@alteran/astro 0.1.14 → 0.3.1

package/src/pages/.well-known/did.json.ts

@@ -1,18 +1,12 @@
 import type { APIContext } from 'astro';
 import { withCache, CACHE_CONFIGS } from '../../lib/cache';
 import { base58btc } from 'multiformats/bases/base58';
+import { resolveSecret } from '../../lib/secrets';
+import { Secp256k1Keypair } from '@atproto/crypto';
+import { formatMultikey } from '@atproto/crypto/dist/did';
 
 export const prerender = false;
 
-/**
- * DID Document endpoint for did:web
- *
- * Returns a DID document with:
- * - Service endpoints (PDS, firehose)
- * - Verification methods (signing key)
- *
- * Spec: https://w3c-ccg.github.io/did-method-web/
- */
 export async function GET({ locals, request }: APIContext) {
   const { env } = locals.runtime;
 
@@ -23,39 +17,57 @@ export async function GET({ locals, request }: APIContext) {
       const handle = env.PDS_HANDLE ?? 'user.example.com';
       const hostname = env.PDS_HOSTNAME ?? new URL(request.url).hostname;
 
-      // Public repository signing key (raw 32-byte Ed25519) base64-encoded
-      const pubKeyB64: string | undefined = (env as any).REPO_SIGNING_PUBLIC_KEY;
       let publicKeyMultibase: string | undefined;
-      if (pubKeyB64) {
+
+      const serviceKeyHex = await resolveSecret(env.PDS_SERVICE_SIGNING_KEY_HEX as any);
+      if (serviceKeyHex) {
         try {
-          const bin = atob(pubKeyB64.replace(/\s+/g, ''));
-          const raw = new Uint8Array(bin.length);
-          for (let i = 0; i < bin.length; i++) raw[i] = bin.charCodeAt(i);
-          if (raw.byteLength === 32) {
-            // multicodec: ed25519-pub = 0xED 0x01 prefix
-            const prefixed = new Uint8Array(2 + raw.byteLength);
-            prefixed[0] = 0xed; prefixed[1] = 0x01; prefixed.set(raw, 2);
-            publicKeyMultibase = base58btc.encode(prefixed);
+          const keypair = await Secp256k1Keypair.import(serviceKeyHex.trim());
+          publicKeyMultibase = formatMultikey(keypair.jwtAlg, keypair.publicKeyBytes());
+        } catch (error) {
+          console.warn('Failed to encode service signing key', error);
+        }
+      }
+
+      if (!publicKeyMultibase) {
+        const repoPubKeyB64 = await resolveSecret((env as any).REPO_SIGNING_KEY_PUBLIC);
+        if (repoPubKeyB64) {
+          try {
+            const bin = atob(repoPubKeyB64.replace(/\s+/g, ''));
+            const raw = new Uint8Array(bin.length);
+            for (let i = 0; i < bin.length; i++) raw[i] = bin.charCodeAt(i);
+            if (raw.byteLength === 32) {
+              const prefixed = new Uint8Array(2 + raw.byteLength);
+              prefixed[0] = 0xed;
+              prefixed[1] = 0x01;
+              prefixed.set(raw, 2);
+              publicKeyMultibase = base58btc.encode(prefixed);
+            }
+          } catch (error) {
+            console.warn('Failed to encode repo signing key', error);
           }
-        } catch {}
+        }
       }
 
-      // Build DID document
+      const verificationMethods = publicKeyMultibase
+        ? [
+            {
+              id: `${did}#atproto`,
+              type: 'Multikey',
+              controller: did,
+              publicKeyMultibase,
+            },
+          ]
+        : [];
+
       const didDocument = {
         '@context': [
           'https://www.w3.org/ns/did/v1',
-          'https://w3id.org/security/suites/ed25519-2020/v1',
+          'https://w3id.org/security/multikey/v1',
         ],
         id: did,
         alsoKnownAs: [`at://${handle}`],
-        verificationMethod: publicKeyMultibase ? [
-          {
-            id: `${did}#atproto`,
-            type: 'Ed25519VerificationKey2020',
-            controller: did,
-            publicKeyMultibase,
-          },
-        ] : [],
+        verificationMethod: verificationMethods,
         service: [
           {
             id: `${did}#atproto_pds`,
@@ -71,6 +83,7 @@ export async function GET({ locals, request }: APIContext) {
         },
       });
     },
-    CACHE_CONFIGS.DID_DOCUMENT
+    CACHE_CONFIGS.DID_DOCUMENT,
   );
 }
+

package/src/pages/xrpc/app.bsky.actor.getPreferences.ts

@@ -0,0 +1,23 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+import { getActorPreferences } from '../../lib/preferences';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.actor.getPreferences',
+    fallback: async () => {
+      const { preferences } = await getActorPreferences(env);
+      return new Response(JSON.stringify({ preferences }), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    },
+  });
+}

package/src/pages/xrpc/app.bsky.actor.getProfile.ts

@@ -0,0 +1,34 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { buildProfileViewDetailed, getPrimaryActor, matchesPrimaryActor } from '../../lib/actor';
+import { countPosts } from '../../lib/feed';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.actor.getProfile',
+    fallback: async () => {
+      const url = new URL(request.url);
+      const identifier = url.searchParams.get('actor');
+      const actor = await getPrimaryActor(env);
+      if (!matchesPrimaryActor(identifier, actor)) {
+        return new Response(JSON.stringify({ error: 'ProfileNotFound' }), { status: 404 });
+      }
+      const profile = buildProfileViewDetailed(actor, {
+        followers: 0,
+        follows: 0,
+        posts: await countPosts(env),
+      });
+      return new Response(JSON.stringify(profile), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    },
+  });
+}

package/src/pages/xrpc/app.bsky.actor.getProfiles.ts

@@ -0,0 +1,42 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import {
+  buildProfileViewDetailed,
+  getPrimaryActor,
+  matchesPrimaryActor,
+} from '../../lib/actor';
+import { countPosts } from '../../lib/feed';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.actor.getProfiles',
+    fallback: async () => {
+      const url = new URL(request.url);
+      const actors = url.searchParams.getAll('actors');
+      const actor = await getPrimaryActor(env);
+      const posts = await countPosts(env);
+
+      const profiles = actors
+        .filter((identifier) => matchesPrimaryActor(identifier, actor))
+        .map(() =>
+          buildProfileViewDetailed(actor, {
+            followers: 0,
+            follows: 0,
+            posts,
+          }),
+        );
+
+      return new Response(JSON.stringify({ profiles }), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    },
+  });
+}

package/src/pages/xrpc/app.bsky.actor.putPreferences.ts

@@ -0,0 +1,36 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+import { readJsonBounded } from '../../lib/util';
+import { setActorPreferences } from '../../lib/preferences';
+
+export const prerender = false;
+
+export async function POST({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.actor.putPreferences',
+    fallback: async () => {
+      let body: any;
+      try {
+        body = await readJsonBounded(env, request);
+      } catch (err: any) {
+        if (err?.code === 'PayloadTooLarge') {
+          return new Response(JSON.stringify({ error: 'PayloadTooLarge' }), { status: 413 });
+        }
+        return new Response(JSON.stringify({ error: 'BadRequest' }), { status: 400 });
+      }
+
+      const preferences = Array.isArray(body?.preferences) ? body.preferences : [];
+      await setActorPreferences(env, preferences);
+
+      return new Response(JSON.stringify({}), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    },
+  });
+}

package/src/pages/xrpc/app.bsky.feed.getAuthorFeed.ts

@@ -0,0 +1,42 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { matchesPrimaryActor, getPrimaryActor } from '../../lib/actor';
+import { buildFeedViewPosts, listPosts } from '../../lib/feed';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.feed.getAuthorFeed',
+    fallback: async () => {
+      const url = new URL(request.url);
+      const identifier = url.searchParams.get('actor');
+      const actor = await getPrimaryActor(env);
+      if (!matchesPrimaryActor(identifier, actor)) {
+        return new Response(JSON.stringify({ error: 'ActorNotFound' }), { status: 404 });
+      }
+
+      const limitParam = Number.parseInt(url.searchParams.get('limit') ?? '', 10);
+      const limitInput = Number.isFinite(limitParam) ? limitParam : 50;
+      const limit = Math.max(1, Math.min(limitInput, 100));
+      const cursor = url.searchParams.get('cursor') ?? undefined;
+
+      const posts = await listPosts(env, limit, cursor);
+      const feed = await buildFeedViewPosts(env, posts);
+      const nextCursor = posts.length === limit ? String(posts[posts.length - 1].rowid) : undefined;
+
+      const payload: Record<string, unknown> = { feed };
+      if (nextCursor) payload.cursor = nextCursor;
+
+      return new Response(JSON.stringify(payload), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    },
+  });
+}

package/src/pages/xrpc/app.bsky.feed.getPostThread.ts

@@ -0,0 +1,37 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { buildThreadView, getPostByUri } from '../../lib/feed';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.feed.getPostThread',
+    fallback: async () => {
+      const url = new URL(request.url);
+      const uri = url.searchParams.get('uri');
+      if (!uri) {
+        return new Response(
+          JSON.stringify({ error: 'BadRequest', message: 'uri parameter required' }),
+          { status: 400 },
+        );
+      }
+
+      const post = await getPostByUri(env, uri);
+      if (!post) {
+        return new Response(JSON.stringify({ error: 'NotFound' }), { status: 404 });
+      }
+
+      const thread = await buildThreadView(env, post);
+      return new Response(JSON.stringify({ thread }), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    },
+  });
+}

package/src/pages/xrpc/app.bsky.feed.getPosts.ts

@@ -0,0 +1,26 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { buildPostViews, getPostsByUris } from '../../lib/feed';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.feed.getPosts',
+    fallback: async () => {
+      const url = new URL(request.url);
+      const uris = url.searchParams.getAll('uris').filter(Boolean);
+      const posts = await getPostsByUris(env, uris.slice(0, 25));
+      const views = await buildPostViews(env, posts);
+      return new Response(JSON.stringify({ posts: views }), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    },
+  });
+}

package/src/pages/xrpc/app.bsky.feed.getTimeline.ts

@@ -0,0 +1,35 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { buildFeedViewPosts, listPosts } from '../../lib/feed';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.feed.getTimeline',
+    fallback: async () => {
+      const url = new URL(request.url);
+      const cursor = url.searchParams.get('cursor') ?? undefined;
+      const limitParam = Number.parseInt(url.searchParams.get('limit') ?? '', 10);
+      const limitInput = Number.isFinite(limitParam) ? limitParam : 50;
+      const limit = Math.max(1, Math.min(limitInput, 100));
+
+      const posts = await listPosts(env, limit, cursor);
+      const feed = await buildFeedViewPosts(env, posts);
+      const nextCursor = posts.length === limit ? String(posts[posts.length - 1].rowid) : undefined;
+
+      const payload: Record<string, unknown> = { feed };
+      if (nextCursor) payload.cursor = nextCursor;
+
+      return new Response(JSON.stringify(payload), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    },
+  });
+}

package/src/pages/xrpc/app.bsky.graph.getFollowers.ts

@@ -0,0 +1,29 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { buildProfileView, getPrimaryActor, matchesPrimaryActor } from '../../lib/actor';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.graph.getFollowers',
+    fallback: async () => {
+      const url = new URL(request.url);
+      const identifier = url.searchParams.get('actor');
+      const actor = await getPrimaryActor(env);
+      if (!matchesPrimaryActor(identifier, actor)) {
+        return new Response(JSON.stringify({ error: 'ActorNotFound' }), { status: 404 });
+      }
+      return new Response(
+        JSON.stringify({ subject: buildProfileView(actor), followers: [] }),
+        { headers: { 'Content-Type': 'application/json' } },
+      );
+    },
+  });
+}

package/src/pages/xrpc/app.bsky.graph.getFollows.ts

@@ -0,0 +1,29 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { buildProfileView, getPrimaryActor, matchesPrimaryActor } from '../../lib/actor';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.graph.getFollows',
+    fallback: async () => {
+      const url = new URL(request.url);
+      const identifier = url.searchParams.get('actor');
+      const actor = await getPrimaryActor(env);
+      if (!matchesPrimaryActor(identifier, actor)) {
+        return new Response(JSON.stringify({ error: 'ActorNotFound' }), { status: 404 });
+      }
+      return new Response(
+        JSON.stringify({ subject: buildProfileView(actor), follows: [] }),
+        { headers: { 'Content-Type': 'application/json' } },
+      );
+    },
+  });
+}

package/src/pages/xrpc/app.bsky.labeler.getServices.ts

@@ -0,0 +1,29 @@
+import type { APIContext } from 'astro';
+import { getLabelerServiceViews } from '../../lib/labeler';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  const url = new URL(request.url);
+
+  const didParams = url.searchParams.getAll('dids');
+  const dids = didParams
+    .flatMap((entry) => entry.split(',').map((did) => did.trim()))
+    .filter(Boolean);
+
+  if (dids.length === 0) {
+    return new Response(JSON.stringify({ error: 'BadRequest', message: 'dids parameter required' }), {
+      status: 400,
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
+
+  const detailed = url.searchParams.get('detailed') === 'true';
+
+  const views = await getLabelerServiceViews(env, dids, { detailed });
+
+  return new Response(JSON.stringify({ views }), {
+    headers: { 'Content-Type': 'application/json' },
+  });
+}

package/src/pages/xrpc/app.bsky.notification.getUnreadCount.ts

@@ -0,0 +1,20 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.notification.getUnreadCount',
+    fallback: async () =>
+      new Response(JSON.stringify({ count: 0 }), {
+        headers: { 'Content-Type': 'application/json' },
+      }),
+  });
+}

package/src/pages/xrpc/app.bsky.notification.listNotifications.ts

@@ -0,0 +1,27 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.notification.listNotifications',
+    fallback: async () =>
+      new Response(
+        JSON.stringify({
+          notifications: [],
+          priority: false,
+          seenAt: new Date(0).toISOString(),
+        }),
+        {
+          headers: { 'Content-Type': 'application/json' },
+        },
+      ),
+  });
+}

package/src/pages/xrpc/app.bsky.unspecced.getAgeAssuranceState.ts

@@ -0,0 +1,19 @@
+import type { APIContext } from 'astro';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return new Response(
+    JSON.stringify({
+      status: 'unknown',
+      lastInitiatedAt: new Date(0).toISOString(),
+    }),
+    {
+      headers: { 'Content-Type': 'application/json' },
+    },
+  );
+}

package/src/pages/xrpc/app.bsky.unspecced.getConfig.ts

@@ -0,0 +1,15 @@
+import type { APIContext } from 'astro';
+
+export const prerender = false;
+
+export async function GET() {
+  return new Response(
+    JSON.stringify({
+      checkEmailConfirmed: false,
+      liveNow: [],
+    }),
+    {
+      headers: { 'Content-Type': 'application/json' },
+    },
+  );
+}

package/src/pages/xrpc/chat.bsky.convo.getLog.ts

@@ -0,0 +1,26 @@
+import type { APIContext } from 'astro';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+import { getPrimaryActor } from '../../lib/actor';
+import { listChatConvoLogs } from '../../lib/chat';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  const url = new URL(request.url);
+  const cursorParam = url.searchParams.get('cursor');
+  const parsedCursor = Number.parseInt(cursorParam ?? '', 10);
+  const cursor = Number.isFinite(parsedCursor) ? parsedCursor : undefined;
+
+  const actor = await getPrimaryActor(env);
+  const { logs, cursor: nextCursor } = await listChatConvoLogs(env, actor.did, cursor);
+
+  const payload: Record<string, unknown> = { logs };
+  if (nextCursor) payload.cursor = nextCursor;
+
+  return new Response(JSON.stringify(payload), {
+    headers: { 'Content-Type': 'application/json' },
+  });
+}

package/src/pages/xrpc/chat.bsky.convo.listConvos.ts

@@ -0,0 +1,37 @@
+import type { APIContext } from 'astro';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+import { listChatConvos } from '../../lib/chat';
+import { getPrimaryActor } from '../../lib/actor';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  const url = new URL(request.url);
+  const limitInput = Number.parseInt(url.searchParams.get('limit') ?? '', 10);
+  const limit = Math.max(1, Math.min(Number.isFinite(limitInput) ? limitInput : 50, 100));
+  const cursorParam = url.searchParams.get('cursor');
+  const cursor = cursorParam ? Number.parseInt(cursorParam, 10) : undefined;
+  const readStateParam = url.searchParams.get('readState');
+  const statusParam = url.searchParams.get('status');
+
+  const filters = {
+    readState: readStateParam === 'unread' ? 'unread' : null,
+    status:
+      statusParam === 'request' || statusParam === 'accepted' ? statusParam : null,
+  } as const;
+
+  const actor = await getPrimaryActor(env);
+  const { convos, cursor: nextCursor } = await listChatConvos(env, actor.did, limit, cursor, filters);
+
+  const payload: Record<string, unknown> = {
+    convos,
+  };
+  if (nextCursor) payload.cursor = nextCursor;
+
+  return new Response(JSON.stringify(payload), {
+    headers: { 'Content-Type': 'application/json' },
+  });
+}