baileytownsend.dev
+10
Cargo.lock
+10
Cargo.lock
··················
+5
-1
Cargo.toml
+5
-1
Cargo.toml
···+sqlx = { version = "0.8.6", features = ["runtime-tokio-rustls", "sqlite", "migrate", "chrono"] }···
+5
-6
README.md
+5
-6
README.md
···-- [x] send an email using the `PDS_EMAIL_SMTP_URL` with a handlebar email template like Bluesky's 2FA sign in email.-- [ ] createSession gatekeeping (It does stop logins, just eh, doesn't actually send a real code or check it yet)+- Overrides the settings endpoints as well. As long as you have a confirmed email you can turn on 2FA···Nothing here yet! If you are brave enough to try before full release, let me know and I'll help you set it up.···
-3
migrations_bells_and_whistles/.keep
-3
migrations_bells_and_whistles/.keep
+524
src/helpers.rs
+524
src/helpers.rs
···+.body(format!("We received a sign-in request for the account @{handle}. Use the code: {code} to sign in. If this wasn't you, we recommend taking steps to protect your account by changing your password at https://bsky.app/settings.")), // Every message should have a plain text fallback.+pub async fn delete_all_email_tokens(account_db: &SqlitePool, did: String) -> anyhow::Result<()> {+/// We just need to confirm if it's there or not. Will let the PDS do the actual figuring of permissions
+53
-26
src/main.rs
+53
-26
src/main.rs
············let intro = "\n\nThis is a PDS gatekeeper\n\nCode: https://tangled.sh/@baileytownsend.dev/pds-gatekeeper\n";···+//TODO may need to change where this reads from? Like an env variable for it's location? Or arg?······//Allows 5 within 60 seconds, and after 60 should drop one off? So hit 5, then goes to 4 after 60 seconds.······
+19
-34
src/middleware.rs
+19
-34
src/middleware.rs
·········
+141
src/oauth_provider.rs
+141
src/oauth_provider.rs
···+// {"error":"second_authentication_factor_required","error_description":"emailOtp authentication factor required (hint: 2***0@p***m)","type":"emailOtp","hint":"2***0@p***m"}+"error_description": format!("emailOtp authentication factor required (hint: {})", masked_email),+// Copy headers but remove problematic ones. There was an issue with the PDS not parsing the body fully if i forwarded all headers+//Ignoring the type of token check failure. Looks like oauth on the entry treads them the same.+"Error during pre-auth check. This happens on the create_session endpoint when trying to decide if the user has access:\n {err}"+"This error was not generated by the PDS, but PDS Gatekeeper. Please contact your PDS administrator for help and for them to review the server logs.",
+66
-211
src/xrpc/com_atproto_server.rs
+66
-211
src/xrpc/com_atproto_server.rs
······-.body(format!("We received a sign-in request for the account @{}. Use the code: {} to sign in. If this wasn't you, we recommend taking steps to protect your account by changing your password at https://bsky.app/settings.", handle, token)), // Every message should have a plain text fallback.···+"Error during pre-auth check. This happens on the create_session endpoint when trying to decide if the user has access:\n {err}"+"This error was not generated by the PDS, but PDS Gatekeeper. Please contact your PDS administrator for help and for them to review the server logs.",······
-150
src/xrpc/helpers.rs
-150
src/xrpc/helpers.rs
···-/// - If the response is 200 but JSON parsing fails, returns Passthrough with the original body and headers.-/// Proxy the incoming request as a POST to the PDS base URL plus the provided path and attempt to parse-/// - If the response is 200 but JSON parsing fails, returns Passthrough with the original body and headers.