npm - @atproto/pds - Versions diffs - 0.4.103 → 0.4.105 - Mend

@atproto/pds 0.4.103 → 0.4.105

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (328) hide show

package/dist/account-manager/oauth-store.d.ts ADDED Viewed

@@ -0,0 +1,58 @@
+import { Client } from '@did-plc/lib';
+import { Keypair } from '@atproto/crypto';
+import { Account, AccountInfo, AccountStore, AuthenticateAccountData, Code, DeviceAccountInfo, DeviceData, DeviceId, DeviceStore, FoundRequestResult, NewTokenData, RefreshToken, RequestData, RequestId, RequestStore, ResetPasswordConfirmData, ResetPasswordRequestData, SignUpData, TokenData, TokenId, TokenInfo, TokenStore, UpdateRequestData } from '@atproto/oauth-provider';
+import { ActorStore } from '../actor-store/actor-store';
+import { BackgroundQueue } from '../background';
+import { ImageUrlBuilder } from '../image/image-url-builder';
+import { ServerMailer } from '../mailer';
+import { Sequencer } from '../sequencer';
+import { AccountManager } from './account-manager';
+/**
+ * This class' purpose is to implement the interface needed by the OAuthProvider
+ * to interact with the account database (through the {@link AccountManager}).
+ *
+ * @note The use of this class assumes that there is no entryway.
+ */
+export declare class OAuthStore implements AccountStore, RequestStore, DeviceStore, TokenStore {
+    private readonly accountManager;
+    private readonly actorStore;
+    private readonly imageUrlBuilder;
+    private readonly backgroundQueue;
+    private readonly mailer;
+    private readonly sequencer;
+    private readonly plcClient;
+    private readonly plcRotationKey;
+    private readonly publicUrl;
+    private readonly recoveryDidKey;
+    constructor(accountManager: AccountManager, actorStore: ActorStore, imageUrlBuilder: ImageUrlBuilder, backgroundQueue: BackgroundQueue, mailer: ServerMailer, sequencer: Sequencer, plcClient: Client, plcRotationKey: Keypair, publicUrl: string, recoveryDidKey: string | null);
+    private get db();
+    private get serviceDid();
+    private buildAccount;
+    private verifyEmailAvailability;
+    createAccount({ locale: _locale, inviteCode, handle, email, password, }: SignUpData): Promise<Account>;
+    authenticateAccount({ locale: _locale, username: identifier, password, emailOtp, }: AuthenticateAccountData): Promise<Account>;
+    addDeviceAccount(deviceId: DeviceId, sub: string, remember: boolean): Promise<DeviceAccountInfo>;
+    addAuthorizedClient(deviceId: DeviceId, sub: string, clientId: string): Promise<void>;
+    getDeviceAccount(deviceId: DeviceId, sub: string): Promise<AccountInfo | null>;
+    listDeviceAccounts(deviceId: DeviceId): Promise<AccountInfo[]>;
+    removeDeviceAccount(deviceId: DeviceId, sub: string): Promise<void>;
+    resetPasswordRequest({ locale: _locale, email, }: ResetPasswordRequestData): Promise<void>;
+    resetPasswordConfirm(data: ResetPasswordConfirmData): Promise<void>;
+    verifyHandleAvailability(handle: string): Promise<void>;
+    createRequest(id: RequestId, data: RequestData): Promise<void>;
+    readRequest(id: RequestId): Promise<RequestData | null>;
+    updateRequest(id: RequestId, data: UpdateRequestData): Promise<void>;
+    deleteRequest(id: RequestId): Promise<void>;
+    findRequestByCode(code: Code): Promise<FoundRequestResult | null>;
+    createDevice(deviceId: DeviceId, data: DeviceData): Promise<void>;
+    readDevice(deviceId: DeviceId): Promise<null | DeviceData>;
+    updateDevice(deviceId: DeviceId, data: Partial<DeviceData>): Promise<void>;
+    deleteDevice(deviceId: DeviceId): Promise<void>;
+    createToken(id: TokenId, data: TokenData, refreshToken?: RefreshToken): Promise<void>;
+    readToken(tokenId: TokenId): Promise<TokenInfo | null>;
+    deleteToken(tokenId: TokenId): Promise<void>;
+    rotateToken(tokenId: TokenId, newTokenId: TokenId, newRefreshToken: RefreshToken, newData: NewTokenData): Promise<void>;
+    findTokenByRefreshToken(refreshToken: RefreshToken): Promise<TokenInfo | null>;
+    findTokenByCode(code: Code): Promise<TokenInfo | null>;
+}
+//# sourceMappingURL=oauth-store.d.ts.map

package/dist/account-manager/oauth-store.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth-store.d.ts","sourceRoot":"","sources":["../../src/account-manager/oauth-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAA2B,MAAM,cAAc,CAAA;AAE9D,OAAO,EAAE,OAAO,EAAoB,MAAM,iBAAiB,CAAA;AAC3D,OAAO,EACL,OAAO,EACP,WAAW,EACX,YAAY,EACZ,uBAAuB,EACvB,IAAI,EACJ,iBAAiB,EACjB,UAAU,EACV,QAAQ,EACR,WAAW,EACX,kBAAkB,EAGlB,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,SAAS,EACT,YAAY,EACZ,wBAAwB,EACxB,wBAAwB,EACxB,UAAU,EACV,SAAS,EACT,OAAO,EACP,SAAS,EACT,UAAU,EACV,iBAAiB,EAClB,MAAM,yBAAyB,CAAA;AAKhC,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAA;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAA;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAA;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AACxC,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAQlD;;;;;GAKG;AACH,qBAAa,UACX,YAAW,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,UAAU;IAG5D,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;gBATd,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU,EACtB,eAAe,EAAE,eAAe,EAChC,eAAe,EAAE,eAAe,EAChC,MAAM,EAAE,YAAY,EACpB,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,OAAO,EACvB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,MAAM,GAAG,IAAI;IAGhD,OAAO,KAAK,EAAE,GAIb;IAED,OAAO,KAAK,UAAU,GAErB;YAEa,YAAY;YAuBZ,uBAAuB;IAe/B,aAAa,CAAC,EAClB,MAAM,EAAE,OAAO,EACf,UAAU,EACV,MAAM,EACN,KAAK,EACL,QAAQ,GACT,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC;IAkE1B,mBAAmB,CAAC,EACxB,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,UAAU,EACpB,QAAQ,EAER,QAAoB,GACrB,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,CAAC;IA4BvC,gBAAgB,CACpB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,MAAM,EACX,QAAQ,EAAE,OAAO,GAChB,OAAO,CAAC,iBAAiB,CAAC;IAQvB,mBAAmB,CACvB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,MAAM,EACX,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC;IAiBV,gBAAgB,CACpB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAaxB,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAa9D,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMnE,oBAAoB,CAAC,EACzB,MAAM,EAAE,OAAO,EACf,KAAK,GACN,EAAE,wBAAwB,GAAG,OAAO,CAAC,IAAI,CAAC;IAqBrC,oBAAoB,CAAC,IAAI,EAAE,wBAAwB,GAAG,OAAO,CAAC,IAAI,CAAC;IAInE,wBAAwB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkCvD,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9D,WAAW,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAevD,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpE,aAAa,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAI3C,iBAAiB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IAOjE,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAIjE,UAAU,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,GAAG,UAAU,CAAC;IAK1D,YAAY,CAChB,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,GACxB,OAAO,CAAC,IAAI,CAAC;IAIV,YAAY,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAO/C,WAAW,CACf,EAAE,EAAE,OAAO,EACX,IAAI,EAAE,SAAS,EACf,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,IAAI,CAAC;IAgBV,SAAS,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAKtD,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAK5C,WAAW,CACf,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,OAAO,EACnB,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,IAAI,CAAC;IA6BV,uBAAuB,CAC3B,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAatB,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;CAI7D"}

package/dist/account-manager/oauth-store.js ADDED Viewed

@@ -0,0 +1,417 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OAuthStore = void 0;
+const lib_1 = require("@did-plc/lib");
+const crypto_1 = require("@atproto/crypto");
+const oauth_provider_1 = require("@atproto/oauth-provider");
+const xrpc_server_1 = require("@atproto/xrpc-server");
+const account_1 = require("./helpers/account");
+const authRequest = __importStar(require("./helpers/authorization-request"));
+const device = __importStar(require("./helpers/device"));
+const deviceAccount = __importStar(require("./helpers/device-account"));
+const token = __importStar(require("./helpers/token"));
+const usedRefreshToken = __importStar(require("./helpers/used-refresh-token"));
+/**
+ * This class' purpose is to implement the interface needed by the OAuthProvider
+ * to interact with the account database (through the {@link AccountManager}).
+ *
+ * @note The use of this class assumes that there is no entryway.
+ */
+class OAuthStore {
+    constructor(accountManager, actorStore, imageUrlBuilder, backgroundQueue, mailer, sequencer, plcClient, plcRotationKey, publicUrl, recoveryDidKey) {
+        Object.defineProperty(this, "accountManager", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: accountManager
+        });
+        Object.defineProperty(this, "actorStore", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: actorStore
+        });
+        Object.defineProperty(this, "imageUrlBuilder", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: imageUrlBuilder
+        });
+        Object.defineProperty(this, "backgroundQueue", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: backgroundQueue
+        });
+        Object.defineProperty(this, "mailer", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: mailer
+        });
+        Object.defineProperty(this, "sequencer", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: sequencer
+        });
+        Object.defineProperty(this, "plcClient", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: plcClient
+        });
+        Object.defineProperty(this, "plcRotationKey", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: plcRotationKey
+        });
+        Object.defineProperty(this, "publicUrl", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: publicUrl
+        });
+        Object.defineProperty(this, "recoveryDidKey", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: recoveryDidKey
+        });
+    }
+    get db() {
+        const { db } = this.accountManager;
+        if (db.destroyed)
+            throw new Error('Database connection is closed');
+        return db;
+    }
+    get serviceDid() {
+        return this.accountManager.serviceDid;
+    }
+    async buildAccount(row) {
+        const account = deviceAccount.toAccount(row, this.serviceDid);
+        if (!account.name || !account.picture) {
+            const did = account.sub;
+            const profile = await this.actorStore.read(did, async (store) => {
+                return store.record.getProfileRecord();
+            });
+            if (profile) {
+                const { avatar, displayName } = profile;
+                account.name || (account.name = displayName);
+                account.picture || (account.picture = avatar
+                    ? this.imageUrlBuilder.build('avatar', did, avatar.ref.toString())
+                    : undefined);
+            }
+        }
+        return account;
+    }
+    async verifyEmailAvailability(email) {
+        // @NOTE Email validity & disposability check performed by the OAuthProvider
+        const account = await this.accountManager.getAccountByEmail(email, {
+            includeDeactivated: true,
+            includeTakenDown: true,
+        });
+        if (account) {
+            throw new oauth_provider_1.InvalidRequestError(`Email already taken`);
+        }
+    }
+    // AccountStore
+    async createAccount({ locale: _locale, inviteCode, handle, email, password, }) {
+        // @TODO Send an account creation confirmation email (+verification link) to the user (in their locale)
+        // @NOTE Password strength already enforced by the OAuthProvider
+        await Promise.all([
+            this.verifyEmailAvailability(email),
+            this.verifyHandleAvailability(handle),
+            !inviteCode || this.accountManager.ensureInviteIsAvailable(inviteCode),
+        ]);
+        // @TODO The code bellow should probably be refactored to be common with the
+        // code of the `com.atproto.server.createAccount` XRPC endpoint.
+        const signingKey = await crypto_1.Secp256k1Keypair.create({ exportable: true });
+        const signingKeyDid = signingKey.did();
+        const plcCreate = await (0, lib_1.createOp)({
+            signingKey: signingKeyDid,
+            rotationKeys: this.recoveryDidKey
+                ? [this.recoveryDidKey, this.plcRotationKey.did()]
+                : [this.plcRotationKey.did()],
+            handle,
+            pds: this.publicUrl,
+            signer: this.plcRotationKey,
+        });
+        const { did, op } = plcCreate;
+        await this.actorStore.create(did, signingKey);
+        try {
+            const commit = await this.actorStore.transact(did, (actorTxn) => actorTxn.repo.createRepo([]));
+            await this.plcClient.sendOperation(did, op);
+            await this.accountManager.createAccount({
+                did,
+                handle,
+                email,
+                password,
+                inviteCode,
+                repoCid: commit.cid,
+                repoRev: commit.rev,
+            });
+            try {
+                await this.sequencer.sequenceIdentityEvt(did, handle);
+                await this.sequencer.sequenceAccountEvt(did, account_1.AccountStatus.Active);
+                await this.sequencer.sequenceCommit(did, commit);
+                await this.accountManager.updateRepoRoot(did, commit.cid, commit.rev);
+                await this.actorStore.clearReservedKeypair(signingKeyDid, did);
+                const account = await this.accountManager.getAccount(did);
+                if (!account)
+                    throw new Error('Account not found');
+                return await this.buildAccount(account);
+            }
+            catch (err) {
+                this.accountManager.deleteAccount(did);
+                throw err;
+            }
+        }
+        catch (err) {
+            await this.actorStore.destroy(did);
+            throw err;
+        }
+    }
+    async authenticateAccount({ locale: _locale, username: identifier, password,
+    // Not supported by the PDS (yet?)
+    emailOtp = undefined, }) {
+        // @TODO (?) Send an email to the user to notify them of the login attempt
+        try {
+            // Should never happen
+            if (emailOtp != null) {
+                throw new Error('Email OTP is not supported');
+            }
+            const { user, appPassword, isSoftDeleted } = await this.accountManager.login({ identifier, password });
+            if (isSoftDeleted) {
+                throw new oauth_provider_1.InvalidRequestError('Account was taken down');
+            }
+            if (appPassword) {
+                throw new oauth_provider_1.InvalidRequestError('App passwords are not allowed');
+            }
+            return this.buildAccount(user);
+        }
+        catch (err) {
+            if (err instanceof xrpc_server_1.AuthRequiredError) {
+                throw new oauth_provider_1.InvalidRequestError(err.message, err);
+            }
+            throw err;
+        }
+    }
+    async addDeviceAccount(deviceId, sub, remember) {
+        const [row] = await this.db.executeWithRetry(deviceAccount.createOrUpdateQB(this.db, deviceId, sub, remember));
+        if (!row)
+            throw new Error('Failed to create device account');
+        return deviceAccount.toDeviceAccountInfo(row);
+    }
+    async addAuthorizedClient(deviceId, sub, clientId) {
+        await this.db.transaction(async (dbTxn) => {
+            const row = await deviceAccount
+                .readQB(dbTxn, deviceId, sub)
+                .executeTakeFirstOrThrow();
+            const { authorizedClients } = deviceAccount.toDeviceAccountInfo(row);
+            if (!authorizedClients.includes(clientId)) {
+                await deviceAccount
+                    .updateQB(dbTxn, deviceId, sub, {
+                    authorizedClients: [...authorizedClients, clientId],
+                })
+                    .execute();
+            }
+        });
+    }
+    async getDeviceAccount(deviceId, sub) {
+        const row = await deviceAccount
+            .getAccountInfoQB(this.db, deviceId, sub)
+            .executeTakeFirst();
+        if (!row)
+            return null;
+        return {
+            account: await this.buildAccount(row),
+            info: deviceAccount.toDeviceAccountInfo(row),
+        };
+    }
+    async listDeviceAccounts(deviceId) {
+        const rows = await deviceAccount
+            .listRememberedQB(this.db, deviceId)
+            .execute();
+        return Promise.all(rows.map(async (row) => ({
+            account: await this.buildAccount(row),
+            info: deviceAccount.toDeviceAccountInfo(row),
+        })));
+    }
+    async removeDeviceAccount(deviceId, sub) {
+        await this.db.executeWithRetry(deviceAccount.removeQB(this.db, deviceId, sub));
+    }
+    async resetPasswordRequest({ locale: _locale, email, }) {
+        const account = await this.accountManager.getAccountByEmail(email, {
+            includeDeactivated: true,
+            includeTakenDown: true,
+        });
+        if (!account?.email || !account?.handle)
+            return;
+        const { handle } = account;
+        const token = await this.accountManager.createEmailToken(account.did, 'reset_password');
+        // @TODO Use the locale to send the email in the right language
+        await this.mailer.sendResetPassword({ handle, token }, { to: account.email });
+    }
+    async resetPasswordConfirm(data) {
+        await this.accountManager.resetPassword(data);
+    }
+    async verifyHandleAvailability(handle) {
+        // @NOTE Handle validity & normalization already enforced by the OAuthProvider
+        try {
+            const normalized = await this.accountManager.normalizeAndValidateHandle(handle);
+            // Should never happen (OAuthProvider should have already validated the
+            // handle) This check is just a safeguard against future normalization
+            // changes.
+            if (normalized !== handle) {
+                throw new oauth_provider_1.HandleUnavailableError('syntax', 'Invalid handle');
+            }
+            const account = await this.accountManager.getAccount(normalized, {
+                includeDeactivated: true,
+                includeTakenDown: true,
+            });
+            if (account) {
+                throw new oauth_provider_1.HandleUnavailableError('taken');
+            }
+        }
+        catch (err) {
+            if (err instanceof xrpc_server_1.InvalidRequestError) {
+                throw err.customErrorName === 'HandleNotAvailable'
+                    ? new oauth_provider_1.HandleUnavailableError('taken', err.message)
+                    : new oauth_provider_1.HandleUnavailableError('syntax', err.message);
+            }
+            throw err;
+        }
+    }
+    // RequestStore
+    async createRequest(id, data) {
+        await this.db.executeWithRetry(authRequest.createQB(this.db, id, data));
+    }
+    async readRequest(id) {
+        try {
+            const row = await authRequest.readQB(this.db, id).executeTakeFirst();
+            if (!row)
+                return null;
+            return authRequest.rowToRequestData(row);
+        }
+        finally {
+            // Take the opportunity to clean up expired requests. Do this after we got
+            // the current (potentially expired) request data to allow the provider to
+            // handle expired requests.
+            this.backgroundQueue.add(async () => {
+                await this.db.executeWithRetry(authRequest.removeOldExpiredQB(this.db));
+            });
+        }
+    }
+    async updateRequest(id, data) {
+        await this.db.executeWithRetry(authRequest.updateQB(this.db, id, data));
+    }
+    async deleteRequest(id) {
+        await this.db.executeWithRetry(authRequest.removeByIdQB(this.db, id));
+    }
+    async findRequestByCode(code) {
+        const row = await authRequest.findByCodeQB(this.db, code).executeTakeFirst();
+        return row ? authRequest.rowToFoundRequestResult(row) : null;
+    }
+    // DeviceStore
+    async createDevice(deviceId, data) {
+        await this.db.executeWithRetry(device.createQB(this.db, deviceId, data));
+    }
+    async readDevice(deviceId) {
+        const row = await device.readQB(this.db, deviceId).executeTakeFirst();
+        return row ? device.rowToDeviceData(row) : null;
+    }
+    async updateDevice(deviceId, data) {
+        await this.db.executeWithRetry(device.updateQB(this.db, deviceId, data));
+    }
+    async deleteDevice(deviceId) {
+        // Will cascade to device_account (device_account_device_id_fk)
+        await this.db.executeWithRetry(device.removeQB(this.db, deviceId));
+    }
+    // TokenStore
+    async createToken(id, data, refreshToken) {
+        await this.db.transaction(async (dbTxn) => {
+            if (refreshToken) {
+                const { count } = await usedRefreshToken
+                    .countQB(dbTxn, refreshToken)
+                    .executeTakeFirstOrThrow();
+                if (count > 0) {
+                    throw new Error('Refresh token already in use');
+                }
+            }
+            return token.createQB(dbTxn, id, data, refreshToken).execute();
+        });
+    }
+    async readToken(tokenId) {
+        const row = await token.findByQB(this.db, { tokenId }).executeTakeFirst();
+        return row ? token.toTokenInfo(row, this.serviceDid) : null;
+    }
+    async deleteToken(tokenId) {
+        // Will cascade to used_refresh_token (used_refresh_token_fk)
+        await this.db.executeWithRetry(token.removeQB(this.db, tokenId));
+    }
+    async rotateToken(tokenId, newTokenId, newRefreshToken, newData) {
+        const err = await this.db.transaction(async (dbTxn) => {
+            const { id, currentRefreshToken } = await token
+                .forRotateQB(dbTxn, tokenId)
+                .executeTakeFirstOrThrow();
+            if (currentRefreshToken) {
+                await usedRefreshToken
+                    .insertQB(dbTxn, id, currentRefreshToken)
+                    .execute();
+            }
+            const { count } = await usedRefreshToken
+                .countQB(dbTxn, newRefreshToken)
+                .executeTakeFirstOrThrow();
+            if (count > 0) {
+                // Do NOT throw (we don't want the transaction to be rolled back)
+                return new Error('New refresh token already in use');
+            }
+            await token
+                .rotateQB(dbTxn, id, newTokenId, newRefreshToken, newData)
+                .execute();
+        });
+        if (err)
+            throw err;
+    }
+    async findTokenByRefreshToken(refreshToken) {
+        const used = await usedRefreshToken
+            .findByTokenQB(this.db, refreshToken)
+            .executeTakeFirst();
+        const search = used
+            ? { id: used.tokenId }
+            : { currentRefreshToken: refreshToken };
+        const row = await token.findByQB(this.db, search).executeTakeFirst();
+        return row ? token.toTokenInfo(row, this.serviceDid) : null;
+    }
+    async findTokenByCode(code) {
+        const row = await token.findByQB(this.db, { code }).executeTakeFirst();
+        return row ? token.toTokenInfo(row, this.serviceDid) : null;
+    }
+}
+exports.OAuthStore = OAuthStore;
+//# sourceMappingURL=oauth-store.js.map

package/dist/account-manager/oauth-store.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth-store.js","sourceRoot":"","sources":["../../src/account-manager/oauth-store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,sCAA8D;AAE9D,4CAA2D;AAC3D,4DA0BgC;AAChC,sDAG6B;AAO7B,+CAA+D;AAC/D,6EAA8D;AAC9D,yDAA0C;AAC1C,wEAAyD;AACzD,uDAAwC;AACxC,+EAAgE;AAEhE;;;;;GAKG;AACH,MAAa,UAAU;IAGrB,YACmB,cAA8B,EAC9B,UAAsB,EACtB,eAAgC,EAChC,eAAgC,EAChC,MAAoB,EACpB,SAAoB,EACpB,SAAiB,EACjB,cAAuB,EACvB,SAAiB,EACjB,cAA6B;QAT9C;;;;mBAAiB,cAAc;WAAgB;QAC/C;;;;mBAAiB,UAAU;WAAY;QACvC;;;;mBAAiB,eAAe;WAAiB;QACjD;;;;mBAAiB,eAAe;WAAiB;QACjD;;;;mBAAiB,MAAM;WAAc;QACrC;;;;mBAAiB,SAAS;WAAW;QACrC;;;;mBAAiB,SAAS;WAAQ;QAClC;;;;mBAAiB,cAAc;WAAS;QACxC;;;;mBAAiB,SAAS;WAAQ;QAClC;;;;mBAAiB,cAAc;WAAe;IAC7C,CAAC;IAEJ,IAAY,EAAE;QACZ,MAAM,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,cAAc,CAAA;QAClC,IAAI,EAAE,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;QAClE,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAY,UAAU;QACpB,OAAO,IAAI,CAAC,cAAc,CAAC,UAAU,CAAA;IACvC,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,GAA6B;QACtD,MAAM,OAAO,GAAG,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAA;QAE7D,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACtC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAA;YAEvB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;gBAC9D,OAAO,KAAK,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAA;YACxC,CAAC,CAAC,CAAA;YAEF,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,OAAO,CAAA;gBAEvC,OAAO,CAAC,IAAI,KAAZ,OAAO,CAAC,IAAI,GAAK,WAAW,EAAA;gBAC5B,OAAO,CAAC,OAAO,KAAf,OAAO,CAAC,OAAO,GAAK,MAAM;oBACxB,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;oBAClE,CAAC,CAAC,SAAS,EAAA;YACf,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;IAEO,KAAK,CAAC,uBAAuB,CAAC,KAAa;QACjD,4EAA4E;QAE5E,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,KAAK,EAAE;YACjE,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QAEF,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,IAAI,oCAAmB,CAAC,qBAAqB,CAAC,CAAA;QACtD,CAAC;IACH,CAAC;IAED,eAAe;IAEf,KAAK,CAAC,aAAa,CAAC,EAClB,MAAM,EAAE,OAAO,EACf,UAAU,EACV,MAAM,EACN,KAAK,EACL,QAAQ,GACG;QACX,uGAAuG;QACvG,gEAAgE;QAEhE,MAAM,OAAO,CAAC,GAAG,CAAC;YAChB,IAAI,CAAC,uBAAuB,CAAC,KAAK,CAAC;YACnC,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC;YACrC,CAAC,UAAU,IAAI,IAAI,CAAC,cAAc,CAAC,uBAAuB,CAAC,UAAU,CAAC;SACvE,CAAC,CAAA;QAEF,4EAA4E;QAC5E,gEAAgE;QAEhE,MAAM,UAAU,GAAG,MAAM,yBAAgB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAA;QACtE,MAAM,aAAa,GAAG,UAAU,CAAC,GAAG,EAAE,CAAA;QAEtC,MAAM,SAAS,GAAG,MAAM,IAAA,cAAW,EAAC;YAClC,UAAU,EAAE,aAAa;YACzB,YAAY,EAAE,IAAI,CAAC,cAAc;gBAC/B,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC;gBAClD,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC;YAC/B,MAAM;YACN,GAAG,EAAE,IAAI,CAAC,SAAS;YACnB,MAAM,EAAE,IAAI,CAAC,cAAc;SAC5B,CAAC,CAAA;QAEF,MAAM,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,SAAS,CAAA;QAE7B,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,CAAA;QAC7C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE,CAC9D,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAC7B,CAAA;YAED,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,EAAE,CAAC,CAAA;YAE3C,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC;gBACtC,GAAG;gBACH,MAAM;gBACN,KAAK;gBACL,QAAQ;gBACR,UAAU;gBACV,OAAO,EAAE,MAAM,CAAC,GAAG;gBACnB,OAAO,EAAE,MAAM,CAAC,GAAG;aACpB,CAAC,CAAA;YACF,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,SAAS,CAAC,mBAAmB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;gBACrD,MAAM,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,GAAG,EAAE,uBAAa,CAAC,MAAM,CAAC,CAAA;gBAClE,MAAM,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;gBAChD,MAAM,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAA;gBACrE,MAAM,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,aAAa,EAAE,GAAG,CAAC,CAAA;gBAE9D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;gBACzD,IAAI,CAAC,OAAO;oBAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAA;gBAElD,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;YACzC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;gBACtC,MAAM,GAAG,CAAA;YACX,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;YAClC,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,EACxB,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,UAAU,EACpB,QAAQ;IACR,kCAAkC;IAClC,QAAQ,GAAG,SAAS,GACI;QACxB,0EAA0E;QAC1E,IAAI,CAAC;YACH,sBAAsB;YACtB,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;YAC/C,CAAC;YAED,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,EAAE,GACxC,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC,CAAA;YAE3D,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,IAAI,oCAAmB,CAAC,wBAAwB,CAAC,CAAA;YACzD,CAAC;YAED,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,oCAAmB,CAAC,+BAA+B,CAAC,CAAA;YAChE,CAAC;YAED,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;QAChC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,+BAAqB,EAAE,CAAC;gBACzC,MAAM,IAAI,oCAAmB,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;YACjD,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,QAAkB,EAClB,GAAW,EACX,QAAiB;QAEjB,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC1C,aAAa,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,CAAC,CACjE,CAAA;QACD,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAA;QAC5D,OAAO,aAAa,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAA;IAC/C,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,QAAkB,EAClB,GAAW,EACX,QAAgB;QAEhB,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACxC,MAAM,GAAG,GAAG,MAAM,aAAa;iBAC5B,MAAM,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,CAAC;iBAC5B,uBAAuB,EAAE,CAAA;YAE5B,MAAM,EAAE,iBAAiB,EAAE,GAAG,aAAa,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAA;YACpE,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1C,MAAM,aAAa;qBAChB,QAAQ,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,EAAE;oBAC9B,iBAAiB,EAAE,CAAC,GAAG,iBAAiB,EAAE,QAAQ,CAAC;iBACpD,CAAC;qBACD,OAAO,EAAE,CAAA;YACd,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,QAAkB,EAClB,GAAW;QAEX,MAAM,GAAG,GAAG,MAAM,aAAa;aAC5B,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC;aACxC,gBAAgB,EAAE,CAAA;QAErB,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAA;QAErB,OAAO;YACL,OAAO,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YACrC,IAAI,EAAE,aAAa,CAAC,mBAAmB,CAAC,GAAG,CAAC;SAC7C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,QAAkB;QACzC,MAAM,IAAI,GAAG,MAAM,aAAa;aAC7B,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC;aACnC,OAAO,EAAE,CAAA;QAEZ,OAAO,OAAO,CAAC,GAAG,CAChB,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YACvB,OAAO,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YACrC,IAAI,EAAE,aAAa,CAAC,mBAAmB,CAAC,GAAG,CAAC;SAC7C,CAAC,CAAC,CACJ,CAAA;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,QAAkB,EAAE,GAAW;QACvD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,CAC/C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,EACzB,MAAM,EAAE,OAAO,EACf,KAAK,GACoB;QACzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,KAAK,EAAE;YACjE,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QAEF,IAAI,CAAC,OAAO,EAAE,KAAK,IAAI,CAAC,OAAO,EAAE,MAAM;YAAE,OAAM;QAE/C,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;QAC1B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CACtD,OAAO,CAAC,GAAG,EACX,gBAAgB,CACjB,CAAA;QAED,+DAA+D;QAC/D,MAAM,IAAI,CAAC,MAAM,CAAC,iBAAiB,CACjC,EAAE,MAAM,EAAE,KAAK,EAAE,EACjB,EAAE,EAAE,EAAE,OAAO,CAAC,KAAK,EAAE,CACtB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,IAA8B;QACvD,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,IAAI,CAAC,CAAA;IAC/C,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,MAAc;QAC3C,8EAA8E;QAC9E,IAAI,CAAC;YACH,MAAM,UAAU,GACd,MAAM,IAAI,CAAC,cAAc,CAAC,0BAA0B,CAAC,MAAM,CAAC,CAAA;YAE9D,uEAAuE;YACvE,sEAAsE;YACtE,WAAW;YACX,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;gBAC1B,MAAM,IAAI,uCAAsB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAA;YAC9D,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,UAAU,EAAE;gBAC/D,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CAAC,CAAA;YAEF,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,IAAI,uCAAsB,CAAC,OAAO,CAAC,CAAA;YAC3C,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,iCAAuB,EAAE,CAAC;gBAC3C,MAAM,GAAG,CAAC,eAAe,KAAK,oBAAoB;oBAChD,CAAC,CAAC,IAAI,uCAAsB,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC;oBAClD,CAAC,CAAC,IAAI,uCAAsB,CAAC,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,CAAA;YACvD,CAAC;YAED,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,eAAe;IAEf,KAAK,CAAC,aAAa,CAAC,EAAa,EAAE,IAAiB;QAClD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,CAAC,CAAA;IACzE,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,EAAa;QAC7B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAA;YACpE,IAAI,CAAC,GAAG;gBAAE,OAAO,IAAI,CAAA;YACrB,OAAO,WAAW,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;QAC1C,CAAC;gBAAS,CAAC;YACT,0EAA0E;YAC1E,0EAA0E;YAC1E,2BAA2B;YAC3B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE;gBAClC,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACzE,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAa,EAAE,IAAuB;QACxD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,CAAC,CAAA;IACzE,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAa;QAC/B,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAA;IACvE,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,IAAU;QAChC,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAC5E,OAAO,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC9D,CAAC;IAED,cAAc;IAEd,KAAK,CAAC,YAAY,CAAC,QAAkB,EAAE,IAAgB;QACrD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAA;IAC1E,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAAkB;QACjC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,gBAAgB,EAAE,CAAA;QACrE,OAAO,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IACjD,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,QAAkB,EAClB,IAAyB;QAEzB,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAA;IAC1E,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAkB;QACnC,+DAA+D;QAC/D,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAA;IACpE,CAAC;IAED,aAAa;IAEb,KAAK,CAAC,WAAW,CACf,EAAW,EACX,IAAe,EACf,YAA2B;QAE3B,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACxC,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,gBAAgB;qBACrC,OAAO,CAAC,KAAK,EAAE,YAAY,CAAC;qBAC5B,uBAAuB,EAAE,CAAA;gBAE5B,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACd,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAA;gBACjD,CAAC;YACH,CAAC;YAED,OAAO,KAAK,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC,OAAO,EAAE,CAAA;QAChE,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,OAAgB;QAC9B,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAA;QACzE,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC7D,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAgB;QAChC,6DAA6D;QAC7D,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAA;IAClE,CAAC;IAED,KAAK,CAAC,WAAW,CACf,OAAgB,EAChB,UAAmB,EACnB,eAA6B,EAC7B,OAAqB;QAErB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACpD,MAAM,EAAE,EAAE,EAAE,mBAAmB,EAAE,GAAG,MAAM,KAAK;iBAC5C,WAAW,CAAC,KAAK,EAAE,OAAO,CAAC;iBAC3B,uBAAuB,EAAE,CAAA;YAE5B,IAAI,mBAAmB,EAAE,CAAC;gBACxB,MAAM,gBAAgB;qBACnB,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,mBAAmB,CAAC;qBACxC,OAAO,EAAE,CAAA;YACd,CAAC;YAED,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,gBAAgB;iBACrC,OAAO,CAAC,KAAK,EAAE,eAAe,CAAC;iBAC/B,uBAAuB,EAAE,CAAA;YAE5B,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBACd,iEAAiE;gBACjE,OAAO,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAA;YACtD,CAAC;YAED,MAAM,KAAK;iBACR,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,eAAe,EAAE,OAAO,CAAC;iBACzD,OAAO,EAAE,CAAA;QACd,CAAC,CAAC,CAAA;QAEF,IAAI,GAAG;YAAE,MAAM,GAAG,CAAA;IACpB,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,YAA0B;QAE1B,MAAM,IAAI,GAAG,MAAM,gBAAgB;aAChC,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,YAAY,CAAC;aACpC,gBAAgB,EAAE,CAAA;QAErB,MAAM,MAAM,GAAG,IAAI;YACjB,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,OAAO,EAAE;YACtB,CAAC,CAAC,EAAE,mBAAmB,EAAE,YAAY,EAAE,CAAA;QAEzC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC,gBAAgB,EAAE,CAAA;QACpE,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC7D,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,IAAU;QAC9B,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAA;QACtE,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC7D,CAAC;CACF;AAxbD,gCAwbC"}

package/dist/actor-store/record/reader.d.ts CHANGED Viewed

@@ -45,13 +45,13 @@ export declare class RecordReader {
         path: string;
         linkTo: string;
     }): Promise<{
-        cid: string;
+        takedownRef: string | null;
         indexedAt: string;
-        repoRev: string;
+        cid: string;
         uri: string;
         collection: string;
         rkey: string;
-        takedownRef: string | null;
+        repoRev: string;
     }[]>;
     getBacklinkConflicts(uri: AtUri, record: RepoRecord): Promise<AtUri[]>;
     listExistingBlocks(): Promise<CidSet>;

package/dist/actor-store/repo/reader.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { BlobStore } from '@atproto/repo';
+import { SyncEvtData } from '../../repo';
 import { BlobReader } from '../blob/reader';
 import { ActorDb } from '../db';
 import { RecordReader } from '../record/reader';
@@ -10,5 +11,6 @@ export declare class RepoReader {
     record: RecordReader;
     storage: SqlRepoReader;
     constructor(db: ActorDb, blobstore: BlobStore);
+    getSyncEventData(): Promise<SyncEvtData>;
 }
 //# sourceMappingURL=reader.d.ts.map

package/dist/actor-store/repo/reader.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"reader.d.ts","sourceRoot":"","sources":["../../../src/actor-store/repo/reader.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAC3C,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAA;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAEjD,qBAAa,UAAU;IAMZ,EAAE,EAAE,OAAO;IACX,SAAS,EAAE,SAAS;IAN7B,IAAI,EAAE,UAAU,CAAA;IAChB,MAAM,EAAE,YAAY,CAAA;IACpB,OAAO,EAAE,aAAa,CAAA;gBAGb,EAAE,EAAE,OAAO,EACX,SAAS,EAAE,SAAS;~~CAM9B~~"}
1	+ {"version":3,"file":"reader.d.ts","sourceRoot":"","sources":["../../../src/actor-store/repo/reader.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AACxC,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAC3C,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAA;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAEjD,qBAAa,UAAU;IAMZ,EAAE,EAAE,OAAO;IACX,SAAS,EAAE,SAAS;IAN7B,IAAI,EAAE,UAAU,CAAA;IAChB,MAAM,EAAE,YAAY,CAAA;IACpB,OAAO,EAAE,aAAa,CAAA;gBAGb,EAAE,EAAE,OAAO,EACX,SAAS,EAAE,SAAS;IAOvB,gBAAgB,IAAI,OAAO,CAAC,WAAW,CAAC;CAS/C"}

package/dist/actor-store/repo/reader.js CHANGED Viewed

@@ -40,6 +40,15 @@ class RepoReader {
         this.record = new reader_2.RecordReader(db);
         this.storage = new sql_repo_reader_1.SqlRepoReader(db);
     }
+    async getSyncEventData() {
+        const root = await this.storage.getRootDetailed();
+        const { blocks } = await this.storage.getBlocks([root.cid]);
+        return {
+            cid: root.cid,
+            rev: root.rev,
+            blocks,
+        };
+    }
 }
 exports.RepoReader = RepoReader;
 //# sourceMappingURL=reader.js.map

package/dist/actor-store/repo/reader.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"reader.js","sourceRoot":"","sources":["../../../src/actor-store/repo/reader.ts"],"names":[],"mappings":";;;~~AACA~~,2CAA2C;AAE3C,6CAA+C;AAC/C,uDAAiD;AAEjD,MAAa,UAAU;IAKrB,YACS,EAAW,EACX,SAAoB;QAD3B;;;;mBAAO,EAAE;WAAS;QAClB;;;;mBAAO,SAAS;WAAW;QAN7B;;;;;WAAgB;QAChB;;;;;WAAoB;QACpB;;;;;WAAsB;QAMpB,IAAI,CAAC,IAAI,GAAG,IAAI,mBAAU,CAAC,EAAE,EAAE,SAAS,CAAC,CAAA;QACzC,IAAI,CAAC,MAAM,GAAG,IAAI,qBAAY,CAAC,EAAE,CAAC,CAAA;QAClC,IAAI,CAAC,OAAO,GAAG,IAAI,+BAAa,CAAC,EAAE,CAAC,CAAA;IACtC,CAAC;CACF;~~AAbD~~,~~gCAaC~~"}
1	+ {"version":3,"file":"reader.js","sourceRoot":"","sources":["../../../src/actor-store/repo/reader.ts"],"names":[],"mappings":";;;AAEA,2CAA2C;AAE3C,6CAA+C;AAC/C,uDAAiD;AAEjD,MAAa,UAAU;IAKrB,YACS,EAAW,EACX,SAAoB;QAD3B;;;;mBAAO,EAAE;WAAS;QAClB;;;;mBAAO,SAAS;WAAW;QAN7B;;;;;WAAgB;QAChB;;;;;WAAoB;QACpB;;;;;WAAsB;QAMpB,IAAI,CAAC,IAAI,GAAG,IAAI,mBAAU,CAAC,EAAE,EAAE,SAAS,CAAC,CAAA;QACzC,IAAI,CAAC,MAAM,GAAG,IAAI,qBAAY,CAAC,EAAE,CAAC,CAAA;QAClC,IAAI,CAAC,OAAO,GAAG,IAAI,+BAAa,CAAC,EAAE,CAAC,CAAA;IACtC,CAAC;IAED,KAAK,CAAC,gBAAgB;QACpB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAA;QACjD,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;QAC3D,OAAO;YACL,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,MAAM;SACP,CAAA;IACH,CAAC;CACF;AAvBD,gCAuBC"}

package/dist/actor-store/repo/sql-repo-reader.d.ts CHANGED Viewed

@@ -17,7 +17,7 @@ export declare class SqlRepoReader extends ReadableBlockstore {
         missing: CID[];
     }>;
     getCarStream(since?: string): Promise<import("stream").Readable>;
-    getBlockRange(since?: string, cursor?: RevCursor): Promise<import("kysely").Selection<import("kysely/dist/cjs/parser/table-parser").From<import("../db").DatabaseSchema, "repo_block">, "repo_block", "cid" | "repoRev" | "content">[]>;
+    getBlockRange(since?: string, cursor?: RevCursor): Promise<import("kysely").Selection<import("kysely/dist/cjs/parser/table-parser").From<import("../db").DatabaseSchema, "repo_block">, "repo_block", "content" | "cid" | "repoRev">[]>;
     countBlocks(): Promise<number>;
     destroy(): Promise<void>;
 }

package/dist/actor-store/repo/transactor.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"transactor.d.ts","sourceRoot":"","sources":["../../../src/actor-store/repo/transactor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAA;AACtC,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AACzC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAgC,MAAM,eAAe,CAAA;AAC7E,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAA;AAEvC,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAElD,OAAO,EAGL,iBAAiB,EAEjB,cAAc,EACd,aAAa,EACd,MAAM,kBAAkB,CAAA;AACzB,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAA;AAC/B,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AACrC,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAA;~~AAGzD~~,qBAAa,cAAe,SAAQ,UAAU;IAMnC,EAAE,EAAE,OAAO;IACX,SAAS,EAAE,SAAS;IACpB,GAAG,EAAE,MAAM;IACX,UAAU,EAAE,MAAM,CAAC,OAAO;IAC1B,eAAe,EAAE,eAAe;IAChC,GAAG,EAAE,MAAM;IAVpB,IAAI,EAAE,cAAc,CAAA;IACpB,MAAM,EAAE,gBAAgB,CAAA;IACxB,OAAO,EAAE,iBAAiB,CAAA;gBAGjB,EAAE,EAAE,OAAO,EACX,SAAS,EAAE,SAAS,EACpB,GAAG,EAAE,MAAM,EACX,UAAU,EAAE,MAAM,CAAC,OAAO,EAC1B,eAAe,EAAE,eAAe,EAChC,GAAG,GAAE,MAAiC;IAQzC,aAAa,IAAI,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IASrC,UAAU,CAAC,MAAM,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC;~~IAqBhE~~,aAAa,CACjB,MAAM,EAAE,aAAa,EAAE,EACvB,aAAa,CAAC,EAAE,GAAG,GAClB,OAAO,CAAC,iBAAiB,CAAC;~~IAcvB~~,YAAY,CAChB,MAAM,EAAE,aAAa,EAAE,EACvB,UAAU,CAAC,EAAE,GAAG,GACf,OAAO,CAAC,iBAAiB,CAAC;~~IAkFvB~~,WAAW,CAAC,MAAM,EAAE,aAAa,EAAE,EAAE,GAAG,EAAE,MAAM;IAuBhD,sBAAsB,CAC1B,IAAI,EAAE,GAAG,EAAE,EACX,WAAW,EAAE,KAAK,EAAE,GACnB,OAAO,CAAC,GAAG,EAAE,CAAC;CAclB"}
1	+ {"version":3,"file":"transactor.d.ts","sourceRoot":"","sources":["../../../src/actor-store/repo/transactor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAA;AACtC,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AACzC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAgC,MAAM,eAAe,CAAA;AAC7E,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAA;AAEvC,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAElD,OAAO,EAGL,iBAAiB,EAEjB,cAAc,EACd,aAAa,EACd,MAAM,kBAAkB,CAAA;AACzB,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAA;AAC/B,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AACrC,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAA;AAEzD,qBAAa,cAAe,SAAQ,UAAU;IAMnC,EAAE,EAAE,OAAO;IACX,SAAS,EAAE,SAAS;IACpB,GAAG,EAAE,MAAM;IACX,UAAU,EAAE,MAAM,CAAC,OAAO;IAC1B,eAAe,EAAE,eAAe;IAChC,GAAG,EAAE,MAAM;IAVpB,IAAI,EAAE,cAAc,CAAA;IACpB,MAAM,EAAE,gBAAgB,CAAA;IACxB,OAAO,EAAE,iBAAiB,CAAA;gBAGjB,EAAE,EAAE,OAAO,EACX,SAAS,EAAE,SAAS,EACpB,GAAG,EAAE,MAAM,EACX,UAAU,EAAE,MAAM,CAAC,OAAO,EAC1B,eAAe,EAAE,eAAe,EAChC,GAAG,GAAE,MAAiC;IAQzC,aAAa,IAAI,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IASrC,UAAU,CAAC,MAAM,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAyBhE,aAAa,CACjB,MAAM,EAAE,aAAa,EAAE,EACvB,aAAa,CAAC,EAAE,GAAG,GAClB,OAAO,CAAC,iBAAiB,CAAC;IAuBvB,YAAY,CAChB,MAAM,EAAE,aAAa,EAAE,EACvB,UAAU,CAAC,EAAE,GAAG,GACf,OAAO,CAAC,iBAAiB,CAAC;IAiFvB,WAAW,CAAC,MAAM,EAAE,aAAa,EAAE,EAAE,GAAG,EAAE,MAAM;IAuBhD,sBAAsB,CAC1B,IAAI,EAAE,GAAG,EAAE,EACX,WAAW,EAAE,KAAK,EAAE,GACnB,OAAO,CAAC,GAAG,EAAE,CAAC;CAclB"}

package/dist/actor-store/repo/transactor.js CHANGED Viewed

@@ -10,7 +10,6 @@ const transactor_1 = require("../blob/transactor");
 const transactor_2 = require("../record/transactor");
 const reader_1 = require("./reader");
 const sql_repo_transactor_1 = require("./sql-repo-transactor");
-const util_1 = require("./util");
 class RepoTransactor extends reader_1.RepoReader {
     constructor(db, blobstore, did, signingKey, backgroundQueue, now = new Date().toISOString()) {
         super(db, blobstore);
@@ -88,16 +87,27 @@ class RepoTransactor extends reader_1.RepoReader {
             this.indexWrites(writes, commit.rev),
             this.blob.processWriteBlobs(commit.rev, writes),
         ]);
+        const ops = writes.map((w) => ({
+            action: 'create',
+            path: (0, repo_1.formatDataKey)(w.uri.collection, w.uri.rkey),
+            cid: w.cid,
+        }));
         return {
             ...commit,
-            ops: (0, util_1.commitOpsFromCreates)(writes),
-            blobs: (0, util_1.blobCidsFromWrites)(writes),
+            ops,
             prevData: null,
         };
     }
     async processWrites(writes, swapCommitCid) {
         this.db.assertTransaction();
+        if (writes.length > 200) {
+            throw new xrpc_server_1.InvalidRequestError('Too many writes. Max: 200');
+        }
         const commit = await this.formatCommit(writes, swapCommitCid);
+        // Do not allow commits > 2MB
+        if (commit.relevantBlocks.byteSize > 2000000) {
+            throw new xrpc_server_1.InvalidRequestError('Too many writes. Max event size: 2MB');
+        }
         await Promise.all([
             // persist the commit to repo storage
             this.storage.applyCommit(commit),
@@ -176,7 +186,6 @@ class RepoTransactor extends reader_1.RepoReader {
         return {
             ...commit,
             ops: commitOps,
-            blobs: (0, util_1.blobCidsFromWrites)(writes),
             prevData,
         };
     }