malpercio.dev / ezpds
An easy-to-host PDS on the ATProtocol, iPhone and MacOS. Maintain control of your keys and data, always.
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

feat(relay): implement com.atproto.server.createSession #46

open opened by
malpercio.dev targeting main from malpercio/mm-80-xrpc-comatprotoservercreatesession

Summary#

  • Implements POST /xrpc/com.atproto.server.createSession — the ATProto legacy password-based auth endpoint required by older clients
  • Resolves identifier (handle or DID), verifies argon2id password hash, issues HS256 access JWT (2h) + refresh JWT (90d), persists sessions + refresh_tokens rows atomically
  • Sliding-window rate limit: 5 failed attempts per identifier per 60s; unknown-identifier and wrong-password return the same error to prevent user enumeration

Test plan#

  • cargo test -p relay routes::create_session — 9/9 pass
  • cargo test -p relay — full suite green (352 tests)
  • Manual: POST with valid credentials → accessJwt, refreshJwt, handle, did, email
  • Manual: POST with wrong password → 401 AUTHENTICATION_REQUIRED
  • Manual: POST 6× with wrong password → 6th returns 429 RATE_LIMITED
Labels

None yet.

assignee

None yet.

Participants 1
AT URI
at://did:web:malpercio.dev/sh.tangled.repo.pull/3mhqitvtxz522
Diff #0

No differences found between the selected revisions.

History

1 round 0 comments
sign up or login to add to the discussion
malpercio.dev submitted #0
patch application failed: error: No valid patches in input (allow with "--allow-empty")
expand 0 comments