refactor: get rid of XRPC endpoints using web cookie authorization

mary.my.id / danaus

fork

Configure Feed

Issues Pull Requests Commits Tags

Feed URL

Select the types of activity you want to include in your feed.

work-in-progress atproto PDS

typescript atproto pds atcute

fork

Configure Feed

Issues Pull Requests Commits Tags

Feed URL

Select the types of activity you want to include in your feed.

refactor: get rid of XRPC endpoints using web cookie authorization

Mary 5 months ago 043613c4 37d56c4a

+13 -669

21 changed files

expand all collapse all

packages

danaus

src

api

local.danaus

account.signIn.ts

account.signOut.ts

index.ts

legacyAuth.createAppPassword.ts

legacyAuth.deleteAppPassword.ts

legacyAuth.listAppPasswords.ts

auth

verifier.ts

test

seed-client.ts

lexicons

lexicons-src

local

danaus

account

sign-in.ts

sign-out.ts

legacy-auth

create-app-password.ts

defs.ts

delete-app-password.ts

list-app-passwords.ts

lib

lexicons

index.ts

types

local

danaus

account

signIn.ts

signOut.ts

legacyAuth

createAppPassword.ts

defs.ts

deleteAppPassword.ts

listAppPasswords.ts

-53

packages/danaus/src/api/local.danaus/account.signIn.ts

reviewed

··· 1 1 - import { AuthRequiredError, json, type XRPCRouter } from '@atcute/xrpc-server'; 2 2 - import { LocalDanausAccountSignIn } from '@kelinci/danaus-lexicons'; 3 3 - 4 4 - import { AccountStatus } from '#app/accounts/types.ts'; 5 5 - import { setWebSessionToken } from '#app/auth/web.ts'; 6 6 - import type { AppContext } from '#app/context.ts'; 7 7 - 8 8 - /** 9 9 - * register the `local.danaus.account.signIn` endpoint. 10 10 - * @param router xrpc router 11 11 - * @param context app context 12 12 - */ 13 13 - export const signIn = (router: XRPCRouter, context: AppContext) => { 14 14 - const { accountManager } = context; 15 15 - 16 16 - router.addProcedure(LocalDanausAccountSignIn, { 17 17 - async handler({ input, request }) { 18 18 - const account = await accountManager.verifyAccountPassword(input.identifier, input.password); 19 19 - if (!account || !account.handle) { 20 20 - throw new AuthRequiredError({ 21 21 - error: 'InvalidCredentials', 22 22 - description: `invalid identifier or password`, 23 23 - }); 24 24 - } 25 25 - 26 26 - const status = accountManager.getAccountStatus(account.did); 27 27 - if (status !== AccountStatus.Active) { 28 28 - throw new AuthRequiredError({ 29 29 - error: status === 'takendown' ? 'AccountTakedown' : 'AccountDeactivated', 30 30 - description: `account is not active`, 31 31 - }); 32 32 - } 33 33 - 34 34 - const { session, token } = await accountManager.createWebSession({ 35 35 - did: account.did, 36 36 - remember: input.remember ?? false, 37 37 - userAgent: request.headers.get('user-agent') ?? undefined, 38 38 - }); 39 39 - 40 40 - setWebSessionToken(request, token, { 41 41 - expires: session.expires_at, 42 42 - httpOnly: true, 43 43 - sameSite: 'lax', 44 44 - path: '/', 45 45 - }); 46 46 - 47 47 - return json({ 48 48 - did: account.did, 49 49 - handle: account.handle, 50 50 - }); 51 51 - }, 52 52 - }); 53 53 - };

-30

packages/danaus/src/api/local.danaus/account.signOut.ts

reviewed

··· 1 1 - import type { XRPCRouter } from '@atcute/xrpc-server'; 2 2 - import { LocalDanausAccountSignOut } from '@kelinci/danaus-lexicons'; 3 3 - 4 4 - import { setWebSessionToken } from '#app/auth/web.ts'; 5 5 - import type { AppContext } from '#app/context.ts'; 6 6 - 7 7 - /** 8 8 - * register the `local.danaus.account.signOut` endpoint. 9 9 - * @param router xrpc router 10 10 - * @param context app context 11 11 - */ 12 12 - export const signOut = (router: XRPCRouter, context: AppContext) => { 13 13 - const { accountManager, authVerifier } = context; 14 14 - 15 15 - router.addProcedure(LocalDanausAccountSignOut, { 16 16 - async handler({ request }) { 17 17 - const auth = await authVerifier.web(request); 18 18 - 19 19 - accountManager.deleteWebSession(auth.sessionId); 20 20 - setWebSessionToken(request, '', { 21 21 - expires: new Date(0), 22 22 - httpOnly: true, 23 23 - sameSite: 'lax', 24 24 - path: '/', 25 25 - }); 26 26 - 27 27 - return new Response(null, { status: 200 }); 28 28 - }, 29 29 - }); 30 30 - };

-11

packages/danaus/src/api/local.danaus/index.ts

reviewed

··· 3 3 import type { AppContext } from '#app/context.ts'; 4 4 5 5 import { createAccount } from './account.createAccount'; 6 6 - import { signIn } from './account.signIn'; 7 7 - import { signOut } from './account.signOut'; 8 6 import { getStats } from './admin.getStats'; 9 7 import { getSubjectStatus } from './admin.getSubjectStatus'; 10 8 import { updateSubjectStatus } from './admin.updateSubjectStatus'; 11 11 - import { createAppPassword } from './legacyAuth.createAppPassword'; 12 12 - import { deleteAppPassword } from './legacyAuth.deleteAppPassword'; 13 13 - import { listAppPasswords } from './legacyAuth.listAppPasswords'; 14 9 15 10 export const localDanaus = (router: XRPCRouter, context: AppContext) => { 16 11 createAccount(router, context); 17 17 - signIn(router, context); 18 18 - signOut(router, context); 19 12 20 13 getStats(router, context); 21 14 getSubjectStatus(router, context); 22 15 updateSubjectStatus(router, context); 23 23 - 24 24 - createAppPassword(router, context); 25 25 - deleteAppPassword(router, context); 26 26 - listAppPasswords(router, context); 27 16 };

-36

packages/danaus/src/api/local.danaus/legacyAuth.createAppPassword.ts

reviewed

··· 1 1 - import { json, type XRPCRouter } from '@atcute/xrpc-server'; 2 2 - import { LocalDanausLegacyAuthCreateAppPassword } from '@kelinci/danaus-lexicons'; 3 3 - 4 4 - import { parseAppPasswordPrivilege } from '#app/accounts/app-passwords.ts'; 5 5 - import type { AppContext } from '#app/context.ts'; 6 6 - 7 7 - /** 8 8 - * register the `local.danaus.legacyAuth.createAppPassword` endpoint. 9 9 - * @param router xrpc router 10 10 - * @param context app context 11 11 - */ 12 12 - export const createAppPassword = (router: XRPCRouter, context: AppContext) => { 13 13 - const { accountManager, authVerifier } = context; 14 14 - 15 15 - router.addProcedure(LocalDanausLegacyAuthCreateAppPassword, { 16 16 - async handler({ input, request }) { 17 17 - const auth = await authVerifier.web(request); 18 18 - 19 19 - const privilege = parseAppPasswordPrivilege(input.privilege); 20 20 - const { appPassword, secret } = await accountManager.createAppPassword({ 21 21 - did: auth.did, 22 22 - name: input.name, 23 23 - privilege: privilege, 24 24 - }); 25 25 - 26 26 - return json({ 27 27 - details: { 28 28 - name: appPassword.name, 29 29 - privilege: input.privilege, 30 30 - createdAt: appPassword.created_at.toISOString(), 31 31 - }, 32 32 - secret: secret, 33 33 - }); 34 34 - }, 35 35 - }); 36 36 - };

-21

packages/danaus/src/api/local.danaus/legacyAuth.deleteAppPassword.ts

reviewed

··· 1 1 - import type { XRPCRouter } from '@atcute/xrpc-server'; 2 2 - import { LocalDanausLegacyAuthDeleteAppPassword } from '@kelinci/danaus-lexicons'; 3 3 - 4 4 - import type { AppContext } from '#app/context.ts'; 5 5 - 6 6 - /** 7 7 - * register the `local.danaus.legacyAuth.deleteAppPassword` endpoint. 8 8 - * @param router xrpc router 9 9 - * @param context app context 10 10 - */ 11 11 - export const deleteAppPassword = (router: XRPCRouter, context: AppContext) => { 12 12 - const { accountManager, authVerifier } = context; 13 13 - 14 14 - router.addProcedure(LocalDanausLegacyAuthDeleteAppPassword, { 15 15 - async handler({ input, request }) { 16 16 - const auth = await authVerifier.web(request); 17 17 - 18 18 - accountManager.deleteAppPassword(auth.did, input.name); 19 19 - }, 20 20 - }); 21 21 - };

-28

packages/danaus/src/api/local.danaus/legacyAuth.listAppPasswords.ts

reviewed

··· 1 1 - import { json, type XRPCRouter } from '@atcute/xrpc-server'; 2 2 - import { LocalDanausLegacyAuthListAppPasswords } from '@kelinci/danaus-lexicons'; 3 3 - 4 4 - import { formatAppPasswordPrivilege } from '#app/accounts/app-passwords.ts'; 5 5 - import type { AppContext } from '#app/context.ts'; 6 6 - 7 7 - /** 8 8 - * register the `local.danaus.legacyAuth.listAppPasswords` endpoint. 9 9 - * @param router xrpc router 10 10 - * @param context app context 11 11 - */ 12 12 - export const listAppPasswords = (router: XRPCRouter, context: AppContext) => { 13 13 - const { accountManager, authVerifier } = context; 14 14 - 15 15 - router.addQuery(LocalDanausLegacyAuthListAppPasswords, { 16 16 - async handler({ request }) { 17 17 - const auth = await authVerifier.web(request); 18 18 - 19 19 - const passwords = accountManager.listAppPasswords(auth.did).map((password) => ({ 20 20 - name: password.name, 21 21 - privilege: formatAppPasswordPrivilege(password.privilege), 22 22 - createdAt: password.created_at.toISOString(), 23 23 - })); 24 24 - 25 25 - return json({ passwords }); 26 26 - }, 27 27 - }); 28 28 - };

-43

packages/danaus/src/auth/verifier.ts

reviewed

··· 13 13 14 14 import type { AccountManager } from '../accounts/manager'; 15 15 16 16 - import { readWebSessionToken, verifyWebSessionToken } from './web'; 17 17 - 18 16 /** 19 17 * options for account checks. 20 18 */ ··· 52 50 OAuth, 53 51 Access, 54 52 Refresh, 55 55 - WebSession, 56 53 UserServiceAuth, 57 54 AdminToken, 58 55 } ··· 104 101 export interface UserServiceAuthOutput { 105 102 type: AuthCredentialsType.UserServiceAuth; 106 103 did: Did; 107 107 - } 108 108 - 109 109 - /** 110 110 - * web session credentials. 111 111 - */ 112 112 - export interface WebSessionOutput { 113 113 - type: AuthCredentialsType.WebSession; 114 114 - did: Did; 115 115 - sessionId: string; 116 104 } 117 105 118 106 type AuthType = 'unknown' | 'basic' | 'bearer' | 'dpop'; ··· 268 256 } 269 257 270 258 return this.unauthenticated(request); 271 271 - } 272 272 - 273 273 - /** 274 274 - * web session verifier. 275 275 - * @param request http request 276 276 - * @param options verification options 277 277 - * @returns web session output 278 278 - */ 279 279 - async web(request: Request, options: VerifiedOptions = {}): Promise<WebSessionOutput> { 280 280 - const token = readWebSessionToken(request); 281 281 - if (!token) { 282 282 - throw new AuthRequiredError({ description: `missing web session cookie` }); 283 283 - } 284 284 - 285 285 - const sessionId = verifyWebSessionToken(this.jwtKey, token); 286 286 - if (!sessionId) { 287 287 - throw new AuthRequiredError({ description: `invalid web session cookie` }); 288 288 - } 289 289 - 290 290 - const session = this.accountManager.getWebSession(sessionId); 291 291 - if (!session) { 292 292 - throw new AuthRequiredError({ description: `invalid web session` }); 293 293 - } 294 294 - 295 295 - this.assertAccountStatus(session.did, options); 296 296 - 297 297 - return { 298 298 - type: AuthCredentialsType.WebSession, 299 299 - did: session.did, 300 300 - sessionId: session.id, 301 301 - }; 302 259 } 303 260 304 261 /**

+13 -79

packages/danaus/src/test/seed-client.ts

reviewed

··· 18 18 AppBskyGraphList, 19 19 AppBskyGraphVerification, 20 20 } from '@atcute/bluesky'; 21 21 - import { Client, ClientResponseError, ok, simpleFetchHandler } from '@atcute/client'; 21 21 + import { Client, ok, simpleFetchHandler } from '@atcute/client'; 22 22 import type { 23 23 $type, 24 24 CanonicalResourceUri, ··· 30 30 ResourceUri, 31 31 } from '@atcute/lexicons'; 32 32 import type { Records } from '@atcute/lexicons/ambient'; 33 33 - import { 34 34 - LocalDanausAccountCreateAccount, 35 35 - LocalDanausAccountSignIn, 36 36 - LocalDanausLegacyAuthCreateAppPassword, 37 37 - } from '@kelinci/danaus-lexicons'; 33 33 + import { LocalDanausAccountCreateAccount } from '@kelinci/danaus-lexicons'; 38 34 39 39 - const WEB_SESSION_COOKIE = 'danaus_session'; 40 40 - const DEFAULT_APP_PASSWORD_PRIVILEGE = 'full'; 35 35 + import { AppPasswordPrivilege } from '#app/accounts/db/schema.ts'; 36 36 + 37 37 + import type { TestNetworkNoAppView } from './test-network.ts'; 41 38 42 39 export type BlobRef = ComAtprotoRepoUploadBlob.$output['blob']; 43 40 ··· 62 59 export interface RecordRef { 63 60 uri: CanonicalResourceUri; 64 61 cid: Cid; 65 65 - } 66 66 - 67 67 - /** minimal interface for test network */ 68 68 - export interface TestNetworkLike { 69 69 - pds: { 70 70 - url: string; 71 71 - }; 72 62 } 73 63 74 64 /** 75 65 * seed client for creating test data. 76 66 */ 77 77 - export class SeedClient<Network extends TestNetworkLike = TestNetworkLike> { 67 67 + export class SeedClient { 78 68 accounts: Record<string, SeedAccount> = {}; 79 69 dids: Record<string, Did> = {}; 80 70 ··· 104 94 private client: Client; 105 95 106 96 constructor( 107 107 - public network: Network, 97 97 + public network: TestNetworkNoAppView, 108 98 private adminAuth: string, 109 99 ) { 110 100 this.client = new Client({ handler: simpleFetchHandler({ service: network.pds.url }) }); ··· 124 114 password: string; 125 115 recoveryKey?: Did; 126 116 appPasswordName?: string; 127 127 - appPasswordPrivilege?: 'limited' | 'privileged' | 'full'; 117 117 + appPasswordPrivilege?: AppPasswordPrivilege; 128 118 }, 129 119 ): Promise<SeedAccount> { 130 130 - const recoveryKey = params.recoveryKey; 131 131 - 132 132 - await ok( 120 120 + const { did } = await ok( 133 121 this.client.call(LocalDanausAccountCreateAccount, { 134 122 input: { 135 123 handle: params.handle, 136 124 email: params.email, 137 125 password: params.password, 138 138 - recoveryKey: recoveryKey, 126 126 + recoveryKey: params.recoveryKey, 139 127 }, 140 128 headers: { authorization: this.adminAuth }, 141 129 }), 142 130 ); 143 131 144 144 - const cookie = await this.webSignIn(params.handle, params.password); 145 145 - 146 146 - const appPassword = await this.createAppPassword(cookie, { 132 132 + const { secret: appPassword } = await this.network.pds.ctx.accountManager.createAppPassword({ 133 133 + did: did, 147 134 name: params.appPasswordName ?? 'seed password', 148 148 - privilege: params.appPasswordPrivilege ?? DEFAULT_APP_PASSWORD_PRIVILEGE, 135 135 + privilege: params.appPasswordPrivilege ?? AppPasswordPrivilege.Full, 149 136 }); 150 137 151 138 const session = await ok( ··· 608 595 static getHeaders(jwt: string): { authorization: string } { 609 596 return { authorization: `Bearer ${jwt}` }; 610 597 } 611 611 - 612 612 - private async webSignIn(identifier: string, password: string): Promise<string> { 613 613 - const response = await this.client.call(LocalDanausAccountSignIn, { 614 614 - input: { 615 615 - identifier, 616 616 - password, 617 617 - }, 618 618 - }); 619 619 - 620 620 - if (!response.ok) { 621 621 - throw new ClientResponseError(response); 622 622 - } 623 623 - 624 624 - const cookie = extractCookie(response.headers, WEB_SESSION_COOKIE); 625 625 - if (!cookie) { 626 626 - throw new Error(`failed to read web session cookie`); 627 627 - } 628 628 - 629 629 - return cookie; 630 630 - } 631 631 - 632 632 - private async createAppPassword( 633 633 - cookie: string, 634 634 - input: { 635 635 - name: string; 636 636 - privilege: 'limited' | 'privileged' | 'full'; 637 637 - }, 638 638 - ): Promise<string> { 639 639 - const data = await ok( 640 640 - this.client.call(LocalDanausLegacyAuthCreateAppPassword, { 641 641 - input: input, 642 642 - headers: { 643 643 - cookie: cookie, 644 644 - }, 645 645 - }), 646 646 - ); 647 647 - 648 648 - return data.secret; 649 649 - } 650 598 } 651 599 652 600 /** ··· 713 661 selfLabels: undefined, 714 662 }, 715 663 } satisfies Record<string, UserDecl>; 716 716 - 717 717 - const extractCookie = (headers: Headers, name: string): string | null => { 718 718 - const header = headers.get('set-cookie'); 719 719 - if (!header) { 720 720 - return null; 721 721 - } 722 722 - 723 723 - const match = header.match(new RegExp(`${name}=([^;]+)`)); 724 724 - if (!match) { 725 725 - return null; 726 726 - } 727 727 - 728 728 - return `${name}=${match[1]}`; 729 729 - };

-30

packages/lexicons/lexicons-src/local/danaus/account/sign-in.ts

reviewed

··· 1 1 - import { boolean, document, object, procedure, required, string } from '@atcute/lexicon-doc/builder'; 2 2 - 3 3 - export default document({ 4 4 - id: 'local.danaus.account.signIn', 5 5 - defs: { 6 6 - main: procedure({ 7 7 - description: 'sign in to the web interface with email/handle and password', 8 8 - input: { 9 9 - encoding: 'application/json', 10 10 - schema: object({ 11 11 - properties: { 12 12 - identifier: required(string({ description: 'handle, email, or did of the account' })), 13 13 - password: required(string({ description: 'account password' })), 14 14 - remember: boolean({ description: 'extend session duration (1 year instead of 1 week)' }), 15 15 - }, 16 16 - }), 17 17 - }, 18 18 - output: { 19 19 - encoding: 'application/json', 20 20 - schema: object({ 21 21 - properties: { 22 22 - did: required(string({ format: 'did' })), 23 23 - handle: required(string({ format: 'handle' })), 24 24 - }, 25 25 - }), 26 26 - }, 27 27 - errors: [{ name: 'InvalidCredentials', description: 'invalid identifier or password' }], 28 28 - }), 29 29 - }, 30 30 - });

-10

packages/lexicons/lexicons-src/local/danaus/account/sign-out.ts

reviewed

··· 1 1 - import { document, procedure } from '@atcute/lexicon-doc/builder'; 2 2 - 3 3 - export default document({ 4 4 - id: 'local.danaus.account.signOut', 5 5 - defs: { 6 6 - main: procedure({ 7 7 - description: 'sign out of the current web session', 8 8 - }), 9 9 - }, 10 10 - });

-36

packages/lexicons/lexicons-src/local/danaus/legacy-auth/create-app-password.ts

reviewed

··· 1 1 - import { document, object, procedure, required, string } from '@atcute/lexicon-doc/builder'; 2 2 - 3 3 - import { appPassword, privilege } from './defs.ts'; 4 4 - 5 5 - export default document({ 6 6 - id: 'local.danaus.legacyAuth.createAppPassword', 7 7 - defs: { 8 8 - main: procedure({ 9 9 - description: 'create a new app password for the current account', 10 10 - input: { 11 11 - encoding: 'application/json', 12 12 - schema: object({ 13 13 - properties: { 14 14 - name: required( 15 15 - string({ 16 16 - description: 'human-readable name for the app password', 17 17 - minLength: 1, 18 18 - maxLength: 128, 19 19 - }), 20 20 - ), 21 21 - privilege: required(privilege), 22 22 - }, 23 23 - }), 24 24 - }, 25 25 - output: { 26 26 - encoding: 'application/json', 27 27 - schema: object({ 28 28 - properties: { 29 29 - details: required(appPassword), 30 30 - secret: required(string({ description: 'the generated app password (only shown once)' })), 31 31 - }, 32 32 - }), 33 33 - }, 34 34 - }), 35 35 - }, 36 36 - });

-25

packages/lexicons/lexicons-src/local/danaus/legacy-auth/defs.ts

reviewed

··· 1 1 - import { document, object, required, string } from '@atcute/lexicon-doc/builder'; 2 2 - 3 3 - /** privilege level for app passwords */ 4 4 - export const privilege = string({ 5 5 - description: 6 6 - 'privilege level for app passwords. limited restricts access to certain endpoints, privileged grants broader access, full grants the same access as the main password', 7 7 - knownValues: ['limited', 'privileged', 'full'], 8 8 - }); 9 9 - 10 10 - /** app password metadata (password value not included) */ 11 11 - export const appPassword = object({ 12 12 - properties: { 13 13 - name: required(string({ description: 'human-readable name for the app password' })), 14 14 - privilege: required(privilege), 15 15 - createdAt: required(string({ format: 'datetime' })), 16 16 - }, 17 17 - }); 18 18 - 19 19 - export default document({ 20 20 - id: 'local.danaus.legacyAuth.defs', 21 21 - defs: { 22 22 - privilege, 23 23 - appPassword, 24 24 - }, 25 25 - });

-18

packages/lexicons/lexicons-src/local/danaus/legacy-auth/delete-app-password.ts

reviewed

··· 1 1 - import { document, object, procedure, required, string } from '@atcute/lexicon-doc/builder'; 2 2 - 3 3 - export default document({ 4 4 - id: 'local.danaus.legacyAuth.deleteAppPassword', 5 5 - defs: { 6 6 - main: procedure({ 7 7 - description: 'delete an app password by name', 8 8 - input: { 9 9 - encoding: 'application/json', 10 10 - schema: object({ 11 11 - properties: { 12 12 - name: required(string({ description: 'name of the app password to delete' })), 13 13 - }, 14 14 - }), 15 15 - }, 16 16 - }), 17 17 - }, 18 18 - });

-20

packages/lexicons/lexicons-src/local/danaus/legacy-auth/list-app-passwords.ts

reviewed

··· 1 1 - import { array, document, object, query, required } from '@atcute/lexicon-doc/builder'; 2 2 - 3 3 - import { appPassword } from './defs.ts'; 4 4 - 5 5 - export default document({ 6 6 - id: 'local.danaus.legacyAuth.listAppPasswords', 7 7 - defs: { 8 8 - main: query({ 9 9 - description: 'list all app passwords for the current account', 10 10 - output: { 11 11 - encoding: 'application/json', 12 12 - schema: object({ 13 13 - properties: { 14 14 - passwords: required(array({ items: appPassword })), 15 15 - }, 16 16 - }), 17 17 - }, 18 18 - }), 19 19 - }, 20 20 - });

-6

packages/lexicons/lib/lexicons/index.ts

reviewed

··· 1 1 export * as LocalDanausAccountCreateAccount from './types/local/danaus/account/createAccount.js'; 2 2 - export * as LocalDanausAccountSignIn from './types/local/danaus/account/signIn.js'; 3 3 - export * as LocalDanausAccountSignOut from './types/local/danaus/account/signOut.js'; 4 2 export * as LocalDanausAdminDefs from './types/local/danaus/admin/defs.js'; 5 3 export * as LocalDanausAdminGetStats from './types/local/danaus/admin/getStats.js'; 6 4 export * as LocalDanausAdminGetSubjectStatus from './types/local/danaus/admin/getSubjectStatus.js'; 7 5 export * as LocalDanausAdminUpdateSubjectStatus from './types/local/danaus/admin/updateSubjectStatus.js'; 8 8 - export * as LocalDanausLegacyAuthCreateAppPassword from './types/local/danaus/legacyAuth/createAppPassword.js'; 9 9 - export * as LocalDanausLegacyAuthDefs from './types/local/danaus/legacyAuth/defs.js'; 10 10 - export * as LocalDanausLegacyAuthDeleteAppPassword from './types/local/danaus/legacyAuth/deleteAppPassword.js'; 11 11 - export * as LocalDanausLegacyAuthListAppPasswords from './types/local/danaus/legacyAuth/listAppPasswords.js';

-49

packages/lexicons/lib/lexicons/types/local/danaus/account/signIn.ts

reviewed

··· 1 1 - import type {} from '@atcute/lexicons'; 2 2 - 3 3 - import * as v from '@atcute/lexicons/validations'; 4 4 - 5 5 - import type {} from '@atcute/lexicons/ambient'; 6 6 - 7 7 - const _mainSchema = /*#__PURE__*/ v.procedure('local.danaus.account.signIn', { 8 8 - params: null, 9 9 - input: { 10 10 - type: 'lex', 11 11 - schema: /*#__PURE__*/ v.object({ 12 12 - /** 13 13 - * handle, email, or did of the account 14 14 - */ 15 15 - identifier: /*#__PURE__*/ v.string(), 16 16 - /** 17 17 - * account password 18 18 - */ 19 19 - password: /*#__PURE__*/ v.string(), 20 20 - /** 21 21 - * extend session duration (1 year instead of 1 week) 22 22 - */ 23 23 - remember: /*#__PURE__*/ v.optional(/*#__PURE__*/ v.boolean()), 24 24 - }), 25 25 - }, 26 26 - output: { 27 27 - type: 'lex', 28 28 - schema: /*#__PURE__*/ v.object({ 29 29 - did: /*#__PURE__*/ v.didString(), 30 30 - handle: /*#__PURE__*/ v.handleString(), 31 31 - }), 32 32 - }, 33 33 - }); 34 34 - 35 35 - type main$schematype = typeof _mainSchema; 36 36 - 37 37 - export interface mainSchema extends main$schematype {} 38 38 - 39 39 - export const mainSchema = _mainSchema as mainSchema; 40 40 - 41 41 - export interface $params {} 42 42 - export interface $input extends v.InferXRPCBodyInput<mainSchema['input']> {} 43 43 - export interface $output extends v.InferXRPCBodyInput<mainSchema['output']> {} 44 44 - 45 45 - declare module '@atcute/lexicons/ambient' { 46 46 - interface XRPCProcedures { 47 47 - 'local.danaus.account.signIn': mainSchema; 48 48 - } 49 49 - }

-25

packages/lexicons/lib/lexicons/types/local/danaus/account/signOut.ts

reviewed

-53

packages/lexicons/lib/lexicons/types/local/danaus/legacyAuth/createAppPassword.ts

reviewed

··· 1 1 - import type {} from '@atcute/lexicons'; 2 2 - 3 3 - import * as v from '@atcute/lexicons/validations'; 4 4 - 5 5 - import type {} from '@atcute/lexicons/ambient'; 6 6 - 7 7 - import * as LocalDanausLegacyAuthDefs from './defs.js'; 8 8 - 9 9 - const _mainSchema = /*#__PURE__*/ v.procedure('local.danaus.legacyAuth.createAppPassword', { 10 10 - params: null, 11 11 - input: { 12 12 - type: 'lex', 13 13 - schema: /*#__PURE__*/ v.object({ 14 14 - /** 15 15 - * human-readable name for the app password 16 16 - * @minLength 1 17 17 - * @maxLength 128 18 18 - */ 19 19 - name: /*#__PURE__*/ v.constrain(/*#__PURE__*/ v.string(), [/*#__PURE__*/ v.stringLength(1, 128)]), 20 20 - get privilege() { 21 21 - return LocalDanausLegacyAuthDefs.privilegeSchema; 22 22 - }, 23 23 - }), 24 24 - }, 25 25 - output: { 26 26 - type: 'lex', 27 27 - schema: /*#__PURE__*/ v.object({ 28 28 - get details() { 29 29 - return LocalDanausLegacyAuthDefs.appPasswordSchema; 30 30 - }, 31 31 - /** 32 32 - * the generated app password (only shown once) 33 33 - */ 34 34 - secret: /*#__PURE__*/ v.string(), 35 35 - }), 36 36 - }, 37 37 - }); 38 38 - 39 39 - type main$schematype = typeof _mainSchema; 40 40 - 41 41 - export interface mainSchema extends main$schematype {} 42 42 - 43 43 - export const mainSchema = _mainSchema as mainSchema; 44 44 - 45 45 - export interface $params {} 46 46 - export interface $input extends v.InferXRPCBodyInput<mainSchema['input']> {} 47 47 - export interface $output extends v.InferXRPCBodyInput<mainSchema['output']> {} 48 48 - 49 49 - declare module '@atcute/lexicons/ambient' { 50 50 - interface XRPCProcedures { 51 51 - 'local.danaus.legacyAuth.createAppPassword': mainSchema; 52 52 - } 53 53 - }

-28

packages/lexicons/lib/lexicons/types/local/danaus/legacyAuth/defs.ts

reviewed

··· 1 1 - import type {} from '@atcute/lexicons'; 2 2 - 3 3 - import * as v from '@atcute/lexicons/validations'; 4 4 - 5 5 - const _appPasswordSchema = /*#__PURE__*/ v.object({ 6 6 - $type: /*#__PURE__*/ v.optional(/*#__PURE__*/ v.literal('local.danaus.legacyAuth.defs#appPassword')), 7 7 - createdAt: /*#__PURE__*/ v.datetimeString(), 8 8 - /** 9 9 - * human-readable name for the app password 10 10 - */ 11 11 - name: /*#__PURE__*/ v.string(), 12 12 - get privilege() { 13 13 - return privilegeSchema; 14 14 - }, 15 15 - }); 16 16 - const _privilegeSchema = /*#__PURE__*/ v.string<'full' | 'limited' | 'privileged' | (string & {})>(); 17 17 - 18 18 - type appPassword$schematype = typeof _appPasswordSchema; 19 19 - type privilege$schematype = typeof _privilegeSchema; 20 20 - 21 21 - export interface appPasswordSchema extends appPassword$schematype {} 22 22 - export interface privilegeSchema extends privilege$schematype {} 23 23 - 24 24 - export const appPasswordSchema = _appPasswordSchema as appPasswordSchema; 25 25 - export const privilegeSchema = _privilegeSchema as privilegeSchema; 26 26 - 27 27 - export interface AppPassword extends v.InferInput<typeof appPasswordSchema> {} 28 28 - export type Privilege = v.InferInput<typeof privilegeSchema>;

-34

packages/lexicons/lib/lexicons/types/local/danaus/legacyAuth/deleteAppPassword.ts

reviewed

-34

packages/lexicons/lib/lexicons/types/local/danaus/legacyAuth/listAppPasswords.ts

reviewed