1225 Commits

Author SHA1 Message Date
d4133d4c37 Merge tag '@atproto/pds@0.4.180' into modify-pds
@atproto/pds@0.4.180
2025-09-24 06:04:44 -04:00
github-actions[bot]
4c4ee7208f
Version packages (#4218)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-09-23 08:30:58 +02:00
Matthieu Sieben
7351589a31
Add onResetPasswordRequest and onResetPasswordConfirm hooks (#4217) 2025-09-22 19:38:38 +02:00
github-actions[bot]
d91988fe79
Version packages (#4192)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-09-10 15:15:55 +02:00
Matthieu Sieben
cf4117966c
Fix call to onDecodeToken oauth verifier hook (#4191)
* Make `DpopProof` readonly

* Improve token verification error details

* Always log warnings when DPOP proof `htu` contains # or ?.

* Add missing initialization of `onDecodeToken` hook

* Add logging around scope dereferencing operations
2025-09-09 15:56:32 +02:00
github-actions[bot]
e10a020629
Version packages (#4190)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-09-09 14:48:22 +02:00
Foysal Ahamed
55cc15cdd6
Add ozone proxy for revokeCredentials endpoint (#4170)
*  Add ozone proxy for revokeCredentials endpoint

* 📝 Add changeset

*  Add mod event for revoke credentials

*  Add tests
2025-09-09 14:13:48 +02:00
github-actions[bot]
e216e87859
Version packages (#4167)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-09-09 12:29:10 +02:00
Matthieu Sieben
8914f9abde
Allow encoding scope claims of oauth access token JWT (#4149)
* Refactor token decoding

* Add scope decoder to pds

* tidy

* tidy

* tidy

* tidy

* review changes

* Add scope normzlization utility

* wording in lexicon

* Add specific error

* style

* tidy

* Update `AccessTokenMode` enum values to be more meaningful

* tidy

* Update .changeset/brown-boxes-bow.md

Co-authored-by: devin ivy <devinivy@gmail.com>

* Add retry strategy

* lint

* lint

---------

Co-authored-by: devin ivy <devinivy@gmail.com>
2025-09-09 12:13:34 +02:00
Matthieu Sieben
055a413fba
InternalServerError when creating records (#4169)
* Various perf fixes

* add transaction assertions

* tidy

* changeset

* tidy

* Update packages/aws/src/s3.ts

* tidy

* Apply suggestions from code review

* tidy

* Update .changeset/chilled-shirts-ring.md

Co-authored-by: devin ivy <devinivy@gmail.com>

* Update .changeset/stale-rocks-press.md

* Update packages/pds/src/actor-store/blob/transactor.ts

Co-authored-by: devin ivy <devinivy@gmail.com>

* build

* revert blob upload logic

* tidy

* use `uploadTimeoutMs` as default for `requestTimeoutMs`

* review coments

* chngeset

* tidy

---------

Co-authored-by: devin ivy <devinivy@gmail.com>
Co-authored-by: David Buchanan <david@blueskyweb.xyz>
2025-09-08 18:40:56 +02:00
Matthieu Sieben
6d7bf4bffc
Remove old, never resolved, lexicons from the database (#4162) 2025-09-04 11:04:48 +02:00
Eric Bailey
a5b20f0218
Add expanded moderation report reasons (#3881)
* Integrate new reporting reasons

* Update bnn to BNR, prefix all with reason* to match previous

* Remap deprecations

* Update naming, add notes about Bluesky-only reasons

* Update reason

* Move new defs to tools.ozone namespace

* Add ozone lexicons to app view

* Copy known values to merge defs

* Update comments

* Add reasonAppeal to new ozone namespace defs

* Changeset

* ❇️ Support new reporting categories in ozone (#3974)

*  Validate report reason using labeler service profile

*  Rename test

* :rotating_lights: Fix lint issue

*  Use both appeal reason type for materialized views

*  Add old to new reason mapping for fallback

*  Update test snapshot

* :rotating_lights: Fix lint issue

* 🧹 Cleanup

* :rotating_lights: Fix lint issue

*  Adjust report reason tagging

* 📝 Additional comment for new migration

---------

Co-authored-by: Foysal Ahamed <foysal@blueskyweb.xyz>
2025-09-02 21:40:31 +02:00
github-actions[bot]
420f315493
Version packages (#4165)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-09-02 11:00:40 -03:00
rafael
64100a75b3
Bookmarks (#4163) 2025-09-02 10:28:34 -03:00
github-actions[bot]
39b319be94
Version packages (#4157)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-09-02 10:36:51 +02:00
Matthieu Sieben
d54d278abd
Allow unexpected error to go through when fetching permission sets (#4155)
* Allow unexpected error to go through when fetching permission sets

* Log `cid` as string after succesful lexicon resolution

* Log `cid` and `uri` as string on successful lexicon resolution
2025-08-30 15:26:28 +02:00
github-actions[bot]
c2dc0ec11b
Version packages (#4154)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-08-29 16:05:17 +02:00
github-actions[bot]
920f895807
Version packages (#4152)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-08-29 12:54:51 +02:00
Matthieu Sieben
f9dc9aa4c9
Permission set (#4108)
* Export constants and type assertion utilities

* Add permission set support to oauth provider

* improve permission set parsing

* Rename `PermissionSet` to `ScopePermissions`

* Improve performance of NSID validation

* Add support for `permission-set` in lexicon document

* Validate NSID syntax using `@atproto/syntax`

* Export all types used in public interfaces (from `lexicon-resolver`)

* Small performance improvement

* Rework scope parsing utilities to work with Lexicon defined permissions

* file rename

* fixup! Rework scope parsing utilities to work with Lexicon defined permissions

* removed outdated comment

* removed outdated comment

* fix comment typo

* Improve `SimpleStore` api

* permission-set NSID auth scopes

* Remove dev dependency on dev-env

* fix build script

* pnpm-lock

* Improve fetch-node unicast protection

* Explicitly set the `redirect: "follow"` `fetch()` option

* Add delay when building oauth-provider-ui in watch mode

* Remove external dependencies from auth-scopes

* Add customizable lexicon authority to pds (for dev purposes)

* fix pds migration

* update permission-set icon

* Add support for `include:` syntax in scopes

* tidy

* Renaming of "resource" concept to better reflect the fact that not all oauth scope values are about resources

* changeset

* ui improvmeents

* i18n

* ui imporvements

* add `AtprotoAudience` type

* Enforce proper formatting of audience (atproto supported did + fragment part)

* tidy

* tidy

* tidy

* fix ci ?

* ci fix ?

* tidy ?

* Apply consistent outline around focusable items

* Use `inheritAud: true` to control `aud` inheritance

* Update packages/oauth/oauth-provider/src/lexicon/lexicon-manager.ts

Co-authored-by: devin ivy <devinivy@gmail.com>

* Review comments

* Add `nsid` property to `LexiconResolutionError`

* improve nsid validation

* i18n

* Improve oauth scope parsing

* Simplify lex scope parsing

* tidy

* docs

* tidy

* ci

* Code simplification

* tidy

* improve type safety

* improve deps graph

* naming

* Improve tests and package structure

* Improve error when resolving a non permission-set

* improve nsid parsing perfs

* benchmark

* Refactor ozone and lexicon into using a common service profile mechanism

* improve perfs

* ci fix (?)

* tidy

* Allow storage of valid lexicons in lexicon store

* Improve handling of lexicon resolution failures

* review comment

* Test both regexp and non regexp based nsid validation

* properly detect presence of port number in https did:web

* Re-enable logging of `safeFetch` requests

* tidy

---------

Co-authored-by: devin ivy <devinivy@gmail.com>
2025-08-29 12:19:19 +02:00
github-actions[bot]
5aab697d9d
Version packages (#4148)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-08-28 10:35:45 -04:00
David Buchanan
66dbf8db6d
revokeAccountCredentials lexicon (#4142)
* lexicons: add com.atproto.temp.revokeAccountCredentials

* codegen

* changeset
2025-08-28 10:17:12 -04:00
github-actions[bot]
768e81b232
Version packages (#4126)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-08-27 13:36:05 -04:00
devin ivy
e1967c1c2a
PDS: avoid extra lookup when configured with appview details (#4141)
* pds: avoid lookup if appview is configured

* changeset
2025-08-27 10:18:44 -04:00
Matthieu Sieben
c0126f4a84
Improve error handling when destroying pipethrough stream (#4133)
* Improve error handling when destroying pipethrough stream

fixes #4129

* docs

* pds: add failing test for abort handling

---------

Co-authored-by: Devin Ivy <devinivy@gmail.com>
2025-08-26 14:33:34 -04:00
Matthieu Sieben
9d22305f71
Fix circular dev dependencies and build scripts (#4124)
* fix build script

* Remove dev dependency on dev-env

* pnpm-lock
2025-08-21 16:02:54 +02:00
github-actions[bot]
5188ef3b59
Version packages (#4116)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-08-20 21:48:51 +02:00
Foysal Ahamed
3156ddf615
Add batchId filter for queryEvents (#4109)
*  Add batchId filter for queryEvents

* 📝 Add changeset
2025-08-20 21:39:24 +02:00
devin ivy
331a356ce2
Lexicon resolver package (#4069)
* lexicon: doc validation compatibility with published lexicons

* lexicon-resolver: setup new package

* lexicon-resolver: implement record resolution

* lexicon-resolver: implement lexicon resolution

* lexicon-resolver: test record resolution

* repo: add option to verify CIDs found in CARs. tidy.

* lexicon-resolution: verify CIDs in proof CAR

* lexicon-resolution: tests and fixes

* tidy

* lexicon-resolution: add entrypoint

* lexicon-resolver: tidy errors

* lexicon-resolver: readme

* lexicon-resolver: changeset

* prettier

* eslint

* tidy

* tidy

* tidy

* enable CID-to-content verification within CARs by default

* lexicon-resolver: tidy types, application of defaults, gitattributes

* lexicon-resolver: add interface and builder fn for lexicon and record resolvers

* lexicon-resolver: update readme

* tidy

* lexicon-resolver: cover error cases in record resolution

---------

Co-authored-by: Matthieu Sieben <matthieu.sieben@gmail.com>
2025-08-17 22:45:51 -04:00
github-actions[bot]
649e5ad772
Version packages (#4105)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-08-15 17:27:00 +02:00
Matthieu Sieben
369a201161
Perf: Avoid fetching account data twice in putRecord (#4107)
* Perf: Avoid fetching account data twice in `putRecord`

* Apply same changes in `createRecord`/`deleteRecord`/`applyWrites`

* tidy

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* switch validation order

---------

Co-authored-by: devin ivy <devinivy@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-08-15 17:20:56 +02:00
David Buchanan
75162ffb9e
Fix putRecord auth check (#4104)
* Fix putRecord auth check

* changeset

* switch pds changeset to patch

* add test for putRecord via handle

* style fix

---------

Co-authored-by: devin ivy <devinivy@gmail.com>
2025-08-13 22:41:39 +01:00
github-actions[bot]
d02d43c05b
Version packages (#4102)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-08-13 15:22:03 +02:00
github-actions[bot]
f8667835db
Version packages (#4099)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-08-13 10:30:51 +02:00
github-actions[bot]
174f86da5f
Version packages (#4094)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-08-12 14:45:00 +02:00
Matthieu Sieben
1899b1fc16
OAuth scopes (#3806)
* style: prefix `id` and `uri` with `request` where applicable

* Dynamically validate OAuth scopes

* Allow configuring trusted OAuth clients

* Improve client validation

* Rework authorization to work with permissions

* Review changes

* fix permissions

* tidy

* Drop authorization result

* unused code cleanup

* fix preferences auth

* remove redundant check in `applyWrites`

* style

* Remove need to specify "scopes" in authorized auth strategy

* fixup! Remove need to specify "scopes" in authorized auth strategy

* split authorized and oauth auth methods

* Require explicit opt-in for takendown

* fix tests

* rollback redundant permissions mechanism

* tidy

* Fix tests

* tidy

* tidy

* pr changes

* remove hack allowing access to full preferences

* always specify authorize method

* Add OAuth scope parsing & matching

* tidy

* add support for oauth scopes in client

* review changes

* Small xrpc-server optimizations

* pr comments

* Review comments

* refactor: move oauth scopes parser & checker in own package

* code simplification

* Allow multiple collections in `repo` scopes.
Allow wildcard action in `repo` scopes.
Require action in `repo` scopes.

* Rename `emailUpdate` to `email-update` in `account` scope params.
Add wildcard (`*`) in `account` and `identity` scopes.

* tidy

* add oauth-scopes package to PDS Dockerfile

* unit tests

* Syntax rework

* adapt to latest scope definition

* Add missing tests

* Render scopes in UI

* fix build

* fixes and tests

* improve ui

* tidy

* tidy

* ui improvements

* tidy

* fr messages

* tidy

* improve consent screen ui

* fix test

* tidy

* improve dx

* Remove `transition:` scopes from `scopes_supported` authorization server metadata

* Hide blob scope if no repo scope present

* changeset

* Remove the `action` param from the `identity` scope

* fix html syntax

* simplified wording

* Make `account:email` scope optional (#4089)

* Make `account:email` scope optional

* tidy

* tidy

* tidy

* tidy

* fix

* tidy

* review comments

* tidy

* refactor: remove redundant tests for identity scope parsing and matching

* minor ui fixes

* fix "back" label not translated

* ui improvements

* fix tests
2025-08-12 13:13:14 +02:00
David Buchanan
41b205051b
Make codegen locale-independent (second attempt) (#4087) 2025-08-11 11:47:35 -03:00
Matthieu Sieben
0e40995e80
Run codegen (#4085) 2025-08-07 15:27:58 +02:00
github-actions[bot]
9a1746a025
Version packages (#4082)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-08-05 03:36:19 -07:00
rafael
c370d933b7
Lists API improvements (#4081)
* Add purposes filter to app.bsky.graph.getLists

* Add getListsWithMembership

* Add getStarterPacksWithMembership

* Refactor list membership hydration

* changeset

* update getStarterPacksWithMembership lexicon output

* bsky: address feedback on list api improvements

* tidy

* tidy

---------

Co-authored-by: Devin Ivy <devinivy@gmail.com>
2025-08-05 01:06:05 -04:00
github-actions[bot]
757fa34458
Version packages (#4075)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-08-04 23:36:10 +02:00
Foysal Ahamed
171efadb49
❇️ Ozone events timeline (#3927)
* 🚧 WIP

*  Blend in plc and account history events in account timeline

*  Adjust snapshot

* 🧹 Cleanup and address review comments

*  Update test snapshot

* 🐛 Add back the helper function

* 📝 Add explainer comment

*  Map plc events to conforming naming convention

*  Update test snapshot

* 🧹 Cleanup

*  Add known values for event types

* 📝 Add changeset
2025-08-04 20:37:05 +02:00
github-actions[bot]
c55d5910ea
Version packages (#4063)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-07-29 17:13:36 -03:00
rafael
9751eebd71
Cleanup app.bsky.unspecced.checkHandleAvailability (#4072) 2025-07-29 17:00:05 -03:00
rafael
de29a346d8
Fix paginateAll mistakes and improve typing (#4062) 2025-07-22 14:51:16 -03:00
github-actions[bot]
3f5c6af971
Version packages (#4054)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-07-22 07:52:30 -05:00
Eric Bailey
8787fd9dea
Prevent assured user from re-initiating (#4058)
* Validate user status before initiating

* Format

* Add test, not working yet

* Fix test

* Import order

---------

Co-authored-by: rafael <rafael@blueskyweb.xyz>
2025-07-18 14:13:25 -05:00
rafael
dc84906c86
checkHandleAvailability endpoint (#4049) 2025-07-17 16:09:14 -03:00
rafael
77c6dffd0b
AA fixes (#4050) 2025-07-16 15:13:21 -03:00
github-actions[bot]
47236325a9
Version packages (#4043)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-07-15 17:39:15 -05:00
Foysal Ahamed
3b356c5096
External ID in ozone events to help dedupe events (#4048)
*  Add externalId to ozone events for deduping events per subject and event type

* 📝 Add changeset

*  Move duplicate event check inside transaction
2025-07-15 18:32:22 +02:00