@alteran/astro 0.1.14 → 0.3.0

package/README.md

@@ -414,6 +414,31 @@ npm install -g wscat
 wscat -c "ws://localhost:4321/xrpc/com.atproto.sync.subscribeRepos"
 ```
 
+### Publish to a Relay (Bluesky)
+
+Relays discover PDSes via `com.atproto.sync.requestCrawl`. Your deployment will automatically notify relays on the first request it handles (and at most every 12 hours per isolate).
+
+- Set your public hostname (bare domain, no protocol):
+```
+PDS_HOSTNAME=your-pds.example.com
+```
+
+- Optional: choose relays to notify (CSV of hostnames). Defaults to `bsky.network`.
+```
+PDS_RELAY_HOSTS=bsky.network
+```
+
+- To trigger manually from your machine:
+```bash
+curl -X POST "https://bsky.network/xrpc/com.atproto.sync.requestCrawl" \
+     -H "Content-Type: application/json" \
+     -d '{"hostname":"your-pds.example.com"}'
+```
+
+Notes:
+- Use only the hostname in `hostname` (no `https://`).
+- Ensure your PDS is publicly reachable over HTTPS/WSS and that DID documents resolve to this hostname.
+
 ### Test XRPC Endpoints
 ```bash
 # Get session

package/index.js

@@ -8,23 +8,21 @@ const CORE_ROUTES = [
   { pattern: '/health', entrypoint: './src/pages/health.ts' },
   { pattern: '/ready', entrypoint: './src/pages/ready.ts' },
   { pattern: '/xrpc/com.atproto.identity.getRecommendedDidCredentials', entrypoint: './src/pages/xrpc/com.atproto.identity.getRecommendedDidCredentials.ts' },
+  { pattern: '/xrpc/com.atproto.identity.requestPlcOperationSignature', entrypoint: './src/pages/xrpc/com.atproto.identity.requestPlcOperationSignature.ts' },
   { pattern: '/xrpc/com.atproto.identity.resolveHandle', entrypoint: './src/pages/xrpc/com.atproto.identity.resolveHandle.ts' },
+  { pattern: '/xrpc/com.atproto.identity.submitPlcOperation', entrypoint: './src/pages/xrpc/com.atproto.identity.submitPlcOperation.ts' },
   { pattern: '/xrpc/com.atproto.identity.updateHandle', entrypoint: './src/pages/xrpc/com.atproto.identity.updateHandle.ts' },
   { pattern: '/xrpc/com.atproto.repo.applyWrites', entrypoint: './src/pages/xrpc/com.atproto.repo.applyWrites.ts' },
   { pattern: '/xrpc/com.atproto.repo.createRecord', entrypoint: './src/pages/xrpc/com.atproto.repo.createRecord.ts' },
   { pattern: '/xrpc/com.atproto.repo.deleteRecord', entrypoint: './src/pages/xrpc/com.atproto.repo.deleteRecord.ts' },
   { pattern: '/xrpc/com.atproto.repo.describeRepo', entrypoint: './src/pages/xrpc/com.atproto.repo.describeRepo.ts' },
   { pattern: '/xrpc/com.atproto.repo.getRecord', entrypoint: './src/pages/xrpc/com.atproto.repo.getRecord.ts' },
-  { pattern: '/xrpc/com.atproto.repo.importRepo', entrypoint: './src/pages/xrpc/com.atproto.repo.importRepo.ts' },
   { pattern: '/xrpc/com.atproto.repo.listMissingBlobs', entrypoint: './src/pages/xrpc/com.atproto.repo.listMissingBlobs.ts' },
   { pattern: '/xrpc/com.atproto.repo.listRecords', entrypoint: './src/pages/xrpc/com.atproto.repo.listRecords.ts' },
   { pattern: '/xrpc/com.atproto.repo.putRecord', entrypoint: './src/pages/xrpc/com.atproto.repo.putRecord.ts' },
   { pattern: '/xrpc/com.atproto.repo.uploadBlob', entrypoint: './src/pages/xrpc/com.atproto.repo.uploadBlob.ts' },
-  { pattern: '/xrpc/com.atproto.server.activateAccount', entrypoint: './src/pages/xrpc/com.atproto.server.activateAccount.ts' },
   { pattern: '/xrpc/com.atproto.server.checkAccountStatus', entrypoint: './src/pages/xrpc/com.atproto.server.checkAccountStatus.ts' },
-  { pattern: '/xrpc/com.atproto.server.createAccount', entrypoint: './src/pages/xrpc/com.atproto.server.createAccount.ts' },
   { pattern: '/xrpc/com.atproto.server.createSession', entrypoint: './src/pages/xrpc/com.atproto.server.createSession.ts' },
-  { pattern: '/xrpc/com.atproto.server.deactivateAccount', entrypoint: './src/pages/xrpc/com.atproto.server.deactivateAccount.ts' },
   { pattern: '/xrpc/com.atproto.server.deleteSession', entrypoint: './src/pages/xrpc/com.atproto.server.deleteSession.ts' },
   { pattern: '/xrpc/com.atproto.server.describeServer', entrypoint: './src/pages/xrpc/com.atproto.server.describeServer.ts' },
   { pattern: '/xrpc/com.atproto.server.getSession', entrypoint: './src/pages/xrpc/com.atproto.server.getSession.ts' },

package/migrations/0006_adorable_spectrum.sql

@@ -0,0 +1,11 @@
+PRAGMA foreign_keys=OFF;--> statement-breakpoint
+CREATE TABLE `__new_repo_root` (
+	`did` text PRIMARY KEY NOT NULL,
+	`commit_cid` text NOT NULL,
+	`rev` text NOT NULL
+);
+--> statement-breakpoint
+INSERT INTO `__new_repo_root`("did", "commit_cid", "rev") SELECT "did", "commit_cid", "rev" FROM `repo_root`;--> statement-breakpoint
+DROP TABLE `repo_root`;--> statement-breakpoint
+ALTER TABLE `__new_repo_root` RENAME TO `repo_root`;--> statement-breakpoint
+PRAGMA foreign_keys=ON;

package/migrations/meta/0006_snapshot.json

@@ -0,0 +1,429 @@
+{
+  "version": "6",
+  "dialect": "sqlite",
+  "id": "08df0598-155a-48d1-ae5f-dd88eed67f51",
+  "prevId": "cfdb4a96-9b33-41d2-9733-a44d61806a55",
+  "tables": {
+    "account_state": {
+      "name": "account_state",
+      "columns": {
+        "did": {
+          "name": "did",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "active": {
+          "name": "active",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "blob_quota": {
+      "name": "blob_quota",
+      "columns": {
+        "did": {
+          "name": "did",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "total_bytes": {
+          "name": "total_bytes",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 0
+        },
+        "blob_count": {
+          "name": "blob_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 0
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "blob": {
+      "name": "blob",
+      "columns": {
+        "cid": {
+          "name": "cid",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "did": {
+          "name": "did",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "mime": {
+          "name": "mime",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "size": {
+          "name": "size",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "blob_usage": {
+      "name": "blob_usage",
+      "columns": {
+        "record_uri": {
+          "name": "record_uri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "blob_usage_record_uri_idx": {
+          "name": "blob_usage_record_uri_idx",
+          "columns": [
+            "record_uri"
+          ],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {
+        "blob_usage_record_uri_key_pk": {
+          "columns": [
+            "record_uri",
+            "key"
+          ],
+          "name": "blob_usage_record_uri_key_pk"
+        }
+      },
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "blockstore": {
+      "name": "blockstore",
+      "columns": {
+        "cid": {
+          "name": "cid",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "bytes": {
+          "name": "bytes",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "commit_log": {
+      "name": "commit_log",
+      "columns": {
+        "seq": {
+          "name": "seq",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "cid": {
+          "name": "cid",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "rev": {
+          "name": "rev",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "data": {
+          "name": "data",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "sig": {
+          "name": "sig",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "ts": {
+          "name": "ts",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "commit_log_seq_idx": {
+          "name": "commit_log_seq_idx",
+          "columns": [
+            "seq"
+          ],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "login_attempts": {
+      "name": "login_attempts",
+      "columns": {
+        "ip": {
+          "name": "ip",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "attempts": {
+          "name": "attempts",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 0
+        },
+        "locked_until": {
+          "name": "locked_until",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_attempt": {
+          "name": "last_attempt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "record": {
+      "name": "record",
+      "columns": {
+        "uri": {
+          "name": "uri",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "did": {
+          "name": "did",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "cid": {
+          "name": "cid",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "json": {
+          "name": "json",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": 0
+        }
+      },
+      "indexes": {
+        "record_did_idx": {
+          "name": "record_did_idx",
+          "columns": [
+            "did"
+          ],
+          "isUnique": false
+        },
+        "record_cid_idx": {
+          "name": "record_cid_idx",
+          "columns": [
+            "cid"
+          ],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "repo_root": {
+      "name": "repo_root",
+      "columns": {
+        "did": {
+          "name": "did",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "commit_cid": {
+          "name": "commit_cid",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "rev": {
+          "name": "rev",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "token_revocation": {
+      "name": "token_revocation",
+      "columns": {
+        "jti": {
+          "name": "jti",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "exp": {
+          "name": "exp",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "revoked_at": {
+          "name": "revoked_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "token_revocation_exp_idx": {
+          "name": "token_revocation_exp_idx",
+          "columns": [
+            "exp"
+          ],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    }
+  },
+  "views": {},
+  "enums": {},
+  "_meta": {
+    "schemas": {},
+    "tables": {},
+    "columns": {}
+  },
+  "internal": {
+    "indexes": {}
+  }
+}

package/migrations/meta/_journal.json

@@ -43,6 +43,13 @@
       "when": 1759515076154,
       "tag": "0005_odd_bishop",
       "breakpoints": true
+    },
+    {
+      "idx": 6,
+      "version": "6",
+      "when": 1759532836051,
+      "tag": "0006_adorable_spectrum",
+      "breakpoints": true
     }
   ]
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@alteran/astro",
-  "version": "0.1.14",
+  "version": "0.3.0",
   "description": "Astro integration for running a Cloudflare-hosted Bluesky PDS with Alteran.",
   "module": "index.js",
   "types": "index.d.ts",
@@ -38,7 +38,8 @@
     "db:apply:local": "bunx wrangler d1 migrations apply pds --local",
     "db:apply:local:direct": "wrangler d1 migrations apply pds --local",
     "db:reset:local": "rm -rf .wrangler/state && rm -rf drizzle && bun run db:generate && bun run db:apply:local",
-    "secrets:setup": "bun run scripts/setup-secrets.ts"
+    "secrets:setup": "bun run scripts/setup-secrets.ts",
+    "relay:request-crawl": "bun run scripts/request-crawl.ts"
   },
   "devDependencies": {
     "@astrojs/cloudflare": "^12.6.9",
@@ -54,6 +55,9 @@
     "typescript": "^5"
   },
   "dependencies": {
+    "@atproto/crypto": "^0.4.4",
+    "@cloudflare/workers-types": "^4.20251001.0",
+    "@did-plc/lib": "^0.0.4",
     "@iconify-json/simple-icons": "^1.2.53",
     "@ipld/car": "^5.4.2",
     "@ipld/dag-cbor": "^9.2.5",
@@ -62,7 +66,6 @@
     "astro-icon": "^1.1.5",
     "dotenv": "^17.2.3",
     "drizzle-orm": "^0.44.6",
-    "@cloudflare/workers-types": "^4.20251001.0",
     "get-port": "^7.1.0",
     "hono": "^4.9.9",
     "multiformats": "^13.4.1",

package/src/db/account.ts

@@ -0,0 +1,145 @@
+import { eq, or, lt } from 'drizzle-orm';
+import { getDb } from './client';
+import { account, refresh_token_store, secret } from './schema';
+import type { Env } from '../env';
+import { normalizeHandle } from '../lib/handle';
+
+const NOW = () => Math.floor(Date.now());
+
+export type AccountRow = typeof account.$inferSelect;
+export type RefreshTokenRow = typeof refresh_token_store.$inferSelect;
+
+function normalizeIdentifier(identifier: string): { did: string | null; handle: string | null } {
+  if (!identifier) return { did: null, handle: null };
+  const trimmed = identifier.trim();
+  if (trimmed.startsWith('did:')) {
+    return { did: trimmed, handle: null };
+  }
+  return { did: null, handle: normalizeHandle(trimmed) };
+}
+
+export async function getAccountByIdentifier(env: Env, identifier: string): Promise<AccountRow | null> {
+  const db = getDb(env);
+  const ident = normalizeIdentifier(identifier);
+  const clauses = [] as any[];
+  if (ident.did) clauses.push(eq(account.did, ident.did));
+  if (ident.handle) clauses.push(eq(account.handle, ident.handle));
+  if (clauses.length === 0) return null;
+  const where = clauses.length === 1 ? clauses[0] : or(...clauses);
+  return db.select().from(account).where(where).get();
+}
+
+export async function createAccount(env: Env, data: {
+  did: string;
+  handle: string;
+  passwordScrypt: string | null;
+  email?: string | null;
+}): Promise<void> {
+  const db = getDb(env);
+  const now = NOW();
+  await db
+    .insert(account)
+    .values({
+      did: data.did,
+      handle: normalizeHandle(data.handle),
+      passwordScrypt: data.passwordScrypt ?? null,
+      email: data.email ?? null,
+      createdAt: now,
+      updatedAt: now,
+    })
+    .onConflictDoUpdate({
+      target: account.did,
+      set: {
+        handle: normalizeHandle(data.handle),
+        passwordScrypt: data.passwordScrypt ?? null,
+        email: data.email ?? null,
+        updatedAt: now,
+      },
+    });
+}
+
+export async function updateAccountPassword(env: Env, did: string, passwordScrypt: string): Promise<void> {
+  const db = getDb(env);
+  await db
+    .update(account)
+    .set({ passwordScrypt, updatedAt: NOW() })
+    .where(eq(account.did, did))
+    .run();
+}
+
+export async function storeRefreshToken(env: Env, data: {
+  id: string;
+  did: string;
+  expiresAt: number; // epoch seconds
+  appPasswordName?: string | null;
+}): Promise<void> {
+  const db = getDb(env);
+  await db
+    .insert(refresh_token_store)
+    .values({
+      id: data.id,
+      did: data.did,
+      expiresAt: data.expiresAt,
+      appPasswordName: data.appPasswordName ?? null,
+      nextId: null,
+    })
+    .onConflictDoUpdate({
+      target: refresh_token_store.id,
+      set: {
+        did: data.did,
+        expiresAt: data.expiresAt,
+        appPasswordName: data.appPasswordName ?? null,
+        nextId: null,
+      },
+    });
+}
+
+export async function markRefreshTokenRotated(env: Env, id: string, nextId: string, graceExpiresAt: number): Promise<void> {
+  const db = getDb(env);
+  await db
+    .update(refresh_token_store)
+    .set({ nextId, expiresAt: graceExpiresAt })
+    .where(eq(refresh_token_store.id, id))
+    .run();
+}
+
+export async function getRefreshToken(env: Env, id: string): Promise<RefreshTokenRow | null> {
+  const db = getDb(env);
+  return db.select().from(refresh_token_store).where(eq(refresh_token_store.id, id)).get();
+}
+
+export async function deleteRefreshToken(env: Env, id: string): Promise<void> {
+  const db = getDb(env);
+  await db.delete(refresh_token_store).where(eq(refresh_token_store.id, id)).run();
+}
+
+export async function cleanupExpiredRefreshTokens(env: Env, now: number): Promise<number> {
+  const db = getDb(env);
+  const res = await db.delete(refresh_token_store).where(lt(refresh_token_store.expiresAt, now)).run();
+  return res.meta.changes ?? 0;
+}
+
+export async function getSecret(env: Env, key: string): Promise<string | null> {
+  const db = getDb(env);
+  const row = await db.select().from(secret).where(eq(secret.key, key)).get();
+  return row?.value ?? null;
+}
+
+export async function setSecret(env: Env, key: string, value: string): Promise<void> {
+  const db = getDb(env);
+  await db
+    .insert(secret)
+    .values({ key, value, updatedAt: NOW() })
+    .onConflictDoUpdate({
+      target: secret.key,
+      set: { value, updatedAt: NOW() },
+    });
+}
+
+export async function getOrCreateSecret(env: Env, key: string, factory: () => Promise<string>): Promise<string> {
+  const existing = await getSecret(env, key);
+  if (existing) return existing;
+  const value = await factory();
+  await setSecret(env, key, value);
+  return value;
+}