pds

Author: verdverm

packages/pds/package.json

@@ -29,7 +29,11 @@
     "test:sqlite-only": "jest --testPathIgnorePatterns /tests/proxied/*",
     "test:log": "tail -50 test.log | pino-pretty",
     "test:updateSnapshot": "../dev-infra/with-test-redis-and-db.sh jest --updateSnapshot",
-    "migration:create": "ts-node ./bin/migration-create.ts"
+    "migration:create": "ts-node ./bin/migration-create.ts",
+    "schemagen": "cd ./src/authz/spicedb && make gen",
+    "spicedb:validate": "zed validate ./src/authz/spicedb/schema/atproto.zed",
+    "spicedb:preview": "zed preview schema compile ./src/authz/spicedb/schema/atproto.zed",
+    "spicedb:compile": "zed preview schema compile ./src/authz/spicedb/schema/atproto.zed --out atproto.zed"
   },
   "dependencies": {
     "@atproto-labs/fetch-node": "workspace:*",
@@ -44,12 +48,13 @@
     "@atproto/identity": "workspace:^",
     "@atproto/lexicon": "workspace:^",
     "@atproto/lexicon-resolver": "workspace:^",
-    "@atproto/oauth-scopes": "workspace:^",
     "@atproto/oauth-provider": "workspace:^",
+    "@atproto/oauth-scopes": "workspace:^",
     "@atproto/repo": "workspace:^",
     "@atproto/syntax": "workspace:^",
     "@atproto/xrpc": "workspace:^",
     "@atproto/xrpc-server": "workspace:^",
+    "@authzed/authzed-node": "^1.5.1",
     "@did-plc/lib": "^0.0.4",
     "@hapi/address": "^5.1.1",
     "@paralleldrive/cuid2": "^2.2.2",

packages/pds/scripts/gen-spicedb.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+set -euo pipefail
+
+pushd src/authz/spicedb/schema
+
+echo 'export const spicedbSchema = `' > atproto.ts
+
+zed preview schema compile atproto.zed --out compiled.zed
+cat compiled.zed >> atproto.ts
+rm compiled.zed
+
+echo '`;' >> atproto.ts
+

packages/pds/src/account-manager/oauth-store.ts

@@ -57,6 +57,9 @@ import * as deviceHelper from './helpers/device'
 import * as lexiconHelper from './helpers/lexicon'
 import * as tokenHelper from './helpers/token'
 import * as usedRefreshTokenHelper from './helpers/used-refresh-token'
+import { v1 as spice } from '@authzed/authzed-node'
+import { createRelationship } from '../authz/spicedb'
+import { aturi2spicedb } from '../space'
 
 /**
  * This class' purpose is to implement the interface needed by the OAuthProvider
@@ -78,6 +81,7 @@ export class OAuthStore
     private readonly plcRotationKey: Keypair,
     private readonly publicUrl: string,
     private readonly recoveryDidKey: string | null,
+    private readonly spicedbClient?: spice.ZedPromiseClientInterface,
   ) {}
 
   private get db() {
@@ -152,9 +156,26 @@ export class OAuthStore
     try {
       await this.actorStore.create(did, signingKey)
       try {
+        // DUAL WRITE
+        // (1) create repo
         const commit = await this.actorStore.transact(did, (actorTxn) =>
           actorTxn.repo.createRepo([]),
+          // TODO, write root space and relationship records to the root space in the database
         )
+        // (2) set account as owner over root space
+        if (this.spicedbClient) {
+          try {
+            await createRelationship(this.spicedbClient,
+              `space:${aturi2spicedb(`${did}/root`)}`,
+              'owner',
+              `user:${aturi2spicedb(did)}`,
+            )
+          } catch (err) {
+            // temp, dev-env is creating duplicate accounts
+            // or not cleaning up properly (shortcut? re: but not spicedb)
+            console.error('failed to set user as owner of root space', err)
+          }
+        }
 
         await this.plcClient.sendOperation(did, op)
 

packages/pds/src/actor-store/actor-store-reader.ts

@@ -5,11 +5,13 @@ import { ActorDb } from './db'
 import { PreferenceReader } from './preference/reader'
 import { RecordReader } from './record/reader'
 import { RepoReader } from './repo/reader'
+import { SpaceReader } from './space/reader'
 
 export class ActorStoreReader {
   public readonly repo: RepoReader
   public readonly record: RecordReader
   public readonly pref: PreferenceReader
+  public readonly space: SpaceReader
 
   constructor(
     public readonly did: string,
@@ -22,6 +24,7 @@ export class ActorStoreReader {
     this.repo = new RepoReader(db, blobstore)
     this.record = new RecordReader(db)
     this.pref = new PreferenceReader(db)
+    this.space = new SpaceReader(db)
 
     // Invoke "keypair" once. Also avoids leaking "this" as keypair context.
     let keypairPromise: Promise<Keypair>

packages/pds/src/actor-store/actor-store-transactor.ts

@@ -4,11 +4,13 @@ import { ActorDb } from './db'
 import { PreferenceTransactor } from './preference/transactor'
 import { RecordTransactor } from './record/transactor'
 import { RepoTransactor } from './repo/transactor'
+import { SpaceTransactor } from './space/transactor'
 
 export class ActorStoreTransactor {
   public readonly record: RecordTransactor
   public readonly repo: RepoTransactor
   public readonly pref: PreferenceTransactor
+  public readonly space: SpaceTransactor
 
   constructor(
     public readonly did: string,
@@ -27,5 +29,12 @@ export class ActorStoreTransactor {
       keypair,
       resources.backgroundQueue,
     )
+    this.space = new SpaceTransactor(
+      db,
+      blobstore,
+      did,
+      keypair,
+      resources.backgroundQueue,
+    )
   }
 }

packages/pds/src/actor-store/db/migrations/002-spaces.ts

@@ -0,0 +1,83 @@
+import { Kysely } from 'kysely'
+
+export async function up(db: Kysely<unknown>): Promise<void> {
+
+  await db.schema
+    .createTable('space')
+    .addColumn('uri', 'varchar', (col) => col.primaryKey())
+    .addColumn('cid', 'varchar', (col) => col.notNull())
+    // the account that created or updated the record
+    .addColumn('did', 'varchar', (col) => col.notNull())
+    .addColumn('parent', 'varchar', (col) => col.notNull())
+    .addColumn('space', 'varchar', (col) => col.notNull())
+    .addColumn('collection', 'varchar', (col) => col.notNull())
+    .addColumn('rkey', 'varchar', (col) => col.notNull())
+    .addColumn('record', 'varchar', (col) => col.notNull())
+    .addColumn('indexedAt', 'varchar', (col) => col.notNull())
+    .addColumn('takedownRef', 'varchar')
+    // #futurology for edits w/ history
+    .addColumn('version', 'varchar')
+    .execute()
+
+  await db.schema
+    .createIndex('space_space_idx')
+    .on('space')
+    .column('space')
+    .execute()
+  await db.schema
+    .createIndex('space_collection_idx')
+    .on('space')
+    .column('collection')
+    .execute()
+  await db.schema
+    .createIndex('space_rkey_idx')
+    .on('space')
+    .column('rkey')
+    .execute()
+  await db.schema
+    .createIndex('space_cid_idx')
+    .on('space')
+    .column('cid')
+    .execute()
+  await db.schema
+    .createIndex('space_did_idx')
+    .on('space')
+    .column('did')
+    .execute()
+
+  await db.schema
+    .createTable('space_blob')
+    .addColumn('cid', 'varchar', (col) => col.primaryKey())
+    .addColumn('space', 'varchar', (col) => col.notNull())
+    .addColumn('mimeType', 'varchar', (col) => col.notNull())
+    .addColumn('size', 'integer', (col) => col.notNull())
+    .addColumn('tempKey', 'varchar')
+    .addColumn('metadata', 'varchar') // JSON object with details like dimensions, playrate, ... mimeType dependent
+    .addColumn('createdAt', 'varchar', (col) => col.notNull())
+    .addColumn('takedownRef', 'varchar')
+    .execute()
+  await db.schema
+    .createIndex('space_blob_space_idx')
+    .on('space_blob')
+    .column('space')
+    .execute()
+  await db.schema
+    .createIndex('space_blob_tempkey_idx')
+    .on('space_blob')
+    .column('tempKey')
+    .execute()
+
+  await db.schema
+    .createTable('space_record_blob')
+    .addColumn('blobCid', 'varchar', (col) => col.notNull())
+    .addColumn('recordUri', 'varchar', (col) => col.notNull())
+    .addPrimaryKeyConstraint(`space_record_blob_pkey`, ['blobCid', 'recordUri'])
+    .execute()
+
+}
+
+export async function down(db: Kysely<unknown>): Promise<void> {
+  await db.schema.dropTable('space_record_blob').execute()
+  await db.schema.dropTable('space_blob').execute()
+  await db.schema.dropTable('space').execute()
+}

packages/pds/src/actor-store/db/migrations/index.ts

@@ -1,5 +1,7 @@
 import * as init from './001-init'
+import * as spaces from './002-spaces'
 
 export default {
   '001': init,
+  '002': spaces,
 }

packages/pds/src/actor-store/db/schema/index.ts

@@ -5,14 +5,22 @@ import * as record from './record'
 import * as recordBlob from './record-blob'
 import * as repoBlock from './repo-block'
 import * as repoRoot from './repo-root'
+import * as space from './space'
+import * as spaceBacklink from './space-backlink'
+import * as spaceBlob from './space-blob'
+import * as spaceRecordBlob from './space-record-blob'
 
 export type DatabaseSchema = accountPref.PartialDB &
   repoRoot.PartialDB &
   record.PartialDB &
   backlink.PartialDB &
   repoBlock.PartialDB &
   blob.PartialDB &
-  recordBlob.PartialDB
+  recordBlob.PartialDB &
+  space.PartialDB &
+  spaceBacklink.PartialDB &
+  spaceBlob.PartialDB &
+  spaceRecordBlob.PartialDB
 
 export type { AccountPref } from './account-pref'
 export type { RepoRoot } from './repo-root'
@@ -21,3 +29,7 @@ export type { Backlink } from './backlink'
 export type { RepoBlock } from './repo-block'
 export type { Blob } from './blob'
 export type { RecordBlob } from './record-blob'
+export type { Space } from './space'
+export type { SpaceBacklink } from './space-backlink'
+export type { SpaceBlob } from './space-blob'
+export type { SpaceRecordBlob } from './space-record-blob'

packages/pds/src/actor-store/db/schema/space-backlink.ts

@@ -0,0 +1,9 @@
+export interface SpaceBacklink {
+  uri: string
+  path: string
+  linkTo: string
+}
+
+export const tableName = 'space_backlink'
+
+export type PartialDB = { [tableName]: SpaceBacklink }

packages/pds/src/actor-store/db/schema/space-blob.ts

@@ -0,0 +1,15 @@
+export interface SpaceBlob {
+  cid: string
+  space: string
+  mimeType: string
+  size: number
+  tempKey: string | null
+  width: number | null
+  height: number | null
+  createdAt: string
+  takedownRef: string | null
+}
+
+export const tableName = 'space_blob'
+
+export type PartialDB = { [tableName]: SpaceBlob }