCAAwC,CAAC,CAAA;IAC3E,OAAO,EAAE,CAAC,EAAE;SACT,WAAW,CAAC,uBAAuB,CAAC;SACpC,
|
|
1
|
+
{"version":3,"file":"authorization-request.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/authorization-request.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAA;AAShC,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAG5E,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC9B,GAAqC,EACxB,EAAE,CAAC,CAAC;IACjB,QAAQ,EAAE,GAAG,CAAC,QAAQ;IACtB,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC;IACpC,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC;IACpC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC;IACrC,QAAQ,EAAE,GAAG,CAAC,QAAQ;IACtB,GAAG,EAAE,GAAG,CAAC,GAAG;IACZ,IAAI,EAAE,GAAG,CAAC,IAAI;CACf,CAAC,CAAA;AAEF,MAAM,CAAC,MAAM,uBAAuB,GAAG,CACrC,GAAqC,EACjB,EAAE,CAAC,CAAC;IACxB,SAAS,EAAE,GAAG,CAAC,EAAE;IACjB,IAAI,EAAE,gBAAgB,CAAC,GAAG,CAAC;CAC5B,CAAC,CAAA;AAEF,MAAM,gBAAgB,GAAG,CACvB,EAAa,EACb,IAAiB,EACiB,EAAE,CAAC,CAAC;IACtC,EAAE;IACF,GAAG,EAAE,IAAI,CAAC,GAAG;IACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;IAEvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;IACvB,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;IACnC,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;IACnC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;IACpC,IAAI,EAAE,IAAI,CAAC,IAAI;CAChB,CAAC,CAAA;AAEF,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,EAAa,EAAE,EAAa,EAAE,IAAiB,EAAE,EAAE,CAC1E,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,CAAA;AAE9E,MAAM,CAAC,MAAM,MAAM,GAAG,CAAC,EAAa,EAAE,EAAa,EAAE,EAAE,CACrD,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,SAAS,EAAE,CAAA;AAE5E,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,EAAa,EACb,EAAE,IAAI,EAAE,GAAG,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,IAAI,EAAqB,EAC1E,EAAE;IACF,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,wCAAwC,CAAC,CAAA;IAC3E,OAAO,EAAE,CAAC,EAAE;SACT,WAAW,CAAC,uBAAuB,CAAC;SACpC,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;SACjD,GAAG,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;SAC/C,GAAG,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;SACzD,GAAG,CAAC,SAAS,IAAI,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,CAC7B,EAAE,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,SAAS,CAAC,SAAU,CAAC,EAAE,CAAC,CAC7C;SACA,GAAG,CAAC,UAAU,IAAI,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,CAC9B,EAAE,CAAC,GAAG,CAAC,EAAE,UAAU,EAAE,MAAM,CAAC,UAAW,CAAC,EAAE,CAAC,CAC5C;SACA,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,CAAA;AACzB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,EAAa,EAAE,KAAK,GAAG,KAAK,EAAE,EAAE;AACjE,uEAAuE;AACvE,yEAAyE;AACzE,EAAE,CAAC,EAAE;KACF,UAAU,CAAC,uBAAuB,CAAC;IACpC,oDAAoD;KACnD,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,SAAS,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;AAErE,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,EAAa,EAAE,EAAa,EAAE,EAAE,CAC3D,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,CAAA;AAEhE,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,EAAa,EAAE,IAAU,EAAE,EAAE,CAC3D,EAAE,CAAC,EAAE;KACF,UAAU,CAAC,uBAAuB,CAAC;IACpC,6EAA6E;KAC5E,KAAK,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC;KACxB,KAAK,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,CAAC;KAC7B,YAAY,EAAE,CAAA","sourcesContent":["import assert from 'node:assert'\nimport { Insertable, Selectable } from 'kysely'\nimport {\n Code,\n FoundRequestResult,\n RequestData,\n RequestId,\n UpdateRequestData,\n} from '@atproto/oauth-provider'\nimport { fromDateISO, fromJson, toDateISO, toJson } from '../../db/index.js'\nimport { AccountDb, AuthorizationRequest } from '../db/index.js'\n\nexport const rowToRequestData = (\n row: Selectable<AuthorizationRequest>,\n): RequestData => ({\n clientId: row.clientId,\n clientAuth: fromJson(row.clientAuth),\n parameters: fromJson(row.parameters),\n expiresAt: fromDateISO(row.expiresAt),\n deviceId: row.deviceId,\n did: row.did,\n code: row.code,\n})\n\nexport const rowToFoundRequestResult = (\n row: Selectable<AuthorizationRequest>,\n): FoundRequestResult => ({\n requestId: row.id,\n data: rowToRequestData(row),\n})\n\nconst requestDataToRow = (\n id: RequestId,\n data: RequestData,\n): Insertable<AuthorizationRequest> => ({\n id,\n did: data.did,\n deviceId: data.deviceId,\n\n clientId: data.clientId,\n clientAuth: toJson(data.clientAuth),\n parameters: toJson(data.parameters),\n expiresAt: toDateISO(data.expiresAt),\n code: data.code,\n})\n\nexport const createQB = (db: AccountDb, id: RequestId, data: RequestData) =>\n db.db.insertInto('authorization_request').values(requestDataToRow(id, data))\n\nexport const readQB = (db: AccountDb, id: RequestId) =>\n db.db.selectFrom('authorization_request').where('id', '=', id).selectAll()\n\nexport const updateQB = (\n db: AccountDb,\n id: RequestId,\n { code, did, deviceId, expiresAt, parameters, ...rest }: UpdateRequestData,\n) => {\n assert(!Object.keys(rest).length, 'Unexpected fields in UpdateRequestData')\n return db.db\n .updateTable('authorization_request')\n .$if(code !== undefined, (qb) => qb.set({ code }))\n .$if(did !== undefined, (qb) => qb.set({ did }))\n .$if(deviceId !== undefined, (qb) => qb.set({ deviceId }))\n .$if(expiresAt != null, (qb) =>\n qb.set({ expiresAt: toDateISO(expiresAt!) }),\n )\n .$if(parameters != null, (qb) =>\n qb.set({ parameters: toJson(parameters!) }),\n )\n .where('id', '=', id)\n}\n\nexport const removeOldExpiredQB = (db: AccountDb, delay = 600e3) =>\n // We allow some delay for the expiration time so that expired requests\n // can still be returned to the OAuthProvider library for error handling.\n db.db\n .deleteFrom('authorization_request')\n // uses \"authorization_request_expires_at_idx\" index\n .where('expiresAt', '<', toDateISO(new Date(Date.now() - delay)))\n\nexport const removeByIdQB = (db: AccountDb, id: RequestId) =>\n db.db.deleteFrom('authorization_request').where('id', '=', id)\n\nexport const consumeByCodeQB = (db: AccountDb, code: Code) =>\n db.db\n .deleteFrom('authorization_request')\n // uses \"authorization_request_code_idx\" partial index (hence the null check)\n .where('code', '=', code)\n .where('code', 'is not', null)\n .returningAll()\n"]}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
import { AuthorizedClientData, AuthorizedClients, ClientId,
|
|
1
|
+
import { AuthorizedClientData, AuthorizedClients, ClientId, Did } from '@atproto/oauth-provider';
|
|
2
2
|
import { AccountDb } from '../db/index.js';
|
|
3
|
-
export declare function upsert(db: AccountDb, did:
|
|
4
|
-
export declare function getAuthorizedClients(db: AccountDb, did:
|
|
5
|
-
export declare function
|
|
3
|
+
export declare function upsert(db: AccountDb, did: Did, clientId: ClientId, data: AuthorizedClientData): Promise<import("kysely").InsertResult>;
|
|
4
|
+
export declare function getAuthorizedClients(db: AccountDb, did: Did): Promise<AuthorizedClients>;
|
|
5
|
+
export declare function deleteAllAuthorizedClients(db: AccountDb, did: Did): Promise<void>;
|
|
6
|
+
export declare function getAuthorizedClientsMulti(db: AccountDb, dids: Iterable<Did>): Promise<Map<Did, AuthorizedClients>>;
|
|
6
7
|
//# sourceMappingURL=authorized-client.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorized-client.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/authorized-client.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,QAAQ,EACR,GAAG,EACJ,MAAM,yBAAyB,CAAA;AAEhC,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAE1C,wBAAsB,MAAM,CAC1B,EAAE,EAAE,SAAS,EACb,GAAG,EAAE,
|
|
1
|
+
{"version":3,"file":"authorized-client.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/authorized-client.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,QAAQ,EACR,GAAG,EACJ,MAAM,yBAAyB,CAAA;AAEhC,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAE1C,wBAAsB,MAAM,CAC1B,EAAE,EAAE,SAAS,EACb,GAAG,EAAE,GAAG,EACR,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,oBAAoB,0CAqB3B;AAED,wBAAsB,oBAAoB,CACxC,EAAE,EAAE,SAAS,EACb,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,iBAAiB,CAAC,CAE5B;AAED,wBAAsB,0BAA0B,CAAC,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,GAAG,iBAIvE;AAED,wBAAsB,yBAAyB,CAC7C,EAAE,EAAE,SAAS,EACb,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAC,GAClB,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC,CAsBtC"}
|
|
@@ -21,6 +21,9 @@ export async function upsert(db, did, clientId, data) {
|
|
|
21
21
|
export async function getAuthorizedClients(db, did) {
|
|
22
22
|
return (await getAuthorizedClientsMulti(db, [did])).get(did);
|
|
23
23
|
}
|
|
24
|
+
export async function deleteAllAuthorizedClients(db, did) {
|
|
25
|
+
await db.executeWithRetry(db.db.deleteFrom('authorized_client').where('did', '=', did));
|
|
26
|
+
}
|
|
24
27
|
export async function getAuthorizedClientsMulti(db, dids) {
|
|
25
28
|
// Using a Map will ensure unicity of dids (through unicity of keys)
|
|
26
29
|
const map = new Map(Array.from(dids, (did) => [did, new Map()]));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorized-client.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/authorized-client.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAG/D,MAAM,CAAC,KAAK,UAAU,MAAM,CAC1B,EAAa,EACb,
|
|
1
|
+
{"version":3,"file":"authorized-client.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/authorized-client.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAG/D,MAAM,CAAC,KAAK,UAAU,MAAM,CAC1B,EAAa,EACb,GAAQ,EACR,QAAkB,EAClB,IAA0B;IAE1B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;IAEtB,OAAO,EAAE,CAAC,EAAE;SACT,UAAU,CAAC,mBAAmB,CAAC;SAC/B,MAAM,CAAC;QACN,GAAG;QACH,QAAQ;QACR,SAAS,EAAE,SAAS,CAAC,GAAG,CAAC;QACzB,SAAS,EAAE,SAAS,CAAC,GAAG,CAAC;QACzB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC;KACnB,CAAC;SACD,UAAU,CAAC,CAAC,EAAE,EAAE,EAAE;IACjB,kCAAkC;IAClC,EAAE,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC;QAC1C,SAAS,EAAE,SAAS,CAAC,GAAG,CAAC;QACzB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC;KACnB,CAAC,CACH;SACA,gBAAgB,EAAE,CAAA;AACvB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,EAAa,EACb,GAAQ;IAER,OAAO,CAAC,MAAM,yBAAyB,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAE,CAAA;AAC/D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAAC,EAAa,EAAE,GAAQ;IACtE,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAC7D,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,EAAa,EACb,IAAmB;IAEnB,oEAAoE;IACpE,MAAM,GAAG,GAAG,IAAI,GAAG,CACjB,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC,CAC5C,CAAA;IAED,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACb,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,EAAE;aACtB,UAAU,CAAC,mBAAmB,CAAC;aAC/B,MAAM,CAAC,KAAK,CAAC;aACb,MAAM,CAAC,UAAU,CAAC;aAClB,MAAM,CAAC,MAAM,CAAC;YACf,8BAA8B;aAC7B,KAAK,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;aACnC,OAAO,EAAE,CAAA;QAEZ,KAAK,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,KAAK,EAAE,CAAC;YAC5C,GAAG,CAAC,GAAG,CAAC,GAAG,CAAE,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAA;QAC7C,CAAC;IACH,CAAC;IAED,OAAO,GAAG,CAAA;AACZ,CAAC","sourcesContent":["import {\n AuthorizedClientData,\n AuthorizedClients,\n ClientId,\n Did,\n} from '@atproto/oauth-provider'\nimport { fromJson, toDateISO, toJson } from '../../db/index.js'\nimport { AccountDb } from '../db/index.js'\n\nexport async function upsert(\n db: AccountDb,\n did: Did,\n clientId: ClientId,\n data: AuthorizedClientData,\n) {\n const now = new Date()\n\n return db.db\n .insertInto('authorized_client')\n .values({\n did,\n clientId,\n createdAt: toDateISO(now),\n updatedAt: toDateISO(now),\n data: toJson(data),\n })\n .onConflict((oc) =>\n // uses \"authorized_client_pk\" idx\n oc.columns(['did', 'clientId']).doUpdateSet({\n updatedAt: toDateISO(now),\n data: toJson(data),\n }),\n )\n .executeTakeFirst()\n}\n\nexport async function getAuthorizedClients(\n db: AccountDb,\n did: Did,\n): Promise<AuthorizedClients> {\n return (await getAuthorizedClientsMulti(db, [did])).get(did)!\n}\n\nexport async function deleteAllAuthorizedClients(db: AccountDb, did: Did) {\n await db.executeWithRetry(\n db.db.deleteFrom('authorized_client').where('did', '=', did),\n )\n}\n\nexport async function getAuthorizedClientsMulti(\n db: AccountDb,\n dids: Iterable<Did>,\n): Promise<Map<Did, AuthorizedClients>> {\n // Using a Map will ensure unicity of dids (through unicity of keys)\n const map = new Map<Did, AuthorizedClients>(\n Array.from(dids, (did) => [did, new Map()]),\n )\n\n if (map.size) {\n const found = await db.db\n .selectFrom('authorized_client')\n .select('did')\n .select('clientId')\n .select('data')\n // uses \"authorized_client_pk\"\n .where('did', 'in', [...map.keys()])\n .execute()\n\n for (const { did, clientId, data } of found) {\n map.get(did)!.set(clientId, fromJson(data))\n }\n }\n\n return map\n}\n"]}
|
|
@@ -3,7 +3,13 @@ import { DeviceData, DeviceId } from '@atproto/oauth-provider';
|
|
|
3
3
|
import { AccountDb, Device } from '../db/index.js';
|
|
4
4
|
export declare const rowToDeviceData: (row: Omit<Selectable<Device>, 'id'>) => DeviceData;
|
|
5
5
|
export declare const createQB: (db: AccountDb, deviceId: DeviceId, { sessionId, userAgent, ipAddress, lastSeenAt }: DeviceData) => import("kysely").InsertQueryBuilder<import("../db/index.js").DatabaseSchema, "device", import("kysely").InsertResult>;
|
|
6
|
-
export declare const readQB: (db: AccountDb, deviceId: DeviceId) => import("kysely
|
|
7
|
-
|
|
8
|
-
|
|
6
|
+
export declare const readQB: (db: AccountDb, deviceId: DeviceId) => import("kysely").SelectQueryBuilder<import("../db/index.js").DatabaseSchema, "device", {
|
|
7
|
+
id: `dev-${string}`;
|
|
8
|
+
ipAddress: string;
|
|
9
|
+
lastSeenAt: `${string}T${string}Z`;
|
|
10
|
+
sessionId: `ses-${string}`;
|
|
11
|
+
userAgent: string | null;
|
|
12
|
+
}>;
|
|
13
|
+
export declare const updateQB: (db: AccountDb, deviceId: DeviceId, { sessionId, userAgent, ipAddress, lastSeenAt }: Partial<DeviceData>) => import("kysely").UpdateQueryBuilder<import("../db/index.js").DatabaseSchema, "device", "device", import("kysely").UpdateResult>;
|
|
14
|
+
export declare const removeQB: (db: AccountDb, deviceId: DeviceId) => import("kysely").DeleteQueryBuilder<import("../db/index.js").DatabaseSchema, "device", import("kysely").DeleteResult>;
|
|
9
15
|
//# sourceMappingURL=device.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"device.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/device.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AACnC,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AAE9D,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAElD,eAAO,MAAM,eAAe,QACrB,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,KAClC,UAKD,CAAA;AAEF,eAAO,MAAM,QAAQ,OACf,SAAS,YACH,QAAQ,mDAC+B,UAAU,0HAQzD,CAAA;AAEJ,eAAO,MAAM,MAAM,OAAQ,SAAS,YAAY,QAAQ,
|
|
1
|
+
{"version":3,"file":"device.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/device.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AACnC,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AAE9D,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAElD,eAAO,MAAM,eAAe,QACrB,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,KAClC,UAKD,CAAA;AAEF,eAAO,MAAM,QAAQ,OACf,SAAS,YACH,QAAQ,mDAC+B,UAAU,0HAQzD,CAAA;AAEJ,eAAO,MAAM,MAAM,OAAQ,SAAS,YAAY,QAAQ;;;;;;EACW,CAAA;AAEnE,eAAO,MAAM,QAAQ,OACf,SAAS,YACH,QAAQ,mDAC+B,OAAO,CAAC,UAAU,CAAC,oIAUvC,CAAA;AAE/B,eAAO,MAAM,QAAQ,OAAQ,SAAS,YAAY,QAAQ,0HACH,CAAA"}
|
|
@@ -15,10 +15,10 @@ export const createQB = (db, deviceId, { sessionId, userAgent, ipAddress, lastSe
|
|
|
15
15
|
export const readQB = (db, deviceId) => db.db.selectFrom('device').where('id', '=', deviceId).selectAll();
|
|
16
16
|
export const updateQB = (db, deviceId, { sessionId, userAgent, ipAddress, lastSeenAt }) => db.db
|
|
17
17
|
.updateTable('device')
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
18
|
+
.$if(sessionId != null, (qb) => qb.set({ sessionId }))
|
|
19
|
+
.$if(userAgent != null, (qb) => qb.set({ userAgent }))
|
|
20
|
+
.$if(ipAddress != null, (qb) => qb.set({ ipAddress }))
|
|
21
|
+
.$if(lastSeenAt != null, (qb) => qb.set({ lastSeenAt: toDateISO(lastSeenAt) }))
|
|
22
22
|
.where('id', '=', deviceId);
|
|
23
23
|
export const removeQB = (db, deviceId) => db.db.deleteFrom('device').where('id', '=', deviceId);
|
|
24
24
|
//# sourceMappingURL=device.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"device.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/device.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAA;AAG1D,MAAM,CAAC,MAAM,eAAe,GAAG,CAC7B,GAAmC,EACvB,EAAE,CAAC,CAAC;IAChB,SAAS,EAAE,GAAG,CAAC,SAAS;IACxB,SAAS,EAAE,GAAG,CAAC,SAAS;IACxB,SAAS,EAAE,GAAG,CAAC,SAAS;IACxB,UAAU,EAAE,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC;CACxC,CAAC,CAAA;AAEF,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,QAAkB,EAClB,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAc,EAC3D,EAAE,CACF,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;IAChC,EAAE,EAAE,QAAQ;IACZ,SAAS;IACT,SAAS;IACT,SAAS;IACT,UAAU,EAAE,SAAS,CAAC,UAAU,CAAC;CAClC,CAAC,CAAA;AAEJ,MAAM,CAAC,MAAM,MAAM,GAAG,CAAC,EAAa,EAAE,QAAkB,EAAE,EAAE,CAC1D,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC,SAAS,EAAE,CAAA;AAEnE,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,QAAkB,EAClB,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAuB,EACpE,EAAE,CACF,EAAE,CAAC,EAAE;KACF,WAAW,CAAC,QAAQ,CAAC;KACrB,
|
|
1
|
+
{"version":3,"file":"device.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/device.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAA;AAG1D,MAAM,CAAC,MAAM,eAAe,GAAG,CAC7B,GAAmC,EACvB,EAAE,CAAC,CAAC;IAChB,SAAS,EAAE,GAAG,CAAC,SAAS;IACxB,SAAS,EAAE,GAAG,CAAC,SAAS;IACxB,SAAS,EAAE,GAAG,CAAC,SAAS;IACxB,UAAU,EAAE,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC;CACxC,CAAC,CAAA;AAEF,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,QAAkB,EAClB,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAc,EAC3D,EAAE,CACF,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;IAChC,EAAE,EAAE,QAAQ;IACZ,SAAS;IACT,SAAS;IACT,SAAS;IACT,UAAU,EAAE,SAAS,CAAC,UAAU,CAAC;CAClC,CAAC,CAAA;AAEJ,MAAM,CAAC,MAAM,MAAM,GAAG,CAAC,EAAa,EAAE,QAAkB,EAAE,EAAE,CAC1D,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC,SAAS,EAAE,CAAA;AAEnE,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,QAAkB,EAClB,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAuB,EACpE,EAAE,CACF,EAAE,CAAC,EAAE;KACF,WAAW,CAAC,QAAQ,CAAC;KACrB,GAAG,CAAC,SAAS,IAAI,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;KACrD,GAAG,CAAC,SAAS,IAAI,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;KACrD,GAAG,CAAC,SAAS,IAAI,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;KACrD,GAAG,CAAC,UAAU,IAAI,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,CAC9B,EAAE,CAAC,GAAG,CAAC,EAAE,UAAU,EAAE,SAAS,CAAC,UAAW,CAAC,EAAE,CAAC,CAC/C;KACA,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAA;AAE/B,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,EAAa,EAAE,QAAkB,EAAE,EAAE,CAC5D,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAA","sourcesContent":["import { Selectable } from 'kysely'\nimport { DeviceData, DeviceId } from '@atproto/oauth-provider'\nimport { fromDateISO, toDateISO } from '../../db/index.js'\nimport { AccountDb, Device } from '../db/index.js'\n\nexport const rowToDeviceData = (\n row: Omit<Selectable<Device>, 'id'>,\n): DeviceData => ({\n sessionId: row.sessionId,\n userAgent: row.userAgent,\n ipAddress: row.ipAddress,\n lastSeenAt: fromDateISO(row.lastSeenAt),\n})\n\nexport const createQB = (\n db: AccountDb,\n deviceId: DeviceId,\n { sessionId, userAgent, ipAddress, lastSeenAt }: DeviceData,\n) =>\n db.db.insertInto('device').values({\n id: deviceId,\n sessionId,\n userAgent,\n ipAddress,\n lastSeenAt: toDateISO(lastSeenAt),\n })\n\nexport const readQB = (db: AccountDb, deviceId: DeviceId) =>\n db.db.selectFrom('device').where('id', '=', deviceId).selectAll()\n\nexport const updateQB = (\n db: AccountDb,\n deviceId: DeviceId,\n { sessionId, userAgent, ipAddress, lastSeenAt }: Partial<DeviceData>,\n) =>\n db.db\n .updateTable('device')\n .$if(sessionId != null, (qb) => qb.set({ sessionId }))\n .$if(userAgent != null, (qb) => qb.set({ userAgent }))\n .$if(ipAddress != null, (qb) => qb.set({ ipAddress }))\n .$if(lastSeenAt != null, (qb) =>\n qb.set({ lastSeenAt: toDateISO(lastSeenAt!) }),\n )\n .where('id', '=', deviceId)\n\nexport const removeQB = (db: AccountDb, deviceId: DeviceId) =>\n db.db.deleteFrom('device').where('id', '=', deviceId)\n"]}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { DatetimeString, DidString } from '@atproto/lex';
|
|
2
2
|
import { com } from '../../lexicons/index.js';
|
|
3
|
-
import { AccountDb } from '../db/index.js';
|
|
3
|
+
import { AccountDb, InviteCode } from '../db/index.js';
|
|
4
4
|
export type CodeDetail = com.atproto.server.defs.InviteCode;
|
|
5
5
|
export type CodeUse = com.atproto.server.defs.InviteCodeUse;
|
|
6
6
|
export declare const createInviteCodes: (db: AccountDb, toCreate: {
|
|
@@ -14,7 +14,40 @@ export declare const recordInviteUse: (db: AccountDb, opts: {
|
|
|
14
14
|
now: DatetimeString;
|
|
15
15
|
}) => Promise<void>;
|
|
16
16
|
export declare const ensureInviteIsAvailable: (db: AccountDb, inviteCode: string) => Promise<void>;
|
|
17
|
-
export declare const selectInviteCodesQb: (db: AccountDb) => import("kysely
|
|
17
|
+
export declare const selectInviteCodesQb: (db: AccountDb) => import("kysely").SelectQueryBuilder<{
|
|
18
|
+
account: import("../db/index.js").Account;
|
|
19
|
+
account_device: import("../db/index.js").AccountDevice;
|
|
20
|
+
actor: import("../db/index.js").Actor;
|
|
21
|
+
app_password: import("../db/index.js").AppPassword;
|
|
22
|
+
authorization_request: import("../db/index.js").AuthorizationRequest;
|
|
23
|
+
authorized_client: import("../db/schema/authorized-client.js").AuthorizedClient;
|
|
24
|
+
codes: {
|
|
25
|
+
available: number;
|
|
26
|
+
code: string;
|
|
27
|
+
createdAt: DatetimeString;
|
|
28
|
+
createdBy: string;
|
|
29
|
+
disabled: 0 | 1;
|
|
30
|
+
forAccount: string;
|
|
31
|
+
uses: number | null;
|
|
32
|
+
};
|
|
33
|
+
device: import("../db/index.js").Device;
|
|
34
|
+
email_token: import("../db/index.js").EmailToken;
|
|
35
|
+
invite_code: InviteCode;
|
|
36
|
+
invite_code_use: import("../db/index.js").InviteCodeUse;
|
|
37
|
+
lexicon: import("../db/index.js").Lexicon;
|
|
38
|
+
refresh_token: import("../db/index.js").RefreshToken;
|
|
39
|
+
repo_root: import("../db/index.js").RepoRoot;
|
|
40
|
+
token: import("../db/index.js").Token;
|
|
41
|
+
used_refresh_token: import("../db/index.js").UsedRefreshToken;
|
|
42
|
+
}, "codes", {
|
|
43
|
+
available: number;
|
|
44
|
+
code: string;
|
|
45
|
+
createdAt: DatetimeString;
|
|
46
|
+
createdBy: string;
|
|
47
|
+
disabled: 0 | 1;
|
|
48
|
+
forAccount: string;
|
|
49
|
+
uses: number | null;
|
|
50
|
+
}>;
|
|
18
51
|
export declare const getAccountsInviteCodes: (db: AccountDb, dids: string[]) => Promise<Map<string, CodeDetail[]>>;
|
|
19
52
|
export declare const getInviteCodesUses: (db: AccountDb, codes: string[]) => Promise<Record<string, CodeUse[]>>;
|
|
20
53
|
export declare const getInvitedByForAccounts: (db: AccountDb, dids: DidString[]) => Promise<Record<string, CodeDetail>>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"invite.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/invite.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,SAAS,EAAyB,MAAM,cAAc,CAAA;AAG/E,OAAO,EAAE,GAAG,EAAE,MAAM,yBAAyB,CAAA;AAC7C,OAAO,EAAE,SAAS,
|
|
1
|
+
{"version":3,"file":"invite.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/invite.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,SAAS,EAAyB,MAAM,cAAc,CAAA;AAG/E,OAAO,EAAE,GAAG,EAAE,MAAM,yBAAyB,CAAA;AAC7C,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAEtD,MAAM,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAA;AAC3D,MAAM,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAA;AAE3D,eAAO,MAAM,iBAAiB,OACxB,SAAS,YACH;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,EAAE,CAAA;CAAE,EAAE,YACtC,MAAM,kBAkBjB,CAAA;AAED,eAAO,MAAM,wBAAwB,OAC/B,SAAS,cACD,MAAM,SACX,MAAM,EAAE,iBACA,MAAM,YACX,CAAC,GAAG,CAAC,KACd,OAAO,CAAC,UAAU,EAAE,CA+BtB,CAAA;AAED,eAAO,MAAM,eAAe,OACtB,SAAS,QACP;IACJ,GAAG,EAAE,SAAS,CAAA;IACd,UAAU,EAAE,MAAM,GAAG,SAAS,CAAA;IAC9B,GAAG,EAAE,cAAc,CAAA;CACpB,kBAUF,CAAA;AAED,eAAO,MAAM,uBAAuB,OAC9B,SAAS,cACD,MAAM,KACjB,OAAO,CAAC,IAAI,CA4Bd,CAAA;AAED,eAAO,MAAM,mBAAmB,OAAQ,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkBhD,CAAA;AAED,eAAO,MAAM,sBAAsB,OAC7B,SAAS,QACP,MAAM,EAAE,KACb,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC,CAqBnC,CAAA;AAED,eAAO,MAAM,kBAAkB,OACzB,SAAS,SACN,MAAM,EAAE,KACd,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,CAgBnC,CAAA;AAED,eAAO,MAAM,uBAAuB,OAC9B,SAAS,QACP,SAAS,EAAE,KAChB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAiCpC,CAAA;AAED,eAAO,MAAM,kBAAkB,OACzB,SAAS,QACP;IAAE,KAAK,EAAE,MAAM,EAAE,CAAC;IAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;CAAE,kBAmB9C,CAAA;AAED,eAAO,MAAM,yBAAyB,OAChC,SAAS,OACR,SAAS,YACJ,OAAO,kBAQlB,CAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lexicon.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/lexicon.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"lexicon.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/lexicon.ts"],"names":[],"mappings":"AAAA,OAAO,EAA6B,WAAW,EAAE,MAAM,yBAAyB,CAAA;AAEhF,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAE1C,wBAAsB,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,iBAoC1E;AAED,wBAAsB,IAAI,CACxB,EAAE,EAAE,SAAS,EACb,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAiB7B;AAED,wBAAsB,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,iBAEvD"}
|
|
@@ -1,6 +1,12 @@
|
|
|
1
1
|
import { LEXICON_REFRESH_FREQUENCY } from '@atproto/oauth-provider';
|
|
2
2
|
import { fromDateISO, fromJson, toDateISO, toJson } from '../../db/index.js';
|
|
3
3
|
export async function upsert(db, nsid, data) {
|
|
4
|
+
// @TODO not annotated as `Omit<Insertable<Lexicon>, 'nsid'>`. Insertable's
|
|
5
|
+
// nullable/non-nullable key partition evaluates `IsNullable<InsertType<…>>`
|
|
6
|
+
// per column, which for the recursive `JsonEncoded<LexiconDocument>` column
|
|
7
|
+
// overflows the tsgo (TS7) checker's instantiation depth (TS2589). The older
|
|
8
|
+
// tsc handled it; the `.values()`/`.doUpdateSet()` calls below still
|
|
9
|
+
// type-check this object against the insert type regardless.
|
|
4
10
|
const updates = {
|
|
5
11
|
...data,
|
|
6
12
|
createdAt: toDateISO(data.createdAt),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lexicon.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/lexicon.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"lexicon.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/lexicon.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yBAAyB,EAAe,MAAM,yBAAyB,CAAA;AAChF,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAG5E,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,EAAa,EAAE,IAAY,EAAE,IAAiB;IACzE,2EAA2E;IAC3E,4EAA4E;IAC5E,4EAA4E;IAC5E,6EAA6E;IAC7E,qEAAqE;IACrE,6DAA6D;IAC7D,MAAM,OAAO,GAAG;QACd,GAAG,IAAI;QACP,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;QACpC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;QACpC,eAAe,EAAE,IAAI,CAAC,eAAe;YACnC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,eAAe,CAAC;YACjC,CAAC,CAAC,IAAI;QACR,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI;KACpD,CAAA;IAED,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,SAAS,CAAC;SACrB,MAAM,CAAC,EAAE,GAAG,OAAO,EAAE,IAAI,EAAE,CAAC;SAC5B,UAAU,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAC9D,CAAA;IAED,4DAA4D;IAC5D,8BAA8B;IAC9B,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,SAAS,CAAC;SACrB,KAAK,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC;SAC5B,KAAK,CACJ,WAAW,EACX,GAAG,EACH,SAAS,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,yBAAyB,CAAC,CAAC,CAC5D,CACJ,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,IAAI,CACxB,EAAa,EACb,IAAY;IAEZ,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,EAAE;SACpB,UAAU,CAAC,SAAS,CAAC;SACrB,SAAS,EAAE;SACX,KAAK,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC;SACxB,gBAAgB,EAAE,CAAA;IACrB,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAA;IAErB,OAAO;QACL,GAAG,GAAG;QACN,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC;QACrC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC;QACrC,eAAe,EAAE,GAAG,CAAC,eAAe;YAClC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,eAAe,CAAC;YAClC,CAAC,CAAC,IAAI;QACR,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI;KACpD,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,EAAa,EAAE,IAAY;IACtD,MAAM,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC,OAAO,EAAE,CAAA;AACtE,CAAC","sourcesContent":["import { LEXICON_REFRESH_FREQUENCY, LexiconData } from '@atproto/oauth-provider'\nimport { fromDateISO, fromJson, toDateISO, toJson } from '../../db/index.js'\nimport { AccountDb } from '../db/index.js'\n\nexport async function upsert(db: AccountDb, nsid: string, data: LexiconData) {\n // @TODO not annotated as `Omit<Insertable<Lexicon>, 'nsid'>`. Insertable's\n // nullable/non-nullable key partition evaluates `IsNullable<InsertType<…>>`\n // per column, which for the recursive `JsonEncoded<LexiconDocument>` column\n // overflows the tsgo (TS7) checker's instantiation depth (TS2589). The older\n // tsc handled it; the `.values()`/`.doUpdateSet()` calls below still\n // type-check this object against the insert type regardless.\n const updates = {\n ...data,\n createdAt: toDateISO(data.createdAt),\n updatedAt: toDateISO(data.updatedAt),\n lastSucceededAt: data.lastSucceededAt\n ? toDateISO(data.lastSucceededAt)\n : null,\n lexicon: data.lexicon ? toJson(data.lexicon) : null,\n }\n\n await db.executeWithRetry(\n db.db\n .insertInto('lexicon')\n .values({ ...updates, nsid })\n .onConflict((oc) => oc.column('nsid').doUpdateSet(updates)),\n )\n\n // Garbage collection: remove old, never resolved, lexicons.\n // Uses \"lexicon_failures_idx\"\n await db.executeWithRetry(\n db.db\n .deleteFrom('lexicon')\n .where('lexicon', 'is', null)\n .where(\n 'updatedAt',\n '<',\n toDateISO(new Date(Date.now() - LEXICON_REFRESH_FREQUENCY)),\n ),\n )\n}\n\nexport async function find(\n db: AccountDb,\n nsid: string,\n): Promise<LexiconData | null> {\n const row = await db.db\n .selectFrom('lexicon')\n .selectAll()\n .where('nsid', '=', nsid)\n .executeTakeFirst()\n if (!row) return null\n\n return {\n ...row,\n createdAt: fromDateISO(row.createdAt),\n updatedAt: fromDateISO(row.updatedAt),\n lastSucceededAt: row.lastSucceededAt\n ? fromDateISO(row.lastSucceededAt)\n : null,\n lexicon: row.lexicon ? fromJson(row.lexicon) : null,\n }\n}\n\nexport async function remove(db: AccountDb, nsid: string) {\n await db.db.deleteFrom('lexicon').where('nsid', '=', nsid).execute()\n}\n"]}
|
|
@@ -18,4 +18,5 @@ export declare const listAppPasswords: (db: AccountDb, did: string) => Promise<{
|
|
|
18
18
|
privileged: boolean;
|
|
19
19
|
}[]>;
|
|
20
20
|
export declare const deleteAppPassword: (db: AccountDb, did: string, name: string) => Promise<void>;
|
|
21
|
+
export declare const deleteAllAppPasswords: (db: AccountDb, did: string) => Promise<void>;
|
|
21
22
|
//# sourceMappingURL=password.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/password.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAyB,MAAM,cAAc,CAAA;AAEpE,OAAO,EAAE,GAAG,EAAE,MAAM,yBAAyB,CAAA;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAG1C,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,MAAM,CAAA;IACZ,UAAU,EAAE,OAAO,CAAA;CACpB,CAAA;AAED,eAAO,MAAM,qBAAqB,OAC5B,SAAS,OACR,MAAM,YACD,MAAM,KACf,OAAO,CAAC,OAAO,CAOjB,CAAA;AAED,eAAO,MAAM,iBAAiB,OACxB,SAAS,OACR,MAAM,YACD,MAAM,KACf,OAAO,CAAC,eAAe,GAAG,IAAI,CAahC,CAAA;AAED,eAAO,MAAM,kBAAkB,OACzB,SAAS,QACP;IACJ,GAAG,EAAE,MAAM,CAAA;IACX,cAAc,EAAE,MAAM,CAAA;CACvB,kBAQF,CAAA;AAED,eAAO,MAAM,iBAAiB,OACxB,SAAS,OACR,MAAM,QACL,MAAM,cACA,OAAO,KAClB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,WAAW,CAiC1D,CAAA;AAED,eAAO,MAAM,gBAAgB,OACvB,SAAS,OACR,MAAM,KACV,OAAO,CACR;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,cAAc,CAAC;IAAC,UAAU,EAAE,OAAO,CAAA;CAAE,EAAE,CAanE,CAAA;AAED,eAAO,MAAM,iBAAiB,OACxB,SAAS,OACR,MAAM,QACL,MAAM,kBAQb,CAAA"}
|
|
1
|
+
{"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/password.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAyB,MAAM,cAAc,CAAA;AAEpE,OAAO,EAAE,GAAG,EAAE,MAAM,yBAAyB,CAAA;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAG1C,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,MAAM,CAAA;IACZ,UAAU,EAAE,OAAO,CAAA;CACpB,CAAA;AAED,eAAO,MAAM,qBAAqB,OAC5B,SAAS,OACR,MAAM,YACD,MAAM,KACf,OAAO,CAAC,OAAO,CAOjB,CAAA;AAED,eAAO,MAAM,iBAAiB,OACxB,SAAS,OACR,MAAM,YACD,MAAM,KACf,OAAO,CAAC,eAAe,GAAG,IAAI,CAahC,CAAA;AAED,eAAO,MAAM,kBAAkB,OACzB,SAAS,QACP;IACJ,GAAG,EAAE,MAAM,CAAA;IACX,cAAc,EAAE,MAAM,CAAA;CACvB,kBAQF,CAAA;AAED,eAAO,MAAM,iBAAiB,OACxB,SAAS,OACR,MAAM,QACL,MAAM,cACA,OAAO,KAClB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,WAAW,CAiC1D,CAAA;AAED,eAAO,MAAM,gBAAgB,OACvB,SAAS,OACR,MAAM,KACV,OAAO,CACR;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,cAAc,CAAC;IAAC,UAAU,EAAE,OAAO,CAAA;CAAE,EAAE,CAanE,CAAA;AAED,eAAO,MAAM,iBAAiB,OACxB,SAAS,OACR,MAAM,QACL,MAAM,kBAQb,CAAA;AAED,eAAO,MAAM,qBAAqB,OAAc,SAAS,OAAO,MAAM,kBAIrE,CAAA"}
|
|
@@ -82,4 +82,7 @@ export const deleteAppPassword = async (db, did, name) => {
|
|
|
82
82
|
.where('did', '=', did)
|
|
83
83
|
.where('name', '=', name));
|
|
84
84
|
};
|
|
85
|
+
export const deleteAllAppPasswords = async (db, did) => {
|
|
86
|
+
await db.executeWithRetry(db.db.deleteFrom('app_password').where('did', '=', did));
|
|
87
|
+
};
|
|
85
88
|
//# sourceMappingURL=password.js.map
|