sui.ski 0.1.0

package/src/resolvers/content.ts

@@ -0,0 +1,231 @@
+import type { Env, ResolverResult, SuiNSRecord } from '../types'
+import { proxyResponse } from '../utils/response'
+
+// Public IPFS gateways for fallback
+const IPFS_GATEWAYS = [
+	'https://cloudflare-ipfs.com/ipfs/',
+	'https://ipfs.io/ipfs/',
+	'https://dweb.link/ipfs/',
+]
+
+// Walrus aggregator endpoints by network
+export const WALRUS_AGGREGATORS: Record<string, string[]> = {
+	mainnet: [
+		'https://aggregator.wal.app/v1/blobs/',
+		'https://walrus-mainnet-aggregator.nodes.guru/v1/blobs/',
+	],
+	testnet: [
+		'https://aggregator.walrus-testnet.walrus.space/v1/blobs/',
+		'https://wal-aggregator-testnet.staketab.org/v1/blobs/',
+	],
+}
+
+/**
+ * Resolve and fetch content from decentralized storage
+ */
+export async function resolveContent(
+	content: NonNullable<SuiNSRecord['content']>,
+	env: Env,
+): Promise<Response> {
+	switch (content.type) {
+		case 'ipfs':
+			return fetchIPFSContent(content.value)
+		case 'walrus':
+			return fetchWalrusContent(content.value, env)
+		case 'url':
+			return fetchURLContent(content.value)
+		default:
+			return new Response('Unsupported content type', { status: 400 })
+	}
+}
+
+/**
+ * Fetch content from IPFS
+ */
+async function fetchIPFSContent(cid: string): Promise<Response> {
+	// Try each gateway in order
+	for (const gateway of IPFS_GATEWAYS) {
+		try {
+			const response = await fetch(`${gateway}${cid}`, {
+				headers: {
+					'User-Agent': 'sui.ski-gateway/1.0',
+				},
+			})
+
+			if (response.ok) {
+				return proxyResponse(response)
+			}
+		} catch {}
+	}
+
+	return new Response(`Failed to fetch IPFS content: ${cid}`, { status: 502 })
+}
+
+/**
+ * Fetch content from Walrus decentralized storage via HTTP aggregators
+ */
+async function fetchWalrusContent(blobId: string, env: Env): Promise<Response> {
+	const aggregators = WALRUS_AGGREGATORS[env.WALRUS_NETWORK] || WALRUS_AGGREGATORS.testnet
+
+	// Try each aggregator in order
+	for (const aggregator of aggregators) {
+		try {
+			const response = await fetch(`${aggregator}${blobId}`, {
+				headers: {
+					'User-Agent': 'sui.ski-gateway/1.0',
+				},
+			})
+
+			if (response.ok) {
+				const blob = await response.arrayBuffer()
+				const contentType = detectContentType(blob)
+
+				return new Response(blob, {
+					status: 200,
+					headers: {
+						'Content-Type': contentType,
+						'Cache-Control': 'public, max-age=3600',
+						'Access-Control-Allow-Origin': '*',
+						'X-Walrus-Blob-Id': blobId,
+						'X-Walrus-Network': env.WALRUS_NETWORK,
+					},
+				})
+			}
+		} catch {}
+	}
+
+	return new Response(`Failed to fetch Walrus content: ${blobId}`, { status: 502 })
+}
+
+/**
+ * Proxy content from a URL
+ */
+async function fetchURLContent(url: string): Promise<Response> {
+	try {
+		const response = await fetch(url, {
+			headers: {
+				'User-Agent': 'sui.ski-gateway/1.0',
+			},
+		})
+
+		return proxyResponse(response)
+	} catch (error) {
+		const message = error instanceof Error ? error.message : 'Unknown error'
+		return new Response(`Failed to fetch URL content: ${message}`, { status: 502 })
+	}
+}
+
+/**
+ * Detect content type from blob data
+ */
+export function detectContentType(data: Uint8Array | ArrayBuffer): string {
+	const bytes = new Uint8Array(data)
+
+	// Check magic bytes for common formats
+	if (bytes[0] === 0x3c) {
+		// < - likely HTML
+		return 'text/html; charset=utf-8'
+	}
+	if (bytes[0] === 0x7b) {
+		// { - likely JSON
+		return 'application/json'
+	}
+	if (bytes[0] === 0x89 && bytes[1] === 0x50 && bytes[2] === 0x4e && bytes[3] === 0x47) {
+		// PNG
+		return 'image/png'
+	}
+	if (bytes[0] === 0xff && bytes[1] === 0xd8 && bytes[2] === 0xff) {
+		// JPEG
+		return 'image/jpeg'
+	}
+	if (bytes[0] === 0x47 && bytes[1] === 0x49 && bytes[2] === 0x46) {
+		// GIF
+		return 'image/gif'
+	}
+	if (bytes[0] === 0x25 && bytes[1] === 0x50 && bytes[2] === 0x44 && bytes[3] === 0x46) {
+		// PDF
+		return 'application/pdf'
+	}
+
+	// MP3 - MPEG audio Layer III sync bytes
+	if (
+		bytes[0] === 0xff &&
+		(bytes[1] === 0xfb || bytes[1] === 0xfa || bytes[1] === 0xf3 || bytes[1] === 0xf2)
+	) {
+		return 'audio/mpeg'
+	}
+
+	// MP3 with ID3 tag
+	if (bytes[0] === 0x49 && bytes[1] === 0x44 && bytes[2] === 0x33) {
+		// ID3 tag header
+		return 'audio/mpeg'
+	}
+
+	// MP4/M4A/MOV - check for 'ftyp' box at offset 4
+	if (
+		bytes.length > 8 &&
+		bytes[4] === 0x66 &&
+		bytes[5] === 0x74 &&
+		bytes[6] === 0x79 &&
+		bytes[7] === 0x70
+	) {
+		// Check the brand to distinguish video vs audio
+		const brand = String.fromCharCode(bytes[8], bytes[9], bytes[10], bytes[11])
+		if (brand === 'M4A ' || brand === 'M4B ') {
+			return 'audio/mp4'
+		}
+		return 'video/mp4'
+	}
+
+	// WebM - EBML header
+	if (bytes[0] === 0x1a && bytes[1] === 0x45 && bytes[2] === 0xdf && bytes[3] === 0xa3) {
+		return 'video/webm'
+	}
+
+	// OGG - 'OggS' magic
+	if (bytes[0] === 0x4f && bytes[1] === 0x67 && bytes[2] === 0x67 && bytes[3] === 0x53) {
+		return 'audio/ogg'
+	}
+
+	// WAV - 'RIFF....WAVE'
+	if (
+		bytes[0] === 0x52 &&
+		bytes[1] === 0x49 &&
+		bytes[2] === 0x46 &&
+		bytes[3] === 0x46 &&
+		bytes[8] === 0x57 &&
+		bytes[9] === 0x41 &&
+		bytes[10] === 0x56 &&
+		bytes[11] === 0x45
+	) {
+		return 'audio/wav'
+	}
+
+	// FLAC
+	if (bytes[0] === 0x66 && bytes[1] === 0x4c && bytes[2] === 0x61 && bytes[3] === 0x43) {
+		return 'audio/flac'
+	}
+
+	return 'application/octet-stream'
+}
+
+/**
+ * Resolve direct content from subdomain pattern
+ * - ipfs-{cid}.sui.ski -> IPFS content
+ * - walrus-{blobId}.sui.ski -> Walrus content
+ */
+export async function resolveDirectContent(subdomain: string, env: Env): Promise<ResolverResult> {
+	if (subdomain.startsWith('ipfs-')) {
+		const cid = subdomain.slice(5)
+		const response = await fetchIPFSContent(cid)
+		return { found: response.ok, data: response }
+	}
+
+	if (subdomain.startsWith('walrus-')) {
+		const blobId = subdomain.slice(7)
+		const response = await fetchWalrusContent(blobId, env)
+		return { found: response.ok, data: response }
+	}
+
+	return { found: false, error: 'Invalid content subdomain pattern' }
+}

package/src/resolvers/rpc.ts

@@ -0,0 +1,222 @@
+import type { Env } from '../types'
+import { errorResponse, jsonResponse } from '../utils/response'
+
+// Allowed RPC methods - limit to read-only operations for public gateway
+const ALLOWED_METHODS = new Set([
+	// Read methods (sui_ prefix - legacy)
+	'sui_getObject',
+	'sui_multiGetObjects',
+	'sui_getOwnedObjects',
+	'sui_getTotalTransactionBlocks',
+	'sui_getTransactionBlock',
+	'sui_multiGetTransactionBlocks',
+	'sui_getEvents',
+	'sui_getLatestCheckpointSequenceNumber',
+	'sui_getCheckpoint',
+	'sui_getCheckpoints',
+	'sui_getProtocolConfig',
+	'sui_getChainIdentifier',
+	// Read methods (suix_ prefix - newer SDK)
+	'suix_getOwnedObjects',
+	'suix_queryTransactionBlocks',
+	'suix_queryEvents',
+	// Coin queries
+	'suix_getBalance',
+	'suix_getAllBalances',
+	'suix_getCoins',
+	'suix_getAllCoins',
+	'suix_getTotalSupply',
+	'suix_getCoinMetadata',
+	// Name service
+	'suix_resolveNameServiceAddress',
+	'suix_resolveNameServiceNames',
+	// Move
+	'sui_getNormalizedMoveModulesByPackage',
+	'sui_getNormalizedMoveModule',
+	'sui_getNormalizedMoveFunction',
+	'sui_getNormalizedMoveStruct',
+	'sui_getMoveFunctionArgTypes',
+	// Dynamic fields
+	'suix_getDynamicFields',
+	'suix_getDynamicFieldObject',
+	// Dry run (no state changes)
+	'sui_dryRunTransactionBlock',
+	'sui_devInspectTransactionBlock',
+	// Gas price (read-only)
+	'suix_getReferenceGasPrice',
+	// Authenticated events (read-only)
+	'sui_listAuthenticatedEvents',
+	'sui_getEventStreamHead',
+	'sui_getObjectInclusionProof',
+])
+
+// Rate limiting - simple in-memory counter (use Durable Objects for production)
+const requestCounts = new Map<string, { count: number; resetAt: number }>()
+const RATE_LIMIT = 100 // requests per minute
+const RATE_WINDOW = 60000 // 1 minute in ms
+
+/**
+ * Handle RPC proxy requests
+ */
+export async function handleRPCRequest(request: Request, env: Env): Promise<Response> {
+	// Only allow POST for JSON-RPC
+	if (request.method !== 'POST') {
+		return errorResponse(
+			'Method not allowed. Use POST for JSON-RPC requests.',
+			'METHOD_NOT_ALLOWED',
+			405,
+		)
+	}
+
+	// Rate limiting by IP
+	const clientIP = request.headers.get('CF-Connecting-IP') || 'unknown'
+	if (!checkRateLimit(clientIP)) {
+		return errorResponse('Rate limit exceeded. Please try again later.', 'RATE_LIMITED', 429)
+	}
+
+	// Parse the JSON-RPC request
+	let rpcRequest: JsonRpcRequest | JsonRpcRequest[]
+	try {
+		rpcRequest = await request.json()
+	} catch {
+		return errorResponse('Invalid JSON', 'PARSE_ERROR', 400)
+	}
+
+	// Handle batch requests
+	if (Array.isArray(rpcRequest)) {
+		const results = await Promise.all(rpcRequest.map((req) => processRPCRequest(req, env)))
+		return jsonResponse(results)
+	}
+
+	// Single request
+	const result = await processRPCRequest(rpcRequest, env)
+	return jsonResponse(result)
+}
+
+interface JsonRpcRequest {
+	jsonrpc: string
+	id: string | number | null
+	method: string
+	params?: unknown[]
+}
+
+interface JsonRpcResponse {
+	jsonrpc: '2.0'
+	id: string | number | null
+	result?: unknown
+	error?: {
+		code: number
+		message: string
+		data?: unknown
+	}
+}
+
+/**
+ * Process a single RPC request
+ */
+async function processRPCRequest(rpcRequest: JsonRpcRequest, env: Env): Promise<JsonRpcResponse> {
+	const { jsonrpc, id, method, params } = rpcRequest
+
+	// Validate JSON-RPC version
+	if (jsonrpc !== '2.0') {
+		return {
+			jsonrpc: '2.0',
+			id,
+			error: { code: -32600, message: 'Invalid Request: must use JSON-RPC 2.0' },
+		}
+	}
+
+	// Check if method is allowed
+	if (!ALLOWED_METHODS.has(method)) {
+		return {
+			jsonrpc: '2.0',
+			id,
+			error: {
+				code: -32601,
+				message: `Method not allowed: ${method}. Only read-only methods are permitted.`,
+			},
+		}
+	}
+
+	// Forward to Sui RPC
+	try {
+		const response = await fetch(env.SUI_RPC_URL, {
+			method: 'POST',
+			headers: {
+				'Content-Type': 'application/json',
+			},
+			body: JSON.stringify({ jsonrpc, id, method, params }),
+		})
+
+		const result = (await response.json()) as JsonRpcResponse
+		return result
+	} catch (error) {
+		const message = error instanceof Error ? error.message : 'Unknown error'
+		return {
+			jsonrpc: '2.0',
+			id,
+			error: { code: -32603, message: `Internal error: ${message}` },
+		}
+	}
+}
+
+/**
+ * Simple rate limiting check
+ */
+function checkRateLimit(clientIP: string): boolean {
+	const now = Date.now()
+	const record = requestCounts.get(clientIP)
+
+	if (!record || now > record.resetAt) {
+		requestCounts.set(clientIP, { count: 1, resetAt: now + RATE_WINDOW })
+		return true
+	}
+
+	if (record.count >= RATE_LIMIT) {
+		return false
+	}
+
+	record.count++
+	return true
+}
+
+/**
+ * Get current network status
+ */
+export async function getNetworkStatus(env: Env): Promise<{
+	network: string
+	chainId: string
+	latestCheckpoint: string
+}> {
+	const [chainIdResponse, checkpointResponse] = await Promise.all([
+		fetch(env.SUI_RPC_URL, {
+			method: 'POST',
+			headers: { 'Content-Type': 'application/json' },
+			body: JSON.stringify({
+				jsonrpc: '2.0',
+				id: 1,
+				method: 'sui_getChainIdentifier',
+				params: [],
+			}),
+		}),
+		fetch(env.SUI_RPC_URL, {
+			method: 'POST',
+			headers: { 'Content-Type': 'application/json' },
+			body: JSON.stringify({
+				jsonrpc: '2.0',
+				id: 2,
+				method: 'sui_getLatestCheckpointSequenceNumber',
+				params: [],
+			}),
+		}),
+	])
+
+	const chainIdResult = (await chainIdResponse.json()) as JsonRpcResponse
+	const checkpointResult = (await checkpointResponse.json()) as JsonRpcResponse
+
+	return {
+		network: env.SUI_NETWORK,
+		chainId: String(chainIdResult.result || 'unknown'),
+		latestCheckpoint: String(checkpointResult.result || 'unknown'),
+	}
+}

package/src/resolvers/suins.ts

@@ -0,0 +1,266 @@
+import { SuiJsonRpcClient as SuiClient } from '@mysten/sui/jsonRpc'
+import { SuinsClient } from '@mysten/suins'
+import type { Env, ResolverResult, SuiNSRecord } from '../types'
+import { cacheKey } from '../utils/cache'
+import { getDefaultRpcUrl } from '../utils/rpc'
+import { toSuiNSName } from '../utils/subdomain'
+import { lookupName as surfluxLookupName } from '../utils/surflux-grpc'
+
+const CACHE_TTL = 600
+const GRACE_PERIOD_MS = 30 * 24 * 60 * 60 * 1000
+
+const suinsMemCache = new Map<
+	string,
+	{ data: SuiNSRecord & { expirationTimestampMs?: string }; exp: number }
+>()
+
+export async function resolveSuiNS(
+	name: string,
+	env: Env,
+	skipCache = false,
+): Promise<ResolverResult> {
+	const suinsName = toSuiNSName(name)
+	const key = cacheKey('suins-v2', env.SUI_NETWORK, suinsName)
+
+	// KV caching disabled - use in-memory only to reduce KV operations
+	if (!skipCache) {
+		const mem = suinsMemCache.get(key)
+		if (mem && mem.exp > Date.now()) {
+			return processRecord(mem.data, suinsName)
+		}
+	}
+
+	function processRecord(
+		record: SuiNSRecord & { expirationTimestampMs?: string },
+		name: string,
+	): ResolverResult {
+		if (record.expirationTimestampMs) {
+			const expirationTime = Number(record.expirationTimestampMs)
+			const now = Date.now()
+			const gracePeriodEnd = expirationTime + GRACE_PERIOD_MS
+
+			if (now >= gracePeriodEnd) {
+				return {
+					found: false,
+					error: `Name "${name}" has expired and is available`,
+					expired: true,
+					available: true,
+				}
+			}
+			if (now >= expirationTime) {
+				return {
+					found: true,
+					data: record,
+					cacheTtl: CACHE_TTL,
+					expired: true,
+					inGracePeriod: true,
+				}
+			}
+		}
+		return { found: true, data: record, cacheTtl: CACHE_TTL }
+	}
+
+	try {
+		// Surflux gRPC-Web (faster, with proper protobuf encoding)
+		if (env.SURFLUX_API_KEY) {
+			const surfluxRecord = await surfluxLookupName(suinsName, env)
+			if (surfluxRecord) {
+				// Fetch NFT owner if we have the NFT ID (Surflux doesn't return owner)
+				if (surfluxRecord.nftId && !surfluxRecord.ownerAddress) {
+					try {
+						const suiClient = new SuiClient({
+							url: getDefaultRpcUrl(env.SUI_NETWORK),
+							network: env.SUI_NETWORK,
+						})
+						const nftObject = await suiClient.getObject({
+							id: surfluxRecord.nftId,
+							options: { showOwner: true },
+						})
+						if (nftObject.data?.owner) {
+							const owner = nftObject.data.owner
+							if (typeof owner === 'string') {
+								surfluxRecord.ownerAddress = owner
+							} else if ('AddressOwner' in owner) {
+								surfluxRecord.ownerAddress = owner.AddressOwner
+							} else if ('ObjectOwner' in owner) {
+								surfluxRecord.ownerAddress = owner.ObjectOwner
+							}
+						}
+					} catch (e) {
+						console.log('Could not fetch NFT owner for Surflux record:', e)
+					}
+				}
+				const result = processRecord(surfluxRecord, suinsName)
+				if (result.found && !result.expired) {
+					suinsMemCache.set(key, { data: surfluxRecord, exp: Date.now() + 300000 })
+				}
+				return result
+			}
+		}
+
+		// Fallback: SuiNS SDK (JSON-RPC)
+		const suiClient = new SuiClient({
+			url: getDefaultRpcUrl(env.SUI_NETWORK),
+			network: env.SUI_NETWORK,
+		})
+		const suinsClient = new SuinsClient({
+			client: suiClient as never,
+			network: env.SUI_NETWORK as 'mainnet' | 'testnet',
+		})
+
+		// Get the name record
+		const nameRecord = await suinsClient.getNameRecord(suinsName)
+		if (!nameRecord) {
+			// Name genuinely not found - available for registration
+			return { found: false, error: `Name "${suinsName}" not found`, available: true }
+		}
+
+		let ownerAddress: string | undefined
+		if (nameRecord.nftId) {
+			try {
+				const nftObject = await suiClient.getObject({
+					id: nameRecord.nftId,
+					options: { showOwner: true },
+				})
+				if (nftObject.data?.owner) {
+					const owner = nftObject.data.owner
+					if (typeof owner === 'string') {
+						ownerAddress = owner
+					} else if ('AddressOwner' in owner) {
+						ownerAddress = owner.AddressOwner
+					} else if ('ObjectOwner' in owner) {
+						ownerAddress = owner.ObjectOwner
+					}
+				}
+			} catch (e) {
+				console.log('Could not fetch NFT owner:', e)
+			}
+		}
+
+		// Check expiration status
+		let expired = false
+		let inGracePeriod = false
+		if (nameRecord.expirationTimestampMs) {
+			const expirationTime = Number(nameRecord.expirationTimestampMs)
+			const now = Date.now()
+			const gracePeriodEnd = expirationTime + GRACE_PERIOD_MS
+
+			if (now >= gracePeriodEnd) {
+				// Past grace period - name is available for registration
+				return {
+					found: false,
+					error: `Name "${suinsName}" has expired and is available`,
+					expired: true,
+					available: true,
+				}
+			}
+			if (now >= expirationTime) {
+				// In grace period - continue to fetch data but mark as expired
+				expired = true
+				inGracePeriod = true
+			}
+		}
+
+		// Get the resolved address
+		const address = nameRecord.targetAddress
+
+		// Fetch additional data if available
+		const record: SuiNSRecord = {
+			address: address || '',
+			ownerAddress: ownerAddress,
+			records: nameRecord.data || {},
+		}
+
+		// Store expiration for cache validation
+		if (nameRecord.expirationTimestampMs) {
+			record.expirationTimestampMs = String(nameRecord.expirationTimestampMs)
+		}
+
+		if (nameRecord.nftId) {
+			record.nftId = nameRecord.nftId
+		}
+
+		// Try to get avatar and content hash from name record data
+		if (nameRecord.avatar) {
+			record.avatar = nameRecord.avatar
+		}
+
+		if (nameRecord.contentHash) {
+			record.contentHash = nameRecord.contentHash
+			// Parse content hash to determine type
+			record.content = parseContentHash(nameRecord.contentHash)
+		}
+
+		if (nameRecord.walrusSiteId) {
+			record.walrusSiteId = nameRecord.walrusSiteId
+			// Prefer contentHash when present; fallback to walrusSiteId
+			if (!record.content) {
+				record.content = { type: 'walrus', value: nameRecord.walrusSiteId }
+			}
+		}
+
+		if (!expired) {
+			if (suinsMemCache.size > 100) {
+				const first = suinsMemCache.keys().next().value
+				if (first) suinsMemCache.delete(first)
+			}
+			suinsMemCache.set(key, { data: record, exp: Date.now() + 300000 })
+		}
+
+		return { found: true, data: record, cacheTtl: CACHE_TTL, expired, inGracePeriod }
+	} catch (error) {
+		const message = error instanceof Error ? error.message : 'Unknown error'
+		// SuinsClient throws ObjectError with "does not exist" for genuinely non-existent names
+		if (message.includes('does not exist')) {
+			return { found: false, error: `Name "${suinsName}" not found`, available: true }
+		}
+		// Other resolution errors - do NOT mark as available, this could be a registered name
+		// that we failed to resolve due to network/RPC issues
+		return { found: false, error: message, available: false }
+	}
+}
+
+/**
+ * Parse content hash to determine storage type
+ */
+function parseContentHash(hash: string): SuiNSRecord['content'] {
+	// IPFS CID v0 starts with Qm, v1 starts with bafy
+	if (hash.startsWith('Qm') || hash.startsWith('bafy')) {
+		return { type: 'ipfs', value: hash }
+	}
+
+	// Walrus blob IDs are typically base64 encoded
+	if (hash.startsWith('walrus://') || hash.startsWith('0x')) {
+		return { type: 'walrus', value: hash.replace('walrus://', '') }
+	}
+
+	// Check if it's a URL
+	if (hash.startsWith('http://') || hash.startsWith('https://')) {
+		return { type: 'url', value: hash }
+	}
+
+	// Default to Walrus for unrecognized formats (common on Sui)
+	return { type: 'walrus', value: hash }
+}
+
+/**
+ * Get the owner address for a SuiNS name
+ */
+export async function getSuiNSOwner(name: string, env: Env): Promise<string | null> {
+	try {
+		const suiClient = new SuiClient({
+			url: getDefaultRpcUrl(env.SUI_NETWORK),
+			network: env.SUI_NETWORK,
+		})
+		const suinsClient = new SuinsClient({
+			client: suiClient as never,
+			network: env.SUI_NETWORK as 'mainnet' | 'testnet',
+		})
+
+		const suinsName = toSuiNSName(name)
+		const nameRecord = await suinsClient.getNameRecord(suinsName)
+		return nameRecord?.targetAddress || null
+	} catch {
+		return null
+	}
+}