@alteran/astro 0.1.13 → 0.3.0

package/src/pages/xrpc/chat.bsky.convo.getLog.ts

@@ -0,0 +1,26 @@
+import type { APIContext } from 'astro';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+import { getPrimaryActor } from '../../lib/actor';
+import { listChatConvoLogs } from '../../lib/chat';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  const url = new URL(request.url);
+  const cursorParam = url.searchParams.get('cursor');
+  const parsedCursor = Number.parseInt(cursorParam ?? '', 10);
+  const cursor = Number.isFinite(parsedCursor) ? parsedCursor : undefined;
+
+  const actor = await getPrimaryActor(env);
+  const { logs, cursor: nextCursor } = await listChatConvoLogs(env, actor.did, cursor);
+
+  const payload: Record<string, unknown> = { logs };
+  if (nextCursor) payload.cursor = nextCursor;
+
+  return new Response(JSON.stringify(payload), {
+    headers: { 'Content-Type': 'application/json' },
+  });
+}

package/src/pages/xrpc/chat.bsky.convo.listConvos.ts

@@ -0,0 +1,37 @@
+import type { APIContext } from 'astro';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+import { listChatConvos } from '../../lib/chat';
+import { getPrimaryActor } from '../../lib/actor';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  const url = new URL(request.url);
+  const limitInput = Number.parseInt(url.searchParams.get('limit') ?? '', 10);
+  const limit = Math.max(1, Math.min(Number.isFinite(limitInput) ? limitInput : 50, 100));
+  const cursorParam = url.searchParams.get('cursor');
+  const cursor = cursorParam ? Number.parseInt(cursorParam, 10) : undefined;
+  const readStateParam = url.searchParams.get('readState');
+  const statusParam = url.searchParams.get('status');
+
+  const filters = {
+    readState: readStateParam === 'unread' ? 'unread' : null,
+    status:
+      statusParam === 'request' || statusParam === 'accepted' ? statusParam : null,
+  } as const;
+
+  const actor = await getPrimaryActor(env);
+  const { convos, cursor: nextCursor } = await listChatConvos(env, actor.did, limit, cursor, filters);
+
+  const payload: Record<string, unknown> = {
+    convos,
+  };
+  if (nextCursor) payload.cursor = nextCursor;
+
+  return new Response(JSON.stringify(payload), {
+    headers: { 'Content-Type': 'application/json' },
+  });
+}

package/src/pages/xrpc/com.atproto.identity.getRecommendedDidCredentials.ts

@@ -1,13 +1,16 @@
 import type { APIContext } from 'astro';
 import { isAuthorized, unauthorized } from '../../lib/auth';
+import { resolveSecret } from '../../lib/secrets';
+import * as uint8arrays from 'uint8arrays';
 
 export const prerender = false;
 
 /**
  * com.atproto.identity.getRecommendedDidCredentials
  *
- * Returns recommended DID credentials for this PDS.
- * Used during migration to update identity documents.
+ * Returns the recommended DID credentials for the current account.
+ * This includes the handle, signing key, and PDS endpoint that should be
+ * used when updating the PLC identity.
  */
 export async function GET({ locals, request }: APIContext) {
   const { env } = locals.runtime;
@@ -15,85 +18,80 @@ export async function GET({ locals, request }: APIContext) {
   if (!(await isAuthorized(request, env))) return unauthorized();
 
   try {
-    const did = env.PDS_DID ?? 'did:example:single-user';
-    const handle = env.PDS_HANDLE ?? 'example.com';
+    const handle = (await resolveSecret(env.PDS_HANDLE)) ?? 'example.com';
     const hostname = env.PDS_HOSTNAME ?? handle;
 
-    // Get signing key if available
-    let signingKey: string | undefined;
-    if (env.REPO_SIGNING_PUBLIC_KEY) {
-      // Convert raw public key to multibase format
-      const pubKeyStr = String(env.REPO_SIGNING_PUBLIC_KEY);
-      const pubKeyBytes = Uint8Array.from(atob(pubKeyStr), c => c.charCodeAt(0));
+    // Load signing key (Ed25519 PKCS#8 base64)
+    const signingKeyBase64 = await resolveSecret(env.REPO_SIGNING_KEY);
+    if (!signingKeyBase64) {
+      return new Response(
+        JSON.stringify({
+          error: 'InvalidRequest',
+          message: 'Signing key not configured'
+        }),
+        { status: 400, headers: { 'Content-Type': 'application/json' } }
+      );
+    }
+
+    // Import Ed25519 private key from PKCS#8 base64
+    const b64 = signingKeyBase64.replace(/\s+/g, '');
+    const bin = atob(b64);
+    const pkcs8 = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++) pkcs8[i] = bin.charCodeAt(i);
+
+    // Ed25519 PKCS#8 format: the public key is the last 32 bytes of the private key section
+    // PKCS#8 structure for Ed25519:
+    // - Header (16 bytes)
+    // - Private key (32 bytes)
+    // - Public key (32 bytes)
+    // Total: 80 bytes for unencrypted PKCS#8
+    const publicKeyBytes = pkcs8.slice(-32);
 
-      // Ed25519 multicodec prefix (0xed01) + public key
-      const multicodecBytes = new Uint8Array(2 + pubKeyBytes.length);
-      multicodecBytes[0] = 0xed;
-      multicodecBytes[1] = 0x01;
-      multicodecBytes.set(pubKeyBytes, 2);
+    // Create did:key from public key
+    // Ed25519 multicodec prefix is 0xed01
+    const multicodecPrefix = new Uint8Array([0xed, 0x01]);
+    const multicodecKey = new Uint8Array(multicodecPrefix.length + publicKeyBytes.length);
+    multicodecKey.set(multicodecPrefix);
+    multicodecKey.set(publicKeyBytes, multicodecPrefix.length);
 
-      // Base58 encode with 'z' prefix for multibase
-      signingKey = 'z' + base58Encode(multicodecBytes);
+    const didKey = 'did:key:z' + uint8arrays.toString(multicodecKey, 'base58btc');
+
+    // Get current PLC data to preserve rotation keys
+    const did = (await resolveSecret(env.PDS_DID)) ?? 'did:example:single-user';
+    const plcResponse = await fetch(`https://plc.directory/${did}/data`);
+
+    let rotationKeys: string[] = [];
+    if (plcResponse.ok) {
+      const plcData = await plcResponse.json() as { rotationKeys?: string[] };
+      rotationKeys = plcData.rotationKeys || [];
     }
 
-    return new Response(
-      JSON.stringify({
-        did,
-        handle,
-        pds: `https://${hostname}`,
-        signingKey,
-        alsoKnownAs: [`at://${handle}`],
-        verificationMethods: signingKey ? {
-          atproto: signingKey
-        } : undefined,
-        services: {
-          atproto_pds: {
-            type: 'AtprotoPersonalDataServer',
-            endpoint: `https://${hostname}`
-          }
+    const credentials = {
+      rotationKeys,
+      alsoKnownAs: [`at://${handle}`],
+      verificationMethods: {
+        atproto: didKey
+      },
+      services: {
+        atproto_pds: {
+          type: 'AtprotoPersonalDataServer',
+          endpoint: `https://${hostname}`
         }
-      }),
+      }
+    };
+
+    return new Response(
+      JSON.stringify(credentials),
       { status: 200, headers: { 'Content-Type': 'application/json' } }
     );
   } catch (error: any) {
+    console.error('Get recommended credentials error:', error);
     return new Response(
       JSON.stringify({
         error: 'InternalServerError',
-        message: error.message || 'Failed to get DID credentials'
+        message: error.message || 'Failed to get recommended credentials'
       }),
       { status: 500, headers: { 'Content-Type': 'application/json' } }
     );
   }
-}
-
-/**
- * Base58 encode (Bitcoin alphabet)
- */
-function base58Encode(bytes: Uint8Array): string {
-  const ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
-
-  // Convert bytes to bigint
-  let num = 0n;
-  for (const byte of bytes) {
-    num = num * 256n + BigInt(byte);
-  }
-
-  // Convert to base58
-  let result = '';
-  while (num > 0n) {
-    const remainder = Number(num % 58n);
-    result = ALPHABET[remainder] + result;
-    num = num / 58n;
-  }
-
-  // Add leading '1's for leading zero bytes
-  for (const byte of bytes) {
-    if (byte === 0) {
-      result = '1' + result;
-    } else {
-      break;
-    }
-  }
-
-  return result;
 }

package/src/pages/xrpc/com.atproto.identity.requestPlcOperationSignature.ts

@@ -0,0 +1,24 @@
+import type { APIContext } from 'astro';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+/**
+ * com.atproto.identity.requestPlcOperationSignature
+ *
+ * Single-user PDS instances typically control the PLC rotation key directly,
+ * so the email-based 2FA flow used by the public PDS is unnecessary.  Clients
+ * (like the Indigo goat CLI) still invoke this endpoint prior to signing a PLC
+ * operation, so we acknowledge the request and report success without
+ * triggering any side effects.
+ */
+export async function POST({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+
+  if (!(await isAuthorized(request, env))) {
+    return unauthorized();
+  }
+
+  return new Response(null, { status: 200 });
+}
+

package/src/pages/xrpc/com.atproto.identity.signPlcOperation.ts

@@ -0,0 +1,127 @@
+import type { APIContext } from 'astro';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+import { resolveSecret } from '../../lib/secrets';
+
+export const prerender = false;
+
+/**
+ * com.atproto.identity.signPlcOperation
+ *
+ * Signs a PLC update operation with the server's PLC rotation key and returns it
+ * to the caller. This endpoint mirrors the behavior of a PDS that controls the
+ * PLC rotation key directly (single-user deployments), so the email challenge
+ * token is accepted but not enforced here.
+ */
+export async function POST({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  try {
+    const body = await request.json() as {
+      token?: string;
+      rotationKeys?: string[];
+      alsoKnownAs?: string[];
+      verificationMethods?: Record<string, string>;
+      services?: Record<string, { type: string; endpoint: string }>;
+    };
+
+    // NOTE: For single-user PDS we don't enforce email token checks.
+    if (!body || typeof body !== 'object') {
+      return jsonErr(400, 'InvalidRequest', 'Malformed JSON body');
+    }
+
+    const did = (await resolveSecret(env.PDS_DID)) ?? '';
+    if (!did || !did.startsWith('did:')) {
+      return jsonErr(400, 'InvalidRequest', 'PDS_DID is not configured');
+    }
+
+    // Load PLC rotation key (hex-encoded secp256k1 private key).
+    // MUST be the rotation key currently present in the PLC document.
+    const privHex = ((await resolveSecret(env.PDS_PLC_ROTATION_KEY as any)) || '').trim();
+    if (!privHex) {
+      return jsonErr(500, 'ServerMisconfigured', 'PDS_PLC_ROTATION_KEY is not configured');
+    }
+    // Lazy-load deps compatible with Workers runtime
+    const { Secp256k1Keypair } = await import('@atproto/crypto');
+    const dagCbor: any = await import('@ipld/dag-cbor');
+    const { sha256 } = await import('multiformats/hashes/sha2');
+    const { CID } = await import('multiformats/cid');
+    const u8a: any = await import('uint8arrays');
+
+    const signer = await Secp256k1Keypair.import(privHex);
+
+    // Fetch last op for prev CID
+    const lastRes = await fetch(`https://plc.directory/${encodeURIComponent(did)}/log/last`);
+    if (!lastRes.ok) {
+      const text = await lastRes.text();
+      return jsonErr(lastRes.status, 'PlcFetchFailed', `Failed to fetch last op: ${text}`);
+    }
+    const lastOp = await lastRes.json();
+    if ((lastOp as any)?.type === 'plc_tombstone') {
+      return jsonErr(400, 'DidTombstoned', 'DID is tombstoned');
+    }
+    const lastOpCbor = dagCbor.encode(lastOp);
+    const mh = await sha256.digest(lastOpCbor);
+    const prevCid = CID.createV1(dagCbor.code, mh);
+
+    // Fetch current document data as defaults and to verify rotation key
+    const dataRes = await fetch(`https://plc.directory/${encodeURIComponent(did)}/data`);
+    if (!dataRes.ok) {
+      const text = await dataRes.text();
+      return jsonErr(dataRes.status, 'PlcFetchFailed', `Failed to fetch document data: ${text}`);
+    }
+    const doc = (await dataRes.json()) as any;
+
+    const rotationKeys = body.rotationKeys ?? doc.rotationKeys ?? [];
+    const alsoKnownAs = body.alsoKnownAs ?? doc.alsoKnownAs ?? [];
+    const verificationMethods = body.verificationMethods ?? doc.verificationMethods ?? {};
+    const services = body.services ?? doc.services ?? {};
+
+    if (!services.atproto_pds || typeof services.atproto_pds !== 'object') {
+      return jsonErr(400, 'InvalidRequest', 'Missing atproto_pds service in PLC operation');
+    }
+    if (!services.atproto_pds.type) {
+      services.atproto_pds.type = 'AtprotoPersonalDataServer';
+    }
+
+    const unsignedOp = {
+      type: 'plc_operation',
+      rotationKeys,
+      verificationMethods,
+      alsoKnownAs,
+      services,
+      prev: prevCid.toString(),
+    } as Record<string, unknown>;
+
+    const bytes = dagCbor.encode(unsignedOp);
+    const sig = await signer.sign(bytes);
+    const sigB64 = (u8a.toString as any)(sig, 'base64url');
+    const operation = { ...unsignedOp, sig: sigB64 };
+
+    // sanity: ensure our configured rotation key is included
+    const signerDid = (await (await import('@atproto/crypto')).Secp256k1Keypair.import(privHex)).did();
+    if (!rotationKeys.includes(signerDid)) {
+      return jsonErr(
+        400,
+        'RotationKeyMismatch',
+        `Configured PDS_PLC_ROTATION_KEY (${signerDid}) is not present in PLC rotationKeys. Update PLC or your configuration.`,
+      );
+    }
+
+    return new Response(JSON.stringify({ operation }), {
+      status: 200,
+      headers: { 'Content-Type': 'application/json' },
+    });
+  } catch (error: any) {
+    console.error('signPlcOperation error:', error);
+    return jsonErr(500, 'InternalServerError', error?.message || 'Failed to sign PLC operation');
+  }
+}
+
+function jsonErr(status: number, error: string, message: string) {
+  return new Response(
+    JSON.stringify({ error, message }),
+    { status, headers: { 'Content-Type': 'application/json' } }
+  );
+}

package/src/pages/xrpc/com.atproto.identity.submitPlcOperation.ts

@@ -0,0 +1,91 @@
+import type { APIContext } from 'astro';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+import { resolveSecret } from '../../lib/secrets';
+
+export const prerender = false;
+
+/**
+ * com.atproto.identity.submitPlcOperation
+ *
+ * Submits a signed PLC operation to the PLC directory.
+ * This is a proxy endpoint that validates the operation is for the current account
+ * before submitting it to plc.directory.
+ */
+export async function POST({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  try {
+    const body = await request.json() as { operation?: any };
+    const { operation } = body;
+
+    if (!operation) {
+      return new Response(
+        JSON.stringify({
+          error: 'InvalidRequest',
+          message: 'Missing operation in request body'
+        }),
+        { status: 400, headers: { 'Content-Type': 'application/json' } }
+      );
+    }
+
+    const did = (await resolveSecret(env.PDS_DID)) ?? 'did:example:single-user';
+
+    console.log('Submitting PLC operation:', {
+      did,
+      operationType: operation.type,
+      hasSig: !!operation.sig,
+      prev: operation.prev
+    });
+
+    // Submit to PLC directory
+    const plcResponse = await fetch(`https://plc.directory/${did}`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json'
+      },
+      body: JSON.stringify(operation)
+    });
+
+    const responseHeaders: Record<string, string> = {};
+    plcResponse.headers.forEach((value, key) => {
+      responseHeaders[key] = value;
+    });
+
+    console.log('PLC response:', {
+      status: plcResponse.status,
+      statusText: plcResponse.statusText,
+      headers: responseHeaders
+    });
+
+    if (!plcResponse.ok) {
+      const errorText = await plcResponse.text();
+      console.error('PLC directory error:', errorText);
+      return new Response(
+        JSON.stringify({
+          error: 'PlcOperationFailed',
+          message: `PLC directory rejected operation (${plcResponse.status}): ${errorText}`
+        }),
+        { status: plcResponse.status, headers: { 'Content-Type': 'application/json' } }
+      );
+    }
+
+    const plcResult = await plcResponse.text();
+    console.log('PLC submission successful:', plcResult);
+
+    return new Response(
+      JSON.stringify({ success: true }),
+      { status: 200, headers: { 'Content-Type': 'application/json' } }
+    );
+  } catch (error: any) {
+    console.error('Submit PLC operation error:', error);
+    return new Response(
+      JSON.stringify({
+        error: 'InternalServerError',
+        message: error.message || 'Failed to submit PLC operation'
+      }),
+      { status: 500, headers: { 'Content-Type': 'application/json' } }
+    );
+  }
+}

package/src/pages/xrpc/com.atproto.repo.uploadBlob.ts

@@ -4,6 +4,7 @@ import { checkRate } from '../../lib/ratelimit';
 import { isAllowedMime } from '../../lib/util';
 import { R2BlobStore } from '../../services/r2-blob-store';
 import { putBlobRef, checkBlobQuota, updateBlobQuota, isAccountActive } from '../../db/dal';
+import { resolveSecret } from '../../lib/secrets';
 
 export const prerender = false;
 
@@ -12,7 +13,7 @@ export async function POST({ locals, request }: APIContext) {
   if (!(await isAuthorized(request, env))) return unauthorized();
 
   // Get DID from environment (single-user PDS)
-  const did = env.PDS_DID ?? 'did:example:single-user';
+  const did = (await resolveSecret(env.PDS_DID)) ?? 'did:example:single-user';
 
   // Check if account is active
   const active = await isAccountActive(env, did);
@@ -31,7 +32,10 @@ export async function POST({ locals, request }: APIContext) {
 
   const buf = await request.arrayBuffer();
   const contentType = request.headers.get('content-type') ?? 'application/octet-stream';
-  if (!isAllowedMime(env, contentType)) return new Response(JSON.stringify({ error: 'UnsupportedMediaType' }), { status: 415 });
+
+  // Skip MIME type validation during migration - accept all types
+  // Uncomment the line below to re-enable MIME type restrictions after migration
+  // if (!isAllowedMime(env, contentType)) return new Response(JSON.stringify({ error: 'UnsupportedMediaType' }), { status: 415 });
 
   // Check quota before upload
   const canUpload = await checkBlobQuota(env, did, buf.byteLength);

package/src/pages/xrpc/com.atproto.server.createSession.ts

@@ -1,9 +1,12 @@
 import type { APIContext } from 'astro';
-import { signJwt } from '../../lib/jwt';
 import { readJson } from '../../lib/util';
 import { drizzle } from 'drizzle-orm/d1';
 import { login_attempts } from '../../db/schema';
 import { eq } from 'drizzle-orm';
+import { createAccount, getAccountByIdentifier, storeRefreshToken } from '../../db/account';
+import { hashPassword, verifyPassword } from '../../lib/password';
+import { issueSessionTokens } from '../../lib/session-tokens';
+import { getRuntimeString } from '../../lib/secrets';
 
 export const prerender = false;
 
@@ -30,8 +33,27 @@ export async function POST({ locals, request }: APIContext) {
     );
   }
 
-  const { identifier, password } = await readJson(request).catch(() => ({ identifier: '', password: '' }));
-  const ok = !!password && password === (env.USER_PASSWORD ?? 'changeme');
+  const body = await readJson(request).catch(() => ({ identifier: '', password: '' }));
+  const identifier = typeof body.identifier === 'string' && body.identifier ? body.identifier : (await getRuntimeString(env, 'PDS_HANDLE', 'user.example'));
+  const password = typeof body.password === 'string' ? body.password : '';
+
+  let account = await getAccountByIdentifier(env, identifier ?? '');
+  if (!account) {
+    const fallbackPassword = await getRuntimeString(env, 'USER_PASSWORD', '');
+    if (fallbackPassword) {
+      const fallbackDid = await getRuntimeString(env, 'PDS_DID', 'did:example:single-user');
+      const fallbackHandle = await getRuntimeString(env, 'PDS_HANDLE', identifier);
+      const hashed = await hashPassword(fallbackPassword);
+      await createAccount(env, {
+        did: fallbackDid,
+        handle: fallbackHandle,
+        passwordScrypt: hashed,
+      });
+      account = await getAccountByIdentifier(env, identifier ?? '');
+    }
+  }
+  const passwordHash = account?.passwordScrypt ?? null;
+  const ok = !!password && !!account && (await verifyPassword(password, passwordHash));
 
   if (!ok) {
     // Track failed attempt
@@ -80,11 +102,17 @@ export async function POST({ locals, request }: APIContext) {
     await db.delete(login_attempts).where(eq(login_attempts.ip, clientIp)).run();
   }
 
-  const did = env.PDS_DID ?? 'did:example:single-user';
-  const handle = env.PDS_HANDLE ?? identifier ?? 'user.example';
-  const jti = crypto.randomUUID();
-  const accessJwt = await signJwt(env, { sub: did, handle, t: 'access' }, 'access');
-  const refreshJwt = await signJwt(env, { sub: did, handle, t: 'refresh', jti }, 'refresh');
+  const did = account?.did ?? (await getRuntimeString(env, 'PDS_DID', 'did:example:single-user'));
+  const handle = account?.handle ?? (await getRuntimeString(env, 'PDS_HANDLE', identifier ?? 'user.example'));
+
+  const { accessJwt, refreshJwt, refreshPayload, refreshExpiry } = await issueSessionTokens(env, did);
+
+  await storeRefreshToken(env, {
+    id: refreshPayload.jti,
+    did,
+    expiresAt: refreshExpiry,
+    appPasswordName: null,
+  });
 
   return new Response(JSON.stringify({ did, handle, accessJwt, refreshJwt }), {
     headers: { 'Content-Type': 'application/json' },

package/src/pages/xrpc/com.atproto.server.describeServer.ts

@@ -1,15 +1,48 @@
 import type { APIContext } from 'astro';
+import { getAppViewConfig } from '../../lib/appview';
 
 export const prerender = false;
 
 export function GET({ locals }: APIContext) {
   const { env } = locals.runtime;
+  const did = typeof env.PDS_DID === 'string' ? env.PDS_DID : 'did:example:single-user';
+  const availableUserDomains: string[] = [];
+
+  const links = typeof env.PDS_LINK_PRIVACY === 'string' || typeof env.PDS_LINK_TOS === 'string'
+    ? {
+        $type: 'com.atproto.server.describeServer#links' as const,
+        ...(typeof env.PDS_LINK_PRIVACY === 'string' ? { privacyPolicy: env.PDS_LINK_PRIVACY } : {}),
+        ...(typeof env.PDS_LINK_TOS === 'string' ? { termsOfService: env.PDS_LINK_TOS } : {}),
+      }
+    : undefined;
+
+  const contact = typeof env.PDS_CONTACT_EMAIL === 'string'
+    ? {
+        $type: 'com.atproto.server.describeServer#contact' as const,
+        email: env.PDS_CONTACT_EMAIL,
+      }
+    : undefined;
+
+  const appView = getAppViewConfig(env);
+
   const body = {
-    version: 'experimental',
-    did: env.PDS_DID ?? null,
-    handle: env.PDS_HANDLE ?? null,
+    did,
+    availableUserDomains,
     inviteCodeRequired: false,
-    links: {},
+    phoneVerificationRequired: false,
+    ...(links ? { links } : {}),
+    ...(contact ? { contact } : {}),
+    ...(appView
+      ? {
+          services: {
+            appview: {
+              $type: 'com.atproto.server.describeServer#service' as const,
+              serviceEndpoint: appView.url,
+              did: appView.did,
+            },
+          },
+        }
+      : {}),
   };
   return new Response(JSON.stringify(body), {
     headers: { 'Content-Type': 'application/json' },