@atproto/repo 0.3.3 → 0.3.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +22 -0
- package/LICENSE.txt +7 -0
- package/README.md +6 -1
- package/dist/index.js +39 -11
- package/dist/index.js.map +2 -2
- package/package.json +7 -7
- package/LICENSE +0 -21
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,27 @@
|
|
|
1
1
|
# @atproto/repo
|
|
2
2
|
|
|
3
|
+
## 0.3.5
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- Updated dependencies [[`e1b5f253`](https://github.com/bluesky-social/atproto/commit/e1b5f2537a5ba4d8b951a741269b604856028ae5)]:
|
|
8
|
+
- @atproto/crypto@0.3.0
|
|
9
|
+
- @atproto/identity@0.3.2
|
|
10
|
+
|
|
11
|
+
## 0.3.4
|
|
12
|
+
|
|
13
|
+
### Patch Changes
|
|
14
|
+
|
|
15
|
+
- [#1788](https://github.com/bluesky-social/atproto/pull/1788) [`84e2d4d2`](https://github.com/bluesky-social/atproto/commit/84e2d4d2b6694f344d80c18672c78b650189d423) Thanks [@bnewbold](https://github.com/bnewbold)! - update license to "MIT or Apache2"
|
|
16
|
+
|
|
17
|
+
- Updated dependencies [[`ce49743d`](https://github.com/bluesky-social/atproto/commit/ce49743d7f8800d33116b88001d7b512553c2c89), [`84e2d4d2`](https://github.com/bluesky-social/atproto/commit/84e2d4d2b6694f344d80c18672c78b650189d423)]:
|
|
18
|
+
- @atproto/lexicon@0.3.0
|
|
19
|
+
- @atproto/common-web@0.2.3
|
|
20
|
+
- @atproto/identity@0.3.1
|
|
21
|
+
- @atproto/common@0.3.3
|
|
22
|
+
- @atproto/crypto@0.2.3
|
|
23
|
+
- @atproto/syntax@0.1.4
|
|
24
|
+
|
|
3
25
|
## 0.3.3
|
|
4
26
|
|
|
5
27
|
### Patch Changes
|
package/LICENSE.txt
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
Dual MIT/Apache-2.0 License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2022-2023 Bluesky PBC, and Contributors
|
|
4
|
+
|
|
5
|
+
Except as otherwise noted in individual files, this software is licensed under the MIT license (<http://opensource.org/licenses/MIT>), or the Apache License, Version 2.0 (<http://www.apache.org/licenses/LICENSE-2.0>).
|
|
6
|
+
|
|
7
|
+
Downstream projects and end users may chose either license individually, or both together, at their discretion. The motivation for this dual-licensing is the additional software patent assurance provided by Apache 2.0.
|
package/README.md
CHANGED
|
@@ -9,4 +9,9 @@ Repositories in atproto are signed key/value stores containing CBOR-encoded data
|
|
|
9
9
|
|
|
10
10
|
## License
|
|
11
11
|
|
|
12
|
-
MIT
|
|
12
|
+
This project is dual-licensed under MIT and Apache 2.0 terms:
|
|
13
|
+
|
|
14
|
+
- MIT license ([LICENSE-MIT.txt](https://github.com/bluesky-social/atproto/blob/main/LICENSE-MIT.txt) or http://opensource.org/licenses/MIT)
|
|
15
|
+
- Apache License, Version 2.0, ([LICENSE-APACHE.txt](https://github.com/bluesky-social/atproto/blob/main/LICENSE-APACHE.txt) or http://www.apache.org/licenses/LICENSE-2.0)
|
|
16
|
+
|
|
17
|
+
Downstream projects and end users may chose either license individually, or both together, at their discretion. The motivation for this dual-licensing is the additional software patent assurance provided by Apache 2.0.
|
package/dist/index.js
CHANGED
|
@@ -24537,16 +24537,30 @@ var decompressPubkey2 = (compressed) => {
|
|
|
24537
24537
|
};
|
|
24538
24538
|
|
|
24539
24539
|
// ../crypto/src/p256/operations.ts
|
|
24540
|
-
var verifyDidSig = async (did2, data, sig) => {
|
|
24540
|
+
var verifyDidSig = async (did2, data, sig, opts) => {
|
|
24541
24541
|
const { jwtAlg, keyBytes } = parseDidKey(did2);
|
|
24542
24542
|
if (jwtAlg !== P256_JWT_ALG) {
|
|
24543
24543
|
throw new Error(`Not a P-256 did:key: ${did2}`);
|
|
24544
24544
|
}
|
|
24545
|
-
return verifySig(keyBytes, data, sig);
|
|
24545
|
+
return verifySig(keyBytes, data, sig, opts);
|
|
24546
24546
|
};
|
|
24547
|
-
var verifySig = async (publicKey, data, sig) => {
|
|
24547
|
+
var verifySig = async (publicKey, data, sig, opts) => {
|
|
24548
|
+
const allowMalleable = opts?.allowMalleableSig ?? false;
|
|
24548
24549
|
const msgHash = await sha2562(data);
|
|
24549
|
-
|
|
24550
|
+
if (!allowMalleable && !isCompactFormat(sig)) {
|
|
24551
|
+
return false;
|
|
24552
|
+
}
|
|
24553
|
+
return p256.verify(sig, msgHash, publicKey, {
|
|
24554
|
+
lowS: !allowMalleable
|
|
24555
|
+
});
|
|
24556
|
+
};
|
|
24557
|
+
var isCompactFormat = (sig) => {
|
|
24558
|
+
try {
|
|
24559
|
+
const parsed = p256.Signature.fromCompact(sig);
|
|
24560
|
+
return equals3(parsed.toCompactRawBytes(), sig);
|
|
24561
|
+
} catch {
|
|
24562
|
+
return false;
|
|
24563
|
+
}
|
|
24550
24564
|
};
|
|
24551
24565
|
|
|
24552
24566
|
// ../crypto/src/p256/plugin.ts
|
|
@@ -24558,16 +24572,30 @@ var p256Plugin = {
|
|
|
24558
24572
|
var plugin_default = p256Plugin;
|
|
24559
24573
|
|
|
24560
24574
|
// ../crypto/src/secp256k1/operations.ts
|
|
24561
|
-
var verifyDidSig2 = async (did2, data, sig) => {
|
|
24575
|
+
var verifyDidSig2 = async (did2, data, sig, opts) => {
|
|
24562
24576
|
const { jwtAlg, keyBytes } = parseDidKey(did2);
|
|
24563
24577
|
if (jwtAlg !== SECP256K1_JWT_ALG) {
|
|
24564
24578
|
throw new Error(`Not a secp256k1 did:key: ${did2}`);
|
|
24565
24579
|
}
|
|
24566
|
-
return verifySig2(keyBytes, data, sig);
|
|
24580
|
+
return verifySig2(keyBytes, data, sig, opts);
|
|
24567
24581
|
};
|
|
24568
|
-
var verifySig2 = async (publicKey, data, sig) => {
|
|
24582
|
+
var verifySig2 = async (publicKey, data, sig, opts) => {
|
|
24583
|
+
const allowMalleable = opts?.allowMalleableSig ?? false;
|
|
24569
24584
|
const msgHash = await sha2562(data);
|
|
24570
|
-
|
|
24585
|
+
if (!allowMalleable && !isCompactFormat2(sig)) {
|
|
24586
|
+
return false;
|
|
24587
|
+
}
|
|
24588
|
+
return secp256k1.verify(sig, msgHash, publicKey, {
|
|
24589
|
+
lowS: !allowMalleable
|
|
24590
|
+
});
|
|
24591
|
+
};
|
|
24592
|
+
var isCompactFormat2 = (sig) => {
|
|
24593
|
+
try {
|
|
24594
|
+
const parsed = secp256k1.Signature.fromCompact(sig);
|
|
24595
|
+
return equals3(parsed.toCompactRawBytes(), sig);
|
|
24596
|
+
} catch {
|
|
24597
|
+
return false;
|
|
24598
|
+
}
|
|
24571
24599
|
};
|
|
24572
24600
|
|
|
24573
24601
|
// ../crypto/src/secp256k1/plugin.ts
|
|
@@ -24620,13 +24648,13 @@ var sha2563 = async (input) => {
|
|
|
24620
24648
|
};
|
|
24621
24649
|
|
|
24622
24650
|
// ../crypto/src/verify.ts
|
|
24623
|
-
var verifySignature = (didKey, data, sig) => {
|
|
24651
|
+
var verifySignature = (didKey, data, sig, opts) => {
|
|
24624
24652
|
const parsed = parseDidKey(didKey);
|
|
24625
24653
|
const plugin = plugins_default.find((p) => p.jwtAlg === parsed.jwtAlg);
|
|
24626
24654
|
if (!plugin) {
|
|
24627
|
-
throw new Error(`Unsupported signature alg:
|
|
24655
|
+
throw new Error(`Unsupported signature alg: ${parsed.jwtAlg}`);
|
|
24628
24656
|
}
|
|
24629
|
-
return plugin.verifySignature(didKey, data, sig);
|
|
24657
|
+
return plugin.verifySignature(didKey, data, sig, opts);
|
|
24630
24658
|
};
|
|
24631
24659
|
|
|
24632
24660
|
// src/mst/util.ts
|