@atproto/identity 0.3.0 → 0.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +17 -0
- package/LICENSE.txt +7 -0
- package/README.md +6 -1
- package/dist/did/atproto-data.d.ts +1 -0
- package/dist/index.js +50 -13
- package/dist/index.js.map +2 -2
- package/package.json +3 -3
- package/src/did/atproto-data.ts +8 -0
- package/src/did/base-resolver.ts +2 -2
- package/LICENSE +0 -21
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,22 @@
|
|
|
1
1
|
# @atproto/identity
|
|
2
2
|
|
|
3
|
+
## 0.3.2
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- Updated dependencies [[`e1b5f253`](https://github.com/bluesky-social/atproto/commit/e1b5f2537a5ba4d8b951a741269b604856028ae5)]:
|
|
8
|
+
- @atproto/crypto@0.3.0
|
|
9
|
+
|
|
10
|
+
## 0.3.1
|
|
11
|
+
|
|
12
|
+
### Patch Changes
|
|
13
|
+
|
|
14
|
+
- [#1788](https://github.com/bluesky-social/atproto/pull/1788) [`84e2d4d2`](https://github.com/bluesky-social/atproto/commit/84e2d4d2b6694f344d80c18672c78b650189d423) Thanks [@bnewbold](https://github.com/bnewbold)! - update license to "MIT or Apache2"
|
|
15
|
+
|
|
16
|
+
- Updated dependencies [[`84e2d4d2`](https://github.com/bluesky-social/atproto/commit/84e2d4d2b6694f344d80c18672c78b650189d423)]:
|
|
17
|
+
- @atproto/common-web@0.2.3
|
|
18
|
+
- @atproto/crypto@0.2.3
|
|
19
|
+
|
|
3
20
|
## 0.3.0
|
|
4
21
|
|
|
5
22
|
### Minor Changes
|
package/LICENSE.txt
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
Dual MIT/Apache-2.0 License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2022-2023 Bluesky PBC, and Contributors
|
|
4
|
+
|
|
5
|
+
Except as otherwise noted in individual files, this software is licensed under the MIT license (<http://opensource.org/licenses/MIT>), or the Apache License, Version 2.0 (<http://www.apache.org/licenses/LICENSE-2.0>).
|
|
6
|
+
|
|
7
|
+
Downstream projects and end users may chose either license individually, or both together, at their discretion. The motivation for this dual-licensing is the additional software patent assurance provided by Apache 2.0.
|
package/README.md
CHANGED
|
@@ -37,4 +37,9 @@ if (data.handle != handle) {
|
|
|
37
37
|
|
|
38
38
|
## License
|
|
39
39
|
|
|
40
|
-
MIT
|
|
40
|
+
This project is dual-licensed under MIT and Apache 2.0 terms:
|
|
41
|
+
|
|
42
|
+
- MIT license ([LICENSE-MIT.txt](https://github.com/bluesky-social/atproto/blob/main/LICENSE-MIT.txt) or http://opensource.org/licenses/MIT)
|
|
43
|
+
- Apache License, Version 2.0, ([LICENSE-APACHE.txt](https://github.com/bluesky-social/atproto/blob/main/LICENSE-APACHE.txt) or http://www.apache.org/licenses/LICENSE-2.0)
|
|
44
|
+
|
|
45
|
+
Downstream projects and end users may chose either license individually, or both together, at their discretion. The motivation for this dual-licensing is the additional software patent assurance provided by Apache 2.0.
|
|
@@ -4,3 +4,4 @@ export { getDid, getHandle, getPdsEndpoint as getPds, getFeedGenEndpoint as getF
|
|
|
4
4
|
export declare const getKey: (doc: DidDocument) => string | undefined;
|
|
5
5
|
export declare const parseToAtprotoDocument: (doc: DidDocument) => Partial<AtprotoData>;
|
|
6
6
|
export declare const ensureAtpDocument: (doc: DidDocument) => AtprotoData;
|
|
7
|
+
export declare const ensureAtprotoKey: (doc: DidDocument) => string;
|
package/dist/index.js
CHANGED
|
@@ -21170,6 +21170,7 @@ __export(src_exports3, {
|
|
|
21170
21170
|
UnsupportedDidWebPathError: () => UnsupportedDidWebPathError,
|
|
21171
21171
|
didDocument: () => didDocument,
|
|
21172
21172
|
ensureAtpDocument: () => ensureAtpDocument,
|
|
21173
|
+
ensureAtprotoKey: () => ensureAtprotoKey,
|
|
21173
21174
|
getDid: () => getDid,
|
|
21174
21175
|
getFeedGen: () => getFeedGenEndpoint,
|
|
21175
21176
|
getHandle: () => getHandle,
|
|
@@ -24175,16 +24176,30 @@ var decompressPubkey2 = (compressed) => {
|
|
|
24175
24176
|
};
|
|
24176
24177
|
|
|
24177
24178
|
// ../crypto/src/p256/operations.ts
|
|
24178
|
-
var verifyDidSig = async (did, data, sig) => {
|
|
24179
|
+
var verifyDidSig = async (did, data, sig, opts) => {
|
|
24179
24180
|
const { jwtAlg, keyBytes } = parseDidKey(did);
|
|
24180
24181
|
if (jwtAlg !== P256_JWT_ALG) {
|
|
24181
24182
|
throw new Error(`Not a P-256 did:key: ${did}`);
|
|
24182
24183
|
}
|
|
24183
|
-
return verifySig(keyBytes, data, sig);
|
|
24184
|
+
return verifySig(keyBytes, data, sig, opts);
|
|
24184
24185
|
};
|
|
24185
|
-
var verifySig = async (publicKey, data, sig) => {
|
|
24186
|
+
var verifySig = async (publicKey, data, sig, opts) => {
|
|
24187
|
+
const allowMalleable = opts?.allowMalleableSig ?? false;
|
|
24186
24188
|
const msgHash = await sha2562(data);
|
|
24187
|
-
|
|
24189
|
+
if (!allowMalleable && !isCompactFormat(sig)) {
|
|
24190
|
+
return false;
|
|
24191
|
+
}
|
|
24192
|
+
return p256.verify(sig, msgHash, publicKey, {
|
|
24193
|
+
lowS: !allowMalleable
|
|
24194
|
+
});
|
|
24195
|
+
};
|
|
24196
|
+
var isCompactFormat = (sig) => {
|
|
24197
|
+
try {
|
|
24198
|
+
const parsed = p256.Signature.fromCompact(sig);
|
|
24199
|
+
return equals(parsed.toCompactRawBytes(), sig);
|
|
24200
|
+
} catch {
|
|
24201
|
+
return false;
|
|
24202
|
+
}
|
|
24188
24203
|
};
|
|
24189
24204
|
|
|
24190
24205
|
// ../crypto/src/p256/plugin.ts
|
|
@@ -24196,16 +24211,30 @@ var p256Plugin = {
|
|
|
24196
24211
|
var plugin_default = p256Plugin;
|
|
24197
24212
|
|
|
24198
24213
|
// ../crypto/src/secp256k1/operations.ts
|
|
24199
|
-
var verifyDidSig2 = async (did, data, sig) => {
|
|
24214
|
+
var verifyDidSig2 = async (did, data, sig, opts) => {
|
|
24200
24215
|
const { jwtAlg, keyBytes } = parseDidKey(did);
|
|
24201
24216
|
if (jwtAlg !== SECP256K1_JWT_ALG) {
|
|
24202
24217
|
throw new Error(`Not a secp256k1 did:key: ${did}`);
|
|
24203
24218
|
}
|
|
24204
|
-
return verifySig2(keyBytes, data, sig);
|
|
24219
|
+
return verifySig2(keyBytes, data, sig, opts);
|
|
24205
24220
|
};
|
|
24206
|
-
var verifySig2 = async (publicKey, data, sig) => {
|
|
24221
|
+
var verifySig2 = async (publicKey, data, sig, opts) => {
|
|
24222
|
+
const allowMalleable = opts?.allowMalleableSig ?? false;
|
|
24207
24223
|
const msgHash = await sha2562(data);
|
|
24208
|
-
|
|
24224
|
+
if (!allowMalleable && !isCompactFormat2(sig)) {
|
|
24225
|
+
return false;
|
|
24226
|
+
}
|
|
24227
|
+
return secp256k1.verify(sig, msgHash, publicKey, {
|
|
24228
|
+
lowS: !allowMalleable
|
|
24229
|
+
});
|
|
24230
|
+
};
|
|
24231
|
+
var isCompactFormat2 = (sig) => {
|
|
24232
|
+
try {
|
|
24233
|
+
const parsed = secp256k1.Signature.fromCompact(sig);
|
|
24234
|
+
return equals(parsed.toCompactRawBytes(), sig);
|
|
24235
|
+
} catch {
|
|
24236
|
+
return false;
|
|
24237
|
+
}
|
|
24209
24238
|
};
|
|
24210
24239
|
|
|
24211
24240
|
// ../crypto/src/secp256k1/plugin.ts
|
|
@@ -24294,13 +24323,13 @@ var multibaseToBytes = (mb) => {
|
|
|
24294
24323
|
};
|
|
24295
24324
|
|
|
24296
24325
|
// ../crypto/src/verify.ts
|
|
24297
|
-
var verifySignature = (didKey, data, sig) => {
|
|
24326
|
+
var verifySignature = (didKey, data, sig, opts) => {
|
|
24298
24327
|
const parsed = parseDidKey(didKey);
|
|
24299
24328
|
const plugin = plugins_default.find((p) => p.jwtAlg === parsed.jwtAlg);
|
|
24300
24329
|
if (!plugin) {
|
|
24301
|
-
throw new Error(`Unsupported signature alg:
|
|
24330
|
+
throw new Error(`Unsupported signature alg: ${parsed.jwtAlg}`);
|
|
24302
24331
|
}
|
|
24303
|
-
return plugin.verifySignature(didKey, data, sig);
|
|
24332
|
+
return plugin.verifySignature(didKey, data, sig, opts);
|
|
24304
24333
|
};
|
|
24305
24334
|
|
|
24306
24335
|
// ../common-web/src/check.ts
|
|
@@ -28097,6 +28126,13 @@ var ensureAtpDocument = (doc) => {
|
|
|
28097
28126
|
}
|
|
28098
28127
|
return { did, signingKey, handle, pds };
|
|
28099
28128
|
};
|
|
28129
|
+
var ensureAtprotoKey = (doc) => {
|
|
28130
|
+
const { signingKey } = parseToAtprotoDocument(doc);
|
|
28131
|
+
if (!signingKey) {
|
|
28132
|
+
throw new Error(`Could not parse signingKey from doc: ${doc}`);
|
|
28133
|
+
}
|
|
28134
|
+
return signingKey;
|
|
28135
|
+
};
|
|
28100
28136
|
|
|
28101
28137
|
// src/errors.ts
|
|
28102
28138
|
var DidNotFoundError = class extends Error {
|
|
@@ -28188,8 +28224,8 @@ var BaseResolver = class {
|
|
|
28188
28224
|
if (did.startsWith("did:key:")) {
|
|
28189
28225
|
return did;
|
|
28190
28226
|
} else {
|
|
28191
|
-
const
|
|
28192
|
-
return
|
|
28227
|
+
const didDocument2 = await this.ensureResolve(did, forceRefresh);
|
|
28228
|
+
return ensureAtprotoKey(didDocument2);
|
|
28193
28229
|
}
|
|
28194
28230
|
}
|
|
28195
28231
|
async verifySignature(did, data, sig, forceRefresh = false) {
|
|
@@ -28434,6 +28470,7 @@ var IdResolver = class {
|
|
|
28434
28470
|
UnsupportedDidWebPathError,
|
|
28435
28471
|
didDocument,
|
|
28436
28472
|
ensureAtpDocument,
|
|
28473
|
+
ensureAtprotoKey,
|
|
28437
28474
|
getDid,
|
|
28438
28475
|
getFeedGen,
|
|
28439
28476
|
getHandle,
|