+1

.gitignore

··· 15 15 secrets 16 16 .DS_Store 17 17 CLAUDE.md 18 18 + AGENTS.md 18 19 tmp 19 20 temp

+3

CHANGELOG.md

··· 19 19 (Module, Function, Args), denoting a callback function to be invoked by after 20 20 a successful OAuth login. See [the OAuth example](./examples/oauth.ex) for a 21 21 simple usage of this. 22 22 + - `Atex.OAuth.Permission` module for creating 23 23 + [AT Protocol permission](https://atproto.com/specs/permission) strings for 24 24 + OAuth. 22 25 23 26 ### Changed 24 27

+809

lib/atex/oauth/permission.ex

··· 1 1 + defmodule Atex.OAuth.Permission do 2 2 + use TypedStruct 3 3 + import Kernel, except: [to_string: 1] 4 4 + 5 5 + @type t_tuple() :: { 6 6 + resource :: String.t(), 7 7 + positional :: String.t() | nil, 8 8 + parameters :: list({String.t(), String.t()}) 9 9 + } 10 10 + 11 11 + @typep as_string() :: {:as_string, boolean()} 12 12 + @type account_attr() :: :email | :repo 13 13 + @type account_action() :: :read | :manage 14 14 + @type account_opt() :: 15 15 + {:attr, account_attr()} | {:action, account_action()} | as_string() 16 16 + 17 17 + @type repo_opt() :: 18 18 + {:create, boolean()} | {:update, boolean()} | {:delete, boolean()} | as_string() 19 19 + 20 20 + @type rpc_opt() :: {:aud, String.t()} | {:inherit_aud, boolean()} | as_string() 21 21 + 22 22 + @type include_opt() :: {:aud, String.t()} | as_string() 23 23 + 24 24 + typedstruct enforce: true do 25 25 + field :resource, String.t() 26 26 + field :positional, String.t() | nil 27 27 + # like a Keyword list but with a string instead of an atom 28 28 + field :parameters, list({String.t(), String.t()}), enforce: false, default: [] 29 29 + end 30 30 + 31 31 + @doc """ 32 32 + Creates a new permission struct from a permission scope string. 33 33 + 34 34 + Parses an AT Protocol OAuth permission scope string and returns a structured 35 35 + representation. Permission strings follow the format 36 36 + `resource:positional?key=value&key2=value2` 37 37 + 38 38 + The positional parameter is resource-specific and may be omitted in some cases 39 39 + (e.g., collection for `repo`, lxm for `rpc`, attr for `account`/`identity`, 40 40 + accept for `blob`). 41 41 + 42 42 + See the [AT Protocol 43 43 + documentation](https://atproto.com/specs/permission#scope-string-syntax) for 44 44 + the full syntax and rules for permission scope strings. 45 45 + 46 46 + ## Parameters 47 47 + - `string` - A permission scope string (e.g., "repo:app.example.profile") 48 48 + 49 49 + Returns `{:ok, permission}` if a valid scope string was given, otherwise it 50 50 + will return `{:error, reason}`. 51 51 + 52 52 + ## Examples 53 53 + 54 54 + # Simple with just a positional 55 55 + iex> Atex.OAuth.Permission.new("repo:app.example.profile") 56 56 + {:ok, %Atex.OAuth.Permission{ 57 57 + resource: "repo", 58 58 + positional: "app.example.profile", 59 59 + parameters: [] 60 60 + }} 61 61 + 62 62 + # With parameters 63 63 + iex> Atex.OAuth.Permission.new("repo?collection=app.example.profile&collection=app.example.post") 64 64 + {:ok, %Atex.OAuth.Permission{ 65 65 + resource: "repo", 66 66 + positional: nil, 67 67 + parameters: [ 68 68 + {"collection", "app.example.profile"}, 69 69 + {"collection", "app.example.post"} 70 70 + ] 71 71 + }} 72 72 + 73 73 + # Positional with parameters 74 74 + iex> Atex.OAuth.Permission.new("rpc:app.example.moderation.createReport?aud=*") 75 75 + {:ok, %Atex.OAuth.Permission{ 76 76 + resource: "rpc", 77 77 + positional: "app.example.moderation.createReport", 78 78 + parameters: [{"aud", "*"}] 79 79 + }} 80 80 + 81 81 + iex> Atex.OAuth.Permission.new("blob:*/*") 82 82 + {:ok, %Atex.OAuth.Permission{ 83 83 + resource: "blob", 84 84 + positional: "*/*", 85 85 + parameters: [] 86 86 + }} 87 87 + 88 88 + # Invalid: resource without positional or parameters 89 89 + iex> Atex.OAuth.Permission.new("resource") 90 90 + {:error, :missing_positional_or_parameters} 91 91 + 92 92 + """ 93 93 + @spec new(String.t()) :: {:ok, t()} | {:error, reason :: atom()} 94 94 + def new(string) do 95 95 + case parse(string) do 96 96 + {:ok, {resource, positional, parameters}} -> 97 97 + {:ok, %__MODULE__{resource: resource, positional: positional, parameters: parameters}} 98 98 + 99 99 + err -> 100 100 + err 101 101 + end 102 102 + end 103 103 + 104 104 + @doc """ 105 105 + Parses an AT Protocol permission scope string into its components. 106 106 + 107 107 + Returns a tuple containing the resource name, optional positional parameter, 108 108 + and a list of key-value parameter pairs. This is a lower-level function 109 109 + compared to `new/1`, returning the raw components instead of a struct. 110 110 + 111 111 + ## Parameters 112 112 + - `string` - A permission scope string following the format 113 113 + `resource:positional?key=value&key2=value2` 114 114 + 115 115 + Returns `{:ok, {resource, positional, parameters}}` if a valid scope string 116 116 + was given, otherwise it will return `{:error, reason}`. 117 117 + 118 118 + ## Examples 119 119 + 120 120 + # Simple with just a positional 121 121 + iex> Atex.OAuth.Permission.parse("repo:app.example.profile") 122 122 + {:ok, {"repo", "app.example.profile", []}} 123 123 + 124 124 + # With parameters 125 125 + iex> Atex.OAuth.Permission.parse("repo?collection=app.example.profile&collection=app.example.post") 126 126 + {:ok, { 127 127 + "repo", 128 128 + nil, 129 129 + [ 130 130 + {"collection", "app.example.profile"}, 131 131 + {"collection", "app.example.post"} 132 132 + ] 133 133 + }} 134 134 + 135 135 + # Positional with parameters 136 136 + iex> Atex.OAuth.Permission.parse("rpc:app.example.moderation.createReport?aud=*") 137 137 + {:ok, {"rpc", "app.example.moderation.createReport", [{"aud", "*"}]}} 138 138 + 139 139 + iex> Atex.OAuth.Permission.parse("blob:*/*") 140 140 + {:ok, {"blob", "*/*", []}} 141 141 + 142 142 + # Invalid: resource without positional or parameters 143 143 + iex> Atex.OAuth.Permission.parse("resource") 144 144 + {:error, :missing_positional_or_parameters} 145 145 + 146 146 + """ 147 147 + @spec parse(String.t()) :: 148 148 + {:ok, t_tuple()} 149 149 + | {:error, reason :: atom()} 150 150 + def parse(string) do 151 151 + case String.split(string, "?", parts: 2) do 152 152 + [resource_part] -> 153 153 + parse_resource_and_positional(resource_part) 154 154 + 155 155 + # Empty parameter string is treated as absent 156 156 + [resource_part, ""] -> 157 157 + parse_resource_and_positional(resource_part) 158 158 + 159 159 + [resource_part, params_part] -> 160 160 + params_part 161 161 + |> parse_parameters() 162 162 + |> then(&parse_resource_and_positional(resource_part, &1)) 163 163 + end 164 164 + end 165 165 + 166 166 + @spec parse_resource_and_positional(String.t(), list({String.t(), String.t()})) :: 167 167 + {:ok, t_tuple()} | {:error, reason :: atom()} 168 168 + defp parse_resource_and_positional(resource_part, parameters \\ []) do 169 169 + case String.split(resource_part, ":", parts: 2) do 170 170 + [resource_name, positional] -> 171 171 + {:ok, {resource_name, positional, parameters}} 172 172 + 173 173 + [resource_name] -> 174 174 + if parameters == [] do 175 175 + {:error, :missing_positional_or_parameters} 176 176 + else 177 177 + {:ok, {resource_name, nil, parameters}} 178 178 + end 179 179 + end 180 180 + end 181 181 + 182 182 + @spec parse_parameters(String.t()) :: list({String.t(), String.t()}) 183 183 + defp parse_parameters(params_string) do 184 184 + params_string 185 185 + |> String.split("&") 186 186 + |> Enum.map(fn param -> 187 187 + case String.split(param, "=", parts: 2) do 188 188 + [key, value] -> {key, URI.decode(value)} 189 189 + [key] -> {key, ""} 190 190 + end 191 191 + end) 192 192 + end 193 193 + 194 194 + @doc """ 195 195 + Converts a permission struct back into its scope string representation. 196 196 + 197 197 + This is the inverse operation of `new/1`, converting a structured permission 198 198 + back into the AT Protocol OAuth scope string format. The resulting string 199 199 + can be used directly as an OAuth scope parameter. 200 200 + 201 201 + Values in `parameters` are automatically URL-encoded as needed (e.g., `#` becomes `%23`). 202 202 + 203 203 + ## Parameters 204 204 + - `struct` - An `%Atex.OAuth.Permission{}` struct 205 205 + 206 206 + Returns a permission scope string. 207 207 + 208 208 + ## Examples 209 209 + 210 210 + # Simple with just a positional 211 211 + iex> perm = %Atex.OAuth.Permission{ 212 212 + ...> resource: "repo", 213 213 + ...> positional: "app.example.profile", 214 214 + ...> parameters: [] 215 215 + ...> } 216 216 + iex> Atex.OAuth.Permission.to_string(perm) 217 217 + "repo:app.example.profile" 218 218 + 219 219 + # With parameters 220 220 + iex> perm = %Atex.OAuth.Permission{ 221 221 + ...> resource: "repo", 222 222 + ...> positional: nil, 223 223 + ...> parameters: [ 224 224 + ...> {"collection", "app.example.profile"}, 225 225 + ...> {"collection", "app.example.post"} 226 226 + ...> ] 227 227 + ...> } 228 228 + iex> Atex.OAuth.Permission.to_string(perm) 229 229 + "repo?collection=app.example.profile&collection=app.example.post" 230 230 + 231 231 + # Positional with parameters 232 232 + iex> perm = %Atex.OAuth.Permission{ 233 233 + ...> resource: "rpc", 234 234 + ...> positional: "app.example.moderation.createReport", 235 235 + ...> parameters: [{"aud", "*"}] 236 236 + ...> } 237 237 + iex> Atex.OAuth.Permission.to_string(perm) 238 238 + "rpc:app.example.moderation.createReport?aud=*" 239 239 + 240 240 + iex> perm = %Atex.OAuth.Permission{ 241 241 + ...> resource: "blob", 242 242 + ...> positional: "*/*", 243 243 + ...> parameters: [] 244 244 + ...> } 245 245 + iex> Atex.OAuth.Permission.to_string(perm) 246 246 + "blob:*/*" 247 247 + 248 248 + # Works via String.Chars protocol 249 249 + iex> perm = %Atex.OAuth.Permission{ 250 250 + ...> resource: "account", 251 251 + ...> positional: "email", 252 252 + ...> parameters: [] 253 253 + ...> } 254 254 + iex> to_string(perm) 255 255 + "account:email" 256 256 + 257 257 + """ 258 258 + @spec to_string(t()) :: String.t() 259 259 + def to_string(%__MODULE__{} = struct) do 260 260 + positional_part = if struct.positional, do: ":#{struct.positional}", else: "" 261 261 + parameters_part = stringify_parameters(struct.parameters) 262 262 + 263 263 + struct.resource <> positional_part <> parameters_part 264 264 + end 265 265 + 266 266 + @spec stringify_parameters(list({String.t(), String.t()})) :: String.t() 267 267 + defp stringify_parameters([]), do: "" 268 268 + 269 269 + defp stringify_parameters(params) do 270 270 + params 271 271 + |> Enum.map(fn {key, value} -> "#{key}=#{encode_param_value(value)}" end) 272 272 + |> Enum.join("&") 273 273 + |> then(&"?#{&1}") 274 274 + end 275 275 + 276 276 + # Encode parameter values for OAuth scope strings 277 277 + # Preserves unreserved characters (A-Z, a-z, 0-9, -, ., _, ~) and common scope characters (*, :, /) 278 278 + # Encodes reserved characters like # as %23 279 279 + @spec encode_param_value(String.t()) :: String.t() 280 280 + defp encode_param_value(value) do 281 281 + URI.encode(value, fn char -> 282 282 + URI.char_unreserved?(char) or char in [?*, ?:, ?/] 283 283 + end) 284 284 + end 285 285 + 286 286 + @doc """ 287 287 + Creates an account permission for controlling PDS account hosting details. 288 288 + 289 289 + Controls access to private account information such as email address and 290 290 + repository import capabilities. These permissions cannot be included in 291 291 + permission sets and must be requested directly by client apps. 292 292 + 293 293 + See the [AT Protocol documentation](https://atproto.com/specs/permission#account) 294 294 + for more information. 295 295 + 296 296 + ## Options 297 297 + - `:attr` (required) - A component of account configuration. Must be `:email` 298 298 + or `:repo`. 299 299 + - `:action` (optional) - Degree of control. Can be `:read` or `:manage`. 300 300 + Defaults to `:read`. 301 301 + - `:as_string` (optional) - If `true` (default), returns a scope string, 302 302 + otherwise returns a Permission struct. 303 303 + 304 304 + If `:as_string` is true a scope string is returned, otherwise the underlying 305 305 + Permission struct is returned. 306 306 + 307 307 + ## Examples 308 308 + 309 309 + # Read account email (default action, as string) 310 310 + iex> Atex.OAuth.Permission.account(attr: :email) 311 311 + "account:email" 312 312 + 313 313 + # Read account email (as struct) 314 314 + iex> Atex.OAuth.Permission.account(attr: :email, as_string: false) 315 315 + %Atex.OAuth.Permission{ 316 316 + resource: "account", 317 317 + positional: "email", 318 318 + parameters: [] 319 319 + } 320 320 + 321 321 + # Read account email (explicit action) 322 322 + iex> Atex.OAuth.Permission.account(attr: :email, action: :read) 323 323 + "account:email?action=read" 324 324 + 325 325 + # Manage account email 326 326 + iex> Atex.OAuth.Permission.account(attr: :email, action: :manage) 327 327 + "account:email?action=manage" 328 328 + 329 329 + # Import repo 330 330 + iex> Atex.OAuth.Permission.account(attr: :repo, action: :manage) 331 331 + "account:repo?action=manage" 332 332 + 333 333 + """ 334 334 + @spec account(list(account_opt())) :: t() | String.t() 335 335 + def account(opts \\ []) do 336 336 + opts = Keyword.validate!(opts, attr: nil, action: nil, as_string: true) 337 337 + attr = Keyword.get(opts, :attr) 338 338 + action = Keyword.get(opts, :action) 339 339 + as_string = Keyword.get(opts, :as_string) 340 340 + 341 341 + cond do 342 342 + is_nil(attr) -> 343 343 + raise ArgumentError, "option `:attr` must be provided." 344 344 + 345 345 + attr not in [:email, :repo] -> 346 346 + raise ArgumentError, "option `:attr` must be `:email` or `:repo`." 347 347 + 348 348 + action not in [nil, :read, :manage] -> 349 349 + raise ArgumentError, "option `:action` must be `:read`, `:manage`, or `nil`." 350 350 + 351 351 + true -> 352 352 + struct = %__MODULE__{ 353 353 + resource: "account", 354 354 + positional: Atom.to_string(attr), 355 355 + parameters: if(!is_nil(action), do: [{"action", Atom.to_string(action)}], else: []) 356 356 + } 357 357 + 358 358 + if as_string, do: to_string(struct), else: struct 359 359 + end 360 360 + end 361 361 + 362 362 + @doc """ 363 363 + Creates a blob permission for uploading media files to PDS. 364 364 + 365 365 + Controls the ability to upload blobs (media files) to the PDS. Permissions can 366 366 + be restricted by MIME type patterns. 367 367 + 368 368 + See the [AT Protocol documentation](https://atproto.com/specs/permission#blob) 369 369 + for more information. 370 370 + 371 371 + <!-- TODO: When permission sets are supported, add the note from the docs about this not being allowed in permisison sets. --> 372 372 + 373 373 + ## Parameters 374 374 + - `accept` - A single MIME type string or list of MIME type strings/patterns. 375 375 + Supports glob patterns like `"*/*"` or `"video/*"`. 376 376 + - `opts` - Keyword list of options. 377 377 + 378 378 + ## Options 379 379 + - `:as_string` (optional) - If `true` (default), returns a scope string, otherwise 380 380 + returns a Permission struct. 381 381 + 382 382 + If `:as_string` is true a scope string is returned, otherwise the underlying 383 383 + Permission struct is returned. 384 384 + 385 385 + ## Examples 386 386 + 387 387 + # Upload any type of blob 388 388 + iex> Atex.OAuth.Permission.blob("*/*") 389 389 + "blob:*/*" 390 390 + 391 391 + # Only images 392 392 + iex> Atex.OAuth.Permission.blob("image/*", as_string: false) 393 393 + %Atex.OAuth.Permission{ 394 394 + resource: "blob", 395 395 + positional: "image/*", 396 396 + parameters: [] 397 397 + } 398 398 + 399 399 + # Multiple mimetypes 400 400 + iex> Atex.OAuth.Permission.blob(["video/*", "text/html"]) 401 401 + "blob?accept=video/*&accept=text/html" 402 402 + 403 403 + # Multiple more specific mimetypes 404 404 + iex> Atex.OAuth.Permission.blob(["image/png", "image/jpeg"], as_string: false) 405 405 + %Atex.OAuth.Permission{ 406 406 + resource: "blob", 407 407 + positional: nil, 408 408 + parameters: [{"accept", "image/png"}, {"accept", "image/jpeg"}] 409 409 + } 410 410 + 411 411 + """ 412 412 + # TODO: should probably validate that these at least look like mimetypes (~r"^.+/.+$") 413 413 + @spec blob(String.t() | list(String.t()), list(as_string())) :: t() | String.t() 414 414 + def blob(accept, opts \\ []) 415 415 + 416 416 + def blob(accept, opts) when is_binary(accept) do 417 417 + opts = Keyword.validate!(opts, as_string: true) 418 418 + as_string = Keyword.get(opts, :as_string) 419 419 + struct = %__MODULE__{resource: "blob", positional: accept} 420 420 + if as_string, do: to_string(struct), else: struct 421 421 + end 422 422 + 423 423 + def blob(accept, opts) when is_list(accept) do 424 424 + opts = Keyword.validate!(opts, as_string: true) 425 425 + as_string = Keyword.get(opts, :as_string) 426 426 + 427 427 + struct = %__MODULE__{ 428 428 + resource: "blob", 429 429 + positional: nil, 430 430 + parameters: Enum.map(accept, &{"accept", &1}) 431 431 + } 432 432 + 433 433 + if as_string, do: to_string(struct), else: struct 434 434 + end 435 435 + 436 436 + @doc """ 437 437 + Creates an identity permission for controlling network identity. 438 438 + 439 439 + Controls access to the account's DID document and handle. Note that the PDS 440 440 + might not be able to facilitate identity changes if it does not have control 441 441 + over the DID document (e.g., when using `did:web`). 442 442 + 443 443 + <!-- TODO: same thing about not allowed in permission sets. --> 444 444 + 445 445 + See the [AT Protocol 446 446 + documentation](https://atproto.com/specs/permission#identity) for more 447 447 + information. 448 448 + 449 449 + ## Parameters 450 450 + - `attr` - An aspect or component of identity. Must be `:handle` or `:*` 451 451 + (wildcard). 452 452 + - `opts` - Keyword list of options. 453 453 + 454 454 + ## Options 455 455 + - `:as_string` (optional) - If `true` (default), returns a scope string, 456 456 + otherwise returns a Permission struct. 457 457 + 458 458 + If `:as_string` is true a scope string is returned, otherwise the underlying 459 459 + Permission struct is returned. 460 460 + 461 461 + ## Examples 462 462 + 463 463 + # Update account handle (as string) 464 464 + iex> Atex.OAuth.Permission.identity(:handle) 465 465 + "identity:handle" 466 466 + 467 467 + # Full identity control (as struct) 468 468 + iex> Atex.OAuth.Permission.identity(:*, as_string: false) 469 469 + %Atex.OAuth.Permission{ 470 470 + resource: "identity", 471 471 + positional: "*", 472 472 + parameters: [] 473 473 + } 474 474 + 475 475 + """ 476 476 + @spec identity(:handle | :*, list(as_string())) :: t() | String.t() 477 477 + def identity(attr, opts \\ []) when attr in [:handle, :*] do 478 478 + opts = Keyword.validate!(opts, as_string: true) 479 479 + as_string = Keyword.get(opts, :as_string) 480 480 + 481 481 + struct = %__MODULE__{ 482 482 + resource: "identity", 483 483 + positional: Atom.to_string(attr) 484 484 + } 485 485 + 486 486 + if as_string, do: to_string(struct), else: struct 487 487 + end 488 488 + 489 489 + @doc """ 490 490 + Creates a repo permission for write access to records in the account's public 491 491 + repository. 492 492 + 493 493 + Controls write access to specific record types (collections) with optional 494 494 + restrictions on the types of operations allowed (create, update, delete). 495 495 + 496 496 + When no options are provided, all operations are permitted. When any action 497 497 + option is explicitly set, only the actions set to `true` are enabled. This 498 498 + allows for precise control over permissions. 499 499 + 500 500 + See the [AT Protocol documentation](https://atproto.com/specs/permission#repo) 501 501 + for more information. 502 502 + 503 503 + ## Parameters 504 504 + - `collection_or_collections` - A single collection NSID string or list of 505 505 + collection NSIDs. Use `"*"` for wildcard access to all record types (not 506 506 + allowed in permission sets). 507 507 + - `options` - Keyword list to restrict operations. If omitted, all operations 508 508 + are allowed. If any action is specified, only explicitly enabled actions are 509 509 + permitted. 510 510 + 511 511 + ## Options 512 512 + - `:create` - Allow creating new records. 513 513 + - `:update` - Allow updating existing records. 514 514 + - `:delete` - Allow deleting records. 515 515 + - `:as_string` (optional) - If `true` (default), returns a scope string, 516 516 + otherwise returns a Permission struct. 517 517 + 518 518 + If `:as_string` is true a scope string is returned, otherwise the underlying 519 519 + Permission struct is returned. 520 520 + 521 521 + ## Examples 522 522 + 523 523 + # Full permission on a single record type (all actions enabled, actions omitted) 524 524 + iex> Atex.OAuth.Permission.repo("app.example.profile") 525 525 + "repo:app.example.profile" 526 526 + 527 527 + # Create only permission (other actions implicitly disabled) 528 528 + iex> Atex.OAuth.Permission.repo("app.example.post", create: true, as_string: false) 529 529 + %Atex.OAuth.Permission{ 530 530 + resource: "repo", 531 531 + positional: "app.example.post", 532 532 + parameters: [{"action", "create"}] 533 533 + } 534 534 + 535 535 + # Delete only permission 536 536 + iex> Atex.OAuth.Permission.repo("app.example.like", delete: true) 537 537 + "repo:app.example.like?action=delete" 538 538 + 539 539 + # Create and update only, delete implicitly disabled 540 540 + iex> Atex.OAuth.Permission.repo("app.example.repost", create: true, update: true) 541 541 + "repo:app.example.repost?action=update&action=create" 542 542 + 543 543 + # Multiple collections with full permissions (no options provided, actions omitted) 544 544 + iex> Atex.OAuth.Permission.repo(["app.example.profile", "app.example.post"]) 545 545 + "repo?collection=app.example.profile&collection=app.example.post" 546 546 + 547 547 + # Multiple collections with only update permission (as struct) 548 548 + iex> Atex.OAuth.Permission.repo(["app.example.like", "app.example.repost"], update: true, as_string: false) 549 549 + %Atex.OAuth.Permission{ 550 550 + resource: "repo", 551 551 + positional: nil, 552 552 + parameters: [ 553 553 + {"collection", "app.example.like"}, 554 554 + {"collection", "app.example.repost"}, 555 555 + {"action", "update"} 556 556 + ] 557 557 + } 558 558 + 559 559 + # Wildcard permission (all record types, all actions enabled, actions omitted) 560 560 + iex> Atex.OAuth.Permission.repo("*") 561 561 + "repo:*" 562 562 + """ 563 563 + @spec repo(String.t() | list(String.t()), list(repo_opt())) :: t() | String.t() 564 564 + def repo(collection_or_collections, actions \\ [create: true, update: true, delete: true]) 565 565 + 566 566 + def repo(_collection, []), 567 567 + do: 568 568 + raise( 569 569 + ArgumentError, 570 570 + ":actions must not be an empty list. If you want to have all actions enabled, either set them explicitly or remove the empty list argument." 571 571 + ) 572 572 + 573 573 + def repo(collection, actions) when is_binary(collection), do: repo([collection], actions) 574 574 + 575 575 + def repo(collections, actions) when is_list(collections) do 576 576 + actions = 577 577 + Keyword.validate!(actions, [:create, :update, :delete, as_string: true]) 578 578 + 579 579 + # Check if any action keys were explicitly provided 580 580 + has_explicit_actions = 581 581 + Keyword.has_key?(actions, :create) || 582 582 + Keyword.has_key?(actions, :update) || 583 583 + Keyword.has_key?(actions, :delete) 584 584 + 585 585 + # If no action keys provided, default all to true; otherwise use explicit values 586 586 + create = if has_explicit_actions, do: Keyword.get(actions, :create, false), else: true 587 587 + update = if has_explicit_actions, do: Keyword.get(actions, :update, false), else: true 588 588 + delete = if has_explicit_actions, do: Keyword.get(actions, :delete, false), else: true 589 589 + all_actions_true = create && update && delete 590 590 + 591 591 + as_string = Keyword.get(actions, :as_string) 592 592 + singular_collection = length(collections) == 1 593 593 + collection_parameters = Enum.map(collections, &{"collection", &1}) 594 594 + 595 595 + parameters = 596 596 + [] 597 597 + |> add_repo_param(:create, create, all_actions_true) 598 598 + |> add_repo_param(:update, update, all_actions_true) 599 599 + |> add_repo_param(:delete, delete, all_actions_true) 600 600 + |> add_repo_param(:collections, collection_parameters) 601 601 + 602 602 + struct = %__MODULE__{ 603 603 + resource: "repo", 604 604 + positional: if(singular_collection, do: hd(collections)), 605 605 + parameters: parameters 606 606 + } 607 607 + 608 608 + if as_string, do: to_string(struct), else: struct 609 609 + end 610 610 + 611 611 + # When all actions are true, omit them 612 612 + defp add_repo_param(list, _type, _value, true), do: list 613 613 + # Otherwise add them in 614 614 + defp add_repo_param(list, :create, true, false), do: [{"action", "create"} | list] 615 615 + defp add_repo_param(list, :update, true, false), do: [{"action", "update"} | list] 616 616 + defp add_repo_param(list, :delete, true, false), do: [{"action", "delete"} | list] 617 617 + 618 618 + # Catch-all for 4-arity version (must be before 3-arity) 619 619 + defp add_repo_param(list, _type, _value, _all_true), do: list 620 620 + 621 621 + defp add_repo_param(list, :collections, [_ | [_ | _]] = collections), 622 622 + do: Enum.concat(collections, list) 623 623 + 624 624 + defp add_repo_param(list, _type, _value), do: list 625 625 + 626 626 + @doc """ 627 627 + Creates an RPC permission for authenticated API requests to remote services. 628 628 + 629 629 + The permission is parameterised by the remote endpoint (`lxm`, short for 630 630 + "Lexicon Method") and the identity of the remote service (the audience, 631 631 + `aud`). Permissions must be restricted by at least one of these parameters. 632 632 + 633 633 + See the [AT Protocol documentation](https://atproto.com/specs/permission#rpc) 634 634 + for more information. 635 635 + 636 636 + ## Parameters 637 637 + - `lxm` - A single NSID string or list of NSID strings representing API 638 638 + endpoints. Use `"*"` for wildcard access to all endpoints. 639 639 + - `opts` - Keyword list of options. 640 640 + 641 641 + ## Options 642 642 + - `:aud` (semi-required) - Audience of API requests as a DID service 643 643 + reference (e.g., `"did:web:api.example.com#srvtype"`). Supports wildcard 644 644 + (`"*"`). 645 645 + - `:inherit_aud` (optional) - If `true`, the `aud` value will be inherited 646 646 + from permission set invocation context. Only used inside permission sets. 647 647 + - `:as_string` (optional) - If `true` (default), returns a scope string, 648 648 + otherwise returns a Permission struct. 649 649 + 650 650 + > #### Note {: .info} 651 651 + > 652 652 + > `aud` and `lxm` cannot both be wildcard. The permission must be restricted 653 653 + > by at least one of them. 654 654 + 655 655 + If `:as_string` is true a scope string is returned, otherwise the underlying 656 656 + Permission struct is returned. 657 657 + 658 658 + ## Examples 659 659 + 660 660 + # Single endpoint with wildcard audience (as string) 661 661 + iex> Atex.OAuth.Permission.rpc("app.example.moderation.createReport", aud: "*") 662 662 + "rpc:app.example.moderation.createReport?aud=*" 663 663 + 664 664 + # Multiple endpoints with specific service (as struct) 665 665 + iex> Atex.OAuth.Permission.rpc( 666 666 + ...> ["app.example.getFeed", "app.example.getProfile"], 667 667 + ...> aud: "did:web:api.example.com#svc_appview", 668 668 + ...> as_string: false 669 669 + ...> ) 670 670 + %Atex.OAuth.Permission{ 671 671 + resource: "rpc", 672 672 + positional: nil, 673 673 + parameters: [ 674 674 + {"aud", "did:web:api.example.com#svc_appview"}, 675 675 + {"lxm", "app.example.getFeed"}, 676 676 + {"lxm", "app.example.getProfile"} 677 677 + ] 678 678 + } 679 679 + 680 680 + # Wildcard method with specific service 681 681 + iex> Atex.OAuth.Permission.rpc("*", aud: "did:web:api.example.com#svc_appview") 682 682 + "rpc:*?aud=did:web:api.example.com%23svc_appview" 683 683 + 684 684 + # Single endpoint with inherited audience (for permission sets) 685 685 + iex> Atex.OAuth.Permission.rpc("app.example.getPreferences", inherit_aud: true) 686 686 + "rpc:app.example.getPreferences?inheritAud=true" 687 687 + 688 688 + """ 689 689 + @spec rpc(String.t() | list(String.t()), list(rpc_opt())) :: t() | String.t() 690 690 + def rpc(lxm_or_lxms, opts \\ []) 691 691 + def rpc(lxm, opts) when is_binary(lxm), do: rpc([lxm], opts) 692 692 + 693 693 + def rpc(lxms, opts) when is_list(lxms) do 694 694 + opts = Keyword.validate!(opts, aud: nil, inherit_aud: false, as_string: true) 695 695 + aud = Keyword.get(opts, :aud) 696 696 + inherit_aud = Keyword.get(opts, :inherit_aud) 697 697 + as_string = Keyword.get(opts, :as_string) 698 698 + 699 699 + # Validation: must have at least one of aud or inherit_aud 700 700 + cond do 701 701 + is_nil(aud) && !inherit_aud -> 702 702 + raise ArgumentError, 703 703 + "RPC permissions must specify either `:aud` or `:inheritAud` option." 704 704 + 705 705 + !is_nil(aud) && inherit_aud -> 706 706 + raise ArgumentError, 707 707 + "RPC permissions cannot specify both `:aud` and `:inheritAud` options." 708 708 + 709 709 + # Both lxm and aud cannot be wildcard 710 710 + length(lxms) == 1 && hd(lxms) == "*" && aud == "*" -> 711 711 + raise ArgumentError, "RPC permissions cannot have both wildcard `lxm` and wildcard `aud`." 712 712 + 713 713 + true -> 714 714 + singular_lxm = length(lxms) == 1 715 715 + lxm_parameters = Enum.map(lxms, &{"lxm", &1}) 716 716 + 717 717 + parameters = 718 718 + cond do 719 719 + inherit_aud && singular_lxm -> 720 720 + [{"inheritAud", "true"}] 721 721 + 722 722 + inherit_aud -> 723 723 + [{"inheritAud", "true"} | lxm_parameters] 724 724 + 725 725 + singular_lxm -> 726 726 + [{"aud", aud}] 727 727 + 728 728 + true -> 729 729 + [{"aud", aud} | lxm_parameters] 730 730 + end 731 731 + 732 732 + struct = %__MODULE__{ 733 733 + resource: "rpc", 734 734 + positional: if(singular_lxm, do: hd(lxms)), 735 735 + parameters: parameters 736 736 + } 737 737 + 738 738 + if as_string, do: to_string(struct), else: struct 739 739 + end 740 740 + end 741 741 + 742 742 + @doc """ 743 743 + Creates an include permission for referencing a permission set. 744 744 + 745 745 + Permission sets are Lexicon schemas that bundle together multiple permissions 746 746 + under a single NSID. This allows developers to request a group of related 747 747 + permissions with a single scope string, improving user experience by reducing 748 748 + the number of individual permissions that need to be reviewed. 749 749 + 750 750 + The `nsid` parameter is required and must be a valid NSID that resolves to a 751 751 + permission set Lexicon schema. An optional `aud` parameter can be used to specify 752 752 + the audience for any RPC permissions within the set that have `inheritAud: true`. 753 753 + 754 754 + See the [AT Protocol documentation](https://atproto.com/specs/permission#permission-sets) 755 755 + for more information. 756 756 + 757 757 + ## Parameters 758 758 + - `nsid` - The NSID of the permission set (e.g., "com.example.authBasicFeatures") 759 759 + - `opts` - Keyword list of options. 760 760 + 761 761 + ## Options 762 762 + - `:aud` (optional) - Audience of API requests as a DID service reference 763 763 + (e.g., "did:web:api.example.com#srvtype"). Supports wildcard (`"*"`). 764 764 + - `:as_string` (optional) - If `true` (default), returns a scope string, 765 765 + otherwise returns a Permission struct. 766 766 + 767 767 + If `:as_string` is true a scope string is returned, otherwise the underlying 768 768 + Permission struct is returned. 769 769 + 770 770 + ## Examples 771 771 + 772 772 + # Include a permission set (as string) 773 773 + iex> Atex.OAuth.Permission.include("com.example.authBasicFeatures") 774 774 + "include:com.example.authBasicFeatures" 775 775 + 776 776 + # Include a permission set with audience (as struct) 777 777 + iex> Atex.OAuth.Permission.include("com.example.authFull", aud: "did:web:api.example.com#svc_chat", as_string: false) 778 778 + %Atex.OAuth.Permission{ 779 779 + resource: "include", 780 780 + positional: "com.example.authFull", 781 781 + parameters: [{"aud", "did:web:api.example.com#svc_chat"}] 782 782 + } 783 783 + 784 784 + # Include a permission set with wildcard audience 785 785 + iex> Atex.OAuth.Permission.include("app.example.authFull", aud: "*") 786 786 + "include:app.example.authFull?aud=*" 787 787 + 788 788 + """ 789 789 + @spec include(String.t(), list(include_opt())) :: t() | String.t() 790 790 + def include(nsid, opts \\ []) do 791 791 + opts = Keyword.validate!(opts, aud: nil, as_string: true) 792 792 + aud = Keyword.get(opts, :aud) 793 793 + as_string = Keyword.get(opts, :as_string) 794 794 + 795 795 + parameters = if !is_nil(aud), do: [{"aud", aud}], else: [] 796 796 + 797 797 + struct = %__MODULE__{ 798 798 + resource: "include", 799 799 + positional: nsid, 800 800 + parameters: parameters 801 801 + } 802 802 + 803 803 + if as_string, do: to_string(struct), else: struct 804 804 + end 805 805 + end 806 806 + 807 807 + defimpl String.Chars, for: Atex.OAuth.Permission do 808 808 + def to_string(permission), do: Atex.OAuth.Permission.to_string(permission) 809 809 + end

+50

test/atex/oauth/permission_test.exs

··· 1 1 + defmodule Atex.OAuth.PermissionTest do 2 2 + use ExUnit.Case, async: true 3 3 + alias Atex.OAuth.Permission 4 4 + doctest Permission 5 5 + 6 6 + describe "account/1" do 7 7 + test "requires `:attr`" do 8 8 + assert_raise ArgumentError, ~r/`:attr` must be provided/, fn -> 9 9 + Permission.account() 10 10 + end 11 11 + end 12 12 + 13 13 + test "requires valid `:attr`" do 14 14 + assert_raise ArgumentError, ~r/`:attr` must be `:email` or `:repo`/, fn -> 15 15 + Permission.account(attr: :foobar) 16 16 + end 17 17 + 18 18 + assert Permission.account(attr: :email) 19 19 + end 20 20 + 21 21 + test "requires valid `:action`" do 22 22 + assert_raise ArgumentError, ~r/`:action` must be `:read`, `:manage`, or `nil`/, fn -> 23 23 + Permission.account(attr: :email, action: :foobar) 24 24 + end 25 25 + 26 26 + assert Permission.account(attr: :email, action: :manage) 27 27 + assert Permission.account(attr: :repo, action: nil) 28 28 + end 29 29 + end 30 30 + 31 31 + describe "rpc/2" do 32 32 + test "requires at least `:aud` or `:inherit_aud`" do 33 33 + assert_raise ArgumentError, ~r/must specify either/, fn -> 34 34 + Permission.rpc("com.example.getProfile") 35 35 + end 36 36 + end 37 37 + 38 38 + test "disallows `:aud` and `:inherit_aud` at the same time" do 39 39 + assert_raise ArgumentError, ~r/cannot specify both/, fn -> 40 40 + Permission.rpc("com.example.getProfile", aud: "example", inherit_aud: true) 41 41 + end 42 42 + end 43 43 + 44 44 + test "disallows wildcard for `lxm` and `aud` at the same time" do 45 45 + assert_raise ArgumentError, ~r/wildcard `lxm` and wildcard `aud`/, fn -> 46 46 + Permission.rpc("*", aud: "*") 47 47 + end 48 48 + end 49 49 + end 50 50 + end