Grandiras/ATProto.NET
1
1
Fork 0
Code Issues 6 Pull requests Projects Releases 5 Packages 8 Wiki Activity Actions

Pds: MapAtProtoPds cannot exclude or override individual XRPC endpoints #39

New issue
Open
opened 2026-06-10 22:46:51 +00:00 by Grandiras · 0 comments
Grandiras commented 2026-06-10 22:46:51 +00:00
Owner
Copy link

MapAtProtoPds() maps all PDS XRPC endpoints unconditionally. There is no way to exclude, replace, or wrap a single endpoint — attempting to map the same route yourself produces an ambiguous-match conflict.

Concrete need: Updraft must own com.atproto.server.createAccount to enforce real invite-code validation (see the invite-codes issue). The only way today is terminal middleware registered before MapAtProtoPds() that matches the path manually and never calls next() — workable, but it bypasses endpoint routing (no endpoint metadata, no route-level auth policies, easy to get subtly wrong).

Suggestion, either of:

  • MapAtProtoPds(options => options.Exclude("com.atproto.server.createAccount")) so consumers can map their own implementation, or
  • first-class hooks on PdsService (e.g. an IAccountCreationGuard invoked inside CreateAccountAsync) so the default endpoint stays but policy is pluggable.

The hook approach composes better with the invite-store suggestion; the exclude approach is more general.

`MapAtProtoPds()` maps all PDS XRPC endpoints unconditionally. There is no way to exclude, replace, or wrap a single endpoint — attempting to map the same route yourself produces an ambiguous-match conflict. Concrete need: Updraft must own `com.atproto.server.createAccount` to enforce real invite-code validation (see the invite-codes issue). The only way today is terminal middleware registered before `MapAtProtoPds()` that matches the path manually and never calls `next()` — workable, but it bypasses endpoint routing (no endpoint metadata, no route-level auth policies, easy to get subtly wrong). Suggestion, either of: - `MapAtProtoPds(options => options.Exclude("com.atproto.server.createAccount"))` so consumers can map their own implementation, or - first-class hooks on `PdsService` (e.g. an `IAccountCreationGuard` invoked inside `CreateAccountAsync`) so the default endpoint stays but policy is pluggable. The hook approach composes better with the invite-store suggestion; the exclude approach is more general.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
v0.4.0
v0.3.0
v0.2.0
v0.1.1
v0.1.0
Labels
Clear labels   
breaking-change

Introduces a breaking API change

  
bug

Something is not working correctly

  
documentation

Documentation improvements

  
duplicate

This issue or PR already exists

  
enhancement

New feature or improvement

  
good first issue

Good for newcomers to the project

  
help wanted

Extra attention is needed

  
performance

Performance-related issue or improvement

  
question

Further information is requested

  
wontfix

This will not be worked on

No labels
breaking-change
bug
documentation
duplicate
enhancement
good first issue
help wanted
performance
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Grandiras/ATProto.NET#39
No description provided.