···
import { DAY, HOUR, cborEncode } from '@atproto/common'
import * as plc from '@did-plc/lib'
import { ServerError } from './error'
+
} from '@atproto/crypto'
const MAX_OP_BYTES = 4000
const MAX_AKA_ENTRIES = 10
···
const MAX_SERVICE_ENTRIES = 10
const MAX_SERVICE_TYPE_LENGTH = 256
const MAX_SERVICE_ENDPOINT_LENGTH = 512
+
const MAX_VERIF_METHOD_ENTRIES = 10
+
const MAX_DID_KEY_LENGTH = 256 // k256 = 57, BLS12-381 = 143
export function validateIncomingOp(input: unknown): plc.OpOrTombstone {
const byteLength = cborEncode(input).byteLength
···
const verifyMethods = Object.entries(op.verificationMethods)
+
if (verifyMethods.length > MAX_VERIF_METHOD_ENTRIES) {
+
`Too many Verification Method entries (max ${MAX_VERIF_METHOD_ENTRIES})`,
for (const [id, key] of verifyMethods) {
if (id.length > MAX_ID_LENGTH) {
···
`Verification Method id too long (max ${MAX_ID_LENGTH}): ${id}`,
+
if (key.length > MAX_DID_KEY_LENGTH) {
+
`Verification Method key too long (max ${MAX_DID_KEY_LENGTH}): ${id}`,
// perform only minimal did:key syntax checking, with no restrictions on
+
const multikey = extractMultikey(key) // enforces did:key: prefix
+
extractPrefixedBytes(multikey) // enforces base58-btc encoding
throw new ServerError(400, `Invalid verificationMethod key: ${key}`)
edouard.paris
retr0.id