didkit 0.0.3 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d974c618ebe4702ec35b8f4e1465b3cc0664d1cf932fd8739ac4371f7c20caa2
-  data.tar.gz: 66479727000f96ef26d09074bd97cd59d43f14388ea213f25deb846c6e75cb3d
+  metadata.gz: 7744ae1dc9ba4ca678d641139ffa94931130ee7f91fa93d3ee89e3d6e196ba8d
+  data.tar.gz: 4111e824027b646aa8b3a21fb3032dfdba26019b6fecaf3f40f2120dfa417e52
 SHA512:
-  metadata.gz: b3b84e04e7be85c0af2a544173a14338870fc3163727dd9341a1c76d83ce6397c03f4f28284549c5c07c2c3625e018b81c7a4149c80dac8e817f01f7b724c042
-  data.tar.gz: e476000c6bbc05a3e5664e2fb44a8bb19e302c2b13d880bfc9d98a2144916b7982d914d41beea55e5775f55a1a3d01a9bd0854ff4cfa9274d86aba4a406441e1
+  metadata.gz: ed96e325c2d0e8152b1db1f6a46e34afdbec049e0442f2298a89a2bbd07afb96e3ca166fca40adf1ff90d0da02997b825addd20163eb858c6074771d9ea229ce
+  data.tar.gz: 9237183a427ad4f5380504334abcfb16a965b0e95ce39693e9aa8d58d24c6acc6c00d7150bd86be18332e02da3cbd379eb516ccb60716a3b09bf11efc155c26c

data/CHANGELOG.md

@@ -1,3 +1,18 @@
+## [0.1.0] - 2024-03-12
+
+- rejecting handles from disallowed domains like `.arpa` or `.test`
+- validating handles with the `.well-known` file having a trailing newline
+- validating handles with `.well-known` address returning a redirect
+- added `#pick_valid_handle` helper
+- allow overriding the nameserver for `Resolv::DNS`
+- other bug fixes
+
+## [0.0.4] - 2024-03-07
+
+- extracted resolving code from `DID` to a new `Resolver` class (`DID` has helper methods to call the resolver)
+- added `Resolver#get_validated_handle` method to validate handles from the `Document` (+ helpers in `DID` in `Document`)
+- added timeout to `#resolve_handle_by_well_known`
+
 ## [0.0.3] - 2024-03-06
 
 - added `Document#handles` with handle info extracted from `alsoKnownAs` field

data/README.md

@@ -1,13 +1,11 @@
-# DidKit
+# DIDKit
 
 A small Ruby gem for handling Distributed Identifiers (DIDs) in Bluesky / AT Protocol
 
 
 ## What does it do
 
-**TODO** - not much yet :)
-
-See the [did.rb](https://github.com/mackuba/didkit/blob/master/lib/didkit/did.rb) file for now.
+Accounts on Bluesky use identifiers like [did:plc:oio4hkxaop4ao4wz2pp3f4cr](https://plc.directory/did:plc:oio4hkxaop4ao4wz2pp3f4cr) as unique IDs, and they also have assigned human-readable handles like [@mackuba.eu](https://bsky.app/profile/mackuba.eu), which are verified either through a DNS TXT entry or a `/.well-known/atproto-did` file. This library allows you to look up any account's assigned handle using a DID string or vice versa, load the account's DID JSON document that specifies the handles and the PDS server hosting user's repo, and check if the assigned handle verifies correctly.
 
 
 ## Installation
@@ -15,8 +13,72 @@ See the [did.rb](https://github.com/mackuba/didkit/blob/master/lib/didkit/did.rb
     gem install didkit
 
 
+## Usage
+
+Use the `DIDKit::Resolver` class to look up DIDs and handles.
+
+To look up a handle:
+
+```rb
+resolver = DIDKit::Resolver.new
+resolver.resolve_handle('nytimes.com')
+ # => #<DIDKit::DID:0x00000001035956b0 @did="did:plc:eclio37ymobqex2ncko63h4r", @type=:plc, @resolved_by=:dns>
+```
+
+This returns an object of `DIDKit::DID` class (aliased as just `DID`), which tells you:
+
+- the DID as a string (`#to_s` or `#did`)
+- the DID type (`#type`, `:plc` or `:web`)
+- if the handle was resolved via a DNS entry or a `.well-known` file (`#resolved_by`, `:dns` or `:http`)
+
+To go in the other direction – to find an assigned and verified handle given a DID – use `get_validated_handle` (pass DID as a string or an object):
+
+```rb
+resolver.get_validated_handle('did:plc:ewvi7nxzyoun6zhxrhs64oiz')
+ # => "atproto.com" 
+```
+
+You can also load the DID document using `resolve_did`:
+
+```rb
+doc = resolver.resolve_did('did:plc:ragtjsm2j2vknwkz3zp4oxrd')
+ # => #<DIDKit::Document:0x0000000105d751f8 @did=#<DIDKit::DID:...>, @json={...}>
+
+doc.handles
+ # => ["pfrazee.com"] 
+
+doc.pds_endpoint
+ # => "https://morel.us-east.host.bsky.network" 
+```
+
+There are also some helper methods in the `DID` class that create a `Resolver` for you to save you some typing:
+
+```rb
+did = DID.resolve_handle('jay.bsky.team')
+ #  => #<DIDKit::DID:0x000000010615ed28 @did="did:plc:oky5czdrnfjpqslsw2a5iclo", @type=:plc, @resolved_by=:dns>
+
+did.to_s
+ # => "did:plc:oky5czdrnfjpqslsw2a5iclo" 
+
+did.get_document
+ # => #<DIDKit::Document:0x00000001066d4898 @did=#<DIDKit::DID:...>, @json={...}>
+
+did.get_validated_handle
+ # => "jay.bsky.team" 
+```
+
+
+### Configuration
+
+You can override the nameserver used for DNS lookups by setting the `nameserver` property in `Resolver`, e.g. to use Google's or CloudFlare's global DNS:
+
+```
+resolver.nameserver = '8.8.8.8'
+```
+
+
 ## Credits
 
-Copyright © 2023 Kuba Suder ([@mackuba.eu](https://bsky.app/profile/mackuba.eu)).
+Copyright © 2024 Kuba Suder ([@mackuba.eu](https://bsky.app/profile/mackuba.eu)).
 
 The code is available under the terms of the [zlib license](https://choosealicense.com/licenses/zlib/) (permissive, similar to MIT).

data/lib/didkit/did.rb

@@ -1,54 +1,10 @@
-require 'json'
-require 'net/http'
-require 'open-uri'
-require 'resolv'
-
-require_relative 'document'
 require_relative 'errors'
+require_relative 'resolver'
 
 module DIDKit
   class DID
     def self.resolve_handle(handle)
-      domain = handle.gsub(/^@/, '')
-
-      if dns_did = resolve_handle_by_dns(domain)
-        DID.new(dns_did, :dns)
-      elsif http_did = resolve_handle_by_well_known(domain)
-        DID.new(http_did, :http)
-      else
-        nil
-      end
-    end
-
-    def self.resolve_handle_by_dns(domain)
-      dns_records = Resolv::DNS.open { |d| d.getresources("_atproto.#{domain}", Resolv::DNS::Resource::IN::TXT) }
-
-      if record = dns_records.first
-        if string = record.strings.first
-          if string =~ /^did\=(did\:\w+\:.*)$/
-            return $1
-          end
-        end
-      end
-
-      nil
-    end
-
-    def self.resolve_handle_by_well_known(domain)
-      url = URI("https://#{domain}/.well-known/atproto-did")
-      response = Net::HTTP.get_response(url)
-
-      if response.is_a?(Net::HTTPSuccess)
-        if text = response.body
-          if text.lines.length == 1 && text.start_with?('did:')
-            return text
-          end
-        end
-      end
-
-      nil
-    rescue StandardError => e
-      nil
+      Resolver.new.resolve_handle(handle)
     end
 
     attr_reader :type, :did, :resolved_by
@@ -71,23 +27,25 @@ module DIDKit
     alias to_s did
 
     def get_document
-      type == :plc ? resolve_did_plc : resolve_did_web
+      Resolver.new.resolve_did(self)
     end
 
-    def web_domain
-      did.gsub(/^did\:web\:/, '') if type == :web
+    def get_validated_handle
+      Resolver.new.get_validated_handle(self)
     end
 
-    def resolve_did_plc
-      url = "https://plc.directory/#{did}"
-      json = JSON.parse(URI.open(url).read)
-      Document.new(self, json)
+    def web_domain
+      did.gsub(/^did\:web\:/, '') if type == :web
     end
 
-    def resolve_did_web
-      url = "https://#{web_domain}/.well-known/did.json"
-      json = JSON.parse(URI.open(url).read)
-      Document.new(self, json)
+    def ==(other)
+      if other.is_a?(String)
+        self.did == other
+      elsif other.is_a?(DID)
+        self.did == other.did
+      else
+        false
+      end
     end
   end
 end

data/lib/didkit/document.rb

@@ -1,3 +1,5 @@
+require_relative 'resolver'
+
 module DIDKit
   class Document
     class FormatError < StandardError
@@ -8,7 +10,7 @@ module DIDKit
     def initialize(did, json)
       raise FormatError, "Missing id field" if json['id'].nil?
       raise FormatError, "Invalid id field" unless json['id'].is_a?(String)
-      raise FormatError, "Id field doesn't match expected DID" unless json['id'] == did.to_s
+      raise FormatError, "id field doesn't match expected DID" unless json['id'] == did.to_s
 
       @did = did
       @json = json
@@ -37,5 +39,9 @@ module DIDKit
         @handles = []
       end
     end
+
+    def get_validated_handle
+      Resolver.new.pick_valid_handle(did, handles)
+    end
   end
 end

data/lib/didkit/plc_importer.rb

@@ -0,0 +1,45 @@
+require 'json'
+require 'net/http'
+require 'open-uri'
+require 'time'
+
+require_relative 'plc_operation'
+
+module DIDKit
+  class PLCImporter
+    PLC_SERVICE = 'plc.directory'
+
+    attr_accessor :ignore_errors
+
+    def initialize(last_date = Time.now)
+      @last_date = last_date
+      @ignore_errors = false
+    end
+
+    def fetch
+      url = URI("https://#{PLC_SERVICE}/export")
+      url.query = URI.encode_www_form(:after => @last_date.utc.iso8601(6)) if @last_date
+      request_time = Time.now
+
+      data = URI.open(url).read
+      rows = data.lines.map(&:strip).reject(&:empty?).map { |x| JSON.parse(x) }
+
+      operations = rows.filter_map do |json|
+        begin
+          PLCOperation.new(json)
+        rescue PLCOperation::FormatError => e
+          ignore_errors ? nil : raise
+        end
+      end
+
+      block.call(operations)
+
+      if rows.length == 1000
+        @last_date = operations.last.created_at || request_time
+        run_update
+      else
+        @last_date = request_time
+      end
+    end
+  end
+end

data/lib/didkit/plc_operation.rb

@@ -0,0 +1,56 @@
+require 'time'
+
+module DIDKit
+  class PLCOperation
+    class FormatError < StandardError
+    end
+
+    attr_reader :did, :created_at, :type, :pds_endpoint, :handles
+
+    def initialize(json)
+      @did = json['did']
+      raise FormatError, "Missing DID" if @did.nil?
+      raise FormatError, "Invalid DID" unless @did.is_a?(String) && @did.start_with?('did:')
+
+      timestamp = json['createdAt']
+      raise FormatError, "Missing createdAt" if timestamp.nil?
+      raise FormatError, "Invalid createdAt" unless timestamp.is_a?(String)
+
+      @created_at = Time.parse(timestamp)
+
+      operation = json['operation']
+      raise FormatError, "Missing operation key" if operation.nil?
+      raise FormatError, "Invalid operation data" unless operation.is_a?(Hash)
+
+      type = operation['type']
+      raise FormatError, "Missing type" if type.nil?
+
+      @type = type.to_sym
+      return unless @type == :plc_operation
+
+      services = operation['services']
+      raise FormatError, "Missing services key" if services.nil?
+      raise FormatError, "Invalid services data" unless services.is_a?(Hash)
+
+      if pds = services['atproto_pds']
+        raise FormatError, "Invalid PDS data" unless pds.is_a?(Hash)
+        raise FormatError, "Missing PDS type" unless pds['type']
+        raise FormatError, "Invalid PDS type" unless pds['type'] == 'AtprotoPersonalDataServer'
+        raise FormatError, "Missing PDS endpoint" unless pds['endpoint']
+        raise FormatError, "Invalid PDS endpoint" unless pds['endpoint'].is_a?(String) && pds['endpoint'] =~ %r(://)
+
+        @pds_endpoint = pds['endpoint']
+      end
+
+      if aka = operation['alsoKnownAs']
+        raise FormatError, "Invalid alsoKnownAs" unless aka.is_a?(Array)
+        raise FormatError, "Invalid alsoKnownAs" unless aka.all? { |x| x.is_a?(String) }
+        raise FormatError, "Invalid alsoKnownAs" unless aka.all? { |x| x =~ %r(\Aat://[^/]+\z) }
+
+        @handles = aka.map { |x| x.gsub('at://', '') }
+      else
+        @handles = []
+      end
+    end
+  end
+end

data/lib/didkit/resolver.rb

@@ -0,0 +1,115 @@
+require 'json'
+require 'open-uri'
+require 'net/http'
+require 'resolv'
+
+require_relative 'did'
+require_relative 'document'
+
+module DIDKit
+  class Resolver
+    RESERVED_DOMAINS = %w(alt arpa example internal invalid local localhost onion test)
+    MAX_REDIRECTS = 5
+
+    attr_accessor :nameserver
+
+    def resolve_handle(handle)
+      domain = handle.gsub(/^@/, '')
+
+      return nil if RESERVED_DOMAINS.include?(domain.split('.').last)
+
+      if dns_did = resolve_handle_by_dns(domain)
+        DID.new(dns_did, :dns)
+      elsif http_did = resolve_handle_by_well_known(domain)
+        DID.new(http_did, :http)
+      else
+        nil
+      end
+    end
+
+    def resolve_handle_by_dns(domain)
+      dns_records = Resolv::DNS.open(resolv_options) { |d|
+        d.getresources("_atproto.#{domain}", Resolv::DNS::Resource::IN::TXT)
+      }
+
+      if record = dns_records.first
+        if string = record.strings.first
+          return parse_did_from_dns(string)
+        end
+      end
+
+      nil
+    end
+
+    def resolve_handle_by_well_known(domain)
+      resolve_handle_from_url("https://#{domain}/.well-known/atproto-did")
+    end
+
+    def resolve_handle_from_url(url, redirects = 0)
+      url = URI(url) unless url.is_a?(URI)
+
+      response = Net::HTTP.start(url.host, url.port, use_ssl: true, open_timeout: 10, read_timeout: 10) do |http|
+        request = Net::HTTP::Get.new(url)
+        http.request(request)
+      end
+
+      if response.is_a?(Net::HTTPSuccess)
+        if text = response.body
+          return parse_did_from_well_known(text)
+        end
+      elsif response.is_a?(Net::HTTPRedirection) && redirects < MAX_REDIRECTS
+        if location = response['Location']
+          target_url = location.include?('://') ? location : (url.origin + location)
+          return resolve_handle_from_url(target_url, redirects + 1)
+        end
+      end
+
+      nil
+    rescue StandardError => e
+      nil
+    end
+
+    def resolv_options
+      options = Resolv::DNS::Config.default_config_hash.dup
+      options[:nameserver] = nameserver if nameserver
+      options
+    end
+
+    def parse_did_from_dns(txt)
+      txt =~ /\Adid\=(did\:\w+\:.*)\z/ ? $1 : nil
+    end
+
+    def parse_did_from_well_known(text)
+      text = text.strip
+      text.lines.length == 1 && text =~ /\Adid\:\w+\:.*\z/ ? text : nil
+    end
+
+    def resolve_did(did)
+      did = DID.new(did) if did.is_a?(String)
+
+      did.type == :plc ? resolve_did_plc(did) : resolve_did_web(did)
+    end
+
+    def resolve_did_plc(did)
+      url = "https://plc.directory/#{did}"
+      json = JSON.parse(URI.open(url).read)
+      Document.new(did, json)
+    end
+
+    def resolve_did_web(did)
+      url = "https://#{did.web_domain}/.well-known/did.json"
+      json = JSON.parse(URI.open(url).read)
+      Document.new(did, json)
+    end
+
+    def get_validated_handle(did_or_doc)
+      document = did_or_doc.is_a?(Document) ? did_or_doc : resolve_did(did_or_doc)
+
+      pick_valid_handle(document.did, document.handles)
+    end
+
+    def pick_valid_handle(did, handles)
+      handles.detect { |h| resolve_handle(h) == did }
+    end
+  end
+end

data/lib/didkit/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module DIDKit
-  VERSION = "0.0.3"
+  VERSION = "0.1.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: didkit
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.1.0
 platform: ruby
 authors:
 - Kuba Suder
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-03-06 00:00:00.000000000 Z
+date: 2024-03-12 00:00:00.000000000 Z
 dependencies: []
 description:
 email:
@@ -24,6 +24,9 @@ files:
 - lib/didkit/did.rb
 - lib/didkit/document.rb
 - lib/didkit/errors.rb
+- lib/didkit/plc_importer.rb
+- lib/didkit/plc_operation.rb
+- lib/didkit/resolver.rb
 - lib/didkit/version.rb
 - sig/didkit.rbs
 homepage: https://github.com/mackuba/didkit