@atproto/identity 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,5 +1,15 @@
1
1
  # @atproto/identity
2
2
 
3
+ ## 0.3.1
4
+
5
+ ### Patch Changes
6
+
7
+ - [#1788](https://github.com/bluesky-social/atproto/pull/1788) [`84e2d4d2`](https://github.com/bluesky-social/atproto/commit/84e2d4d2b6694f344d80c18672c78b650189d423) Thanks [@bnewbold](https://github.com/bnewbold)! - update license to "MIT or Apache2"
8
+
9
+ - Updated dependencies [[`84e2d4d2`](https://github.com/bluesky-social/atproto/commit/84e2d4d2b6694f344d80c18672c78b650189d423)]:
10
+ - @atproto/common-web@0.2.3
11
+ - @atproto/crypto@0.2.3
12
+
3
13
  ## 0.3.0
4
14
 
5
15
  ### Minor Changes
package/LICENSE.txt ADDED
@@ -0,0 +1,7 @@
1
+ Dual MIT/Apache-2.0 License
2
+
3
+ Copyright (c) 2022-2023 Bluesky PBC, and Contributors
4
+
5
+ Except as otherwise noted in individual files, this software is licensed under the MIT license (<http://opensource.org/licenses/MIT>), or the Apache License, Version 2.0 (<http://www.apache.org/licenses/LICENSE-2.0>).
6
+
7
+ Downstream projects and end users may chose either license individually, or both together, at their discretion. The motivation for this dual-licensing is the additional software patent assurance provided by Apache 2.0.
package/README.md CHANGED
@@ -37,4 +37,9 @@ if (data.handle != handle) {
37
37
 
38
38
  ## License
39
39
 
40
- MIT License
40
+ This project is dual-licensed under MIT and Apache 2.0 terms:
41
+
42
+ - MIT license ([LICENSE-MIT.txt](https://github.com/bluesky-social/atproto/blob/main/LICENSE-MIT.txt) or http://opensource.org/licenses/MIT)
43
+ - Apache License, Version 2.0, ([LICENSE-APACHE.txt](https://github.com/bluesky-social/atproto/blob/main/LICENSE-APACHE.txt) or http://www.apache.org/licenses/LICENSE-2.0)
44
+
45
+ Downstream projects and end users may chose either license individually, or both together, at their discretion. The motivation for this dual-licensing is the additional software patent assurance provided by Apache 2.0.
@@ -4,3 +4,4 @@ export { getDid, getHandle, getPdsEndpoint as getPds, getFeedGenEndpoint as getF
4
4
  export declare const getKey: (doc: DidDocument) => string | undefined;
5
5
  export declare const parseToAtprotoDocument: (doc: DidDocument) => Partial<AtprotoData>;
6
6
  export declare const ensureAtpDocument: (doc: DidDocument) => AtprotoData;
7
+ export declare const ensureAtprotoKey: (doc: DidDocument) => string;
package/dist/index.js CHANGED
@@ -21170,6 +21170,7 @@ __export(src_exports3, {
21170
21170
  UnsupportedDidWebPathError: () => UnsupportedDidWebPathError,
21171
21171
  didDocument: () => didDocument,
21172
21172
  ensureAtpDocument: () => ensureAtpDocument,
21173
+ ensureAtprotoKey: () => ensureAtprotoKey,
21173
21174
  getDid: () => getDid,
21174
21175
  getFeedGen: () => getFeedGenEndpoint,
21175
21176
  getHandle: () => getHandle,
@@ -24175,16 +24176,18 @@ var decompressPubkey2 = (compressed) => {
24175
24176
  };
24176
24177
 
24177
24178
  // ../crypto/src/p256/operations.ts
24178
- var verifyDidSig = async (did, data, sig) => {
24179
+ var verifyDidSig = async (did, data, sig, opts) => {
24179
24180
  const { jwtAlg, keyBytes } = parseDidKey(did);
24180
24181
  if (jwtAlg !== P256_JWT_ALG) {
24181
24182
  throw new Error(`Not a P-256 did:key: ${did}`);
24182
24183
  }
24183
- return verifySig(keyBytes, data, sig);
24184
+ return verifySig(keyBytes, data, sig, opts);
24184
24185
  };
24185
- var verifySig = async (publicKey, data, sig) => {
24186
+ var verifySig = async (publicKey, data, sig, opts) => {
24186
24187
  const msgHash = await sha2562(data);
24187
- return p256.verify(sig, msgHash, publicKey, { lowS: true });
24188
+ return p256.verify(sig, msgHash, publicKey, {
24189
+ lowS: opts?.lowS ?? true
24190
+ });
24188
24191
  };
24189
24192
 
24190
24193
  // ../crypto/src/p256/plugin.ts
@@ -24196,16 +24199,18 @@ var p256Plugin = {
24196
24199
  var plugin_default = p256Plugin;
24197
24200
 
24198
24201
  // ../crypto/src/secp256k1/operations.ts
24199
- var verifyDidSig2 = async (did, data, sig) => {
24202
+ var verifyDidSig2 = async (did, data, sig, opts) => {
24200
24203
  const { jwtAlg, keyBytes } = parseDidKey(did);
24201
24204
  if (jwtAlg !== SECP256K1_JWT_ALG) {
24202
24205
  throw new Error(`Not a secp256k1 did:key: ${did}`);
24203
24206
  }
24204
- return verifySig2(keyBytes, data, sig);
24207
+ return verifySig2(keyBytes, data, sig, opts);
24205
24208
  };
24206
- var verifySig2 = async (publicKey, data, sig) => {
24209
+ var verifySig2 = async (publicKey, data, sig, opts) => {
24207
24210
  const msgHash = await sha2562(data);
24208
- return secp256k1.verify(sig, msgHash, publicKey, { lowS: true });
24211
+ return secp256k1.verify(sig, msgHash, publicKey, {
24212
+ lowS: opts?.lowS ?? true
24213
+ });
24209
24214
  };
24210
24215
 
24211
24216
  // ../crypto/src/secp256k1/plugin.ts
@@ -24294,13 +24299,13 @@ var multibaseToBytes = (mb) => {
24294
24299
  };
24295
24300
 
24296
24301
  // ../crypto/src/verify.ts
24297
- var verifySignature = (didKey, data, sig) => {
24302
+ var verifySignature = (didKey, data, sig, opts) => {
24298
24303
  const parsed = parseDidKey(didKey);
24299
24304
  const plugin = plugins_default.find((p) => p.jwtAlg === parsed.jwtAlg);
24300
24305
  if (!plugin) {
24301
- throw new Error(`Unsupported signature alg: :${parsed.jwtAlg}`);
24306
+ throw new Error(`Unsupported signature alg: ${parsed.jwtAlg}`);
24302
24307
  }
24303
- return plugin.verifySignature(didKey, data, sig);
24308
+ return plugin.verifySignature(didKey, data, sig, opts);
24304
24309
  };
24305
24310
 
24306
24311
  // ../common-web/src/check.ts
@@ -28097,6 +28102,13 @@ var ensureAtpDocument = (doc) => {
28097
28102
  }
28098
28103
  return { did, signingKey, handle, pds };
28099
28104
  };
28105
+ var ensureAtprotoKey = (doc) => {
28106
+ const { signingKey } = parseToAtprotoDocument(doc);
28107
+ if (!signingKey) {
28108
+ throw new Error(`Could not parse signingKey from doc: ${doc}`);
28109
+ }
28110
+ return signingKey;
28111
+ };
28100
28112
 
28101
28113
  // src/errors.ts
28102
28114
  var DidNotFoundError = class extends Error {
@@ -28188,8 +28200,8 @@ var BaseResolver = class {
28188
28200
  if (did.startsWith("did:key:")) {
28189
28201
  return did;
28190
28202
  } else {
28191
- const data = await this.resolveAtprotoData(did, forceRefresh);
28192
- return data.signingKey;
28203
+ const didDocument2 = await this.ensureResolve(did, forceRefresh);
28204
+ return ensureAtprotoKey(didDocument2);
28193
28205
  }
28194
28206
  }
28195
28207
  async verifySignature(did, data, sig, forceRefresh = false) {
@@ -28434,6 +28446,7 @@ var IdResolver = class {
28434
28446
  UnsupportedDidWebPathError,
28435
28447
  didDocument,
28436
28448
  ensureAtpDocument,
28449
+ ensureAtprotoKey,
28437
28450
  getDid,
28438
28451
  getFeedGen,
28439
28452
  getHandle,