@bskyprism/atproto-oauth-client-cloudflare-workers 0.2.2

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 nDimensional Studios
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,69 @@
+# atproto-oauth-client-cloudflare-workers
+
+This library contains local patched copies of
+
+- [`@atproto/oauth-client-node`](https://github.com/bluesky-social/atproto/tree/main/packages/oauth/oauth-client-node)
+- [`@atproto/oauth-client`](https://github.com/bluesky-social/atproto/tree/main/packages/oauth/oauth-client)
+- [`@atproto-labs/handle-resolver-node`](https://github.com/bluesky-social/atproto/tree/main/packages/internal/handle-resolver-node)
+- [`@atproto-labs/handle-resolver`](https://github.com/bluesky-social/atproto/tree/main/packages/internal/handle-resolver)
+- [`@atproto-labs/identity-resolver`](https://github.com/bluesky-social/atproto/tree/main/packages/internal/identity-resolver)
+- [`@atproto-labs/did-resolver`](https://github.com/bluesky-social/atproto/tree/main/packages/internal/did-resolver)
+
+that are compatible with the Cloudflare Workers edge runtime.
+
+The only changes applied throughout are:
+
+1. replacing `request.cache: "no-cache"` with `request.headers["cache-control"]: "no-cache"`
+2. replacing `request.redirect: "error"` with `request.redirect: "follow"`
+
+DNS handle resolution requires the [`nodejs_compat` compatibility flag](https://developers.cloudflare.com/workers/runtime-apis/nodejs/).
+
+## Fork
+
+This is a fork of [nDimensional/atproto-oauth-client-cloudflare-workers](https://github.com/nDimensional/atproto-oauth-client-cloudflare-workers).
+
+## Usage
+
+`WorkersOAuthClient` works mostly as a drop-in replacement for `NodeOAuthClient`.
+
+```ts
+import { WorkersOAuthClient } from "atproto-oauth-client-cloudflare-workers"
+
+export const client = new WorkersOAuthClient({
+	clientMetadata: {
+	  // ...
+	}
+}
+```
+
+By default, like `NodeOAuthClient`, this will use an in-memory store for the handle cache and DID cache. This doesn't make much sense for the workers environment, since memory is reset after each invocation. To use Cloudflare KV namespaces for your handle and DID caches, create `DidCacheKV` and `HandleCacheKV` instances and pass them to the `WorkersOAuthClient` constructor.
+
+Similarly, to use KV namespaces for the oauth state store and oauth session store, (which are required), import and provide `StateStoreKV` and `SessionStoreKV` instances.
+
+```ts
+import { env } from "cloudflare:workers"
+
+import {
+	WorkersOAuthClient,
+	DidCacheKV,
+	HandleCacheKV,
+	StateStoreKV,
+	SessionStoreKV,
+} from "atproto-oauth-client-cloudflare-workers";
+
+export const client = new WorkersOAuthClient({
+  // did -> didDocument cache
+	didCache: new DidCacheKV(env.DID_CACHE),
+	// handle -> did cache
+	handleCache: new HandleCacheKV(env.HANDLE_CACHE),
+
+	clientMetadata: {
+	  // Interface to store authorization state data (during authorization flows)
+		stateStore: new StateStoreKV(env.OAUTH_STATE_STORE),
+		// Interface to store authenticated session data
+	  sessionStore: new SessionStoreKV(env.OAUTH_SESSION_STORE),
+
+		// ...
+	}
+}
+```

package/lib/did-cache-kv.d.ts

@@ -0,0 +1,18 @@
+import type { Did, DidDocument } from "@atproto/did";
+import { DidCache } from "#did-resolver";
+import type { KVNamespace } from "./util.js";
+export interface DidCacheKVOptions {
+    /** in milliseconds */
+    ttl?: number;
+    /** in bytes */
+    maxSize?: number;
+}
+export declare class DidCacheKV implements DidCache {
+    namespace: KVNamespace;
+    ttl: number;
+    maxSize: number;
+    constructor(namespace: KVNamespace, options?: DidCacheKVOptions);
+    get(key: Did): Promise<DidDocument | undefined>;
+    set(key: Did, value: DidDocument): Promise<void>;
+    del(key: Did): Promise<void>;
+}

package/lib/did-cache-kv.js

@@ -0,0 +1,26 @@
+const DEFAULT_TTL = 60 * 60 * 1000; // 1 hour
+const DEFAULT_MAX_SIZE = 50 * 1024 * 1024; // ~50MB
+export class DidCacheKV {
+    constructor(namespace, options = {}) {
+        this.namespace = namespace;
+        this.ttl = options.ttl ?? DEFAULT_TTL;
+        this.maxSize = options.maxSize ?? DEFAULT_MAX_SIZE;
+    }
+    async get(key) {
+        const value = await this.namespace.get(key);
+        if (value === null) {
+            return undefined;
+        }
+        else {
+            return JSON.parse(value);
+        }
+    }
+    async set(key, value) {
+        await this.namespace.put(key, JSON.stringify(value), {
+            expirationTtl: Math.round(this.ttl / 1000),
+        });
+    }
+    async del(key) {
+        await this.namespace.delete(key);
+    }
+}

package/lib/did-resolver/did-cache-memory.d.ts

@@ -0,0 +1,7 @@
+import { Did, DidDocument } from "@atproto/did";
+import { SimpleStoreMemory, SimpleStoreMemoryOptions } from "@atproto-labs/simple-store-memory";
+import { DidCache } from "./did-cache.js";
+export type DidCacheMemoryOptions = SimpleStoreMemoryOptions<Did, DidDocument>;
+export declare class DidCacheMemory extends SimpleStoreMemory<Did, DidDocument> implements DidCache {
+    constructor(options?: DidCacheMemoryOptions);
+}

package/lib/did-resolver/did-cache-memory.js

@@ -0,0 +1,10 @@
+import { SimpleStoreMemory, } from "@atproto-labs/simple-store-memory";
+const DEFAULT_TTL = 3600 * 1000; // 1 hour
+const DEFAULT_MAX_SIZE = 50 * 1024 * 1024; // ~50MB
+export class DidCacheMemory extends SimpleStoreMemory {
+    constructor(options) {
+        super(options?.max == null
+            ? { ttl: DEFAULT_TTL, maxSize: DEFAULT_MAX_SIZE, ...options }
+            : { ttl: DEFAULT_TTL, ...options });
+    }
+}

package/lib/did-resolver/did-cache.d.ts

@@ -0,0 +1,14 @@
+import { Did, DidDocument } from "@atproto/did";
+import { CachedGetter, SimpleStore } from "@atproto-labs/simple-store";
+import { DidMethod, ResolveDidOptions } from "./did-method.js";
+import { DidResolver, ResolvedDocument } from "./did-resolver.js";
+export type { DidMethod, ResolveDidOptions, ResolvedDocument };
+export type DidCache = SimpleStore<Did, DidDocument>;
+export type DidResolverCachedOptions = {
+    cache?: DidCache;
+};
+export declare class DidResolverCached<M extends string = string> implements DidResolver<M> {
+    protected readonly getter: CachedGetter<Did, DidDocument>;
+    constructor(resolver: DidResolver<M>, cache?: DidCache);
+    resolve<D extends Did>(did: D, options?: ResolveDidOptions): Promise<ResolvedDocument<D, M>>;
+}

package/lib/did-resolver/did-cache.js

@@ -0,0 +1,10 @@
+import { CachedGetter } from "@atproto-labs/simple-store";
+import { DidCacheMemory } from "./did-cache-memory.js";
+export class DidResolverCached {
+    constructor(resolver, cache = new DidCacheMemory()) {
+        this.getter = new CachedGetter((did, options) => resolver.resolve(did, options), cache);
+    }
+    async resolve(did, options) {
+        return this.getter.get(did, options);
+    }
+}

package/lib/did-resolver/did-method.d.ts

@@ -0,0 +1,11 @@
+import { Did, DidDocument } from "@atproto/did";
+export type ResolveDidOptions = {
+    signal?: AbortSignal;
+    noCache?: boolean;
+};
+export interface DidMethod<Method extends string> {
+    resolve: (did: Did<Method>, options?: ResolveDidOptions) => DidDocument | PromiseLike<DidDocument>;
+}
+export type DidMethods<M extends string> = {
+    [K in M]: DidMethod<K>;
+};

package/lib/did-resolver/did-method.js

@@ -0,0 +1 @@
+export {};

package/lib/did-resolver/did-resolver-base.d.ts

@@ -0,0 +1,9 @@
+import { Did } from "@atproto/did";
+import { DidMethod, DidMethods, ResolveDidOptions } from "./did-method.js";
+import { DidResolver, ResolvedDocument } from "./did-resolver.js";
+export type { DidMethod, ResolveDidOptions, ResolvedDocument };
+export declare class DidResolverBase<M extends string = string> implements DidResolver<M> {
+    protected readonly methods: Map<string, DidMethod<M>>;
+    constructor(methods: DidMethods<M>);
+    resolve<D extends Did>(did: D, options?: ResolveDidOptions): Promise<ResolvedDocument<D, M>>;
+}

package/lib/did-resolver/did-resolver-base.js

@@ -0,0 +1,36 @@
+import { ZodError } from "zod";
+import { DidError, extractDidMethod } from "@atproto/did";
+import { FetchError, FetchResponseError } from "@atproto-labs/fetch";
+export class DidResolverBase {
+    constructor(methods) {
+        this.methods = new Map(Object.entries(methods));
+    }
+    async resolve(did, options) {
+        options?.signal?.throwIfAborted();
+        const method = extractDidMethod(did);
+        const resolver = this.methods.get(method);
+        if (!resolver) {
+            throw new DidError(did, `Unsupported DID method`, "did-method-invalid", 400);
+        }
+        try {
+            const document = await resolver.resolve(did, options);
+            if (document.id !== did) {
+                throw new DidError(did, `DID document id (${document.id}) does not match DID`, "did-document-id-mismatch", 400);
+            }
+            return document;
+        }
+        catch (err) {
+            if (err instanceof FetchResponseError) {
+                const status = err.response.status >= 500 ? 502 : err.response.status;
+                throw new DidError(did, err.message, "did-fetch-error", status, err);
+            }
+            if (err instanceof FetchError) {
+                throw new DidError(did, err.message, "did-fetch-error", 400, err);
+            }
+            if (err instanceof ZodError) {
+                throw new DidError(did, err.message, "did-document-format-error", 503, err);
+            }
+            throw DidError.from(err, did);
+        }
+    }
+}

package/lib/did-resolver/did-resolver-common.d.ts

@@ -0,0 +1,8 @@
+import { DidResolverBase } from "./did-resolver-base.js";
+import { DidPlcMethodOptions } from "./methods/plc.js";
+import { DidWebMethodOptions } from "./methods/web.js";
+import { Simplify } from "./util.js";
+export type DidResolverCommonOptions = Simplify<DidPlcMethodOptions & DidWebMethodOptions>;
+export declare class DidResolverCommon extends DidResolverBase<"plc" | "web"> implements DidResolverBase<"plc" | "web"> {
+    constructor(options?: DidResolverCommonOptions);
+}

package/lib/did-resolver/did-resolver-common.js

@@ -0,0 +1,11 @@
+import { DidResolverBase } from "./did-resolver-base.js";
+import { DidPlcMethod } from "./methods/plc.js";
+import { DidWebMethod } from "./methods/web.js";
+export class DidResolverCommon extends DidResolverBase {
+    constructor(options) {
+        super({
+            plc: new DidPlcMethod(options),
+            web: new DidWebMethod(options),
+        });
+    }
+}

package/lib/did-resolver/did-resolver.d.ts

@@ -0,0 +1,6 @@
+import { Did, DidDocument } from "@atproto/did";
+import { ResolveDidOptions } from "./did-method.js";
+export type ResolvedDocument<D extends Did, M extends string = string> = D extends Did<infer N> ? DidDocument<N extends string ? M : N extends M ? N : never> : never;
+export interface DidResolver<M extends string = string> {
+    resolve<D extends Did>(did: D, options?: ResolveDidOptions): Promise<ResolvedDocument<D, M>>;
+}

package/lib/did-resolver/did-resolver.js

@@ -0,0 +1 @@
+export {};

package/lib/did-resolver/index.d.ts

@@ -0,0 +1,6 @@
+export * from "./did-cache-memory.js";
+export * from "./did-cache.js";
+export * from "./did-method.js";
+export * from "./did-resolver-common.js";
+export * from "./did-resolver.js";
+export * from "./methods.js";

package/lib/did-resolver/index.js

@@ -0,0 +1,7 @@
+// export * from "@atproto/did";
+export * from "./did-cache-memory.js";
+export * from "./did-cache.js";
+export * from "./did-method.js";
+export * from "./did-resolver-common.js";
+export * from "./did-resolver.js";
+export * from "./methods.js";

package/lib/did-resolver/methods/plc.d.ts

@@ -0,0 +1,43 @@
+import { Did } from "@atproto/did";
+import { Fetch } from "@atproto-labs/fetch";
+import { DidMethod, ResolveDidOptions } from "../did-method.js";
+export type DidPlcMethodOptions = {
+    /**
+     * @default globalThis.fetch
+     */
+    fetch?: Fetch;
+    /**
+     * @default 'https://plc.directory/'
+     */
+    plcDirectoryUrl?: string | URL;
+};
+export declare class DidPlcMethod implements DidMethod<"plc"> {
+    protected readonly fetch: Fetch<unknown>;
+    readonly plcDirectoryUrl: URL;
+    constructor(options?: DidPlcMethodOptions);
+    resolve(did: Did<"plc">, options?: ResolveDidOptions): Promise<{
+        id: `did:${string}:${string}`;
+        '@context': "https://www.w3.org/ns/did/v1" | [string, ...string[]];
+        controller?: `did:${string}:${string}` | `did:${string}:${string}`[] | undefined;
+        alsoKnownAs?: string[] | undefined;
+        service?: {
+            type: string | string[];
+            id: string;
+            serviceEndpoint: string | Record<string, string> | [string | Record<string, string>, ...(string | Record<string, string>)[]];
+        }[] | undefined;
+        authentication?: (string | {
+            type: string;
+            id: string;
+            controller: `did:${string}:${string}` | `did:${string}:${string}`[];
+            publicKeyJwk?: Record<string, unknown> | undefined;
+            publicKeyMultibase?: string | undefined;
+        })[] | undefined;
+        verificationMethod?: (string | {
+            type: string;
+            id: string;
+            controller: `did:${string}:${string}` | `did:${string}:${string}`[];
+            publicKeyJwk?: Record<string, unknown> | undefined;
+            publicKeyMultibase?: string | undefined;
+        })[] | undefined;
+    }>;
+}

package/lib/did-resolver/methods/plc.js

@@ -0,0 +1,22 @@
+import { assertDidPlc, didDocumentValidator } from "@atproto/did";
+import { bindFetch, fetchJsonProcessor, fetchJsonZodProcessor, fetchOkProcessor, } from "@atproto-labs/fetch";
+import { pipe } from "@atproto-labs/pipe";
+const fetchSuccessHandler = pipe(fetchOkProcessor(), fetchJsonProcessor(/^application\/(did\+ld\+)?json$/), fetchJsonZodProcessor(didDocumentValidator));
+export class DidPlcMethod {
+    constructor(options) {
+        this.plcDirectoryUrl = new URL(options?.plcDirectoryUrl || "https://plc.directory/");
+        this.fetch = bindFetch(options?.fetch);
+    }
+    async resolve(did, options) {
+        // Although the did should start with `did:plc:` (thanks to typings), we
+        // should still check if the msid is valid.
+        assertDidPlc(did);
+        // Should never throw
+        const url = new URL(`/${encodeURIComponent(did)}`, this.plcDirectoryUrl);
+        return this.fetch(url, {
+            redirect: "follow",
+            headers: { accept: "application/did+ld+json,application/json" },
+            signal: options?.signal,
+        }).then(fetchSuccessHandler);
+    }
+}

package/lib/did-resolver/methods/web.d.ts

@@ -0,0 +1,43 @@
+import { Did } from "@atproto/did";
+import { Fetch } from "@atproto-labs/fetch";
+import { DidMethod, ResolveDidOptions } from "../did-method.js";
+export type DidWebMethodOptions = {
+    fetch?: Fetch;
+    /** @default true */
+    allowHttp?: boolean;
+};
+export declare class DidWebMethod implements DidMethod<"web"> {
+    protected readonly fetch: Fetch<unknown>;
+    protected readonly allowHttp: boolean;
+    constructor({ fetch, allowHttp, }?: DidWebMethodOptions);
+    resolve(did: Did<"web">, options?: ResolveDidOptions): Promise<{
+        id: `did:${string}:${string}`;
+        '@context': "https://www.w3.org/ns/did/v1" | [string, ...string[]];
+        controller?: `did:${string}:${string}` | `did:${string}:${string}`[] | undefined;
+        alsoKnownAs?: string[] | undefined;
+        service?: {
+            type: string | string[];
+            id: string;
+            serviceEndpoint: string | Record<string, string> | [string | Record<string, string>, ...(string | Record<string, string>)[]];
+        }[] | undefined;
+        authentication?: (string | {
+            type: string;
+            id: string;
+            controller: `did:${string}:${string}` | `did:${string}:${string}`[];
+            publicKeyJwk?: Record<string, unknown> | undefined;
+            publicKeyMultibase?: string | undefined;
+        })[] | undefined;
+        verificationMethod?: (string | {
+            type: string;
+            id: string;
+            controller: `did:${string}:${string}` | `did:${string}:${string}`[];
+            publicKeyJwk?: Record<string, unknown> | undefined;
+            publicKeyMultibase?: string | undefined;
+        })[] | undefined;
+    }>;
+}
+/**
+ * @see {@link https://datatracker.ietf.org/doc/html/rfc8615}
+ * @see {@link https://w3c-ccg.github.io/did-method-web/#create-register}
+ */
+export declare function buildDidWebDocumentUrl(did: Did<"web">): URL;

package/lib/did-resolver/methods/web.js

@@ -0,0 +1,42 @@
+import { DidError, didDocumentValidator, didWebToUrl } from "@atproto/did";
+import { bindFetch, fetchJsonProcessor, fetchJsonZodProcessor, fetchOkProcessor, } from "@atproto-labs/fetch";
+import { pipe } from "@atproto-labs/pipe";
+const fetchSuccessHandler = pipe(fetchOkProcessor(), fetchJsonProcessor(/^application\/(did\+ld\+)?json$/), fetchJsonZodProcessor(didDocumentValidator));
+export class DidWebMethod {
+    constructor({ fetch = globalThis.fetch, allowHttp = true, } = {}) {
+        this.fetch = bindFetch(fetch);
+        this.allowHttp = allowHttp;
+    }
+    async resolve(did, options) {
+        const didDocumentUrl = buildDidWebDocumentUrl(did);
+        if (!this.allowHttp && didDocumentUrl.protocol === "http:") {
+            throw new DidError(did, 'Resolution of "http" did:web is not allowed', "did-web-http-not-allowed");
+        }
+        // Note we do not explicitly check for "localhost" here. Instead, we rely on
+        // the injected 'fetch' function to handle the URL. If the URL is
+        // "localhost", or resolves to a private IP address, the fetch function is
+        // responsible for handling it.
+        return this.fetch(didDocumentUrl, {
+            redirect: "follow",
+            headers: { accept: "application/did+ld+json,application/json" },
+            signal: options?.signal,
+        }).then(fetchSuccessHandler);
+    }
+}
+/**
+ * @see {@link https://datatracker.ietf.org/doc/html/rfc8615}
+ * @see {@link https://w3c-ccg.github.io/did-method-web/#create-register}
+ */
+export function buildDidWebDocumentUrl(did) {
+    const url = didWebToUrl(did); // Will throw if the DID is invalid
+    // Note: DID cannot end with an `:`, so they cannot end with a `/`. This is
+    // true unless when there is no path at all, in which case the URL constructor
+    // will set the pathname to `/`.
+    // https://w3c-ccg.github.io/did-method-web/#read-resolve
+    if (url.pathname === "/") {
+        return new URL(`/.well-known/did.json`, url);
+    }
+    else {
+        return new URL(`${url.pathname}/did.json`, url);
+    }
+}

package/lib/did-resolver/methods.d.ts

@@ -0,0 +1,2 @@
+export * from "./methods/plc.js";
+export * from "./methods/web.js";

package/lib/did-resolver/methods.js

@@ -0,0 +1,2 @@
+export * from "./methods/plc.js";
+export * from "./methods/web.js";

package/lib/did-resolver/util.d.ts

@@ -0,0 +1,3 @@
+export type Simplify<T> = {
+    [K in keyof T]: T[K];
+} & NonNullable<unknown>;

package/lib/did-resolver/util.js

@@ -0,0 +1 @@
+export {};

package/lib/dpop-store.d.ts

@@ -0,0 +1,21 @@
+import { Jwk, Key } from "@atproto/jwk";
+import { InternalStateData, Session } from "#oauth-client";
+import { SimpleStore } from "@atproto-labs/simple-store";
+type ToDpopJwkValue<V extends {
+    dpopKey: Key;
+}> = Omit<V, "dpopKey"> & {
+    dpopJwk: Jwk;
+};
+/**
+ * Utility function that allows to simplify the store interface by exposing a
+ * JWK (JSON) instead of a Key instance.
+ */
+export declare function toDpopKeyStore<K extends string, V extends {
+    dpopKey: Key;
+    dpopJwk?: never;
+}>(store: SimpleStore<K, ToDpopJwkValue<V>>): SimpleStore<K, V>;
+export type WorkersSavedState = ToDpopJwkValue<InternalStateData>;
+export type WorkersSavedStateStore = SimpleStore<string, WorkersSavedState>;
+export type WorkersSavedSession = ToDpopJwkValue<Session>;
+export type WorkersSavedSessionStore = SimpleStore<string, WorkersSavedSession>;
+export {};

package/lib/dpop-store.js

@@ -0,0 +1,25 @@
+import { JoseKey } from "@atproto/jwk-jose";
+/**
+ * Utility function that allows to simplify the store interface by exposing a
+ * JWK (JSON) instead of a Key instance.
+ */
+export function toDpopKeyStore(store) {
+    return {
+        async set(sub, { dpopKey, ...data }) {
+            const dpopJwk = dpopKey.privateJwk;
+            if (!dpopJwk)
+                throw new Error("Private DPoP JWK is missing.");
+            await store.set(sub, { ...data, dpopJwk });
+        },
+        async get(sub) {
+            const result = await store.get(sub);
+            if (!result)
+                return undefined;
+            const { dpopJwk, ...data } = result;
+            const dpopKey = await JoseKey.fromJWK(dpopJwk);
+            return { ...data, dpopKey };
+        },
+        del: store.del.bind(store),
+        clear: store.clear?.bind(store),
+    };
+}

package/lib/handle-cache-kv.d.ts

@@ -0,0 +1,17 @@
+import type { HandleCache, ResolvedHandle } from "#handle-resolver";
+import type { KVNamespace } from "./util.js";
+export interface HandleCacheKVOptions {
+    /** in milliseconds */
+    ttl?: number;
+    /** in bytes */
+    maxSize?: number;
+}
+export declare class HandleCacheKV implements HandleCache {
+    namespace: KVNamespace;
+    ttl: number;
+    maxSize: number;
+    constructor(namespace: KVNamespace, options: HandleCacheKVOptions);
+    get(key: string): Promise<ResolvedHandle | undefined>;
+    set(key: string, value: ResolvedHandle): Promise<void>;
+    del(key: string): Promise<void>;
+}

package/lib/handle-cache-kv.js

@@ -0,0 +1,31 @@
+const DEFAULT_TTL = 60 * 60 * 1000; // 1 hour
+const DEFAULT_MAX_SIZE = 1024;
+export class HandleCacheKV {
+    constructor(namespace, options) {
+        this.namespace = namespace;
+        this.ttl = options.ttl ?? DEFAULT_TTL;
+        this.maxSize = options.maxSize ?? DEFAULT_MAX_SIZE;
+    }
+    async get(key) {
+        const value = await this.namespace.get(key);
+        if (value === null) {
+            return undefined;
+        }
+        else {
+            return value;
+        }
+    }
+    async set(key, value) {
+        if (value === null) {
+            await this.namespace.delete(key);
+        }
+        else {
+            await this.namespace.put(key, value, {
+                expirationTtl: Math.round(this.ttl / 1000),
+            });
+        }
+    }
+    async del(key) {
+        await this.namespace.delete(key);
+    }
+}

package/lib/handle-resolver/atproto-doh-handle-resolver.d.ts

@@ -0,0 +1,8 @@
+import { AtprotoHandleResolver, AtprotoHandleResolverOptions } from "./atproto-handle-resolver.js";
+import { HandleResolver } from "./types.js";
+export type AtprotoDohHandleResolverOptions = Omit<AtprotoHandleResolverOptions, "resolveTxt" | "resolveTxtFallback"> & {
+    dohEndpoint: string | URL;
+};
+export declare class AtprotoDohHandleResolver extends AtprotoHandleResolver implements HandleResolver {
+    constructor(options: AtprotoDohHandleResolverOptions);
+}