@atproto/pds 0.5.5 → 0.5.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +31 -0
- package/dist/account-manager/account-manager.d.ts +51 -13
- package/dist/account-manager/account-manager.d.ts.map +1 -1
- package/dist/account-manager/account-manager.js +86 -26
- package/dist/account-manager/account-manager.js.map +1 -1
- package/dist/account-manager/db/migrations/005-oauth-account-management.d.ts.map +1 -1
- package/dist/account-manager/db/migrations/005-oauth-account-management.js +3 -4
- package/dist/account-manager/db/migrations/005-oauth-account-management.js.map +1 -1
- package/dist/account-manager/db/schema/authorization-request.d.ts +2 -2
- package/dist/account-manager/db/schema/authorization-request.d.ts.map +1 -1
- package/dist/account-manager/db/schema/authorization-request.js.map +1 -1
- package/dist/account-manager/db/schema/authorized-client.d.ts +2 -2
- package/dist/account-manager/db/schema/authorized-client.d.ts.map +1 -1
- package/dist/account-manager/db/schema/authorized-client.js.map +1 -1
- package/dist/account-manager/db/schema/token.d.ts +2 -2
- package/dist/account-manager/db/schema/token.d.ts.map +1 -1
- package/dist/account-manager/db/schema/token.js.map +1 -1
- package/dist/account-manager/helpers/account-device.d.ts +23 -196
- package/dist/account-manager/helpers/account-device.d.ts.map +1 -1
- package/dist/account-manager/helpers/account-device.js +3 -3
- package/dist/account-manager/helpers/account-device.js.map +1 -1
- package/dist/account-manager/helpers/account.d.ts +14 -4
- package/dist/account-manager/helpers/account.d.ts.map +1 -1
- package/dist/account-manager/helpers/account.js +17 -11
- package/dist/account-manager/helpers/account.js.map +1 -1
- package/dist/account-manager/helpers/auth.js +1 -1
- package/dist/account-manager/helpers/auth.js.map +1 -1
- package/dist/account-manager/helpers/authorization-request.d.ts +83 -5
- package/dist/account-manager/helpers/authorization-request.d.ts.map +1 -1
- package/dist/account-manager/helpers/authorization-request.js +8 -8
- package/dist/account-manager/helpers/authorization-request.js.map +1 -1
- package/dist/account-manager/helpers/authorized-client.d.ts +5 -4
- package/dist/account-manager/helpers/authorized-client.d.ts.map +1 -1
- package/dist/account-manager/helpers/authorized-client.js +3 -0
- package/dist/account-manager/helpers/authorized-client.js.map +1 -1
- package/dist/account-manager/helpers/device.d.ts +9 -3
- package/dist/account-manager/helpers/device.d.ts.map +1 -1
- package/dist/account-manager/helpers/device.js +4 -4
- package/dist/account-manager/helpers/device.js.map +1 -1
- package/dist/account-manager/helpers/invite.d.ts +35 -2
- package/dist/account-manager/helpers/invite.d.ts.map +1 -1
- package/dist/account-manager/helpers/lexicon.d.ts.map +1 -1
- package/dist/account-manager/helpers/lexicon.js +6 -0
- package/dist/account-manager/helpers/lexicon.js.map +1 -1
- package/dist/account-manager/helpers/password.d.ts +1 -0
- package/dist/account-manager/helpers/password.d.ts.map +1 -1
- package/dist/account-manager/helpers/password.js +3 -0
- package/dist/account-manager/helpers/password.js.map +1 -1
- package/dist/account-manager/helpers/token.d.ts +72 -1031
- package/dist/account-manager/helpers/token.d.ts.map +1 -1
- package/dist/account-manager/helpers/token.js +13 -10
- package/dist/account-manager/helpers/token.js.map +1 -1
- package/dist/account-manager/helpers/used-refresh-token.d.ts +6 -2
- package/dist/account-manager/helpers/used-refresh-token.d.ts.map +1 -1
- package/dist/account-manager/oauth-store.d.ts +17 -13
- package/dist/account-manager/oauth-store.d.ts.map +1 -1
- package/dist/account-manager/oauth-store.js +89 -39
- package/dist/account-manager/oauth-store.js.map +1 -1
- package/dist/actor-store/blob/reader.d.ts.map +1 -1
- package/dist/actor-store/blob/reader.js +2 -3
- package/dist/actor-store/blob/reader.js.map +1 -1
- package/dist/actor-store/record/reader.js +3 -3
- package/dist/actor-store/record/reader.js.map +1 -1
- package/dist/actor-store/repo/sql-repo-reader.d.ts +5 -1
- package/dist/actor-store/repo/sql-repo-reader.d.ts.map +1 -1
- package/dist/actor-store/repo/sql-repo-reader.js.map +1 -1
- package/dist/api/com/atproto/admin/updateSubjectStatus.d.ts.map +1 -1
- package/dist/api/com/atproto/admin/updateSubjectStatus.js +12 -4
- package/dist/api/com/atproto/admin/updateSubjectStatus.js.map +1 -1
- package/dist/api/com/atproto/server/activateAccount.d.ts.map +1 -1
- package/dist/api/com/atproto/server/activateAccount.js +25 -31
- package/dist/api/com/atproto/server/activateAccount.js.map +1 -1
- package/dist/api/com/atproto/server/deactivateAccount.d.ts.map +1 -1
- package/dist/api/com/atproto/server/deactivateAccount.js +3 -4
- package/dist/api/com/atproto/server/deactivateAccount.js.map +1 -1
- package/dist/api/com/atproto/server/deleteAccount.d.ts.map +1 -1
- package/dist/api/com/atproto/server/deleteAccount.js +51 -37
- package/dist/api/com/atproto/server/deleteAccount.js.map +1 -1
- package/dist/api/com/atproto/server/util.d.ts +25 -6
- package/dist/api/com/atproto/server/util.d.ts.map +1 -1
- package/dist/api/com/atproto/server/util.js.map +1 -1
- package/dist/background.d.ts +12 -6
- package/dist/background.d.ts.map +1 -1
- package/dist/background.js +32 -13
- package/dist/background.js.map +1 -1
- package/dist/config/config.d.ts +2 -1
- package/dist/config/config.d.ts.map +1 -1
- package/dist/config/config.js +4 -1
- package/dist/config/config.js.map +1 -1
- package/dist/context.d.ts.map +1 -1
- package/dist/context.js +5 -32
- package/dist/context.js.map +1 -1
- package/dist/db/migrator.d.ts +4 -3
- package/dist/db/migrator.d.ts.map +1 -1
- package/dist/db/migrator.js +1 -1
- package/dist/db/migrator.js.map +1 -1
- package/dist/db/pagination.d.ts +2 -1
- package/dist/db/pagination.d.ts.map +1 -1
- package/dist/db/pagination.js +2 -2
- package/dist/db/pagination.js.map +1 -1
- package/dist/db/util.d.ts +3 -3
- package/dist/db/util.d.ts.map +1 -1
- package/dist/db/util.js.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +33 -11
- package/dist/index.js.map +1 -1
- package/dist/lexicons/app/bsky/notification/defs.defs.d.ts +5 -0
- package/dist/lexicons/app/bsky/notification/defs.defs.d.ts.map +1 -1
- package/dist/lexicons/app/bsky/notification/defs.defs.js +1 -0
- package/dist/lexicons/app/bsky/notification/defs.defs.js.map +1 -1
- package/dist/lexicons/chat/bsky/notification/defs.d.ts +2 -0
- package/dist/lexicons/chat/bsky/notification/defs.d.ts.map +1 -0
- package/dist/lexicons/chat/bsky/notification/defs.defs.d.ts +20 -0
- package/dist/lexicons/chat/bsky/notification/defs.defs.d.ts.map +1 -0
- package/dist/lexicons/chat/bsky/notification/defs.defs.js +19 -0
- package/dist/lexicons/chat/bsky/notification/defs.defs.js.map +1 -0
- package/dist/lexicons/chat/bsky/notification/defs.js +5 -0
- package/dist/lexicons/chat/bsky/notification/defs.js.map +1 -0
- package/dist/lexicons/chat/bsky/notification/getPreferences.d.ts +3 -0
- package/dist/lexicons/chat/bsky/notification/getPreferences.d.ts.map +1 -0
- package/dist/lexicons/chat/bsky/notification/getPreferences.defs.d.ts +18 -0
- package/dist/lexicons/chat/bsky/notification/getPreferences.defs.d.ts.map +1 -0
- package/dist/lexicons/chat/bsky/notification/getPreferences.defs.js +16 -0
- package/dist/lexicons/chat/bsky/notification/getPreferences.defs.js.map +1 -0
- package/dist/lexicons/chat/bsky/notification/getPreferences.js +6 -0
- package/dist/lexicons/chat/bsky/notification/getPreferences.js.map +1 -0
- package/dist/lexicons/chat/bsky/notification/putPreferences.d.ts +3 -0
- package/dist/lexicons/chat/bsky/notification/putPreferences.d.ts.map +1 -0
- package/dist/lexicons/chat/bsky/notification/putPreferences.defs.d.ts +27 -0
- package/dist/lexicons/chat/bsky/notification/putPreferences.defs.d.ts.map +1 -0
- package/dist/lexicons/chat/bsky/notification/putPreferences.defs.js +22 -0
- package/dist/lexicons/chat/bsky/notification/putPreferences.defs.js.map +1 -0
- package/dist/lexicons/chat/bsky/notification/putPreferences.js +6 -0
- package/dist/lexicons/chat/bsky/notification/putPreferences.js.map +1 -0
- package/dist/lexicons/chat/bsky/notification.d.ts +4 -0
- package/dist/lexicons/chat/bsky/notification.d.ts.map +1 -0
- package/dist/lexicons/chat/bsky/notification.js +7 -0
- package/dist/lexicons/chat/bsky/notification.js.map +1 -0
- package/dist/lexicons/chat/bsky.d.ts +1 -0
- package/dist/lexicons/chat/bsky.d.ts.map +1 -1
- package/dist/lexicons/chat/bsky.js +1 -0
- package/dist/lexicons/chat/bsky.js.map +1 -1
- package/dist/lexicons/tools/ozone/report/defs.defs.d.ts +4 -0
- package/dist/lexicons/tools/ozone/report/defs.defs.d.ts.map +1 -1
- package/dist/lexicons/tools/ozone/report/defs.defs.js +2 -0
- package/dist/lexicons/tools/ozone/report/defs.defs.js.map +1 -1
- package/dist/lexicons/tools/ozone/report/queryActivities.d.ts +3 -0
- package/dist/lexicons/tools/ozone/report/queryActivities.d.ts.map +1 -0
- package/dist/lexicons/tools/ozone/report/queryActivities.defs.d.ts +42 -0
- package/dist/lexicons/tools/ozone/report/queryActivities.defs.d.ts.map +1 -0
- package/dist/lexicons/tools/ozone/report/queryActivities.defs.js +31 -0
- package/dist/lexicons/tools/ozone/report/queryActivities.defs.js.map +1 -0
- package/dist/lexicons/tools/ozone/report/queryActivities.js +6 -0
- package/dist/lexicons/tools/ozone/report/queryActivities.js.map +1 -0
- package/dist/lexicons/tools/ozone/report.d.ts +1 -0
- package/dist/lexicons/tools/ozone/report.d.ts.map +1 -1
- package/dist/lexicons/tools/ozone/report.js +1 -0
- package/dist/lexicons/tools/ozone/report.js.map +1 -1
- package/dist/mailer/index.d.ts +2 -0
- package/dist/mailer/index.d.ts.map +1 -1
- package/dist/mailer/index.js +2 -0
- package/dist/mailer/index.js.map +1 -1
- package/dist/pipethrough.d.ts +3 -0
- package/dist/pipethrough.d.ts.map +1 -1
- package/dist/pipethrough.js +32 -0
- package/dist/pipethrough.js.map +1 -1
- package/dist/scripts/sequencer-recovery/recovery-db.js.map +1 -1
- package/dist/sequencer/events.d.ts.map +1 -1
- package/dist/sequencer/events.js +6 -13
- package/dist/sequencer/events.js.map +1 -1
- package/dist/sequencer/sequencer.d.ts +1 -1
- package/dist/sequencer/sequencer.d.ts.map +1 -1
- package/dist/sequencer/sequencer.js.map +1 -1
- package/package.json +14 -14
- package/src/account-manager/account-manager.ts +135 -36
- package/src/account-manager/db/migrations/005-oauth-account-management.ts +6 -5
- package/src/account-manager/db/schema/authorization-request.ts +2 -1
- package/src/account-manager/db/schema/authorized-client.ts +6 -2
- package/src/account-manager/db/schema/token.ts +2 -2
- package/src/account-manager/helpers/account-device.ts +5 -11
- package/src/account-manager/helpers/account.ts +39 -16
- package/src/account-manager/helpers/auth.ts +2 -2
- package/src/account-manager/helpers/authorization-request.ts +12 -8
- package/src/account-manager/helpers/authorized-client.ts +12 -6
- package/src/account-manager/helpers/device.ts +4 -4
- package/src/account-manager/helpers/lexicon.ts +8 -3
- package/src/account-manager/helpers/password.ts +6 -0
- package/src/account-manager/helpers/token.ts +17 -11
- package/src/account-manager/oauth-store.ts +129 -61
- package/src/actor-store/blob/reader.ts +8 -5
- package/src/actor-store/record/reader.ts +3 -3
- package/src/actor-store/repo/sql-repo-reader.ts +1 -1
- package/src/api/com/atproto/admin/updateSubjectStatus.ts +16 -4
- package/src/api/com/atproto/server/activateAccount.ts +27 -49
- package/src/api/com/atproto/server/deactivateAccount.ts +3 -7
- package/src/api/com/atproto/server/deleteAccount.ts +60 -43
- package/src/api/com/atproto/server/util.ts +24 -7
- package/src/background.ts +49 -18
- package/src/config/config.ts +7 -2
- package/src/context.ts +6 -40
- package/src/db/migrator.ts +2 -1
- package/src/db/pagination.ts +7 -7
- package/src/db/util.ts +5 -2
- package/src/index.ts +31 -13
- package/src/mailer/index.ts +4 -2
- package/src/pipethrough.ts +38 -1
- package/src/scripts/sequencer-recovery/recovery-db.ts +1 -1
- package/src/sequencer/events.ts +8 -13
- package/src/sequencer/sequencer.ts +1 -3
- package/tests/_util.ts +8 -25
- package/tests/account-deactivation.test.ts +1 -1
- package/tests/account-deletion.test.ts +1 -1
- package/tests/account-manager.test.ts +79 -0
- package/tests/account-migration.test.ts +2 -2
- package/tests/account-status.test.ts +206 -0
- package/tests/account.test.ts +1 -1
- package/tests/app-passwords.test.ts +1 -1
- package/tests/auth.test.ts +1 -1
- package/tests/blob-deletes.test.ts +1 -1
- package/tests/create-post.test.ts +1 -1
- package/tests/crud.test.ts +1 -1
- package/tests/db.test.ts +4 -4
- package/tests/email-confirmation.test.ts +1 -1
- package/tests/file-uploads.test.ts +2 -2
- package/tests/get-service-auth.test.ts +1 -1
- package/tests/handles.test.ts +1 -1
- package/tests/invite-codes.test.ts +1 -1
- package/tests/invites-admin.test.ts +1 -1
- package/tests/moderation.test.ts +1 -1
- package/tests/moderator-auth.test.ts +1 -1
- package/tests/oauth.test.ts +91 -0
- package/tests/plc-operations.test.ts +1 -1
- package/tests/preferences.test.ts +1 -1
- package/tests/proxied/admin.test.ts +1 -1
- package/tests/proxied/feedgen.test.ts +1 -1
- package/tests/proxied/notif.test.ts +6 -13
- package/tests/proxied/procedures.test.ts +1 -1
- package/tests/proxied/proxy-catchall.test.ts +9 -8
- package/tests/proxied/proxy-header.test.ts +12 -8
- package/tests/proxied/proxy-oauth-aud.test.ts +17 -10
- package/tests/proxied/read-after-write.test.ts +4 -5
- package/tests/proxied/views.test.ts +1 -1
- package/tests/races.test.ts +1 -1
- package/tests/rate-limits.test.ts +1 -1
- package/tests/recovery.test.ts +1 -1
- package/tests/seeds/basic.ts +2 -2
- package/tests/seeds/users.ts +4 -1
- package/tests/sequencer.test.ts +1 -1
- package/tests/server.test.ts +9 -12
- package/tests/sync/invertible-ops.test.ts +1 -1
- package/tests/sync/list.test.ts +1 -1
- package/tests/sync/subscribe-repos.test.ts +1 -1
- package/tests/sync/sync.test.ts +1 -1
- package/tests/takedown-appeal.test.ts +1 -1
- package/tsconfig.build.tsbuildinfo +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AACnC,OAAO,EACL,IAAI,EACJ,YAAY,EACZ,YAAY,EACZ,SAAS,EACT,OAAO,EACR,MAAM,yBAAyB,CAAA;AAEhC,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAA;AAGjD,wBAAgB,WAAW,CAAC,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,GAAG,SAAS,CAa7D;AAuBD,eAAO,MAAM,QAAQ,OACf,SAAS,WACJ,OAAO,QACV,SAAS,iBACA,YAAY,yHAiB5B,CAAA;AAED,eAAO,MAAM,WAAW,OAAQ,SAAS,MAAM,OAAO,
|
|
1
|
+
{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AACnC,OAAO,EACL,IAAI,EACJ,GAAG,EACH,YAAY,EACZ,YAAY,EACZ,SAAS,EACT,OAAO,EACR,MAAM,yBAAyB,CAAA;AAEhC,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAA;AAGjD,wBAAgB,WAAW,CAAC,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,GAAG,SAAS,CAa7D;AAuBD,eAAO,MAAM,QAAQ,OACf,SAAS,WACJ,OAAO,QACV,SAAS,iBACA,YAAY,yHAiB5B,CAAA;AAED,eAAO,MAAM,WAAW,OAAQ,SAAS,MAAM,OAAO;;;EAKZ,CAAA;AAE1C,eAAO,MAAM,QAAQ,OACf,SAAS,UACL;IACN,EAAE,CAAC,EAAE,MAAM,CAAA;IACX,GAAG,CAAC,EAAE,GAAG,CAAA;IACT,IAAI,CAAC,EAAE,IAAI,CAAA;IACX,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB,mBAAmB,CAAC,EAAE,YAAY,CAAA;CACnC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8TAoCF,CAAA;AAED,eAAO,MAAM,WAAW,OAAc,SAAS,OAAO,GAAG,kBAOxD,CAAA;AAED,eAAO,MAAM,QAAQ,OACf,SAAS,MACT,MAAM,cACE,OAAO,mBACF,YAAY,WACpB,YAAY,kIAcE,CAAA;AAEzB,eAAO,MAAM,QAAQ,OAAQ,SAAS,WAAW,OAAO,yHAEE,CAAA"}
|
|
@@ -8,7 +8,7 @@ export function toTokenData(row) {
|
|
|
8
8
|
clientId: row.clientId,
|
|
9
9
|
clientAuth: fromJson(row.clientAuth),
|
|
10
10
|
deviceId: row.deviceId,
|
|
11
|
-
|
|
11
|
+
did: row.did,
|
|
12
12
|
parameters: fromJson(row.parameters),
|
|
13
13
|
code: row.code,
|
|
14
14
|
scope: row.scope,
|
|
@@ -42,7 +42,7 @@ export const createQB = (db, tokenId, data, refreshToken) => {
|
|
|
42
42
|
clientId: data.clientId,
|
|
43
43
|
clientAuth: toJson(data.clientAuth),
|
|
44
44
|
deviceId: data.deviceId,
|
|
45
|
-
did: data.
|
|
45
|
+
did: data.did,
|
|
46
46
|
parameters: toJson(data.parameters),
|
|
47
47
|
details: data.details ? toJson(data.details) : null,
|
|
48
48
|
code: data.code,
|
|
@@ -65,27 +65,30 @@ export const findByQB = (db, search) => {
|
|
|
65
65
|
throw new TypeError('At least one search parameter is required');
|
|
66
66
|
}
|
|
67
67
|
return selectTokenInfoQB(db)
|
|
68
|
-
|
|
68
|
+
.$if(search.id !== undefined, (qb) =>
|
|
69
69
|
// uses primary key index
|
|
70
70
|
qb.where('token.id', '=', search.id))
|
|
71
|
-
|
|
71
|
+
.$if(search.did !== undefined, (qb) =>
|
|
72
72
|
// uses "token_did_idx" index
|
|
73
73
|
qb.where('token.did', '=', search.did))
|
|
74
|
-
|
|
74
|
+
.$if(search.code !== undefined, (qb) =>
|
|
75
75
|
// uses "token_code_idx" partial index (hence the null check)
|
|
76
76
|
qb
|
|
77
77
|
.where('token.code', '=', search.code)
|
|
78
78
|
.where('token.code', 'is not', null))
|
|
79
|
-
|
|
79
|
+
.$if(search.tokenId !== undefined, (qb) =>
|
|
80
80
|
// uses "token_token_id_idx"
|
|
81
81
|
qb.where('token.tokenId', '=', search.tokenId))
|
|
82
|
-
|
|
82
|
+
.$if(search.currentRefreshToken !== undefined, (qb) =>
|
|
83
83
|
// uses "token_refresh_token_unique_idx"
|
|
84
84
|
qb.where('token.currentRefreshToken', '=', search.currentRefreshToken));
|
|
85
85
|
};
|
|
86
|
-
export const
|
|
87
|
-
|
|
88
|
-
|
|
86
|
+
export const removeByDid = async (db, did) => {
|
|
87
|
+
await db.executeWithRetry(db.db
|
|
88
|
+
.deleteFrom('token')
|
|
89
|
+
// uses "token_did_idx" index
|
|
90
|
+
.where('did', '=', did));
|
|
91
|
+
};
|
|
89
92
|
export const rotateQB = (db, id, newTokenId, newRefreshToken, newData) => db.db
|
|
90
93
|
.updateTable('token')
|
|
91
94
|
.set({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/token.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"token.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/token.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAE5E,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAE9C,MAAM,UAAU,WAAW,CAAC,GAAsB;IAChD,OAAO;QACL,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC;QACrC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC;QACrC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC;QACrC,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC;QACpC,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC;QACpC,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,KAAK,EAAE,GAAG,CAAC,KAAK;KACjB,CAAA;AACH,CAAC;AAED,MAAM,iBAAiB,GAAG,CAAC,EAAa,EAAE,EAAE,CAC1C,eAAe,CAAC,EAAE,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC;IAC/C,2DAA2D;KAC1D,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,WAAW,CAAC;KAC5C,MAAM,CAAC;IACN,UAAU;IACV,eAAe;IACf,iBAAiB;IACjB,iBAAiB;IACjB,iBAAiB;IACjB,gBAAgB;IAChB,kBAAkB;IAClB,gBAAgB;IAChB,WAAW;IACX,kBAAkB;IAClB,eAAe;IACf,YAAY;IACZ,2BAA2B;IAC3B,aAAa;CACd,CAAC,CAAA;AAEN,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,OAAgB,EAChB,IAAe,EACf,YAA2B,EAC3B,EAAE;IACF,OAAO,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;QACtC,OAAO;QACP,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;QACpC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;QACpC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;QACpC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;QACnC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;QACnC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI;QACnD,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,mBAAmB,EAAE,YAAY,IAAI,IAAI;QACzC,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC,CAAA;AACJ,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,EAAa,EAAE,EAAW,EAAE,EAAE,CACxD,EAAE,CAAC,EAAE;KACF,UAAU,CAAC,OAAO,CAAC;KACnB,KAAK,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC;KACzB,KAAK,CAAC,qBAAqB,EAAE,QAAQ,EAAE,IAAI,CAAC;KAC5C,MAAM,CAAC,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC,CAAA;AAE1C,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,MAMC,EACD,EAAE;IACF,IACE,MAAM,CAAC,EAAE,KAAK,SAAS;QACvB,MAAM,CAAC,GAAG,KAAK,SAAS;QACxB,MAAM,CAAC,IAAI,KAAK,SAAS;QACzB,MAAM,CAAC,OAAO,KAAK,SAAS;QAC5B,MAAM,CAAC,mBAAmB,KAAK,SAAS,EACxC,CAAC;QACD,0BAA0B;QAC1B,MAAM,IAAI,SAAS,CAAC,2CAA2C,CAAC,CAAA;IAClE,CAAC;IAED,OAAO,iBAAiB,CAAC,EAAE,CAAC;SACzB,GAAG,CAAC,MAAM,CAAC,EAAE,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACnC,yBAAyB;IACzB,EAAE,CAAC,KAAK,CAAC,UAAU,EAAE,GAAG,EAAE,MAAM,CAAC,EAAG,CAAC,CACtC;SACA,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACpC,6BAA6B;IAC7B,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,MAAM,CAAC,GAAI,CAAC,CACxC;SACA,GAAG,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACrC,6DAA6D;IAC7D,EAAE;SACC,KAAK,CAAC,YAAY,EAAE,GAAG,EAAE,MAAM,CAAC,IAAK,CAAC;SACtC,KAAK,CAAC,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC,CACvC;SACA,GAAG,CAAC,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACxC,4BAA4B;IAC5B,EAAE,CAAC,KAAK,CAAC,eAAe,EAAE,GAAG,EAAE,MAAM,CAAC,OAAQ,CAAC,CAChD;SACA,GAAG,CAAC,MAAM,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE;IACpD,wCAAwC;IACxC,EAAE,CAAC,KAAK,CAAC,2BAA2B,EAAE,GAAG,EAAE,MAAM,CAAC,mBAAoB,CAAC,CACxE,CAAA;AACL,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,KAAK,EAAE,EAAa,EAAE,GAAQ,EAAE,EAAE;IAC3D,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,OAAO,CAAC;QACpB,6BAA6B;SAC5B,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAC1B,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,EAAU,EACV,UAAmB,EACnB,eAA6B,EAC7B,OAAqB,EACrB,EAAE,CACF,EAAE,CAAC,EAAE;KACF,WAAW,CAAC,OAAO,CAAC;KACpB,GAAG,CAAC;IACH,OAAO,EAAE,UAAU;IACnB,mBAAmB,EAAE,eAAe;IAEpC,SAAS,EAAE,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC;IACvC,SAAS,EAAE,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC;IACvC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;IACtC,KAAK,EAAE,OAAO,CAAC,KAAK;CACrB,CAAC;IACF,yBAAyB;KACxB,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,CAAA;AAEzB,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,EAAa,EAAE,OAAgB,EAAE,EAAE;AAC1D,iDAAiD;AACjD,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,SAAS,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA","sourcesContent":["import { Selectable } from 'kysely'\nimport {\n Code,\n Did,\n NewTokenData,\n RefreshToken,\n TokenData,\n TokenId,\n} from '@atproto/oauth-provider'\nimport { fromDateISO, fromJson, toDateISO, toJson } from '../../db/index.js'\nimport { AccountDb, Token } from '../db/index.js'\nimport { selectAccountQB } from './account.js'\n\nexport function toTokenData(row: Selectable<Token>): TokenData {\n return {\n createdAt: fromDateISO(row.createdAt),\n expiresAt: fromDateISO(row.expiresAt),\n updatedAt: fromDateISO(row.updatedAt),\n clientId: row.clientId,\n clientAuth: fromJson(row.clientAuth),\n deviceId: row.deviceId,\n did: row.did,\n parameters: fromJson(row.parameters),\n code: row.code,\n scope: row.scope,\n }\n}\n\nconst selectTokenInfoQB = (db: AccountDb) =>\n selectAccountQB(db, { includeDeactivated: true })\n // uses \"token_did_idx\" index (though unlikely in practice)\n .innerJoin('token', 'token.did', 'actor.did')\n .select([\n 'token.id',\n 'token.tokenId',\n 'token.createdAt',\n 'token.updatedAt',\n 'token.expiresAt',\n 'token.clientId',\n 'token.clientAuth',\n 'token.deviceId',\n 'token.did',\n 'token.parameters',\n 'token.details',\n 'token.code',\n 'token.currentRefreshToken',\n 'token.scope',\n ])\n\nexport const createQB = (\n db: AccountDb,\n tokenId: TokenId,\n data: TokenData,\n refreshToken?: RefreshToken,\n) => {\n return db.db.insertInto('token').values({\n tokenId,\n createdAt: toDateISO(data.createdAt),\n expiresAt: toDateISO(data.expiresAt),\n updatedAt: toDateISO(data.updatedAt),\n clientId: data.clientId,\n clientAuth: toJson(data.clientAuth),\n deviceId: data.deviceId,\n did: data.did,\n parameters: toJson(data.parameters),\n details: data.details ? toJson(data.details) : null,\n code: data.code,\n currentRefreshToken: refreshToken || null,\n scope: data.scope,\n })\n}\n\nexport const forRotateQB = (db: AccountDb, id: TokenId) =>\n db.db\n .selectFrom('token')\n .where('tokenId', '=', id)\n .where('currentRefreshToken', 'is not', null)\n .select(['id', 'currentRefreshToken'])\n\nexport const findByQB = (\n db: AccountDb,\n search: {\n id?: number\n did?: Did\n code?: Code\n tokenId?: TokenId\n currentRefreshToken?: RefreshToken\n },\n) => {\n if (\n search.id === undefined &&\n search.did === undefined &&\n search.code === undefined &&\n search.tokenId === undefined &&\n search.currentRefreshToken === undefined\n ) {\n // Prevent accidental scan\n throw new TypeError('At least one search parameter is required')\n }\n\n return selectTokenInfoQB(db)\n .$if(search.id !== undefined, (qb) =>\n // uses primary key index\n qb.where('token.id', '=', search.id!),\n )\n .$if(search.did !== undefined, (qb) =>\n // uses \"token_did_idx\" index\n qb.where('token.did', '=', search.did!),\n )\n .$if(search.code !== undefined, (qb) =>\n // uses \"token_code_idx\" partial index (hence the null check)\n qb\n .where('token.code', '=', search.code!)\n .where('token.code', 'is not', null),\n )\n .$if(search.tokenId !== undefined, (qb) =>\n // uses \"token_token_id_idx\"\n qb.where('token.tokenId', '=', search.tokenId!),\n )\n .$if(search.currentRefreshToken !== undefined, (qb) =>\n // uses \"token_refresh_token_unique_idx\"\n qb.where('token.currentRefreshToken', '=', search.currentRefreshToken!),\n )\n}\n\nexport const removeByDid = async (db: AccountDb, did: Did) => {\n await db.executeWithRetry(\n db.db\n .deleteFrom('token')\n // uses \"token_did_idx\" index\n .where('did', '=', did),\n )\n}\n\nexport const rotateQB = (\n db: AccountDb,\n id: number,\n newTokenId: TokenId,\n newRefreshToken: RefreshToken,\n newData: NewTokenData,\n) =>\n db.db\n .updateTable('token')\n .set({\n tokenId: newTokenId,\n currentRefreshToken: newRefreshToken,\n\n expiresAt: toDateISO(newData.expiresAt),\n updatedAt: toDateISO(newData.updatedAt),\n clientAuth: toJson(newData.clientAuth),\n scope: newData.scope,\n })\n // uses primary key index\n .where('id', '=', id)\n\nexport const removeQB = (db: AccountDb, tokenId: TokenId) =>\n // uses \"used_refresh_token_fk\" to cascade delete\n db.db.deleteFrom('token').where('tokenId', '=', tokenId)\n"]}
|
|
@@ -5,6 +5,10 @@ import { AccountDb } from '../db/index.js';
|
|
|
5
5
|
* This is done through the foreign key constraint in the database.
|
|
6
6
|
*/
|
|
7
7
|
export declare const insertQB: (db: AccountDb, tokenId: number, refreshToken: RefreshToken) => import("kysely").InsertQueryBuilder<import("../db/index.js").DatabaseSchema, "used_refresh_token", import("kysely").InsertResult>;
|
|
8
|
-
export declare const findByTokenQB: (db: AccountDb, refreshToken: RefreshToken) => import("kysely").
|
|
9
|
-
|
|
8
|
+
export declare const findByTokenQB: (db: AccountDb, refreshToken: RefreshToken) => import("kysely").SelectQueryBuilder<import("../db/index.js").DatabaseSchema, "used_refresh_token", {
|
|
9
|
+
tokenId: number;
|
|
10
|
+
}>;
|
|
11
|
+
export declare const countQB: (db: AccountDb, refreshToken: RefreshToken) => import("kysely").SelectQueryBuilder<import("../db/index.js").DatabaseSchema, "used_refresh_token", {
|
|
12
|
+
count: number;
|
|
13
|
+
}>;
|
|
10
14
|
//# sourceMappingURL=used-refresh-token.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"used-refresh-token.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/used-refresh-token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAA;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAE1C;;;GAGG;AACH,eAAO,MAAM,QAAQ,OACf,SAAS,WACJ,MAAM,gBACD,YAAY,sIAKW,CAAA;AAEvC,eAAO,MAAM,aAAa,OAAQ,SAAS,gBAAgB,YAAY,
|
|
1
|
+
{"version":3,"file":"used-refresh-token.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/used-refresh-token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAA;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAE1C;;;GAGG;AACH,eAAO,MAAM,QAAQ,OACf,SAAS,WACJ,MAAM,gBACD,YAAY,sIAKW,CAAA;AAEvC,eAAO,MAAM,aAAa,OAAQ,SAAS,gBAAgB,YAAY;;EAKjD,CAAA;AAEtB,eAAO,MAAM,OAAO,OAAQ,SAAS,gBAAgB,YAAY;;EAKG,CAAA"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { Client } from '@did-plc/lib';
|
|
2
2
|
import { Keypair } from '@atproto/crypto';
|
|
3
3
|
import { HandleString } from '@atproto/lex';
|
|
4
|
-
import { Account, AccountStore, AuthenticateAccountData, AuthorizedClientData, AuthorizedClients, ClientId, Code, DeviceAccount, DeviceData, DeviceId, DeviceStore, FoundRequestResult, LexiconData, LexiconStore, NewTokenData, RefreshToken, RequestData, RequestId, RequestStore, ResetPasswordConfirmInput, ResetPasswordRequestInput, SignUpData,
|
|
4
|
+
import { Account, AccountStore, AuthenticateAccountData, AuthorizedClientData, AuthorizedClients, ClientId, Code, DeactivateAccountData, DeleteAccountConfirmInput, DeleteAccountRequestInput, DeviceAccount, DeviceData, DeviceId, DeviceStore, Did, FoundRequestResult, LexiconData, LexiconStore, NewTokenData, ReactivateAccountData, RefreshToken, RequestData, RequestId, RequestStore, ResetPasswordConfirmInput, ResetPasswordRequestInput, SignUpData, TokenData, TokenId, TokenInfo, TokenStore, UpdateEmailConfirmInput, UpdateEmailRequestInput, UpdateEmailRequestOutput, UpdateHandleData, UpdateRequestData, VerifyEmailConfirmInput, VerifyEmailRequestInput } from '@atproto/oauth-provider';
|
|
5
5
|
import { ActorStore } from '../actor-store/actor-store.js';
|
|
6
6
|
import { BackgroundQueue } from '../background.js';
|
|
7
7
|
import { ImageUrlBuilder } from '../image/image-url-builder.js';
|
|
@@ -32,20 +32,20 @@ export declare class OAuthStore implements AccountStore, RequestStore, DeviceSto
|
|
|
32
32
|
private verifyInviteCode;
|
|
33
33
|
createAccount({ locale: _locale, inviteCode, handle, email, password, }: SignUpData): Promise<Account>;
|
|
34
34
|
authenticateAccount({ locale: _locale, username: identifier, password, emailOtp, }: AuthenticateAccountData): Promise<Account>;
|
|
35
|
-
setAuthorizedClient(
|
|
36
|
-
getAccount(
|
|
35
|
+
setAuthorizedClient(did: Did, clientId: ClientId, data: AuthorizedClientData): Promise<void>;
|
|
36
|
+
getAccount(did: Did): Promise<{
|
|
37
37
|
account: Account;
|
|
38
38
|
authorizedClients: AuthorizedClients;
|
|
39
39
|
}>;
|
|
40
40
|
upsertDeviceAccount(deviceId: DeviceId, sub: string): Promise<void>;
|
|
41
|
-
getDeviceAccount(deviceId: DeviceId,
|
|
42
|
-
removeDeviceAccount(deviceId: DeviceId,
|
|
41
|
+
getDeviceAccount(deviceId: DeviceId, did: Did): Promise<DeviceAccount | null>;
|
|
42
|
+
removeDeviceAccount(deviceId: DeviceId, did: Did): Promise<void>;
|
|
43
43
|
listDeviceAccounts(filter: {
|
|
44
|
-
|
|
44
|
+
did: Did;
|
|
45
45
|
} | {
|
|
46
46
|
deviceId: DeviceId;
|
|
47
47
|
}): Promise<DeviceAccount[]>;
|
|
48
|
-
resetPasswordRequest({
|
|
48
|
+
resetPasswordRequest({ email, locale, }: ResetPasswordRequestInput): Promise<Account | null>;
|
|
49
49
|
resetPasswordConfirm(data: ResetPasswordConfirmInput): Promise<Account | null>;
|
|
50
50
|
verifyHandleAvailability(handle: HandleString): Promise<void>;
|
|
51
51
|
createRequest(id: RequestId, data: RequestData): Promise<void>;
|
|
@@ -61,17 +61,21 @@ export declare class OAuthStore implements AccountStore, RequestStore, DeviceSto
|
|
|
61
61
|
storeLexicon(nsid: string, data: LexiconData): Promise<void>;
|
|
62
62
|
deleteLexicon(nsid: string): Promise<void>;
|
|
63
63
|
createToken(id: TokenId, data: TokenData, refreshToken?: RefreshToken): Promise<void>;
|
|
64
|
-
listAccountTokens(
|
|
64
|
+
listAccountTokens(did: Did): Promise<TokenInfo[]>;
|
|
65
65
|
readToken(tokenId: TokenId): Promise<TokenInfo | null>;
|
|
66
66
|
deleteToken(tokenId: TokenId): Promise<void>;
|
|
67
67
|
rotateToken(tokenId: TokenId, newTokenId: TokenId, newRefreshToken: RefreshToken, newData: NewTokenData): Promise<void>;
|
|
68
68
|
findTokenByRefreshToken(refreshToken: RefreshToken): Promise<TokenInfo | null>;
|
|
69
69
|
findTokenByCode(code: Code): Promise<TokenInfo | null>;
|
|
70
|
-
verifyEmailRequest({
|
|
71
|
-
verifyEmailConfirm({
|
|
72
|
-
updateEmailRequest({
|
|
73
|
-
updateEmailConfirm({
|
|
74
|
-
updateHandle({
|
|
70
|
+
verifyEmailRequest({ did, locale, }: VerifyEmailRequestInput): Promise<void>;
|
|
71
|
+
verifyEmailConfirm({ did, email, token, }: VerifyEmailConfirmInput): Promise<Account | null>;
|
|
72
|
+
updateEmailRequest({ did, locale, }: UpdateEmailRequestInput): Promise<UpdateEmailRequestOutput>;
|
|
73
|
+
updateEmailConfirm({ did, token, email, locale, }: UpdateEmailConfirmInput): Promise<Account | null>;
|
|
74
|
+
updateHandle({ did, handle }: UpdateHandleData): Promise<Account>;
|
|
75
|
+
deactivateAccount({ did }: DeactivateAccountData): Promise<Account>;
|
|
76
|
+
reactivateAccount({ did }: ReactivateAccountData): Promise<Account>;
|
|
77
|
+
deleteAccountRequest({ did, locale, }: DeleteAccountRequestInput): Promise<void>;
|
|
78
|
+
deleteAccountConfirm({ did, token, password, }: DeleteAccountConfirmInput): Promise<void>;
|
|
75
79
|
private toTokenInfo;
|
|
76
80
|
private buildAccount;
|
|
77
81
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-store.d.ts","sourceRoot":"","sources":["../../src/account-manager/oauth-store.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAA2B,MAAM,cAAc,CAAA;AAE9D,OAAO,EAAE,OAAO,EAAoB,MAAM,iBAAiB,CAAA;AAC3D,OAAO,
|
|
1
|
+
{"version":3,"file":"oauth-store.d.ts","sourceRoot":"","sources":["../../src/account-manager/oauth-store.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAA2B,MAAM,cAAc,CAAA;AAE9D,OAAO,EAAE,OAAO,EAAoB,MAAM,iBAAiB,CAAA;AAC3D,OAAO,EAAa,YAAY,EAAoB,MAAM,cAAc,CAAA;AACxE,OAAO,EACL,OAAO,EACP,YAAY,EACZ,uBAAuB,EACvB,oBAAoB,EACpB,iBAAiB,EACjB,QAAQ,EACR,IAAI,EACJ,qBAAqB,EACrB,yBAAyB,EACzB,yBAAyB,EACzB,aAAa,EACb,UAAU,EACV,QAAQ,EACR,WAAW,EACX,GAAG,EACH,kBAAkB,EAMlB,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,qBAAqB,EACrB,YAAY,EACZ,WAAW,EACX,SAAS,EACT,YAAY,EACZ,yBAAyB,EACzB,yBAAyB,EACzB,UAAU,EACV,SAAS,EACT,OAAO,EACP,SAAS,EACT,UAAU,EACV,uBAAuB,EACvB,uBAAuB,EACvB,wBAAwB,EACxB,gBAAgB,EAChB,iBAAiB,EACjB,uBAAuB,EACvB,uBAAuB,EACxB,MAAM,yBAAyB,CAAA;AAKhC,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAA;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAElD,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAA;AAE/D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAA;AACjD,OAAO,EAAE,cAAc,EAAwB,MAAM,sBAAsB,CAAA;AAW3E;;;;;GAKG;AACH,qBAAa,UACX,YAAW,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU;IAG1E,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAVjC,YACmB,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU,EACtB,eAAe,EAAE,eAAe,EAChC,eAAe,EAAE,eAAe,EAChC,MAAM,EAAE,YAAY,EACpB,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,OAAO,EACvB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,MAAM,GAAG,IAAI,EAC5C;IAEJ,OAAO,KAAK,EAAE,GAIb;IAED,OAAO,KAAK,UAAU,GAErB;YAEa,uBAAuB;YAavB,gBAAgB;IAYxB,aAAa,CAAC,EAClB,MAAM,EAAE,OAAO,EACf,UAAU,EACV,MAAM,EACN,KAAK,EACL,QAAQ,GACT,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,CAmG/B;IAEK,mBAAmB,CAAC,EACxB,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,UAAU,EACpB,QAAQ,EAER,QAAoB,GACrB,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,CAAC,CAiC5C;IAEK,mBAAmB,CACvB,GAAG,EAAE,GAAG,EACR,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,oBAAoB,GACzB,OAAO,CAAC,IAAI,CAAC,CAEf;IAEK,UAAU,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC;QAClC,OAAO,EAAE,OAAO,CAAA;QAChB,iBAAiB,EAAE,iBAAiB,CAAA;KACrC,CAAC,CAeD;IAEK,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAIxE;IAEK,gBAAgB,CACpB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAkB/B;IAEK,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAIrE;IAEK,kBAAkB,CACtB,MAAM,EAAE;QAAE,GAAG,EAAE,GAAG,CAAA;KAAE,GAAG;QAAE,QAAQ,EAAE,QAAQ,CAAA;KAAE,GAC5C,OAAO,CAAC,aAAa,EAAE,CAAC,CA6B1B;IAEK,oBAAoB,CAAC,EACzB,KAAK,EACL,MAAM,GACP,EAAE,yBAAyB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAoBrD;IAEK,oBAAoB,CACxB,IAAI,EAAE,yBAAyB,GAC9B,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAgBzB;IAEK,wBAAwB,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAwBlE;IAIK,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAInE;IAEK,WAAW,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAe5D;IAEK,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAIzE;IAEK,aAAa,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAEhD;IAEK,kBAAkB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAKvE;IAIK,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAItE;IAEK,UAAU,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,GAAG,UAAU,CAAC,CAG/D;IAEK,YAAY,CAChB,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,GACxB,OAAO,CAAC,IAAI,CAAC,CAIf;IAEK,YAAY,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAGpD;IAIK,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAE3D;IAEK,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAEjE;IAEK,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAE/C;IAIK,WAAW,CACf,EAAE,EAAE,OAAO,EACX,IAAI,EAAE,SAAS,EACf,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,IAAI,CAAC,CAcf;IAEK,iBAAiB,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CAGtD;IAEK,SAAS,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAK3D;IAEK,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAGjD;IAEK,WAAW,CACf,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,OAAO,EACnB,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,IAAI,CAAC,CA2Bf;IAEK,uBAAuB,CAC3B,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAW3B;IAEK,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAG3D;IAEK,kBAAkB,CAAC,EACvB,GAAG,EACH,MAAM,GACP,EAAE,uBAAuB,GAAG,OAAO,CAAC,IAAI,CAAC,CAUzC;IAEK,kBAAkB,CAAC,EACvB,GAAG,EACH,KAAK,EACL,KAAK,GACN,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAYnD;IAEK,kBAAkB,CAAC,EACvB,GAAG,EACH,MAAM,GACP,EAAE,uBAAuB,GAAG,OAAO,CAAC,wBAAwB,CAAC,CAE7D;IAEK,kBAAkB,CAAC,EACvB,GAAG,EACH,KAAK,EACL,KAAK,EACL,MAAM,GACP,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAenD;IAEK,YAAY,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,CAQtE;IAEK,iBAAiB,CAAC,EAAE,GAAG,EAAE,EAAE,qBAAqB,GAAG,OAAO,CAAC,OAAO,CAAC,CAMxE;IAEK,iBAAiB,CAAC,EAAE,GAAG,EAAE,EAAE,qBAAqB,GAAG,OAAO,CAAC,OAAO,CAAC,CAYxE;IAEK,oBAAoB,CAAC,EACzB,GAAG,EACH,MAAM,GACP,EAAE,yBAAyB,GAAG,OAAO,CAAC,IAAI,CAAC,CAuB3C;IAEK,oBAAoB,CAAC,EACzB,GAAG,EACH,KAAK,EACL,QAAQ,GACT,EAAE,yBAAyB,GAAG,OAAO,CAAC,IAAI,CAAC,CAoC3C;YAEa,WAAW;YAWX,YAAY;CAkC3B"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import assert from 'node:assert';
|
|
2
2
|
import { createOp as createPlcOp } from '@did-plc/lib';
|
|
3
3
|
import { Secp256k1Keypair } from '@atproto/crypto';
|
|
4
|
-
import {
|
|
4
|
+
import { getBlobCidString } from '@atproto/lex';
|
|
5
5
|
import { HandleUnavailableError, InvalidCredentialsError, InvalidInviteCodeError, InvalidRequestError, } from '@atproto/oauth-provider';
|
|
6
6
|
import { AuthRequiredError as XrpcAuthRequiredError, InvalidRequestError as XrpcInvalidRequestError, } from '@atproto/xrpc-server';
|
|
7
7
|
import { fromDateISO } from '../db/index.js';
|
|
@@ -66,7 +66,6 @@ export class OAuthStore {
|
|
|
66
66
|
async createAccount({ locale: _locale, inviteCode, handle, email, password, }) {
|
|
67
67
|
// @TODO Send an account creation confirmation email (+verification link) to the user (in their locale)
|
|
68
68
|
// @NOTE Password strength & length already enforced by the OAuthProvider
|
|
69
|
-
assert(isHandleString(handle), 'Handle must be a valid HandleString');
|
|
70
69
|
await Promise.all([
|
|
71
70
|
this.verifyEmailAvailability(email),
|
|
72
71
|
this.verifyHandleAvailability(handle),
|
|
@@ -184,27 +183,25 @@ export class OAuthStore {
|
|
|
184
183
|
throw err;
|
|
185
184
|
}
|
|
186
185
|
}
|
|
187
|
-
async setAuthorizedClient(
|
|
188
|
-
await authorizedClientHelper.upsert(this.db,
|
|
186
|
+
async setAuthorizedClient(did, clientId, data) {
|
|
187
|
+
await authorizedClientHelper.upsert(this.db, did, clientId, data);
|
|
189
188
|
}
|
|
190
|
-
async getAccount(
|
|
191
|
-
const accountRow = await this.accountManager.getAccount(
|
|
192
|
-
// @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
|
|
193
|
-
asAtIdentifierString(sub), {
|
|
189
|
+
async getAccount(did) {
|
|
190
|
+
const accountRow = await this.accountManager.getAccount(did, {
|
|
194
191
|
includeDeactivated: true,
|
|
195
192
|
includeTakenDown: false,
|
|
196
193
|
});
|
|
197
194
|
assert(accountRow, 'Account not found');
|
|
198
195
|
const account = await this.buildAccount(accountRow);
|
|
199
|
-
const authorizedClients = await authorizedClientHelper.getAuthorizedClients(this.db,
|
|
196
|
+
const authorizedClients = await authorizedClientHelper.getAuthorizedClients(this.db, did);
|
|
200
197
|
return { account, authorizedClients };
|
|
201
198
|
}
|
|
202
199
|
async upsertDeviceAccount(deviceId, sub) {
|
|
203
200
|
await this.db.executeWithRetry(accountDeviceHelper.upsertQB(this.db, deviceId, sub));
|
|
204
201
|
}
|
|
205
|
-
async getDeviceAccount(deviceId,
|
|
202
|
+
async getDeviceAccount(deviceId, did) {
|
|
206
203
|
const row = await accountDeviceHelper
|
|
207
|
-
.selectQB(this.db, { deviceId,
|
|
204
|
+
.selectQB(this.db, { deviceId, did })
|
|
208
205
|
.executeTakeFirst();
|
|
209
206
|
if (!row)
|
|
210
207
|
return null;
|
|
@@ -212,13 +209,13 @@ export class OAuthStore {
|
|
|
212
209
|
deviceId,
|
|
213
210
|
deviceData: deviceHelper.rowToDeviceData(row),
|
|
214
211
|
account: await this.buildAccount(row),
|
|
215
|
-
authorizedClients: await authorizedClientHelper.getAuthorizedClients(this.db,
|
|
212
|
+
authorizedClients: await authorizedClientHelper.getAuthorizedClients(this.db, did),
|
|
216
213
|
createdAt: fromDateISO(row.adCreatedAt),
|
|
217
214
|
updatedAt: fromDateISO(row.adUpdatedAt),
|
|
218
215
|
};
|
|
219
216
|
}
|
|
220
|
-
async removeDeviceAccount(deviceId,
|
|
221
|
-
await this.db.executeWithRetry(accountDeviceHelper.removeQB(this.db, deviceId,
|
|
217
|
+
async removeDeviceAccount(deviceId, did) {
|
|
218
|
+
await this.db.executeWithRetry(accountDeviceHelper.removeQB(this.db, deviceId, did));
|
|
222
219
|
}
|
|
223
220
|
async listDeviceAccounts(filter) {
|
|
224
221
|
const rows = await accountDeviceHelper.selectQB(this.db, filter).execute();
|
|
@@ -238,7 +235,7 @@ export class OAuthStore {
|
|
|
238
235
|
updatedAt: fromDateISO(row.adUpdatedAt),
|
|
239
236
|
}));
|
|
240
237
|
}
|
|
241
|
-
async resetPasswordRequest({
|
|
238
|
+
async resetPasswordRequest({ email, locale, }) {
|
|
242
239
|
const account = await this.accountManager.getAccountByEmail(email, {
|
|
243
240
|
includeDeactivated: true,
|
|
244
241
|
includeTakenDown: false,
|
|
@@ -247,8 +244,7 @@ export class OAuthStore {
|
|
|
247
244
|
return null;
|
|
248
245
|
const { handle } = account;
|
|
249
246
|
const token = await this.accountManager.createEmailToken(account.did, 'reset_password');
|
|
250
|
-
|
|
251
|
-
await this.mailer.sendResetPassword({ handle, token }, { to: account.email });
|
|
247
|
+
await this.mailer.sendResetPassword({ handle, token, locale }, { to: account.email });
|
|
252
248
|
return this.buildAccount(account);
|
|
253
249
|
}
|
|
254
250
|
async resetPasswordConfirm(data) {
|
|
@@ -360,8 +356,8 @@ export class OAuthStore {
|
|
|
360
356
|
return tokenHelper.createQB(dbTxn, id, data, refreshToken).execute();
|
|
361
357
|
});
|
|
362
358
|
}
|
|
363
|
-
async listAccountTokens(
|
|
364
|
-
const rows = await tokenHelper.findByQB(this.db, { did
|
|
359
|
+
async listAccountTokens(did) {
|
|
360
|
+
const rows = await tokenHelper.findByQB(this.db, { did }).execute();
|
|
365
361
|
return Promise.all(rows.map((row) => this.toTokenInfo(row)));
|
|
366
362
|
}
|
|
367
363
|
async readToken(tokenId) {
|
|
@@ -412,9 +408,7 @@ export class OAuthStore {
|
|
|
412
408
|
const row = await tokenHelper.findByQB(this.db, { code }).executeTakeFirst();
|
|
413
409
|
return row ? this.toTokenInfo(row) : null;
|
|
414
410
|
}
|
|
415
|
-
async verifyEmailRequest({
|
|
416
|
-
// @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
|
|
417
|
-
assert(isDidString(did), 'sub must be a valid DID string');
|
|
411
|
+
async verifyEmailRequest({ did, locale, }) {
|
|
418
412
|
try {
|
|
419
413
|
await this.accountManager.requestEmailConfirmation(did, { locale });
|
|
420
414
|
}
|
|
@@ -425,9 +419,7 @@ export class OAuthStore {
|
|
|
425
419
|
throw err;
|
|
426
420
|
}
|
|
427
421
|
}
|
|
428
|
-
async verifyEmailConfirm({
|
|
429
|
-
// @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
|
|
430
|
-
assert(isDidString(did), 'sub must be a valid DID string');
|
|
422
|
+
async verifyEmailConfirm({ did, email, token, }) {
|
|
431
423
|
try {
|
|
432
424
|
const account = await this.accountManager.confirmEmail(did, email, token);
|
|
433
425
|
return this.buildAccount(account);
|
|
@@ -439,14 +431,10 @@ export class OAuthStore {
|
|
|
439
431
|
throw err;
|
|
440
432
|
}
|
|
441
433
|
}
|
|
442
|
-
async updateEmailRequest({
|
|
443
|
-
// @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
|
|
444
|
-
assert(isDidString(did), 'sub must be a valid DID string');
|
|
434
|
+
async updateEmailRequest({ did, locale, }) {
|
|
445
435
|
return this.accountManager.requestEmailUpdate(did, { locale });
|
|
446
436
|
}
|
|
447
|
-
async updateEmailConfirm({
|
|
448
|
-
// @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
|
|
449
|
-
assert(isDidString(did), 'sub must be a valid DID string');
|
|
437
|
+
async updateEmailConfirm({ did, token, email, locale, }) {
|
|
450
438
|
try {
|
|
451
439
|
const account = await this.accountManager.updateEmail(did, email, token, {
|
|
452
440
|
sendConfirmationEmail: true,
|
|
@@ -461,9 +449,7 @@ export class OAuthStore {
|
|
|
461
449
|
throw cause;
|
|
462
450
|
}
|
|
463
451
|
}
|
|
464
|
-
async updateHandle({
|
|
465
|
-
// @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`
|
|
466
|
-
assert(isDidString(did), 'sub must be a valid DID string');
|
|
452
|
+
async updateHandle({ did, handle }) {
|
|
467
453
|
try {
|
|
468
454
|
const account = await this.accountManager.updateHandle(did, handle);
|
|
469
455
|
return this.buildAccount(account);
|
|
@@ -472,6 +458,69 @@ export class OAuthStore {
|
|
|
472
458
|
throw toHandleUnavailableError(err);
|
|
473
459
|
}
|
|
474
460
|
}
|
|
461
|
+
async deactivateAccount({ did }) {
|
|
462
|
+
const { account } = await this.accountManager.deactivateAccount(did, {
|
|
463
|
+
deleteCredentials: true,
|
|
464
|
+
});
|
|
465
|
+
return this.buildAccount(account);
|
|
466
|
+
}
|
|
467
|
+
async reactivateAccount({ did }) {
|
|
468
|
+
try {
|
|
469
|
+
const { account } = await this.accountManager.activateAccount(did);
|
|
470
|
+
return this.buildAccount(account);
|
|
471
|
+
}
|
|
472
|
+
catch (err) {
|
|
473
|
+
if (err instanceof XrpcInvalidRequestError) {
|
|
474
|
+
throw new InvalidRequestError(err.message, err);
|
|
475
|
+
}
|
|
476
|
+
throw err;
|
|
477
|
+
}
|
|
478
|
+
}
|
|
479
|
+
async deleteAccountRequest({ did, locale, }) {
|
|
480
|
+
// Mirror the XRPC `com.atproto.server.requestAccountDelete` flow
|
|
481
|
+
// (no-entryway path): generate an email confirmation token and dispatch
|
|
482
|
+
// it to the account's email address.
|
|
483
|
+
const account = await this.accountManager.getAccount(did, {
|
|
484
|
+
includeDeactivated: true,
|
|
485
|
+
includeTakenDown: true,
|
|
486
|
+
});
|
|
487
|
+
if (!account) {
|
|
488
|
+
throw new InvalidRequestError('Account not found');
|
|
489
|
+
}
|
|
490
|
+
if (!account.email) {
|
|
491
|
+
throw new InvalidRequestError('Account does not have an email address');
|
|
492
|
+
}
|
|
493
|
+
const token = await this.accountManager.createEmailToken(did, 'delete_account');
|
|
494
|
+
await this.mailer.sendAccountDelete({ token, locale }, { to: account.email });
|
|
495
|
+
}
|
|
496
|
+
async deleteAccountConfirm({ did, token, password, }) {
|
|
497
|
+
// Mirror the XRPC `com.atproto.server.deleteAccount` flow (no-entryway
|
|
498
|
+
// path): verify the password, validate the email confirmation token,
|
|
499
|
+
// destroy the actor store, delete the account row, and emit the
|
|
500
|
+
// tombstone account event.
|
|
501
|
+
const account = await this.accountManager.getAccount(did, {
|
|
502
|
+
includeDeactivated: true,
|
|
503
|
+
includeTakenDown: true,
|
|
504
|
+
});
|
|
505
|
+
if (!account) {
|
|
506
|
+
throw new InvalidRequestError('Account not found');
|
|
507
|
+
}
|
|
508
|
+
const validPass = await this.accountManager.verifyAccountPassword(did, password);
|
|
509
|
+
if (!validPass) {
|
|
510
|
+
throw new InvalidCredentialsError('Invalid did or password', did);
|
|
511
|
+
}
|
|
512
|
+
await this.accountManager.assertValidEmailToken(did, 'delete_account', token);
|
|
513
|
+
// @NOTE Order matters here: first "unlink" the account by removing it
|
|
514
|
+
// from the account manager database ("source of truth"), then notify the
|
|
515
|
+
// sequencer, and finally cleanup files from the file system.
|
|
516
|
+
await this.accountManager.deleteAccount(did);
|
|
517
|
+
try {
|
|
518
|
+
await this.sequencer.sequenceAccountDeletion(did);
|
|
519
|
+
}
|
|
520
|
+
finally {
|
|
521
|
+
await this.actorStore.destroy(did);
|
|
522
|
+
}
|
|
523
|
+
}
|
|
475
524
|
async toTokenInfo(row) {
|
|
476
525
|
return {
|
|
477
526
|
id: row.tokenId,
|
|
@@ -482,14 +531,15 @@ export class OAuthStore {
|
|
|
482
531
|
}
|
|
483
532
|
async buildAccount(row) {
|
|
484
533
|
const account = {
|
|
485
|
-
|
|
486
|
-
|
|
534
|
+
did: row.did,
|
|
535
|
+
pds: this.serviceDid,
|
|
487
536
|
email: row.email || undefined,
|
|
488
|
-
|
|
489
|
-
|
|
537
|
+
emailVerified: row.email ? row.emailConfirmedAt != null : undefined,
|
|
538
|
+
handle: row.handle || undefined,
|
|
539
|
+
deactivated: row.deactivatedAt != null,
|
|
490
540
|
};
|
|
491
541
|
if (!account.name || !account.picture) {
|
|
492
|
-
const did = account
|
|
542
|
+
const { did } = account;
|
|
493
543
|
const profile = await this.actorStore
|
|
494
544
|
.read(did, async (store) => {
|
|
495
545
|
return store.record.getProfileRecord();
|