* Retain type of `schemas` using definition type instead of obscuring into a `LexiconDoc[]`
* Improve validation performances by using discriminated unions where possible
* Export the generated lexicons `schemas` definitions
* optimization
* changeset
* tidy
* ✨ Add events for account and record update/delete/deactivation
* ✨ Add handle change event
* ✨ Reduce account events to 2 types and record events to 1
* ✨ Store metadata from account, identity and record events
* ✨ Add created event for record
* ✨ Add ndd the new events to allowed types in emitEvent
* ✨ Use string value for record op and add tombstone flag to identity event
* ✨ Add active flag on account events
* ✨ Change accountStatus -> status to match with firehose event
* ✨ Make active flag required
* 🚨 fix prettier style issue
* ✨ Track record/account delete and update data in subject status (#2804)
* ✨ Store deleted/updated event data in subject_status
* 🐛 Fix query for recordDeletedAt and recordUpdatedAt
* ✨ Add tombstoned status
* ✨ Move from record to hosting term
* ✅ Add tests for hosting params
* ✨ Update lexicons for hostingStatuses
* ✅ Update snapshots
* ✅ Update snapshots
* ✅ Update snapshots
* ✨ Adjust hosting statuses
* 📝 Add changeset
* ✨ Settings endpoints are working
* 🧹 Rename file
* ✨ Replace ad-hoc manage roles to match team member roles
* ♻️ Refactor role names
* ✨ Polish up
* ✨ Move to using id for pagination
* 📝 Add changeset
* ✅ Update snapshots
* ⚡ Change column order in setting table index and add did in all queries
* Allow instantiating an api Agent with a string or URL
* changeset
* Update .changeset/stupid-spiders-buy.md
Co-authored-by: Bigint <69431456+bigint@users.noreply.github.com>
---------
Co-authored-by: Bigint <69431456+bigint@users.noreply.github.com>
* Improve error message when using invalid client_id during code exchange
* Extract SPA example OAuth client in own package
* wip
* remove dependency on get-port
* Properly configure jest to only transpile "get-port" from node_modules
https://jestjs.io/docs/configuration#transformignorepatterns-arraystring
* Use dynamically assigned port number during tests
* use puppeteer to run tests
* remove login input "id" attribute
* code style
* add missing declaration
* tidy
* headless
* remove get-port dependency
* fix tests/proxied/admin.test.ts
* fix tests
* Allow unsecure oauth providers through configuration
* transpile "lande" during ozone tests
* Cache Puppeteer browser binaries
* Use puppeteer cache during all workflow steps
* remove use of set-output
* use get-port in xrpc-server tests
* Renamed to allowHttp
* tidy
* tidy
* ✨ Initial implementation of sets api on ozone
* ✨ Introduce sortDirection to querySets
* 🧹 Cleanup and refactor
* ✨ Align setView for response
* ♻️ Rename and add specific error
* 🐛 Cleanup unnecessary check that is covered by lexicon
* ✨ Rename remove to delete and add set suffix
* ✨ Use id and createdAt for values pagination
* ✨ Add index on createdAt for query perf and other cleanups
* 🐛 Set createdAt when inserting values
* 📝 Add changeset
* ✨ Add index on setId and createdAt
* ✨ Add getRepos and getRecords endpoints for bulk fetching
* ✨ Fix issues and add tests for get repos and get records
* ✨ Use the right lxm
* 🐛 Revert changes in lockfile
* ✨ Add getAccountInfos in PDS
* 🐛 Fix type def for repo and record view detail
* ✅ Update snapshots
* ✅ Update snapshots
* ✨ Consolidate error type for com.atproto and tools.ozone getRecord error type
* 🧹 Cleanup
* ✅ Update snapshots
* ✅ Update snapshots
* ✨ Changeset
* pinned posts lexicon
* codegen
* change lexicon, different approach
* codegen 2
* dataplane db migration
* move pinned post lexicon to right place
* add pinned posts optionally to getAuthorFeed
* remove type modification
* Clarify naming, add viewer state, add tests
* return pinnedPost with profileViewDetailed
* allow pinned replies in `posts_and_author_threads`
* clearer variable naming
* annotate type of `items`
* boolean --> varchar
* reuse authorDid in viewerPinned
* simplify test
* make pinned post not top post in test
* update snapshot
* changeset
---------
Co-authored-by: Eric Bailey <git@esb.lol>
Co-authored-by: dholms <dtholmgren@gmail.com>
* Add isFallback to `getSuggestedFollowsByActor`
Inferred based on returned `relativeToDid` from the suggestions
response.
* Integrate new params
* Fix logic
* Codegen
* Explicitly add Zod (already a peer dep) and validation to api
* Add Nux methods
* Match naming convention
* Remove id, it won't be used
* Add tests
* Use id instead of name, little clearer
* Update API contracts
* Update tests
* Changeset
* Don't mutate
* ✨ Throw specific error for duplicate template name
* 🧹 Cleanup console
* ✨ Throw duplicate template name error from update too
* ✨ Add language to templates
* 📝 Add changeset
* ✨ Add missing event type
* ✨ Add language format in lexicon and error checker in util
* 🚨 fix linter issues
* lexicon: initial lexicons for video embeds in bsky app
* lexicon: fix video caption file size limit
* codegen
* appview: stub out video embed view logic
* api prerelease
* api prerelease
* lexicon: video upload/processing lexicons
* tidy
* lexicon: app.bsky.video lexicons for uploads
* codegen
* api prerelease
* appview: present video embeds on posts
* appview: snaps
* changeset
* appview: fix wiring of video url config
* Re-use code definition of oauthResponseTypeSchema
* Generate proper invalid_authorization_details
* Remove OpenID compatibility
* tidy
* properly verify presence of jti claim in client assertion
* Remove non-standard "sub" from OAuthTokenResponse
* Remove nonce from authorization request
* tidy
* Enforce uniqueness of code_challenge
* remove unused "atproto" scope
* Improve reporting of validation errors
* Allow empty set of scopes
* Do not remove scopes not advertised in the AS's "scopes_supported" when building the authorization request.
* Prevent empty scope string
* Remove invalid check from token response
* remove un-necessary session refresh
* Validate scopes characters according to OAuth 2.1 spec
* Mandate the use of "atproto" scope
* Disable ability to list app passwords when using an app password
* Use locally defined authPassthru in com.atproto.admin.* handlers
* provide proper production handle resolver in example
* properly compote login method
* feat(oauth-provider): always rotate session cookie on sign-in
* feat(oauth-provider): do not require consent from first party apps
* update request parameter's prompt before other param validation checks
* feat(oauth-provider): rework display of client name
* feat(oauth-client-browser:example): add token info introspection
* feat(oauth-client-browser:example): allow defining scope globally
* Display requested scopes during the auth flow
* Add, and verify, a "typ" header to access and refresh tokens
* Ignore case when checking for dpop auth scheme
* Add "jwtAlg" option to verifySignature() function
* Verify service JWT header values. Add iat claim to service JWT
* Add support for "transition:generic" and "transition:chat.bsky" oauth scopes in PDS
* oauth-client-browser(example): add scope request
* Add missing "atproto" scope
* Allow missing 'typ' claim in service auth jwt
* Improved 401 feedback
Co-authored-by: devin ivy <devinivy@gmail.com>
* Properly parse scopes upon verification
Co-authored-by: devin ivy <devinivy@gmail.com>
* Rename "atp" to "credential" auth in oauth-client-browser example
* add key to iteration items
* Make CORS protection stronger
* Allow OAuthProvider to define its own CORS policies
* Revert "Allow missing 'typ' claim in service auth jwt"
This reverts commit 15c6b9e2197064eb5de61a96de6497060edb824e.
* Revert "Verify service JWT header values. Add iat claim to service JWT"
This reverts commit 08df8df322a3f4b631c4a63a61d55b2c84c60c11.
* Revert "Add "jwtAlg" option to verifySignature() function"
This reverts commit d0f77354e6904678e7f5d76bb026f07537443ba9.
* Revert "Add, and verify, a "typ" header to access and refresh tokens"
This reverts commit 3e21be9e4b5875caa5e862c11f2196786fb2366d.
* pds: implement protected service auth methods
* Prevent app password management using sessions initiated from an app password.
* Alphabetically sort PROTECTED_METHODS
* Revert changes to app password management permissions
* tidy
---------
Co-authored-by: devin ivy <devinivy@gmail.com>
