@atproto/pds 0.4.117 → 0.4.118

package/src/lexicon/types/com/atproto/admin/updateAccountSigningKey.ts

@@ -0,0 +1,48 @@
+/**
+ * GENERATED CODE - DO NOT MODIFY
+ */
+import express from 'express'
+import { type ValidationResult, BlobRef } from '@atproto/lexicon'
+import { CID } from 'multiformats/cid'
+import { validate as _validate } from '../../../../lexicons'
+import {
+  type $Typed,
+  is$typed as _is$typed,
+  type OmitKey,
+} from '../../../../util'
+import { HandlerAuth, HandlerPipeThrough } from '@atproto/xrpc-server'
+
+const is$typed = _is$typed,
+  validate = _validate
+const id = 'com.atproto.admin.updateAccountSigningKey'
+
+export interface QueryParams {}
+
+export interface InputSchema {
+  did: string
+  /** Did-key formatted public key */
+  signingKey: string
+}
+
+export interface HandlerInput {
+  encoding: 'application/json'
+  body: InputSchema
+}
+
+export interface HandlerError {
+  status: number
+  message?: string
+}
+
+export type HandlerOutput = HandlerError | void
+export type HandlerReqCtx<HA extends HandlerAuth = never> = {
+  auth: HA
+  params: QueryParams
+  input: HandlerInput
+  req: express.Request
+  res: express.Response
+  resetRouteRateLimits: () => Promise<void>
+}
+export type Handler<HA extends HandlerAuth = never> = (
+  ctx: HandlerReqCtx<HA>,
+) => Promise<HandlerOutput> | HandlerOutput

package/src/repo/prepare.ts

@@ -278,6 +278,7 @@ export const blobsForWrite = (
   }
 
   return refs.map(({ ref, path }) => ({
+    size: ref.size,
     cid: ref.ref,
     mimeType: ref.mimeType,
     constraints:

package/src/repo/types.ts

@@ -11,6 +11,7 @@ export type BlobConstraint = {
 }
 
 export type PreparedBlobRef = {
+  size: number
   cid: CID
   mimeType: string
   constraints: BlobConstraint

package/src/scripts/README.md

@@ -0,0 +1,40 @@
+# PDS Scripts
+
+This directory includes some low-level administrative scripts primarily meant to help recover from situations of data loss or repository corruption.
+
+These scripts are included in the Docker image. The recommended way to run them is to shell into the PDS container (`docker exec -it pds /bin/sh`) and run the relevant script using `node run-script.js SCRIPT_NAME`.
+
+### rebuild-repo
+
+Rebuild a repo's MST and sign a new commit based on data stored in the actor's record table. Intended to be used if a repository is corrupted and there are missing MST blocks.
+
+`node run-script.js rebuild-repo DID`
+
+### publish-identity
+
+Publishes an identity event on the PDS's outgoing firehose for the relevant DID. Intended to be used if a user's identity is out of date and a refresh of their identity needs to be pushed through the system.
+
+`node run-script.js publish-identity DID`
+`node run-script.js publish-identity DID1 DID2 DID3 ...`
+`node run-script.js publish-identity-file dids.txt` (where `dids.txt` is a `\n` delimited text file of dids)
+
+### rotate-keys
+
+Ensures that an account's signing key in their PLC DID document matches the signing key that the PDS is holidng for them locally. If not, then update their PLC document. Does not work for `did:web`s. Intended to be used in recovery situations where an accounts' signing key is lost and it needs to be re-generated. This script _does not_ regenerate the key.
+
+`node run-script.js rotate-keys DID`
+`node run-script.js rotate-keys DID1 DID2 DID3 ...`
+`node run-script.js rotate-keys-file dids.txt` (where `dids.txt` is a `\n` delimited text file of dids)
+`node run-script.js rotate-keys-recovery` (to be used after `sequencer-recovery` script)
+
+### sequencer-recovery
+
+Replays the sequencer file on top of actor stores. Creates new actor stores & keys for actors that do not exist but are in the sequencer. Deletes actor stores & entries in the accounts DB when processing an account deletion on the stream. This script is meant to be re-runnable. Though because it processes events in parallel, it is important to be discerning about the cursor you pick up from if you stop & start the script.
+
+Does _not_ rotate signing keys even if it generates them. Signing keys that need to be rotated are stored in a recovery DB and can be actually rotated with the `rotate-keys-recovery` script.
+
+Intended to be used for recovery from data loss.
+
+`node run-script.js sequencer-recovery START_CURSOR CONCURRENCY` (both params are optional & default to `0` and `10` respectively)
+
+Failures are also tracked in the recovery DB and can be recovered from with `node run-script.js recovery-repair-repos`. Which will rebuild repos (a la `rebuild-repo`) and then play back the events from the sequencer only pertaining to the recovered DIDs.

package/src/scripts/index.ts

@@ -1,5 +1,20 @@
+import { publishIdentity, publishIdentityFromFile } from './publish-identity'
 import { rebuildRepo } from './rebuild-repo'
+import {
+  rotateKeys,
+  rotateKeysFromFile,
+  rotateKeysRecovery,
+} from './rotate-keys'
+import { sequencerRecovery } from './sequencer-recovery'
+import { repairRepos } from './sequencer-recovery/repair-repos'
 
 export const scripts = {
   'rebuild-repo': rebuildRepo,
+  'sequencer-recovery': sequencerRecovery,
+  'recovery-repair-repos': repairRepos,
+  'rotate-keys': rotateKeys,
+  'rotate-keys-file': rotateKeysFromFile,
+  'rotate-keys-recovery': rotateKeysRecovery,
+  'publish-identity': publishIdentity,
+  'publish-identity-file': publishIdentityFromFile,
 }

package/src/scripts/publish-identity.ts

@@ -0,0 +1,54 @@
+import fs from 'node:fs/promises'
+import { wait } from '@atproto/common'
+import { Sequencer } from '../sequencer'
+import { parseIntArg } from './util'
+
+export type PublishIdentityContext = {
+  sequencer: Sequencer
+}
+
+export const publishIdentity = async (
+  ctx: PublishIdentityContext,
+  args: string[],
+) => {
+  const dids = args
+  await publishIdentityEvtForDids(ctx, dids)
+  console.log('DONE')
+}
+
+export const publishIdentityFromFile = async (
+  ctx: PublishIdentityContext,
+  args: string[],
+) => {
+  const filepath = args[0]
+  if (!filepath) {
+    throw new Error('Expected filepath as argument')
+  }
+  const timeBetween = args[1] ? parseIntArg(args[1]) : 5
+  const file = await fs.readFile(filepath)
+  const dids = file
+    .toString()
+    .split('\n')
+    .map((did) => did.trim())
+
+  await publishIdentityEvtForDids(ctx, dids, timeBetween)
+  console.log('DONE')
+}
+
+export const publishIdentityEvtForDids = async (
+  ctx: PublishIdentityContext,
+  dids: string[],
+  timeBetween = 0,
+) => {
+  for (const did of dids) {
+    try {
+      await ctx.sequencer.sequenceIdentityEvt(did)
+      console.log(`published identity evt for ${did}`)
+    } catch (err) {
+      console.error(`failed to sequence new identity evt for ${did}: ${err}`)
+    }
+    if (timeBetween > 0) {
+      await wait(timeBetween)
+    }
+  }
+}

package/src/scripts/rebuild-repo.ts

@@ -7,21 +7,46 @@ import {
   MemoryBlockstore,
   signCommit,
 } from '@atproto/repo'
-import { AppContext } from '../context'
+import { AccountManager } from '../account-manager/account-manager'
+import { ActorStore } from '../actor-store/actor-store'
+import { Sequencer } from '../sequencer'
 
-export const rebuildRepo = async (ctx: AppContext, args: string[]) => {
+export interface RebuildContext {
+  sequencer: Sequencer
+  accountManager: AccountManager
+  actorStore: ActorStore
+}
+
+export const rebuildRepoScript = async (
+  ctx: RebuildContext,
+  args: string[],
+) => {
   const did = args[0]
   if (!did || !did.startsWith('did:')) {
     throw new Error('Expected DID as argument')
   }
+  return rebuildRepo(ctx, did, true)
+}
 
+export const rebuildRepo = async (
+  ctx: RebuildContext,
+  did: string,
+  promptUser: boolean,
+) => {
   const memoryStore = new MemoryBlockstore()
-  const rev = TID.nextStr()
   const commit = await ctx.actorStore.transact(did, async (store) => {
-    const [records, existingCids] = await Promise.all([
+    const [rootDetails, records, existingCids] = await Promise.all([
+      store.repo.storage.getRootDetailed(),
       store.record.listAll(),
       store.record.listExistingBlocks(),
     ])
+    // increment existing rev by 1 ms
+    const revTid = TID.fromStr(rootDetails.rev)
+    const rev = TID.fromTime(
+      revTid.timestamp() + 1,
+      revTid.clockid(),
+    ).toString()
+
     let mst = await MST.create(memoryStore)
     for (const record of records) {
       mst = await mst.add(record.path, record.cid)
@@ -50,14 +75,16 @@ export const rebuildRepo = async (ctx: AppContext, args: string[]) => {
     )
     const commitCid = await newBlocks.add(newCommit)
 
-    console.log('Record count: ', records.length)
-    console.log('Existing blocks: ', existingCids.toList().length)
-    console.log('Deleting blocks:', toDelete.toList().length)
-    console.log('Adding blocks: ', newBlocks.size)
+    if (promptUser) {
+      console.log('Record count: ', records.length)
+      console.log('Existing blocks: ', existingCids.toList().length)
+      console.log('Deleting blocks:', toDelete.toList().length)
+      console.log('Adding blocks: ', newBlocks.size)
 
-    const shouldContinue = await promptContinue()
-    if (!shouldContinue) {
-      throw new Error('Aborted')
+      const shouldContinue = await promptContinue()
+      if (!shouldContinue) {
+        throw new Error('Aborted')
+      }
     }
 
     await store.repo.storage.deleteMany(toDelete.toList())
@@ -76,7 +103,7 @@ export const rebuildRepo = async (ctx: AppContext, args: string[]) => {
       prevData: null,
     }
   })
-  await ctx.accountManager.updateRepoRoot(did, commit.cid, rev)
+  await ctx.accountManager.updateRepoRoot(did, commit.cid, commit.rev)
   const syncData = await ctx.actorStore.read(did, (store) =>
     store.repo.getSyncEventData(),
   )

package/src/scripts/rotate-keys.ts

@@ -0,0 +1,141 @@
+import fs from 'node:fs/promises'
+import * as plc from '@did-plc/lib'
+import PQueue from 'p-queue'
+import AtpAgent from '@atproto/api'
+import { Keypair } from '@atproto/crypto'
+import { IdResolver } from '@atproto/identity'
+import { ActorStore } from '../actor-store/actor-store'
+import { SyncEvtData } from '../repo'
+import { Sequencer } from '../sequencer'
+import { getRecoveryDbFromSequencerLoc } from './sequencer-recovery/recovery-db'
+import { parseIntArg } from './util'
+
+export type RotateKeysContext = {
+  sequencer: Sequencer
+  actorStore: ActorStore
+  idResolver: IdResolver
+  plcClient: plc.Client
+  plcRotationKey: Keypair
+  entrywayAdminAgent?: AtpAgent
+}
+
+export const rotateKeys = async (ctx: RotateKeysContext, args: string[]) => {
+  const dids = args
+  await rotateKeysForRepos(ctx, dids, 10)
+}
+
+export const rotateKeysFromFile = async (
+  ctx: RotateKeysContext,
+  args: string[],
+) => {
+  const filepath = args[0]
+  if (!filepath) {
+    throw new Error('Expected filepath as argument')
+  }
+  const concurrency = args[1] ? parseIntArg(args[1]) : 25
+  const file = await fs.readFile(filepath)
+  const dids = file
+    .toString()
+    .split('\n')
+    .map((did) => did.trim())
+    .filter((did) => did.startsWith('did:plc'))
+
+  await rotateKeysForRepos(ctx, dids, concurrency)
+}
+
+export const rotateKeysRecovery = async (
+  ctx: RotateKeysContext,
+  args: string[],
+) => {
+  const concurrency = args[1] ? parseIntArg(args[0]) : 10
+
+  const recoveryDb = await getRecoveryDbFromSequencerLoc(
+    ctx.sequencer.dbLocation,
+  )
+  const rows = await recoveryDb.db
+    .selectFrom('new_account')
+    .select('did')
+    .where('new_account.published', '=', 0)
+    .execute()
+  const dids = rows.map((r) => r.did)
+
+  await rotateKeysForRepos(ctx, dids, concurrency, async (did) => {
+    await recoveryDb.db
+      .updateTable('new_account')
+      .set({ published: 1 })
+      .where('did', '=', did)
+      .execute()
+  })
+}
+
+const rotateKeysForRepos = async (
+  ctx: RotateKeysContext,
+  dids: string[],
+  concurrency: number,
+  onSuccess?: (did: string) => Promise<void>,
+) => {
+  const queue = new PQueue({ concurrency })
+  let completed = 0
+  for (const did of dids) {
+    queue.add(async () => {
+      try {
+        await updatePlcSigningKey(ctx, did)
+      } catch (err) {
+        console.error(`failed to update key for ${did}: ${err}`)
+        return
+      }
+      let syncData: SyncEvtData
+      try {
+        syncData = await ctx.actorStore.transact(did, async (actorTxn) => {
+          await actorTxn.repo.processWrites([])
+          return actorTxn.repo.getSyncEventData()
+        })
+      } catch (err) {
+        console.error(`failed to write new commit for ${did}: ${err}`)
+        return
+      }
+      try {
+        await ctx.sequencer.sequenceIdentityEvt(did)
+      } catch (err) {
+        console.error(`failed to sequence new identity evt for ${did}: ${err}`)
+        return
+      }
+      try {
+        await ctx.sequencer.sequenceSyncEvt(did, syncData)
+      } catch (err) {
+        console.error(`failed to sequence for ${did}: ${err}`)
+        return
+      }
+      if (onSuccess) {
+        await onSuccess(did)
+      }
+      completed++
+      if (completed % 10 === 0) {
+        console.log(`${completed}/${dids.length}`)
+      }
+    })
+  }
+  await queue.onIdle()
+  console.log('DONE')
+}
+
+const updatePlcSigningKey = async (ctx: RotateKeysContext, did: string) => {
+  const updateTo = await ctx.actorStore.keypair(did)
+  const currSigningKey = await ctx.idResolver.did.resolveAtprotoKey(did, true)
+  if (updateTo.did() === currSigningKey) {
+    // already up to date
+    return
+  }
+  if (ctx.entrywayAdminAgent) {
+    await ctx.entrywayAdminAgent.api.com.atproto.admin.updateAccountSigningKey({
+      did,
+      signingKey: updateTo.did(),
+    })
+  } else {
+    await ctx.plcClient.updateAtprotoKey(
+      did,
+      ctx.plcRotationKey,
+      updateTo.did(),
+    )
+  }
+}

package/src/scripts/sequencer-recovery/index.ts

@@ -0,0 +1,23 @@
+import { parseIntArg } from '../util'
+import { Recoverer, RecovererContextNoDb } from './recoverer'
+import { getRecoveryDbFromSequencerLoc } from './recovery-db'
+
+export const sequencerRecovery = async (
+  ctx: RecovererContextNoDb,
+  args: string[],
+) => {
+  const cursor = args[0] ? parseIntArg(args[0]) : 0
+  const concurrency = args[1] ? parseIntArg(args[1]) : 10
+
+  const recoveryDb = await getRecoveryDbFromSequencerLoc(
+    ctx.sequencer.dbLocation,
+  )
+
+  const recover = new Recoverer(
+    { ...ctx, recoveryDb },
+    {
+      concurrency,
+    },
+  )
+  await recover.run(cursor)
+}