@alteran/astro 0.7.6 → 0.8.1

package/src/pages/xrpc/com.atproto.identity.updateHandle.ts

@@ -1,6 +1,4 @@
 import type { APIContext } from 'astro';
-import { readJson } from '../../lib/util';
-
 export const prerender = false;
 
 /**
@@ -8,38 +6,16 @@ export const prerender = false;
  * Update the handle for the repository
  */
 export async function POST({ locals, request }: APIContext) {
-  const { env } = locals.runtime;
-
-  try {
-    const body = (await readJson(request)) as { handle?: string };
-    const { handle } = body;
-
-    if (!handle) {
-      return new Response(
-        JSON.stringify({ error: 'InvalidRequest', message: 'handle required' }),
-        { status: 400, headers: { 'Content-Type': 'application/json' } }
-      );
-    }
-
-    // TODO: Implement handle verification (DNS TXT or HTTP)
-    // TODO: Update PDS_HANDLE configuration
-    // For single-user PDS, this would require redeployment with new config
-
-    return new Response(
-      JSON.stringify({
-        error: 'NotImplemented',
-        message: 'Handle updates require PDS reconfiguration for single-user mode',
-      }),
-      {
-        status: 501,
-        headers: { 'Content-Type': 'application/json' },
-      }
-    );
-  } catch (error) {
-    console.error('updateHandle error:', error);
-    return new Response(
-      JSON.stringify({ error: 'InternalServerError', message: String(error) }),
-      { status: 500, headers: { 'Content-Type': 'application/json' } }
-    );
-  }
+  void locals;
+  void request;
+  return new Response(
+    JSON.stringify({
+      error: 'NotImplemented',
+      message: 'Handle updates require PDS reconfiguration for single-user mode',
+    }),
+    {
+      status: 501,
+      headers: { 'Content-Type': 'application/json' },
+    },
+  );
 }

package/src/pages/xrpc/com.atproto.repo.applyWrites.ts

@@ -1,14 +1,20 @@
 import type { APIContext } from 'astro';
-import { RepoManager } from '../../services/repo-manager';
-import { readJson } from '../../lib/util';
-import { bumpRoot } from '../../db/repo';
-import { verifyResourceRequestHybrid, dpopResourceUnauthorized, handleResourceAuthError } from '../../lib/oauth/resource';
-import { isAccountActive } from '../../db/dal';
+import { errorCode } from '../../lib/errors';
+import { readJsonBounded } from '../../lib/util';
+import { verifyResourceRequestHybrid, dpopResourceUnauthorized, handleResourceAuthError, insufficientScopeResponse } from '../../lib/oauth/resource';
+import { canWriteRepo } from '../../lib/auth-scope';
+import { deleteUnreferencedBlobKeys, isAccountActive, sweepEligibleUnreferencedBlobKeys } from '../../db/dal';
 import { checkRate } from '../../lib/ratelimit';
 import { notifySequencer } from '../../lib/sequencer';
-import { encodeBlocksForCommit } from '../../services/car';
-import { CID } from 'multiformats/cid';
-import { putRecord as dalPutRecord } from '../../db/dal';
+import {
+  applyWritesAuthorizations,
+  assertRepoWriteInput,
+  handleRepoWriteError,
+  jsonError,
+  prepareApplyWrites,
+  RepoWriteError,
+  retryNoSwapCommit,
+} from '../../lib/repo-write-validation';
 
 export const prerender = false;
 
@@ -17,155 +23,92 @@ export const prerender = false;
  * Apply a batch of repository writes atomically
  */
 export async function POST({ locals, request }: APIContext) {
-  const { env } = locals.runtime;
+  const { env, ctx } = locals.runtime;
+  let auth: NonNullable<Awaited<ReturnType<typeof verifyResourceRequestHybrid>>>;
   try {
-    const auth = await verifyResourceRequestHybrid(env, request);
-    if (!auth) return dpopResourceUnauthorized(env);
+    const verified = await verifyResourceRequestHybrid(env, request);
+    if (!verified) return dpopResourceUnauthorized(env);
+    auth = verified;
   } catch (error) {
     const handled = await handleResourceAuthError(env, error);
     if (handled) return handled;
     throw error;
   }
 
-  // Check if account is active
-  const did = env.PDS_DID as string;
-  const active = await isAccountActive(env, did);
-  if (!active) {
-    return new Response(
-      JSON.stringify({
-        error: 'AccountDeactivated',
-        message: 'Account is deactivated. Activate it before making changes.'
-      }),
-      { status: 403, headers: { 'Content-Type': 'application/json' } }
-    );
+  let body: unknown;
+  try {
+    body = await readJsonBounded(env, request);
+  } catch (error) {
+    const rateLimitResponse = await checkRate(env, request, 'writes', { key: auth.did });
+    if (rateLimitResponse) return rateLimitResponse;
+    if (errorCode(error) === 'PayloadTooLarge') {
+      return jsonError('PayloadTooLarge', undefined, 413);
+    }
+    return jsonError('BadRequest');
   }
 
-  const rateLimitResponse = await checkRate(env, request, 'writes');
-  if (rateLimitResponse) return rateLimitResponse;
-
+  let writeRateCharged = false;
   try {
-    const body = (await readJson(request)) as {
-      repo?: string;
-      writes?: unknown[];
-      validate?: boolean;
-      swapCommit?: string;
-    };
-    const { repo, writes, validate = true, swapCommit } = body;
-
-    if (!writes || !Array.isArray(writes)) {
-      return new Response(
-        JSON.stringify({ error: 'InvalidRequest', message: 'writes must be an array' }),
-        { status: 400, headers: { 'Content-Type': 'application/json' } }
-      );
+    const input = assertRepoWriteInput('com.atproto.repo.applyWrites', body);
+    const writes = Array.isArray(input.writes) ? input.writes : [];
+    if (writes.length > 200) {
+      const rateLimitResponse = await checkRate(env, request, 'writes', { key: auth.did });
+      writeRateCharged = true;
+      if (rateLimitResponse) return rateLimitResponse;
+      return jsonError('InvalidRequest', 'Too many writes. Max: 200');
+    }
+    for (const write of applyWritesAuthorizations(input)) {
+      if (!canWriteRepo(auth.access, write.collection, write.action)) return insufficientScopeResponse();
     }
 
-    const repoManager = new RepoManager(env);
-    const pdsDid = typeof env.PDS_DID === 'string' ? env.PDS_DID : '';
-    type WriteResult = { $type: string; uri?: string; cid?: string; validationStatus?: string };
-    const results: WriteResult[] = [];
-    // Accumulate ops and new MST blocks for this batch
-    const opsForCommit: { action: 'create'|'update'|'delete'; path: string; cid: import('multiformats/cid').CID | null }[] = [];
-    const newMstBlocksAll: Array<[import('multiformats/cid').CID, Uint8Array]> = [];
-    let firstPrevMst: import('multiformats/cid').CID | null = null;
-    let lastMst: import('../../lib/mst').MST | null = null;
-
-    type WriteOperation = {
-      $type?: string;
-      collection?: string;
-      rkey?: string;
-      value?: Record<string, unknown>;
-    };
-    // Apply all writes atomically
-    for (const rawWrite of writes) {
-      const write = rawWrite as WriteOperation;
-      const { $type, collection, rkey, value } = write;
-      if (typeof collection !== 'string' || typeof rkey !== 'string') {
-        return new Response(
-          JSON.stringify({
-            error: 'InvalidRequest',
-            message: 'collection and rkey are required strings on every write',
-          }),
-          { status: 400, headers: { 'Content-Type': 'application/json' } },
-        );
-      }
+    const rateLimitResponse = await checkRate(env, request, 'writes', {
+      key: auth.did,
+      cost: writes.length,
+    });
+    writeRateCharged = true;
+    if (rateLimitResponse) return rateLimitResponse;
 
-      if ($type === 'com.atproto.repo.applyWrites#create') {
-        const { mst, recordCid, prevMstRoot, newMstBlocks } = await repoManager.addRecord(collection, rkey, value);
-        if (!firstPrevMst) firstPrevMst = prevMstRoot;
-        lastMst = mst;
-        opsForCommit.push({ action: 'create', path: `${collection}/${rkey}`, cid: recordCid });
-        for (const [cid, bytes] of newMstBlocks) newMstBlocksAll.push([cid, bytes]);
-        // Persist JSON for local reads
-        await dalPutRecord(env, {
-          uri: `at://${pdsDid}/${collection}/${rkey}`,
-          did: pdsDid,
-          cid: recordCid.toString(),
-          json: JSON.stringify(value),
-        });
-        results.push({
-          $type: 'com.atproto.repo.applyWrites#createResult',
-          uri: `at://${repo}/${collection}/${rkey}`,
-          cid: recordCid.toString(),
-          validationStatus: 'valid',
-        });
-      } else if ($type === 'com.atproto.repo.applyWrites#update') {
-        const { mst, recordCid, prevMstRoot, newMstBlocks } = await repoManager.updateRecord(collection, rkey, value);
-        if (!firstPrevMst) firstPrevMst = prevMstRoot;
-        lastMst = mst;
-        opsForCommit.push({ action: 'update', path: `${collection}/${rkey}`, cid: recordCid });
-        for (const [cid, bytes] of newMstBlocks) newMstBlocksAll.push([cid, bytes]);
-        await dalPutRecord(env, {
-          uri: `at://${pdsDid}/${collection}/${rkey}`,
-          did: pdsDid,
-          cid: recordCid.toString(),
-          json: JSON.stringify(value),
-        });
-        results.push({
-          $type: 'com.atproto.repo.applyWrites#updateResult',
-          uri: `at://${repo}/${collection}/${rkey}`,
-          cid: recordCid.toString(),
-          validationStatus: 'valid',
-        });
-      } else if ($type === 'com.atproto.repo.applyWrites#delete') {
-        const { mst, prevMstRoot, newMstBlocks } = await repoManager.deleteRecord(collection, rkey);
-        if (!firstPrevMst) firstPrevMst = prevMstRoot;
-        lastMst = mst;
-        opsForCommit.push({ action: 'delete', path: `${collection}/${rkey}`, cid: null });
-        for (const [cid, bytes] of newMstBlocks) newMstBlocksAll.push([cid, bytes]);
-        results.push({
-          $type: 'com.atproto.repo.applyWrites#deleteResult',
-        });
-      }
+    // Check if account is active
+    const active = await isAccountActive(env, auth.did);
+    if (!active) {
+      return new Response(
+        JSON.stringify({
+          error: 'AccountDeactivated',
+          message: 'Account is deactivated. Activate it before making changes.'
+        }),
+        { status: 403, headers: { 'Content-Type': 'application/json' } }
+      );
     }
 
-    // Bump repo root to create new commit
-    const currentRoot = lastMst ? await lastMst.getPointer() : undefined;
-    const { commitCid, rev, commitData, sig, blocks } = await bumpRoot(env, firstPrevMst ?? undefined, currentRoot, {
-      ops: opsForCommit,
-      newMstBlocks: newMstBlocksAll,
+    const { prepared, applied } = await retryNoSwapCommit(input, async () => {
+      const prepared = await prepareApplyWrites(env, auth, input);
+      const applied = await prepared.repo.applyPreparedWrites(prepared.writes, prepared.expectedCommitCid);
+      return { prepared, applied };
     });
 
     // Notify sequencer about the commit for firehose
-    try {
-      // Prefer commitData/sig/blocks returned by bumpRoot (authoritative)
+    if (applied.commit && applied.commitCid && applied.rev && applied.commitData && applied.sig && applied.blocks) {
       await notifySequencer(env, {
-        did: pdsDid,
-        commitCid,
-        rev,
-        data: commitData,
-        sig,
-        ops: opsForCommit,
-        ...(blocks ? { blocks } : {}),
+        did: prepared.did,
+        commitCid: applied.commitCid,
+        rev: applied.rev,
+        data: applied.commitData,
+        sig: applied.sig,
+        ops: applied.ops,
+        blocks: applied.blocks,
+      });
+      await deleteUnreferencedBlobKeys(env, applied.dereferencedBlobKeys).catch((error) => {
+        console.warn('[applyWrites] Failed to clean dereferenced blobs:', error);
       });
-    } catch (error) {
-      console.error('Failed to notify sequencer:', error);
-      // Don't fail the request if sequencer notification fails
+      ctx?.waitUntil(sweepEligibleUnreferencedBlobKeys(env).catch((error) => {
+        console.warn('[applyWrites] Failed to sweep dereferenced blobs:', error);
+      }));
     }
 
     return new Response(
       JSON.stringify({
-        commit: { cid: commitCid, rev },
-        results,
+        ...(applied.commit ? { commit: applied.commit } : {}),
+        results: applied.results,
       }),
       {
         status: 200,
@@ -173,11 +116,19 @@ export async function POST({ locals, request }: APIContext) {
       }
     );
   } catch (error) {
-    console.error('applyWrites error:', error);
-    console.error('Error stack:', error instanceof Error ? error.stack : 'No stack');
-    return new Response(
-      JSON.stringify({ error: 'InternalServerError', message: String(error) }),
-      { status: 500, headers: { 'Content-Type': 'application/json' } }
-    );
+    if (!writeRateCharged && error instanceof RepoWriteError) {
+      const rateLimitResponse = await checkRate(env, request, 'writes', { key: auth.did });
+      if (rateLimitResponse) return rateLimitResponse;
+    }
+    try {
+      return handleRepoWriteError(error);
+    } catch (unhandled) {
+      console.error('applyWrites error:', unhandled);
+      console.error('Error stack:', unhandled instanceof Error ? unhandled.stack : 'No stack');
+      return new Response(
+        JSON.stringify({ error: 'InternalServerError', message: String(unhandled) }),
+        { status: 500, headers: { 'Content-Type': 'application/json' } }
+      );
+    }
   }
 }

package/src/pages/xrpc/com.atproto.repo.createRecord.ts

@@ -1,74 +1,101 @@
 import type { APIContext } from 'astro';
-import { errorCode, errorMessage } from '../../lib/errors';
-import { verifyResourceRequestHybrid, dpopResourceUnauthorized, handleResourceAuthError } from '../../lib/oauth/resource';
+import { errorCode } from '../../lib/errors';
+import { verifyResourceRequestHybrid, dpopResourceUnauthorized, handleResourceAuthError, insufficientScopeResponse } from '../../lib/oauth/resource';
+import { canWriteRepo } from '../../lib/auth-scope';
 import { checkRate } from '../../lib/ratelimit';
 import { readJsonBounded } from '../../lib/util';
-import { RepoManager } from '../../services/repo-manager';
 import { notifySequencer } from '../../lib/sequencer';
+import { isAccountActive } from '../../db/dal';
+import {
+  assertRepoWriteInput,
+  createRecordAuthorizations,
+  handleRepoWriteError,
+  jsonError,
+  prepareCreateRecord,
+  RepoWriteError,
+  retryNoSwapCommit,
+} from '../../lib/repo-write-validation';
 
 export const prerender = false;
 
 export async function POST({ locals, request }: APIContext) {
   const { env } = locals.runtime;
+  let auth: NonNullable<Awaited<ReturnType<typeof verifyResourceRequestHybrid>>>;
   try {
-    const auth = await verifyResourceRequestHybrid(env, request);
-    if (!auth) return dpopResourceUnauthorized(env);
+    const verified = await verifyResourceRequestHybrid(env, request);
+    if (!verified) return dpopResourceUnauthorized(env);
+    auth = verified;
   } catch (error) {
     const handled = await handleResourceAuthError(env, error);
     if (handled) return handled;
     throw error;
   }
 
-  const rateLimitResponse = await checkRate(env, request, 'writes');
-  if (rateLimitResponse) return rateLimitResponse;
-
-  let body: any;
+  let body: unknown;
   try {
     body = await readJsonBounded(env, request);
-  } catch (e) {
-    if (errorCode(e) === 'PayloadTooLarge') {
-      return new Response(JSON.stringify({ error: 'PayloadTooLarge' }), { status: 413 });
+  } catch (error) {
+    const rateLimitResponse = await checkRate(env, request, 'writes', { key: auth.did });
+    if (rateLimitResponse) return rateLimitResponse;
+    if (errorCode(error) === 'PayloadTooLarge') {
+      return jsonError('PayloadTooLarge', undefined, 413);
     }
-    return new Response(JSON.stringify({ error: 'BadRequest' }), { status: 400 });
+    return jsonError('BadRequest');
   }
-  const { collection, rkey } = body ?? {};
-  let { record } = body ?? {};
-  if (!collection || !record) return new Response(JSON.stringify({ error: 'BadRequest' }), { status: 400 });
 
-  // Minimal schema alignment for app.bsky.feed.post: ensure required fields
-  if (collection === 'app.bsky.feed.post' && record && typeof record === 'object') {
-    if (typeof record.text !== 'string') {
-      record.text = '';
-    }
-    if (typeof record.createdAt !== 'string') {
-      record.createdAt = new Date().toISOString();
+  let writeRateCharged = false;
+  try {
+    const input = assertRepoWriteInput('com.atproto.repo.createRecord', body);
+    for (const write of createRecordAuthorizations(input)) {
+      if (!canWriteRepo(auth.access, write.collection, write.action)) return insufficientScopeResponse();
     }
-  }
 
-  const repo = new RepoManager(env);
-  const result = await repo.createRecord(collection, record, rkey);
-  await notifySequencer(env, {
-    did: env.PDS_DID as string,
-    commitCid: result.commitCid,
-    rev: result.rev,
-    data: result.commitData,
-    sig: result.sig,
-    ops: result.ops,
-    blocks: result.blocks
-  });
+    const rateLimitResponse = await checkRate(env, request, 'writes', { key: auth.did });
+    writeRateCharged = true;
+    if (rateLimitResponse) return rateLimitResponse;
 
-  // Conform to official PDS response schema
-  const out = {
-    uri: result.uri,
-    cid: result.cid,
-    commit: {
-      cid: result.commitCid,
+    if (!(await isAccountActive(env, auth.did))) {
+      return jsonError('AccountDeactivated', 'Account is deactivated. Activate it before making changes.', 403);
+    }
+
+    const { prepared, result } = await retryNoSwapCommit(input, async () => {
+      const prepared = await prepareCreateRecord(env, auth, input);
+      const { write, repo } = prepared;
+      const result = await repo.createRecord(
+        write.collection,
+        write.record,
+        write.rkey,
+        write.blobKeys,
+        prepared.expectedCommitCid,
+      );
+      return { prepared, result };
+    });
+    await notifySequencer(env, {
+      did: prepared.did,
+      commitCid: result.commitCid,
       rev: result.rev,
-    },
-    validationStatus: 'unknown' as const,
-  };
+      data: result.commitData,
+      sig: result.sig,
+      ops: result.ops,
+      blocks: result.blocks
+    });
 
-  return new Response(JSON.stringify(out), {
-    headers: { 'Content-Type': 'application/json' },
-  });
+    return new Response(JSON.stringify({
+      uri: result.uri,
+      cid: result.cid,
+      commit: {
+        cid: result.commitCid,
+        rev: result.rev,
+      },
+      validationStatus: prepared.write.validationStatus,
+    }), {
+      headers: { 'Content-Type': 'application/json' },
+    });
+  } catch (error) {
+    if (!writeRateCharged && error instanceof RepoWriteError) {
+      const rateLimitResponse = await checkRate(env, request, 'writes', { key: auth.did });
+      if (rateLimitResponse) return rateLimitResponse;
+    }
+    return handleRepoWriteError(error);
+  }
 }