@atproto/pds 0.4.104 → 0.4.106

package/dist/account-manager/oauth-store.d.ts

@@ -0,0 +1,58 @@
+import { Client } from '@did-plc/lib';
+import { Keypair } from '@atproto/crypto';
+import { Account, AccountInfo, AccountStore, AuthenticateAccountData, Code, DeviceAccountInfo, DeviceData, DeviceId, DeviceStore, FoundRequestResult, NewTokenData, RefreshToken, RequestData, RequestId, RequestStore, ResetPasswordConfirmData, ResetPasswordRequestData, SignUpData, TokenData, TokenId, TokenInfo, TokenStore, UpdateRequestData } from '@atproto/oauth-provider';
+import { ActorStore } from '../actor-store/actor-store';
+import { BackgroundQueue } from '../background';
+import { ImageUrlBuilder } from '../image/image-url-builder';
+import { ServerMailer } from '../mailer';
+import { Sequencer } from '../sequencer';
+import { AccountManager } from './account-manager';
+/**
+ * This class' purpose is to implement the interface needed by the OAuthProvider
+ * to interact with the account database (through the {@link AccountManager}).
+ *
+ * @note The use of this class assumes that there is no entryway.
+ */
+export declare class OAuthStore implements AccountStore, RequestStore, DeviceStore, TokenStore {
+    private readonly accountManager;
+    private readonly actorStore;
+    private readonly imageUrlBuilder;
+    private readonly backgroundQueue;
+    private readonly mailer;
+    private readonly sequencer;
+    private readonly plcClient;
+    private readonly plcRotationKey;
+    private readonly publicUrl;
+    private readonly recoveryDidKey;
+    constructor(accountManager: AccountManager, actorStore: ActorStore, imageUrlBuilder: ImageUrlBuilder, backgroundQueue: BackgroundQueue, mailer: ServerMailer, sequencer: Sequencer, plcClient: Client, plcRotationKey: Keypair, publicUrl: string, recoveryDidKey: string | null);
+    private get db();
+    private get serviceDid();
+    private buildAccount;
+    private verifyEmailAvailability;
+    createAccount({ locale: _locale, inviteCode, handle, email, password, }: SignUpData): Promise<Account>;
+    authenticateAccount({ locale: _locale, username: identifier, password, emailOtp, }: AuthenticateAccountData): Promise<Account>;
+    addDeviceAccount(deviceId: DeviceId, sub: string, remember: boolean): Promise<DeviceAccountInfo>;
+    addAuthorizedClient(deviceId: DeviceId, sub: string, clientId: string): Promise<void>;
+    getDeviceAccount(deviceId: DeviceId, sub: string): Promise<AccountInfo | null>;
+    listDeviceAccounts(deviceId: DeviceId): Promise<AccountInfo[]>;
+    removeDeviceAccount(deviceId: DeviceId, sub: string): Promise<void>;
+    resetPasswordRequest({ locale: _locale, email, }: ResetPasswordRequestData): Promise<void>;
+    resetPasswordConfirm(data: ResetPasswordConfirmData): Promise<void>;
+    verifyHandleAvailability(handle: string): Promise<void>;
+    createRequest(id: RequestId, data: RequestData): Promise<void>;
+    readRequest(id: RequestId): Promise<RequestData | null>;
+    updateRequest(id: RequestId, data: UpdateRequestData): Promise<void>;
+    deleteRequest(id: RequestId): Promise<void>;
+    findRequestByCode(code: Code): Promise<FoundRequestResult | null>;
+    createDevice(deviceId: DeviceId, data: DeviceData): Promise<void>;
+    readDevice(deviceId: DeviceId): Promise<null | DeviceData>;
+    updateDevice(deviceId: DeviceId, data: Partial<DeviceData>): Promise<void>;
+    deleteDevice(deviceId: DeviceId): Promise<void>;
+    createToken(id: TokenId, data: TokenData, refreshToken?: RefreshToken): Promise<void>;
+    readToken(tokenId: TokenId): Promise<TokenInfo | null>;
+    deleteToken(tokenId: TokenId): Promise<void>;
+    rotateToken(tokenId: TokenId, newTokenId: TokenId, newRefreshToken: RefreshToken, newData: NewTokenData): Promise<void>;
+    findTokenByRefreshToken(refreshToken: RefreshToken): Promise<TokenInfo | null>;
+    findTokenByCode(code: Code): Promise<TokenInfo | null>;
+}
+//# sourceMappingURL=oauth-store.d.ts.map

package/dist/account-manager/oauth-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-store.d.ts","sourceRoot":"","sources":["../../src/account-manager/oauth-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAA2B,MAAM,cAAc,CAAA;AAE9D,OAAO,EAAE,OAAO,EAAoB,MAAM,iBAAiB,CAAA;AAC3D,OAAO,EACL,OAAO,EACP,WAAW,EACX,YAAY,EACZ,uBAAuB,EACvB,IAAI,EACJ,iBAAiB,EACjB,UAAU,EACV,QAAQ,EACR,WAAW,EACX,kBAAkB,EAGlB,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,SAAS,EACT,YAAY,EACZ,wBAAwB,EACxB,wBAAwB,EACxB,UAAU,EACV,SAAS,EACT,OAAO,EACP,SAAS,EACT,UAAU,EACV,iBAAiB,EAClB,MAAM,yBAAyB,CAAA;AAKhC,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAA;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAA;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAA;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AACxC,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAQlD;;;;;GAKG;AACH,qBAAa,UACX,YAAW,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,UAAU;IAG5D,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;gBATd,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU,EACtB,eAAe,EAAE,eAAe,EAChC,eAAe,EAAE,eAAe,EAChC,MAAM,EAAE,YAAY,EACpB,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,OAAO,EACvB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,MAAM,GAAG,IAAI;IAGhD,OAAO,KAAK,EAAE,GAIb;IAED,OAAO,KAAK,UAAU,GAErB;YAEa,YAAY;YAuBZ,uBAAuB;IAe/B,aAAa,CAAC,EAClB,MAAM,EAAE,OAAO,EACf,UAAU,EACV,MAAM,EACN,KAAK,EACL,QAAQ,GACT,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC;IAkE1B,mBAAmB,CAAC,EACxB,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,UAAU,EACpB,QAAQ,EAER,QAAoB,GACrB,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,CAAC;IA4BvC,gBAAgB,CACpB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,MAAM,EACX,QAAQ,EAAE,OAAO,GAChB,OAAO,CAAC,iBAAiB,CAAC;IAQvB,mBAAmB,CACvB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,MAAM,EACX,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC;IAiBV,gBAAgB,CACpB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAaxB,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAa9D,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMnE,oBAAoB,CAAC,EACzB,MAAM,EAAE,OAAO,EACf,KAAK,GACN,EAAE,wBAAwB,GAAG,OAAO,CAAC,IAAI,CAAC;IAqBrC,oBAAoB,CAAC,IAAI,EAAE,wBAAwB,GAAG,OAAO,CAAC,IAAI,CAAC;IAInE,wBAAwB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkCvD,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9D,WAAW,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAevD,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpE,aAAa,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAI3C,iBAAiB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IAOjE,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAIjE,UAAU,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,GAAG,UAAU,CAAC;IAK1D,YAAY,CAChB,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,GACxB,OAAO,CAAC,IAAI,CAAC;IAIV,YAAY,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAO/C,WAAW,CACf,EAAE,EAAE,OAAO,EACX,IAAI,EAAE,SAAS,EACf,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,IAAI,CAAC;IAgBV,SAAS,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAKtD,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAK5C,WAAW,CACf,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,OAAO,EACnB,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,IAAI,CAAC;IA6BV,uBAAuB,CAC3B,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAatB,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;CAI7D"}

package/dist/account-manager/oauth-store.js

@@ -0,0 +1,417 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OAuthStore = void 0;
+const lib_1 = require("@did-plc/lib");
+const crypto_1 = require("@atproto/crypto");
+const oauth_provider_1 = require("@atproto/oauth-provider");
+const xrpc_server_1 = require("@atproto/xrpc-server");
+const account_1 = require("./helpers/account");
+const authRequest = __importStar(require("./helpers/authorization-request"));
+const device = __importStar(require("./helpers/device"));
+const deviceAccount = __importStar(require("./helpers/device-account"));
+const token = __importStar(require("./helpers/token"));
+const usedRefreshToken = __importStar(require("./helpers/used-refresh-token"));
+/**
+ * This class' purpose is to implement the interface needed by the OAuthProvider
+ * to interact with the account database (through the {@link AccountManager}).
+ *
+ * @note The use of this class assumes that there is no entryway.
+ */
+class OAuthStore {
+    constructor(accountManager, actorStore, imageUrlBuilder, backgroundQueue, mailer, sequencer, plcClient, plcRotationKey, publicUrl, recoveryDidKey) {
+        Object.defineProperty(this, "accountManager", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: accountManager
+        });
+        Object.defineProperty(this, "actorStore", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: actorStore
+        });
+        Object.defineProperty(this, "imageUrlBuilder", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: imageUrlBuilder
+        });
+        Object.defineProperty(this, "backgroundQueue", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: backgroundQueue
+        });
+        Object.defineProperty(this, "mailer", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: mailer
+        });
+        Object.defineProperty(this, "sequencer", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: sequencer
+        });
+        Object.defineProperty(this, "plcClient", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: plcClient
+        });
+        Object.defineProperty(this, "plcRotationKey", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: plcRotationKey
+        });
+        Object.defineProperty(this, "publicUrl", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: publicUrl
+        });
+        Object.defineProperty(this, "recoveryDidKey", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: recoveryDidKey
+        });
+    }
+    get db() {
+        const { db } = this.accountManager;
+        if (db.destroyed)
+            throw new Error('Database connection is closed');
+        return db;
+    }
+    get serviceDid() {
+        return this.accountManager.serviceDid;
+    }
+    async buildAccount(row) {
+        const account = deviceAccount.toAccount(row, this.serviceDid);
+        if (!account.name || !account.picture) {
+            const did = account.sub;
+            const profile = await this.actorStore.read(did, async (store) => {
+                return store.record.getProfileRecord();
+            });
+            if (profile) {
+                const { avatar, displayName } = profile;
+                account.name || (account.name = displayName);
+                account.picture || (account.picture = avatar
+                    ? this.imageUrlBuilder.build('avatar', did, avatar.ref.toString())
+                    : undefined);
+            }
+        }
+        return account;
+    }
+    async verifyEmailAvailability(email) {
+        // @NOTE Email validity & disposability check performed by the OAuthProvider
+        const account = await this.accountManager.getAccountByEmail(email, {
+            includeDeactivated: true,
+            includeTakenDown: true,
+        });
+        if (account) {
+            throw new oauth_provider_1.InvalidRequestError(`Email already taken`);
+        }
+    }
+    // AccountStore
+    async createAccount({ locale: _locale, inviteCode, handle, email, password, }) {
+        // @TODO Send an account creation confirmation email (+verification link) to the user (in their locale)
+        // @NOTE Password strength already enforced by the OAuthProvider
+        await Promise.all([
+            this.verifyEmailAvailability(email),
+            this.verifyHandleAvailability(handle),
+            !inviteCode || this.accountManager.ensureInviteIsAvailable(inviteCode),
+        ]);
+        // @TODO The code bellow should probably be refactored to be common with the
+        // code of the `com.atproto.server.createAccount` XRPC endpoint.
+        const signingKey = await crypto_1.Secp256k1Keypair.create({ exportable: true });
+        const signingKeyDid = signingKey.did();
+        const plcCreate = await (0, lib_1.createOp)({
+            signingKey: signingKeyDid,
+            rotationKeys: this.recoveryDidKey
+                ? [this.recoveryDidKey, this.plcRotationKey.did()]
+                : [this.plcRotationKey.did()],
+            handle,
+            pds: this.publicUrl,
+            signer: this.plcRotationKey,
+        });
+        const { did, op } = plcCreate;
+        await this.actorStore.create(did, signingKey);
+        try {
+            const commit = await this.actorStore.transact(did, (actorTxn) => actorTxn.repo.createRepo([]));
+            await this.plcClient.sendOperation(did, op);
+            await this.accountManager.createAccount({
+                did,
+                handle,
+                email,
+                password,
+                inviteCode,
+                repoCid: commit.cid,
+                repoRev: commit.rev,
+            });
+            try {
+                await this.sequencer.sequenceIdentityEvt(did, handle);
+                await this.sequencer.sequenceAccountEvt(did, account_1.AccountStatus.Active);
+                await this.sequencer.sequenceCommit(did, commit);
+                await this.accountManager.updateRepoRoot(did, commit.cid, commit.rev);
+                await this.actorStore.clearReservedKeypair(signingKeyDid, did);
+                const account = await this.accountManager.getAccount(did);
+                if (!account)
+                    throw new Error('Account not found');
+                return await this.buildAccount(account);
+            }
+            catch (err) {
+                this.accountManager.deleteAccount(did);
+                throw err;
+            }
+        }
+        catch (err) {
+            await this.actorStore.destroy(did);
+            throw err;
+        }
+    }
+    async authenticateAccount({ locale: _locale, username: identifier, password, 
+    // Not supported by the PDS (yet?)
+    emailOtp = undefined, }) {
+        // @TODO (?) Send an email to the user to notify them of the login attempt
+        try {
+            // Should never happen
+            if (emailOtp != null) {
+                throw new Error('Email OTP is not supported');
+            }
+            const { user, appPassword, isSoftDeleted } = await this.accountManager.login({ identifier, password });
+            if (isSoftDeleted) {
+                throw new oauth_provider_1.InvalidRequestError('Account was taken down');
+            }
+            if (appPassword) {
+                throw new oauth_provider_1.InvalidRequestError('App passwords are not allowed');
+            }
+            return this.buildAccount(user);
+        }
+        catch (err) {
+            if (err instanceof xrpc_server_1.AuthRequiredError) {
+                throw new oauth_provider_1.InvalidRequestError(err.message, err);
+            }
+            throw err;
+        }
+    }
+    async addDeviceAccount(deviceId, sub, remember) {
+        const [row] = await this.db.executeWithRetry(deviceAccount.createOrUpdateQB(this.db, deviceId, sub, remember));
+        if (!row)
+            throw new Error('Failed to create device account');
+        return deviceAccount.toDeviceAccountInfo(row);
+    }
+    async addAuthorizedClient(deviceId, sub, clientId) {
+        await this.db.transaction(async (dbTxn) => {
+            const row = await deviceAccount
+                .readQB(dbTxn, deviceId, sub)
+                .executeTakeFirstOrThrow();
+            const { authorizedClients } = deviceAccount.toDeviceAccountInfo(row);
+            if (!authorizedClients.includes(clientId)) {
+                await deviceAccount
+                    .updateQB(dbTxn, deviceId, sub, {
+                    authorizedClients: [...authorizedClients, clientId],
+                })
+                    .execute();
+            }
+        });
+    }
+    async getDeviceAccount(deviceId, sub) {
+        const row = await deviceAccount
+            .getAccountInfoQB(this.db, deviceId, sub)
+            .executeTakeFirst();
+        if (!row)
+            return null;
+        return {
+            account: await this.buildAccount(row),
+            info: deviceAccount.toDeviceAccountInfo(row),
+        };
+    }
+    async listDeviceAccounts(deviceId) {
+        const rows = await deviceAccount
+            .listRememberedQB(this.db, deviceId)
+            .execute();
+        return Promise.all(rows.map(async (row) => ({
+            account: await this.buildAccount(row),
+            info: deviceAccount.toDeviceAccountInfo(row),
+        })));
+    }
+    async removeDeviceAccount(deviceId, sub) {
+        await this.db.executeWithRetry(deviceAccount.removeQB(this.db, deviceId, sub));
+    }
+    async resetPasswordRequest({ locale: _locale, email, }) {
+        const account = await this.accountManager.getAccountByEmail(email, {
+            includeDeactivated: true,
+            includeTakenDown: true,
+        });
+        if (!account?.email || !account?.handle)
+            return;
+        const { handle } = account;
+        const token = await this.accountManager.createEmailToken(account.did, 'reset_password');
+        // @TODO Use the locale to send the email in the right language
+        await this.mailer.sendResetPassword({ handle, token }, { to: account.email });
+    }
+    async resetPasswordConfirm(data) {
+        await this.accountManager.resetPassword(data);
+    }
+    async verifyHandleAvailability(handle) {
+        // @NOTE Handle validity & normalization already enforced by the OAuthProvider
+        try {
+            const normalized = await this.accountManager.normalizeAndValidateHandle(handle);
+            // Should never happen (OAuthProvider should have already validated the
+            // handle) This check is just a safeguard against future normalization
+            // changes.
+            if (normalized !== handle) {
+                throw new oauth_provider_1.HandleUnavailableError('syntax', 'Invalid handle');
+            }
+            const account = await this.accountManager.getAccount(normalized, {
+                includeDeactivated: true,
+                includeTakenDown: true,
+            });
+            if (account) {
+                throw new oauth_provider_1.HandleUnavailableError('taken');
+            }
+        }
+        catch (err) {
+            if (err instanceof xrpc_server_1.InvalidRequestError) {
+                throw err.customErrorName === 'HandleNotAvailable'
+                    ? new oauth_provider_1.HandleUnavailableError('taken', err.message)
+                    : new oauth_provider_1.HandleUnavailableError('syntax', err.message);
+            }
+            throw err;
+        }
+    }
+    // RequestStore
+    async createRequest(id, data) {
+        await this.db.executeWithRetry(authRequest.createQB(this.db, id, data));
+    }
+    async readRequest(id) {
+        try {
+            const row = await authRequest.readQB(this.db, id).executeTakeFirst();
+            if (!row)
+                return null;
+            return authRequest.rowToRequestData(row);
+        }
+        finally {
+            // Take the opportunity to clean up expired requests. Do this after we got
+            // the current (potentially expired) request data to allow the provider to
+            // handle expired requests.
+            this.backgroundQueue.add(async () => {
+                await this.db.executeWithRetry(authRequest.removeOldExpiredQB(this.db));
+            });
+        }
+    }
+    async updateRequest(id, data) {
+        await this.db.executeWithRetry(authRequest.updateQB(this.db, id, data));
+    }
+    async deleteRequest(id) {
+        await this.db.executeWithRetry(authRequest.removeByIdQB(this.db, id));
+    }
+    async findRequestByCode(code) {
+        const row = await authRequest.findByCodeQB(this.db, code).executeTakeFirst();
+        return row ? authRequest.rowToFoundRequestResult(row) : null;
+    }
+    // DeviceStore
+    async createDevice(deviceId, data) {
+        await this.db.executeWithRetry(device.createQB(this.db, deviceId, data));
+    }
+    async readDevice(deviceId) {
+        const row = await device.readQB(this.db, deviceId).executeTakeFirst();
+        return row ? device.rowToDeviceData(row) : null;
+    }
+    async updateDevice(deviceId, data) {
+        await this.db.executeWithRetry(device.updateQB(this.db, deviceId, data));
+    }
+    async deleteDevice(deviceId) {
+        // Will cascade to device_account (device_account_device_id_fk)
+        await this.db.executeWithRetry(device.removeQB(this.db, deviceId));
+    }
+    // TokenStore
+    async createToken(id, data, refreshToken) {
+        await this.db.transaction(async (dbTxn) => {
+            if (refreshToken) {
+                const { count } = await usedRefreshToken
+                    .countQB(dbTxn, refreshToken)
+                    .executeTakeFirstOrThrow();
+                if (count > 0) {
+                    throw new Error('Refresh token already in use');
+                }
+            }
+            return token.createQB(dbTxn, id, data, refreshToken).execute();
+        });
+    }
+    async readToken(tokenId) {
+        const row = await token.findByQB(this.db, { tokenId }).executeTakeFirst();
+        return row ? token.toTokenInfo(row, this.serviceDid) : null;
+    }
+    async deleteToken(tokenId) {
+        // Will cascade to used_refresh_token (used_refresh_token_fk)
+        await this.db.executeWithRetry(token.removeQB(this.db, tokenId));
+    }
+    async rotateToken(tokenId, newTokenId, newRefreshToken, newData) {
+        const err = await this.db.transaction(async (dbTxn) => {
+            const { id, currentRefreshToken } = await token
+                .forRotateQB(dbTxn, tokenId)
+                .executeTakeFirstOrThrow();
+            if (currentRefreshToken) {
+                await usedRefreshToken
+                    .insertQB(dbTxn, id, currentRefreshToken)
+                    .execute();
+            }
+            const { count } = await usedRefreshToken
+                .countQB(dbTxn, newRefreshToken)
+                .executeTakeFirstOrThrow();
+            if (count > 0) {
+                // Do NOT throw (we don't want the transaction to be rolled back)
+                return new Error('New refresh token already in use');
+            }
+            await token
+                .rotateQB(dbTxn, id, newTokenId, newRefreshToken, newData)
+                .execute();
+        });
+        if (err)
+            throw err;
+    }
+    async findTokenByRefreshToken(refreshToken) {
+        const used = await usedRefreshToken
+            .findByTokenQB(this.db, refreshToken)
+            .executeTakeFirst();
+        const search = used
+            ? { id: used.tokenId }
+            : { currentRefreshToken: refreshToken };
+        const row = await token.findByQB(this.db, search).executeTakeFirst();
+        return row ? token.toTokenInfo(row, this.serviceDid) : null;
+    }
+    async findTokenByCode(code) {
+        const row = await token.findByQB(this.db, { code }).executeTakeFirst();
+        return row ? token.toTokenInfo(row, this.serviceDid) : null;
+    }
+}
+exports.OAuthStore = OAuthStore;
+//# sourceMappingURL=oauth-store.js.map

package/dist/account-manager/oauth-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-store.js","sourceRoot":"","sources":["../../src/account-manager/oauth-store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,sCAA8D;AAE9D,4CAA2D;AAC3D,4DA0BgC;AAChC,sDAG6B;AAO7B,+CAA+D;AAC/D,6EAA8D;AAC9D,yDAA0C;AAC1C,wEAAyD;AACzD,uDAAwC;AACxC,+EAAgE;AAEhE;;;;;GAKG;AACH,MAAa,UAAU;IAGrB,YACmB,cAA8B,EAC9B,UAAsB,EACtB,eAAgC,EAChC,eAAgC,EAChC,MAAoB,EACpB,SAAoB,EACpB,SAAiB,EACjB,cAAuB,EACvB,SAAiB,EACjB,cAA6B;QAT9C;;;;mBAAiB,cAAc;WAAgB;QAC/C;;;;mBAAiB,UAAU;WAAY;QACvC;;;;mBAAiB,eAAe;WAAiB;QACjD;;;;mBAAiB,eAAe;WAAiB;QACjD;;;;mBAAiB,MAAM;WAAc;QACrC;;;;mBAAiB,SAAS;WAAW;QACrC;;;;mBAAiB,SAAS;WAAQ;QAClC;;;;mBAAiB,cAAc;WAAS;QACxC;;;;mBAAiB,SAAS;WAAQ;QAClC;;;;mBAAiB,cAAc;WAAe;IAC7C,CAAC;IAEJ,IAAY,EAAE;QACZ,MAAM,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,cAAc,CAAA;QAClC,IAAI,EAAE,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;QAClE,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAY,UAAU;QACpB,OAAO,IAAI,CAAC,cAAc,CAAC,UAAU,CAAA;IACvC,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,GAA6B;QACtD,MAAM,OAAO,GAAG,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAA;QAE7D,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACtC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAA;YAEvB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;gBAC9D,OAAO,KAAK,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAA;YACxC,CAAC,CAAC,CAAA;YAEF,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,OAAO,CAAA;gBAEvC,OAAO,CAAC,IAAI,KAAZ,OAAO,CAAC,IAAI,GAAK,WAAW,EAAA;gBAC5B,OAAO,CAAC,OAAO,KAAf,OAAO,CAAC,OAAO,GAAK,MAAM;oBACxB,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;oBAClE,CAAC,CAAC,SAAS,EAAA;YACf,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;IAEO,KAAK,CAAC,uBAAuB,CAAC,KAAa;QACjD,4EAA4E;QAE5E,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,KAAK,EAAE;YACjE,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QAEF,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,IAAI,oCAAmB,CAAC,qBAAqB,CAAC,CAAA;QACtD,CAAC;IACH,CAAC;IAED,eAAe;IAEf,KAAK,CAAC,aAAa,CAAC,EAClB,MAAM,EAAE,OAAO,EACf,UAAU,EACV,MAAM,EACN,KAAK,EACL,QAAQ,GACG;QACX,uGAAuG;QACvG,gEAAgE;QAEhE,MAAM,OAAO,CAAC,GAAG,CAAC;YAChB,IAAI,CAAC,uBAAuB,CAAC,KAAK,CAAC;YACnC,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC;YACrC,CAAC,UAAU,IAAI,IAAI,CAAC,cAAc,CAAC,uBAAuB,CAAC,UAAU,CAAC;SACvE,CAAC,CAAA;QAEF,4EAA4E;QAC5E,gEAAgE;QAEhE,MAAM,UAAU,GAAG,MAAM,yBAAgB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAA;QACtE,MAAM,aAAa,GAAG,UAAU,CAAC,GAAG,EAAE,CAAA;QAEtC,MAAM,SAAS,GAAG,MAAM,IAAA,cAAW,EAAC;YAClC,UAAU,EAAE,aAAa;YACzB,YAAY,EAAE,IAAI,CAAC,cAAc;gBAC/B,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC;gBAClD,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC;YAC/B,MAAM;YACN,GAAG,EAAE,IAAI,CAAC,SAAS;YACnB,MAAM,EAAE,IAAI,CAAC,cAAc;SAC5B,CAAC,CAAA;QAEF,MAAM,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,SAAS,CAAA;QAE7B,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,CAAA;QAC7C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE,CAC9D,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAC7B,CAAA;YAED,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,EAAE,CAAC,CAAA;YAE3C,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC;gBACtC,GAAG;gBACH,MAAM;gBACN,KAAK;gBACL,QAAQ;gBACR,UAAU;gBACV,OAAO,EAAE,MAAM,CAAC,GAAG;gBACnB,OAAO,EAAE,MAAM,CAAC,GAAG;aACpB,CAAC,CAAA;YACF,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,SAAS,CAAC,mBAAmB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;gBACrD,MAAM,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,GAAG,EAAE,uBAAa,CAAC,MAAM,CAAC,CAAA;gBAClE,MAAM,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;gBAChD,MAAM,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAA;gBACrE,MAAM,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,aAAa,EAAE,GAAG,CAAC,CAAA;gBAE9D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;gBACzD,IAAI,CAAC,OAAO;oBAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAA;gBAElD,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;YACzC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;gBACtC,MAAM,GAAG,CAAA;YACX,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;YAClC,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,EACxB,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,UAAU,EACpB,QAAQ;IACR,kCAAkC;IAClC,QAAQ,GAAG,SAAS,GACI;QACxB,0EAA0E;QAC1E,IAAI,CAAC;YACH,sBAAsB;YACtB,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;YAC/C,CAAC;YAED,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,EAAE,GACxC,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC,CAAA;YAE3D,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,IAAI,oCAAmB,CAAC,wBAAwB,CAAC,CAAA;YACzD,CAAC;YAED,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,oCAAmB,CAAC,+BAA+B,CAAC,CAAA;YAChE,CAAC;YAED,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;QAChC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,+BAAqB,EAAE,CAAC;gBACzC,MAAM,IAAI,oCAAmB,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;YACjD,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,QAAkB,EAClB,GAAW,EACX,QAAiB;QAEjB,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC1C,aAAa,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,CAAC,CACjE,CAAA;QACD,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAA;QAC5D,OAAO,aAAa,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAA;IAC/C,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,QAAkB,EAClB,GAAW,EACX,QAAgB;QAEhB,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACxC,MAAM,GAAG,GAAG,MAAM,aAAa;iBAC5B,MAAM,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,CAAC;iBAC5B,uBAAuB,EAAE,CAAA;YAE5B,MAAM,EAAE,iBAAiB,EAAE,GAAG,aAAa,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAA;YACpE,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1C,MAAM,aAAa;qBAChB,QAAQ,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,EAAE;oBAC9B,iBAAiB,EAAE,CAAC,GAAG,iBAAiB,EAAE,QAAQ,CAAC;iBACpD,CAAC;qBACD,OAAO,EAAE,CAAA;YACd,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,QAAkB,EAClB,GAAW;QAEX,MAAM,GAAG,GAAG,MAAM,aAAa;aAC5B,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC;aACxC,gBAAgB,EAAE,CAAA;QAErB,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAA;QAErB,OAAO;YACL,OAAO,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YACrC,IAAI,EAAE,aAAa,CAAC,mBAAmB,CAAC,GAAG,CAAC;SAC7C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,QAAkB;QACzC,MAAM,IAAI,GAAG,MAAM,aAAa;aAC7B,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC;aACnC,OAAO,EAAE,CAAA;QAEZ,OAAO,OAAO,CAAC,GAAG,CAChB,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YACvB,OAAO,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YACrC,IAAI,EAAE,aAAa,CAAC,mBAAmB,CAAC,GAAG,CAAC;SAC7C,CAAC,CAAC,CACJ,CAAA;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,QAAkB,EAAE,GAAW;QACvD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,CAC/C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,EACzB,MAAM,EAAE,OAAO,EACf,KAAK,GACoB;QACzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,KAAK,EAAE;YACjE,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QAEF,IAAI,CAAC,OAAO,EAAE,KAAK,IAAI,CAAC,OAAO,EAAE,MAAM;YAAE,OAAM;QAE/C,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;QAC1B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CACtD,OAAO,CAAC,GAAG,EACX,gBAAgB,CACjB,CAAA;QAED,+DAA+D;QAC/D,MAAM,IAAI,CAAC,MAAM,CAAC,iBAAiB,CACjC,EAAE,MAAM,EAAE,KAAK,EAAE,EACjB,EAAE,EAAE,EAAE,OAAO,CAAC,KAAK,EAAE,CACtB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,IAA8B;QACvD,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,IAAI,CAAC,CAAA;IAC/C,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,MAAc;QAC3C,8EAA8E;QAC9E,IAAI,CAAC;YACH,MAAM,UAAU,GACd,MAAM,IAAI,CAAC,cAAc,CAAC,0BAA0B,CAAC,MAAM,CAAC,CAAA;YAE9D,uEAAuE;YACvE,sEAAsE;YACtE,WAAW;YACX,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;gBAC1B,MAAM,IAAI,uCAAsB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAA;YAC9D,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,UAAU,EAAE;gBAC/D,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CAAC,CAAA;YAEF,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,IAAI,uCAAsB,CAAC,OAAO,CAAC,CAAA;YAC3C,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,iCAAuB,EAAE,CAAC;gBAC3C,MAAM,GAAG,CAAC,eAAe,KAAK,oBAAoB;oBAChD,CAAC,CAAC,IAAI,uCAAsB,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC;oBAClD,CAAC,CAAC,IAAI,uCAAsB,CAAC,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,CAAA;YACvD,CAAC;YAED,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,eAAe;IAEf,KAAK,CAAC,aAAa,CAAC,EAAa,EAAE,IAAiB;QAClD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,CAAC,CAAA;IACzE,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,EAAa;QAC7B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAA;YACpE,IAAI,CAAC,GAAG;gBAAE,OAAO,IAAI,CAAA;YACrB,OAAO,WAAW,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;QAC1C,CAAC;gBAAS,CAAC;YACT,0EAA0E;YAC1E,0EAA0E;YAC1E,2BAA2B;YAC3B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE;gBAClC,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACzE,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAa,EAAE,IAAuB;QACxD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,CAAC,CAAA;IACzE,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAa;QAC/B,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAA;IACvE,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,IAAU;QAChC,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAC5E,OAAO,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC9D,CAAC;IAED,cAAc;IAEd,KAAK,CAAC,YAAY,CAAC,QAAkB,EAAE,IAAgB;QACrD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAA;IAC1E,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAAkB;QACjC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,gBAAgB,EAAE,CAAA;QACrE,OAAO,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IACjD,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,QAAkB,EAClB,IAAyB;QAEzB,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAA;IAC1E,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAkB;QACnC,+DAA+D;QAC/D,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAA;IACpE,CAAC;IAED,aAAa;IAEb,KAAK,CAAC,WAAW,CACf,EAAW,EACX,IAAe,EACf,YAA2B;QAE3B,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACxC,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,gBAAgB;qBACrC,OAAO,CAAC,KAAK,EAAE,YAAY,CAAC;qBAC5B,uBAAuB,EAAE,CAAA;gBAE5B,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACd,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAA;gBACjD,CAAC;YACH,CAAC;YAED,OAAO,KAAK,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC,OAAO,EAAE,CAAA;QAChE,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,OAAgB;QAC9B,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAA;QACzE,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC7D,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAgB;QAChC,6DAA6D;QAC7D,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAA;IAClE,CAAC;IAED,KAAK,CAAC,WAAW,CACf,OAAgB,EAChB,UAAmB,EACnB,eAA6B,EAC7B,OAAqB;QAErB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACpD,MAAM,EAAE,EAAE,EAAE,mBAAmB,EAAE,GAAG,MAAM,KAAK;iBAC5C,WAAW,CAAC,KAAK,EAAE,OAAO,CAAC;iBAC3B,uBAAuB,EAAE,CAAA;YAE5B,IAAI,mBAAmB,EAAE,CAAC;gBACxB,MAAM,gBAAgB;qBACnB,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,mBAAmB,CAAC;qBACxC,OAAO,EAAE,CAAA;YACd,CAAC;YAED,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,gBAAgB;iBACrC,OAAO,CAAC,KAAK,EAAE,eAAe,CAAC;iBAC/B,uBAAuB,EAAE,CAAA;YAE5B,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBACd,iEAAiE;gBACjE,OAAO,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAA;YACtD,CAAC;YAED,MAAM,KAAK;iBACR,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,eAAe,EAAE,OAAO,CAAC;iBACzD,OAAO,EAAE,CAAA;QACd,CAAC,CAAC,CAAA;QAEF,IAAI,GAAG;YAAE,MAAM,GAAG,CAAA;IACpB,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,YAA0B;QAE1B,MAAM,IAAI,GAAG,MAAM,gBAAgB;aAChC,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,YAAY,CAAC;aACpC,gBAAgB,EAAE,CAAA;QAErB,MAAM,MAAM,GAAG,IAAI;YACjB,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,OAAO,EAAE;YACtB,CAAC,CAAC,EAAE,mBAAmB,EAAE,YAAY,EAAE,CAAA;QAEzC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC,gBAAgB,EAAE,CAAA;QACpE,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC7D,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,IAAU;QAC9B,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAA;QACtE,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC7D,CAAC;CACF;AAxbD,gCAwbC"}

package/dist/actor-store/record/reader.d.ts

@@ -45,13 +45,13 @@ export declare class RecordReader {
         path: string;
         linkTo: string;
     }): Promise<{
-        cid: string;
+        takedownRef: string | null;
         indexedAt: string;
-        repoRev: string;
+        cid: string;
         uri: string;
         collection: string;
         rkey: string;
-        takedownRef: string | null;
+        repoRev: string;
     }[]>;
     getBacklinkConflicts(uri: AtUri, record: RepoRecord): Promise<AtUri[]>;
     listExistingBlocks(): Promise<CidSet>;

package/dist/actor-store/repo/reader.d.ts

@@ -1,4 +1,5 @@
 import { BlobStore } from '@atproto/repo';
+import { SyncEvtData } from '../../repo';
 import { BlobReader } from '../blob/reader';
 import { ActorDb } from '../db';
 import { RecordReader } from '../record/reader';
@@ -10,5 +11,6 @@ export declare class RepoReader {
     record: RecordReader;
     storage: SqlRepoReader;
     constructor(db: ActorDb, blobstore: BlobStore);
+    getSyncEventData(): Promise<SyncEvtData>;
 }
 //# sourceMappingURL=reader.d.ts.map

package/dist/actor-store/repo/reader.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"reader.d.ts","sourceRoot":"","sources":["../../../src/actor-store/repo/reader.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAC3C,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAA;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAEjD,qBAAa,UAAU;IAMZ,EAAE,EAAE,OAAO;IACX,SAAS,EAAE,SAAS;IAN7B,IAAI,EAAE,UAAU,CAAA;IAChB,MAAM,EAAE,YAAY,CAAA;IACpB,OAAO,EAAE,aAAa,CAAA;gBAGb,EAAE,EAAE,OAAO,EACX,SAAS,EAAE,SAAS;CAM9B"}
+{"version":3,"file":"reader.d.ts","sourceRoot":"","sources":["../../../src/actor-store/repo/reader.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AACxC,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAC3C,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAA;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAEjD,qBAAa,UAAU;IAMZ,EAAE,EAAE,OAAO;IACX,SAAS,EAAE,SAAS;IAN7B,IAAI,EAAE,UAAU,CAAA;IAChB,MAAM,EAAE,YAAY,CAAA;IACpB,OAAO,EAAE,aAAa,CAAA;gBAGb,EAAE,EAAE,OAAO,EACX,SAAS,EAAE,SAAS;IAOvB,gBAAgB,IAAI,OAAO,CAAC,WAAW,CAAC;CAS/C"}

package/dist/actor-store/repo/reader.js

@@ -40,6 +40,15 @@ class RepoReader {
         this.record = new reader_2.RecordReader(db);
         this.storage = new sql_repo_reader_1.SqlRepoReader(db);
     }
+    async getSyncEventData() {
+        const root = await this.storage.getRootDetailed();
+        const { blocks } = await this.storage.getBlocks([root.cid]);
+        return {
+            cid: root.cid,
+            rev: root.rev,
+            blocks,
+        };
+    }
 }
 exports.RepoReader = RepoReader;
 //# sourceMappingURL=reader.js.map

package/dist/actor-store/repo/reader.js.map

@@ -1 +1 @@
-{"version":3,"file":"reader.js","sourceRoot":"","sources":["../../../src/actor-store/repo/reader.ts"],"names":[],"mappings":";;;AACA,2CAA2C;AAE3C,6CAA+C;AAC/C,uDAAiD;AAEjD,MAAa,UAAU;IAKrB,YACS,EAAW,EACX,SAAoB;QAD3B;;;;mBAAO,EAAE;WAAS;QAClB;;;;mBAAO,SAAS;WAAW;QAN7B;;;;;WAAgB;QAChB;;;;;WAAoB;QACpB;;;;;WAAsB;QAMpB,IAAI,CAAC,IAAI,GAAG,IAAI,mBAAU,CAAC,EAAE,EAAE,SAAS,CAAC,CAAA;QACzC,IAAI,CAAC,MAAM,GAAG,IAAI,qBAAY,CAAC,EAAE,CAAC,CAAA;QAClC,IAAI,CAAC,OAAO,GAAG,IAAI,+BAAa,CAAC,EAAE,CAAC,CAAA;IACtC,CAAC;CACF;AAbD,gCAaC"}
+{"version":3,"file":"reader.js","sourceRoot":"","sources":["../../../src/actor-store/repo/reader.ts"],"names":[],"mappings":";;;AAEA,2CAA2C;AAE3C,6CAA+C;AAC/C,uDAAiD;AAEjD,MAAa,UAAU;IAKrB,YACS,EAAW,EACX,SAAoB;QAD3B;;;;mBAAO,EAAE;WAAS;QAClB;;;;mBAAO,SAAS;WAAW;QAN7B;;;;;WAAgB;QAChB;;;;;WAAoB;QACpB;;;;;WAAsB;QAMpB,IAAI,CAAC,IAAI,GAAG,IAAI,mBAAU,CAAC,EAAE,EAAE,SAAS,CAAC,CAAA;QACzC,IAAI,CAAC,MAAM,GAAG,IAAI,qBAAY,CAAC,EAAE,CAAC,CAAA;QAClC,IAAI,CAAC,OAAO,GAAG,IAAI,+BAAa,CAAC,EAAE,CAAC,CAAA;IACtC,CAAC;IAED,KAAK,CAAC,gBAAgB;QACpB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAA;QACjD,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;QAC3D,OAAO;YACL,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,MAAM;SACP,CAAA;IACH,CAAC;CACF;AAvBD,gCAuBC"}

package/dist/actor-store/repo/sql-repo-reader.d.ts

@@ -17,7 +17,7 @@ export declare class SqlRepoReader extends ReadableBlockstore {
         missing: CID[];
     }>;
     getCarStream(since?: string): Promise<import("stream").Readable>;
-    getBlockRange(since?: string, cursor?: RevCursor): Promise<import("kysely").Selection<import("kysely/dist/cjs/parser/table-parser").From<import("../db").DatabaseSchema, "repo_block">, "repo_block", "cid" | "repoRev" | "content">[]>;
+    getBlockRange(since?: string, cursor?: RevCursor): Promise<import("kysely").Selection<import("kysely/dist/cjs/parser/table-parser").From<import("../db").DatabaseSchema, "repo_block">, "repo_block", "content" | "cid" | "repoRev">[]>;
     countBlocks(): Promise<number>;
     destroy(): Promise<void>;
 }

package/dist/actor-store/repo/transactor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"transactor.d.ts","sourceRoot":"","sources":["../../../src/actor-store/repo/transactor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAA;AACtC,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AACzC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAgC,MAAM,eAAe,CAAA;AAC7E,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAA;AAEvC,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAElD,OAAO,EAGL,iBAAiB,EAEjB,cAAc,EACd,aAAa,EACd,MAAM,kBAAkB,CAAA;AACzB,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAA;AAC/B,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AACrC,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAA;AAGzD,qBAAa,cAAe,SAAQ,UAAU;IAMnC,EAAE,EAAE,OAAO;IACX,SAAS,EAAE,SAAS;IACpB,GAAG,EAAE,MAAM;IACX,UAAU,EAAE,MAAM,CAAC,OAAO;IAC1B,eAAe,EAAE,eAAe;IAChC,GAAG,EAAE,MAAM;IAVpB,IAAI,EAAE,cAAc,CAAA;IACpB,MAAM,EAAE,gBAAgB,CAAA;IACxB,OAAO,EAAE,iBAAiB,CAAA;gBAGjB,EAAE,EAAE,OAAO,EACX,SAAS,EAAE,SAAS,EACpB,GAAG,EAAE,MAAM,EACX,UAAU,EAAE,MAAM,CAAC,OAAO,EAC1B,eAAe,EAAE,eAAe,EAChC,GAAG,GAAE,MAAiC;IAQzC,aAAa,IAAI,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IASrC,UAAU,CAAC,MAAM,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAqBhE,aAAa,CACjB,MAAM,EAAE,aAAa,EAAE,EACvB,aAAa,CAAC,EAAE,GAAG,GAClB,OAAO,CAAC,iBAAiB,CAAC;IAcvB,YAAY,CAChB,MAAM,EAAE,aAAa,EAAE,EACvB,UAAU,CAAC,EAAE,GAAG,GACf,OAAO,CAAC,iBAAiB,CAAC;IAkFvB,WAAW,CAAC,MAAM,EAAE,aAAa,EAAE,EAAE,GAAG,EAAE,MAAM;IAuBhD,sBAAsB,CAC1B,IAAI,EAAE,GAAG,EAAE,EACX,WAAW,EAAE,KAAK,EAAE,GACnB,OAAO,CAAC,GAAG,EAAE,CAAC;CAclB"}
+{"version":3,"file":"transactor.d.ts","sourceRoot":"","sources":["../../../src/actor-store/repo/transactor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAA;AACtC,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AACzC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAgC,MAAM,eAAe,CAAA;AAC7E,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAA;AAEvC,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAElD,OAAO,EAGL,iBAAiB,EAEjB,cAAc,EACd,aAAa,EACd,MAAM,kBAAkB,CAAA;AACzB,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAA;AAC/B,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AACrC,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAA;AAEzD,qBAAa,cAAe,SAAQ,UAAU;IAMnC,EAAE,EAAE,OAAO;IACX,SAAS,EAAE,SAAS;IACpB,GAAG,EAAE,MAAM;IACX,UAAU,EAAE,MAAM,CAAC,OAAO;IAC1B,eAAe,EAAE,eAAe;IAChC,GAAG,EAAE,MAAM;IAVpB,IAAI,EAAE,cAAc,CAAA;IACpB,MAAM,EAAE,gBAAgB,CAAA;IACxB,OAAO,EAAE,iBAAiB,CAAA;gBAGjB,EAAE,EAAE,OAAO,EACX,SAAS,EAAE,SAAS,EACpB,GAAG,EAAE,MAAM,EACX,UAAU,EAAE,MAAM,CAAC,OAAO,EAC1B,eAAe,EAAE,eAAe,EAChC,GAAG,GAAE,MAAiC;IAQzC,aAAa,IAAI,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IASrC,UAAU,CAAC,MAAM,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAyBhE,aAAa,CACjB,MAAM,EAAE,aAAa,EAAE,EACvB,aAAa,CAAC,EAAE,GAAG,GAClB,OAAO,CAAC,iBAAiB,CAAC;IAuBvB,YAAY,CAChB,MAAM,EAAE,aAAa,EAAE,EACvB,UAAU,CAAC,EAAE,GAAG,GACf,OAAO,CAAC,iBAAiB,CAAC;IAiFvB,WAAW,CAAC,MAAM,EAAE,aAAa,EAAE,EAAE,GAAG,EAAE,MAAM;IAuBhD,sBAAsB,CAC1B,IAAI,EAAE,GAAG,EAAE,EACX,WAAW,EAAE,KAAK,EAAE,GACnB,OAAO,CAAC,GAAG,EAAE,CAAC;CAclB"}

package/dist/actor-store/repo/transactor.js

@@ -10,7 +10,6 @@ const transactor_1 = require("../blob/transactor");
 const transactor_2 = require("../record/transactor");
 const reader_1 = require("./reader");
 const sql_repo_transactor_1 = require("./sql-repo-transactor");
-const util_1 = require("./util");
 class RepoTransactor extends reader_1.RepoReader {
     constructor(db, blobstore, did, signingKey, backgroundQueue, now = new Date().toISOString()) {
         super(db, blobstore);
@@ -88,16 +87,27 @@ class RepoTransactor extends reader_1.RepoReader {
             this.indexWrites(writes, commit.rev),
             this.blob.processWriteBlobs(commit.rev, writes),
         ]);
+        const ops = writes.map((w) => ({
+            action: 'create',
+            path: (0, repo_1.formatDataKey)(w.uri.collection, w.uri.rkey),
+            cid: w.cid,
+        }));
         return {
             ...commit,
-            ops: (0, util_1.commitOpsFromCreates)(writes),
-            blobs: (0, util_1.blobCidsFromWrites)(writes),
+            ops,
             prevData: null,
         };
     }
     async processWrites(writes, swapCommitCid) {
         this.db.assertTransaction();
+        if (writes.length > 200) {
+            throw new xrpc_server_1.InvalidRequestError('Too many writes. Max: 200');
+        }
         const commit = await this.formatCommit(writes, swapCommitCid);
+        // Do not allow commits > 2MB
+        if (commit.relevantBlocks.byteSize > 2000000) {
+            throw new xrpc_server_1.InvalidRequestError('Too many writes. Max event size: 2MB');
+        }
         await Promise.all([
             // persist the commit to repo storage
             this.storage.applyCommit(commit),
@@ -176,7 +186,6 @@ class RepoTransactor extends reader_1.RepoReader {
         return {
             ...commit,
             ops: commitOps,
-            blobs: (0, util_1.blobCidsFromWrites)(writes),
             prevData,
         };
     }