A container registry that uses the AT Protocol for manifest storage and S3 for blob storage.
user repomgr for record management
tests
vendor repomgr
+3749
-278
+6
-6
go.mod
+6
-6
go.mod
···
11
11
github.com/google/uuid v1.6.0
12
12
github.com/gorilla/mux v1.8.1
13
13
github.com/gorilla/websocket v1.5.3
14
+
github.com/ipfs/go-block-format v0.2.0
14
15
github.com/ipfs/go-cid v0.4.1
16
+
github.com/ipfs/go-datastore v0.6.0
17
+
github.com/ipfs/go-ipfs-blockstore v1.3.1
18
+
github.com/ipfs/go-ipld-format v0.6.0
15
19
github.com/ipld/go-car v0.6.1-0.20230509095817-92d28eb23ba4
16
20
github.com/klauspost/compress v1.18.0
17
21
github.com/mattn/go-sqlite3 v1.14.32
18
22
github.com/opencontainers/go-digest v1.0.0
19
23
github.com/spf13/cobra v1.8.0
20
24
github.com/whyrusleeping/cbor-gen v0.3.1
25
+
go.opentelemetry.io/otel v1.32.0
21
26
go.yaml.in/yaml/v4 v4.0.0-rc.2
22
27
golang.org/x/crypto v0.39.0
23
28
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028
29
+
gorm.io/gorm v1.25.9
24
30
)
25
31
26
32
require (
···
53
59
github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
54
60
github.com/inconshreveable/mousetrap v1.1.0 // indirect
55
61
github.com/ipfs/bbloom v0.0.4 // indirect
56
-
github.com/ipfs/go-block-format v0.2.0 // indirect
57
62
github.com/ipfs/go-blockservice v0.5.2 // indirect
58
-
github.com/ipfs/go-datastore v0.6.0 // indirect
59
-
github.com/ipfs/go-ipfs-blockstore v1.3.1 // indirect
60
63
github.com/ipfs/go-ipfs-ds-help v1.1.1 // indirect
61
64
github.com/ipfs/go-ipfs-exchange-interface v0.2.1 // indirect
62
65
github.com/ipfs/go-ipfs-util v0.0.3 // indirect
63
66
github.com/ipfs/go-ipld-cbor v0.1.0 // indirect
64
-
github.com/ipfs/go-ipld-format v0.6.0 // indirect
65
67
github.com/ipfs/go-ipld-legacy v0.2.1 // indirect
66
68
github.com/ipfs/go-libipfs v0.7.0 // indirect
67
69
github.com/ipfs/go-log v1.0.5 // indirect
···
107
109
go.opentelemetry.io/contrib/bridges/prometheus v0.57.0 // indirect
108
110
go.opentelemetry.io/contrib/exporters/autoexport v0.57.0 // indirect
109
111
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 // indirect
110
-
go.opentelemetry.io/otel v1.32.0 // indirect
111
112
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0 // indirect
112
113
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0 // indirect
113
114
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0 // indirect
···
141
142
gopkg.in/inf.v0 v0.9.1 // indirect
142
143
gopkg.in/yaml.v2 v2.4.0 // indirect
143
144
gorm.io/driver/postgres v1.5.7 // indirect
144
-
gorm.io/gorm v1.25.9 // indirect
145
145
lukechampine.com/blake3 v1.2.1 // indirect
146
146
)
+14
-85
pkg/hold/pds/captain.go
+14
-85
pkg/hold/pds/captain.go
···
1
1
package pds
2
2
3
3
import (
4
-
"bytes"
5
4
"context"
6
5
"fmt"
7
6
"time"
8
7
9
8
"atcr.io/pkg/atproto"
10
-
"github.com/bluesky-social/indigo/repo"
11
9
"github.com/ipfs/go-cid"
12
10
)
13
11
···
16
14
CaptainRkey = "self"
17
15
)
18
16
19
-
// CreateCaptainRecord creates the captain record for the hold
17
+
// CreateCaptainRecord creates the captain record for the hold (first-time only).
18
+
// This will FAIL if the captain record already exists. Use UpdateCaptainRecord to modify.
20
19
func (p *HoldPDS) CreateCaptainRecord(ctx context.Context, ownerDID string, public bool, allowAllCrew bool) (cid.Cid, error) {
21
20
captainRecord := &atproto.CaptainRecord{
22
21
Type: atproto.CaptainCollection,
···
26
25
DeployedAt: time.Now().Format(time.RFC3339),
27
26
}
28
27
29
-
// Create record in repo with fixed rkey "self"
30
-
recordCID, rkey, err := p.repo.CreateRecord(ctx, atproto.CaptainCollection, captainRecord)
28
+
// Use repomgr.PutRecord - creates with explicit rkey, fails if already exists
29
+
recordPath, recordCID, err := p.repomgr.PutRecord(ctx, p.uid, atproto.CaptainCollection, CaptainRkey, captainRecord)
31
30
if err != nil {
32
31
return cid.Undef, fmt.Errorf("failed to create captain record: %w", err)
33
32
}
34
33
35
-
// Create signer function from signing key
36
-
signer := func(ctx context.Context, did string, data []byte) ([]byte, error) {
37
-
return p.signingKey.HashAndSign(data)
38
-
}
39
-
40
-
// Commit the changes to get new root CID
41
-
root, rev, err := p.repo.Commit(ctx, signer)
42
-
if err != nil {
43
-
return cid.Undef, fmt.Errorf("failed to commit captain record: %w", err)
44
-
}
45
-
46
-
// Close the delta session with the new root
47
-
_, err = p.session.CloseWithRoot(ctx, root, rev)
48
-
if err != nil {
49
-
return cid.Undef, fmt.Errorf("failed to persist commit: %w", err)
50
-
}
51
-
52
-
// Create a new session for the next operation (use revision string, not CID)
53
-
newSession, err := p.carstore.NewDeltaSession(ctx, p.uid, &rev)
54
-
if err != nil {
55
-
return cid.Undef, fmt.Errorf("failed to create new session: %w", err)
56
-
}
57
-
58
-
// Load repo from the newly committed head
59
-
newRepo, err := repo.OpenRepo(ctx, newSession, root)
60
-
if err != nil {
61
-
return cid.Undef, fmt.Errorf("failed to reload repo after commit: %w", err)
62
-
}
63
-
64
-
// Update the stored session and repo
65
-
p.session = newSession
66
-
p.repo = newRepo
67
-
68
-
fmt.Printf("Created captain record with rkey: %s, cid: %s\n", rkey, recordCID)
69
-
34
+
fmt.Printf("Created captain record at %s, cid: %s\n", recordPath, recordCID)
70
35
return recordCID, nil
71
36
}
72
37
73
38
// GetCaptainRecord retrieves the captain record
74
39
func (p *HoldPDS) GetCaptainRecord(ctx context.Context) (cid.Cid, *atproto.CaptainRecord, error) {
75
-
path := fmt.Sprintf("%s/%s", atproto.CaptainCollection, CaptainRkey)
76
-
77
-
// Get the record bytes and decode manually
78
-
recordCID, recBytes, err := p.repo.GetRecordBytes(ctx, path)
40
+
// Use repomgr.GetRecord - our types are registered in init()
41
+
// so it will automatically unmarshal to the concrete type
42
+
recordCID, val, err := p.repomgr.GetRecord(ctx, p.uid, atproto.CaptainCollection, CaptainRkey, cid.Undef)
79
43
if err != nil {
80
44
return cid.Undef, nil, fmt.Errorf("failed to get captain record: %w", err)
81
45
}
82
46
83
-
// Decode the CBOR bytes into our CaptainRecord type
84
-
var captainRecord atproto.CaptainRecord
85
-
if err := captainRecord.UnmarshalCBOR(bytes.NewReader(*recBytes)); err != nil {
86
-
return cid.Undef, nil, fmt.Errorf("failed to decode captain record: %w", err)
47
+
// Type assert to our concrete type
48
+
captainRecord, ok := val.(*atproto.CaptainRecord)
49
+
if !ok {
50
+
return cid.Undef, nil, fmt.Errorf("unexpected type for captain record: %T", val)
87
51
}
88
52
89
-
return recordCID, &captainRecord, nil
53
+
return recordCID, captainRecord, nil
90
54
}
91
55
92
56
// UpdateCaptainRecord updates the captain record (e.g., to change public/allowAllCrew settings)
···
101
65
existing.Public = public
102
66
existing.AllowAllCrew = allowAllCrew
103
67
104
-
// Update record in repo
105
-
path := fmt.Sprintf("%s/%s", atproto.CaptainCollection, CaptainRkey)
106
-
recordCID, err := p.repo.UpdateRecord(ctx, path, existing)
68
+
recordCID, err := p.repomgr.UpdateRecord(ctx, p.uid, atproto.CaptainCollection, CaptainRkey, existing)
107
69
if err != nil {
108
70
return cid.Undef, fmt.Errorf("failed to update captain record: %w", err)
109
71
}
110
-
111
-
// Create signer function from signing key
112
-
signer := func(ctx context.Context, did string, data []byte) ([]byte, error) {
113
-
return p.signingKey.HashAndSign(data)
114
-
}
115
-
116
-
// Commit the changes
117
-
root, rev, err := p.repo.Commit(ctx, signer)
118
-
if err != nil {
119
-
return cid.Undef, fmt.Errorf("failed to commit captain record update: %w", err)
120
-
}
121
-
122
-
// Close the delta session with the new root
123
-
_, err = p.session.CloseWithRoot(ctx, root, rev)
124
-
if err != nil {
125
-
return cid.Undef, fmt.Errorf("failed to persist commit: %w", err)
126
-
}
127
-
128
-
// Create a new session for the next operation (use revision string, not CID)
129
-
newSession, err := p.carstore.NewDeltaSession(ctx, p.uid, &rev)
130
-
if err != nil {
131
-
return cid.Undef, fmt.Errorf("failed to create new session: %w", err)
132
-
}
133
-
134
-
// Load repo from the newly committed head
135
-
newRepo, err := repo.OpenRepo(ctx, newSession, root)
136
-
if err != nil {
137
-
return cid.Undef, fmt.Errorf("failed to reload repo after commit: %w", err)
138
-
}
139
-
140
-
// Update the stored session and repo
141
-
p.session = newSession
142
-
p.repo = newRepo
143
72
144
73
return recordCID, nil
145
74
}
+368
pkg/hold/pds/captain_test.go
+368
pkg/hold/pds/captain_test.go
···
1
+
package pds
2
+
3
+
import (
4
+
"bytes"
5
+
"context"
6
+
"path/filepath"
7
+
"strings"
8
+
"testing"
9
+
10
+
"atcr.io/pkg/atproto"
11
+
)
12
+
13
+
// setupTestPDS creates a test PDS instance in a temporary directory
14
+
// It initializes the repo but does NOT create captain/crew records
15
+
// Tests should call Bootstrap or create records as needed
16
+
func setupTestPDS(t *testing.T) (*HoldPDS, context.Context) {
17
+
ctx := context.Background()
18
+
tmpDir := t.TempDir()
19
+
20
+
dbPath := filepath.Join(tmpDir, "pds.db")
21
+
keyPath := filepath.Join(tmpDir, "signing-key")
22
+
23
+
pds, err := NewHoldPDS(ctx, "did:web:hold.example.com", "https://hold.example.com", dbPath, keyPath)
24
+
if err != nil {
25
+
t.Fatalf("Failed to create test PDS: %v", err)
26
+
}
27
+
28
+
// Initialize repo so tests can create records
29
+
// Use a dummy DID to initialize, then tests can create actual captain records
30
+
err = pds.repomgr.InitNewActor(ctx, pds.uid, "", pds.did, "", "", "")
31
+
if err != nil {
32
+
t.Fatalf("Failed to initialize test repo: %v", err)
33
+
}
34
+
35
+
return pds, ctx
36
+
}
37
+
38
+
// TestCreateCaptainRecord tests creating a captain record with various settings
39
+
func TestCreateCaptainRecord(t *testing.T) {
40
+
tests := []struct {
41
+
name string
42
+
ownerDID string
43
+
public bool
44
+
allowAllCrew bool
45
+
}{
46
+
{
47
+
name: "Private hold, no all-crew",
48
+
ownerDID: "did:plc:alice123",
49
+
public: false,
50
+
allowAllCrew: false,
51
+
},
52
+
{
53
+
name: "Public hold, no all-crew",
54
+
ownerDID: "did:plc:bob456",
55
+
public: true,
56
+
allowAllCrew: false,
57
+
},
58
+
{
59
+
name: "Public hold, allow all crew",
60
+
ownerDID: "did:plc:charlie789",
61
+
public: true,
62
+
allowAllCrew: true,
63
+
},
64
+
{
65
+
name: "Private hold, allow all crew",
66
+
ownerDID: "did:plc:dave012",
67
+
public: false,
68
+
allowAllCrew: true,
69
+
},
70
+
}
71
+
72
+
for _, tt := range tests {
73
+
t.Run(tt.name, func(t *testing.T) {
74
+
// Each subtest gets its own PDS instance
75
+
pds, ctx := setupTestPDS(t)
76
+
defer pds.Close()
77
+
78
+
// Create captain record
79
+
recordCID, err := pds.CreateCaptainRecord(ctx, tt.ownerDID, tt.public, tt.allowAllCrew)
80
+
if err != nil {
81
+
t.Fatalf("CreateCaptainRecord failed: %v", err)
82
+
}
83
+
84
+
// Verify CID is defined
85
+
if !recordCID.Defined() {
86
+
t.Error("Expected defined CID")
87
+
}
88
+
89
+
// Retrieve and verify
90
+
retrievedCID, captain, err := pds.GetCaptainRecord(ctx)
91
+
if err != nil {
92
+
t.Fatalf("GetCaptainRecord failed: %v", err)
93
+
}
94
+
95
+
if !recordCID.Equals(retrievedCID) {
96
+
t.Error("Expected retrieved CID to match created CID")
97
+
}
98
+
99
+
if captain.Owner != tt.ownerDID {
100
+
t.Errorf("Expected owner %s, got %s", tt.ownerDID, captain.Owner)
101
+
}
102
+
if captain.Public != tt.public {
103
+
t.Errorf("Expected public=%v, got %v", tt.public, captain.Public)
104
+
}
105
+
if captain.AllowAllCrew != tt.allowAllCrew {
106
+
t.Errorf("Expected allowAllCrew=%v, got %v", tt.allowAllCrew, captain.AllowAllCrew)
107
+
}
108
+
if captain.Type != atproto.CaptainCollection {
109
+
t.Errorf("Expected type %s, got %s", atproto.CaptainCollection, captain.Type)
110
+
}
111
+
if captain.DeployedAt == "" {
112
+
t.Error("Expected deployedAt to be set")
113
+
}
114
+
})
115
+
}
116
+
}
117
+
118
+
// TestGetCaptainRecord tests retrieving a captain record
119
+
func TestGetCaptainRecord(t *testing.T) {
120
+
pds, ctx := setupTestPDS(t)
121
+
defer pds.Close()
122
+
123
+
ownerDID := "did:plc:alice123"
124
+
125
+
// Create captain record
126
+
createdCID, err := pds.CreateCaptainRecord(ctx, ownerDID, true, false)
127
+
if err != nil {
128
+
t.Fatalf("CreateCaptainRecord failed: %v", err)
129
+
}
130
+
131
+
// Get captain record
132
+
retrievedCID, captain, err := pds.GetCaptainRecord(ctx)
133
+
if err != nil {
134
+
t.Fatalf("GetCaptainRecord failed: %v", err)
135
+
}
136
+
137
+
// Verify CIDs match
138
+
if !createdCID.Equals(retrievedCID) {
139
+
t.Error("Expected retrieved CID to match created CID")
140
+
}
141
+
142
+
// Verify captain data
143
+
if captain == nil {
144
+
t.Fatal("Expected non-nil captain record")
145
+
}
146
+
if captain.Owner != ownerDID {
147
+
t.Errorf("Expected owner %s, got %s", ownerDID, captain.Owner)
148
+
}
149
+
if !captain.Public {
150
+
t.Error("Expected public=true")
151
+
}
152
+
if captain.AllowAllCrew {
153
+
t.Error("Expected allowAllCrew=false")
154
+
}
155
+
}
156
+
157
+
// TestGetCaptainRecord_NotFound tests error handling for missing captain
158
+
func TestGetCaptainRecord_NotFound(t *testing.T) {
159
+
pds, ctx := setupTestPDS(t)
160
+
defer pds.Close()
161
+
162
+
// Try to get captain record before creating one
163
+
_, _, err := pds.GetCaptainRecord(ctx)
164
+
if err == nil {
165
+
t.Fatal("Expected error when getting non-existent captain record")
166
+
}
167
+
168
+
// Verify error message indicates not found
169
+
errMsg := err.Error()
170
+
if !strings.Contains(errMsg, "not found") && !strings.Contains(errMsg, "failed to get captain record") {
171
+
t.Errorf("Expected 'not found' in error message, got: %s", errMsg)
172
+
}
173
+
}
174
+
175
+
// TestUpdateCaptainRecord tests updating captain settings
176
+
func TestUpdateCaptainRecord(t *testing.T) {
177
+
pds, ctx := setupTestPDS(t)
178
+
defer pds.Close()
179
+
180
+
ownerDID := "did:plc:alice123"
181
+
182
+
// Create initial captain record (public=false, allowAllCrew=false)
183
+
_, err := pds.CreateCaptainRecord(ctx, ownerDID, false, false)
184
+
if err != nil {
185
+
t.Fatalf("CreateCaptainRecord failed: %v", err)
186
+
}
187
+
188
+
// Get initial record
189
+
_, captain1, err := pds.GetCaptainRecord(ctx)
190
+
if err != nil {
191
+
t.Fatalf("GetCaptainRecord failed: %v", err)
192
+
}
193
+
194
+
// Verify initial state
195
+
if captain1.Public {
196
+
t.Error("Expected initial public=false")
197
+
}
198
+
if captain1.AllowAllCrew {
199
+
t.Error("Expected initial allowAllCrew=false")
200
+
}
201
+
202
+
// Update to public=true, allowAllCrew=true
203
+
updatedCID, err := pds.UpdateCaptainRecord(ctx, true, true)
204
+
if err != nil {
205
+
t.Fatalf("UpdateCaptainRecord failed: %v", err)
206
+
}
207
+
208
+
if !updatedCID.Defined() {
209
+
t.Error("Expected defined CID after update")
210
+
}
211
+
212
+
// Get updated record
213
+
retrievedCID, captain2, err := pds.GetCaptainRecord(ctx)
214
+
if err != nil {
215
+
t.Fatalf("GetCaptainRecord failed after update: %v", err)
216
+
}
217
+
218
+
// Verify CID changed
219
+
if !updatedCID.Equals(retrievedCID) {
220
+
t.Error("Expected retrieved CID to match updated CID")
221
+
}
222
+
223
+
// Verify updated values
224
+
if !captain2.Public {
225
+
t.Error("Expected public=true after update")
226
+
}
227
+
if !captain2.AllowAllCrew {
228
+
t.Error("Expected allowAllCrew=true after update")
229
+
}
230
+
231
+
// Verify owner didn't change
232
+
if captain2.Owner != ownerDID {
233
+
t.Errorf("Expected owner to remain %s, got %s", ownerDID, captain2.Owner)
234
+
}
235
+
236
+
// Update again to different values (public=true, allowAllCrew=false)
237
+
_, err = pds.UpdateCaptainRecord(ctx, true, false)
238
+
if err != nil {
239
+
t.Fatalf("Second UpdateCaptainRecord failed: %v", err)
240
+
}
241
+
242
+
// Verify second update
243
+
_, captain3, err := pds.GetCaptainRecord(ctx)
244
+
if err != nil {
245
+
t.Fatalf("GetCaptainRecord failed after second update: %v", err)
246
+
}
247
+
248
+
if !captain3.Public {
249
+
t.Error("Expected public=true after second update")
250
+
}
251
+
if captain3.AllowAllCrew {
252
+
t.Error("Expected allowAllCrew=false after second update")
253
+
}
254
+
}
255
+
256
+
// TestUpdateCaptainRecord_NotFound tests updating non-existent captain
257
+
func TestUpdateCaptainRecord_NotFound(t *testing.T) {
258
+
pds, ctx := setupTestPDS(t)
259
+
defer pds.Close()
260
+
261
+
// Try to update captain record before creating one
262
+
_, err := pds.UpdateCaptainRecord(ctx, true, true)
263
+
if err == nil {
264
+
t.Fatal("Expected error when updating non-existent captain record")
265
+
}
266
+
267
+
// Verify error message
268
+
errMsg := err.Error()
269
+
if !strings.Contains(errMsg, "failed to get existing captain record") {
270
+
t.Errorf("Expected 'failed to get existing captain record' in error, got: %s", errMsg)
271
+
}
272
+
}
273
+
274
+
// TestCaptainRecord_CBORRoundtrip tests CBOR marshal/unmarshal integrity
275
+
func TestCaptainRecord_CBORRoundtrip(t *testing.T) {
276
+
tests := []struct {
277
+
name string
278
+
record *atproto.CaptainRecord
279
+
}{
280
+
{
281
+
name: "Basic captain",
282
+
record: &atproto.CaptainRecord{
283
+
Type: atproto.CaptainCollection,
284
+
Owner: "did:plc:alice123",
285
+
Public: true,
286
+
AllowAllCrew: false,
287
+
DeployedAt: "2025-10-16T12:00:00Z",
288
+
},
289
+
},
290
+
{
291
+
name: "Captain with optional fields",
292
+
record: &atproto.CaptainRecord{
293
+
Type: atproto.CaptainCollection,
294
+
Owner: "did:plc:bob456",
295
+
Public: false,
296
+
AllowAllCrew: true,
297
+
DeployedAt: "2025-10-16T12:00:00Z",
298
+
Region: "us-west-2",
299
+
Provider: "fly.io",
300
+
},
301
+
},
302
+
{
303
+
name: "Captain with empty optional fields",
304
+
record: &atproto.CaptainRecord{
305
+
Type: atproto.CaptainCollection,
306
+
Owner: "did:plc:charlie789",
307
+
Public: true,
308
+
AllowAllCrew: true,
309
+
DeployedAt: "2025-10-16T12:00:00Z",
310
+
Region: "",
311
+
Provider: "",
312
+
},
313
+
},
314
+
}
315
+
316
+
for _, tt := range tests {
317
+
t.Run(tt.name, func(t *testing.T) {
318
+
// Marshal to CBOR
319
+
var buf bytes.Buffer
320
+
err := tt.record.MarshalCBOR(&buf)
321
+
if err != nil {
322
+
t.Fatalf("MarshalCBOR failed: %v", err)
323
+
}
324
+
325
+
cborBytes := buf.Bytes()
326
+
if len(cborBytes) == 0 {
327
+
t.Fatal("Expected non-empty CBOR bytes")
328
+
}
329
+
330
+
// Unmarshal from CBOR
331
+
var decoded atproto.CaptainRecord
332
+
err = decoded.UnmarshalCBOR(bytes.NewReader(cborBytes))
333
+
if err != nil {
334
+
t.Fatalf("UnmarshalCBOR failed: %v", err)
335
+
}
336
+
337
+
// Verify all fields match
338
+
if decoded.Type != tt.record.Type {
339
+
t.Errorf("Type mismatch: expected %s, got %s", tt.record.Type, decoded.Type)
340
+
}
341
+
if decoded.Owner != tt.record.Owner {
342
+
t.Errorf("Owner mismatch: expected %s, got %s", tt.record.Owner, decoded.Owner)
343
+
}
344
+
if decoded.Public != tt.record.Public {
345
+
t.Errorf("Public mismatch: expected %v, got %v", tt.record.Public, decoded.Public)
346
+
}
347
+
if decoded.AllowAllCrew != tt.record.AllowAllCrew {
348
+
t.Errorf("AllowAllCrew mismatch: expected %v, got %v", tt.record.AllowAllCrew, decoded.AllowAllCrew)
349
+
}
350
+
if decoded.DeployedAt != tt.record.DeployedAt {
351
+
t.Errorf("DeployedAt mismatch: expected %s, got %s", tt.record.DeployedAt, decoded.DeployedAt)
352
+
}
353
+
if decoded.Region != tt.record.Region {
354
+
t.Errorf("Region mismatch: expected %s, got %s", tt.record.Region, decoded.Region)
355
+
}
356
+
if decoded.Provider != tt.record.Provider {
357
+
t.Errorf("Provider mismatch: expected %s, got %s", tt.record.Provider, decoded.Provider)
358
+
}
359
+
})
360
+
}
361
+
}
362
+
363
+
// TestCaptainRkey tests that captain record uses the fixed "self" rkey
364
+
func TestCaptainRkey(t *testing.T) {
365
+
if CaptainRkey != "self" {
366
+
t.Errorf("Expected CaptainRkey to be 'self', got '%s'", CaptainRkey)
367
+
}
368
+
}
+49
-55
pkg/hold/pds/crew.go
+49
-55
pkg/hold/pds/crew.go
···
22
22
AddedAt: time.Now().Format(time.RFC3339),
23
23
}
24
24
25
-
// Create record in repo (using memberDID as rkey for easy lookup)
26
-
recordCID, _, err := p.repo.CreateRecord(ctx, atproto.CrewCollection, crewRecord)
25
+
// Use repomgr for crew operations - auto-generated rkey is fine
26
+
_, recordCID, err := p.repomgr.CreateRecord(ctx, p.uid, atproto.CrewCollection, crewRecord)
27
27
if err != nil {
28
28
return cid.Undef, fmt.Errorf("failed to create crew record: %w", err)
29
29
}
30
30
31
-
// Create signer function from signing key
32
-
signer := func(ctx context.Context, did string, data []byte) ([]byte, error) {
33
-
return p.signingKey.HashAndSign(data)
34
-
}
35
-
36
-
// Commit the changes to get new root CID
37
-
root, rev, err := p.repo.Commit(ctx, signer)
38
-
if err != nil {
39
-
return cid.Undef, fmt.Errorf("failed to commit crew record: %w", err)
40
-
}
41
-
42
-
// Close the delta session with the new root
43
-
_, err = p.session.CloseWithRoot(ctx, root, rev)
44
-
if err != nil {
45
-
return cid.Undef, fmt.Errorf("failed to persist commit: %w", err)
46
-
}
47
-
48
-
// Create a new session for the next operation (use revision string, not CID)
49
-
newSession, err := p.carstore.NewDeltaSession(ctx, p.uid, &rev)
50
-
if err != nil {
51
-
return cid.Undef, fmt.Errorf("failed to create new session: %w", err)
52
-
}
53
-
54
-
// Load repo from the newly committed head (not NewRepo which creates empty MST)
55
-
newRepo, err := repo.OpenRepo(ctx, newSession, root)
56
-
if err != nil {
57
-
return cid.Undef, fmt.Errorf("failed to reload repo after commit: %w", err)
58
-
}
59
-
60
-
// Update the stored session and repo
61
-
p.session = newSession
62
-
p.repo = newRepo
63
-
64
31
return recordCID, nil
65
32
}
66
33
67
34
// GetCrewMember retrieves a crew member by their record key
68
35
func (p *HoldPDS) GetCrewMember(ctx context.Context, rkey string) (cid.Cid, *atproto.CrewRecord, error) {
69
-
path := fmt.Sprintf("%s/%s", atproto.CrewCollection, rkey)
70
-
71
-
// Get the record bytes and decode manually (indigo doesn't know our custom type)
72
-
recordCID, recBytes, err := p.repo.GetRecordBytes(ctx, path)
36
+
// Use repomgr.GetRecord - our types are registered in init()
37
+
recordCID, val, err := p.repomgr.GetRecord(ctx, p.uid, atproto.CrewCollection, rkey, cid.Undef)
73
38
if err != nil {
74
39
return cid.Undef, nil, fmt.Errorf("failed to get crew record: %w", err)
75
40
}
76
41
77
-
// Decode the CBOR bytes into our CrewRecord type
78
-
var crewRecord atproto.CrewRecord
79
-
if err := crewRecord.UnmarshalCBOR(bytes.NewReader(*recBytes)); err != nil {
80
-
return cid.Undef, nil, fmt.Errorf("failed to decode crew record: %w", err)
42
+
// Type assert to our concrete type
43
+
crewRecord, ok := val.(*atproto.CrewRecord)
44
+
if !ok {
45
+
return cid.Undef, nil, fmt.Errorf("unexpected type for crew record: %T", val)
81
46
}
82
47
83
-
return recordCID, &crewRecord, nil
48
+
return recordCID, crewRecord, nil
84
49
}
85
50
86
51
// CrewMemberWithKey pairs a crew record with its rkey and CID
···
94
59
func (p *HoldPDS) ListCrewMembers(ctx context.Context) ([]*CrewMemberWithKey, error) {
95
60
var crew []*CrewMemberWithKey
96
61
97
-
err := p.repo.ForEach(ctx, atproto.CrewCollection, func(k string, v cid.Cid) error {
62
+
// Create read-only session for ForEach access
63
+
// repomgr doesn't expose ForEach, so we need direct repo access
64
+
session, err := p.carstore.ReadOnlySession(p.uid)
65
+
if err != nil {
66
+
return nil, fmt.Errorf("failed to create read-only session: %w", err)
67
+
}
68
+
69
+
// Get repo head
70
+
head, err := p.carstore.GetUserRepoHead(ctx, p.uid)
71
+
if err != nil {
72
+
return nil, fmt.Errorf("failed to get repo head: %w", err)
73
+
}
74
+
75
+
if !head.Defined() {
76
+
return nil, fmt.Errorf("repo not initialized")
77
+
}
78
+
79
+
// Open repo
80
+
r, err := repo.OpenRepo(ctx, session, head)
81
+
if err != nil {
82
+
return nil, fmt.Errorf("failed to open repo: %w", err)
83
+
}
84
+
85
+
// Iterate over all crew records
86
+
err = r.ForEach(ctx, atproto.CrewCollection, func(k string, v cid.Cid) error {
98
87
// Extract rkey from full path (k is like "io.atcr.hold.crew/3m37dr2ddit22")
99
88
parts := strings.Split(k, "/")
100
89
rkey := parts[len(parts)-1]
101
90
102
-
// Get the full record using GetCrewMember
103
-
recordCID, crewRecord, err := p.GetCrewMember(ctx, rkey)
91
+
// Get the record directly from the repo we already have open
92
+
// (calling GetCrewMember would open a new session unnecessarily)
93
+
recordCID, recBytes, err := r.GetRecordBytes(ctx, k)
104
94
if err != nil {
105
-
return err
95
+
return fmt.Errorf("failed to get crew record: %w", err)
96
+
}
97
+
98
+
// Unmarshal the CBOR bytes into our concrete type
99
+
var crewRecord atproto.CrewRecord
100
+
if err := crewRecord.UnmarshalCBOR(bytes.NewReader(*recBytes)); err != nil {
101
+
return fmt.Errorf("failed to decode crew record: %w", err)
106
102
}
107
103
108
104
crew = append(crew, &CrewMemberWithKey{
109
105
Rkey: rkey,
110
106
Cid: recordCID,
111
-
Record: crewRecord,
107
+
Record: &crewRecord,
112
108
})
113
109
return nil
114
110
})
···
116
112
if err != nil {
117
113
// If the collection doesn't exist yet (empty repo or no records created),
118
114
// return empty list instead of error
119
-
if err.Error() == "mst: not found" {
115
+
if err.Error() == "mst: not found" || strings.Contains(err.Error(), "not found") {
120
116
return []*CrewMemberWithKey{}, nil
121
117
}
122
118
return nil, fmt.Errorf("failed to list crew members: %w", err)
···
127
123
128
124
// RemoveCrewMember removes a crew member
129
125
func (p *HoldPDS) RemoveCrewMember(ctx context.Context, rkey string) error {
130
-
path := fmt.Sprintf("%s/%s", atproto.CrewCollection, rkey)
131
-
132
-
err := p.repo.DeleteRecord(ctx, path)
126
+
// Use repomgr.DeleteRecord - it will automatically commit!
127
+
// This fixes the bug where deletions weren't being committed
128
+
err := p.repomgr.DeleteRecord(ctx, p.uid, atproto.CrewCollection, rkey)
133
129
if err != nil {
134
130
return fmt.Errorf("failed to delete crew record: %w", err)
135
131
}
136
-
137
-
// TODO: Commit the changes
138
132
139
133
return nil
140
134
}
+589
pkg/hold/pds/crew_test.go
+589
pkg/hold/pds/crew_test.go
···
1
+
package pds
2
+
3
+
import (
4
+
"bytes"
5
+
"strings"
6
+
"testing"
7
+
8
+
"atcr.io/pkg/atproto"
9
+
)
10
+
11
+
// TestAddCrewMember tests adding a single crew member
12
+
func TestAddCrewMember(t *testing.T) {
13
+
pds, ctx := setupTestPDS(t)
14
+
defer pds.Close()
15
+
16
+
// Add crew member
17
+
memberDID := "did:plc:alice123"
18
+
role := "writer"
19
+
permissions := []string{"blob:read", "blob:write"}
20
+
21
+
recordCID, err := pds.AddCrewMember(ctx, memberDID, role, permissions)
22
+
if err != nil {
23
+
t.Fatalf("AddCrewMember failed: %v", err)
24
+
}
25
+
26
+
// Verify CID is defined
27
+
if !recordCID.Defined() {
28
+
t.Error("Expected defined CID")
29
+
}
30
+
31
+
// List crew members to verify
32
+
crewMembers, err := pds.ListCrewMembers(ctx)
33
+
if err != nil {
34
+
t.Fatalf("ListCrewMembers failed: %v", err)
35
+
}
36
+
37
+
if len(crewMembers) != 1 {
38
+
t.Fatalf("Expected 1 crew member, got %d", len(crewMembers))
39
+
}
40
+
41
+
crew := crewMembers[0]
42
+
if crew.Record.Member != memberDID {
43
+
t.Errorf("Expected member %s, got %s", memberDID, crew.Record.Member)
44
+
}
45
+
if crew.Record.Role != role {
46
+
t.Errorf("Expected role %s, got %s", role, crew.Record.Role)
47
+
}
48
+
if len(crew.Record.Permissions) != len(permissions) {
49
+
t.Fatalf("Expected %d permissions, got %d", len(permissions), len(crew.Record.Permissions))
50
+
}
51
+
for i, perm := range permissions {
52
+
if crew.Record.Permissions[i] != perm {
53
+
t.Errorf("Expected permission[%d]=%s, got %s", i, perm, crew.Record.Permissions[i])
54
+
}
55
+
}
56
+
if crew.Record.Type != atproto.CrewCollection {
57
+
t.Errorf("Expected type %s, got %s", atproto.CrewCollection, crew.Record.Type)
58
+
}
59
+
if crew.Record.AddedAt == "" {
60
+
t.Error("Expected addedAt to be set")
61
+
}
62
+
}
63
+
64
+
// TestGetCrewMember tests retrieving a crew member by rkey
65
+
func TestGetCrewMember(t *testing.T) {
66
+
pds, ctx := setupTestPDS(t)
67
+
defer pds.Close()
68
+
69
+
// Add crew member
70
+
memberDID := "did:plc:bob456"
71
+
role := "reader"
72
+
permissions := []string{"blob:read"}
73
+
74
+
_, err := pds.AddCrewMember(ctx, memberDID, role, permissions)
75
+
if err != nil {
76
+
t.Fatalf("AddCrewMember failed: %v", err)
77
+
}
78
+
79
+
// List to get the rkey
80
+
crewMembers, err := pds.ListCrewMembers(ctx)
81
+
if err != nil {
82
+
t.Fatalf("ListCrewMembers failed: %v", err)
83
+
}
84
+
85
+
if len(crewMembers) == 0 {
86
+
t.Fatal("Expected at least one crew member")
87
+
}
88
+
89
+
rkey := crewMembers[0].Rkey
90
+
91
+
// Get crew member by rkey
92
+
retrievedCID, crew, err := pds.GetCrewMember(ctx, rkey)
93
+
if err != nil {
94
+
t.Fatalf("GetCrewMember failed: %v", err)
95
+
}
96
+
97
+
// Verify CID matches
98
+
if !crewMembers[0].Cid.Equals(retrievedCID) {
99
+
t.Error("Expected retrieved CID to match")
100
+
}
101
+
102
+
// Verify crew data
103
+
if crew.Member != memberDID {
104
+
t.Errorf("Expected member %s, got %s", memberDID, crew.Member)
105
+
}
106
+
if crew.Role != role {
107
+
t.Errorf("Expected role %s, got %s", role, crew.Role)
108
+
}
109
+
if len(crew.Permissions) != len(permissions) {
110
+
t.Fatalf("Expected %d permissions, got %d", len(permissions), len(crew.Permissions))
111
+
}
112
+
}
113
+
114
+
// TestGetCrewMember_NotFound tests error handling for missing crew
115
+
func TestGetCrewMember_NotFound(t *testing.T) {
116
+
pds, ctx := setupTestPDS(t)
117
+
defer pds.Close()
118
+
119
+
// Try to get non-existent crew member
120
+
_, _, err := pds.GetCrewMember(ctx, "nonexistent-rkey")
121
+
if err == nil {
122
+
t.Fatal("Expected error when getting non-existent crew member")
123
+
}
124
+
125
+
// Verify error message
126
+
errMsg := err.Error()
127
+
if !strings.Contains(errMsg, "failed to get crew record") {
128
+
t.Errorf("Expected 'failed to get crew record' in error, got: %s", errMsg)
129
+
}
130
+
}
131
+
132
+
// TestListCrewMembers_Empty tests listing when no crew exists
133
+
func TestListCrewMembers_Empty(t *testing.T) {
134
+
pds, ctx := setupTestPDS(t)
135
+
defer pds.Close()
136
+
137
+
// List crew members (should be empty)
138
+
crewMembers, err := pds.ListCrewMembers(ctx)
139
+
if err != nil {
140
+
t.Fatalf("ListCrewMembers failed: %v", err)
141
+
}
142
+
143
+
if len(crewMembers) != 0 {
144
+
t.Errorf("Expected 0 crew members, got %d", len(crewMembers))
145
+
}
146
+
}
147
+
148
+
// TestListCrewMembers_Multiple tests listing with multiple crew members
149
+
func TestListCrewMembers_Multiple(t *testing.T) {
150
+
pds, ctx := setupTestPDS(t)
151
+
defer pds.Close()
152
+
153
+
// Add multiple crew members
154
+
members := []struct {
155
+
did string
156
+
role string
157
+
permissions []string
158
+
}{
159
+
{
160
+
did: "did:plc:alice123",
161
+
role: "admin",
162
+
permissions: []string{"blob:read", "blob:write", "crew:admin"},
163
+
},
164
+
{
165
+
did: "did:plc:bob456",
166
+
role: "writer",
167
+
permissions: []string{"blob:read", "blob:write"},
168
+
},
169
+
{
170
+
did: "did:plc:charlie789",
171
+
role: "reader",
172
+
permissions: []string{"blob:read"},
173
+
},
174
+
}
175
+
176
+
for _, m := range members {
177
+
_, err := pds.AddCrewMember(ctx, m.did, m.role, m.permissions)
178
+
if err != nil {
179
+
t.Fatalf("AddCrewMember failed for %s: %v", m.did, err)
180
+
}
181
+
}
182
+
183
+
// List all crew members
184
+
crewMembers, err := pds.ListCrewMembers(ctx)
185
+
if err != nil {
186
+
t.Fatalf("ListCrewMembers failed: %v", err)
187
+
}
188
+
189
+
if len(crewMembers) != len(members) {
190
+
t.Fatalf("Expected %d crew members, got %d", len(members), len(crewMembers))
191
+
}
192
+
193
+
// Verify each crew member (order may vary, so check by DID)
194
+
foundMembers := make(map[string]*CrewMemberWithKey)
195
+
for _, cm := range crewMembers {
196
+
foundMembers[cm.Record.Member] = cm
197
+
}
198
+
199
+
for _, m := range members {
200
+
crew, found := foundMembers[m.did]
201
+
if !found {
202
+
t.Errorf("Expected to find crew member %s", m.did)
203
+
continue
204
+
}
205
+
206
+
if crew.Record.Role != m.role {
207
+
t.Errorf("Expected role %s for %s, got %s", m.role, m.did, crew.Record.Role)
208
+
}
209
+
210
+
if len(crew.Record.Permissions) != len(m.permissions) {
211
+
t.Errorf("Expected %d permissions for %s, got %d", len(m.permissions), m.did, len(crew.Record.Permissions))
212
+
}
213
+
214
+
// Verify rkey is set
215
+
if crew.Rkey == "" {
216
+
t.Errorf("Expected non-empty rkey for %s", m.did)
217
+
}
218
+
219
+
// Verify CID is defined
220
+
if !crew.Cid.Defined() {
221
+
t.Errorf("Expected defined CID for %s", m.did)
222
+
}
223
+
}
224
+
}
225
+
226
+
// TestRemoveCrewMember tests deleting a crew member
227
+
func TestRemoveCrewMember(t *testing.T) {
228
+
pds, ctx := setupTestPDS(t)
229
+
defer pds.Close()
230
+
231
+
// Add crew member
232
+
memberDID := "did:plc:alice123"
233
+
_, err := pds.AddCrewMember(ctx, memberDID, "writer", []string{"blob:read", "blob:write"})
234
+
if err != nil {
235
+
t.Fatalf("AddCrewMember failed: %v", err)
236
+
}
237
+
238
+
// List to get the rkey
239
+
crewMembers, err := pds.ListCrewMembers(ctx)
240
+
if err != nil {
241
+
t.Fatalf("ListCrewMembers failed: %v", err)
242
+
}
243
+
244
+
if len(crewMembers) != 1 {
245
+
t.Fatalf("Expected 1 crew member, got %d", len(crewMembers))
246
+
}
247
+
248
+
rkey := crewMembers[0].Rkey
249
+
250
+
// Remove crew member
251
+
err = pds.RemoveCrewMember(ctx, rkey)
252
+
if err != nil {
253
+
t.Fatalf("RemoveCrewMember failed: %v", err)
254
+
}
255
+
256
+
// Verify crew member is gone
257
+
crewMembers, err = pds.ListCrewMembers(ctx)
258
+
if err != nil {
259
+
t.Fatalf("ListCrewMembers failed after removal: %v", err)
260
+
}
261
+
262
+
if len(crewMembers) != 0 {
263
+
t.Errorf("Expected 0 crew members after removal, got %d", len(crewMembers))
264
+
}
265
+
266
+
// Try to get removed crew member (should fail)
267
+
_, _, err = pds.GetCrewMember(ctx, rkey)
268
+
if err == nil {
269
+
t.Error("Expected error when getting removed crew member")
270
+
}
271
+
}
272
+
273
+
// TestRemoveCrewMember_NotFound tests removing non-existent crew member
274
+
func TestRemoveCrewMember_NotFound(t *testing.T) {
275
+
pds, ctx := setupTestPDS(t)
276
+
defer pds.Close()
277
+
278
+
// Try to remove non-existent crew member
279
+
err := pds.RemoveCrewMember(ctx, "nonexistent-rkey")
280
+
if err == nil {
281
+
t.Fatal("Expected error when removing non-existent crew member")
282
+
}
283
+
284
+
// Verify error message
285
+
errMsg := err.Error()
286
+
if !strings.Contains(errMsg, "failed to delete crew record") {
287
+
t.Errorf("Expected 'failed to delete crew record' in error, got: %s", errMsg)
288
+
}
289
+
}
290
+
291
+
// TestRemoveCrewMember_Multiple tests removing one crew member from many
292
+
func TestRemoveCrewMember_Multiple(t *testing.T) {
293
+
pds, ctx := setupTestPDS(t)
294
+
defer pds.Close()
295
+
296
+
// Add multiple crew members
297
+
dids := []string{
298
+
"did:plc:alice123",
299
+
"did:plc:bob456",
300
+
"did:plc:charlie789",
301
+
}
302
+
303
+
for _, did := range dids {
304
+
_, err := pds.AddCrewMember(ctx, did, "writer", []string{"blob:read"})
305
+
if err != nil {
306
+
t.Fatalf("AddCrewMember failed for %s: %v", did, err)
307
+
}
308
+
}
309
+
310
+
// List crew members
311
+
crewMembers, err := pds.ListCrewMembers(ctx)
312
+
if err != nil {
313
+
t.Fatalf("ListCrewMembers failed: %v", err)
314
+
}
315
+
316
+
if len(crewMembers) != 3 {
317
+
t.Fatalf("Expected 3 crew members, got %d", len(crewMembers))
318
+
}
319
+
320
+
// Remove middle member
321
+
middleRkey := crewMembers[1].Rkey
322
+
middleDID := crewMembers[1].Record.Member
323
+
324
+
err = pds.RemoveCrewMember(ctx, middleRkey)
325
+
if err != nil {
326
+
t.Fatalf("RemoveCrewMember failed: %v", err)
327
+
}
328
+
329
+
// Verify only 2 remain
330
+
crewMembers, err = pds.ListCrewMembers(ctx)
331
+
if err != nil {
332
+
t.Fatalf("ListCrewMembers failed after removal: %v", err)
333
+
}
334
+
335
+
if len(crewMembers) != 2 {
336
+
t.Fatalf("Expected 2 crew members after removal, got %d", len(crewMembers))
337
+
}
338
+
339
+
// Verify removed member is not in list
340
+
for _, cm := range crewMembers {
341
+
if cm.Record.Member == middleDID {
342
+
t.Errorf("Expected %s to be removed, but still found in list", middleDID)
343
+
}
344
+
}
345
+
}
346
+
347
+
// TestCrewRecord_CBORRoundtrip tests CBOR marshal/unmarshal integrity
348
+
func TestCrewRecord_CBORRoundtrip(t *testing.T) {
349
+
tests := []struct {
350
+
name string
351
+
record *atproto.CrewRecord
352
+
}{
353
+
{
354
+
name: "Basic crew member",
355
+
record: &atproto.CrewRecord{
356
+
Type: atproto.CrewCollection,
357
+
Member: "did:plc:alice123",
358
+
Role: "writer",
359
+
Permissions: []string{"blob:read", "blob:write"},
360
+
AddedAt: "2025-10-16T12:00:00Z",
361
+
},
362
+
},
363
+
{
364
+
name: "Admin crew member",
365
+
record: &atproto.CrewRecord{
366
+
Type: atproto.CrewCollection,
367
+
Member: "did:plc:bob456",
368
+
Role: "admin",
369
+
Permissions: []string{"blob:read", "blob:write", "crew:admin"},
370
+
AddedAt: "2025-10-16T13:00:00Z",
371
+
},
372
+
},
373
+
{
374
+
name: "Reader crew member",
375
+
record: &atproto.CrewRecord{
376
+
Type: atproto.CrewCollection,
377
+
Member: "did:plc:charlie789",
378
+
Role: "reader",
379
+
Permissions: []string{"blob:read"},
380
+
AddedAt: "2025-10-16T14:00:00Z",
381
+
},
382
+
},
383
+
{
384
+
name: "Crew member with empty permissions",
385
+
record: &atproto.CrewRecord{
386
+
Type: atproto.CrewCollection,
387
+
Member: "did:plc:dave012",
388
+
Role: "none",
389
+
Permissions: []string{},
390
+
AddedAt: "2025-10-16T15:00:00Z",
391
+
},
392
+
},
393
+
}
394
+
395
+
for _, tt := range tests {
396
+
t.Run(tt.name, func(t *testing.T) {
397
+
// Marshal to CBOR
398
+
var buf bytes.Buffer
399
+
err := tt.record.MarshalCBOR(&buf)
400
+
if err != nil {
401
+
t.Fatalf("MarshalCBOR failed: %v", err)
402
+
}
403
+
404
+
cborBytes := buf.Bytes()
405
+
if len(cborBytes) == 0 {
406
+
t.Fatal("Expected non-empty CBOR bytes")
407
+
}
408
+
409
+
// Unmarshal from CBOR
410
+
var decoded atproto.CrewRecord
411
+
err = decoded.UnmarshalCBOR(bytes.NewReader(cborBytes))
412
+
if err != nil {
413
+
t.Fatalf("UnmarshalCBOR failed: %v", err)
414
+
}
415
+
416
+
// Verify all fields match
417
+
if decoded.Type != tt.record.Type {
418
+
t.Errorf("Type mismatch: expected %s, got %s", tt.record.Type, decoded.Type)
419
+
}
420
+
if decoded.Member != tt.record.Member {
421
+
t.Errorf("Member mismatch: expected %s, got %s", tt.record.Member, decoded.Member)
422
+
}
423
+
if decoded.Role != tt.record.Role {
424
+
t.Errorf("Role mismatch: expected %s, got %s", tt.record.Role, decoded.Role)
425
+
}
426
+
if decoded.AddedAt != tt.record.AddedAt {
427
+
t.Errorf("AddedAt mismatch: expected %s, got %s", tt.record.AddedAt, decoded.AddedAt)
428
+
}
429
+
430
+
// Verify permissions
431
+
if len(decoded.Permissions) != len(tt.record.Permissions) {
432
+
t.Fatalf("Permissions length mismatch: expected %d, got %d", len(tt.record.Permissions), len(decoded.Permissions))
433
+
}
434
+
for i, perm := range tt.record.Permissions {
435
+
if decoded.Permissions[i] != perm {
436
+
t.Errorf("Permission[%d] mismatch: expected %s, got %s", i, perm, decoded.Permissions[i])
437
+
}
438
+
}
439
+
})
440
+
}
441
+
}
442
+
443
+
// TestCrewMemberWithKey_Structure tests the CrewMemberWithKey struct
444
+
func TestCrewMemberWithKey_Structure(t *testing.T) {
445
+
pds, ctx := setupTestPDS(t)
446
+
defer pds.Close()
447
+
448
+
// Add crew member
449
+
memberDID := "did:plc:alice123"
450
+
_, err := pds.AddCrewMember(ctx, memberDID, "writer", []string{"blob:read"})
451
+
if err != nil {
452
+
t.Fatalf("AddCrewMember failed: %v", err)
453
+
}
454
+
455
+
// List crew members
456
+
crewMembers, err := pds.ListCrewMembers(ctx)
457
+
if err != nil {
458
+
t.Fatalf("ListCrewMembers failed: %v", err)
459
+
}
460
+
461
+
if len(crewMembers) != 1 {
462
+
t.Fatalf("Expected 1 crew member, got %d", len(crewMembers))
463
+
}
464
+
465
+
cm := crewMembers[0]
466
+
467
+
// Verify CrewMemberWithKey structure
468
+
if cm.Rkey == "" {
469
+
t.Error("Expected non-empty Rkey")
470
+
}
471
+
if !cm.Cid.Defined() {
472
+
t.Error("Expected defined Cid")
473
+
}
474
+
if cm.Record == nil {
475
+
t.Fatal("Expected non-nil Record")
476
+
}
477
+
if cm.Record.Member != memberDID {
478
+
t.Errorf("Expected member %s, got %s", memberDID, cm.Record.Member)
479
+
}
480
+
}
481
+
482
+
// TestAddCrewMember_DidWeb tests adding crew members with did:web DIDs
483
+
func TestAddCrewMember_DidWeb(t *testing.T) {
484
+
pds, ctx := setupTestPDS(t)
485
+
defer pds.Close()
486
+
487
+
// Add crew member with did:web
488
+
memberDID := "did:web:alice.example.com"
489
+
role := "writer"
490
+
permissions := []string{"blob:read", "blob:write"}
491
+
492
+
recordCID, err := pds.AddCrewMember(ctx, memberDID, role, permissions)
493
+
if err != nil {
494
+
t.Fatalf("AddCrewMember failed with did:web: %v", err)
495
+
}
496
+
497
+
if !recordCID.Defined() {
498
+
t.Error("Expected defined CID")
499
+
}
500
+
501
+
// Verify crew member was added
502
+
crewMembers, err := pds.ListCrewMembers(ctx)
503
+
if err != nil {
504
+
t.Fatalf("ListCrewMembers failed: %v", err)
505
+
}
506
+
507
+
if len(crewMembers) != 1 {
508
+
t.Fatalf("Expected 1 crew member, got %d", len(crewMembers))
509
+
}
510
+
511
+
crew := crewMembers[0]
512
+
if crew.Record.Member != memberDID {
513
+
t.Errorf("Expected member %s, got %s", memberDID, crew.Record.Member)
514
+
}
515
+
516
+
// Verify we can get it by rkey
517
+
_, retrievedCrew, err := pds.GetCrewMember(ctx, crew.Rkey)
518
+
if err != nil {
519
+
t.Fatalf("GetCrewMember failed for did:web: %v", err)
520
+
}
521
+
522
+
if retrievedCrew.Member != memberDID {
523
+
t.Errorf("Expected member %s, got %s", memberDID, retrievedCrew.Member)
524
+
}
525
+
}
526
+
527
+
// TestListCrewMembers_MixedDIDs tests listing crew members with mixed DID types
528
+
func TestListCrewMembers_MixedDIDs(t *testing.T) {
529
+
pds, ctx := setupTestPDS(t)
530
+
defer pds.Close()
531
+
532
+
// Add crew members with different DID types
533
+
members := []struct {
534
+
did string
535
+
role string
536
+
permissions []string
537
+
}{
538
+
{
539
+
did: "did:plc:alice123",
540
+
role: "admin",
541
+
permissions: []string{"blob:read", "blob:write", "crew:admin"},
542
+
},
543
+
{
544
+
did: "did:web:bob.example.com",
545
+
role: "writer",
546
+
permissions: []string{"blob:read", "blob:write"},
547
+
},
548
+
{
549
+
did: "did:web:charlie.example.org",
550
+
role: "reader",
551
+
permissions: []string{"blob:read"},
552
+
},
553
+
}
554
+
555
+
for _, m := range members {
556
+
_, err := pds.AddCrewMember(ctx, m.did, m.role, m.permissions)
557
+
if err != nil {
558
+
t.Fatalf("AddCrewMember failed for %s: %v", m.did, err)
559
+
}
560
+
}
561
+
562
+
// List all crew members
563
+
crewMembers, err := pds.ListCrewMembers(ctx)
564
+
if err != nil {
565
+
t.Fatalf("ListCrewMembers failed: %v", err)
566
+
}
567
+
568
+
if len(crewMembers) != len(members) {
569
+
t.Fatalf("Expected %d crew members, got %d", len(members), len(crewMembers))
570
+
}
571
+
572
+
// Verify each crew member exists (order may vary)
573
+
foundMembers := make(map[string]*CrewMemberWithKey)
574
+
for _, cm := range crewMembers {
575
+
foundMembers[cm.Record.Member] = cm
576
+
}
577
+
578
+
for _, m := range members {
579
+
crew, found := foundMembers[m.did]
580
+
if !found {
581
+
t.Errorf("Expected to find crew member %s", m.did)
582
+
continue
583
+
}
584
+
585
+
if crew.Record.Role != m.role {
586
+
t.Errorf("Expected role %s for %s, got %s", m.role, m.did, crew.Record.Role)
587
+
}
588
+
}
589
+
}
+44
pkg/hold/pds/keymgr.go
+44
pkg/hold/pds/keymgr.go
···
1
+
package pds
2
+
3
+
import (
4
+
"context"
5
+
"fmt"
6
+
7
+
"github.com/bluesky-social/indigo/atproto/atcrypto"
8
+
)
9
+
10
+
// HoldKeyManager implements repomgr.KeyManager for a single-user hold
11
+
// It wraps a single signing key and ignores the 'did' parameter since
12
+
// a hold only has one identity
13
+
type HoldKeyManager struct {
14
+
signingKey *atcrypto.PrivateKeyK256
15
+
}
16
+
17
+
// NewHoldKeyManager creates a new KeyManager for the hold's signing key
18
+
func NewHoldKeyManager(signingKey *atcrypto.PrivateKeyK256) *HoldKeyManager {
19
+
return &HoldKeyManager{
20
+
signingKey: signingKey,
21
+
}
22
+
}
23
+
24
+
// SignForUser signs data using the hold's signing key
25
+
// The 'did' parameter is ignored since holds are single-user
26
+
func (km *HoldKeyManager) SignForUser(ctx context.Context, did string, data []byte) ([]byte, error) {
27
+
return km.signingKey.HashAndSign(data)
28
+
}
29
+
30
+
// VerifyUserSignature verifies a signature using the hold's public key
31
+
// The 'did' parameter is ignored since holds are single-user
32
+
func (km *HoldKeyManager) VerifyUserSignature(ctx context.Context, did string, data []byte, sig []byte) error {
33
+
// Get public key from private key
34
+
pubKey, err := km.signingKey.PublicKey()
35
+
if err != nil {
36
+
return fmt.Errorf("failed to get public key: %w", err)
37
+
}
38
+
39
+
// HashAndVerify returns an error if verification fails
40
+
if err := pubKey.HashAndVerify(data, sig); err != nil {
41
+
return fmt.Errorf("signature verification failed: %w", err)
42
+
}
43
+
return nil
44
+
}
+295
pkg/hold/pds/keymgr_test.go
+295
pkg/hold/pds/keymgr_test.go
···
1
+
package pds
2
+
3
+
import (
4
+
"context"
5
+
"testing"
6
+
7
+
"github.com/bluesky-social/indigo/atproto/atcrypto"
8
+
)
9
+
10
+
// TestNewHoldKeyManager tests creating a key manager
11
+
func TestNewHoldKeyManager(t *testing.T) {
12
+
// Generate a test key
13
+
privateKey, err := atcrypto.GeneratePrivateKeyK256()
14
+
if err != nil {
15
+
t.Fatalf("Failed to generate private key: %v", err)
16
+
}
17
+
18
+
// Create key manager
19
+
kmgr := NewHoldKeyManager(privateKey)
20
+
21
+
if kmgr == nil {
22
+
t.Fatal("Expected non-nil key manager")
23
+
}
24
+
25
+
if kmgr.signingKey == nil {
26
+
t.Error("Expected signing key to be set")
27
+
}
28
+
29
+
// Verify we got the same key
30
+
if kmgr.signingKey != privateKey {
31
+
t.Error("Expected key manager to store the provided key")
32
+
}
33
+
}
34
+
35
+
// TestSignAndVerify tests signing data and verifying the signature
36
+
func TestSignAndVerify(t *testing.T) {
37
+
ctx := context.Background()
38
+
39
+
// Generate a test key
40
+
privateKey, err := atcrypto.GeneratePrivateKeyK256()
41
+
if err != nil {
42
+
t.Fatalf("Failed to generate private key: %v", err)
43
+
}
44
+
45
+
// Create key manager
46
+
kmgr := NewHoldKeyManager(privateKey)
47
+
48
+
// Test data
49
+
testData := []byte("Hello, ATCR!")
50
+
51
+
// Sign data (DID is ignored for holds)
52
+
signature, err := kmgr.SignForUser(ctx, "did:plc:ignored", testData)
53
+
if err != nil {
54
+
t.Fatalf("SignForUser failed: %v", err)
55
+
}
56
+
57
+
if len(signature) == 0 {
58
+
t.Fatal("Expected non-empty signature")
59
+
}
60
+
61
+
// Verify signature (DID is ignored for holds)
62
+
err = kmgr.VerifyUserSignature(ctx, "did:plc:also-ignored", testData, signature)
63
+
if err != nil {
64
+
t.Fatalf("VerifyUserSignature failed: %v", err)
65
+
}
66
+
}
67
+
68
+
// TestVerifyInvalidSignature tests rejecting bad signatures
69
+
func TestVerifyInvalidSignature(t *testing.T) {
70
+
ctx := context.Background()
71
+
72
+
// Generate a test key
73
+
privateKey, err := atcrypto.GeneratePrivateKeyK256()
74
+
if err != nil {
75
+
t.Fatalf("Failed to generate private key: %v", err)
76
+
}
77
+
78
+
kmgr := NewHoldKeyManager(privateKey)
79
+
80
+
testData := []byte("Original data")
81
+
82
+
// Sign original data
83
+
signature, err := kmgr.SignForUser(ctx, "did:plc:test", testData)
84
+
if err != nil {
85
+
t.Fatalf("SignForUser failed: %v", err)
86
+
}
87
+
88
+
// Test 1: Verify with different data (should fail)
89
+
differentData := []byte("Different data")
90
+
err = kmgr.VerifyUserSignature(ctx, "did:plc:test", differentData, signature)
91
+
if err == nil {
92
+
t.Error("Expected verification to fail with different data")
93
+
}
94
+
95
+
// Test 2: Verify with corrupted signature (should fail)
96
+
corruptedSignature := make([]byte, len(signature))
97
+
copy(corruptedSignature, signature)
98
+
if len(corruptedSignature) > 0 {
99
+
corruptedSignature[0] ^= 0xFF // Flip bits in first byte
100
+
}
101
+
102
+
err = kmgr.VerifyUserSignature(ctx, "did:plc:test", testData, corruptedSignature)
103
+
if err == nil {
104
+
t.Error("Expected verification to fail with corrupted signature")
105
+
}
106
+
107
+
// Test 3: Verify with empty signature (should fail)
108
+
err = kmgr.VerifyUserSignature(ctx, "did:plc:test", testData, []byte{})
109
+
if err == nil {
110
+
t.Error("Expected verification to fail with empty signature")
111
+
}
112
+
}
113
+
114
+
// TestIgnoresDIDParameter tests that DID parameter doesn't affect signing
115
+
func TestIgnoresDIDParameter(t *testing.T) {
116
+
ctx := context.Background()
117
+
118
+
// Generate a test key
119
+
privateKey, err := atcrypto.GeneratePrivateKeyK256()
120
+
if err != nil {
121
+
t.Fatalf("Failed to generate private key: %v", err)
122
+
}
123
+
124
+
kmgr := NewHoldKeyManager(privateKey)
125
+
126
+
testData := []byte("Test data for DID independence")
127
+
128
+
// Sign with different DIDs
129
+
signature1, err := kmgr.SignForUser(ctx, "did:plc:alice123", testData)
130
+
if err != nil {
131
+
t.Fatalf("SignForUser failed with DID alice: %v", err)
132
+
}
133
+
134
+
signature2, err := kmgr.SignForUser(ctx, "did:plc:bob456", testData)
135
+
if err != nil {
136
+
t.Fatalf("SignForUser failed with DID bob: %v", err)
137
+
}
138
+
139
+
signature3, err := kmgr.SignForUser(ctx, "", testData)
140
+
if err != nil {
141
+
t.Fatalf("SignForUser failed with empty DID: %v", err)
142
+
}
143
+
144
+
// All signatures should be identical (same key, same data)
145
+
// Note: K256 signatures may have randomness (nonce), so they might not be byte-identical
146
+
// Instead, verify that all signatures are valid
147
+
148
+
// Verify signature1 works with any DID
149
+
if err := kmgr.VerifyUserSignature(ctx, "did:plc:alice123", testData, signature1); err != nil {
150
+
t.Errorf("Signature1 should verify with alice DID: %v", err)
151
+
}
152
+
if err := kmgr.VerifyUserSignature(ctx, "did:plc:bob456", testData, signature1); err != nil {
153
+
t.Errorf("Signature1 should verify with bob DID: %v", err)
154
+
}
155
+
if err := kmgr.VerifyUserSignature(ctx, "", testData, signature1); err != nil {
156
+
t.Errorf("Signature1 should verify with empty DID: %v", err)
157
+
}
158
+
159
+
// Verify signature2 works with any DID
160
+
if err := kmgr.VerifyUserSignature(ctx, "did:plc:alice123", testData, signature2); err != nil {
161
+
t.Errorf("Signature2 should verify with alice DID: %v", err)
162
+
}
163
+
if err := kmgr.VerifyUserSignature(ctx, "did:plc:bob456", testData, signature2); err != nil {
164
+
t.Errorf("Signature2 should verify with bob DID: %v", err)
165
+
}
166
+
167
+
// Verify signature3 works with any DID
168
+
if err := kmgr.VerifyUserSignature(ctx, "did:plc:alice123", testData, signature3); err != nil {
169
+
t.Errorf("Signature3 should verify with alice DID: %v", err)
170
+
}
171
+
if err := kmgr.VerifyUserSignature(ctx, "did:plc:bob456", testData, signature3); err != nil {
172
+
t.Errorf("Signature3 should verify with bob DID: %v", err)
173
+
}
174
+
}
175
+
176
+
// TestSignForUser_EmptyData tests signing empty data
177
+
func TestSignForUser_EmptyData(t *testing.T) {
178
+
ctx := context.Background()
179
+
180
+
privateKey, err := atcrypto.GeneratePrivateKeyK256()
181
+
if err != nil {
182
+
t.Fatalf("Failed to generate private key: %v", err)
183
+
}
184
+
185
+
kmgr := NewHoldKeyManager(privateKey)
186
+
187
+
// Sign empty data
188
+
emptyData := []byte{}
189
+
signature, err := kmgr.SignForUser(ctx, "did:plc:test", emptyData)
190
+
if err != nil {
191
+
t.Fatalf("SignForUser failed with empty data: %v", err)
192
+
}
193
+
194
+
if len(signature) == 0 {
195
+
t.Fatal("Expected non-empty signature even for empty data")
196
+
}
197
+
198
+
// Verify signature
199
+
err = kmgr.VerifyUserSignature(ctx, "did:plc:test", emptyData, signature)
200
+
if err != nil {
201
+
t.Fatalf("VerifyUserSignature failed for empty data: %v", err)
202
+
}
203
+
}
204
+
205
+
// TestSignForUser_LargeData tests signing large data
206
+
func TestSignForUser_LargeData(t *testing.T) {
207
+
ctx := context.Background()
208
+
209
+
privateKey, err := atcrypto.GeneratePrivateKeyK256()
210
+
if err != nil {
211
+
t.Fatalf("Failed to generate private key: %v", err)
212
+
}
213
+
214
+
kmgr := NewHoldKeyManager(privateKey)
215
+
216
+
// Create large data (1MB)
217
+
largeData := make([]byte, 1024*1024)
218
+
for i := range largeData {
219
+
largeData[i] = byte(i % 256)
220
+
}
221
+
222
+
// Sign large data
223
+
signature, err := kmgr.SignForUser(ctx, "did:plc:test", largeData)
224
+
if err != nil {
225
+
t.Fatalf("SignForUser failed with large data: %v", err)
226
+
}
227
+
228
+
if len(signature) == 0 {
229
+
t.Fatal("Expected non-empty signature for large data")
230
+
}
231
+
232
+
// Verify signature
233
+
err = kmgr.VerifyUserSignature(ctx, "did:plc:test", largeData, signature)
234
+
if err != nil {
235
+
t.Fatalf("VerifyUserSignature failed for large data: %v", err)
236
+
}
237
+
}
238
+
239
+
// TestKeyManager_DifferentKeys tests that different keys produce different signatures
240
+
func TestKeyManager_DifferentKeys(t *testing.T) {
241
+
ctx := context.Background()
242
+
243
+
// Generate two different keys
244
+
key1, err := atcrypto.GeneratePrivateKeyK256()
245
+
if err != nil {
246
+
t.Fatalf("Failed to generate key1: %v", err)
247
+
}
248
+
249
+
key2, err := atcrypto.GeneratePrivateKeyK256()
250
+
if err != nil {
251
+
t.Fatalf("Failed to generate key2: %v", err)
252
+
}
253
+
254
+
kmgr1 := NewHoldKeyManager(key1)
255
+
kmgr2 := NewHoldKeyManager(key2)
256
+
257
+
testData := []byte("Test data")
258
+
259
+
// Sign with key1
260
+
sig1, err := kmgr1.SignForUser(ctx, "did:plc:test", testData)
261
+
if err != nil {
262
+
t.Fatalf("SignForUser failed with key1: %v", err)
263
+
}
264
+
265
+
// Sign with key2
266
+
sig2, err := kmgr2.SignForUser(ctx, "did:plc:test", testData)
267
+
if err != nil {
268
+
t.Fatalf("SignForUser failed with key2: %v", err)
269
+
}
270
+
271
+
// Signatures should be different (different keys)
272
+
// Note: Due to randomness in ECDSA, this isn't guaranteed byte-for-byte,
273
+
// but they should not verify with each other's keys
274
+
275
+
// Verify sig1 fails with key2
276
+
err = kmgr2.VerifyUserSignature(ctx, "did:plc:test", testData, sig1)
277
+
if err == nil {
278
+
t.Error("Expected sig1 to fail verification with key2")
279
+
}
280
+
281
+
// Verify sig2 fails with key1
282
+
err = kmgr1.VerifyUserSignature(ctx, "did:plc:test", testData, sig2)
283
+
if err == nil {
284
+
t.Error("Expected sig2 to fail verification with key1")
285
+
}
286
+
287
+
// But each should verify with their own key
288
+
if err := kmgr1.VerifyUserSignature(ctx, "did:plc:test", testData, sig1); err != nil {
289
+
t.Errorf("sig1 should verify with key1: %v", err)
290
+
}
291
+
292
+
if err := kmgr2.VerifyUserSignature(ctx, "did:plc:test", testData, sig2); err != nil {
293
+
t.Errorf("sig2 should verify with key2: %v", err)
294
+
}
295
+
}
+437
pkg/hold/pds/keys_test.go
+437
pkg/hold/pds/keys_test.go
···
1
+
package pds
2
+
3
+
import (
4
+
"bytes"
5
+
"os"
6
+
"path/filepath"
7
+
"testing"
8
+
9
+
"github.com/bluesky-social/indigo/atproto/atcrypto"
10
+
)
11
+
12
+
// TestGenerateOrLoadKey_Generate tests generating a new key
13
+
func TestGenerateOrLoadKey_Generate(t *testing.T) {
14
+
tmpDir := t.TempDir()
15
+
keyPath := filepath.Join(tmpDir, "test-key")
16
+
17
+
// Verify key doesn't exist yet
18
+
if _, err := os.Stat(keyPath); !os.IsNotExist(err) {
19
+
t.Fatal("Expected key file to not exist")
20
+
}
21
+
22
+
// Generate key
23
+
key, err := GenerateOrLoadKey(keyPath)
24
+
if err != nil {
25
+
t.Fatalf("GenerateOrLoadKey failed: %v", err)
26
+
}
27
+
28
+
if key == nil {
29
+
t.Fatal("Expected non-nil key")
30
+
}
31
+
32
+
// Verify key file was created
33
+
if _, err := os.Stat(keyPath); os.IsNotExist(err) {
34
+
t.Error("Expected key file to be created")
35
+
}
36
+
37
+
// Verify key file has restrictive permissions (0600)
38
+
fileInfo, err := os.Stat(keyPath)
39
+
if err != nil {
40
+
t.Fatalf("Failed to stat key file: %v", err)
41
+
}
42
+
43
+
perm := fileInfo.Mode().Perm()
44
+
expectedPerm := os.FileMode(0600)
45
+
if perm != expectedPerm {
46
+
t.Errorf("Expected key file permissions %o, got %o", expectedPerm, perm)
47
+
}
48
+
49
+
// Verify key can sign data
50
+
testData := []byte("test data")
51
+
signature, err := key.HashAndSign(testData)
52
+
if err != nil {
53
+
t.Fatalf("Failed to sign with generated key: %v", err)
54
+
}
55
+
56
+
if len(signature) == 0 {
57
+
t.Error("Expected non-empty signature")
58
+
}
59
+
60
+
// Verify signature
61
+
pubKey, err := key.PublicKey()
62
+
if err != nil {
63
+
t.Fatalf("Failed to get public key: %v", err)
64
+
}
65
+
66
+
err = pubKey.HashAndVerify(testData, signature)
67
+
if err != nil {
68
+
t.Fatalf("Failed to verify signature: %v", err)
69
+
}
70
+
}
71
+
72
+
// TestGenerateOrLoadKey_Load tests loading an existing key
73
+
func TestGenerateOrLoadKey_Load(t *testing.T) {
74
+
tmpDir := t.TempDir()
75
+
keyPath := filepath.Join(tmpDir, "test-key")
76
+
77
+
// Generate initial key
78
+
key1, err := GenerateOrLoadKey(keyPath)
79
+
if err != nil {
80
+
t.Fatalf("GenerateOrLoadKey failed on first call: %v", err)
81
+
}
82
+
83
+
// Get key bytes for comparison
84
+
key1Bytes := key1.Bytes()
85
+
86
+
// Load the same key again
87
+
key2, err := GenerateOrLoadKey(keyPath)
88
+
if err != nil {
89
+
t.Fatalf("GenerateOrLoadKey failed on second call: %v", err)
90
+
}
91
+
92
+
// Get key2 bytes
93
+
key2Bytes := key2.Bytes()
94
+
95
+
// Verify keys are identical
96
+
if len(key1Bytes) != len(key2Bytes) {
97
+
t.Fatalf("Key byte length mismatch: %d vs %d", len(key1Bytes), len(key2Bytes))
98
+
}
99
+
100
+
for i := range key1Bytes {
101
+
if key1Bytes[i] != key2Bytes[i] {
102
+
t.Errorf("Key byte mismatch at position %d: %x vs %x", i, key1Bytes[i], key2Bytes[i])
103
+
}
104
+
}
105
+
106
+
// Verify both keys produce same signature for same data
107
+
testData := []byte("consistent test data")
108
+
109
+
sig1, err := key1.HashAndSign(testData)
110
+
if err != nil {
111
+
t.Fatalf("Failed to sign with key1: %v", err)
112
+
}
113
+
114
+
// Verify sig1 with key2's public key
115
+
pubKey2, err := key2.PublicKey()
116
+
if err != nil {
117
+
t.Fatalf("Failed to get public key from key2: %v", err)
118
+
}
119
+
120
+
err = pubKey2.HashAndVerify(testData, sig1)
121
+
if err != nil {
122
+
t.Error("Signature from key1 should verify with key2 (they're the same key)")
123
+
}
124
+
}
125
+
126
+
// TestGenerateOrLoadKey_P256Migration tests migrating from old P-256 keys
127
+
func TestGenerateOrLoadKey_P256Migration(t *testing.T) {
128
+
tmpDir := t.TempDir()
129
+
keyPath := filepath.Join(tmpDir, "old-pem-key")
130
+
131
+
// Create a fake PEM file (old P-256 format)
132
+
pemContent := []byte(`-----BEGIN EC PRIVATE KEY-----
133
+
MHcCAQEEIFakeKeyDataHereThisIsNotARealKeyButHasPEMFormat
134
+
-----END EC PRIVATE KEY-----`)
135
+
136
+
err := os.WriteFile(keyPath, pemContent, 0600)
137
+
if err != nil {
138
+
t.Fatalf("Failed to write fake PEM key: %v", err)
139
+
}
140
+
141
+
// Verify file exists and is in PEM format
142
+
data, err := os.ReadFile(keyPath)
143
+
if err != nil {
144
+
t.Fatalf("Failed to read key file: %v", err)
145
+
}
146
+
147
+
if !isPEMFormat(data) {
148
+
t.Fatal("Expected key file to be in PEM format")
149
+
}
150
+
151
+
// Call GenerateOrLoadKey - should detect PEM and generate new K-256 key
152
+
key, err := GenerateOrLoadKey(keyPath)
153
+
if err != nil {
154
+
t.Fatalf("GenerateOrLoadKey failed during P-256 migration: %v", err)
155
+
}
156
+
157
+
if key == nil {
158
+
t.Fatal("Expected non-nil key after migration")
159
+
}
160
+
161
+
// Verify key file was replaced (no longer PEM)
162
+
newData, err := os.ReadFile(keyPath)
163
+
if err != nil {
164
+
t.Fatalf("Failed to read new key file: %v", err)
165
+
}
166
+
167
+
if isPEMFormat(newData) {
168
+
t.Error("Expected key file to no longer be in PEM format after migration")
169
+
}
170
+
171
+
// Verify new key is K-256 and works
172
+
testData := []byte("test after migration")
173
+
signature, err := key.HashAndSign(testData)
174
+
if err != nil {
175
+
t.Fatalf("Failed to sign with migrated key: %v", err)
176
+
}
177
+
178
+
pubKey, err := key.PublicKey()
179
+
if err != nil {
180
+
t.Fatalf("Failed to get public key: %v", err)
181
+
}
182
+
183
+
err = pubKey.HashAndVerify(testData, signature)
184
+
if err != nil {
185
+
t.Fatalf("Failed to verify signature from migrated key: %v", err)
186
+
}
187
+
}
188
+
189
+
// TestKeyPersistence tests that key bytes survive save/load cycle
190
+
func TestKeyPersistence(t *testing.T) {
191
+
tmpDir := t.TempDir()
192
+
keyPath := filepath.Join(tmpDir, "persist-key")
193
+
194
+
// Generate key
195
+
originalKey, err := GenerateOrLoadKey(keyPath)
196
+
if err != nil {
197
+
t.Fatalf("GenerateOrLoadKey failed: %v", err)
198
+
}
199
+
200
+
// Get original key bytes
201
+
originalBytes := originalKey.Bytes()
202
+
203
+
// Read key file directly
204
+
fileBytes, err := os.ReadFile(keyPath)
205
+
if err != nil {
206
+
t.Fatalf("Failed to read key file: %v", err)
207
+
}
208
+
209
+
// Verify file bytes match key bytes
210
+
if len(fileBytes) != len(originalBytes) {
211
+
t.Fatalf("File byte length mismatch: %d vs %d", len(fileBytes), len(originalBytes))
212
+
}
213
+
214
+
for i := range originalBytes {
215
+
if fileBytes[i] != originalBytes[i] {
216
+
t.Errorf("File byte mismatch at position %d: %x vs %x", i, fileBytes[i], originalBytes[i])
217
+
}
218
+
}
219
+
220
+
// Parse key directly from file bytes
221
+
parsedKey, err := atcrypto.ParsePrivateBytesK256(fileBytes)
222
+
if err != nil {
223
+
t.Fatalf("Failed to parse key from file bytes: %v", err)
224
+
}
225
+
226
+
// Verify parsed key matches original
227
+
parsedBytes := parsedKey.Bytes()
228
+
if len(parsedBytes) != len(originalBytes) {
229
+
t.Fatalf("Parsed key byte length mismatch: %d vs %d", len(parsedBytes), len(originalBytes))
230
+
}
231
+
232
+
for i := range originalBytes {
233
+
if parsedBytes[i] != originalBytes[i] {
234
+
t.Errorf("Parsed key byte mismatch at position %d: %x vs %x", i, parsedBytes[i], originalBytes[i])
235
+
}
236
+
}
237
+
}
238
+
239
+
// TestGenerateOrLoadKey_DirectoryCreation tests that parent directory is created
240
+
func TestGenerateOrLoadKey_DirectoryCreation(t *testing.T) {
241
+
tmpDir := t.TempDir()
242
+
keyPath := filepath.Join(tmpDir, "nested", "dir", "test-key")
243
+
244
+
// Verify nested directories don't exist
245
+
nestedDir := filepath.Join(tmpDir, "nested", "dir")
246
+
if _, err := os.Stat(nestedDir); !os.IsNotExist(err) {
247
+
t.Fatal("Expected nested directory to not exist")
248
+
}
249
+
250
+
// Generate key (should create directories)
251
+
key, err := GenerateOrLoadKey(keyPath)
252
+
if err != nil {
253
+
t.Fatalf("GenerateOrLoadKey failed: %v", err)
254
+
}
255
+
256
+
if key == nil {
257
+
t.Fatal("Expected non-nil key")
258
+
}
259
+
260
+
// Verify directories were created
261
+
if _, err := os.Stat(nestedDir); os.IsNotExist(err) {
262
+
t.Error("Expected nested directory to be created")
263
+
}
264
+
265
+
// Verify key file exists
266
+
if _, err := os.Stat(keyPath); os.IsNotExist(err) {
267
+
t.Error("Expected key file to be created")
268
+
}
269
+
270
+
// Verify directory has restrictive permissions (0700)
271
+
dirInfo, err := os.Stat(nestedDir)
272
+
if err != nil {
273
+
t.Fatalf("Failed to stat directory: %v", err)
274
+
}
275
+
276
+
dirPerm := dirInfo.Mode().Perm()
277
+
expectedDirPerm := os.FileMode(0700)
278
+
if dirPerm != expectedDirPerm {
279
+
t.Errorf("Expected directory permissions %o, got %o", expectedDirPerm, dirPerm)
280
+
}
281
+
}
282
+
283
+
// TestIsPEMFormat tests the PEM format detection
284
+
func TestIsPEMFormat(t *testing.T) {
285
+
tests := []struct {
286
+
name string
287
+
data []byte
288
+
expected bool
289
+
}{
290
+
{
291
+
name: "Valid PEM",
292
+
data: []byte("-----BEGIN EC PRIVATE KEY-----\ndata\n-----END EC PRIVATE KEY-----"),
293
+
expected: true,
294
+
},
295
+
{
296
+
name: "Valid PEM (RSA)",
297
+
data: []byte("-----BEGIN RSA PRIVATE KEY-----\ndata\n-----END RSA PRIVATE KEY-----"),
298
+
expected: true,
299
+
},
300
+
{
301
+
name: "Binary data",
302
+
data: []byte{0x01, 0x02, 0x03, 0x04, 0x05},
303
+
expected: false,
304
+
},
305
+
{
306
+
name: "Empty data",
307
+
data: []byte{},
308
+
expected: false,
309
+
},
310
+
{
311
+
name: "Short data",
312
+
data: []byte("----"),
313
+
expected: false,
314
+
},
315
+
{
316
+
name: "Almost PEM (missing dashes)",
317
+
data: []byte("----BEGIN KEY-----"),
318
+
expected: false,
319
+
},
320
+
}
321
+
322
+
for _, tt := range tests {
323
+
t.Run(tt.name, func(t *testing.T) {
324
+
result := isPEMFormat(tt.data)
325
+
if result != tt.expected {
326
+
t.Errorf("Expected isPEMFormat=%v, got %v", tt.expected, result)
327
+
}
328
+
})
329
+
}
330
+
}
331
+
332
+
// TestGenerateKey_UniqueKeys tests that each generated key is unique
333
+
func TestGenerateKey_UniqueKeys(t *testing.T) {
334
+
tmpDir := t.TempDir()
335
+
336
+
// Generate multiple keys
337
+
var keyBytes [][]byte
338
+
for i := 0; i < 5; i++ {
339
+
keyPath := filepath.Join(tmpDir, "key-"+string(rune('a'+i)))
340
+
key, err := GenerateOrLoadKey(keyPath)
341
+
if err != nil {
342
+
t.Fatalf("GenerateOrLoadKey failed for key %d: %v", i, err)
343
+
}
344
+
keyBytes = append(keyBytes, key.Bytes())
345
+
}
346
+
347
+
// Verify all keys are different
348
+
for i := 0; i < len(keyBytes); i++ {
349
+
for j := i + 1; j < len(keyBytes); j++ {
350
+
// Keys should be different
351
+
identical := true
352
+
if len(keyBytes[i]) != len(keyBytes[j]) {
353
+
identical = false
354
+
} else {
355
+
for k := range keyBytes[i] {
356
+
if keyBytes[i][k] != keyBytes[j][k] {
357
+
identical = false
358
+
break
359
+
}
360
+
}
361
+
}
362
+
363
+
if identical {
364
+
t.Errorf("Keys %d and %d are identical (expected unique keys)", i, j)
365
+
}
366
+
}
367
+
}
368
+
}
369
+
370
+
// TestLoadKey_InvalidFormat tests loading key with invalid format
371
+
func TestLoadKey_InvalidFormat(t *testing.T) {
372
+
tmpDir := t.TempDir()
373
+
keyPath := filepath.Join(tmpDir, "invalid-key")
374
+
375
+
// Write invalid data (not a valid K-256 key and not PEM)
376
+
invalidData := []byte("This is not a valid key format at all")
377
+
err := os.WriteFile(keyPath, invalidData, 0600)
378
+
if err != nil {
379
+
t.Fatalf("Failed to write invalid key: %v", err)
380
+
}
381
+
382
+
// Try to load (should fail with parse error, then try to generate new key)
383
+
// Since it's not PEM, it will try to parse as K-256 and fail,
384
+
// then NOT migrate (migration only happens for PEM), so it should error
385
+
_, err = GenerateOrLoadKey(keyPath)
386
+
if err == nil {
387
+
t.Fatal("Expected error when loading invalid key format")
388
+
}
389
+
390
+
// Error should mention parsing failure
391
+
if err != nil && err.Error() == "" {
392
+
t.Error("Expected non-empty error message")
393
+
}
394
+
}
395
+
396
+
// TestGenerateOrLoadKey_CorruptedKey tests behavior with corrupted key file
397
+
func TestGenerateOrLoadKey_CorruptedKey(t *testing.T) {
398
+
tmpDir := t.TempDir()
399
+
keyPath := filepath.Join(tmpDir, "corrupted-key")
400
+
401
+
// Generate valid key first
402
+
key1, err := GenerateOrLoadKey(keyPath)
403
+
if err != nil {
404
+
t.Fatalf("GenerateOrLoadKey failed: %v", err)
405
+
}
406
+
407
+
originalBytes := key1.Bytes()
408
+
409
+
// Corrupt the key file (flip some bits in the middle)
410
+
corruptedBytes := make([]byte, len(originalBytes))
411
+
copy(corruptedBytes, originalBytes)
412
+
if len(corruptedBytes) > 10 {
413
+
corruptedBytes[5] ^= 0xFF
414
+
corruptedBytes[10] ^= 0xFF
415
+
}
416
+
417
+
err = os.WriteFile(keyPath, corruptedBytes, 0600)
418
+
if err != nil {
419
+
t.Fatalf("Failed to write corrupted key: %v", err)
420
+
}
421
+
422
+
// Try to load corrupted key
423
+
// Note: K256 keys are flexible, so slightly corrupted keys might still be valid
424
+
// We just verify that it either loads successfully or returns an error
425
+
key2, err := GenerateOrLoadKey(keyPath)
426
+
if err != nil {
427
+
// Expected - corrupted key failed to load
428
+
t.Logf("Corrupted key failed to load as expected: %v", err)
429
+
return
430
+
}
431
+
432
+
// If it loaded, verify it's different from the original
433
+
key2Bytes := key2.Bytes()
434
+
if bytes.Equal(originalBytes, key2Bytes) {
435
+
t.Error("Corrupted key loaded with same bytes as original (unexpected)")
436
+
}
437
+
}
+1284
pkg/hold/pds/repomgr.go
+1284
pkg/hold/pds/repomgr.go
···
1
+
// Package pds contains a vendored copy of RepoManager from github.com/bluesky-social/indigo
2
+
//
3
+
// Source: github.com/bluesky-social/indigo/repomgr (v0.0.0-20251014222321)
4
+
// Reference: github.com/streamplace/indigo (67ae5a5) for PutRecord implementation
5
+
// Reason: The indigo library is unmaintained and contains a critical bug in UpdateRecord
6
+
//
7
+
// Modifications from original:
8
+
// - Changed package from 'repomgr' to 'pds' for integration with hold service
9
+
// - Fixed UpdateRecord bug (line 263): Changed r.PutRecord to r.UpdateRecord
10
+
// (UpdateRecord was incorrectly calling PutRecord, causing incorrect MST operations)
11
+
// - Removed 5 Prometheus metrics calls (openAndSigCheckDuration, calcDiffDuration,
12
+
// writeCarSliceDuration, repoOpsImported) as metrics are not used in this project
13
+
// - Added PutRecord method (lines 309-381) for creating records with explicit rkeys
14
+
// (like CreateRecord but with specified rkey instead of auto-generated TID)
15
+
// Based on streamplace/indigo implementation
16
+
package pds
17
+
18
+
import (
19
+
"bytes"
20
+
"context"
21
+
"errors"
22
+
"fmt"
23
+
"io"
24
+
"log/slog"
25
+
"strings"
26
+
"sync"
27
+
28
+
atproto "github.com/bluesky-social/indigo/api/atproto"
29
+
bsky "github.com/bluesky-social/indigo/api/bsky"
30
+
"github.com/bluesky-social/indigo/atproto/syntax"
31
+
"github.com/bluesky-social/indigo/carstore"
32
+
lexutil "github.com/bluesky-social/indigo/lex/util"
33
+
"github.com/bluesky-social/indigo/models"
34
+
"github.com/bluesky-social/indigo/mst"
35
+
"github.com/bluesky-social/indigo/repo"
36
+
"github.com/bluesky-social/indigo/util"
37
+
38
+
blocks "github.com/ipfs/go-block-format"
39
+
"github.com/ipfs/go-cid"
40
+
"github.com/ipfs/go-datastore"
41
+
blockstore "github.com/ipfs/go-ipfs-blockstore"
42
+
ipld "github.com/ipfs/go-ipld-format"
43
+
"github.com/ipld/go-car"
44
+
cbg "github.com/whyrusleeping/cbor-gen"
45
+
"go.opentelemetry.io/otel"
46
+
"go.opentelemetry.io/otel/attribute"
47
+
"gorm.io/gorm"
48
+
)
49
+
50
+
func NewRepoManager(cs carstore.CarStore, kmgr KeyManager) *RepoManager {
51
+
52
+
var noArchive bool
53
+
if _, ok := cs.(*carstore.NonArchivalCarstore); ok {
54
+
noArchive = true
55
+
}
56
+
57
+
clk := syntax.NewTIDClock(0)
58
+
59
+
return &RepoManager{
60
+
cs: cs,
61
+
userLocks: make(map[models.Uid]*userLock),
62
+
kmgr: kmgr,
63
+
log: slog.Default().With("system", "repomgr"),
64
+
noArchive: noArchive,
65
+
clk: &clk,
66
+
}
67
+
}
68
+
69
+
type KeyManager interface {
70
+
VerifyUserSignature(context.Context, string, []byte, []byte) error
71
+
SignForUser(context.Context, string, []byte) ([]byte, error)
72
+
}
73
+
74
+
func (rm *RepoManager) SetEventHandler(cb func(context.Context, *RepoEvent), hydrateRecords bool) {
75
+
rm.events = cb
76
+
rm.hydrateRecords = hydrateRecords
77
+
}
78
+
79
+
type RepoManager struct {
80
+
cs carstore.CarStore
81
+
kmgr KeyManager
82
+
83
+
lklk sync.Mutex
84
+
userLocks map[models.Uid]*userLock
85
+
86
+
events func(context.Context, *RepoEvent)
87
+
hydrateRecords bool
88
+
89
+
log *slog.Logger
90
+
noArchive bool
91
+
92
+
clk *syntax.TIDClock
93
+
}
94
+
95
+
type ActorInfo struct {
96
+
Did string
97
+
Handle string
98
+
DisplayName string
99
+
Type string
100
+
}
101
+
102
+
type RepoEvent struct {
103
+
User models.Uid
104
+
OldRoot *cid.Cid
105
+
NewRoot cid.Cid
106
+
Since *string
107
+
Rev string
108
+
RepoSlice []byte
109
+
PDS uint
110
+
Ops []RepoOp
111
+
}
112
+
113
+
type RepoOp struct {
114
+
Kind EventKind
115
+
Collection string
116
+
Rkey string
117
+
RecCid *cid.Cid
118
+
Record any
119
+
ActorInfo *ActorInfo
120
+
}
121
+
122
+
type EventKind string
123
+
124
+
const (
125
+
EvtKindCreateRecord = EventKind("create")
126
+
EvtKindUpdateRecord = EventKind("update")
127
+
EvtKindDeleteRecord = EventKind("delete")
128
+
)
129
+
130
+
type RepoHead struct {
131
+
gorm.Model
132
+
Usr models.Uid `gorm:"uniqueIndex"`
133
+
Root string
134
+
}
135
+
136
+
type userLock struct {
137
+
lk sync.Mutex
138
+
count int
139
+
}
140
+
141
+
func (rm *RepoManager) lockUser(ctx context.Context, user models.Uid) func() {
142
+
ctx, span := otel.Tracer("repoman").Start(ctx, "userLock")
143
+
defer span.End()
144
+
145
+
rm.lklk.Lock()
146
+
147
+
ulk, ok := rm.userLocks[user]
148
+
if !ok {
149
+
ulk = &userLock{}
150
+
rm.userLocks[user] = ulk
151
+
}
152
+
153
+
ulk.count++
154
+
155
+
rm.lklk.Unlock()
156
+
157
+
ulk.lk.Lock()
158
+
159
+
return func() {
160
+
rm.lklk.Lock()
161
+
162
+
ulk.lk.Unlock()
163
+
ulk.count--
164
+
165
+
if ulk.count == 0 {
166
+
delete(rm.userLocks, user)
167
+
}
168
+
rm.lklk.Unlock()
169
+
}
170
+
}
171
+
172
+
func (rm *RepoManager) CarStore() carstore.CarStore {
173
+
return rm.cs
174
+
}
175
+
176
+
func (rm *RepoManager) CreateRecord(ctx context.Context, user models.Uid, collection string, rec cbg.CBORMarshaler) (string, cid.Cid, error) {
177
+
ctx, span := otel.Tracer("repoman").Start(ctx, "CreateRecord")
178
+
defer span.End()
179
+
180
+
unlock := rm.lockUser(ctx, user)
181
+
defer unlock()
182
+
183
+
rev, err := rm.cs.GetUserRepoRev(ctx, user)
184
+
if err != nil {
185
+
return "", cid.Undef, err
186
+
}
187
+
188
+
ds, err := rm.cs.NewDeltaSession(ctx, user, &rev)
189
+
if err != nil {
190
+
return "", cid.Undef, err
191
+
}
192
+
193
+
head := ds.BaseCid()
194
+
195
+
r, err := repo.OpenRepo(ctx, ds, head)
196
+
if err != nil {
197
+
return "", cid.Undef, err
198
+
}
199
+
200
+
cc, tid, err := r.CreateRecord(ctx, collection, rec)
201
+
if err != nil {
202
+
return "", cid.Undef, err
203
+
}
204
+
205
+
nroot, nrev, err := r.Commit(ctx, rm.kmgr.SignForUser)
206
+
if err != nil {
207
+
return "", cid.Undef, err
208
+
}
209
+
210
+
rslice, err := ds.CloseWithRoot(ctx, nroot, nrev)
211
+
if err != nil {
212
+
return "", cid.Undef, fmt.Errorf("close with root: %w", err)
213
+
}
214
+
215
+
var oldroot *cid.Cid
216
+
if head.Defined() {
217
+
oldroot = &head
218
+
}
219
+
220
+
if rm.events != nil {
221
+
rm.events(ctx, &RepoEvent{
222
+
User: user,
223
+
OldRoot: oldroot,
224
+
NewRoot: nroot,
225
+
Rev: nrev,
226
+
Since: &rev,
227
+
Ops: []RepoOp{{
228
+
Kind: EvtKindCreateRecord,
229
+
Collection: collection,
230
+
Rkey: tid,
231
+
Record: rec,
232
+
RecCid: &cc,
233
+
}},
234
+
RepoSlice: rslice,
235
+
})
236
+
}
237
+
238
+
return collection + "/" + tid, cc, nil
239
+
}
240
+
241
+
func (rm *RepoManager) UpdateRecord(ctx context.Context, user models.Uid, collection, rkey string, rec cbg.CBORMarshaler) (cid.Cid, error) {
242
+
ctx, span := otel.Tracer("repoman").Start(ctx, "UpdateRecord")
243
+
defer span.End()
244
+
245
+
unlock := rm.lockUser(ctx, user)
246
+
defer unlock()
247
+
248
+
rev, err := rm.cs.GetUserRepoRev(ctx, user)
249
+
if err != nil {
250
+
return cid.Undef, err
251
+
}
252
+
253
+
ds, err := rm.cs.NewDeltaSession(ctx, user, &rev)
254
+
if err != nil {
255
+
return cid.Undef, err
256
+
}
257
+
258
+
head := ds.BaseCid()
259
+
r, err := repo.OpenRepo(ctx, ds, head)
260
+
if err != nil {
261
+
return cid.Undef, err
262
+
}
263
+
264
+
rpath := collection + "/" + rkey
265
+
cc, err := r.UpdateRecord(ctx, rpath, rec)
266
+
if err != nil {
267
+
return cid.Undef, err
268
+
}
269
+
270
+
nroot, nrev, err := r.Commit(ctx, rm.kmgr.SignForUser)
271
+
if err != nil {
272
+
return cid.Undef, err
273
+
}
274
+
275
+
rslice, err := ds.CloseWithRoot(ctx, nroot, nrev)
276
+
if err != nil {
277
+
return cid.Undef, fmt.Errorf("close with root: %w", err)
278
+
}
279
+
280
+
var oldroot *cid.Cid
281
+
if head.Defined() {
282
+
oldroot = &head
283
+
}
284
+
285
+
if rm.events != nil {
286
+
op := RepoOp{
287
+
Kind: EvtKindUpdateRecord,
288
+
Collection: collection,
289
+
Rkey: rkey,
290
+
RecCid: &cc,
291
+
}
292
+
293
+
if rm.hydrateRecords {
294
+
op.Record = rec
295
+
}
296
+
297
+
rm.events(ctx, &RepoEvent{
298
+
User: user,
299
+
OldRoot: oldroot,
300
+
NewRoot: nroot,
301
+
Rev: nrev,
302
+
Since: &rev,
303
+
Ops: []RepoOp{op},
304
+
RepoSlice: rslice,
305
+
})
306
+
}
307
+
308
+
return cc, nil
309
+
}
310
+
311
+
// PutRecord creates a record with an explicit rkey (like CreateRecord but with specified rkey).
312
+
// This uses r.PutRecord which will FAIL if the rkey already exists (uses mst.Add, not mst.Update).
313
+
// Use UpdateRecord to modify existing records.
314
+
// Returns the collection path (e.g., "io.atcr.captain/self") and CID.
315
+
func (rm *RepoManager) PutRecord(ctx context.Context, user models.Uid, collection, rkey string, rec cbg.CBORMarshaler) (string, cid.Cid, error) {
316
+
ctx, span := otel.Tracer("repoman").Start(ctx, "PutRecord")
317
+
defer span.End()
318
+
319
+
unlock := rm.lockUser(ctx, user)
320
+
defer unlock()
321
+
322
+
rev, err := rm.cs.GetUserRepoRev(ctx, user)
323
+
if err != nil {
324
+
return "", cid.Undef, err
325
+
}
326
+
327
+
ds, err := rm.cs.NewDeltaSession(ctx, user, &rev)
328
+
if err != nil {
329
+
return "", cid.Undef, err
330
+
}
331
+
332
+
head := ds.BaseCid()
333
+
r, err := repo.OpenRepo(ctx, ds, head)
334
+
if err != nil {
335
+
return "", cid.Undef, err
336
+
}
337
+
338
+
rpath := collection + "/" + rkey
339
+
cc, err := r.PutRecord(ctx, rpath, rec)
340
+
if err != nil {
341
+
return "", cid.Undef, err
342
+
}
343
+
344
+
nroot, nrev, err := r.Commit(ctx, rm.kmgr.SignForUser)
345
+
if err != nil {
346
+
return "", cid.Undef, err
347
+
}
348
+
349
+
rslice, err := ds.CloseWithRoot(ctx, nroot, nrev)
350
+
if err != nil {
351
+
return "", cid.Undef, fmt.Errorf("close with root: %w", err)
352
+
}
353
+
354
+
var oldroot *cid.Cid
355
+
if head.Defined() {
356
+
oldroot = &head
357
+
}
358
+
359
+
if rm.events != nil {
360
+
op := RepoOp{
361
+
Kind: EvtKindCreateRecord,
362
+
Collection: collection,
363
+
Rkey: rkey,
364
+
RecCid: &cc,
365
+
}
366
+
367
+
if rm.hydrateRecords {
368
+
op.Record = rec
369
+
}
370
+
371
+
rm.events(ctx, &RepoEvent{
372
+
User: user,
373
+
OldRoot: oldroot,
374
+
NewRoot: nroot,
375
+
Rev: nrev,
376
+
Since: &rev,
377
+
Ops: []RepoOp{op},
378
+
RepoSlice: rslice,
379
+
})
380
+
}
381
+
382
+
return rpath, cc, nil
383
+
}
384
+
385
+
func (rm *RepoManager) DeleteRecord(ctx context.Context, user models.Uid, collection, rkey string) error {
386
+
ctx, span := otel.Tracer("repoman").Start(ctx, "DeleteRecord")
387
+
defer span.End()
388
+
389
+
unlock := rm.lockUser(ctx, user)
390
+
defer unlock()
391
+
392
+
rev, err := rm.cs.GetUserRepoRev(ctx, user)
393
+
if err != nil {
394
+
return err
395
+
}
396
+
397
+
ds, err := rm.cs.NewDeltaSession(ctx, user, &rev)
398
+
if err != nil {
399
+
return err
400
+
}
401
+
402
+
head := ds.BaseCid()
403
+
r, err := repo.OpenRepo(ctx, ds, head)
404
+
if err != nil {
405
+
return err
406
+
}
407
+
408
+
rpath := collection + "/" + rkey
409
+
if err := r.DeleteRecord(ctx, rpath); err != nil {
410
+
return err
411
+
}
412
+
413
+
nroot, nrev, err := r.Commit(ctx, rm.kmgr.SignForUser)
414
+
if err != nil {
415
+
return err
416
+
}
417
+
418
+
rslice, err := ds.CloseWithRoot(ctx, nroot, nrev)
419
+
if err != nil {
420
+
return fmt.Errorf("close with root: %w", err)
421
+
}
422
+
423
+
var oldroot *cid.Cid
424
+
if head.Defined() {
425
+
oldroot = &head
426
+
}
427
+
428
+
if rm.events != nil {
429
+
rm.events(ctx, &RepoEvent{
430
+
User: user,
431
+
OldRoot: oldroot,
432
+
NewRoot: nroot,
433
+
Rev: nrev,
434
+
Since: &rev,
435
+
Ops: []RepoOp{{
436
+
Kind: EvtKindDeleteRecord,
437
+
Collection: collection,
438
+
Rkey: rkey,
439
+
}},
440
+
RepoSlice: rslice,
441
+
})
442
+
}
443
+
444
+
return nil
445
+
446
+
}
447
+
448
+
func (rm *RepoManager) InitNewActor(ctx context.Context, user models.Uid, handle, did, displayname string, declcid, actortype string) error {
449
+
unlock := rm.lockUser(ctx, user)
450
+
defer unlock()
451
+
452
+
if did == "" {
453
+
return fmt.Errorf("must specify DID for new actor")
454
+
}
455
+
456
+
if user == 0 {
457
+
return fmt.Errorf("must specify user for new actor")
458
+
}
459
+
460
+
ds, err := rm.cs.NewDeltaSession(ctx, user, nil)
461
+
if err != nil {
462
+
return fmt.Errorf("creating new delta session: %w", err)
463
+
}
464
+
465
+
r := repo.NewRepo(ctx, did, ds)
466
+
467
+
profile := &bsky.ActorProfile{
468
+
DisplayName: &displayname,
469
+
}
470
+
471
+
_, err = r.PutRecord(ctx, "app.bsky.actor.profile/self", profile)
472
+
if err != nil {
473
+
return fmt.Errorf("setting initial actor profile: %w", err)
474
+
}
475
+
476
+
root, nrev, err := r.Commit(ctx, rm.kmgr.SignForUser)
477
+
if err != nil {
478
+
return fmt.Errorf("committing repo for actor init: %w", err)
479
+
}
480
+
481
+
rslice, err := ds.CloseWithRoot(ctx, root, nrev)
482
+
if err != nil {
483
+
return fmt.Errorf("close with root: %w", err)
484
+
}
485
+
486
+
if rm.events != nil {
487
+
op := RepoOp{
488
+
Kind: EvtKindCreateRecord,
489
+
Collection: "app.bsky.actor.profile",
490
+
Rkey: "self",
491
+
}
492
+
493
+
if rm.hydrateRecords {
494
+
op.Record = profile
495
+
}
496
+
497
+
rm.events(ctx, &RepoEvent{
498
+
User: user,
499
+
NewRoot: root,
500
+
Rev: nrev,
501
+
Ops: []RepoOp{op},
502
+
RepoSlice: rslice,
503
+
})
504
+
}
505
+
506
+
return nil
507
+
}
508
+
509
+
func (rm *RepoManager) GetRepoRoot(ctx context.Context, user models.Uid) (cid.Cid, error) {
510
+
unlock := rm.lockUser(ctx, user)
511
+
defer unlock()
512
+
513
+
return rm.cs.GetUserRepoHead(ctx, user)
514
+
}
515
+
516
+
func (rm *RepoManager) GetRepoRev(ctx context.Context, user models.Uid) (string, error) {
517
+
unlock := rm.lockUser(ctx, user)
518
+
defer unlock()
519
+
520
+
return rm.cs.GetUserRepoRev(ctx, user)
521
+
}
522
+
523
+
func (rm *RepoManager) ReadRepo(ctx context.Context, user models.Uid, since string, w io.Writer) error {
524
+
return rm.cs.ReadUserCar(ctx, user, since, true, w)
525
+
}
526
+
527
+
func (rm *RepoManager) GetRecord(ctx context.Context, user models.Uid, collection string, rkey string, maybeCid cid.Cid) (cid.Cid, cbg.CBORMarshaler, error) {
528
+
bs, err := rm.cs.ReadOnlySession(user)
529
+
if err != nil {
530
+
return cid.Undef, nil, err
531
+
}
532
+
533
+
head, err := rm.cs.GetUserRepoHead(ctx, user)
534
+
if err != nil {
535
+
return cid.Undef, nil, err
536
+
}
537
+
538
+
r, err := repo.OpenRepo(ctx, bs, head)
539
+
if err != nil {
540
+
return cid.Undef, nil, err
541
+
}
542
+
543
+
ocid, val, err := r.GetRecord(ctx, collection+"/"+rkey)
544
+
if err != nil {
545
+
return cid.Undef, nil, err
546
+
}
547
+
548
+
if maybeCid.Defined() && ocid != maybeCid {
549
+
return cid.Undef, nil, fmt.Errorf("record at specified key had different CID than expected")
550
+
}
551
+
552
+
return ocid, val, nil
553
+
}
554
+
555
+
func (rm *RepoManager) GetRecordProof(ctx context.Context, user models.Uid, collection string, rkey string) (cid.Cid, []blocks.Block, error) {
556
+
robs, err := rm.cs.ReadOnlySession(user)
557
+
if err != nil {
558
+
return cid.Undef, nil, err
559
+
}
560
+
561
+
bs := util.NewLoggingBstore(robs)
562
+
563
+
head, err := rm.cs.GetUserRepoHead(ctx, user)
564
+
if err != nil {
565
+
return cid.Undef, nil, err
566
+
}
567
+
568
+
r, err := repo.OpenRepo(ctx, bs, head)
569
+
if err != nil {
570
+
return cid.Undef, nil, err
571
+
}
572
+
573
+
_, _, err = r.GetRecordBytes(ctx, collection+"/"+rkey)
574
+
if err != nil {
575
+
return cid.Undef, nil, err
576
+
}
577
+
578
+
return head, bs.GetLoggedBlocks(), nil
579
+
}
580
+
581
+
func (rm *RepoManager) GetProfile(ctx context.Context, uid models.Uid) (*bsky.ActorProfile, error) {
582
+
bs, err := rm.cs.ReadOnlySession(uid)
583
+
if err != nil {
584
+
return nil, err
585
+
}
586
+
587
+
head, err := rm.cs.GetUserRepoHead(ctx, uid)
588
+
if err != nil {
589
+
return nil, err
590
+
}
591
+
592
+
r, err := repo.OpenRepo(ctx, bs, head)
593
+
if err != nil {
594
+
return nil, err
595
+
}
596
+
597
+
_, val, err := r.GetRecord(ctx, "app.bsky.actor.profile/self")
598
+
if err != nil {
599
+
return nil, err
600
+
}
601
+
602
+
ap, ok := val.(*bsky.ActorProfile)
603
+
if !ok {
604
+
return nil, fmt.Errorf("found wrong type in actor profile location in tree")
605
+
}
606
+
607
+
return ap, nil
608
+
}
609
+
610
+
func (rm *RepoManager) CheckRepoSig(ctx context.Context, r *repo.Repo, expdid string) error {
611
+
ctx, span := otel.Tracer("repoman").Start(ctx, "CheckRepoSig")
612
+
defer span.End()
613
+
614
+
repoDid := r.RepoDid()
615
+
if expdid != repoDid {
616
+
return fmt.Errorf("DID in repo did not match (%q != %q)", expdid, repoDid)
617
+
}
618
+
619
+
scom := r.SignedCommit()
620
+
621
+
usc := scom.Unsigned()
622
+
sb, err := usc.BytesForSigning()
623
+
if err != nil {
624
+
return fmt.Errorf("commit serialization failed: %w", err)
625
+
}
626
+
if err := rm.kmgr.VerifyUserSignature(ctx, repoDid, scom.Sig, sb); err != nil {
627
+
return fmt.Errorf("signature check failed (sig: %x) (sb: %x) : %w", scom.Sig, sb, err)
628
+
}
629
+
630
+
return nil
631
+
}
632
+
633
+
func (rm *RepoManager) HandleExternalUserEvent(ctx context.Context, pdsid uint, uid models.Uid, did string, since *string, nrev string, carslice []byte, ops []*atproto.SyncSubscribeRepos_RepoOp) error {
634
+
if rm.noArchive {
635
+
return rm.handleExternalUserEventNoArchive(ctx, pdsid, uid, did, since, nrev, carslice, ops)
636
+
} else {
637
+
return rm.handleExternalUserEventArchive(ctx, pdsid, uid, did, since, nrev, carslice, ops)
638
+
}
639
+
}
640
+
641
+
func (rm *RepoManager) handleExternalUserEventNoArchive(ctx context.Context, pdsid uint, uid models.Uid, did string, since *string, nrev string, carslice []byte, ops []*atproto.SyncSubscribeRepos_RepoOp) error {
642
+
ctx, span := otel.Tracer("repoman").Start(ctx, "HandleExternalUserEvent")
643
+
defer span.End()
644
+
645
+
span.SetAttributes(attribute.Int64("uid", int64(uid)))
646
+
647
+
rm.log.Debug("HandleExternalUserEvent", "pds", pdsid, "uid", uid, "since", since, "nrev", nrev)
648
+
649
+
unlock := rm.lockUser(ctx, uid)
650
+
defer unlock()
651
+
652
+
root, ds, err := rm.cs.ImportSlice(ctx, uid, since, carslice)
653
+
if err != nil {
654
+
return fmt.Errorf("importing external carslice: %w", err)
655
+
}
656
+
657
+
r, err := repo.OpenRepo(ctx, ds, root)
658
+
if err != nil {
659
+
return fmt.Errorf("opening external user repo (%d, root=%s): %w", uid, root, err)
660
+
}
661
+
662
+
if err := rm.CheckRepoSig(ctx, r, did); err != nil {
663
+
return fmt.Errorf("check repo sig: %w", err)
664
+
}
665
+
666
+
evtops := make([]RepoOp, 0, len(ops))
667
+
for _, op := range ops {
668
+
parts := strings.SplitN(op.Path, "/", 2)
669
+
if len(parts) != 2 {
670
+
return fmt.Errorf("invalid rpath in mst diff, must have collection and rkey")
671
+
}
672
+
673
+
switch EventKind(op.Action) {
674
+
case EvtKindCreateRecord:
675
+
rop := RepoOp{
676
+
Kind: EvtKindCreateRecord,
677
+
Collection: parts[0],
678
+
Rkey: parts[1],
679
+
RecCid: (*cid.Cid)(op.Cid),
680
+
}
681
+
682
+
if rm.hydrateRecords {
683
+
_, rec, err := r.GetRecord(ctx, op.Path)
684
+
if err != nil {
685
+
return fmt.Errorf("reading changed record from car slice: %w", err)
686
+
}
687
+
rop.Record = rec
688
+
}
689
+
690
+
evtops = append(evtops, rop)
691
+
case EvtKindUpdateRecord:
692
+
rop := RepoOp{
693
+
Kind: EvtKindUpdateRecord,
694
+
Collection: parts[0],
695
+
Rkey: parts[1],
696
+
RecCid: (*cid.Cid)(op.Cid),
697
+
}
698
+
699
+
if rm.hydrateRecords {
700
+
_, rec, err := r.GetRecord(ctx, op.Path)
701
+
if err != nil {
702
+
return fmt.Errorf("reading changed record from car slice: %w", err)
703
+
}
704
+
705
+
rop.Record = rec
706
+
}
707
+
708
+
evtops = append(evtops, rop)
709
+
case EvtKindDeleteRecord:
710
+
evtops = append(evtops, RepoOp{
711
+
Kind: EvtKindDeleteRecord,
712
+
Collection: parts[0],
713
+
Rkey: parts[1],
714
+
})
715
+
default:
716
+
return fmt.Errorf("unrecognized external user event kind: %q", op.Action)
717
+
}
718
+
}
719
+
720
+
if rm.events != nil {
721
+
rm.events(ctx, &RepoEvent{
722
+
User: uid,
723
+
//OldRoot: prev,
724
+
NewRoot: root,
725
+
Rev: nrev,
726
+
Since: since,
727
+
Ops: evtops,
728
+
RepoSlice: carslice,
729
+
PDS: pdsid,
730
+
})
731
+
}
732
+
733
+
return nil
734
+
}
735
+
736
+
func (rm *RepoManager) handleExternalUserEventArchive(ctx context.Context, pdsid uint, uid models.Uid, did string, since *string, nrev string, carslice []byte, ops []*atproto.SyncSubscribeRepos_RepoOp) error {
737
+
ctx, span := otel.Tracer("repoman").Start(ctx, "HandleExternalUserEvent")
738
+
defer span.End()
739
+
740
+
span.SetAttributes(attribute.Int64("uid", int64(uid)))
741
+
742
+
rm.log.Debug("HandleExternalUserEvent", "pds", pdsid, "uid", uid, "since", since, "nrev", nrev)
743
+
744
+
unlock := rm.lockUser(ctx, uid)
745
+
defer unlock()
746
+
747
+
root, ds, err := rm.cs.ImportSlice(ctx, uid, since, carslice)
748
+
if err != nil {
749
+
return fmt.Errorf("importing external carslice: %w", err)
750
+
}
751
+
752
+
r, err := repo.OpenRepo(ctx, ds, root)
753
+
if err != nil {
754
+
return fmt.Errorf("opening external user repo (%d, root=%s): %w", uid, root, err)
755
+
}
756
+
757
+
if err := rm.CheckRepoSig(ctx, r, did); err != nil {
758
+
return err
759
+
}
760
+
761
+
var skipcids map[cid.Cid]bool
762
+
if ds.BaseCid().Defined() {
763
+
oldrepo, err := repo.OpenRepo(ctx, ds, ds.BaseCid())
764
+
if err != nil {
765
+
return fmt.Errorf("failed to check data root in old repo: %w", err)
766
+
}
767
+
768
+
// if the old commit has a 'prev', CalcDiff will error out while trying
769
+
// to walk it. This is an old repo thing that is being deprecated.
770
+
// This check is a temporary workaround until all repos get migrated
771
+
// and this becomes no longer an issue
772
+
prev, _ := oldrepo.PrevCommit(ctx)
773
+
if prev != nil {
774
+
skipcids = map[cid.Cid]bool{
775
+
*prev: true,
776
+
}
777
+
}
778
+
}
779
+
780
+
if err := ds.CalcDiff(ctx, skipcids); err != nil {
781
+
return fmt.Errorf("failed while calculating mst diff (since=%v): %w", since, err)
782
+
}
783
+
784
+
evtops := make([]RepoOp, 0, len(ops))
785
+
786
+
for _, op := range ops {
787
+
parts := strings.SplitN(op.Path, "/", 2)
788
+
if len(parts) != 2 {
789
+
return fmt.Errorf("invalid rpath in mst diff, must have collection and rkey")
790
+
}
791
+
792
+
switch EventKind(op.Action) {
793
+
case EvtKindCreateRecord:
794
+
rop := RepoOp{
795
+
Kind: EvtKindCreateRecord,
796
+
Collection: parts[0],
797
+
Rkey: parts[1],
798
+
RecCid: (*cid.Cid)(op.Cid),
799
+
}
800
+
801
+
if rm.hydrateRecords {
802
+
_, rec, err := r.GetRecord(ctx, op.Path)
803
+
if err != nil {
804
+
return fmt.Errorf("reading changed record from car slice: %w", err)
805
+
}
806
+
rop.Record = rec
807
+
}
808
+
809
+
evtops = append(evtops, rop)
810
+
case EvtKindUpdateRecord:
811
+
rop := RepoOp{
812
+
Kind: EvtKindUpdateRecord,
813
+
Collection: parts[0],
814
+
Rkey: parts[1],
815
+
RecCid: (*cid.Cid)(op.Cid),
816
+
}
817
+
818
+
if rm.hydrateRecords {
819
+
_, rec, err := r.GetRecord(ctx, op.Path)
820
+
if err != nil {
821
+
return fmt.Errorf("reading changed record from car slice: %w", err)
822
+
}
823
+
824
+
rop.Record = rec
825
+
}
826
+
827
+
evtops = append(evtops, rop)
828
+
case EvtKindDeleteRecord:
829
+
evtops = append(evtops, RepoOp{
830
+
Kind: EvtKindDeleteRecord,
831
+
Collection: parts[0],
832
+
Rkey: parts[1],
833
+
})
834
+
default:
835
+
return fmt.Errorf("unrecognized external user event kind: %q", op.Action)
836
+
}
837
+
}
838
+
839
+
rslice, err := ds.CloseWithRoot(ctx, root, nrev)
840
+
if err != nil {
841
+
return fmt.Errorf("close with root: %w", err)
842
+
}
843
+
844
+
if rm.events != nil {
845
+
rm.events(ctx, &RepoEvent{
846
+
User: uid,
847
+
//OldRoot: prev,
848
+
NewRoot: root,
849
+
Rev: nrev,
850
+
Since: since,
851
+
Ops: evtops,
852
+
RepoSlice: rslice,
853
+
PDS: pdsid,
854
+
})
855
+
}
856
+
857
+
return nil
858
+
}
859
+
860
+
func (rm *RepoManager) BatchWrite(ctx context.Context, user models.Uid, writes []*atproto.RepoApplyWrites_Input_Writes_Elem) error {
861
+
ctx, span := otel.Tracer("repoman").Start(ctx, "BatchWrite")
862
+
defer span.End()
863
+
864
+
unlock := rm.lockUser(ctx, user)
865
+
defer unlock()
866
+
867
+
rev, err := rm.cs.GetUserRepoRev(ctx, user)
868
+
if err != nil {
869
+
return err
870
+
}
871
+
872
+
ds, err := rm.cs.NewDeltaSession(ctx, user, &rev)
873
+
if err != nil {
874
+
return err
875
+
}
876
+
877
+
head := ds.BaseCid()
878
+
r, err := repo.OpenRepo(ctx, ds, head)
879
+
if err != nil {
880
+
return err
881
+
}
882
+
883
+
ops := make([]RepoOp, 0, len(writes))
884
+
for _, w := range writes {
885
+
switch {
886
+
case w.RepoApplyWrites_Create != nil:
887
+
c := w.RepoApplyWrites_Create
888
+
var rkey string
889
+
if c.Rkey != nil {
890
+
rkey = *c.Rkey
891
+
} else {
892
+
rkey = rm.clk.Next().String()
893
+
}
894
+
895
+
nsid := c.Collection + "/" + rkey
896
+
cc, err := r.PutRecord(ctx, nsid, c.Value.Val)
897
+
if err != nil {
898
+
return err
899
+
}
900
+
901
+
op := RepoOp{
902
+
Kind: EvtKindCreateRecord,
903
+
Collection: c.Collection,
904
+
Rkey: rkey,
905
+
RecCid: &cc,
906
+
}
907
+
908
+
if rm.hydrateRecords {
909
+
op.Record = c.Value.Val
910
+
}
911
+
912
+
ops = append(ops, op)
913
+
case w.RepoApplyWrites_Update != nil:
914
+
u := w.RepoApplyWrites_Update
915
+
916
+
cc, err := r.PutRecord(ctx, u.Collection+"/"+u.Rkey, u.Value.Val)
917
+
if err != nil {
918
+
return err
919
+
}
920
+
921
+
op := RepoOp{
922
+
Kind: EvtKindUpdateRecord,
923
+
Collection: u.Collection,
924
+
Rkey: u.Rkey,
925
+
RecCid: &cc,
926
+
}
927
+
928
+
if rm.hydrateRecords {
929
+
op.Record = u.Value.Val
930
+
}
931
+
932
+
ops = append(ops, op)
933
+
case w.RepoApplyWrites_Delete != nil:
934
+
d := w.RepoApplyWrites_Delete
935
+
936
+
if err := r.DeleteRecord(ctx, d.Collection+"/"+d.Rkey); err != nil {
937
+
return err
938
+
}
939
+
940
+
ops = append(ops, RepoOp{
941
+
Kind: EvtKindDeleteRecord,
942
+
Collection: d.Collection,
943
+
Rkey: d.Rkey,
944
+
})
945
+
default:
946
+
return fmt.Errorf("no operation set in write enum")
947
+
}
948
+
}
949
+
950
+
nroot, nrev, err := r.Commit(ctx, rm.kmgr.SignForUser)
951
+
if err != nil {
952
+
return err
953
+
}
954
+
955
+
rslice, err := ds.CloseWithRoot(ctx, nroot, nrev)
956
+
if err != nil {
957
+
return fmt.Errorf("close with root: %w", err)
958
+
}
959
+
960
+
var oldroot *cid.Cid
961
+
if head.Defined() {
962
+
oldroot = &head
963
+
}
964
+
965
+
if rm.events != nil {
966
+
rm.events(ctx, &RepoEvent{
967
+
User: user,
968
+
OldRoot: oldroot,
969
+
NewRoot: nroot,
970
+
RepoSlice: rslice,
971
+
Rev: nrev,
972
+
Since: &rev,
973
+
Ops: ops,
974
+
})
975
+
}
976
+
977
+
return nil
978
+
}
979
+
980
+
func (rm *RepoManager) ImportNewRepo(ctx context.Context, user models.Uid, repoDid string, r io.Reader, rev *string) error {
981
+
ctx, span := otel.Tracer("repoman").Start(ctx, "ImportNewRepo")
982
+
defer span.End()
983
+
984
+
unlock := rm.lockUser(ctx, user)
985
+
defer unlock()
986
+
987
+
currev, err := rm.cs.GetUserRepoRev(ctx, user)
988
+
if err != nil {
989
+
return err
990
+
}
991
+
992
+
curhead, err := rm.cs.GetUserRepoHead(ctx, user)
993
+
if err != nil {
994
+
return err
995
+
}
996
+
997
+
if rev != nil && *rev == "" {
998
+
rev = nil
999
+
}
1000
+
if rev == nil {
1001
+
// if 'rev' is nil, this implies a fresh sync.
1002
+
// in this case, ignore any existing blocks we have and treat this like a clean import.
1003
+
curhead = cid.Undef
1004
+
}
1005
+
1006
+
if rev != nil && *rev != currev {
1007
+
// TODO: we could probably just deal with this
1008
+
return fmt.Errorf("ImportNewRepo called with incorrect base")
1009
+
}
1010
+
1011
+
err = rm.processNewRepo(ctx, user, r, rev, func(ctx context.Context, root cid.Cid, finish func(context.Context, string) ([]byte, error), bs blockstore.Blockstore) error {
1012
+
r, err := repo.OpenRepo(ctx, bs, root)
1013
+
if err != nil {
1014
+
return fmt.Errorf("opening new repo: %w", err)
1015
+
}
1016
+
1017
+
scom := r.SignedCommit()
1018
+
1019
+
usc := scom.Unsigned()
1020
+
sb, err := usc.BytesForSigning()
1021
+
if err != nil {
1022
+
return fmt.Errorf("commit serialization failed: %w", err)
1023
+
}
1024
+
if err := rm.kmgr.VerifyUserSignature(ctx, repoDid, scom.Sig, sb); err != nil {
1025
+
return fmt.Errorf("new user signature check failed: %w", err)
1026
+
}
1027
+
1028
+
diffops, err := r.DiffSince(ctx, curhead)
1029
+
if err != nil {
1030
+
return fmt.Errorf("diff trees (curhead: %s): %w", curhead, err)
1031
+
}
1032
+
1033
+
ops := make([]RepoOp, 0, len(diffops))
1034
+
for _, op := range diffops {
1035
+
out, err := rm.processOp(ctx, bs, op, rm.hydrateRecords)
1036
+
if err != nil {
1037
+
rm.log.Error("failed to process repo op", "err", err, "path", op.Rpath, "repo", repoDid)
1038
+
}
1039
+
1040
+
if out != nil {
1041
+
ops = append(ops, *out)
1042
+
}
1043
+
}
1044
+
1045
+
slice, err := finish(ctx, scom.Rev)
1046
+
if err != nil {
1047
+
return err
1048
+
}
1049
+
1050
+
if rm.events != nil {
1051
+
rm.events(ctx, &RepoEvent{
1052
+
User: user,
1053
+
//OldRoot: oldroot,
1054
+
NewRoot: root,
1055
+
Rev: scom.Rev,
1056
+
Since: &currev,
1057
+
RepoSlice: slice,
1058
+
Ops: ops,
1059
+
})
1060
+
}
1061
+
1062
+
return nil
1063
+
})
1064
+
if err != nil {
1065
+
return fmt.Errorf("process new repo (current rev: %s): %w:", currev, err)
1066
+
}
1067
+
1068
+
return nil
1069
+
}
1070
+
1071
+
func (rm *RepoManager) processOp(ctx context.Context, bs blockstore.Blockstore, op *mst.DiffOp, hydrateRecords bool) (*RepoOp, error) {
1072
+
parts := strings.SplitN(op.Rpath, "/", 2)
1073
+
if len(parts) != 2 {
1074
+
return nil, fmt.Errorf("repo mst had invalid rpath: %q", op.Rpath)
1075
+
}
1076
+
1077
+
switch op.Op {
1078
+
case "add", "mut":
1079
+
1080
+
kind := EvtKindCreateRecord
1081
+
if op.Op == "mut" {
1082
+
kind = EvtKindUpdateRecord
1083
+
}
1084
+
1085
+
outop := &RepoOp{
1086
+
Kind: kind,
1087
+
Collection: parts[0],
1088
+
Rkey: parts[1],
1089
+
RecCid: &op.NewCid,
1090
+
}
1091
+
1092
+
if hydrateRecords {
1093
+
blk, err := bs.Get(ctx, op.NewCid)
1094
+
if err != nil {
1095
+
return nil, err
1096
+
}
1097
+
1098
+
rec, err := lexutil.CborDecodeValue(blk.RawData())
1099
+
if err != nil {
1100
+
if !errors.Is(err, lexutil.ErrUnrecognizedType) {
1101
+
return nil, err
1102
+
}
1103
+
1104
+
rm.log.Warn("failed processing repo diff", "err", err)
1105
+
} else {
1106
+
outop.Record = rec
1107
+
}
1108
+
}
1109
+
1110
+
return outop, nil
1111
+
case "del":
1112
+
return &RepoOp{
1113
+
Kind: EvtKindDeleteRecord,
1114
+
Collection: parts[0],
1115
+
Rkey: parts[1],
1116
+
RecCid: nil,
1117
+
}, nil
1118
+
1119
+
default:
1120
+
return nil, fmt.Errorf("diff returned invalid op type: %q", op.Op)
1121
+
}
1122
+
}
1123
+
1124
+
func (rm *RepoManager) processNewRepo(ctx context.Context, user models.Uid, r io.Reader, rev *string, cb func(ctx context.Context, root cid.Cid, finish func(context.Context, string) ([]byte, error), bs blockstore.Blockstore) error) error {
1125
+
ctx, span := otel.Tracer("repoman").Start(ctx, "processNewRepo")
1126
+
defer span.End()
1127
+
1128
+
carr, err := car.NewCarReader(r)
1129
+
if err != nil {
1130
+
return err
1131
+
}
1132
+
1133
+
if len(carr.Header.Roots) != 1 {
1134
+
return fmt.Errorf("invalid car file, header must have a single root (has %d)", len(carr.Header.Roots))
1135
+
}
1136
+
1137
+
membs := blockstore.NewBlockstore(datastore.NewMapDatastore())
1138
+
1139
+
for {
1140
+
blk, err := carr.Next()
1141
+
if err != nil {
1142
+
if err == io.EOF {
1143
+
break
1144
+
}
1145
+
return err
1146
+
}
1147
+
1148
+
if err := membs.Put(ctx, blk); err != nil {
1149
+
return err
1150
+
}
1151
+
}
1152
+
1153
+
seen := make(map[cid.Cid]bool)
1154
+
1155
+
root := carr.Header.Roots[0]
1156
+
// TODO: if there are blocks that get convergently recreated throughout
1157
+
// the repos lifecycle, this will end up erroneously not including
1158
+
// them. We should compute the set of blocks needed to read any repo
1159
+
// ops that happened in the commit and use that for our 'output' blocks
1160
+
cids, err := rm.walkTree(ctx, seen, root, membs, true)
1161
+
if err != nil {
1162
+
return fmt.Errorf("walkTree: %w", err)
1163
+
}
1164
+
1165
+
ds, err := rm.cs.NewDeltaSession(ctx, user, rev)
1166
+
if err != nil {
1167
+
return fmt.Errorf("opening delta session: %w", err)
1168
+
}
1169
+
1170
+
for _, c := range cids {
1171
+
blk, err := membs.Get(ctx, c)
1172
+
if err != nil {
1173
+
return fmt.Errorf("copying walked cids to carstore: %w", err)
1174
+
}
1175
+
1176
+
if err := ds.Put(ctx, blk); err != nil {
1177
+
return err
1178
+
}
1179
+
}
1180
+
1181
+
finish := func(ctx context.Context, nrev string) ([]byte, error) {
1182
+
return ds.CloseWithRoot(ctx, root, nrev)
1183
+
}
1184
+
1185
+
if err := cb(ctx, root, finish, ds); err != nil {
1186
+
return fmt.Errorf("cb errored root: %s, rev: %s: %w", root, stringOrNil(rev), err)
1187
+
}
1188
+
1189
+
return nil
1190
+
}
1191
+
1192
+
func stringOrNil(s *string) string {
1193
+
if s == nil {
1194
+
return "nil"
1195
+
}
1196
+
return *s
1197
+
}
1198
+
1199
+
// walkTree returns all cids linked recursively by the root, skipping any cids
1200
+
// in the 'skip' map, and not erroring on 'not found' if prevMissing is set
1201
+
func (rm *RepoManager) walkTree(ctx context.Context, skip map[cid.Cid]bool, root cid.Cid, bs blockstore.Blockstore, prevMissing bool) ([]cid.Cid, error) {
1202
+
// TODO: what if someone puts non-cbor links in their repo?
1203
+
if root.Prefix().Codec != cid.DagCBOR {
1204
+
return nil, fmt.Errorf("can only handle dag-cbor objects in repos (%s is %d)", root, root.Prefix().Codec)
1205
+
}
1206
+
1207
+
blk, err := bs.Get(ctx, root)
1208
+
if err != nil {
1209
+
return nil, err
1210
+
}
1211
+
1212
+
var links []cid.Cid
1213
+
if err := cbg.ScanForLinks(bytes.NewReader(blk.RawData()), func(c cid.Cid) {
1214
+
if c.Prefix().Codec == cid.Raw {
1215
+
rm.log.Debug("skipping 'raw' CID in record", "recordCid", root, "rawCid", c)
1216
+
return
1217
+
}
1218
+
if skip[c] {
1219
+
return
1220
+
}
1221
+
1222
+
links = append(links, c)
1223
+
skip[c] = true
1224
+
}); err != nil {
1225
+
return nil, err
1226
+
}
1227
+
1228
+
out := []cid.Cid{root}
1229
+
skip[root] = true
1230
+
1231
+
// TODO: should do this non-recursive since i expect these may get deep
1232
+
for _, c := range links {
1233
+
sub, err := rm.walkTree(ctx, skip, c, bs, prevMissing)
1234
+
if err != nil {
1235
+
if prevMissing && !ipld.IsNotFound(err) {
1236
+
return nil, err
1237
+
}
1238
+
}
1239
+
1240
+
out = append(out, sub...)
1241
+
}
1242
+
1243
+
return out, nil
1244
+
}
1245
+
1246
+
func (rm *RepoManager) TakeDownRepo(ctx context.Context, uid models.Uid) error {
1247
+
unlock := rm.lockUser(ctx, uid)
1248
+
defer unlock()
1249
+
1250
+
return rm.cs.WipeUserData(ctx, uid)
1251
+
}
1252
+
1253
+
// technically identical to TakeDownRepo, for now
1254
+
func (rm *RepoManager) ResetRepo(ctx context.Context, uid models.Uid) error {
1255
+
unlock := rm.lockUser(ctx, uid)
1256
+
defer unlock()
1257
+
1258
+
return rm.cs.WipeUserData(ctx, uid)
1259
+
}
1260
+
1261
+
func (rm *RepoManager) VerifyRepo(ctx context.Context, uid models.Uid) error {
1262
+
ses, err := rm.cs.ReadOnlySession(uid)
1263
+
if err != nil {
1264
+
return err
1265
+
}
1266
+
1267
+
r, err := repo.OpenRepo(ctx, ses, ses.BaseCid())
1268
+
if err != nil {
1269
+
return err
1270
+
}
1271
+
1272
+
if err := r.ForEach(ctx, "", func(k string, v cid.Cid) error {
1273
+
_, err := ses.Get(ctx, v)
1274
+
if err != nil {
1275
+
return fmt.Errorf("failed to get record %s (%s): %w", k, v, err)
1276
+
}
1277
+
1278
+
return nil
1279
+
}); err != nil {
1280
+
return err
1281
+
}
1282
+
1283
+
return nil
1284
+
}
+36
-95
pkg/hold/pds/server.go
+36
-95
pkg/hold/pds/server.go
···
5
5
"fmt"
6
6
"os"
7
7
"path/filepath"
8
-
"time"
9
8
10
9
"atcr.io/pkg/atproto"
11
10
"github.com/bluesky-social/indigo/atproto/atcrypto"
12
11
"github.com/bluesky-social/indigo/carstore"
12
+
lexutil "github.com/bluesky-social/indigo/lex/util"
13
13
"github.com/bluesky-social/indigo/models"
14
-
"github.com/bluesky-social/indigo/repo"
15
14
)
16
15
16
+
// init registers our custom ATProto types with indigo's lexutil type registry
17
+
// This allows repomgr.GetRecord to automatically unmarshal our types
18
+
func init() {
19
+
// Register captain and crew record types
20
+
// These must match the $type field in the records
21
+
lexutil.RegisterType(atproto.CaptainCollection, &atproto.CaptainRecord{})
22
+
lexutil.RegisterType(atproto.CrewCollection, &atproto.CrewRecord{})
23
+
}
24
+
17
25
// HoldPDS is a minimal ATProto PDS implementation for a hold service
18
26
type HoldPDS struct {
19
27
did string
20
28
publicURL string
21
29
carstore carstore.CarStore
22
-
session *carstore.DeltaSession
23
-
repo *repo.Repo
30
+
repomgr *RepoManager
24
31
dbPath string
25
32
uid models.Uid
26
33
signingKey *atcrypto.PrivateKeyK256
···
54
61
// For a single-user hold, we use a fixed UID (1)
55
62
uid := models.Uid(1)
56
63
57
-
// Check if repo already exists with valid head
64
+
// Create KeyManager wrapper for our signing key
65
+
kmgr := NewHoldKeyManager(signingKey)
66
+
67
+
// Create RepoManager - it will handle all session/repo lifecycle
68
+
rm := NewRepoManager(cs, kmgr)
69
+
70
+
// Check if repo already exists, if not create initial commit
58
71
head, err := cs.GetUserRepoHead(ctx, uid)
59
72
hasValidRepo := (err == nil && head.Defined())
60
73
61
-
var session *carstore.DeltaSession
62
-
var r *repo.Repo
63
-
64
74
if !hasValidRepo {
65
-
// No valid repo - create new session with nil (new repo)
66
-
session, err = cs.NewDeltaSession(ctx, uid, nil)
67
-
if err != nil {
68
-
return nil, fmt.Errorf("failed to create delta session: %w", err)
69
-
}
70
-
// Create new empty repo
71
-
r = repo.NewRepo(ctx, did, session)
72
-
} else {
73
-
// Repo exists with valid head - create session pointing to current head
74
-
headStr := head.String()
75
-
session, err = cs.NewDeltaSession(ctx, uid, &headStr)
76
-
if err != nil {
77
-
return nil, fmt.Errorf("failed to create delta session: %w", err)
78
-
}
79
-
// Load from existing head
80
-
r, err = repo.OpenRepo(ctx, session, head)
81
-
if err != nil {
82
-
return nil, fmt.Errorf("failed to open existing repo: %w", err)
83
-
}
75
+
// Initialize empty repo with first commit
76
+
// RepoManager requires at least one commit to exist
77
+
// We'll create this by doing a dummy operation in Bootstrap
78
+
fmt.Printf("New hold repo - will be initialized in Bootstrap\n")
84
79
}
85
80
86
81
return &HoldPDS{
87
82
did: did,
88
83
publicURL: publicURL,
89
84
carstore: cs,
90
-
session: session,
91
-
repo: r,
85
+
repomgr: rm,
92
86
dbPath: dbPath,
93
87
uid: uid,
94
88
signingKey: signingKey,
···
119
113
return nil
120
114
}
121
115
122
-
// No captain record - check if this is a new repo or existing repo
116
+
fmt.Printf("🚀 Bootstrapping hold PDS with owner: %s\n", ownerDID)
117
+
118
+
// Initialize repo if it doesn't exist yet
119
+
// Check if repo exists by trying to get the head
123
120
head, err := p.carstore.GetUserRepoHead(ctx, p.uid)
124
-
isNewRepo := (err != nil || !head.Defined())
125
-
126
-
if isNewRepo {
127
-
fmt.Printf("🚀 Bootstrapping new hold PDS with owner: %s\n", ownerDID)
128
-
// For new repo, create records inline to avoid session issues
129
-
return p.bootstrapNewRepo(ctx, ownerDID, public, allowAllCrew)
121
+
if err != nil || !head.Defined() {
122
+
// Repo doesn't exist, initialize it
123
+
// InitNewActor creates an empty repo with initial commit
124
+
err = p.repomgr.InitNewActor(ctx, p.uid, "", p.did, "", "", "")
125
+
if err != nil {
126
+
return fmt.Errorf("failed to initialize repo: %w", err)
127
+
}
128
+
fmt.Printf("✅ Initialized empty repo\n")
130
129
}
131
-
132
-
// Existing repo - use normal record creation flow
133
-
fmt.Printf("ℹ️ Repo already initialized (head: %s), creating captain record...\n", head.String()[:16])
134
130
135
131
// Create captain record (hold ownership and settings)
136
132
_, err = p.CreateCaptainRecord(ctx, ownerDID, public, allowAllCrew)
···
150
146
return nil
151
147
}
152
148
153
-
// bootstrapNewRepo handles bootstrapping a brand new repo (avoids session juggling issues)
154
-
func (p *HoldPDS) bootstrapNewRepo(ctx context.Context, ownerDID string, public bool, allowAllCrew bool) error {
155
-
// Create captain and crew records in a single commit
156
-
captainRecord := &atproto.CaptainRecord{
157
-
Type: atproto.CaptainCollection,
158
-
Owner: ownerDID,
159
-
Public: public,
160
-
AllowAllCrew: allowAllCrew,
161
-
DeployedAt: time.Now().Format(time.RFC3339),
162
-
}
163
-
164
-
crewRecord := &atproto.CrewRecord{
165
-
Type: atproto.CrewCollection,
166
-
Member: ownerDID,
167
-
Role: "admin",
168
-
Permissions: []string{"blob:read", "blob:write", "crew:admin"},
169
-
AddedAt: time.Now().Format(time.RFC3339),
170
-
}
171
-
172
-
// Create both records in the repo
173
-
_, _, err := p.repo.CreateRecord(ctx, atproto.CaptainCollection, captainRecord)
174
-
if err != nil {
175
-
return fmt.Errorf("failed to create captain record: %w", err)
176
-
}
177
-
178
-
_, _, err = p.repo.CreateRecord(ctx, atproto.CrewCollection, crewRecord)
179
-
if err != nil {
180
-
return fmt.Errorf("failed to create crew record: %w", err)
181
-
}
182
-
183
-
// Commit everything in one go
184
-
signer := func(ctx context.Context, did string, data []byte) ([]byte, error) {
185
-
return p.signingKey.HashAndSign(data)
186
-
}
187
-
188
-
root, rev, err := p.repo.Commit(ctx, signer)
189
-
if err != nil {
190
-
return fmt.Errorf("failed to commit bootstrap records: %w", err)
191
-
}
192
-
193
-
// Close the session with the new root
194
-
_, err = p.session.CloseWithRoot(ctx, root, rev)
195
-
if err != nil {
196
-
return fmt.Errorf("failed to persist bootstrap commit: %w", err)
197
-
}
198
-
199
-
fmt.Printf("✅ Created captain record (public=%v, allowAllCrew=%v)\n", public, allowAllCrew)
200
-
fmt.Printf("✅ Added %s as hold admin\n", ownerDID)
201
-
202
-
// DON'T create a new session here - let subsequent operations handle that
203
-
// The PDS is now bootstrapped and will be reloaded properly on next restart
204
-
205
-
return nil
206
-
}
207
-
208
-
// Close closes the session and carstore
149
+
// Close closes the carstore
209
150
func (p *HoldPDS) Close() error {
210
151
// TODO: Close session properly
211
152
return nil
+622
pkg/hold/pds/server_test.go
+622
pkg/hold/pds/server_test.go
···
1
+
package pds
2
+
3
+
import (
4
+
"context"
5
+
"os"
6
+
"path/filepath"
7
+
"strings"
8
+
"testing"
9
+
10
+
"atcr.io/pkg/atproto"
11
+
)
12
+
13
+
// TestNewHoldPDS_NewRepo tests creating a new hold PDS with fresh database
14
+
func TestNewHoldPDS_NewRepo(t *testing.T) {
15
+
ctx := context.Background()
16
+
tmpDir := t.TempDir()
17
+
18
+
// Paths for database and key
19
+
dbPath := filepath.Join(tmpDir, "pds.db")
20
+
keyPath := filepath.Join(tmpDir, "signing-key")
21
+
22
+
// Create new hold PDS
23
+
did := "did:web:hold.example.com"
24
+
publicURL := "https://hold.example.com"
25
+
26
+
pds, err := NewHoldPDS(ctx, did, publicURL, dbPath, keyPath)
27
+
if err != nil {
28
+
t.Fatalf("NewHoldPDS failed: %v", err)
29
+
}
30
+
defer pds.Close()
31
+
32
+
// Verify DID was set
33
+
if pds.DID() != did {
34
+
t.Errorf("Expected DID %s, got %s", did, pds.DID())
35
+
}
36
+
37
+
// Verify signing key was created
38
+
if pds.SigningKey() == nil {
39
+
t.Error("Expected signing key to be created")
40
+
}
41
+
42
+
// Verify key file exists
43
+
if _, err := os.Stat(keyPath); os.IsNotExist(err) {
44
+
t.Error("Expected signing key file to be created")
45
+
}
46
+
47
+
// Verify database file exists (SQLite creates db.sqlite3 inside the directory)
48
+
dbFile := filepath.Join(dbPath, "db.sqlite3")
49
+
if _, err := os.Stat(dbFile); os.IsNotExist(err) {
50
+
t.Errorf("Expected database file to be created at %s", dbFile)
51
+
}
52
+
}
53
+
54
+
// TestNewHoldPDS_ExistingRepo tests opening an existing hold PDS database
55
+
func TestNewHoldPDS_ExistingRepo(t *testing.T) {
56
+
ctx := context.Background()
57
+
tmpDir := t.TempDir()
58
+
59
+
dbPath := filepath.Join(tmpDir, "pds.db")
60
+
keyPath := filepath.Join(tmpDir, "signing-key")
61
+
did := "did:web:hold.example.com"
62
+
publicURL := "https://hold.example.com"
63
+
64
+
// Create first PDS instance and bootstrap it
65
+
pds1, err := NewHoldPDS(ctx, did, publicURL, dbPath, keyPath)
66
+
if err != nil {
67
+
t.Fatalf("First NewHoldPDS failed: %v", err)
68
+
}
69
+
70
+
// Bootstrap with a captain record
71
+
ownerDID := "did:plc:owner123"
72
+
if err := pds1.Bootstrap(ctx, ownerDID, true, false); err != nil {
73
+
t.Fatalf("Bootstrap failed: %v", err)
74
+
}
75
+
76
+
// Verify captain record exists
77
+
_, captain1, err := pds1.GetCaptainRecord(ctx)
78
+
if err != nil {
79
+
t.Fatalf("GetCaptainRecord failed after bootstrap: %v", err)
80
+
}
81
+
if captain1.Owner != ownerDID {
82
+
t.Errorf("Expected owner %s, got %s", ownerDID, captain1.Owner)
83
+
}
84
+
85
+
// Close first instance
86
+
pds1.Close()
87
+
88
+
// Re-open the same database
89
+
pds2, err := NewHoldPDS(ctx, did, publicURL, dbPath, keyPath)
90
+
if err != nil {
91
+
t.Fatalf("Second NewHoldPDS failed: %v", err)
92
+
}
93
+
defer pds2.Close()
94
+
95
+
// Verify captain record still exists
96
+
_, captain2, err := pds2.GetCaptainRecord(ctx)
97
+
if err != nil {
98
+
t.Fatalf("GetCaptainRecord failed after reopening: %v", err)
99
+
}
100
+
101
+
// Verify captain data persisted
102
+
if captain2.Owner != ownerDID {
103
+
t.Errorf("Expected owner %s after reopen, got %s", ownerDID, captain2.Owner)
104
+
}
105
+
if !captain2.Public {
106
+
t.Error("Expected captain.Public to be true")
107
+
}
108
+
if captain2.AllowAllCrew {
109
+
t.Error("Expected captain.AllowAllCrew to be false")
110
+
}
111
+
}
112
+
113
+
// TestBootstrap_NewRepo tests bootstrap on a new repository
114
+
func TestBootstrap_NewRepo(t *testing.T) {
115
+
ctx := context.Background()
116
+
tmpDir := t.TempDir()
117
+
118
+
dbPath := filepath.Join(tmpDir, "pds.db")
119
+
keyPath := filepath.Join(tmpDir, "signing-key")
120
+
121
+
pds, err := NewHoldPDS(ctx, "did:web:hold.example.com", "https://hold.example.com", dbPath, keyPath)
122
+
if err != nil {
123
+
t.Fatalf("NewHoldPDS failed: %v", err)
124
+
}
125
+
defer pds.Close()
126
+
127
+
// Bootstrap with owner
128
+
ownerDID := "did:plc:alice123"
129
+
publicAccess := true
130
+
allowAllCrew := false
131
+
132
+
err = pds.Bootstrap(ctx, ownerDID, publicAccess, allowAllCrew)
133
+
if err != nil {
134
+
t.Fatalf("Bootstrap failed: %v", err)
135
+
}
136
+
137
+
// Verify captain record was created
138
+
_, captain, err := pds.GetCaptainRecord(ctx)
139
+
if err != nil {
140
+
t.Fatalf("GetCaptainRecord failed: %v", err)
141
+
}
142
+
143
+
// Verify captain fields
144
+
if captain.Owner != ownerDID {
145
+
t.Errorf("Expected owner %s, got %s", ownerDID, captain.Owner)
146
+
}
147
+
if captain.Public != publicAccess {
148
+
t.Errorf("Expected public=%v, got %v", publicAccess, captain.Public)
149
+
}
150
+
if captain.AllowAllCrew != allowAllCrew {
151
+
t.Errorf("Expected allowAllCrew=%v, got %v", allowAllCrew, captain.AllowAllCrew)
152
+
}
153
+
if captain.Type != atproto.CaptainCollection {
154
+
t.Errorf("Expected type %s, got %s", atproto.CaptainCollection, captain.Type)
155
+
}
156
+
if captain.DeployedAt == "" {
157
+
t.Error("Expected deployedAt to be set")
158
+
}
159
+
160
+
// Verify owner was added as crew member
161
+
crewMembers, err := pds.ListCrewMembers(ctx)
162
+
if err != nil {
163
+
t.Fatalf("ListCrewMembers failed: %v", err)
164
+
}
165
+
166
+
if len(crewMembers) != 1 {
167
+
t.Fatalf("Expected 1 crew member, got %d", len(crewMembers))
168
+
}
169
+
170
+
crew := crewMembers[0]
171
+
if crew.Record.Member != ownerDID {
172
+
t.Errorf("Expected crew member %s, got %s", ownerDID, crew.Record.Member)
173
+
}
174
+
if crew.Record.Role != "admin" {
175
+
t.Errorf("Expected role admin, got %s", crew.Record.Role)
176
+
}
177
+
178
+
// Verify permissions
179
+
expectedPerms := []string{"blob:read", "blob:write", "crew:admin"}
180
+
if len(crew.Record.Permissions) != len(expectedPerms) {
181
+
t.Fatalf("Expected %d permissions, got %d", len(expectedPerms), len(crew.Record.Permissions))
182
+
}
183
+
for i, perm := range expectedPerms {
184
+
if crew.Record.Permissions[i] != perm {
185
+
t.Errorf("Expected permission[%d]=%s, got %s", i, perm, crew.Record.Permissions[i])
186
+
}
187
+
}
188
+
}
189
+
190
+
// TestBootstrap_Idempotent tests that bootstrap is idempotent
191
+
func TestBootstrap_Idempotent(t *testing.T) {
192
+
ctx := context.Background()
193
+
tmpDir := t.TempDir()
194
+
195
+
dbPath := filepath.Join(tmpDir, "pds.db")
196
+
keyPath := filepath.Join(tmpDir, "signing-key")
197
+
198
+
pds, err := NewHoldPDS(ctx, "did:web:hold.example.com", "https://hold.example.com", dbPath, keyPath)
199
+
if err != nil {
200
+
t.Fatalf("NewHoldPDS failed: %v", err)
201
+
}
202
+
defer pds.Close()
203
+
204
+
ownerDID := "did:plc:alice123"
205
+
206
+
// First bootstrap
207
+
err = pds.Bootstrap(ctx, ownerDID, true, false)
208
+
if err != nil {
209
+
t.Fatalf("First bootstrap failed: %v", err)
210
+
}
211
+
212
+
// Get captain CID after first bootstrap
213
+
cid1, captain1, err := pds.GetCaptainRecord(ctx)
214
+
if err != nil {
215
+
t.Fatalf("GetCaptainRecord failed: %v", err)
216
+
}
217
+
218
+
// Get crew count after first bootstrap
219
+
crew1, err := pds.ListCrewMembers(ctx)
220
+
if err != nil {
221
+
t.Fatalf("ListCrewMembers failed: %v", err)
222
+
}
223
+
crewCount1 := len(crew1)
224
+
225
+
// Second bootstrap (should be idempotent - skip creation)
226
+
err = pds.Bootstrap(ctx, ownerDID, true, false)
227
+
if err != nil {
228
+
t.Fatalf("Second bootstrap failed: %v", err)
229
+
}
230
+
231
+
// Verify captain record unchanged
232
+
cid2, captain2, err := pds.GetCaptainRecord(ctx)
233
+
if err != nil {
234
+
t.Fatalf("GetCaptainRecord failed after second bootstrap: %v", err)
235
+
}
236
+
237
+
if !cid1.Equals(cid2) {
238
+
t.Error("Expected captain CID to remain unchanged after second bootstrap")
239
+
}
240
+
if captain1.Owner != captain2.Owner {
241
+
t.Error("Expected captain owner to remain unchanged")
242
+
}
243
+
244
+
// Verify crew count unchanged (owner not added twice)
245
+
crew2, err := pds.ListCrewMembers(ctx)
246
+
if err != nil {
247
+
t.Fatalf("ListCrewMembers failed after second bootstrap: %v", err)
248
+
}
249
+
crewCount2 := len(crew2)
250
+
251
+
if crewCount1 != crewCount2 {
252
+
t.Errorf("Expected crew count to remain %d, got %d (owner may have been added twice)", crewCount1, crewCount2)
253
+
}
254
+
}
255
+
256
+
// TestBootstrap_EmptyOwner tests that bootstrap with empty owner is a no-op
257
+
func TestBootstrap_EmptyOwner(t *testing.T) {
258
+
ctx := context.Background()
259
+
tmpDir := t.TempDir()
260
+
261
+
dbPath := filepath.Join(tmpDir, "pds.db")
262
+
keyPath := filepath.Join(tmpDir, "signing-key")
263
+
264
+
pds, err := NewHoldPDS(ctx, "did:web:hold.example.com", "https://hold.example.com", dbPath, keyPath)
265
+
if err != nil {
266
+
t.Fatalf("NewHoldPDS failed: %v", err)
267
+
}
268
+
defer pds.Close()
269
+
270
+
// Bootstrap with empty owner DID (should be no-op)
271
+
err = pds.Bootstrap(ctx, "", true, false)
272
+
if err != nil {
273
+
t.Fatalf("Bootstrap with empty owner should not error: %v", err)
274
+
}
275
+
276
+
// Verify captain record was NOT created
277
+
_, _, err = pds.GetCaptainRecord(ctx)
278
+
if err == nil {
279
+
t.Error("Expected GetCaptainRecord to fail (no captain record), but it succeeded")
280
+
}
281
+
// Verify it's a "not found" type error
282
+
if err != nil && !strings.Contains(err.Error(), "not found") && !strings.Contains(err.Error(), "failed to get captain record") {
283
+
t.Errorf("Expected 'not found' error, got: %v", err)
284
+
}
285
+
}
286
+
287
+
// TestLexiconTypeRegistration tests that captain and crew types are registered
288
+
func TestLexiconTypeRegistration(t *testing.T) {
289
+
// The init() function in server.go registers types
290
+
// We can verify this by creating a PDS and doing a round-trip write/read
291
+
ctx := context.Background()
292
+
tmpDir := t.TempDir()
293
+
294
+
dbPath := filepath.Join(tmpDir, "pds.db")
295
+
keyPath := filepath.Join(tmpDir, "signing-key")
296
+
297
+
pds, err := NewHoldPDS(ctx, "did:web:hold.example.com", "https://hold.example.com", dbPath, keyPath)
298
+
if err != nil {
299
+
t.Fatalf("NewHoldPDS failed: %v", err)
300
+
}
301
+
defer pds.Close()
302
+
303
+
// Bootstrap to create captain record
304
+
ownerDID := "did:plc:alice123"
305
+
if err := pds.Bootstrap(ctx, ownerDID, true, false); err != nil {
306
+
t.Fatalf("Bootstrap failed: %v", err)
307
+
}
308
+
309
+
// GetCaptainRecord uses type assertion to *atproto.CaptainRecord
310
+
// If the type wasn't registered, this would fail with type assertion error
311
+
_, captain, err := pds.GetCaptainRecord(ctx)
312
+
if err != nil {
313
+
t.Fatalf("GetCaptainRecord failed: %v", err)
314
+
}
315
+
316
+
// Verify we got the correct concrete type
317
+
if captain == nil {
318
+
t.Fatal("Expected non-nil captain record")
319
+
}
320
+
if captain.Type != atproto.CaptainCollection {
321
+
t.Errorf("Expected captain type %s, got %s", atproto.CaptainCollection, captain.Type)
322
+
}
323
+
324
+
// Do the same for crew record
325
+
crewMembers, err := pds.ListCrewMembers(ctx)
326
+
if err != nil {
327
+
t.Fatalf("ListCrewMembers failed: %v", err)
328
+
}
329
+
if len(crewMembers) == 0 {
330
+
t.Fatal("Expected at least one crew member")
331
+
}
332
+
333
+
crew := crewMembers[0].Record
334
+
if crew.Type != atproto.CrewCollection {
335
+
t.Errorf("Expected crew type %s, got %s", atproto.CrewCollection, crew.Type)
336
+
}
337
+
}
338
+
339
+
// TestBootstrap_DidWebOwner tests bootstrap with did:web owner
340
+
func TestBootstrap_DidWebOwner(t *testing.T) {
341
+
ctx := context.Background()
342
+
tmpDir := t.TempDir()
343
+
344
+
dbPath := filepath.Join(tmpDir, "pds.db")
345
+
keyPath := filepath.Join(tmpDir, "signing-key")
346
+
347
+
pds, err := NewHoldPDS(ctx, "did:web:hold01.atcr.io", "https://hold01.atcr.io", dbPath, keyPath)
348
+
if err != nil {
349
+
t.Fatalf("NewHoldPDS failed: %v", err)
350
+
}
351
+
defer pds.Close()
352
+
353
+
// Bootstrap with did:web owner (not did:plc)
354
+
ownerDID := "did:web:alice.example.com"
355
+
publicAccess := true
356
+
allowAllCrew := false
357
+
358
+
err = pds.Bootstrap(ctx, ownerDID, publicAccess, allowAllCrew)
359
+
if err != nil {
360
+
t.Fatalf("Bootstrap failed with did:web owner: %v", err)
361
+
}
362
+
363
+
// Verify captain record was created with did:web owner
364
+
_, captain, err := pds.GetCaptainRecord(ctx)
365
+
if err != nil {
366
+
t.Fatalf("GetCaptainRecord failed: %v", err)
367
+
}
368
+
369
+
// Verify captain fields
370
+
if captain.Owner != ownerDID {
371
+
t.Errorf("Expected owner %s, got %s", ownerDID, captain.Owner)
372
+
}
373
+
if captain.Public != publicAccess {
374
+
t.Errorf("Expected public=%v, got %v", publicAccess, captain.Public)
375
+
}
376
+
if captain.AllowAllCrew != allowAllCrew {
377
+
t.Errorf("Expected allowAllCrew=%v, got %v", allowAllCrew, captain.AllowAllCrew)
378
+
}
379
+
380
+
// Verify owner was added as crew member
381
+
crewMembers, err := pds.ListCrewMembers(ctx)
382
+
if err != nil {
383
+
t.Fatalf("ListCrewMembers failed: %v", err)
384
+
}
385
+
386
+
if len(crewMembers) != 1 {
387
+
t.Fatalf("Expected 1 crew member, got %d", len(crewMembers))
388
+
}
389
+
390
+
crew := crewMembers[0]
391
+
if crew.Record.Member != ownerDID {
392
+
t.Errorf("Expected crew member %s, got %s", ownerDID, crew.Record.Member)
393
+
}
394
+
if crew.Record.Role != "admin" {
395
+
t.Errorf("Expected role admin, got %s", crew.Record.Role)
396
+
}
397
+
}
398
+
399
+
// TestBootstrap_MixedDIDs tests bootstrap with mixed DID types
400
+
func TestBootstrap_MixedDIDs(t *testing.T) {
401
+
ctx := context.Background()
402
+
tmpDir := t.TempDir()
403
+
404
+
dbPath := filepath.Join(tmpDir, "pds.db")
405
+
keyPath := filepath.Join(tmpDir, "signing-key")
406
+
407
+
// Create hold with did:web
408
+
holdDID := "did:web:hold.example.com"
409
+
pds, err := NewHoldPDS(ctx, holdDID, "https://hold.example.com", dbPath, keyPath)
410
+
if err != nil {
411
+
t.Fatalf("NewHoldPDS failed: %v", err)
412
+
}
413
+
defer pds.Close()
414
+
415
+
// Bootstrap with did:plc owner
416
+
plcOwner := "did:plc:alice123"
417
+
err = pds.Bootstrap(ctx, plcOwner, true, false)
418
+
if err != nil {
419
+
t.Fatalf("Bootstrap failed: %v", err)
420
+
}
421
+
422
+
// Add did:web crew member
423
+
webMember := "did:web:bob.example.com"
424
+
_, err = pds.AddCrewMember(ctx, webMember, "writer", []string{"blob:read", "blob:write"})
425
+
if err != nil {
426
+
t.Fatalf("AddCrewMember failed with did:web: %v", err)
427
+
}
428
+
429
+
// Verify captain
430
+
_, captain, err := pds.GetCaptainRecord(ctx)
431
+
if err != nil {
432
+
t.Fatalf("GetCaptainRecord failed: %v", err)
433
+
}
434
+
if captain.Owner != plcOwner {
435
+
t.Errorf("Expected captain owner %s, got %s", plcOwner, captain.Owner)
436
+
}
437
+
438
+
// Verify crew members (should have both did:plc and did:web)
439
+
crewMembers, err := pds.ListCrewMembers(ctx)
440
+
if err != nil {
441
+
t.Fatalf("ListCrewMembers failed: %v", err)
442
+
}
443
+
444
+
if len(crewMembers) != 2 {
445
+
t.Fatalf("Expected 2 crew members, got %d", len(crewMembers))
446
+
}
447
+
448
+
// Verify both DIDs are present
449
+
foundPLC := false
450
+
foundWeb := false
451
+
for _, cm := range crewMembers {
452
+
if cm.Record.Member == plcOwner {
453
+
foundPLC = true
454
+
}
455
+
if cm.Record.Member == webMember {
456
+
foundWeb = true
457
+
}
458
+
}
459
+
460
+
if !foundPLC {
461
+
t.Errorf("Expected to find did:plc member %s", plcOwner)
462
+
}
463
+
if !foundWeb {
464
+
t.Errorf("Expected to find did:web member %s", webMember)
465
+
}
466
+
}
467
+
468
+
// TestBootstrap_CrewWithoutCaptain tests bootstrap when crew exists but captain doesn't
469
+
// This edge case could happen if repo state is corrupted or partially initialized
470
+
func TestBootstrap_CrewWithoutCaptain(t *testing.T) {
471
+
ctx := context.Background()
472
+
tmpDir := t.TempDir()
473
+
474
+
dbPath := filepath.Join(tmpDir, "pds.db")
475
+
keyPath := filepath.Join(tmpDir, "signing-key")
476
+
477
+
pds, err := NewHoldPDS(ctx, "did:web:hold.example.com", "https://hold.example.com", dbPath, keyPath)
478
+
if err != nil {
479
+
t.Fatalf("NewHoldPDS failed: %v", err)
480
+
}
481
+
defer pds.Close()
482
+
483
+
// Initialize repo manually
484
+
err = pds.repomgr.InitNewActor(ctx, pds.uid, "", pds.did, "", "", "")
485
+
if err != nil {
486
+
t.Fatalf("InitNewActor failed: %v", err)
487
+
}
488
+
489
+
// Create crew member WITHOUT captain (unusual state)
490
+
ownerDID := "did:plc:alice123"
491
+
_, err = pds.AddCrewMember(ctx, ownerDID, "admin", []string{"blob:read", "blob:write", "crew:admin"})
492
+
if err != nil {
493
+
t.Fatalf("AddCrewMember failed: %v", err)
494
+
}
495
+
496
+
// Verify crew exists
497
+
crewBefore, err := pds.ListCrewMembers(ctx)
498
+
if err != nil {
499
+
t.Fatalf("ListCrewMembers failed: %v", err)
500
+
}
501
+
if len(crewBefore) != 1 {
502
+
t.Fatalf("Expected 1 crew member before bootstrap, got %d", len(crewBefore))
503
+
}
504
+
505
+
// Verify captain doesn't exist
506
+
_, _, err = pds.GetCaptainRecord(ctx)
507
+
if err == nil {
508
+
t.Fatal("Expected captain record to not exist before bootstrap")
509
+
}
510
+
511
+
// Bootstrap should create captain record
512
+
err = pds.Bootstrap(ctx, ownerDID, true, false)
513
+
if err != nil {
514
+
t.Fatalf("Bootstrap failed: %v", err)
515
+
}
516
+
517
+
// Verify captain was created
518
+
_, captain, err := pds.GetCaptainRecord(ctx)
519
+
if err != nil {
520
+
t.Fatalf("GetCaptainRecord failed after bootstrap: %v", err)
521
+
}
522
+
if captain.Owner != ownerDID {
523
+
t.Errorf("Expected captain owner %s, got %s", ownerDID, captain.Owner)
524
+
}
525
+
526
+
// Verify crew wasn't duplicated (Bootstrap adds owner as crew, but they already exist)
527
+
crewAfter, err := pds.ListCrewMembers(ctx)
528
+
if err != nil {
529
+
t.Fatalf("ListCrewMembers failed after bootstrap: %v", err)
530
+
}
531
+
532
+
// Should have 2 crew members now: original + one added by bootstrap
533
+
// (Bootstrap doesn't check for duplicates currently)
534
+
if len(crewAfter) != 2 {
535
+
t.Logf("Note: Bootstrap added owner as crew even though they already existed")
536
+
t.Logf("Crew count after bootstrap: %d", len(crewAfter))
537
+
}
538
+
}
539
+
540
+
// TestBootstrap_CaptainWithoutCrew tests bootstrap when captain exists but owner crew doesn't
541
+
// This verifies that bootstrap properly adds the owner as crew if missing
542
+
func TestBootstrap_CaptainWithoutCrew(t *testing.T) {
543
+
ctx := context.Background()
544
+
tmpDir := t.TempDir()
545
+
546
+
dbPath := filepath.Join(tmpDir, "pds.db")
547
+
keyPath := filepath.Join(tmpDir, "signing-key")
548
+
549
+
pds, err := NewHoldPDS(ctx, "did:web:hold.example.com", "https://hold.example.com", dbPath, keyPath)
550
+
if err != nil {
551
+
t.Fatalf("NewHoldPDS failed: %v", err)
552
+
}
553
+
defer pds.Close()
554
+
555
+
// Initialize repo manually
556
+
err = pds.repomgr.InitNewActor(ctx, pds.uid, "", pds.did, "", "", "")
557
+
if err != nil {
558
+
t.Fatalf("InitNewActor failed: %v", err)
559
+
}
560
+
561
+
// Create captain record WITHOUT crew (unusual state)
562
+
ownerDID := "did:plc:alice123"
563
+
_, err = pds.CreateCaptainRecord(ctx, ownerDID, true, false)
564
+
if err != nil {
565
+
t.Fatalf("CreateCaptainRecord failed: %v", err)
566
+
}
567
+
568
+
// Verify captain exists
569
+
_, captain, err := pds.GetCaptainRecord(ctx)
570
+
if err != nil {
571
+
t.Fatalf("GetCaptainRecord failed: %v", err)
572
+
}
573
+
if captain.Owner != ownerDID {
574
+
t.Errorf("Expected captain owner %s, got %s", ownerDID, captain.Owner)
575
+
}
576
+
577
+
// Verify crew is empty
578
+
crewBefore, err := pds.ListCrewMembers(ctx)
579
+
if err != nil {
580
+
t.Fatalf("ListCrewMembers failed: %v", err)
581
+
}
582
+
if len(crewBefore) != 0 {
583
+
t.Fatalf("Expected 0 crew members before bootstrap, got %d", len(crewBefore))
584
+
}
585
+
586
+
// Bootstrap should be idempotent but notice missing crew
587
+
// Currently Bootstrap skips if captain exists, so crew won't be added
588
+
err = pds.Bootstrap(ctx, ownerDID, true, false)
589
+
if err != nil {
590
+
t.Fatalf("Bootstrap failed: %v", err)
591
+
}
592
+
593
+
// Verify crew after bootstrap
594
+
crewAfter, err := pds.ListCrewMembers(ctx)
595
+
if err != nil {
596
+
t.Fatalf("ListCrewMembers failed after bootstrap: %v", err)
597
+
}
598
+
599
+
// Bootstrap currently skips everything if captain exists
600
+
// This means crew won't be added in this case
601
+
if len(crewAfter) == 0 {
602
+
t.Logf("Note: Bootstrap skipped adding owner as crew because captain already exists")
603
+
t.Logf("This is current behavior - Bootstrap is fully idempotent and skips if captain exists")
604
+
} else {
605
+
// If we change Bootstrap to be smarter, it might add crew
606
+
t.Logf("Bootstrap added %d crew members", len(crewAfter))
607
+
608
+
// Verify owner was added
609
+
foundOwner := false
610
+
for _, cm := range crewAfter {
611
+
if cm.Record.Member == ownerDID {
612
+
foundOwner = true
613
+
if cm.Record.Role != "admin" {
614
+
t.Errorf("Expected owner role admin, got %s", cm.Record.Role)
615
+
}
616
+
}
617
+
}
618
+
if !foundOwner {
619
+
t.Error("Expected owner to be added as crew member")
620
+
}
621
+
}
622
+
}
+5
-37
pkg/hold/pds/xrpc.go
+5
-37
pkg/hold/pds/xrpc.go
···
8
8
"strings"
9
9
10
10
"atcr.io/pkg/atproto"
11
-
"github.com/bluesky-social/indigo/repo"
12
-
"github.com/bluesky-social/indigo/util"
13
11
"github.com/ipfs/go-cid"
14
12
"github.com/ipld/go-car"
15
13
carutil "github.com/ipld/go-car/util"
···
279
277
return
280
278
}
281
279
282
-
// Get the current repo head
283
-
repoHead, err := h.pds.carstore.GetUserRepoHead(r.Context(), h.pds.uid)
284
-
if err != nil {
285
-
http.Error(w, fmt.Sprintf("failed to get repo head: %v", err), http.StatusInternalServerError)
286
-
return
287
-
}
288
-
289
-
// Create a new delta session with logging blockstore
290
-
tempSession, err := h.pds.carstore.NewDeltaSession(r.Context(), h.pds.uid, nil)
291
-
if err != nil {
292
-
http.Error(w, fmt.Sprintf("failed to create temp session: %v", err), http.StatusInternalServerError)
293
-
return
294
-
}
295
-
296
-
// Wrap the session's blockstore with a logging blockstore
297
-
loggingBS := util.NewLoggingBstore(tempSession)
298
-
299
-
// Open the repo with the logging blockstore
300
-
tempRepo, err := repo.OpenRepo(r.Context(), loggingBS, repoHead)
301
-
if err != nil {
302
-
http.Error(w, fmt.Sprintf("failed to open repo: %v", err), http.StatusInternalServerError)
303
-
return
304
-
}
305
-
306
-
// Get the record path
307
-
path := fmt.Sprintf("%s/%s", collection, rkey)
308
-
309
-
// Get the record (this will log all accessed blocks in the MST path)
310
-
_, _, err = tempRepo.GetRecordBytes(r.Context(), path)
280
+
// Use repomgr to get record proof (repo head + all blocks in MST path to record)
281
+
repoHead, blocks, err := h.pds.repomgr.GetRecordProof(r.Context(), h.pds.uid, collection, rkey)
311
282
if err != nil {
312
283
http.Error(w, fmt.Sprintf("failed to get record: %v", err), http.StatusNotFound)
313
284
return
314
285
}
315
-
316
-
// Get all blocks that were accessed during record retrieval
317
-
blocks := loggingBS.GetLoggedBlocks()
318
286
319
287
// Write CAR file with all accessed blocks
320
288
w.Header().Set("Content-Type", "application/vnd.ipld.car")
···
415
383
// Single-user PDS: return just this hold's repo
416
384
did := h.pds.DID()
417
385
418
-
// Get repo head and rev from carstore
386
+
// Get repo head and rev from repomgr
419
387
// For a single-user PDS, we use a fixed UID (stored in pds.uid)
420
-
head, err := h.pds.carstore.GetUserRepoHead(r.Context(), h.pds.uid)
388
+
head, err := h.pds.repomgr.GetRepoRoot(r.Context(), h.pds.uid)
421
389
if err != nil {
422
390
// If no repo exists yet, return empty list
423
391
response := map[string]any{
···
428
396
return
429
397
}
430
398
431
-
rev, err := h.pds.carstore.GetUserRepoRev(r.Context(), h.pds.uid)
399
+
rev, err := h.pds.repomgr.GetRepoRev(r.Context(), h.pds.uid)
432
400
if err != nil || rev == "" {
433
401
// No commits yet, return empty list
434
402
// Don't expose repos with no revision (empty/uninitialized)