@alteran/astro 0.7.6 → 0.8.1

package/src/pages/xrpc/com.atproto.repo.deleteRecord.ts

@@ -1,72 +1,145 @@
 import type { APIContext } from 'astro';
-import { errorCode, errorMessage } from '../../lib/errors';
-import { verifyResourceRequestHybrid, dpopResourceUnauthorized, handleResourceAuthError } from '../../lib/oauth/resource';
+import { errorCode } from '../../lib/errors';
+import { verifyResourceRequestHybrid, dpopResourceUnauthorized, handleResourceAuthError, insufficientScopeResponse } from '../../lib/oauth/resource';
+import { canWriteRepo } from '../../lib/auth-scope';
 import { checkRate } from '../../lib/ratelimit';
 import { readJsonBounded } from '../../lib/util';
-import { RepoManager } from '../../services/repo-manager';
-import { bumpRoot } from '../../db/repo';
+import { assertRepoHead, bumpRoot } from '../../db/repo';
 import { notifySequencer } from '../../lib/sequencer';
+import {
+  deleteRecordStatements,
+  deleteUnreferencedBlobKeys,
+  getRecordBlobKeys,
+  isAccountActive,
+  setRecordBlobUsageStatements,
+  sweepEligibleUnreferencedBlobKeys,
+} from '../../db/dal';
+import {
+  assertRepoWriteInput,
+  deleteRecordAuthorizations,
+  handleRepoWriteError,
+  jsonError,
+  prepareDeleteRecord,
+  RepoWriteError,
+  retryNoSwapCommit,
+} from '../../lib/repo-write-validation';
 
 export const prerender = false;
 
 export async function POST({ locals, request }: APIContext) {
-  const { env } = locals.runtime;
+  const { env, ctx } = locals.runtime;
+  let auth: NonNullable<Awaited<ReturnType<typeof verifyResourceRequestHybrid>>>;
   try {
-    const auth = await verifyResourceRequestHybrid(env, request);
-    if (!auth) return dpopResourceUnauthorized(env);
+    const verified = await verifyResourceRequestHybrid(env, request);
+    if (!verified) return dpopResourceUnauthorized(env);
+    auth = verified;
   } catch (error) {
     const handled = await handleResourceAuthError(env, error);
     if (handled) return handled;
     throw error;
   }
 
-  const rateLimitResponse = await checkRate(env, request, 'writes');
-  if (rateLimitResponse) return rateLimitResponse;
-
-  let body: any;
+  let body: unknown;
   try {
     body = await readJsonBounded(env, request);
-  } catch (e) {
-    if (errorCode(e) === 'PayloadTooLarge') {
-      return new Response(JSON.stringify({ error: 'PayloadTooLarge' }), { status: 413 });
+  } catch (error) {
+    const rateLimitResponse = await checkRate(env, request, 'writes', { key: auth.did });
+    if (rateLimitResponse) return rateLimitResponse;
+    if (errorCode(error) === 'PayloadTooLarge') {
+      return jsonError('PayloadTooLarge', undefined, 413);
     }
-    return new Response(JSON.stringify({ error: 'BadRequest' }), { status: 400 });
+    return jsonError('BadRequest');
   }
-  const { collection, rkey } = body ?? {};
-  if (!collection || !rkey) return new Response(JSON.stringify({ error: 'BadRequest' }), { status: 400 });
 
-  const repo = new RepoManager(env);
-  // Perform the delete in the MST, gather prev/new roots & new blocks
-  const { mst, prevMstRoot, uri, newMstBlocks } = await repo.deleteRecord(collection, rkey);
+  let writeRateCharged = false;
+  try {
+    const input = assertRepoWriteInput('com.atproto.repo.deleteRecord', body);
+    for (const write of deleteRecordAuthorizations(input)) {
+      if (!canWriteRepo(auth.access, write.collection, write.action)) return insufficientScopeResponse();
+    }
+
+    const rateLimitResponse = await checkRate(env, request, 'writes', { key: auth.did });
+    writeRateCharged = true;
+    if (rateLimitResponse) return rateLimitResponse;
 
-  // Build ops & bump the repo root to create a signed commit
-  const currentRoot = await mst.getPointer();
-  const opsForCommit = [{ action: 'delete' as const, path: `${collection}/${rkey}`, cid: null }];
-  const { commitCid, rev, commitData, sig, blocks } = await bumpRoot(env, prevMstRoot ?? undefined, currentRoot, {
-    ops: opsForCommit,
-    newMstBlocks: Array.from(newMstBlocks),
-  });
+    if (!(await isAccountActive(env, auth.did))) {
+      return jsonError('AccountDeactivated', 'Account is deactivated. Activate it before making changes.', 403);
+    }
 
-  // Notify sequencer with a complete payload matching handleCommitNotification
-  await notifySequencer(env, {
-    did: env.PDS_DID as string,
-    commitCid,
-    rev,
-    data: commitData,
-    sig,
-    ops: opsForCommit,
-    blocks,
-  });
+    const committed = await retryNoSwapCommit(input, async () => {
+      const prepared = await prepareDeleteRecord(env, auth, input);
+      const { write, repo } = prepared;
+      if (!prepared.currentCid) {
+        await assertRepoHead(env, prepared.did, prepared.expectedCommitCid);
+        return { prepared, result: null };
+      }
 
-  // Respond with official schema
-  const out = {
-    commit: {
-      cid: commitCid,
+      const { mst, prevMstRoot, uri, newMstBlocks, currentCid } = await repo.deleteRecord(
+        write.collection,
+        write.rkey,
+      );
+      const previousBlobKeys = await getRecordBlobKeys(env, prepared.did, uri);
+      const currentRoot = await mst.getPointer();
+      const opsForCommit = [{
+        action: 'delete' as const,
+        path: `${write.collection}/${write.rkey}`,
+        cid: null,
+        prev: currentCid,
+      }];
+      const result = await bumpRoot(env, prevMstRoot ?? undefined, currentRoot, {
+        ops: opsForCommit,
+        newMstBlocks: Array.from(newMstBlocks),
+        expectedCommitCid: prepared.expectedCommitCid,
+        sideEffectStatements: (guard) => [
+          ...deleteRecordStatements(env, uri, guard),
+          ...setRecordBlobUsageStatements(env, prepared.did, uri, [], guard),
+        ],
+      });
+      return {
+        prepared,
+        result: {
+          ...result,
+          opsForCommit,
+          dereferencedBlobKeys: previousBlobKeys.map((key) => ({ did: prepared.did, key })),
+        },
+      };
+    });
+    if (!committed.result) {
+      return new Response(JSON.stringify({}), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    }
+    const { prepared, result } = committed;
+    const { commitCid, rev, commitData, sig, blocks, opsForCommit } = result;
+    await notifySequencer(env, {
+      did: prepared.did,
+      commitCid,
       rev,
-    },
-  };
+      data: commitData,
+      sig,
+      ops: opsForCommit,
+      blocks,
+    });
+    await deleteUnreferencedBlobKeys(env, result.dereferencedBlobKeys).catch((error) => {
+      console.warn('[deleteRecord] Failed to clean dereferenced blobs:', error);
+    });
+    ctx?.waitUntil(sweepEligibleUnreferencedBlobKeys(env).catch((error) => {
+      console.warn('[deleteRecord] Failed to sweep dereferenced blobs:', error);
+    }));
 
-  return new Response(JSON.stringify(out), {
-    headers: { 'Content-Type': 'application/json' },
-  });
+    return new Response(JSON.stringify({
+      commit: {
+        cid: commitCid,
+        rev,
+      },
+    }), {
+      headers: { 'Content-Type': 'application/json' },
+    });
+  } catch (error) {
+    if (!writeRateCharged && error instanceof RepoWriteError) {
+      const rateLimitResponse = await checkRate(env, request, 'writes', { key: auth.did });
+      if (rateLimitResponse) return rateLimitResponse;
+    }
+    return handleRepoWriteError(error);
+  }
 }

package/src/pages/xrpc/com.atproto.repo.describeRepo.ts

@@ -1,5 +1,11 @@
 import type { APIContext } from 'astro';
-import { getRoot } from '../../db/repo';
+import { buildDidDocument } from '../../lib/did-document';
+import {
+  configuredDid,
+  configuredHandle,
+  didDocClaimsHandle,
+  handleResolvesToDid,
+} from '../../lib/public-host';
 
 export const prerender = false;
 
@@ -10,30 +16,25 @@ export const prerender = false;
 export async function GET({ locals, url }: APIContext) {
   const { env } = locals.runtime;
 
-  const repo = url.searchParams.get('repo') || (env.PDS_DID as string);
-  const did = env.PDS_DID as string;
-  const handle = env.PDS_HANDLE || 'user.example.com';
+  const repo = url.searchParams.get('repo');
+  const did = await configuredDid(env);
+  const handle = await configuredHandle(env);
+  if (repo && repo !== did && repo.toLowerCase() !== handle.toLowerCase()) {
+    return new Response(
+      JSON.stringify({ error: 'NotFound', message: 'Repo not found' }),
+      { status: 404, headers: { 'Content-Type': 'application/json' } },
+    );
+  }
 
-  // Get repo root to check if repo exists
-  const root = await getRoot(env);
+  const didDoc = await buildDidDocument(env, did, handle);
+  const handleIsCorrect = didDocClaimsHandle(didDoc, handle) &&
+    await handleResolvesToDid(env, handle, did);
 
   return new Response(
     JSON.stringify({
       did,
       handle,
-      didDoc: {
-        '@context': ['https://www.w3.org/ns/did/v1'],
-        id: did,
-        alsoKnownAs: [`at://${handle}`],
-        verificationMethod: [],
-        service: [
-          {
-            id: '#atproto_pds',
-            type: 'AtprotoPersonalDataServer',
-            serviceEndpoint: `https://${handle}`,
-          },
-        ],
-      },
+      didDoc,
       collections: [
         'app.bsky.feed.post',
         'app.bsky.feed.like',
@@ -41,7 +42,7 @@ export async function GET({ locals, url }: APIContext) {
         'app.bsky.graph.follow',
         'app.bsky.actor.profile',
       ],
-      handleIsCorrect: true,
+      handleIsCorrect,
     }),
     {
       status: 200,

package/src/pages/xrpc/com.atproto.repo.getRecord.ts

@@ -30,7 +30,12 @@ export async function GET({ locals, request }: APIContext) {
   }
 
   const row = await dalGetRecord(env, uri);
-  if (!row) return new Response(JSON.stringify({ error: 'NotFound' }), { status: 404 });
+  if (!row) {
+    return new Response(
+      JSON.stringify({ error: 'RecordNotFound', message: `Could not locate record: ${uri}` }),
+      { status: 400, headers: { 'Content-Type': 'application/json' } },
+    );
+  }
 
   return new Response(JSON.stringify({ uri: row.uri, cid: row.cid, value: JSON.parse(row.json) }), {
     headers: { 'Content-Type': 'application/json' },

package/src/pages/xrpc/com.atproto.repo.listMissingBlobs.ts

@@ -1,6 +1,7 @@
 import type { APIContext } from 'astro';
 import { errorMessage } from '../../lib/errors';
-import { authErrorResponse, isAuthorized, unauthorized } from '../../lib/auth';
+import { authErrorResponse, authenticateRequest, unauthorized } from '../../lib/auth';
+import { canUseAppPasswordLevelAccess } from '../../lib/auth-scope';
 import { getDb } from '../../db/client';
 import { record, blob_ref } from '../../db/schema';
 import { eq } from 'drizzle-orm';
@@ -18,7 +19,8 @@ export async function GET({ locals, request, url }: APIContext) {
   const { env } = locals.runtime;
 
   try {
-    if (!(await isAuthorized(request, env))) return unauthorized();
+    const auth = await authenticateRequest(request, env);
+    if (!auth || !canUseAppPasswordLevelAccess(auth.access)) return unauthorized();
   } catch (error) {
     const handled = await authErrorResponse(env, error);
     if (handled) return handled;

package/src/pages/xrpc/com.atproto.repo.putRecord.ts

@@ -1,72 +1,109 @@
 import type { APIContext } from 'astro';
-import { errorCode, errorMessage } from '../../lib/errors';
-import { verifyResourceRequestHybrid, dpopResourceUnauthorized, handleResourceAuthError } from '../../lib/oauth/resource';
+import { errorCode } from '../../lib/errors';
+import { verifyResourceRequestHybrid, dpopResourceUnauthorized, handleResourceAuthError, insufficientScopeResponse } from '../../lib/oauth/resource';
+import { canWriteRepo } from '../../lib/auth-scope';
 import { checkRate } from '../../lib/ratelimit';
 import { readJsonBounded } from '../../lib/util';
-import { RepoManager } from '../../services/repo-manager';
 import { notifySequencer } from '../../lib/sequencer';
+import { deleteUnreferencedBlobKeys, isAccountActive, sweepEligibleUnreferencedBlobKeys } from '../../db/dal';
+import {
+  assertRepoWriteInput,
+  handleRepoWriteError,
+  jsonError,
+  preparePutRecord,
+  putRecordAuthorizations,
+  RepoWriteError,
+  retryNoSwapCommit,
+} from '../../lib/repo-write-validation';
 
 export const prerender = false;
 
 export async function POST({ locals, request }: APIContext) {
-  const { env } = locals.runtime;
+  const { env, ctx } = locals.runtime;
+  let auth: NonNullable<Awaited<ReturnType<typeof verifyResourceRequestHybrid>>>;
   try {
-    const auth = await verifyResourceRequestHybrid(env, request);
-    if (!auth) return dpopResourceUnauthorized(env);
+    const verified = await verifyResourceRequestHybrid(env, request);
+    if (!verified) return dpopResourceUnauthorized(env);
+    auth = verified;
   } catch (error) {
     const handled = await handleResourceAuthError(env, error);
     if (handled) return handled;
     throw error;
   }
 
-  const rateLimitResponse = await checkRate(env, request, 'writes');
-  if (rateLimitResponse) return rateLimitResponse;
-
-  let body: any;
+  let body: unknown;
   try {
     body = await readJsonBounded(env, request);
-  } catch (e) {
-    if (errorCode(e) === 'PayloadTooLarge') {
-      return new Response(JSON.stringify({ error: 'PayloadTooLarge' }), { status: 413 });
+  } catch (error) {
+    const rateLimitResponse = await checkRate(env, request, 'writes', { key: auth.did });
+    if (rateLimitResponse) return rateLimitResponse;
+    if (errorCode(error) === 'PayloadTooLarge') {
+      return jsonError('PayloadTooLarge', undefined, 413);
     }
-    return new Response(JSON.stringify({ error: 'BadRequest' }), { status: 400 });
+    return jsonError('BadRequest');
   }
-  const { collection, rkey } = body ?? {};
-  let { record } = body ?? {};
-  if (!collection || !rkey || !record) return new Response(JSON.stringify({ error: 'BadRequest' }), { status: 400 });
 
-  if (collection === 'app.bsky.feed.post' && record && typeof record === 'object') {
-    if (typeof record.text !== 'string') {
-      record.text = '';
-    }
-    if (typeof record.createdAt !== 'string') {
-      record.createdAt = new Date().toISOString();
+  let writeRateCharged = false;
+  try {
+    const input = assertRepoWriteInput('com.atproto.repo.putRecord', body);
+    for (const write of putRecordAuthorizations(input)) {
+      if (!canWriteRepo(auth.access, write.collection, write.action)) return insufficientScopeResponse();
     }
-  }
 
-  const repo = new RepoManager(env);
-  const result = await repo.putRecord(collection, rkey, record);
-  await notifySequencer(env, {
-    did: env.PDS_DID as string,
-    commitCid: result.commitCid,
-    rev: result.rev,
-    data: result.commitData,
-    sig: result.sig,
-    ops: result.ops,
-    blocks: result.blocks
-  });
+    const rateLimitResponse = await checkRate(env, request, 'writes', { key: auth.did });
+    writeRateCharged = true;
+    if (rateLimitResponse) return rateLimitResponse;
 
-  const out = {
-    uri: result.uri,
-    cid: result.cid,
-    commit: {
-      cid: result.commitCid,
-      rev: result.rev,
-    },
-    validationStatus: 'unknown' as const,
-  };
+    if (!(await isAccountActive(env, auth.did))) {
+      return jsonError('AccountDeactivated', 'Account is deactivated. Activate it before making changes.', 403);
+    }
 
-  return new Response(JSON.stringify(out), {
-    headers: { 'Content-Type': 'application/json' },
-  });
+    const { prepared, result } = await retryNoSwapCommit(input, async () => {
+      const prepared = await preparePutRecord(env, auth, input);
+      const { write, repo } = prepared;
+      const result = await repo.putRecord(
+        write.collection,
+        write.rkey,
+        write.record,
+        write.blobKeys,
+        prepared.expectedCommitCid,
+      );
+      return { prepared, result };
+    });
+    if (result.commitCid && result.rev && result.commitData && result.sig && result.blocks) {
+      await notifySequencer(env, {
+        did: prepared.did,
+        commitCid: result.commitCid,
+        rev: result.rev,
+        data: result.commitData,
+        sig: result.sig,
+        ops: result.ops,
+        blocks: result.blocks
+      });
+      await deleteUnreferencedBlobKeys(env, result.dereferencedBlobKeys).catch((error) => {
+        console.warn('[putRecord] Failed to clean dereferenced blobs:', error);
+      });
+      ctx?.waitUntil(sweepEligibleUnreferencedBlobKeys(env).catch((error) => {
+        console.warn('[putRecord] Failed to sweep dereferenced blobs:', error);
+      }));
+    }
+
+    return new Response(JSON.stringify({
+      uri: result.uri,
+      cid: result.cid,
+      ...(result.commitCid && result.rev ? { commit: {
+        cid: result.commitCid,
+        rev: result.rev,
+      } } : {}),
+      validationStatus: prepared.write.validationStatus,
+    }), {
+      headers: { 'Content-Type': 'application/json' },
+    });
+  } catch (error) {
+    if (!writeRateCharged && error instanceof RepoWriteError) {
+      const rateLimitResponse = await checkRate(env, request, 'writes', { key: auth.did });
+      if (rateLimitResponse) return rateLimitResponse;
+    }
+    return handleRepoWriteError(error);
+  }
 }