PDS: fix account deactivation when behind entryway by using entryway …

…auth (#3173) pds: fix account deactivation when behind entryway by using entryway auth
bluesky-social · Dec 11, 2024 · a940c3f · a940c3f
1 parent 51b0c48
commit a940c3f
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 21 deletions.
diff --git a/packages/pds/src/api/com/atproto/server/activateAccount.ts b/packages/pds/src/api/com/atproto/server/activateAccount.ts
@@ -1,29 +1,21 @@
-import assert from 'node:assert'
-
 import { CidSet } from '@atproto/repo'
 import { INVALID_HANDLE } from '@atproto/syntax'
 import { InvalidRequestError } from '@atproto/xrpc-server'
 
 import AppContext from '../../../../context'
 import { Server } from '../../../../lexicon'
-import { ids } from '../../../../lexicon/lexicons'
 import { assertValidDidDocumentForService } from './util'
+import { authPassthru } from '../../../proxy'
 
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.activateAccount({
     auth: ctx.authVerifier.accessFull(),
-    handler: async ({ auth }) => {
+    handler: async ({ req, auth }) => {
       // in the case of entryway, the full flow is activateAccount (PDS) -> activateAccount (Entryway) -> updateSubjectStatus(PDS)
       if (ctx.entrywayAgent) {
-        assert(ctx.cfg.entryway)
-
         await ctx.entrywayAgent.com.atproto.server.activateAccount(
           undefined,
-          await ctx.serviceAuthHeaders(
-            auth.credentials.did,
-            ctx.cfg.entryway.did,
-            ids.ComAtprotoServerActivateAccount,
-          ),
+          authPassthru(req),
         )
         return
       }

diff --git a/packages/pds/src/api/com/atproto/server/deactivateAccount.ts b/packages/pds/src/api/com/atproto/server/deactivateAccount.ts
@@ -1,23 +1,16 @@
-import assert from 'node:assert'
-
 import AppContext from '../../../../context'
 import { Server } from '../../../../lexicon'
-import { ids } from '../../../../lexicon/lexicons'
+import { authPassthru } from '../../../proxy'
 
 export default function (server: Server, ctx: AppContext) {
   server.com.atproto.server.deactivateAccount({
     auth: ctx.authVerifier.accessFull(),
-    handler: async ({ auth, input }) => {
+    handler: async ({ req, auth, input }) => {
       // in the case of entryway, the full flow is deactivateAccount (PDS) -> deactivateAccount (Entryway) -> updateSubjectStatus(PDS)
       if (ctx.entrywayAgent) {
-        assert(ctx.cfg.entryway)
         await ctx.entrywayAgent.com.atproto.server.deactivateAccount(
           input.body,
-          await ctx.serviceAuthHeaders(
-            auth.credentials.did,
-            ctx.cfg.entryway.did,
-            ids.ComAtprotoServerDeactivateAccount,
-          ),
+          authPassthru(req),
         )
         return
       }