···
import { DAY, HOUR, cborEncode } from '@atproto/common'
import * as plc from '@did-plc/lib'
import { ServerError } from './error'
4
-
import { extractMultikey, parseDidKey } from '@atproto/crypto'
5
+
extractPrefixedBytes,
8
+
} from '@atproto/crypto'
const MAX_OP_BYTES = 4000
const MAX_AKA_ENTRIES = 10
···
const MAX_SERVICE_ENTRIES = 10
const MAX_SERVICE_TYPE_LENGTH = 256
const MAX_SERVICE_ENDPOINT_LENGTH = 512
17
+
const MAX_VERIF_METHOD_ENTRIES = 10
19
+
const MAX_DID_KEY_LENGTH = 256 // k256 = 57, BLS12-381 = 143
export function validateIncomingOp(input: unknown): plc.OpOrTombstone {
const byteLength = cborEncode(input).byteLength
···
const verifyMethods = Object.entries(op.verificationMethods)
113
+
if (verifyMethods.length > MAX_VERIF_METHOD_ENTRIES) {
114
+
throw new ServerError(
116
+
`Too many Verification Method entries (max ${MAX_VERIF_METHOD_ENTRIES})`,
for (const [id, key] of verifyMethods) {
if (id.length > MAX_ID_LENGTH) {
···
`Verification Method id too long (max ${MAX_ID_LENGTH}): ${id}`,
126
+
if (key.length > MAX_DID_KEY_LENGTH) {
127
+
throw new ServerError(
129
+
`Verification Method key too long (max ${MAX_DID_KEY_LENGTH}): ${id}`,
// perform only minimal did:key syntax checking, with no restrictions on
117
-
extractMultikey(key)
135
+
const multikey = extractMultikey(key) // enforces did:key: prefix
136
+
extractPrefixedBytes(multikey) // enforces base58-btc encoding
throw new ServerError(400, `Invalid verificationMethod key: ${key}`)
edouard.paris
retr0.id