Account deletion

lexicons/com/atproto/account/delete.json

@@ -4,7 +4,20 @@
   "defs": {
     "main": {
       "type": "procedure",
-      "description": "Delete an account."
+      "description": "Delete a user account with a token and password.",
+      "input": {
+        "encoding": "application/json",
+        "schema": {
+          "type": "object",
+          "required": ["did", "password",  "token"],
+          "properties": {
+            "did": { "type": "string" },
+            "password": { "type": "string" },
+            "token": { "type": "string" }
+          }
+        }
+      },
+      "errors": [{ "name": "ExpiredToken" }, { "name": "InvalidToken" }]
     }
   }
 }

lexicons/com/atproto/account/requestDelete.json

@@ -0,0 +1,10 @@
+{
+  "lexicon": 1,
+  "id": "com.atproto.account.requestDelete",
+  "defs": {
+    "main": {
+      "type": "procedure",
+      "description": "Initiate a user account deletion via email."
+    }
+  }
+}

packages/api/src/client/index.ts

@@ -10,6 +10,7 @@ import * as ComAtprotoAccountCreate from './types/com/atproto/account/create'
 import * as ComAtprotoAccountCreateInviteCode from './types/com/atproto/account/createInviteCode'
 import * as ComAtprotoAccountDelete from './types/com/atproto/account/delete'
 import * as ComAtprotoAccountGet from './types/com/atproto/account/get'
+import * as ComAtprotoAccountRequestDelete from './types/com/atproto/account/requestDelete'
 import * as ComAtprotoAccountRequestPasswordReset from './types/com/atproto/account/requestPasswordReset'
 import * as ComAtprotoAccountResetPassword from './types/com/atproto/account/resetPassword'
 import * as ComAtprotoAdminGetModerationAction from './types/com/atproto/admin/getModerationAction'
@@ -91,6 +92,7 @@ export * as ComAtprotoAccountCreate from './types/com/atproto/account/create'
 export * as ComAtprotoAccountCreateInviteCode from './types/com/atproto/account/createInviteCode'
 export * as ComAtprotoAccountDelete from './types/com/atproto/account/delete'
 export * as ComAtprotoAccountGet from './types/com/atproto/account/get'
+export * as ComAtprotoAccountRequestDelete from './types/com/atproto/account/requestDelete'
 export * as ComAtprotoAccountRequestPasswordReset from './types/com/atproto/account/requestPasswordReset'
 export * as ComAtprotoAccountResetPassword from './types/com/atproto/account/resetPassword'
 export * as ComAtprotoAdminGetModerationAction from './types/com/atproto/admin/getModerationAction'
@@ -305,6 +307,17 @@ export class AccountNS {
       })
   }
 
+  requestDelete(
+    data?: ComAtprotoAccountRequestDelete.InputSchema,
+    opts?: ComAtprotoAccountRequestDelete.CallOptions,
+  ): Promise<ComAtprotoAccountRequestDelete.Response> {
+    return this._service.xrpc
+      .call('com.atproto.account.requestDelete', opts?.qp, data, opts)
+      .catch((e) => {
+        throw ComAtprotoAccountRequestDelete.toKnownErr(e)
+      })
+  }
+
   requestPasswordReset(
     data?: ComAtprotoAccountRequestPasswordReset.InputSchema,
     opts?: ComAtprotoAccountRequestPasswordReset.CallOptions,

packages/api/src/client/lexicons.ts

@@ -113,7 +113,33 @@ export const schemaDict = {
     defs: {
       main: {
         type: 'procedure',
-        description: 'Delete an account.',
+        description: 'Delete a user account with a token and password.',
+        input: {
+          encoding: 'application/json',
+          schema: {
+            type: 'object',
+            required: ['did', 'password', 'token'],
+            properties: {
+              did: {
+                type: 'string',
+              },
+              password: {
+                type: 'string',
+              },
+              token: {
+                type: 'string',
+              },
+            },
+          },
+        },
+        errors: [
+          {
+            name: 'ExpiredToken',
+          },
+          {
+            name: 'InvalidToken',
+          },
+        ],
       },
     },
   },
@@ -127,6 +153,16 @@ export const schemaDict = {
       },
     },
   },
+  ComAtprotoAccountRequestDelete: {
+    lexicon: 1,
+    id: 'com.atproto.account.requestDelete',
+    defs: {
+      main: {
+        type: 'procedure',
+        description: 'Initiate a user account deletion via email.',
+      },
+    },
+  },
   ComAtprotoAccountRequestPasswordReset: {
     lexicon: 1,
     id: 'com.atproto.account.requestPasswordReset',
@@ -3796,6 +3832,7 @@ export const ids = {
   ComAtprotoAccountCreateInviteCode: 'com.atproto.account.createInviteCode',
   ComAtprotoAccountDelete: 'com.atproto.account.delete',
   ComAtprotoAccountGet: 'com.atproto.account.get',
+  ComAtprotoAccountRequestDelete: 'com.atproto.account.requestDelete',
   ComAtprotoAccountRequestPasswordReset:
     'com.atproto.account.requestPasswordReset',
   ComAtprotoAccountResetPassword: 'com.atproto.account.resetPassword',

packages/api/src/client/types/com/atproto/account/delete.ts

@@ -8,20 +8,40 @@ import { lexicons } from '../../../../lexicons'
 
 export interface QueryParams {}
 
-export type InputSchema = undefined
+export interface InputSchema {
+  did: string
+  password: string
+  token: string
+  [k: string]: unknown
+}
 
 export interface CallOptions {
   headers?: Headers
   qp?: QueryParams
+  encoding: 'application/json'
 }
 
 export interface Response {
   success: boolean
   headers: Headers
 }
 
+export class ExpiredTokenError extends XRPCError {
+  constructor(src: XRPCError) {
+    super(src.status, src.error, src.message)
+  }
+}
+
+export class InvalidTokenError extends XRPCError {
+  constructor(src: XRPCError) {
+    super(src.status, src.error, src.message)
+  }
+}
+
 export function toKnownErr(e: any) {
   if (e instanceof XRPCError) {
+    if (e.error === 'ExpiredToken') return new ExpiredTokenError(e)
+    if (e.error === 'InvalidToken') return new InvalidTokenError(e)
   }
   return e
 }

packages/api/src/client/types/com/atproto/account/requestDelete.ts

@@ -0,0 +1,27 @@
+/**
+ * GENERATED CODE - DO NOT MODIFY
+ */
+import { Headers, XRPCError } from '@atproto/xrpc'
+import { ValidationResult } from '@atproto/lexicon'
+import { isObj, hasProp } from '../../../../util'
+import { lexicons } from '../../../../lexicons'
+
+export interface QueryParams {}
+
+export type InputSchema = undefined
+
+export interface CallOptions {
+  headers?: Headers
+  qp?: QueryParams
+}
+
+export interface Response {
+  success: boolean
+  headers: Headers
+}
+
+export function toKnownErr(e: any) {
+  if (e instanceof XRPCError) {
+  }
+  return e
+}

packages/aws/src/s3.ts

@@ -100,6 +100,13 @@ export class S3BlobStore implements BlobStore {
     const res = await this.getObject(cid)
     return res as stream.Readable
   }
+
+  async delete(cid: CID): Promise<void> {
+    await this.client.deleteObject({
+      Bucket: this.bucket,
+      Key: this.getStoredPath(cid),
+    })
+  }
 }
 
 export default S3BlobStore

packages/pds/.prettierignore

@@ -1 +1,2 @@
-src/lexicon/**/*
+src/lexicon/**/*
+src/mailer/templates/**/*

packages/pds/src/api/app/bsky/notification/list.ts

@@ -16,7 +16,11 @@ export default function (server: Server, ctx: AppContext) {
 
       let notifBuilder = ctx.db.db
         .selectFrom('user_notification as notif')
-        .innerJoin('ipld_block', 'ipld_block.cid', 'notif.recordCid')
+        .innerJoin('ipld_block', (join) =>
+          join
+            .onRef('ipld_block.cid', '=', 'notif.recordCid')
+            .onRef('ipld_block.creator', '=', 'notif.author'),
+        )
         .innerJoin('did_handle as author', 'author.did', 'notif.author')
         .leftJoin(
           'profile as author_profile',

packages/pds/src/api/com/atproto/account.ts → packages/pds/src/api/com/atproto/account/create.ts

@@ -2,34 +2,14 @@ import { InvalidRequestError } from '@atproto/xrpc-server'
 import * as crypto from '@atproto/crypto'
 import * as handleLib from '@atproto/handle'
 import { cidForCbor } from '@atproto/common'
-import { Server, APP_BSKY_SYSTEM } from '../../../lexicon'
-import { countAll } from '../../../db/util'
-import * as lex from '../../../lexicon/lexicons'
-import * as repo from '../../../repo'
-import { UserAlreadyExistsError } from '../../../services/actor'
-import AppContext from '../../../context'
+import { Server, APP_BSKY_SYSTEM } from '../../../../lexicon'
+import { countAll } from '../../../../db/util'
+import * as lex from '../../../../lexicon/lexicons'
+import * as repo from '../../../../repo'
+import { UserAlreadyExistsError } from '../../../../services/actor'
+import AppContext from '../../../../context'
 
 export default function (server: Server, ctx: AppContext) {
-  server.com.atproto.server.getAccountsConfig(() => {
-    const availableUserDomains = ctx.cfg.availableUserDomains
-    const inviteCodeRequired = ctx.cfg.inviteRequired
-    const privacyPolicy = ctx.cfg.privacyPolicyUrl
-    const termsOfService = ctx.cfg.termsOfServiceUrl
-
-    return {
-      encoding: 'application/json',
-      body: {
-        availableUserDomains,
-        inviteCodeRequired,
-        links: { privacyPolicy, termsOfService },
-      },
-    }
-  })
-
-  server.com.atproto.account.get(() => {
-    throw new InvalidRequestError('Not implemented')
-  })
-
   server.com.atproto.account.create(async ({ input, req }) => {
     const { email, password, inviteCode, recoveryKey } = input.body
 
@@ -175,9 +155,4 @@ export default function (server: Server, ctx: AppContext) {
       },
     }
   })
-
-  server.com.atproto.account.delete(() => {
-    // TODO
-    throw new InvalidRequestError('Not implemented')
-  })
 }

packages/pds/src/api/com/atproto/invites.ts → packages/pds/src/api/com/atproto/account/createInviteCode.ts

@@ -1,7 +1,7 @@
 import * as crypto from '@atproto/crypto'
 import * as uint8arrays from 'uint8arrays'
-import { Server } from '../../../lexicon'
-import AppContext from '../../../context'
+import { Server } from '../../../../lexicon'
+import AppContext from '../../../../context'
 
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.account.createInviteCode({

packages/pds/src/api/com/atproto/account/delete.ts

@@ -0,0 +1,78 @@
+import { AuthRequiredError } from '@atproto/xrpc-server'
+import { Server } from '../../../../lexicon'
+import AppContext from '../../../../context'
+import Database from '../../../../db'
+
+export default function (server: Server, ctx: AppContext) {
+  server.com.atproto.account.delete(async ({ input }) => {
+    const { did, password, token } = input.body
+    const validPass = await ctx.services
+      .actor(ctx.db)
+      .verifyUserDidPassword(did, password)
+    if (!validPass) {
+      throw new AuthRequiredError('Invalid did or password')
+    }
+
+    const tokenInfo = await ctx.db.db
+      .selectFrom('did_handle')
+      .innerJoin('delete_account_token as token', 'token.did', 'did_handle.did')
+      .where('did_handle.did', '=', did)
+      .where('token.token', '=', token)
+      .select([
+        'token.token as token',
+        'token.requestedAt as requestedAt',
+        'token.did as did',
+      ])
+      .executeTakeFirst()
+
+    if (!tokenInfo) {
+      return createInvalidTokenError()
+    }
+
+    const now = new Date()
+    const requestedAt = new Date(tokenInfo.requestedAt)
+    const expiresAt = new Date(requestedAt.getTime() + 15 * minsToMs)
+    if (now > expiresAt) {
+      await removeDeleteToken(ctx.db, tokenInfo.did)
+      return createExpiredTokenError()
+    }
+
+    await ctx.db.transaction(async (dbTxn) => {
+      await removeDeleteToken(dbTxn, did)
+      await ctx.services.record(dbTxn).deleteForUser(did)
+      await ctx.services.repo(dbTxn).deleteRepo(did)
+      await ctx.services.actor(dbTxn).deleteUser(did)
+    })
+  })
+}
+
+type ErrorResponse = {
+  status: number
+  error: string
+  message: string
+}
+
+const minsToMs = 60 * 1000
+
+const createInvalidTokenError = (): ErrorResponse & {
+  error: 'InvalidToken'
+} => ({
+  status: 400,
+  error: 'InvalidToken',
+  message: 'Token is invalid',
+})
+
+const createExpiredTokenError = (): ErrorResponse & {
+  error: 'ExpiredToken'
+} => ({
+  status: 400,
+  error: 'ExpiredToken',
+  message: 'The password reset token has expired',
+})
+
+const removeDeleteToken = async (db: Database, did: string) => {
+  await db.db
+    .deleteFrom('delete_account_token')
+    .where('delete_account_token.did', '=', did)
+    .execute()
+}

packages/pds/src/api/com/atproto/account/get.ts

@@ -0,0 +1,9 @@
+import { InvalidRequestError } from '@atproto/xrpc-server'
+import { Server } from '../../../../lexicon'
+import AppContext from '../../../../context'
+
+export default function (server: Server, _ctx: AppContext) {
+  server.com.atproto.account.get(() => {
+    throw new InvalidRequestError('Not implemented')
+  })
+}