clean up routing

2026-02-08 21:30:08 +00:00 · 2026-01-03 18:49:08 +01:00
parent f789acddd1
commit b4e2b5d300
1 changed files with 211 additions and 285 deletions
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -34,611 +34,538 @@ use tower_http::cors::{Any, CorsLayer};
 use tower_http::services::{ServeDir, ServeFile};

 pub fn app(state: AppState) -> Router {
-    let router = Router::new()
-        .route("/metrics", get(metrics::metrics_handler))
-        .route("/health", get(api::server::health))
-        .route("/xrpc/_health", get(api::server::health))
-        .route("/robots.txt", get(api::server::robots_txt))
-        .route("/logo", get(api::server::get_logo))
+    let xrpc_router = Router::new()
+        .route("/_health", get(api::server::health))
        .route(
-            "/xrpc/com.atproto.server.describeServer",
+            "/com.atproto.server.describeServer",
            get(api::server::describe_server),
        )
        .route(
-            "/xrpc/com.atproto.server.createAccount",
+            "/com.atproto.server.createAccount",
            post(api::identity::create_account),
        )
        .route(
-            "/xrpc/com.atproto.server.createSession",
+            "/com.atproto.server.createSession",
            post(api::server::create_session),
        )
        .route(
-            "/xrpc/com.atproto.server.getSession",
+            "/com.atproto.server.getSession",
            get(api::server::get_session),
        )
+        .route("/_account.listSessions", get(api::server::list_sessions))
+        .route("/_account.revokeSession", post(api::server::revoke_session))
        .route(
-            "/xrpc/_account.listSessions",
-            get(api::server::list_sessions),
-        )
-        .route(
-            "/xrpc/_account.revokeSession",
-            post(api::server::revoke_session),
-        )
-        .route(
-            "/xrpc/_account.revokeAllSessions",
+            "/_account.revokeAllSessions",
            post(api::server::revoke_all_sessions),
        )
        .route(
-            "/xrpc/com.atproto.server.deleteSession",
+            "/com.atproto.server.deleteSession",
            post(api::server::delete_session),
        )
        .route(
-            "/xrpc/com.atproto.server.refreshSession",
+            "/com.atproto.server.refreshSession",
            post(api::server::refresh_session),
        )
        .route(
-            "/xrpc/com.atproto.server.confirmSignup",
+            "/com.atproto.server.confirmSignup",
            post(api::server::confirm_signup),
        )
        .route(
-            "/xrpc/com.atproto.server.resendVerification",
+            "/com.atproto.server.resendVerification",
            post(api::server::resend_verification),
        )
        .route(
-            "/xrpc/com.atproto.server.getServiceAuth",
+            "/com.atproto.server.getServiceAuth",
            get(api::server::get_service_auth),
        )
        .route(
-            "/xrpc/com.atproto.identity.resolveHandle",
+            "/com.atproto.identity.resolveHandle",
            get(api::identity::resolve_handle),
        )
        .route(
-            "/xrpc/com.atproto.repo.createRecord",
+            "/com.atproto.repo.createRecord",
            post(api::repo::create_record),
        )
+        .route("/com.atproto.repo.putRecord", post(api::repo::put_record))
+        .route("/com.atproto.repo.getRecord", get(api::repo::get_record))
        .route(
-            "/xrpc/com.atproto.repo.putRecord",
-            post(api::repo::put_record),
-        )
-        .route(
-            "/xrpc/com.atproto.repo.getRecord",
-            get(api::repo::get_record),
-        )
-        .route(
-            "/xrpc/com.atproto.repo.deleteRecord",
+            "/com.atproto.repo.deleteRecord",
            post(api::repo::delete_record),
        )
        .route(
-            "/xrpc/com.atproto.repo.listRecords",
+            "/com.atproto.repo.listRecords",
            get(api::repo::list_records),
        )
        .route(
-            "/xrpc/com.atproto.repo.describeRepo",
+            "/com.atproto.repo.describeRepo",
            get(api::repo::describe_repo),
        )
+        .route("/com.atproto.repo.uploadBlob", post(api::repo::upload_blob))
        .route(
-            "/xrpc/com.atproto.repo.uploadBlob",
-            post(api::repo::upload_blob),
-        )
-        .route(
-            "/xrpc/com.atproto.repo.applyWrites",
+            "/com.atproto.repo.applyWrites",
            post(api::repo::apply_writes),
        )
        .route(
-            "/xrpc/com.atproto.sync.getLatestCommit",
+            "/com.atproto.sync.getLatestCommit",
            get(sync::get_latest_commit),
        )
-        .route("/xrpc/com.atproto.sync.listRepos", get(sync::list_repos))
-        .route("/xrpc/com.atproto.sync.getBlob", get(sync::get_blob))
-        .route("/xrpc/com.atproto.sync.listBlobs", get(sync::list_blobs))
+        .route("/com.atproto.sync.listRepos", get(sync::list_repos))
+        .route("/com.atproto.sync.getBlob", get(sync::get_blob))
+        .route("/com.atproto.sync.listBlobs", get(sync::list_blobs))
        .route(
-            "/xrpc/com.atproto.sync.getRepoStatus",
+            "/com.atproto.sync.getRepoStatus",
            get(sync::get_repo_status),
        )
        .route(
-            "/xrpc/com.atproto.server.checkAccountStatus",
+            "/com.atproto.server.checkAccountStatus",
            get(api::server::check_account_status),
        )
        .route(
-            "/xrpc/com.atproto.identity.getRecommendedDidCredentials",
+            "/com.atproto.identity.getRecommendedDidCredentials",
            get(api::identity::get_recommended_did_credentials),
        )
        .route(
-            "/xrpc/com.atproto.repo.listMissingBlobs",
+            "/com.atproto.repo.listMissingBlobs",
            get(api::repo::list_missing_blobs),
        )
        .route(
-            "/xrpc/com.atproto.sync.notifyOfUpdate",
+            "/com.atproto.sync.notifyOfUpdate",
            post(sync::notify_of_update),
        )
+        .route("/com.atproto.sync.requestCrawl", post(sync::request_crawl))
+        .route("/com.atproto.sync.getBlocks", get(sync::get_blocks))
+        .route("/com.atproto.sync.getRepo", get(sync::get_repo))
+        .route("/com.atproto.sync.getRecord", get(sync::get_record))
        .route(
-            "/xrpc/com.atproto.sync.requestCrawl",
-            post(sync::request_crawl),
-        )
-        .route("/xrpc/com.atproto.sync.getBlocks", get(sync::get_blocks))
-        .route("/xrpc/com.atproto.sync.getRepo", get(sync::get_repo))
-        .route("/xrpc/com.atproto.sync.getRecord", get(sync::get_record))
-        .route(
-            "/xrpc/com.atproto.sync.subscribeRepos",
+            "/com.atproto.sync.subscribeRepos",
            get(sync::subscribe_repos),
        )
-        .route("/xrpc/com.atproto.sync.getHead", get(sync::get_head))
+        .route("/com.atproto.sync.getHead", get(sync::get_head))
+        .route("/com.atproto.sync.getCheckout", get(sync::get_checkout))
        .route(
-            "/xrpc/com.atproto.sync.getCheckout",
-            get(sync::get_checkout),
-        )
-        .route(
-            "/xrpc/com.atproto.moderation.createReport",
+            "/com.atproto.moderation.createReport",
            post(api::moderation::create_report),
        )
        .route(
-            "/xrpc/com.atproto.admin.getAccountInfo",
+            "/com.atproto.admin.getAccountInfo",
            get(api::admin::get_account_info),
        )
        .route(
-            "/xrpc/com.atproto.admin.getAccountInfos",
+            "/com.atproto.admin.getAccountInfos",
            get(api::admin::get_account_infos),
        )
        .route(
-            "/xrpc/com.atproto.admin.searchAccounts",
+            "/com.atproto.admin.searchAccounts",
            get(api::admin::search_accounts),
        )
        .route(
-            "/xrpc/com.atproto.server.activateAccount",
+            "/com.atproto.server.activateAccount",
            post(api::server::activate_account),
        )
        .route(
-            "/xrpc/com.atproto.server.deactivateAccount",
+            "/com.atproto.server.deactivateAccount",
            post(api::server::deactivate_account),
        )
        .route(
-            "/xrpc/com.atproto.server.requestAccountDelete",
+            "/com.atproto.server.requestAccountDelete",
            post(api::server::request_account_delete),
        )
        .route(
-            "/xrpc/com.atproto.server.deleteAccount",
+            "/com.atproto.server.deleteAccount",
            post(api::server::delete_account),
        )
        .route(
-            "/xrpc/com.atproto.server.requestPasswordReset",
+            "/com.atproto.server.requestPasswordReset",
            post(api::server::request_password_reset),
        )
        .route(
-            "/xrpc/com.atproto.server.resetPassword",
+            "/com.atproto.server.resetPassword",
            post(api::server::reset_password),
        )
        .route(
-            "/xrpc/_account.changePassword",
+            "/_account.changePassword",
            post(api::server::change_password),
        )
        .route(
-            "/xrpc/_account.removePassword",
+            "/_account.removePassword",
            post(api::server::remove_password),
        )
        .route(
-            "/xrpc/_account.getPasswordStatus",
+            "/_account.getPasswordStatus",
            get(api::server::get_password_status),
        )
        .route(
-            "/xrpc/_account.getReauthStatus",
+            "/_account.getReauthStatus",
            get(api::server::get_reauth_status),
        )
        .route(
-            "/xrpc/_account.reauthPassword",
+            "/_account.reauthPassword",
            post(api::server::reauth_password),
        )
-        .route("/xrpc/_account.reauthTotp", post(api::server::reauth_totp))
+        .route("/_account.reauthTotp", post(api::server::reauth_totp))
        .route(
-            "/xrpc/_account.reauthPasskeyStart",
+            "/_account.reauthPasskeyStart",
            post(api::server::reauth_passkey_start),
        )
        .route(
-            "/xrpc/_account.reauthPasskeyFinish",
+            "/_account.reauthPasskeyFinish",
            post(api::server::reauth_passkey_finish),
        )
        .route(
-            "/xrpc/_account.getLegacyLoginPreference",
+            "/_account.getLegacyLoginPreference",
            get(api::server::get_legacy_login_preference),
        )
        .route(
-            "/xrpc/_account.updateLegacyLoginPreference",
+            "/_account.updateLegacyLoginPreference",
            post(api::server::update_legacy_login_preference),
        )
+        .route("/_account.updateLocale", post(api::server::update_locale))
        .route(
-            "/xrpc/_account.updateLocale",
-            post(api::server::update_locale),
-        )
-        .route(
-            "/xrpc/_account.listTrustedDevices",
+            "/_account.listTrustedDevices",
            get(api::server::list_trusted_devices),
        )
        .route(
-            "/xrpc/_account.revokeTrustedDevice",
+            "/_account.revokeTrustedDevice",
            post(api::server::revoke_trusted_device),
        )
        .route(
-            "/xrpc/_account.updateTrustedDevice",
+            "/_account.updateTrustedDevice",
            post(api::server::update_trusted_device),
        )
        .route(
-            "/xrpc/_account.createPasskeyAccount",
+            "/_account.createPasskeyAccount",
            post(api::server::create_passkey_account),
        )
        .route(
-            "/xrpc/_account.startPasskeyRegistrationForSetup",
+            "/_account.startPasskeyRegistrationForSetup",
            post(api::server::start_passkey_registration_for_setup),
        )
        .route(
-            "/xrpc/_account.completePasskeySetup",
+            "/_account.completePasskeySetup",
            post(api::server::complete_passkey_setup),
        )
        .route(
-            "/xrpc/_account.requestPasskeyRecovery",
+            "/_account.requestPasskeyRecovery",
            post(api::server::request_passkey_recovery),
        )
        .route(
-            "/xrpc/_account.recoverPasskeyAccount",
+            "/_account.recoverPasskeyAccount",
            post(api::server::recover_passkey_account),
        )
        .route(
-            "/xrpc/_account.updateDidDocument",
+            "/_account.updateDidDocument",
            post(api::server::update_did_document),
        )
        .route(
-            "/xrpc/_account.getDidDocument",
+            "/_account.getDidDocument",
            get(api::server::get_did_document),
        )
        .route(
-            "/xrpc/com.atproto.server.requestEmailUpdate",
+            "/com.atproto.server.requestEmailUpdate",
            post(api::server::request_email_update),
        )
        .route(
-            "/xrpc/_checkEmailVerified",
+            "/_checkEmailVerified",
            post(api::server::check_email_verified),
        )
        .route(
-            "/xrpc/com.atproto.server.confirmEmail",
+            "/com.atproto.server.confirmEmail",
            post(api::server::confirm_email),
        )
        .route(
-            "/xrpc/com.atproto.server.updateEmail",
+            "/com.atproto.server.updateEmail",
            post(api::server::update_email),
        )
        .route(
-            "/xrpc/com.atproto.server.reserveSigningKey",
+            "/com.atproto.server.reserveSigningKey",
            post(api::server::reserve_signing_key),
        )
        .route(
-            "/xrpc/com.atproto.server.verifyMigrationEmail",
+            "/com.atproto.server.verifyMigrationEmail",
            post(api::server::verify_migration_email),
        )
        .route(
-            "/xrpc/com.atproto.server.resendMigrationVerification",
+            "/com.atproto.server.resendMigrationVerification",
            post(api::server::resend_migration_verification),
        )
        .route(
-            "/xrpc/com.atproto.identity.updateHandle",
+            "/com.atproto.identity.updateHandle",
            post(api::identity::update_handle),
        )
        .route(
-            "/xrpc/com.atproto.identity.requestPlcOperationSignature",
+            "/com.atproto.identity.requestPlcOperationSignature",
            post(api::identity::request_plc_operation_signature),
        )
        .route(
-            "/xrpc/com.atproto.identity.signPlcOperation",
+            "/com.atproto.identity.signPlcOperation",
            post(api::identity::sign_plc_operation),
        )
        .route(
-            "/xrpc/com.atproto.identity.submitPlcOperation",
+            "/com.atproto.identity.submitPlcOperation",
            post(api::identity::submit_plc_operation),
        )
+        .route("/com.atproto.repo.importRepo", post(api::repo::import_repo))
        .route(
-            "/xrpc/com.atproto.repo.importRepo",
-            post(api::repo::import_repo),
-        )
-        .route(
-            "/xrpc/com.atproto.admin.deleteAccount",
+            "/com.atproto.admin.deleteAccount",
            post(api::admin::delete_account),
        )
        .route(
-            "/xrpc/com.atproto.admin.updateAccountEmail",
+            "/com.atproto.admin.updateAccountEmail",
            post(api::admin::update_account_email),
        )
        .route(
-            "/xrpc/com.atproto.admin.updateAccountHandle",
+            "/com.atproto.admin.updateAccountHandle",
            post(api::admin::update_account_handle),
        )
        .route(
-            "/xrpc/com.atproto.admin.updateAccountPassword",
+            "/com.atproto.admin.updateAccountPassword",
            post(api::admin::update_account_password),
        )
        .route(
-            "/xrpc/com.atproto.server.listAppPasswords",
+            "/com.atproto.server.listAppPasswords",
            get(api::server::list_app_passwords),
        )
        .route(
-            "/xrpc/com.atproto.server.createAppPassword",
+            "/com.atproto.server.createAppPassword",
            post(api::server::create_app_password),
        )
        .route(
-            "/xrpc/com.atproto.server.revokeAppPassword",
+            "/com.atproto.server.revokeAppPassword",
            post(api::server::revoke_app_password),
        )
        .route(
-            "/xrpc/com.atproto.server.createInviteCode",
+            "/com.atproto.server.createInviteCode",
            post(api::server::create_invite_code),
        )
        .route(
-            "/xrpc/com.atproto.server.createInviteCodes",
+            "/com.atproto.server.createInviteCodes",
            post(api::server::create_invite_codes),
        )
        .route(
-            "/xrpc/com.atproto.server.getAccountInviteCodes",
+            "/com.atproto.server.getAccountInviteCodes",
            get(api::server::get_account_invite_codes),
        )
        .route(
-            "/xrpc/com.atproto.server.createTotpSecret",
+            "/com.atproto.server.createTotpSecret",
            post(api::server::create_totp_secret),
        )
        .route(
-            "/xrpc/com.atproto.server.enableTotp",
+            "/com.atproto.server.enableTotp",
            post(api::server::enable_totp),
        )
        .route(
-            "/xrpc/com.atproto.server.disableTotp",
+            "/com.atproto.server.disableTotp",
            post(api::server::disable_totp),
        )
        .route(
-            "/xrpc/com.atproto.server.getTotpStatus",
+            "/com.atproto.server.getTotpStatus",
            get(api::server::get_totp_status),
        )
        .route(
-            "/xrpc/com.atproto.server.regenerateBackupCodes",
+            "/com.atproto.server.regenerateBackupCodes",
            post(api::server::regenerate_backup_codes),
        )
        .route(
-            "/xrpc/com.atproto.server.startPasskeyRegistration",
+            "/com.atproto.server.startPasskeyRegistration",
            post(api::server::start_passkey_registration),
        )
        .route(
-            "/xrpc/com.atproto.server.finishPasskeyRegistration",
+            "/com.atproto.server.finishPasskeyRegistration",
            post(api::server::finish_passkey_registration),
        )
        .route(
-            "/xrpc/com.atproto.server.listPasskeys",
+            "/com.atproto.server.listPasskeys",
            get(api::server::list_passkeys),
        )
        .route(
-            "/xrpc/com.atproto.server.deletePasskey",
+            "/com.atproto.server.deletePasskey",
            post(api::server::delete_passkey),
        )
        .route(
-            "/xrpc/com.atproto.server.updatePasskey",
+            "/com.atproto.server.updatePasskey",
            post(api::server::update_passkey),
        )
        .route(
-            "/xrpc/com.atproto.admin.getInviteCodes",
+            "/com.atproto.admin.getInviteCodes",
            get(api::admin::get_invite_codes),
        )
+        .route("/_admin.getServerStats", get(api::admin::get_server_stats))
+        .route("/_server.getConfig", get(api::admin::get_server_config))
        .route(
-            "/xrpc/_admin.getServerStats",
-            get(api::admin::get_server_stats),
-        )
-        .route(
-            "/xrpc/_server.getConfig",
-            get(api::admin::get_server_config),
-        )
-        .route(
-            "/xrpc/_admin.updateServerConfig",
+            "/_admin.updateServerConfig",
            post(api::admin::update_server_config),
        )
        .route(
-            "/xrpc/com.atproto.admin.disableAccountInvites",
+            "/com.atproto.admin.disableAccountInvites",
            post(api::admin::disable_account_invites),
        )
        .route(
-            "/xrpc/com.atproto.admin.enableAccountInvites",
+            "/com.atproto.admin.enableAccountInvites",
            post(api::admin::enable_account_invites),
        )
        .route(
-            "/xrpc/com.atproto.admin.disableInviteCodes",
+            "/com.atproto.admin.disableInviteCodes",
            post(api::admin::disable_invite_codes),
        )
        .route(
-            "/xrpc/com.atproto.admin.getSubjectStatus",
+            "/com.atproto.admin.getSubjectStatus",
            get(api::admin::get_subject_status),
        )
        .route(
-            "/xrpc/com.atproto.admin.updateSubjectStatus",
+            "/com.atproto.admin.updateSubjectStatus",
            post(api::admin::update_subject_status),
        )
+        .route("/com.atproto.admin.sendEmail", post(api::admin::send_email))
        .route(
-            "/xrpc/com.atproto.admin.sendEmail",
-            post(api::admin::send_email),
-        )
-        .route(
-            "/xrpc/app.bsky.actor.getPreferences",
+            "/app.bsky.actor.getPreferences",
            get(api::actor::get_preferences),
        )
        .route(
-            "/xrpc/app.bsky.actor.putPreferences",
+            "/app.bsky.actor.putPreferences",
            post(api::actor::put_preferences),
        )
-        .route("/.well-known/did.json", get(api::identity::well_known_did))
        .route(
-            "/.well-known/atproto-did",
-            get(api::identity::well_known_atproto_did),
-        )
-        .route("/u/{handle}/did.json", get(api::identity::user_did_doc))
-        .route(
-            "/.well-known/oauth-protected-resource",
-            get(oauth::endpoints::oauth_protected_resource),
-        )
-        .route(
-            "/.well-known/oauth-authorization-server",
-            get(oauth::endpoints::oauth_authorization_server),
-        )
-        .route("/oauth/jwks", get(oauth::endpoints::oauth_jwks))
-        .route(
-            "/oauth/client-metadata.json",
-            get(oauth::endpoints::frontend_client_metadata),
-        )
-        .route(
-            "/oauth/par",
-            post(oauth::endpoints::pushed_authorization_request),
-        )
-        .route("/oauth/authorize", get(oauth::endpoints::authorize_get))
-        .route("/oauth/authorize", post(oauth::endpoints::authorize_post))
-        .route(
-            "/oauth/authorize/accounts",
-            get(oauth::endpoints::authorize_accounts),
-        )
-        .route(
-            "/oauth/authorize/select",
-            post(oauth::endpoints::authorize_select),
-        )
-        .route(
-            "/oauth/authorize/2fa",
-            get(oauth::endpoints::authorize_2fa_get),
-        )
-        .route(
-            "/oauth/authorize/2fa",
-            post(oauth::endpoints::authorize_2fa_post),
-        )
-        .route(
-            "/oauth/authorize/passkey",
-            get(oauth::endpoints::authorize_passkey_start),
-        )
-        .route(
-            "/oauth/authorize/passkey",
-            post(oauth::endpoints::authorize_passkey_finish),
-        )
-        .route(
-            "/oauth/passkey/check",
-            get(oauth::endpoints::check_user_has_passkeys),
-        )
-        .route(
-            "/oauth/security-status",
-            get(oauth::endpoints::check_user_security_status),
-        )
-        .route(
-            "/oauth/passkey/start",
-            post(oauth::endpoints::passkey_start),
-        )
-        .route(
-            "/oauth/passkey/finish",
-            post(oauth::endpoints::passkey_finish),
-        )
-        .route(
-            "/oauth/authorize/deny",
-            post(oauth::endpoints::authorize_deny),
-        )
-        .route(
-            "/oauth/authorize/consent",
-            get(oauth::endpoints::consent_get),
-        )
-        .route(
-            "/oauth/authorize/consent",
-            post(oauth::endpoints::consent_post),
-        )
-        .route(
-            "/oauth/delegation/auth",
-            post(oauth::endpoints::delegation_auth),
-        )
-        .route(
-            "/oauth/delegation/totp",
-            post(oauth::endpoints::delegation_totp_verify),
-        )
-        .route("/oauth/token", post(oauth::endpoints::token_endpoint))
-        .route("/oauth/revoke", post(oauth::endpoints::revoke_token))
-        .route(
-            "/oauth/introspect",
-            post(oauth::endpoints::introspect_token),
-        )
-        .route(
-            "/xrpc/com.atproto.temp.checkSignupQueue",
+            "/com.atproto.temp.checkSignupQueue",
            get(api::temp::check_signup_queue),
        )
        .route(
-            "/xrpc/com.atproto.temp.dereferenceScope",
+            "/com.atproto.temp.dereferenceScope",
            post(api::temp::dereference_scope),
        )
        .route(
-            "/xrpc/_account.getNotificationPrefs",
+            "/_account.getNotificationPrefs",
            get(api::notification_prefs::get_notification_prefs),
        )
        .route(
-            "/xrpc/_account.updateNotificationPrefs",
+            "/_account.updateNotificationPrefs",
            post(api::notification_prefs::update_notification_prefs),
        )
        .route(
-            "/xrpc/_account.getNotificationHistory",
+            "/_account.getNotificationHistory",
            get(api::notification_prefs::get_notification_history),
        )
        .route(
-            "/xrpc/_account.confirmChannelVerification",
+            "/_account.confirmChannelVerification",
            post(api::verification::confirm_channel_verification),
        )
+        .route("/_account.verifyToken", post(api::server::verify_token))
        .route(
-            "/xrpc/_account.verifyToken",
-            post(api::server::verify_token),
-        )
-        .route(
-            "/xrpc/_delegation.listControllers",
+            "/_delegation.listControllers",
            get(api::delegation::list_controllers),
        )
        .route(
-            "/xrpc/_delegation.addController",
+            "/_delegation.addController",
            post(api::delegation::add_controller),
        )
        .route(
-            "/xrpc/_delegation.removeController",
+            "/_delegation.removeController",
            post(api::delegation::remove_controller),
        )
        .route(
-            "/xrpc/_delegation.updateControllerScopes",
+            "/_delegation.updateControllerScopes",
            post(api::delegation::update_controller_scopes),
        )
        .route(
-            "/xrpc/_delegation.listControlledAccounts",
+            "/_delegation.listControlledAccounts",
            get(api::delegation::list_controlled_accounts),
        )
        .route(
-            "/xrpc/_delegation.getAuditLog",
+            "/_delegation.getAuditLog",
            get(api::delegation::get_audit_log),
        )
        .route(
-            "/xrpc/_delegation.getScopePresets",
+            "/_delegation.getScopePresets",
            get(api::delegation::get_scope_presets),
        )
        .route(
-            "/xrpc/_delegation.createDelegatedAccount",
+            "/_delegation.createDelegatedAccount",
            post(api::delegation::create_delegated_account),
        )
-        .route("/xrpc/_backup.listBackups", get(api::backup::list_backups))
-        .route("/xrpc/_backup.getBackup", get(api::backup::get_backup))
+        .route("/_backup.listBackups", get(api::backup::list_backups))
+        .route("/_backup.getBackup", get(api::backup::get_backup))
+        .route("/_backup.createBackup", post(api::backup::create_backup))
+        .route("/_backup.deleteBackup", post(api::backup::delete_backup))
+        .route("/_backup.setEnabled", post(api::backup::set_backup_enabled))
+        .route("/_backup.exportBlobs", get(api::backup::export_blobs))
        .route(
-            "/xrpc/_backup.createBackup",
-            post(api::backup::create_backup),
-        )
-        .route(
-            "/xrpc/_backup.deleteBackup",
-            post(api::backup::delete_backup),
-        )
-        .route(
-            "/xrpc/_backup.setEnabled",
-            post(api::backup::set_backup_enabled),
-        )
-        .route("/xrpc/_backup.exportBlobs", get(api::backup::export_blobs))
-        .route(
-            "/xrpc/app.bsky.ageassurance.getState",
+            "/app.bsky.ageassurance.getState",
            get(api::age_assurance::get_state),
        )
        .route(
-            "/xrpc/app.bsky.unspecced.getAgeAssuranceState",
+            "/app.bsky.unspecced.getAgeAssuranceState",
            get(api::age_assurance::get_age_assurance_state),
        )
-        .route("/xrpc/{*method}", any(api::proxy::proxy_handler))
+        .route("/{*method}", any(api::proxy::proxy_handler));
+
+    let oauth_router = Router::new()
+        .route("/jwks", get(oauth::endpoints::oauth_jwks))
+        .route(
+            "/client-metadata.json",
+            get(oauth::endpoints::frontend_client_metadata),
+        )
+        .route("/par", post(oauth::endpoints::pushed_authorization_request))
+        .route("/authorize", get(oauth::endpoints::authorize_get))
+        .route("/authorize", post(oauth::endpoints::authorize_post))
+        .route(
+            "/authorize/accounts",
+            get(oauth::endpoints::authorize_accounts),
+        )
+        .route(
+            "/authorize/select",
+            post(oauth::endpoints::authorize_select),
+        )
+        .route("/authorize/2fa", get(oauth::endpoints::authorize_2fa_get))
+        .route("/authorize/2fa", post(oauth::endpoints::authorize_2fa_post))
+        .route(
+            "/authorize/passkey",
+            get(oauth::endpoints::authorize_passkey_start),
+        )
+        .route(
+            "/authorize/passkey",
+            post(oauth::endpoints::authorize_passkey_finish),
+        )
+        .route(
+            "/passkey/check",
+            get(oauth::endpoints::check_user_has_passkeys),
+        )
+        .route(
+            "/security-status",
+            get(oauth::endpoints::check_user_security_status),
+        )
+        .route("/passkey/start", post(oauth::endpoints::passkey_start))
+        .route("/passkey/finish", post(oauth::endpoints::passkey_finish))
+        .route("/authorize/deny", post(oauth::endpoints::authorize_deny))
+        .route("/authorize/consent", get(oauth::endpoints::consent_get))
+        .route("/authorize/consent", post(oauth::endpoints::consent_post))
+        .route("/delegation/auth", post(oauth::endpoints::delegation_auth))
+        .route(
+            "/delegation/totp",
+            post(oauth::endpoints::delegation_totp_verify),
+        )
+        .route("/token", post(oauth::endpoints::token_endpoint))
+        .route("/revoke", post(oauth::endpoints::revoke_token))
+        .route("/introspect", post(oauth::endpoints::introspect_token));
+
+    let well_known_router = Router::new()
+        .route("/did.json", get(api::identity::well_known_did))
+        .route("/atproto-did", get(api::identity::well_known_atproto_did))
+        .route(
+            "/oauth-protected-resource",
+            get(oauth::endpoints::oauth_protected_resource),
+        )
+        .route(
+            "/oauth-authorization-server",
+            get(oauth::endpoints::oauth_authorization_server),
+        );
+
+    let router = Router::new()
+        .nest("/xrpc", xrpc_router)
+        .nest("/oauth", oauth_router)
+        .route("/metrics", get(metrics::metrics_handler))
+        .route("/health", get(api::server::health))
+        .route("/robots.txt", get(api::server::robots_txt))
+        .route("/logo", get(api::server::get_logo))
+        .route("/u/{handle}/did.json", get(api::identity::user_did_doc))
        .layer(DefaultBodyLimit::max(util::get_max_blob_size()))
        .layer(middleware::from_fn(metrics::metrics_middleware))
        .layer(
@@ -651,7 +578,6 @@ pub fn app(state: AppState) -> Router {

    let frontend_dir =
        std::env::var("FRONTEND_DIR").unwrap_or_else(|_| "./frontend/dist".to_string());
-
    if std::path::Path::new(&frontend_dir)
        .join("index.html")
        .exists()
@@ -673,8 +599,8 @@ pub fn app(state: AppState) -> Router {
        router
            .route_service("/", ServeFile::new(&homepage_file))
            .nest("/app", spa_router)
-            .fallback_service(serve_dir)
-    } else {
-        router
+            .fallback_service(serve_dir);
    }
+
+    router
 }