Maintain PLC DidDocument completeness & integrity during PDS migrations #3

open

opened by

casey.nstar.social 3 months ago targeting main from casey.nstar.social/pds-moover: bugfix/plc-migration

The com.atproto.identity.getRecommendedDidCredentials lexicon does not return a comprehensive DidDocument, only changes that need to be made for a migration. Its returned parameters need to be merged with unchanged services, verification methods, and aliases in the user's existing DidDocument: "If using a PDS-managed did:plc, you can edit the parameters to match any additional services or recovery keys".

This change retrieves the user's existing PLC DidDocument and replaces the required services, verification methods, and aliases needed for PDS migration only (via the above lexicon). It doesn't change the user migration experience, aside from assuring no silent (potentially unrecoverable) breakage of non-atproto PDS services or verification methods

options

unified split

Changed files

+37 -6

src

pdsmoover.js

+37 -6

src/pdsmoover.js

···

       249
       249
        
         async signPlcOperation(token) {

     

       250
       250
        
           const getDidCredentials =

     

       251
       251
        
                   await this.newAgent.com.atproto.identity.getRecommendedDidCredentials();

     

       252
       252
       -
           const rotationKeys = getDidCredentials.data.rotationKeys ?? [];

     

       252
       252
       +
           const rotationKeys = getDidCredentials.data.rotationKeys;

     

       253
       253
        
           if (!rotationKeys) {

     

       254
       254
        
             throw new Error('No rotation key provided from the new PDS');

     

       255
       255
        
           }

     

       256
       256
       -
           const credentials = {

     

       257
       257
       -
             ...getDidCredentials.data,

     

       258
       258
       -
             rotationKeys: rotationKeys,

     

       256
       256
       +
           const oldDidDoc = await docResolver.resolve(this.oldAgent.did);

     

       257
       257
       +
           

     

       258
       258
       +
           // Format the service(s) in the user's DidDocument into the operation syntax

     

       259
       259
       +
           let oldServices = {};

     

       260
       260
       +
           for(const service of oldDidDoc.service) {

     

       261
       261
       +
             const idComponents = service.id.split('#');

     

       262
       262
       +
             oldServices[idComponents[idComponents.length - 1]] = {

     

       263
       263
       +
               type: service.type,

     

       264
       264
       +
               endpoint: service.serviceEndpoint

     

       265
       265
       +
             };

     

       266
       266
       +
           };

     

       267
       267
       +
           // Combine old & new suggested services

     

       268
       268
       +
           const services = {

     

       269
       269
       +
             ...oldServices, // Existing services in the user's DidDocument

     

       270
       270
       +
             ...getDidCredentials.data.services // Service(s) suggested by the new PDS

     

       271
       271
       +
           };

     

       272
       272
       +
           

     

       273
       273
       +
           // Format the verification method(s) in the user's DidDocument into the operation syntax

     

       274
       274
       +
           let oldVerificationMethods = {};

     

       275
       275
       +
           for(const verificationMethod of oldDidDoc.verificationMethod) {

     

       276
       276
       +
             const idComponents = verificationMethod.id.split('#');

     

       277
       277
       +
             oldVerificationMethods[idComponents[idComponents.length - 1]] = `did:key:${verificationMethod.publicKeyMultibase}` // PLC Operation verification methods are did:keys

     

       278
       278
       +
           };

     

       279
       279
       +
           // Combine old & new suggested verification methods

     

       280
       280
       +
           const verificationMethods = {

     

       281
       281
       +
             ...oldVerificationMethods,  // Existing verification methods in the user's DidDocument

     

       282
       282
       +
             ...getDidCredentials.data.verificationMethods // Verification method(s) suggested by the new PDS

     

       259
       283
        
           };

     

       260
       284
        
       

     

       261
       261
       -
       

     

       285
       285
       +
           const alsoKnownAs = [

     

       286
       286
       +
             ...getDidCredentials.data.alsoKnownAs, // Suggested alsoKnownAs goes first (the first entry is the user's primary handle)

     

       287
       287
       +
             ...oldDidDoc.alsoKnownAs.slice(1) // Pre-existing alsoKnownAs, minus the old primary handle

     

       288
       288
       +
           ];

     

       289
       289
       +
           

     

       262
       290
        
           const plcOp = await this.oldAgent.com.atproto.identity.signPlcOperation({

     

       263
       291
        
             token: token,

     

       264
       264
       -
             ...credentials,

     

       292
       292
       +
             rotationKeys: rotationKeys, // Replace rotation keys

     

       293
       293
       +
             alsoKnownAs: alsoKnownAs, // Merged alsoKnownAs

     

       294
       294
       +
             services: services, // Merged services

     

       295
       295
       +
             verificationMethods: verificationMethods, // Merged verification methods

     

       265
       296
        
           });

     

       266
       297
        
       

     

       267
       298
        
           await this.newAgent.com.atproto.identity.submitPlcOperation({