Clean up role-based auth

lexicons/com/atproto/admin/defs.json

@@ -585,6 +585,10 @@
           "type": "string",
           "description": "The subject line of the email sent to the user."
         },
+        "content": {
+          "type": "string",
+          "description": "The content of the email sent to the user."
+        },
         "comment": {
           "type": "string",
           "description": "Additional comment about the outgoing comm."

packages/api/CHANGELOG.md

@@ -1,5 +1,15 @@
 # @atproto/api
 
+## 0.10.4
+
+### Patch Changes
+
+- [#2260](https://github.com/bluesky-social/atproto/pull/2260) [`6ec885992`](https://github.com/bluesky-social/atproto/commit/6ec8859929a16f9725319cc398b716acf913b01f) Thanks [@estrattonbailey](https://github.com/estrattonbailey)! - Export regex from rich text detection
+
+- [#2260](https://github.com/bluesky-social/atproto/pull/2260) [`6ec885992`](https://github.com/bluesky-social/atproto/commit/6ec8859929a16f9725319cc398b716acf913b01f) Thanks [@estrattonbailey](https://github.com/estrattonbailey)! - Disallow rare unicode whitespace characters from tags
+
+- [#2260](https://github.com/bluesky-social/atproto/pull/2260) [`6ec885992`](https://github.com/bluesky-social/atproto/commit/6ec8859929a16f9725319cc398b716acf913b01f) Thanks [@estrattonbailey](https://github.com/estrattonbailey)! - Allow tags to lead with numbers
+
 ## 0.10.3
 
 ### Patch Changes

packages/api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/api",
-  "version": "0.10.3",
+  "version": "0.10.4",
   "license": "MIT",
   "description": "Client library for atproto and Bluesky",
   "keywords": [

packages/api/src/client/lexicons.ts

@@ -897,6 +897,10 @@ export const schemaDict = {
             type: 'string',
             description: 'The subject line of the email sent to the user.',
           },
+          content: {
+            type: 'string',
+            description: 'The content of the email sent to the user.',
+          },
           comment: {
             type: 'string',
             description: 'Additional comment about the outgoing comm.',

packages/api/src/client/types/com/atproto/admin/defs.ts

@@ -704,6 +704,8 @@ export function validateModEventUnmute(v: unknown): ValidationResult {
 export interface ModEventEmail {
   /** The subject line of the email sent to the user. */
   subjectLine: string
+  /** The content of the email sent to the user. */
+  content?: string
   /** Additional comment about the outgoing comm. */
   comment?: string
   [k: string]: unknown

packages/api/src/index.ts

@@ -14,6 +14,7 @@ export * from './agent'
 export * from './rich-text/rich-text'
 export * from './rich-text/sanitization'
 export * from './rich-text/unicode'
+export * from './rich-text/util'
 export * from './moderation'
 export * from './moderation/types'
 export { LABELS } from './moderation/const/labels'

packages/api/src/rich-text/detection.ts

@@ -1,6 +1,12 @@
 import TLDs from 'tlds'
 import { AppBskyRichtextFacet } from '../client'
 import { UnicodeString } from './unicode'
+import {
+  URL_REGEX,
+  MENTION_REGEX,
+  TAG_REGEX,
+  TRAILING_PUNCTUATION_REGEX,
+} from './util'
 
 export type Facet = AppBskyRichtextFacet.Main
 
@@ -9,7 +15,7 @@
   const facets: Facet[] = []
   {
     // mentions
-    const re = /(^|\s|\()(@)([a-zA-Z0-9.-]+)(\b)/g
+    const re = MENTION_REGEX
     while ((match = re.exec(text.utf16))) {
       if (!isValidDomain(match[3]) && !match[3].endsWith('.test')) {
         continue // probably not a handle
@@ -33,8 +39,7 @@
   }
   {
     // links
-    const re =
-      /(^|\s|\()((https?:\/\/[\S]+)|((?<domain>[a-z][a-z0-9]*(\.[a-z0-9]+)+)[\S]*))/gim
+    const re = URL_REGEX
     while ((match = re.exec(text.utf16))) {
       let uri = match[2]
       if (!uri.startsWith('http')) {
@@ -70,11 +75,14 @@
     }
   }
   {
-    const re = /(^|\s)#((?!\ufe0f)[^\d\s]\S*)(?=\s)?/g
+    const re = TAG_REGEX
     while ((match = re.exec(text.utf16))) {
       let [, leading, tag] = match
 
-      tag = tag.trim().replace(/\p{P}+$/gu, '') // strip ending punctuation
+      if (!tag) continue
+
+      // strip ending punctuation and any spaces
+      tag = tag.trim().replace(TRAILING_PUNCTUATION_REGEX, '')
 
       if (tag.length === 0 || tag.length > 64) continue
 

packages/api/src/rich-text/util.ts

@@ -0,0 +1,11 @@
+export const MENTION_REGEX = /(^|\s|\()(@)([a-zA-Z0-9.-]+)(\b)/g
+export const URL_REGEX =
+  /(^|\s|\()((https?:\/\/[\S]+)|((?<domain>[a-z][a-z0-9]*(\.[a-z0-9]+)+)[\S]*))/gim
+export const TRAILING_PUNCTUATION_REGEX = /\p{P}+$/gu
+
+/**
+ * `\ufe0f` emoji modifier
+ * `\u00AD\u2060\u200A\u200B\u200C\u200D\u20e2` zero-width spaces (likely incomplete)
+ */
+export const TAG_REGEX =
+  /(^|\s)[#＃]((?!\ufe0f)[^\s\u00AD\u2060\u200A\u200B\u200C\u200D\u20e2]*[^\d\s\p{P}\u00AD\u2060\u200A\u200B\u200C\u200D\u20e2]+[^\s\u00AD\u2060\u200A\u200B\u200C\u200D\u20e2]*)?/gu

packages/api/tests/rich-text-detection.test.ts

@@ -218,7 +218,7 @@ describe('detectFacets', () => {
     }
   })
 
-  it('correctly detects tags inline', async () => {
+  describe('correctly detects tags inline', () => {
     const inputs: [
       string,
       string[],
@@ -234,11 +234,13 @@ describe('detectFacets', () => {
         ],
       ],
       ['#1', [], []],
+      ['#1a', ['1a'], [{ byteStart: 0, byteEnd: 3 }]],
       ['#tag', ['tag'], [{ byteStart: 0, byteEnd: 4 }]],
       ['body #tag', ['tag'], [{ byteStart: 5, byteEnd: 9 }]],
       ['#tag body', ['tag'], [{ byteStart: 0, byteEnd: 4 }]],
       ['body #tag body', ['tag'], [{ byteStart: 5, byteEnd: 9 }]],
       ['body #1', [], []],
+      ['body #1a', ['1a'], [{ byteStart: 5, byteEnd: 8 }]],
       ['body #a1', ['a1'], [{ byteStart: 5, byteEnd: 8 }]],
       ['#', [], []],
       ['#?', [], []],
@@ -254,12 +256,18 @@ describe('detectFacets', () => {
         [],
         [],
       ],
+      [
+        'body #thisisa64characterstring_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!',
+        ['thisisa64characterstring_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'],
+        [{ byteStart: 5, byteEnd: 70 }],
+      ],
       [
         'its a #double#rainbow',
         ['double#rainbow'],
         [{ byteStart: 6, byteEnd: 21 }],
       ],
       ['##hashash', ['#hashash'], [{ byteStart: 0, byteEnd: 9 }]],
+      ['##', [], []],
       ['some #n0n3s@n5e!', ['n0n3s@n5e'], [{ byteStart: 5, byteEnd: 15 }]],
       [
         'works #with,punctuation',
@@ -319,9 +327,26 @@ describe('detectFacets', () => {
           },
         ],
       ],
+      ['no match (\\u200B): #​', [], []],
+      ['no match (\\u200Ba): #​a', [], []],
+      ['match (a\\u200Bb): #a​b', ['a'], [{ byteStart: 18, byteEnd: 20 }]],
+      ['match (ab\\u200B): #ab​', ['ab'], [{ byteStart: 18, byteEnd: 21 }]],
+      ['no match (\\u20e2tag): #⃢tag', [], []],
+      ['no match (a\\u20e2b): #a⃢b', ['a'], [{ byteStart: 21, byteEnd: 23 }]],
+      [
+        'match full width number sign (tag): ＃tag',
+        ['tag'],
+        [{ byteStart: 36, byteEnd: 42 }],
+      ],
+      [
+        'match full width number sign (tag): ＃#️⃣tag',
+        ['#️⃣tag'],
+        [{ byteStart: 36, byteEnd: 49 }],
+      ],
+      ['no match 1?: #1?', [], []],
     ]
 
-    for (const [input, tags, indices] of inputs) {
+    it.each(inputs)('%s', async (input, tags, indices) => {
       const rt = new RichText({ text: input })
       await rt.detectFacets(agent)
 
@@ -340,7 +365,7 @@ describe('detectFacets', () => {
 
       expect(detectedTags).toEqual(tags)
       expect(detectedIndices).toEqual(indices)
-    }
+    })
   })
 })
 

packages/bsky/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @atproto/bsky
 
+## 0.0.36
+
+### Patch Changes
+
+- Updated dependencies [[`6ec885992`](https://github.com/bluesky-social/atproto/commit/6ec8859929a16f9725319cc398b716acf913b01f), [`6ec885992`](https://github.com/bluesky-social/atproto/commit/6ec8859929a16f9725319cc398b716acf913b01f), [`6ec885992`](https://github.com/bluesky-social/atproto/commit/6ec8859929a16f9725319cc398b716acf913b01f)]:
+  - @atproto/[email protected]
+
 ## 0.0.35
 
 ### Patch Changes

packages/bsky/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/bsky",
-  "version": "0.0.35",
+  "version": "0.0.36",
   "license": "MIT",
   "description": "Reference implementation of app.bsky App View (Bluesky API)",
   "keywords": [

packages/bsky/src/lexicon/lexicons.ts

@@ -897,6 +897,10 @@ export const schemaDict = {
             type: 'string',
             description: 'The subject line of the email sent to the user.',
           },
+          content: {
+            type: 'string',
+            description: 'The content of the email sent to the user.',
+          },
           comment: {
             type: 'string',
             description: 'Additional comment about the outgoing comm.',

packages/bsky/src/lexicon/types/com/atproto/admin/defs.ts

@@ -704,6 +704,8 @@ export function validateModEventUnmute(v: unknown): ValidationResult {
 export interface ModEventEmail {
   /** The subject line of the email sent to the user. */
   subjectLine: string
+  /** The content of the email sent to the user. */
+  content?: string
   /** Additional comment about the outgoing comm. */
   comment?: string
   [k: string]: unknown

packages/dev-env/CHANGELOG.md

@@ -1,5 +1,15 @@
 # @atproto/dev-env
 
+## 0.2.36
+
+### Patch Changes
+
+- Updated dependencies [[`6ec885992`](https://github.com/bluesky-social/atproto/commit/6ec8859929a16f9725319cc398b716acf913b01f), [`6ec885992`](https://github.com/bluesky-social/atproto/commit/6ec8859929a16f9725319cc398b716acf913b01f), [`6ec885992`](https://github.com/bluesky-social/atproto/commit/6ec8859929a16f9725319cc398b716acf913b01f)]:
+  - @atproto/[email protected]
+  - @atproto/[email protected]
+  - @atproto/[email protected]
+  - @atproto/[email protected]
+
 ## 0.2.35
 
 ### Patch Changes

packages/dev-env/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/dev-env",
-  "version": "0.2.35",
+  "version": "0.2.36",
   "license": "MIT",
   "description": "Local development environment helper for atproto development",
   "keywords": [

packages/dev-env/src/ozone.ts

@@ -58,6 +58,7 @@ export class TestOzone {
     const port = config.port || (await getPort())
     const url = `http://localhost:${port}`
     const env: ozone.OzoneEnvironment = {
+      devMode: true,
       version: '0.0.0',
       port,
       didPlcUrl: config.plcUrl,

packages/ozone/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @atproto/ozone
 
+## 0.0.15
+
+### Patch Changes
+
+- Updated dependencies [[`6ec885992`](https://github.com/bluesky-social/atproto/commit/6ec8859929a16f9725319cc398b716acf913b01f), [`6ec885992`](https://github.com/bluesky-social/atproto/commit/6ec8859929a16f9725319cc398b716acf913b01f), [`6ec885992`](https://github.com/bluesky-social/atproto/commit/6ec8859929a16f9725319cc398b716acf913b01f)]:
+  - @atproto/[email protected]
+
 ## 0.0.14
 
 ### Patch Changes

packages/ozone/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/ozone",
-  "version": "0.0.14",
+  "version": "0.0.15",
   "license": "MIT",
   "description": "Backend service for moderating the Bluesky network.",
   "keywords": [

packages/ozone/src/api/admin/emitModerationEvent.ts

@@ -2,12 +2,14 @@ import { AuthRequiredError, InvalidRequestError } from '@atproto/xrpc-server'
 import { Server } from '../../lexicon'
 import AppContext from '../../context'
 import {
+  isModEventEmail,
   isModEventLabel,
   isModEventReverseTakedown,
   isModEventTakedown,
 } from '../../lexicon/types/com/atproto/admin/defs'
 import { subjectFromInput } from '../../mod-service/subject'
 import { ModerationLangService } from '../../mod-service/lang'
+import { retryHttp } from '../../util'
 
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.admin.emitModerationEvent({
@@ -76,6 +78,23 @@ export default function (server: Server, ctx: AppContext) {
         }
       }
 
+      if (isModEventEmail(event) && event.content) {
+        // sending email prior to logging the event to avoid a long transaction below
+        if (!subject.isRepo()) {
+          throw new InvalidRequestError(
+            'Email can only be sent to a repo subject',
+          )
+        }
+        const { content, subjectLine } = event
+        await retryHttp(() =>
+          ctx.modService(db).sendEmail({
+            subject: subjectLine,
+            content,
+            recipientDid: subject.did,
+          }),
+        )
+      }
+
       const moderationEvent = await db.transaction(async (dbTxn) => {
         const moderationTxn = ctx.modService(dbTxn)
 

packages/ozone/src/api/proxied.ts

@@ -16,6 +16,20 @@ export default function (server: Server, ctx: AppContext) {
     },
   })
 
+  server.app.bsky.actor.getProfiles({
+    auth: ctx.authVerifier.modOrRole,
+    handler: async (request) => {
+      const res = await ctx.appviewAgent.api.app.bsky.actor.getProfiles(
+        request.params,
+        await ctx.appviewAuth(),
+      )
+      return {
+        encoding: 'application/json',
+        body: res.data,
+      }
+    },
+  })
+
   server.app.bsky.feed.getAuthorFeed({
     auth: ctx.authVerifier.moderator,
     handler: async (request) => {
@@ -44,6 +58,20 @@ export default function (server: Server, ctx: AppContext) {
     },
   })
 
+  server.app.bsky.feed.getFeedGenerator({
+    auth: ctx.authVerifier.modOrRole,
+    handler: async (request) => {
+      const res = await ctx.appviewAgent.api.app.bsky.feed.getFeedGenerator(
+        request.params,
+        await ctx.appviewAuth(),
+      )
+      return {
+        encoding: 'application/json',
+        body: res.data,
+      }
+    },
+  })
+
   server.app.bsky.graph.getFollows({
     auth: ctx.authVerifier.moderator,
     handler: async (request) => {
@@ -71,4 +99,18 @@ export default function (server: Server, ctx: AppContext) {
       }
     },
   })
+
+  server.app.bsky.graph.getList({
+    auth: ctx.authVerifier.modOrRole,
+    handler: async (request) => {
+      const res = await ctx.appviewAgent.api.app.bsky.graph.getList(
+        request.params,
+        await ctx.appviewAuth(),
+      )
+      return {
+        encoding: 'application/json',
+        body: res.data,
+      }
+    },
+  })
 }