* Re-use code definition of oauthResponseTypeSchema
* Generate proper invalid_authorization_details
* Remove OpenID compatibility
* tidy
* properly verify presence of jti claim in client assertion
* Remove non-standard "sub" from OAuthTokenResponse
* Remove nonce from authorization request
* tidy
* Enforce uniqueness of code_challenge
* remove unused "atproto" scope
* Improve reporting of validation errors
* Allow empty set of scopes
* Do not remove scopes not advertised in the AS's "scopes_supported" when building the authorization request.
* Prevent empty scope string
* Remove invalid check from token response
* remove un-necessary session refresh
* Validate scopes characters according to OAuth 2.1 spec
* Mandate the use of "atproto" scope
* Disable ability to list app passwords when using an app password
* Use locally defined authPassthru in com.atproto.admin.* handlers
* provide proper production handle resolver in example
* properly compote login method
* feat(oauth-provider): always rotate session cookie on sign-in
* feat(oauth-provider): do not require consent from first party apps
* update request parameter's prompt before other param validation checks
* feat(oauth-provider): rework display of client name
* feat(oauth-client-browser:example): add token info introspection
* feat(oauth-client-browser:example): allow defining scope globally
* Display requested scopes during the auth flow
* Add, and verify, a "typ" header to access and refresh tokens
* Ignore case when checking for dpop auth scheme
* Add "jwtAlg" option to verifySignature() function
* Verify service JWT header values. Add iat claim to service JWT
* Add support for "transition:generic" and "transition:chat.bsky" oauth scopes in PDS
* oauth-client-browser(example): add scope request
* Add missing "atproto" scope
* Allow missing 'typ' claim in service auth jwt
* Improved 401 feedback
Co-authored-by: devin ivy <devinivy@gmail.com>
* Properly parse scopes upon verification
Co-authored-by: devin ivy <devinivy@gmail.com>
* Rename "atp" to "credential" auth in oauth-client-browser example
* add key to iteration items
* Make CORS protection stronger
* Allow OAuthProvider to define its own CORS policies
* Revert "Allow missing 'typ' claim in service auth jwt"
This reverts commit 15c6b9e2197064eb5de61a96de6497060edb824e.
* Revert "Verify service JWT header values. Add iat claim to service JWT"
This reverts commit 08df8df322a3f4b631c4a63a61d55b2c84c60c11.
* Revert "Add "jwtAlg" option to verifySignature() function"
This reverts commit d0f77354e6904678e7f5d76bb026f07537443ba9.
* Revert "Add, and verify, a "typ" header to access and refresh tokens"
This reverts commit 3e21be9e4b5875caa5e862c11f2196786fb2366d.
* pds: implement protected service auth methods
* Prevent app password management using sessions initiated from an app password.
* Alphabetically sort PROTECTED_METHODS
* Revert changes to app password management permissions
* tidy
---------
Co-authored-by: devin ivy <devinivy@gmail.com>
* feat(api): support creation of oauth based AtpAgents
* oauth: misc fixes for confidential clients
* fix(xprc): remove ReadableStream.from polyfill
* OAuth docs tweaks (#2679)
* OAuth: clarification about client_name being shown
* OAuth: re-write handle resolution privacy concern
* avoid relying on ReadableStream.from in xrpc-server tests
* feat(oauth-types): expose "ALLOW_UNSECURE_ORIGINS" constant
* feat(handle-resolver): expose "AtprotoIdentityDidMethods" type
* fix(oauth-client): ensure that the oauth metadata document contains client_id_metadata_document_supported
* fix(oauth-types): prevent unknown query string in loopback client id
* fix(identity-resolver): check that handle is in did doc's "alsoKnownAs"
* feat(oauth-client:oauth-resolver): allow logging in using either the PDS URL or Entryway URL
* fix(oauth-client): return better error in case of invalid "oauth-protected-resource" status code
* refactor(did): group atproto specific checks in own
* feat(api): relax typing of "appLabelers" and "labelers" AtpClient properties
* allow any did as labeller (for tests mainly)
* fix(api): allow to override "atproto-proxy" on a per-request basis
* remove release candidate versions from changelog
* update changeset for api and xrpc packages
* Add missing changeset
* revert RC versions
* Proper wording in OAUTH.md api example
* remove "pre" changeset file
* xrpc: restore original behavior of setHEader and unsetHeader
* docs: add comment for XrpcClient 's constructor arg
* feat(api): expose "schemas" publicly
* feat(api): allow customizing the whatwg fetch function of the AtpAgent
* docs(api): improve migration docs
* docs: change reference to BskyAgent to AtpAgent
* docs: mention the breaking change regarding setSessionPersistHandler
* fix(api): better split AtpClient concerns
* fix(xrpc): remove unused import
* refactor(api): simplify class hierarchu by removeing AtpClient
* fix(api): mock proper method for facets detection
* restore ability to restore session asynchronously
* feat(api): allow instantiating Agent with same argument as super class
* docs(api): properly extend Agent class
* style(xrpc): var name
* docs(api): remove "async" to header getter
---------
Co-authored-by: Devin Ivy <devinivy@gmail.com>
Co-authored-by: bnewbold <bnewbold@robocracy.org>
Co-authored-by: Hailey <me@haileyok.com>
* cleanup repeat process all
* wip
* skip actor search test
* skip actor search test
* tweak processAll
* decrease wait to 1 sec
* repo_blob -> record_blob
* simplify backlink linkTo
* return repo_root to one row
* sequence before updating repo_root
* invite code forUser -> forAccount
* ipld_block -> repo_block
* use lru-cache fetchMethod
* move did_cache to own db
* better error handling on did cache
* drop did_handle
* fix sequencer wait time
* debug
* debug
* more debug
* check something
* fix bday paradox
* fix bday paradox
* tidy up pds service auth
* rm skipped test
* retry http
* tidy
* improve fanout error handling
* fix test
* return signing key in did-web
* more tests
* tidy serivce auth checks
* user_account -> account
* remove inviteNote
* keypair per repo
* use an lru cache for keypairs as well
* clean up repo
* wip
* wrap up accoutn manager
* tidy
* tidy
* fix tests
* fix disabled codes
* fix appview tests
* add note
* set pragmas
* tidy account manager getDb
* rename pref transactor
* user pref -> account pref
* handle blob imports
* tidy imports
* add reserveSigningKey
* wip transferAccount
* clean up transferAccount
* tests
* tidy
* tidy
* configure entryway url on pds
* handle entryway in pds admin endpoints
* make importRepo temp
* fix imports
* make email optional on pds when using entryway
* handle diffs
* handle pds entryway usage for server, identity, admin endpoints
* pds support for credentials from entryway
* setup pds tests w/ entryway service
* tidy
* tidy
* update entryway version
* wip
* test handle updates w/ entryway
* split account table into two
* tidy
* tweak scripts
* tidy tests
* tidy
* better config for actorstore & dbs
* clean up cfg more
* reorg actorstore fs layout
* handle erros on actor db create
* pr tidy & fix accoutn deletion test
* pr feedback
* fix bad merge
* unskip test
* fix subscribe repos tests
* tidy repo root tables
* tidy
* fix tests
* tidy delete tokens
* tidy account getters
* tidy
* bulk deletesg
* increase chunk size
* handle racing refreshes
* wip
* fix auth test
* invert import flow
* clean up actor store on create account failure
* tweak sequencer
* prevent invite code races on createAccount
* rm note
* add back in race protection on getAccountInviteCodes
* start feature branch
* deleted app migration table
* patch up new auth test
* rm note
* g
* create accoutn delegated from entryway
* tidy
* fix test
* change plcOp type to unknown
* small fixes
* sync up w entryway branch
* Use proper error when authed account is not found (#1799)
provide proper error when account not found in access-takedown check
* build branch
* build on ghcr
* tweak service file
* tweak service file
* change where we save reserved keys
* no tmp dir in blobstore either
* fix blobstore temp location again
* handle repeat record_blobs
* create account before submitting plc op & undo if fail
* small tweak
* limit the number of local records
* push out empty commit on transfer
* fix issue with record_blob
* add push blob endpoint
* Set and validate token audiences on pds v2 (#1793)
set and validate token audience on pds v2
* merge
* include entryway did on tests
* build branch
* fix cache issue
* xrpc server blob limit
* put correct bytes
* add auth to routes
* handle quarantining/unquarantining a blob that does not exist
* tidy
* fix transfer tests
* fix email request routes for entryway
* PDS v2 entryway account deletion (#1819)
* add admin lexicon for account deletion
* implement admin account deletion endpoint
* fix entryway proxying on account email checks
* proxy to entryway for acct deletion
* read-after-write sanity check
* tweak
* wip
* finish refactor
* fix test schema
* application retry logic for busy
* pr feedback
* rm lru-cache
* fix test pg schema
* fix transfer test
* Sqlite instrumentation for pds v2 (#1838)
* sqlite instrumentation
* build
* remove build
* dont reimport blobs
* send ticks during import
* close on error
* catch handle validation error
* add log
* fix test
* return emailConfirmedAt on getAccountInfo
* Upgrade sharp on pds v2 (#1863)
upgrade sharp to 0.32.6
* read all bytes before parsing car
* Async car reader (#1867)
* asynchronously read in car
* dont buffer car
* tweak
* Gracefully handle indexing of invalid records (#1853)
* gracefully handle indexing of invalid records
* fix repo tests
* Fix role auth for access-or-role verifier, getBlob check on actor takedowns (#1869)
fix role auth for access-or-role verifier, fix getBlob actor takedown check
* better cleanup of actor-stores
* add ability to not ensure leaves
* tidy
* allow did:web transfer
* Migration utility for actor-store (#1873)
beginnings of helper for migrating all actors
Co-authored-by: Devin Ivy <devinivy@gmail.com>
* base case for findBlobRefs
* App-level retries for sqlite on pds (#1871)
* revamp retry helper to be more flexible re: backoff strategies
* sqlite timeout helper
* ensure sqlite wal on db creation/migration rather than every open
* layer retries for sqlite on writes outside transactions on pds
* tidy
* fix up lockfile
* tidy
* fix lex codegen
* fix timing bug in threadgate test
* No-op update handling (#1916)
do no produce commits on no-op updates
* Retry on all SQLITE_BUSY error codes (#1917)
retry on all sqlite_busy error codes
* Pds v2 ensure sqlite ready (#1918)
ensure sqlite is ready before making queries
* try something
* tidy
* dont build branch
---------
Co-authored-by: Devin Ivy <devinivy@gmail.com>
* rm tables
* rm event-stream & proxied
* Remove appview services, move label service to pds
* only proxy appview stuff
* delete more tables
* Start removing message dispatched from pds
* more syncing-up removal of message dispatcher in pds
* merged
* remove feedgens from pds, remove getPopular
* remove unused image helper from pds
* fixing compiler errors
* clean up sharp
* rm label service
* first pass on cleaning up tests
* fix up a bunch of tests
* moderation view tests
* last admin tests
* got a lil overzealous in deletes
* clean up unused cfg
* clean up label table
* simplify admin repo search query/logic
* tidy pds entrypoint
* in-progress pds config changes
* cfg fiddling
* finish cleaning up cfg/ctx
* comments
* building
* pds prefix on env
* test env
* collapse pds migrations down into a single migration
* fix up dev-env
* tidy
* cleanup
* fix pds admin tests
* fix handle test
* fix pds proxy tests
* fix subscribe repos test
* fix sqlite config in pds tests
* add sqlite clause in sequencer-leader
* fix actor search w/ sqlite on pds
* fixes
* fix dev env build
* update pds service entrypoint
* simple env example
* make takedown ids opaque identifiers in the pds
* use pds routes for api tests
* update pds dockerfile with volume and correct port env var
* add a couple env vars to example
* add comments to env example
* @atproto/pds 0.2.0-beta.0
* @atproto/aws 0.0.1-beta.0
* appview did
* @atproto/aws 0.0.1
* enable logs by default
* update env example
* bugfixing sandbox issues
* consistency in pds env var name for appview url
* log on pds start and stop, configure version at runtime
* @atproto/pds 0.2.0-beta.1
* fix semver matching for pds beta version
* v0.2.0-beta.2
* default invites to being not required
* fix flaky test
* limit db connections in tests
* publish 0.2.0-beta.d3
* fix invite required parsing
* @atproto/pds 0.2.0-beta.5
* Proxy getPopularFeedGenerators on simplified pds (#1222)
proxy getPopularFeedGenerators on pds
Co-authored-by: dholms <dtholmgren@gmail.com>
* tidy migrations
* fix service entry
* bump version
* change auth order
* bump version
* bump version
* add upgradeRepoVersion & fallback url for cdn
* bump version
* merging
* merge pds
* building dev-env
* merging tests
* merge service entry
* test fixing
* tidy
* fix admin search
* tidy
* tidy
* add snap for getListFeed
* add backup nameserver cfg
* tidy + pr feedback
* tidy
* tidy env
* bit more
* re-add dotenv to root package.json
* fix dep
* build branch
* fix tests
* Refactor tests to make better use of dev-env (#1690)
* refactor pds tests to use dev env
* refactor bsky tests
* fix pds test
* tidy bsky tests
* build pds correctly
* fix entry point
* default logging to false (for now)
* format service entry
* Switch takedown ids back to ints on pds distribution (#1694)
* switch takedown ids back to ints, consistent with live pds
* tidy/fix migration
* update migration for sqlite
* export moderation action reversal
* takedown tests
* dont build branch
---------
Co-authored-by: Devin Ivy <devinivy@gmail.com>
Matthieu Sieben
Daniel Holmgren