npm - @alteran/astro - Versions diffs - 0.1.7 → 0.1.8 - Mend

@alteran/astro 0.1.7 → 0.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/README.md +38 -3
package/migrations/0005_odd_bishop.sql +18 -0
package/migrations/meta/0005_snapshot.json +429 -0
package/migrations/meta/_journal.json +7 -0
package/package.json +3 -2
package/src/db/dal.ts +33 -0
package/src/db/schema.ts +7 -0
package/src/lib/blob-refs.ts +99 -0
package/src/lib/secrets.ts +47 -0
package/src/pages/xrpc/com.atproto.identity.getRecommendedDidCredentials.ts +99 -0
package/src/pages/xrpc/com.atproto.repo.applyWrites.ts +20 -0
package/src/pages/xrpc/com.atproto.repo.importRepo.ts +142 -0
package/src/pages/xrpc/com.atproto.repo.listMissingBlobs.ts +88 -0
package/src/pages/xrpc/com.atproto.repo.uploadBlob.ts +16 -4
package/src/pages/xrpc/com.atproto.server.activateAccount.ts +53 -0
package/src/pages/xrpc/com.atproto.server.checkAccountStatus.ts +92 -0
package/src/pages/xrpc/com.atproto.server.createAccount.ts +79 -0
package/src/pages/xrpc/com.atproto.server.deactivateAccount.ts +53 -0
package/src/pages/xrpc/com.atproto.sync.getBlob.ts +84 -0
package/src/worker/runtime.ts +11 -6
package/types/env.d.ts +18 -8

package/README.md CHANGED Viewed

@@ -185,18 +185,45 @@ Set these secrets for each environment using `wrangler secret put <NAME> --env <
 **Generate secrets:**
 ```bash
-# Generate signing key
+# One-shot bootstrap (recommended)
+# Generates all required secrets and prints wrangler commands
+bun run scripts/setup-secrets.ts --env production --did did:web:example.com --handle user.example.com
+# Or generate only the repo signing key
 bun run scripts/generate-signing-key.ts
-# Set secrets (example for production)
+# After generation, set secrets (example for production)
 wrangler secret put PDS_DID --env production
 wrangler secret put PDS_HANDLE --env production
 wrangler secret put USER_PASSWORD --env production
 wrangler secret put ACCESS_TOKEN_SECRET --env production
 wrangler secret put REFRESH_TOKEN_SECRET --env production
 wrangler secret put REPO_SIGNING_KEY --env production
+# Optional: publish public key for DID document
+wrangler secret put REPO_SIGNING_PUBLIC_KEY --env production
 ```
+### Using Cloudflare Secret Store (optional)
+Instead of Wrangler Secrets, you may bind secrets from Cloudflare Secret Store. This repo now supports both. Bind each secret you want to source from Secret Store via `secrets_store_secrets` in `wrangler.jsonc`:
+```jsonc
+{
+  // ...
+  "secrets_store_secrets": [
+    { "binding": "USER_PASSWORD", "secret_name": "user_password", "store_id": "<your-store-id>" },
+    { "binding": "ACCESS_TOKEN_SECRET", "secret_name": "access_token_secret", "store_id": "<your-store-id>" },
+    { "binding": "REFRESH_TOKEN_SECRET", "secret_name": "refresh_token_secret", "store_id": "<your-store-id>" },
+    { "binding": "PDS_DID", "secret_name": "pds_did", "store_id": "<your-store-id>" },
+    { "binding": "PDS_HANDLE", "secret_name": "pds_handle", "store_id": "<your-store-id>" }
+  ]
+}
+```
+Notes:
+- Bindings can use the same names as the existing env vars. Only one source should be configured per secret (Wrangler Secret OR Secret Store binding).
+- At runtime, the worker resolves Secret Store bindings via `await env.<BINDING>.get()` and passes them to the app as plain strings.
 ### Optional Configuration
 These can be set as environment variables in [`wrangler.jsonc`](wrangler.jsonc:1) or as secrets:
@@ -326,8 +353,12 @@ This PDS now implements full AT Protocol core compliance with:
 ## Setup Instructions
-### 1. Generate Signing Key
+### 1. Generate Secrets
 ```bash
+# Recommended: bootstrap all secrets (prints wrangler commands)
+bun run scripts/setup-secrets.ts --env production --did did:web:example.com --handle user.example.com
+# Alternative: generate only the repo signing key
 bun run scripts/generate-signing-key.ts
 ```
@@ -341,6 +372,8 @@ wrangler secret put PDS_HANDLE        # Your handle
 wrangler secret put USER_PASSWORD     # Login password
 wrangler secret put ACCESS_TOKEN_SECRET
 wrangler secret put REFRESH_TOKEN_SECRET
+# Optional: publish raw public key for DID document
+wrangler secret put REPO_SIGNING_PUBLIC_KEY
 ```
 **For Local Development (.dev.vars):**
@@ -348,6 +381,8 @@ wrangler secret put REFRESH_TOKEN_SECRET
 PDS_DID=did:plc:your-did-here
 PDS_HANDLE=your-handle.bsky.social
 REPO_SIGNING_KEY=<base64-key-from-step-1>
+# Optional: publish raw 32-byte public key in did.json
+REPO_SIGNING_PUBLIC_KEY=<base64-raw-public-key>
 USER_PASSWORD=your-password
 ACCESS_TOKEN_SECRET=your-access-secret
 REFRESH_TOKEN_SECRET=your-refresh-secret

package/migrations/0005_odd_bishop.sql ADDED Viewed

@@ -0,0 +1,18 @@
+CREATE TABLE `account_state` (
+	`did` text PRIMARY KEY NOT NULL,
+	`active` integer DEFAULT false NOT NULL,
+	`created_at` integer NOT NULL
+);
+--> statement-breakpoint
+PRAGMA foreign_keys=OFF;--> statement-breakpoint
+CREATE TABLE `__new_blob_usage` (
+	`record_uri` text NOT NULL,
+	`key` text NOT NULL,
+	PRIMARY KEY(`record_uri`, `key`)
+);
+--> statement-breakpoint
+INSERT INTO `__new_blob_usage`("record_uri", "key") SELECT "record_uri", "key" FROM `blob_usage`;--> statement-breakpoint
+DROP TABLE `blob_usage`;--> statement-breakpoint
+ALTER TABLE `__new_blob_usage` RENAME TO `blob_usage`;--> statement-breakpoint
+PRAGMA foreign_keys=ON;--> statement-breakpoint
+CREATE INDEX `blob_usage_record_uri_idx` ON `blob_usage` (`record_uri`);

package/migrations/meta/0005_snapshot.json ADDED Viewed

@@ -0,0 +1,429 @@
+{
+  "version": "6",
+  "dialect": "sqlite",
+  "id": "cfdb4a96-9b33-41d2-9733-a44d61806a55",
+  "prevId": "cb70b8e1-d043-4b92-928a-ac332366391c",
+  "tables": {
+    "account_state": {
+      "name": "account_state",
+      "columns": {
+        "did": {
+          "name": "did",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "active": {
+          "name": "active",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "blob_quota": {
+      "name": "blob_quota",
+      "columns": {
+        "did": {
+          "name": "did",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "total_bytes": {
+          "name": "total_bytes",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 0
+        },
+        "blob_count": {
+          "name": "blob_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 0
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "blob": {
+      "name": "blob",
+      "columns": {
+        "cid": {
+          "name": "cid",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "did": {
+          "name": "did",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "mime": {
+          "name": "mime",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "size": {
+          "name": "size",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "blob_usage": {
+      "name": "blob_usage",
+      "columns": {
+        "record_uri": {
+          "name": "record_uri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "blob_usage_record_uri_idx": {
+          "name": "blob_usage_record_uri_idx",
+          "columns": [
+            "record_uri"
+          ],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {
+        "blob_usage_record_uri_key_pk": {
+          "columns": [
+            "record_uri",
+            "key"
+          ],
+          "name": "blob_usage_record_uri_key_pk"
+        }
+      },
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "blockstore": {
+      "name": "blockstore",
+      "columns": {
+        "cid": {
+          "name": "cid",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "bytes": {
+          "name": "bytes",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "commit_log": {
+      "name": "commit_log",
+      "columns": {
+        "seq": {
+          "name": "seq",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "cid": {
+          "name": "cid",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "rev": {
+          "name": "rev",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "data": {
+          "name": "data",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "sig": {
+          "name": "sig",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "ts": {
+          "name": "ts",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "commit_log_seq_idx": {
+          "name": "commit_log_seq_idx",
+          "columns": [
+            "seq"
+          ],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "login_attempts": {
+      "name": "login_attempts",
+      "columns": {
+        "ip": {
+          "name": "ip",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "attempts": {
+          "name": "attempts",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 0
+        },
+        "locked_until": {
+          "name": "locked_until",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_attempt": {
+          "name": "last_attempt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "record": {
+      "name": "record",
+      "columns": {
+        "uri": {
+          "name": "uri",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "did": {
+          "name": "did",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "cid": {
+          "name": "cid",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "json": {
+          "name": "json",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": 0
+        }
+      },
+      "indexes": {
+        "record_did_idx": {
+          "name": "record_did_idx",
+          "columns": [
+            "did"
+          ],
+          "isUnique": false
+        },
+        "record_cid_idx": {
+          "name": "record_cid_idx",
+          "columns": [
+            "cid"
+          ],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "repo_root": {
+      "name": "repo_root",
+      "columns": {
+        "did": {
+          "name": "did",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "commit_cid": {
+          "name": "commit_cid",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "rev": {
+          "name": "rev",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "token_revocation": {
+      "name": "token_revocation",
+      "columns": {
+        "jti": {
+          "name": "jti",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "exp": {
+          "name": "exp",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "revoked_at": {
+          "name": "revoked_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "token_revocation_exp_idx": {
+          "name": "token_revocation_exp_idx",
+          "columns": [
+            "exp"
+          ],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    }
+  },
+  "views": {},
+  "enums": {},
+  "_meta": {
+    "schemas": {},
+    "tables": {},
+    "columns": {}
+  },
+  "internal": {
+    "indexes": {}
+  }
+}

package/migrations/meta/_journal.json CHANGED Viewed

@@ -36,6 +36,13 @@
       "when": 1759448068564,
       "tag": "0004_skinny_domino",
       "breakpoints": true
+    },
+    {
+      "idx": 5,
+      "version": "6",
+      "when": 1759515076154,
+      "tag": "0005_odd_bishop",
+      "breakpoints": true
     }
   ]
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@alteran/astro",
-  "version": "0.1.7",
+  "version": "0.1.8",
   "description": "Astro integration for running a Cloudflare-hosted Bluesky PDS with Alteran.",
   "module": "index.js",
   "types": "index.d.ts",
@@ -37,7 +37,8 @@
     "db:apply": "wrangler d1 migrations apply pds",
     "db:apply:local": "bunx wrangler d1 migrations apply pds --local",
     "db:apply:local:direct": "wrangler d1 migrations apply pds --local",
-    "db:reset:local": "rm -rf .wrangler/state && rm -rf drizzle && bun run db:generate && bun run db:apply:local"
+    "db:reset:local": "rm -rf .wrangler/state && rm -rf drizzle && bun run db:generate && bun run db:apply:local",
+    "secrets:setup": "bun run scripts/setup-secrets.ts"
   },
   "devDependencies": {
     "@astrojs/cloudflare": "^12.6.9",

package/src/db/dal.ts CHANGED Viewed

@@ -95,3 +95,36 @@ export async function checkBlobQuota(env: Env, did: string, additionalBytes: num
   return (quota.total_bytes + additionalBytes) <= maxBytes;
 }
+// Account state management for migration support
+export async function getAccountState(env: Env, did: string) {
+  const db = getDb(env);
+  const { account_state } = await import('./schema');
+  const state = await db.select().from(account_state).where(eq(account_state.did, did)).get();
+  return state ?? null;
+}
+export async function createAccountState(env: Env, did: string, active: boolean = false) {
+  const db = getDb(env);
+  const { account_state } = await import('./schema');
+  await db.insert(account_state).values({
+    did,
+    active,
+    created_at: Date.now(),
+  }).run();
+}
+export async function setAccountActive(env: Env, did: string, active: boolean) {
+  const db = getDb(env);
+  const { account_state } = await import('./schema');
+  await db.update(account_state)
+    .set({ active })
+    .where(eq(account_state.did, did))
+    .run();
+}
+export async function isAccountActive(env: Env, did: string): Promise<boolean> {
+  const state = await getAccountState(env, did);
+  // If no account state exists, assume active (backward compatibility)
+  return state?.active ?? true;
+}

package/src/db/schema.ts CHANGED Viewed

@@ -85,5 +85,12 @@ export const blob_quota = sqliteTable('blob_quota', {
   updated_at: integer('updated_at').notNull(),
 });
+// Account state for migration support (single-user PDS)
+export const account_state = sqliteTable('account_state', {
+  did: text('did').primaryKey().notNull(),
+  active: integer('active', { mode: 'boolean' }).notNull().default(false),
+  created_at: integer('created_at').notNull(),
+});
 export type RecordRow = typeof record.$inferSelect;
 export type NewRecordRow = typeof record.$inferInsert;