edouard.paris / did-method-plc
Fork of github.com/did-method-plc/did-method-plc
fork atom

better did doc semantics & adding in op formatters

dholms a99dbe07 9ffb23a5

options
unified split
Changed files
+343 -181
packages
lib
src
client.ts
data.ts
document.ts
operations.ts
types.ts
tests
compatibility.test.ts
data.test.ts
document.test.ts
recovery.test.ts
+22 -14
packages/lib/src/client.ts 
···

       
1

       
 

       
import { check, cidForCbor } from '@atproto/common'


     

       
2

       
 

       
import { Keypair } from '@atproto/crypto'


     

       
3

       
 

       
import axios from 'axios'


     

       

       

       
     

       
4

       
 

       
import { didForCreateOp, normalizeOp, signOperation } from './operations'


     

       
5

       
 

       
import * as t from './types'


     

       
6

       
 

       



     
···

       
38

       
 

       
    return res.data


     

       
39

       
 

       
  }


     

       
40

       
 

       



     

       
41

       
-

       
  async applyPartialOp(


     

       
42

       
 

       
    did: string,


     

       
43

       
-

       
    delta: Partial<t.UnsignedOperation>,


     

       
44

       
 

       
    key: Keypair,


     

       

       

       
     

       
45

       
 

       
  ) {


     

       
46

       
 

       
    const lastOp = await this.getLastOp(did)


     

       
47

       
 

       
    if (check.is(lastOp, t.def.tombstone)) {


     

       
48

       
 

       
      throw new Error('Cannot apply op to tombstone')


     

       
49

       
 

       
    }


     

       

       

       
     

       
50

       
 

       
    const prev = await cidForCbor(lastOp)


     

       
51

       
-

       
    const { signingKey, rotationKeys, handles, services } = normalizeOp(lastOp)


     

       
52

       
-

       
    const op = await signOperation(


     

       
53

       
-

       
      {


     

       
54

       
-

       
        signingKey,


     

       
55

       
-

       
        rotationKeys,


     

       
56

       
-

       
        handles,


     

       
57

       
-

       
        services,


     

       
58

       
-

       
        prev: prev.toString(),


     

       
59

       
-

       
        ...delta,


     

       
60

       
-

       
      },


     

       
61

       
-

       
      key,


     

       
62

       
-

       
    )


     

       
63

       
 

       
    await this.sendOperation(did, op)


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
64

       
 

       
  }


     

       
65

       
 

       



     

       
66

       
 

       
  async create(


     
···

       
1

       
 

       
import { check, cidForCbor } from '@atproto/common'


     

       
2

       
 

       
import { Keypair } from '@atproto/crypto'


     

       
3

       
 

       
import axios from 'axios'


     

       
4

       
+

       
import { CID } from 'multiformats/cid'


     

       
5

       
 

       
import { didForCreateOp, normalizeOp, signOperation } from './operations'


     

       
6

       
 

       
import * as t from './types'


     

       
7

       
 

       



     
···

       
39

       
 

       
    return res.data


     

       
40

       
 

       
  }


     

       
41

       
 

       



     

       
42

       
+

       
  async updateData(


     

       
43

       
 

       
    did: string,


     

       

       

       
     

       
44

       
 

       
    key: Keypair,


     

       
45

       
+

       
    fn: (lastOp: t.Operation, prev: CID) => Promise<t.UnsignedOperation>,


     

       
46

       
 

       
  ) {


     

       
47

       
 

       
    const lastOp = await this.getLastOp(did)


     

       
48

       
 

       
    if (check.is(lastOp, t.def.tombstone)) {


     

       
49

       
 

       
      throw new Error('Cannot apply op to tombstone')


     

       
50

       
 

       
    }


     

       
51

       
+

       
    const normalized = normalizeOp(lastOp)


     

       
52

       
 

       
    const prev = await cidForCbor(lastOp)


     

       
53

       
+

       
    const unsigned = await fn(normalized, prev)


     

       
54

       
+

       
    const op = await signOperation(unsigned, key)


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
55

       
 

       
    await this.sendOperation(did, op)


     

       
56

       
+

       
  }


     

       
57

       
+

       



     

       
58

       
+

       
  async applyPartialOp(


     

       
59

       
+

       
    did: string,


     

       
60

       
+

       
    delta: Partial<t.UnsignedOperation>,


     

       
61

       
+

       
    key: Keypair,


     

       
62

       
+

       
  ) {


     

       
63

       
+

       
    await this.updateData(did, key, async (lastOp, prev) => ({


     

       
64

       
+

       
      type: 'plc_operation',


     

       
65

       
+

       
      verificationMethods: lastOp.verificationMethods,


     

       
66

       
+

       
      rotationKeys: lastOp.rotationKeys,


     

       
67

       
+

       
      alsoKnownAs: lastOp.alsoKnownAs,


     

       
68

       
+

       
      services: lastOp.services,


     

       
69

       
+

       
      prev: prev.toString(),


     

       
70

       
+

       
      ...delta,


     

       
71

       
+

       
    }))


     

       
72

       
 

       
  }


     

       
73

       
 

       



     

       
74

       
 

       
  async create(
+2 -2
packages/lib/src/data.ts 
···

       
113

       
 

       
        throw new MisorderedOperationError()


     

       
114

       
 

       
      }


     

       
115

       
 

       
    }


     

       
116

       
-

       
    const { signingKey, rotationKeys, handles, services } = op


     

       
117

       
-

       
    doc = { did, signingKey, rotationKeys, handles, services }


     

       
118

       
 

       
    prev = await cidForCbor(op)


     

       
119

       
 

       
  }


     

       
120

       
 

       



     
···

       
113

       
 

       
        throw new MisorderedOperationError()


     

       
114

       
 

       
      }


     

       
115

       
 

       
    }


     

       
116

       
+

       
    const { verificationMethods, rotationKeys, alsoKnownAs, services } = op


     

       
117

       
+

       
    doc = { did, verificationMethods, rotationKeys, alsoKnownAs, services }


     

       
118

       
 

       
    prev = await cidForCbor(op)


     

       
119

       
 

       
  }


     

       
120
+25 -27
packages/lib/src/document.ts 
···

       
7

       
 

       
export const formatDidDoc = (data: t.DocumentData): t.DidDocument => {


     

       
8

       
 

       
  const context = ['https://www.w3.org/ns/did/v1']


     

       
9

       
 

       



     

       
10

       
-

       
  const signingKeyInfo = formatKeyAndContext(data.signingKey)


     

       
11

       
-

       
  if (!context.includes(signingKeyInfo.context)) {


     

       
12

       
-

       
    context.push(signingKeyInfo.context)


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
13

       
 

       
  }


     

       
14

       
 

       



     

       
15

       
-

       
  const alsoKnownAs = data.handles.map((h) => ensureHttpPrefix(h))


     

       
16

       
 

       
  const services: Service[] = []


     

       
17

       
-

       
  if (data.services.atpPds) {


     

       
18

       
 

       
    services.push({


     

       
19

       
-

       
      id: `#atpPds`,


     

       
20

       
-

       
      type: 'AtpPersonalDataServer',


     

       
21

       
-

       
      serviceEndpoint: ensureHttpPrefix(data.services.atpPds),


     

       
22

       
 

       
    })


     

       
23

       
 

       
  }


     

       
24

       
 

       



     

       
25

       
 

       
  return {


     

       
26

       
 

       
    '@context': context,


     

       
27

       
 

       
    id: data.did,


     

       
28

       
-

       
    alsoKnownAs: alsoKnownAs,


     

       
29

       
-

       
    verificationMethod: [


     

       
30

       
-

       
      {


     

       
31

       
-

       
        id: `#signingKey`,


     

       
32

       
-

       
        type: signingKeyInfo.type,


     

       
33

       
-

       
        controller: data.did,


     

       
34

       
-

       
        publicKeyMultibase: signingKeyInfo.publicKeyMultibase,


     

       
35

       
-

       
      },


     

       
36

       
-

       
    ],


     

       
37

       
-

       
    assertionMethod: [`#signingKey`],


     

       
38

       
-

       
    capabilityInvocation: [`#signingKey`],


     

       
39

       
-

       
    capabilityDelegation: [`#signingKey`],


     

       
40

       
 

       
    service: services,


     

       
41

       
 

       
  }


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
42

       
 

       
}


     

       
43

       
 

       



     

       
44

       
 

       
type Service = {


     
···

       
77

       
 

       
  }


     

       
78

       
 

       
  throw new UnsupportedKeyError(key, `Unsupported key type: ${jwtAlg}`)


     

       
79

       
 

       
}


     

       
80

       
-

       



     

       
81

       
-

       
export const ensureHttpPrefix = (str: string): string => {


     

       
82

       
-

       
  if (str.startsWith('http://') || str.startsWith('https://')) {


     

       
83

       
-

       
    return str


     

       
84

       
-

       
  }


     

       
85

       
-

       
  return `https://${str}`


     

       
86

       
-

       
}


     
···

       
7

       
 

       
export const formatDidDoc = (data: t.DocumentData): t.DidDocument => {


     

       
8

       
 

       
  const context = ['https://www.w3.org/ns/did/v1']


     

       
9

       
 

       



     

       
10

       
+

       
  const verificationMethods: VerificationMethod[] = []


     

       
11

       
+

       
  for (const [keyid, key] of Object.entries(data.verificationMethods)) {


     

       
12

       
+

       
    const info = formatKeyAndContext(key)


     

       
13

       
+

       
    if (!context.includes(info.context)) {


     

       
14

       
+

       
      context.push(info.context)


     

       
15

       
+

       
    }


     

       
16

       
+

       
    verificationMethods.push({


     

       
17

       
+

       
      id: `#${keyid}`,


     

       
18

       
+

       
      type: info.type,


     

       
19

       
+

       
      controller: data.did,


     

       
20

       
+

       
      publicKeyMultibase: info.publicKeyMultibase,


     

       
21

       
+

       
    })


     

       
22

       
 

       
  }


     

       
23

       
 

       



     

       

       

       
     

       
24

       
 

       
  const services: Service[] = []


     

       
25

       
+

       
  for (const [serviceId, service] of Object.entries(data.services)) {


     

       
26

       
 

       
    services.push({


     

       
27

       
+

       
      id: `#${serviceId}`,


     

       
28

       
+

       
      type: service.type,


     

       
29

       
+

       
      serviceEndpoint: service.endpoint,


     

       
30

       
 

       
    })


     

       
31

       
 

       
  }


     

       
32

       
 

       



     

       
33

       
 

       
  return {


     

       
34

       
 

       
    '@context': context,


     

       
35

       
 

       
    id: data.did,


     

       
36

       
+

       
    alsoKnownAs: data.alsoKnownAs,


     

       
37

       
+

       
    verificationMethod: verificationMethods,


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
38

       
 

       
    service: services,


     

       
39

       
 

       
  }


     

       
40

       
+

       
}


     

       
41

       
+

       



     

       
42

       
+

       
type VerificationMethod = {


     

       
43

       
+

       
  id: string


     

       
44

       
+

       
  type: string


     

       
45

       
+

       
  controller: string


     

       
46

       
+

       
  publicKeyMultibase: string


     

       
47

       
 

       
}


     

       
48

       
 

       



     

       
49

       
 

       
type Service = {


     
···

       
82

       
 

       
  }


     

       
83

       
 

       
  throw new UnsupportedKeyError(key, `Unsupported key type: ${jwtAlg}`)


     

       
84

       
 

       
}
+160 -8
packages/lib/src/operations.ts 
···

       
2

       
 

       
import { CID } from 'multiformats/cid'


     

       
3

       
 

       
import * as uint8arrays from 'uint8arrays'


     

       
4

       
 

       
import { Keypair, parseDidKey, sha256, verifySignature } from '@atproto/crypto'


     

       
5

       
-

       
import { check } from '@atproto/common'


     

       
6

       
 

       
import * as t from './types'


     

       
7

       
 

       
import {


     

       
8

       
 

       
  GenesisHashError,


     
···

       
32

       
 

       
  }


     

       
33

       
 

       
}


     

       
34

       
 

       



     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
35

       
 

       
export const signOperation = async (


     

       
36

       
 

       
  op: t.UnsignedOperation,


     

       
37

       
 

       
  signingKey: Keypair,


     
···

       
45

       
 

       
): Promise<t.Tombstone> => {


     

       
46

       
 

       
  return addSignature(


     

       
47

       
 

       
    {


     

       
48

       
-

       
      tombstone: true,


     

       
49

       
 

       
      prev: prev.toString(),


     

       
50

       
 

       
    },


     

       
51

       
 

       
    key,


     
···

       
64

       
 

       
    return op


     

       
65

       
 

       
  }


     

       
66

       
 

       
  return {


     

       
67

       
-

       
    signingKey: op.signingKey,


     

       

       

       
     

       

       

       
     

       

       

       
     

       
68

       
 

       
    rotationKeys: [op.recoveryKey, op.signingKey],


     

       
69

       
-

       
    handles: [op.handle],


     

       
70

       
 

       
    services: {


     

       
71

       
-

       
      atpPds: op.service,


     

       

       

       
     

       

       

       
     

       

       

       
     

       
72

       
 

       
    },


     

       
73

       
 

       
    prev: op.prev,


     

       
74

       
 

       
    sig: op.sig,


     
···

       
80

       
 

       
    return true


     

       
81

       
 

       
  }


     

       
82

       
 

       
  // ensure we support the op's keys


     

       
83

       
-

       
  const keys = [op.signingKey, ...op.rotationKeys]


     

       
84

       
 

       
  await Promise.all(


     

       
85

       
 

       
    keys.map(async (k) => {


     

       
86

       
 

       
      try {


     
···

       
118

       
 

       
  if (op.prev !== null) {


     

       
119

       
 

       
    throw new ImproperOperationError('expected null prev on create', op)


     

       
120

       
 

       
  }


     

       
121

       
-

       
  const { signingKey, rotationKeys, handles, services } = normalized


     

       
122

       
-

       
  return { did, signingKey, rotationKeys, handles, services }


     

       

       

       
     

       
123

       
 

       
}


     

       
124

       
 

       



     

       
125

       
 

       
export const assureValidSig = async (


     
···

       
138

       
 

       
  }


     

       
139

       
 

       
  throw new InvalidSignatureError(op)


     

       
140

       
 

       
}


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     
···

       
2

       
 

       
import { CID } from 'multiformats/cid'


     

       
3

       
 

       
import * as uint8arrays from 'uint8arrays'


     

       
4

       
 

       
import { Keypair, parseDidKey, sha256, verifySignature } from '@atproto/crypto'


     

       
5

       
+

       
import { check, cidForCbor } from '@atproto/common'


     

       
6

       
 

       
import * as t from './types'


     

       
7

       
 

       
import {


     

       
8

       
 

       
  GenesisHashError,


     
···

       
32

       
 

       
  }


     

       
33

       
 

       
}


     

       
34

       
 

       



     

       
35

       
+

       
export const formatAtprotoOp = (opts: {


     

       
36

       
+

       
  signingKey: string


     

       
37

       
+

       
  handle: string


     

       
38

       
+

       
  pds: string


     

       
39

       
+

       
  rotationKeys: string[]


     

       
40

       
+

       
  prev: CID | null


     

       
41

       
+

       
}): t.UnsignedOperation => {


     

       
42

       
+

       
  return {


     

       
43

       
+

       
    type: 'plc_operation',


     

       
44

       
+

       
    verificationMethods: {


     

       
45

       
+

       
      atproto: opts.signingKey,


     

       
46

       
+

       
    },


     

       
47

       
+

       
    rotationKeys: opts.rotationKeys,


     

       
48

       
+

       
    alsoKnownAs: [ensureAtprotoPrefix(opts.handle)],


     

       
49

       
+

       
    services: {


     

       
50

       
+

       
      atproto_pds: {


     

       
51

       
+

       
        type: 'AtprotoPersonalDataServer',


     

       
52

       
+

       
        endpoint: ensureHttpPrefix(opts.pds),


     

       
53

       
+

       
      },


     

       
54

       
+

       
    },


     

       
55

       
+

       
    prev: opts.prev?.toString() ?? null,


     

       
56

       
+

       
  }


     

       
57

       
+

       
}


     

       
58

       
+

       



     

       
59

       
+

       
export const atprotoOp = async (opts: {


     

       
60

       
+

       
  signingKey: string


     

       
61

       
+

       
  handle: string


     

       
62

       
+

       
  pds: string


     

       
63

       
+

       
  rotationKeys: string[]


     

       
64

       
+

       
  prev: CID | null


     

       
65

       
+

       
  signer: Keypair


     

       
66

       
+

       
}) => {


     

       
67

       
+

       
  return addSignature(formatAtprotoOp(opts), opts.signer)


     

       
68

       
+

       
}


     

       
69

       
+

       



     

       
70

       
+

       
export const createUpdateOp = async (


     

       
71

       
+

       
  lastOp: t.CompatibleOp,


     

       
72

       
+

       
  signer: Keypair,


     

       
73

       
+

       
  fn: (


     

       
74

       
+

       
    normalized: t.UnsignedOperation,


     

       
75

       
+

       
    prev: CID,


     

       
76

       
+

       
  ) => Omit<t.UnsignedOperation, 'prev'>,


     

       
77

       
+

       
): Promise<t.Operation> => {


     

       
78

       
+

       
  const prev = await cidForCbor(lastOp)


     

       
79

       
+

       
  // omit sig so it doesn't accidentally make its way into the next operation


     

       
80

       
+

       
  const { sig, ...normalized } = normalizeOp(lastOp)


     

       
81

       
+

       
  const unsigned = await fn(normalized, prev)


     

       
82

       
+

       
  return addSignature(


     

       
83

       
+

       
    {


     

       
84

       
+

       
      ...unsigned,


     

       
85

       
+

       
      prev: prev.toString(),


     

       
86

       
+

       
    },


     

       
87

       
+

       
    signer,


     

       
88

       
+

       
  )


     

       
89

       
+

       
}


     

       
90

       
+

       



     

       
91

       
+

       
export const updateAtprotoKeyOp = async (


     

       
92

       
+

       
  lastOp: t.CompatibleOp,


     

       
93

       
+

       
  signer: Keypair,


     

       
94

       
+

       
  atprotoKey: string,


     

       
95

       
+

       
): Promise<t.Operation> => {


     

       
96

       
+

       
  return createUpdateOp(lastOp, signer, (normalized) => ({


     

       
97

       
+

       
    ...normalized,


     

       
98

       
+

       
    verificationMethods: {


     

       
99

       
+

       
      ...normalized.verificationMethods,


     

       
100

       
+

       
      atproto: atprotoKey,


     

       
101

       
+

       
    },


     

       
102

       
+

       
  }))


     

       
103

       
+

       
}


     

       
104

       
+

       



     

       
105

       
+

       
export const updateHandleOp = async (


     

       
106

       
+

       
  lastOp: t.CompatibleOp,


     

       
107

       
+

       
  signer: Keypair,


     

       
108

       
+

       
  handle: string,


     

       
109

       
+

       
): Promise<t.Operation> => {


     

       
110

       
+

       
  const formatted = ensureAtprotoPrefix(handle)


     

       
111

       
+

       
  return createUpdateOp(lastOp, signer, (normalized) => {


     

       
112

       
+

       
    const handleI = normalized.alsoKnownAs.findIndex((h) =>


     

       
113

       
+

       
      h.startsWith('at://'),


     

       
114

       
+

       
    )


     

       
115

       
+

       
    let aka: string[]


     

       
116

       
+

       
    if (handleI < 0) {


     

       
117

       
+

       
      aka = [formatted, ...normalized.alsoKnownAs]


     

       
118

       
+

       
    } else {


     

       
119

       
+

       
      aka = [


     

       
120

       
+

       
        ...normalized.alsoKnownAs.slice(0, handleI),


     

       
121

       
+

       
        formatted,


     

       
122

       
+

       
        ...normalized.alsoKnownAs.slice(handleI + 1),


     

       
123

       
+

       
      ]


     

       
124

       
+

       
    }


     

       
125

       
+

       
    return {


     

       
126

       
+

       
      ...normalized,


     

       
127

       
+

       
      alsoKnownAs: aka,


     

       
128

       
+

       
    }


     

       
129

       
+

       
  })


     

       
130

       
+

       
}


     

       
131

       
+

       



     

       
132

       
+

       
export const updatePdsOp = async (


     

       
133

       
+

       
  lastOp: t.CompatibleOp,


     

       
134

       
+

       
  signer: Keypair,


     

       
135

       
+

       
  endpoint: string,


     

       
136

       
+

       
): Promise<t.Operation> => {


     

       
137

       
+

       
  const formatted = ensureHttpPrefix(endpoint)


     

       
138

       
+

       
  return createUpdateOp(lastOp, signer, (normalized) => {


     

       
139

       
+

       
    return {


     

       
140

       
+

       
      ...normalized,


     

       
141

       
+

       
      services: {


     

       
142

       
+

       
        ...normalized.services,


     

       
143

       
+

       
        atproto_pds: {


     

       
144

       
+

       
          type: 'AtprotoPersonalDataServer',


     

       
145

       
+

       
          endpoint: formatted,


     

       
146

       
+

       
        },


     

       
147

       
+

       
      },


     

       
148

       
+

       
    }


     

       
149

       
+

       
  })


     

       
150

       
+

       
}


     

       
151

       
+

       



     

       
152

       
+

       
export const updateRotationkeysOp = async (


     

       
153

       
+

       
  lastOp: t.CompatibleOp,


     

       
154

       
+

       
  signer: Keypair,


     

       
155

       
+

       
  rotationKeys: string[],


     

       
156

       
+

       
): Promise<t.Operation> => {


     

       
157

       
+

       
  return createUpdateOp(lastOp, signer, (normalized) => {


     

       
158

       
+

       
    return {


     

       
159

       
+

       
      ...normalized,


     

       
160

       
+

       
      rotationKeys,


     

       
161

       
+

       
    }


     

       
162

       
+

       
  })


     

       
163

       
+

       
}


     

       
164

       
+

       



     

       
165

       
 

       
export const signOperation = async (


     

       
166

       
 

       
  op: t.UnsignedOperation,


     

       
167

       
 

       
  signingKey: Keypair,


     
···

       
175

       
 

       
): Promise<t.Tombstone> => {


     

       
176

       
 

       
  return addSignature(


     

       
177

       
 

       
    {


     

       
178

       
+

       
      type: 'plc_tombstone',


     

       
179

       
 

       
      prev: prev.toString(),


     

       
180

       
 

       
    },


     

       
181

       
 

       
    key,


     
···

       
194

       
 

       
    return op


     

       
195

       
 

       
  }


     

       
196

       
 

       
  return {


     

       
197

       
+

       
    type: 'plc_operation',


     

       
198

       
+

       
    verificationMethods: {


     

       
199

       
+

       
      atproto: op.signingKey,


     

       
200

       
+

       
    },


     

       
201

       
 

       
    rotationKeys: [op.recoveryKey, op.signingKey],


     

       
202

       
+

       
    alsoKnownAs: [ensureAtprotoPrefix(op.handle)],


     

       
203

       
 

       
    services: {


     

       
204

       
+

       
      atproto_pds: {


     

       
205

       
+

       
        type: 'AtprotoPersonalDataServer',


     

       
206

       
+

       
        endpoint: ensureHttpPrefix(op.service),


     

       
207

       
+

       
      },


     

       
208

       
 

       
    },


     

       
209

       
 

       
    prev: op.prev,


     

       
210

       
 

       
    sig: op.sig,


     
···

       
216

       
 

       
    return true


     

       
217

       
 

       
  }


     

       
218

       
 

       
  // ensure we support the op's keys


     

       
219

       
+

       
  const keys = [...Object.values(op.verificationMethods), ...op.rotationKeys]


     

       
220

       
 

       
  await Promise.all(


     

       
221

       
 

       
    keys.map(async (k) => {


     

       
222

       
 

       
      try {


     
···

       
254

       
 

       
  if (op.prev !== null) {


     

       
255

       
 

       
    throw new ImproperOperationError('expected null prev on create', op)


     

       
256

       
 

       
  }


     

       
257

       
+

       
  const { verificationMethods, rotationKeys, alsoKnownAs, services } =


     

       
258

       
+

       
    normalized


     

       
259

       
+

       
  return { did, verificationMethods, rotationKeys, alsoKnownAs, services }


     

       
260

       
 

       
}


     

       
261

       
 

       



     

       
262

       
 

       
export const assureValidSig = async (


     
···

       
275

       
 

       
  }


     

       
276

       
 

       
  throw new InvalidSignatureError(op)


     

       
277

       
 

       
}


     

       
278

       
+

       



     

       
279

       
+

       
export const ensureHttpPrefix = (str: string): string => {


     

       
280

       
+

       
  if (str.startsWith('http://') || str.startsWith('https://')) {


     

       
281

       
+

       
    return str


     

       
282

       
+

       
  }


     

       
283

       
+

       
  return `https://${str}`


     

       
284

       
+

       
}


     

       
285

       
+

       



     

       
286

       
+

       
export const ensureAtprotoPrefix = (str: string): string => {


     

       
287

       
+

       
  if (str.startsWith('at://')) {


     

       
288

       
+

       
    return str


     

       
289

       
+

       
  }


     

       
290

       
+

       
  const stripped = str.replace('http://', '').replace('https://', '')


     

       
291

       
+

       
  return `at://${stripped}`


     

       
292

       
+

       
}
+13 -14
packages/lib/src/types.ts 
···

       
8

       
 

       
  })


     

       
9

       
 

       
  .transform((obj: unknown) => mf.CID.asCID(obj) as mf.CID)


     

       
10

       
 

       



     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
11

       
 

       
const documentData = z.object({


     

       
12

       
 

       
  did: z.string(),


     

       
13

       
-

       
  signingKey: z.string(),


     

       
14

       
 

       
  rotationKeys: z.array(z.string()),


     

       
15

       
-

       
  handles: z.array(z.string()),


     

       
16

       
-

       
  services: z.object({


     

       
17

       
-

       
    atpPds: z.string().optional(),


     

       
18

       
-

       
  }),


     

       
19

       
 

       
})


     

       
20

       
 

       
export type DocumentData = z.infer<typeof documentData>


     

       
21

       
 

       



     
···

       
32

       
 

       
export type CreateOpV1 = z.infer<typeof createOpV1>


     

       
33

       
 

       



     

       
34

       
 

       
const unsignedOperation = z.object({


     

       
35

       
-

       
  signingKey: z.string(),


     

       
36

       
 

       
  rotationKeys: z.array(z.string()),


     

       
37

       
-

       
  handles: z.array(z.string()),


     

       
38

       
-

       
  services: z.object({


     

       
39

       
-

       
    atpPds: z.string().optional(),


     

       
40

       
-

       
  }),


     

       
41

       
 

       
  prev: z.string().nullable(),


     

       
42

       
 

       
})


     

       
43

       
 

       
export type UnsignedOperation = z.infer<typeof unsignedOperation>


     
···

       
45

       
 

       
export type Operation = z.infer<typeof operation>


     

       
46

       
 

       



     

       
47

       
 

       
const unsignedTombstone = z.object({


     

       
48

       
-

       
  tombstone: z.literal(true),


     

       
49

       
 

       
  prev: z.string(),


     

       
50

       
 

       
})


     

       
51

       
 

       
export type UnsignedTombstone = z.infer<typeof unsignedTombstone>


     
···

       
95

       
 

       
  id: z.string(),


     

       
96

       
 

       
  alsoKnownAs: z.array(z.string()),


     

       
97

       
 

       
  verificationMethod: z.array(didDocVerificationMethod),


     

       
98

       
-

       
  assertionMethod: z.array(z.string()),


     

       
99

       
-

       
  capabilityInvocation: z.array(z.string()),


     

       
100

       
-

       
  capabilityDelegation: z.array(z.string()),


     

       
101

       
 

       
  service: z.array(didDocService),


     

       
102

       
 

       
})


     

       
103

       
 

       
export type DidDocument = z.infer<typeof didDocument>


     
···

       
8

       
 

       
  })


     

       
9

       
 

       
  .transform((obj: unknown) => mf.CID.asCID(obj) as mf.CID)


     

       
10

       
 

       



     

       
11

       
+

       
const service = z.object({


     

       
12

       
+

       
  type: z.string(),


     

       
13

       
+

       
  endpoint: z.string(),


     

       
14

       
+

       
})


     

       
15

       
+

       



     

       
16

       
 

       
const documentData = z.object({


     

       
17

       
 

       
  did: z.string(),


     

       

       

       
     

       
18

       
 

       
  rotationKeys: z.array(z.string()),


     

       
19

       
+

       
  verificationMethods: z.record(z.string()),


     

       
20

       
+

       
  alsoKnownAs: z.array(z.string()),


     

       
21

       
+

       
  services: z.record(service),


     

       

       

       
     

       
22

       
 

       
})


     

       
23

       
 

       
export type DocumentData = z.infer<typeof documentData>


     

       
24

       
 

       



     
···

       
35

       
 

       
export type CreateOpV1 = z.infer<typeof createOpV1>


     

       
36

       
 

       



     

       
37

       
 

       
const unsignedOperation = z.object({


     

       
38

       
+

       
  type: z.literal('plc_operation'),


     

       
39

       
 

       
  rotationKeys: z.array(z.string()),


     

       
40

       
+

       
  verificationMethods: z.record(z.string()),


     

       
41

       
+

       
  alsoKnownAs: z.array(z.string()),


     

       
42

       
+

       
  services: z.record(service),


     

       

       

       
     

       
43

       
 

       
  prev: z.string().nullable(),


     

       
44

       
 

       
})


     

       
45

       
 

       
export type UnsignedOperation = z.infer<typeof unsignedOperation>


     
···

       
47

       
 

       
export type Operation = z.infer<typeof operation>


     

       
48

       
 

       



     

       
49

       
 

       
const unsignedTombstone = z.object({


     

       
50

       
+

       
  type: z.literal('plc_tombstone'),


     

       
51

       
 

       
  prev: z.string(),


     

       
52

       
 

       
})


     

       
53

       
 

       
export type UnsignedTombstone = z.infer<typeof unsignedTombstone>


     
···

       
97

       
 

       
  id: z.string(),


     

       
98

       
 

       
  alsoKnownAs: z.array(z.string()),


     

       
99

       
 

       
  verificationMethod: z.array(didDocVerificationMethod),


     

       

       

       
     

       

       

       
     

       

       

       
     

       
100

       
 

       
  service: z.array(didDocService),


     

       
101

       
 

       
})


     

       
102

       
 

       
export type DidDocument = z.infer<typeof didDocument>
+36 -12
packages/lib/tests/compatibility.test.ts 
···

       
6

       
 

       
  deprecatedSignCreate,


     

       
7

       
 

       
  didForCreateOp,


     

       
8

       
 

       
  normalizeOp,


     

       
9

       
-

       
  signOperation,


     

       

       

       
     

       
10

       
 

       
  validateOperationLog,


     

       
11

       
 

       
} from '../src'


     

       
12

       
 

       



     
···

       
41

       
 

       



     

       
42

       
 

       
    const normalized = normalizeOp(legacyOp)


     

       
43

       
 

       
    expect(normalized).toEqual({


     

       
44

       
-

       
      signingKey: signingKey.did(),


     

       

       

       
     

       

       

       
     

       

       

       
     

       
45

       
 

       
      rotationKeys: [recoveryKey.did(), signingKey.did()],


     

       
46

       
-

       
      handles: [handle],


     

       
47

       
 

       
      services: {


     

       
48

       
-

       
        atpPds: service,


     

       

       

       
     

       

       

       
     

       

       

       
     

       
49

       
 

       
      },


     

       
50

       
 

       
      prev: null,


     

       
51

       
 

       
      sig: legacyOp.sig,


     
···

       
56

       
 

       
    const legacyCid = await cidForCbor(legacyOp)


     

       
57

       
 

       
    const newSigner = await Secp256k1Keypair.create()


     

       
58

       
 

       
    const newRotater = await Secp256k1Keypair.create()


     

       
59

       
-

       
    const nextOp = await signOperation(


     

       
60

       
-

       
      {


     

       
61

       
-

       
        signingKey: newSigner.did(),


     

       
62

       
-

       
        rotationKeys: [newRotater.did()],


     

       
63

       
-

       
        handles: [handle],


     

       
64

       
-

       
        services: { atpPds: service },


     

       
65

       
-

       
        prev: legacyCid.toString(),


     

       
66

       
-

       
      },


     

       
67

       
 

       
      signingKey,


     

       

       

       
     

       
68

       
 

       
    )


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
69

       
 

       
    await validateOperationLog(did, [legacyOp, nextOp])


     

       

       

       
     

       
70

       
 

       



     

       

       

       
     

       
71

       
 

       
    const indexedLegacy = {


     

       
72

       
 

       
      did,


     

       
73

       
 

       
      operation: legacyOp,


     
···

       
6

       
 

       
  deprecatedSignCreate,


     

       
7

       
 

       
  didForCreateOp,


     

       
8

       
 

       
  normalizeOp,


     

       
9

       
+

       
  updateRotationkeysOp,


     

       
10

       
+

       
  updateAtprotoKeyOp,


     

       
11

       
 

       
  validateOperationLog,


     

       
12

       
 

       
} from '../src'


     

       
13

       
 

       



     
···

       
42

       
 

       



     

       
43

       
 

       
    const normalized = normalizeOp(legacyOp)


     

       
44

       
 

       
    expect(normalized).toEqual({


     

       
45

       
+

       
      type: 'plc_operation',


     

       
46

       
+

       
      verificationMethods: {


     

       
47

       
+

       
        atproto: signingKey.did(),


     

       
48

       
+

       
      },


     

       
49

       
 

       
      rotationKeys: [recoveryKey.did(), signingKey.did()],


     

       
50

       
+

       
      alsoKnownAs: [`at://${handle}`],


     

       
51

       
 

       
      services: {


     

       
52

       
+

       
        atproto_pds: {


     

       
53

       
+

       
          type: 'AtprotoPersonalDataServer',


     

       
54

       
+

       
          endpoint: service,


     

       
55

       
+

       
        },


     

       
56

       
 

       
      },


     

       
57

       
 

       
      prev: null,


     

       
58

       
 

       
      sig: legacyOp.sig,


     
···

       
63

       
 

       
    const legacyCid = await cidForCbor(legacyOp)


     

       
64

       
 

       
    const newSigner = await Secp256k1Keypair.create()


     

       
65

       
 

       
    const newRotater = await Secp256k1Keypair.create()


     

       
66

       
+

       
    const nextOp = await updateAtprotoKeyOp(


     

       
67

       
+

       
      legacyOp,


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
68

       
 

       
      signingKey,


     

       
69

       
+

       
      newSigner.did(),


     

       
70

       
 

       
    )


     

       
71

       
+

       
    const anotherOp = await updateRotationkeysOp(nextOp, signingKey, [


     

       
72

       
+

       
      newRotater.did(),


     

       
73

       
+

       
    ])


     

       
74

       
+

       
    //   {


     

       
75

       
+

       
    //     type: 'plc_operation',


     

       
76

       
+

       
    //     verificationMethods: {


     

       
77

       
+

       
    //       atproto: newSigner.did(),


     

       
78

       
+

       
    //     },


     

       
79

       
+

       
    //     rotationKeys: [newRotater.did()],


     

       
80

       
+

       
    //     alsoKnownAs: [`at://${handle}`],


     

       
81

       
+

       
    //     services: {


     

       
82

       
+

       
    //       atproto_pds: {


     

       
83

       
+

       
    //         type: 'AtprotoPersonalDataServer',


     

       
84

       
+

       
    //         endpoint: service,


     

       
85

       
+

       
    //       },


     

       
86

       
+

       
    //     },


     

       
87

       
+

       
    //     prev: legacyCid.toString(),


     

       
88

       
+

       
    //   },


     

       
89

       
+

       
    //   signingKey,


     

       
90

       
+

       
    // )


     

       
91

       
 

       
    await validateOperationLog(did, [legacyOp, nextOp])


     

       
92

       
+

       
    // await validateOperationLog(did, [legacyOp, nextOp, anotherOp])


     

       
93

       
 

       



     

       
94

       
+

       
    return


     

       
95

       
 

       
    const indexedLegacy = {


     

       
96

       
 

       
      did,


     

       
97

       
 

       
      operation: legacyOp,
+29 -23
packages/lib/tests/data.test.ts 
···

       
39

       
 

       
    const prev = await cidForCbor(lastOp)


     

       
40

       
 

       
    return operations.signOperation(


     

       
41

       
 

       
      {


     

       
42

       
-

       
        signingKey: lastOp.signingKey,


     

       

       

       
     

       
43

       
 

       
        rotationKeys: lastOp.rotationKeys,


     

       
44

       
-

       
        handles: lastOp.handles,


     

       
45

       
 

       
        services: lastOp.services,


     

       
46

       
 

       
        prev: prev.toString(),


     

       
47

       
 

       
        ...changes,


     
···

       
53

       
 

       
  it('creates a valid create op', async () => {


     

       
54

       
 

       
    const createOp = await operations.signOperation(


     

       
55

       
 

       
      {


     

       
56

       
-

       
        signingKey: signingKey.did(),


     

       

       

       
     

       

       

       
     

       

       

       
     

       
57

       
 

       
        rotationKeys: [rotationKey1.did(), rotationKey2.did()],


     

       
58

       
-

       
        handles: [handle],


     

       
59

       
 

       
        services: {


     

       
60

       
 

       
          atpPds,


     

       
61

       
 

       
        },


     
···

       
76

       
 

       
      throw new Error('expected doc')


     

       
77

       
 

       
    }


     

       
78

       
 

       
    expect(doc.did).toEqual(did)


     

       
79

       
-

       
    expect(doc.signingKey).toEqual(signingKey.did())


     

       
80

       
 

       
    expect(doc.rotationKeys).toEqual([rotationKey1.did(), rotationKey2.did()])


     

       
81

       
-

       
    expect(doc.handles).toEqual([handle])


     

       
82

       
 

       
    expect(doc.services).toEqual({ atpPds })


     

       
83

       
 

       
  })


     

       
84

       
 

       



     

       
85

       
 

       
  it('updates handle', async () => {


     

       
86

       
 

       
    handle = 'ali.example2.com'


     

       
87

       
-

       
    const op = await makeNextOp({ handles: [handle] }, rotationKey1)


     

       
88

       
 

       
    ops.push(op)


     

       
89

       
 

       



     

       
90

       
 

       
    const doc = await data.validateOperationLog(did, ops)


     
···

       
92

       
 

       
      throw new Error('expected doc')


     

       
93

       
 

       
    }


     

       
94

       
 

       
    expect(doc.did).toEqual(did)


     

       
95

       
-

       
    expect(doc.signingKey).toEqual(signingKey.did())


     

       
96

       
 

       
    expect(doc.rotationKeys).toEqual([rotationKey1.did(), rotationKey2.did()])


     

       
97

       
-

       
    expect(doc.handles).toEqual([handle])


     

       
98

       
 

       
    expect(doc.services).toEqual({ atpPds })


     

       
99

       
 

       
  })


     

       
100

       
 

       



     
···

       
115

       
 

       
      throw new Error('expected doc')


     

       
116

       
 

       
    }


     

       
117

       
 

       
    expect(doc.did).toEqual(did)


     

       
118

       
-

       
    expect(doc.signingKey).toEqual(signingKey.did())


     

       
119

       
 

       
    expect(doc.rotationKeys).toEqual([rotationKey1.did(), rotationKey2.did()])


     

       
120

       
-

       
    expect(doc.handles).toEqual([handle])


     

       
121

       
 

       
    expect(doc.services).toEqual({ atpPds })


     

       
122

       
 

       
  })


     

       
123

       
 

       



     
···

       
125

       
 

       
    const newSigningKey = await Secp256k1Keypair.create()


     

       
126

       
 

       
    const op = await makeNextOp(


     

       
127

       
 

       
      {


     

       
128

       
-

       
        signingKey: newSigningKey.did(),


     

       

       

       
     

       

       

       
     

       
129

       
 

       
      },


     

       
130

       
 

       
      rotationKey1,


     

       
131

       
 

       
    )


     
···

       
138

       
 

       
      throw new Error('expected doc')


     

       
139

       
 

       
    }


     

       
140

       
 

       
    expect(doc.did).toEqual(did)


     

       
141

       
-

       
    expect(doc.signingKey).toEqual(signingKey.did())


     

       
142

       
 

       
    expect(doc.rotationKeys).toEqual([rotationKey1.did(), rotationKey2.did()])


     

       
143

       
-

       
    expect(doc.handles).toEqual([handle])


     

       
144

       
 

       
    expect(doc.services).toEqual({ atpPds })


     

       
145

       
 

       
  })


     

       
146

       
 

       



     
···

       
163

       
 

       
    }


     

       
164

       
 

       



     

       
165

       
 

       
    expect(doc.did).toEqual(did)


     

       
166

       
-

       
    expect(doc.signingKey).toEqual(signingKey.did())


     

       
167

       
 

       
    expect(doc.rotationKeys).toEqual([rotationKey1.did(), rotationKey2.did()])


     

       
168

       
-

       
    expect(doc.handles).toEqual([handle])


     

       
169

       
 

       
    expect(doc.services).toEqual({ atpPds })


     

       
170

       
 

       
  })


     

       
171

       
 

       



     

       
172

       
 

       
  it('no longer allows operations from old rotation key', async () => {


     

       
173

       
 

       
    const op = await makeNextOp(


     

       
174

       
 

       
      {


     

       
175

       
-

       
        handles: ['bob'],


     

       
176

       
 

       
      },


     

       
177

       
 

       
      oldRotationKey1,


     

       
178

       
 

       
    )


     
···

       
184

       
 

       
  it('does not allow operations from the signingKey', async () => {


     

       
185

       
 

       
    const op = await makeNextOp(


     

       
186

       
 

       
      {


     

       
187

       
-

       
        handles: ['bob'],


     

       
188

       
 

       
      },


     

       
189

       
 

       
      signingKey,


     

       
190

       
 

       
    )


     
···

       
197

       
 

       
    const newHandle = 'ali.example.com'


     

       
198

       
 

       
    const op = await makeNextOp(


     

       
199

       
 

       
      {


     

       
200

       
-

       
        handles: [newHandle],


     

       
201

       
 

       
      },


     

       
202

       
 

       
      rotationKey2,


     

       
203

       
 

       
    )


     
···

       
208

       
 

       
      throw new Error('expected doc')


     

       
209

       
 

       
    }


     

       
210

       
 

       
    expect(doc.did).toEqual(did)


     

       
211

       
-

       
    expect(doc.signingKey).toEqual(signingKey.did())


     

       
212

       
 

       
    expect(doc.rotationKeys).toEqual([rotationKey1.did(), rotationKey2.did()])


     

       
213

       
-

       
    expect(doc.handles).toEqual([handle])


     

       
214

       
 

       
    expect(doc.services).toEqual({ atpPds })


     

       
215

       
 

       
  })


     

       
216

       
 

       



     
···

       
225

       
 

       
    const prev = await cidForCbor(ops[ops.length - 2])


     

       
226

       
 

       
    const op = await makeNextOp(


     

       
227

       
 

       
      {


     

       
228

       
-

       
        handles: ['bob.test'],


     

       
229

       
 

       
        prev: prev.toString(),


     

       
230

       
 

       
      },


     

       
231

       
 

       
      rotationKey1,


     
···

       
238

       
 

       
  it('does not allow a create operation in the middle of the log', async () => {


     

       
239

       
 

       
    const op = await makeNextOp(


     

       
240

       
 

       
      {


     

       
241

       
-

       
        handles: ['bob.test'],


     

       
242

       
 

       
        prev: null,


     

       
243

       
 

       
      },


     

       
244

       
 

       
      rotationKey1,


     
···

       
39

       
 

       
    const prev = await cidForCbor(lastOp)


     

       
40

       
 

       
    return operations.signOperation(


     

       
41

       
 

       
      {


     

       
42

       
+

       
        type: 'plc_operation',


     

       
43

       
+

       
        verificationMethods: lastOp.verificationMethods,


     

       
44

       
 

       
        rotationKeys: lastOp.rotationKeys,


     

       
45

       
+

       
        alsoKnownAs: lastOp.alsoKnownAs,


     

       
46

       
 

       
        services: lastOp.services,


     

       
47

       
 

       
        prev: prev.toString(),


     

       
48

       
 

       
        ...changes,


     
···

       
54

       
 

       
  it('creates a valid create op', async () => {


     

       
55

       
 

       
    const createOp = await operations.signOperation(


     

       
56

       
 

       
      {


     

       
57

       
+

       
        type: 'plc_operation',


     

       
58

       
+

       
        verificationMethods: {


     

       
59

       
+

       
          atproto: signingKey.did(),


     

       
60

       
+

       
        },


     

       
61

       
 

       
        rotationKeys: [rotationKey1.did(), rotationKey2.did()],


     

       
62

       
+

       
        alsoKnownAs: [handle],


     

       
63

       
 

       
        services: {


     

       
64

       
 

       
          atpPds,


     

       
65

       
 

       
        },


     
···

       
80

       
 

       
      throw new Error('expected doc')


     

       
81

       
 

       
    }


     

       
82

       
 

       
    expect(doc.did).toEqual(did)


     

       
83

       
+

       
    expect(doc.verificationMethods).toEqual({ atproto: signingKey.did() })


     

       
84

       
 

       
    expect(doc.rotationKeys).toEqual([rotationKey1.did(), rotationKey2.did()])


     

       
85

       
+

       
    expect(doc.alsoKnownAs).toEqual([handle])


     

       
86

       
 

       
    expect(doc.services).toEqual({ atpPds })


     

       
87

       
 

       
  })


     

       
88

       
 

       



     

       
89

       
 

       
  it('updates handle', async () => {


     

       
90

       
 

       
    handle = 'ali.example2.com'


     

       
91

       
+

       
    const op = await makeNextOp({ alsoKnownAs: [handle] }, rotationKey1)


     

       
92

       
 

       
    ops.push(op)


     

       
93

       
 

       



     

       
94

       
 

       
    const doc = await data.validateOperationLog(did, ops)


     
···

       
96

       
 

       
      throw new Error('expected doc')


     

       
97

       
 

       
    }


     

       
98

       
 

       
    expect(doc.did).toEqual(did)


     

       
99

       
+

       
    expect(doc.verificationMethods).toEqual({ atproto: signingKey.did() })


     

       
100

       
 

       
    expect(doc.rotationKeys).toEqual([rotationKey1.did(), rotationKey2.did()])


     

       
101

       
+

       
    expect(doc.alsoKnownAs).toEqual([handle])


     

       
102

       
 

       
    expect(doc.services).toEqual({ atpPds })


     

       
103

       
 

       
  })


     

       
104

       
 

       



     
···

       
119

       
 

       
      throw new Error('expected doc')


     

       
120

       
 

       
    }


     

       
121

       
 

       
    expect(doc.did).toEqual(did)


     

       
122

       
+

       
    expect(doc.verificationMethods).toEqual({ atproto: signingKey.did() })


     

       
123

       
 

       
    expect(doc.rotationKeys).toEqual([rotationKey1.did(), rotationKey2.did()])


     

       
124

       
+

       
    expect(doc.alsoKnownAs).toEqual([handle])


     

       
125

       
 

       
    expect(doc.services).toEqual({ atpPds })


     

       
126

       
 

       
  })


     

       
127

       
 

       



     
···

       
129

       
 

       
    const newSigningKey = await Secp256k1Keypair.create()


     

       
130

       
 

       
    const op = await makeNextOp(


     

       
131

       
 

       
      {


     

       
132

       
+

       
        verificationMethods: {


     

       
133

       
+

       
          atproto: newSigningKey.did(),


     

       
134

       
+

       
        },


     

       
135

       
 

       
      },


     

       
136

       
 

       
      rotationKey1,


     

       
137

       
 

       
    )


     
···

       
144

       
 

       
      throw new Error('expected doc')


     

       
145

       
 

       
    }


     

       
146

       
 

       
    expect(doc.did).toEqual(did)


     

       
147

       
+

       
    expect(doc.verificationMethods).toEqual({ atproto: signingKey.did() })


     

       
148

       
 

       
    expect(doc.rotationKeys).toEqual([rotationKey1.did(), rotationKey2.did()])


     

       
149

       
+

       
    expect(doc.alsoKnownAs).toEqual([handle])


     

       
150

       
 

       
    expect(doc.services).toEqual({ atpPds })


     

       
151

       
 

       
  })


     

       
152

       
 

       



     
···

       
169

       
 

       
    }


     

       
170

       
 

       



     

       
171

       
 

       
    expect(doc.did).toEqual(did)


     

       
172

       
+

       
    expect(doc.verificationMethods).toEqual({ atproto: signingKey.did() })


     

       
173

       
 

       
    expect(doc.rotationKeys).toEqual([rotationKey1.did(), rotationKey2.did()])


     

       
174

       
+

       
    expect(doc.alsoKnownAs).toEqual([handle])


     

       
175

       
 

       
    expect(doc.services).toEqual({ atpPds })


     

       
176

       
 

       
  })


     

       
177

       
 

       



     

       
178

       
 

       
  it('no longer allows operations from old rotation key', async () => {


     

       
179

       
 

       
    const op = await makeNextOp(


     

       
180

       
 

       
      {


     

       
181

       
+

       
        alsoKnownAs: ['bob'],


     

       
182

       
 

       
      },


     

       
183

       
 

       
      oldRotationKey1,


     

       
184

       
 

       
    )


     
···

       
190

       
 

       
  it('does not allow operations from the signingKey', async () => {


     

       
191

       
 

       
    const op = await makeNextOp(


     

       
192

       
 

       
      {


     

       
193

       
+

       
        alsoKnownAs: ['bob'],


     

       
194

       
 

       
      },


     

       
195

       
 

       
      signingKey,


     

       
196

       
 

       
    )


     
···

       
203

       
 

       
    const newHandle = 'ali.example.com'


     

       
204

       
 

       
    const op = await makeNextOp(


     

       
205

       
 

       
      {


     

       
206

       
+

       
        alsoKnownAs: [newHandle],


     

       
207

       
 

       
      },


     

       
208

       
 

       
      rotationKey2,


     

       
209

       
 

       
    )


     
···

       
214

       
 

       
      throw new Error('expected doc')


     

       
215

       
 

       
    }


     

       
216

       
 

       
    expect(doc.did).toEqual(did)


     

       
217

       
+

       
    expect(doc.verificationMethods).toEqual({ atproto: signingKey.did() })


     

       
218

       
 

       
    expect(doc.rotationKeys).toEqual([rotationKey1.did(), rotationKey2.did()])


     

       
219

       
+

       
    expect(doc.alsoKnownAs).toEqual([handle])


     

       
220

       
 

       
    expect(doc.services).toEqual({ atpPds })


     

       
221

       
 

       
  })


     

       
222

       
 

       



     
···

       
231

       
 

       
    const prev = await cidForCbor(ops[ops.length - 2])


     

       
232

       
 

       
    const op = await makeNextOp(


     

       
233

       
 

       
      {


     

       
234

       
+

       
        alsoKnownAs: ['bob.test'],


     

       
235

       
 

       
        prev: prev.toString(),


     

       
236

       
 

       
      },


     

       
237

       
 

       
      rotationKey1,


     
···

       
244

       
 

       
  it('does not allow a create operation in the middle of the log', async () => {


     

       
245

       
 

       
    const op = await makeNextOp(


     

       
246

       
 

       
      {


     

       
247

       
+

       
        alsoKnownAs: ['bob.test'],


     

       
248

       
 

       
        prev: null,


     

       
249

       
 

       
      },


     

       
250

       
 

       
      rotationKey1,
+46 -69
packages/lib/tests/document.test.ts 
···

       
5

       
 

       



     

       
6

       
 

       
describe('document', () => {


     

       
7

       
 

       
  it('formats a valid DID document', async () => {


     

       
8

       
-

       
    const signingKey = await Secp256k1Keypair.create()


     

       

       

       
     

       
9

       
 

       
    const rotate1 = await Secp256k1Keypair.create()


     

       
10

       
 

       
    const rotate2 = await EcdsaKeypair.create()


     

       
11

       
-

       
    const handles = ['alice.test', 'bob.test']


     

       
12

       
 

       
    const atpPds = 'https://example.com'


     

       

       

       
     

       
13

       
 

       
    const data: t.DocumentData = {


     

       
14

       
 

       
      did: 'did:example:alice',


     

       
15

       
-

       
      signingKey: signingKey.did(),


     

       

       

       
     

       

       

       
     

       

       

       
     

       
16

       
 

       
      rotationKeys: [rotate1.did(), rotate2.did()],


     

       
17

       
-

       
      handles,


     

       
18

       
 

       
      services: {


     

       
19

       
-

       
        atpPds,


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
20

       
 

       
      },


     

       
21

       
 

       
    }


     

       
22

       
 

       
    const doc = await document.formatDidDoc(data)


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
23

       
 

       
    expect(doc['@context']).toEqual([


     

       
24

       
 

       
      'https://www.w3.org/ns/did/v1',


     

       
25

       
 

       
      'https://w3id.org/security/suites/secp256k1-2019/v1',


     

       

       

       
     

       
26

       
 

       
    ])


     

       
27

       
 

       
    expect(doc.id).toEqual(data.did)


     

       
28

       
-

       
    const formattedHandles = handles.map((h) => `https://${h}`)


     

       
29

       
-

       
    expect(doc.alsoKnownAs).toEqual(formattedHandles)


     

       
30

       
-

       
    expect(doc.verificationMethod.length).toBe(1)


     

       
31

       
-

       
    expect(doc.verificationMethod[0].id).toEqual('#signingKey')


     

       

       

       
     

       
32

       
 

       
    expect(doc.verificationMethod[0].type).toEqual(


     

       
33

       
 

       
      'EcdsaSecp256k1VerificationKey2019',


     

       
34

       
 

       
    )


     

       
35

       
 

       
    expect(doc.verificationMethod[0].controller).toEqual(data.did)


     

       
36

       
-

       
    const parsedSigningKey = parseDidKey(signingKey.did())


     

       
37

       
-

       
    const signingKeyMultibase =


     

       
38

       
-

       
      'z' + uint8arrays.toString(parsedSigningKey.keyBytes, 'base58btc')


     

       
39

       
 

       
    expect(doc.verificationMethod[0].publicKeyMultibase).toEqual(


     

       
40

       
-

       
      signingKeyMultibase,


     

       
41

       
 

       
    )


     

       
42

       
-

       
    expect(doc.assertionMethod).toEqual(['#signingKey'])


     

       
43

       
-

       
    expect(doc.capabilityInvocation).toEqual(['#signingKey'])


     

       
44

       
-

       
    expect(doc.capabilityDelegation).toEqual(['#signingKey'])


     

       
45

       
-

       
    expect(doc.service.length).toBe(1)


     

       
46

       
-

       
    expect(doc.service[0].id).toEqual('#atpPds')


     

       
47

       
-

       
    expect(doc.service[0].type).toEqual('AtpPersonalDataServer')


     

       
48

       
-

       
    expect(doc.service[0].serviceEndpoint).toEqual(atpPds)


     

       
49

       
-

       
  })


     

       
50

       
 

       



     

       
51

       
-

       
  it('handles P-256 keys', async () => {


     

       
52

       
-

       
    const signingKey = await EcdsaKeypair.create()


     

       
53

       
-

       
    const rotate1 = await Secp256k1Keypair.create()


     

       
54

       
-

       
    const rotate2 = await EcdsaKeypair.create()


     

       
55

       
-

       
    const handles = ['alice.test', 'bob.test']


     

       
56

       
-

       
    const atpPds = 'https://example.com'


     

       
57

       
-

       
    const data: t.DocumentData = {


     

       
58

       
-

       
      did: 'did:example:alice',


     

       
59

       
-

       
      signingKey: signingKey.did(),


     

       
60

       
-

       
      rotationKeys: [rotate1.did(), rotate2.did()],


     

       
61

       
-

       
      handles,


     

       
62

       
-

       
      services: {


     

       
63

       
-

       
        atpPds,


     

       
64

       
-

       
      },


     

       
65

       
-

       
    }


     

       
66

       
-

       
    const doc = await document.formatDidDoc(data)


     

       
67

       
-

       
    expect(doc.verificationMethod.length).toBe(1)


     

       
68

       
-

       
    expect(doc['@context']).toEqual([


     

       
69

       
-

       
      'https://www.w3.org/ns/did/v1',


     

       
70

       
-

       
      'https://w3id.org/security/suites/ecdsa-2019/v1',


     

       
71

       
-

       
    ])


     

       
72

       
-

       
    expect(doc.verificationMethod[0].id).toEqual('#signingKey')


     

       
73

       
-

       
    expect(doc.verificationMethod[0].type).toEqual(


     

       
74

       
 

       
      'EcdsaSecp256r1VerificationKey2019',


     

       
75

       
 

       
    )


     

       
76

       
-

       
    expect(doc.verificationMethod[0].controller).toEqual(data.did)


     

       
77

       
-

       
    const parsedSigningKey = parseDidKey(signingKey.did())


     

       
78

       
-

       
    const signingKeyMultibase =


     

       
79

       
-

       
      'z' + uint8arrays.toString(parsedSigningKey.keyBytes, 'base58btc')


     

       
80

       
-

       
    expect(doc.verificationMethod[0].publicKeyMultibase).toEqual(


     

       
81

       
-

       
      signingKeyMultibase,


     

       
82

       
 

       
    )


     

       
83

       
-

       
  })


     

       
84

       
 

       



     

       
85

       
-

       
  it('formats a valid DID document regardless of leading https://', async () => {


     

       
86

       
-

       
    const signingKey = await Secp256k1Keypair.create()


     

       
87

       
-

       
    const rotate1 = await Secp256k1Keypair.create()


     

       
88

       
-

       
    const rotate2 = await EcdsaKeypair.create()


     

       
89

       
-

       
    const handles = ['https://alice.test', 'bob.test']


     

       
90

       
-

       
    const atpPds = 'example.com'


     

       
91

       
-

       
    const data: t.DocumentData = {


     

       
92

       
-

       
      did: 'did:example:alice',


     

       
93

       
-

       
      signingKey: signingKey.did(),


     

       
94

       
-

       
      rotationKeys: [rotate1.did(), rotate2.did()],


     

       
95

       
-

       
      handles,


     

       
96

       
-

       
      services: {


     

       
97

       
-

       
        atpPds,


     

       
98

       
-

       
      },


     

       
99

       
-

       
    }


     

       
100

       
-

       
    const doc = await document.formatDidDoc(data)


     

       
101

       
-

       
    expect(doc.alsoKnownAs).toEqual(['https://alice.test', 'https://bob.test'])


     

       
102

       
-

       
    expect(doc.service[0].serviceEndpoint).toEqual(`https://${atpPds}`)


     

       
103

       
 

       
  })


     

       
104

       
 

       
})


     
···

       
5

       
 

       



     

       
6

       
 

       
describe('document', () => {


     

       
7

       
 

       
  it('formats a valid DID document', async () => {


     

       
8

       
+

       
    const atprotoKey = await Secp256k1Keypair.create()


     

       
9

       
+

       
    const otherKey = await EcdsaKeypair.create()


     

       
10

       
 

       
    const rotate1 = await Secp256k1Keypair.create()


     

       
11

       
 

       
    const rotate2 = await EcdsaKeypair.create()


     

       
12

       
+

       
    const alsoKnownAs = ['at://alice.test', 'https://bob.test']


     

       
13

       
 

       
    const atpPds = 'https://example.com'


     

       
14

       
+

       
    const otherService = 'https://other.com'


     

       
15

       
 

       
    const data: t.DocumentData = {


     

       
16

       
 

       
      did: 'did:example:alice',


     

       
17

       
+

       
      verificationMethods: {


     

       
18

       
+

       
        atproto: atprotoKey.did(),


     

       
19

       
+

       
        other: otherKey.did(),


     

       
20

       
+

       
      },


     

       
21

       
 

       
      rotationKeys: [rotate1.did(), rotate2.did()],


     

       
22

       
+

       
      alsoKnownAs,


     

       
23

       
 

       
      services: {


     

       
24

       
+

       
        atproto_pds: {


     

       
25

       
+

       
          type: 'AtprotoPersonalDataServer',


     

       
26

       
+

       
          endpoint: atpPds,


     

       
27

       
+

       
        },


     

       
28

       
+

       
        other: {


     

       
29

       
+

       
          type: 'SomeService',


     

       
30

       
+

       
          endpoint: otherService,


     

       
31

       
+

       
        },


     

       
32

       
 

       
      },


     

       
33

       
 

       
    }


     

       
34

       
 

       
    const doc = await document.formatDidDoc(data)


     

       
35

       
+

       
    // only epxected keys


     

       
36

       
+

       
    expect(Object.keys(doc).sort()).toEqual(


     

       
37

       
+

       
      ['@context', 'id', 'alsoKnownAs', 'verificationMethod', 'service'].sort(),


     

       
38

       
+

       
    )


     

       
39

       
 

       
    expect(doc['@context']).toEqual([


     

       
40

       
 

       
      'https://www.w3.org/ns/did/v1',


     

       
41

       
 

       
      'https://w3id.org/security/suites/secp256k1-2019/v1',


     

       
42

       
+

       
      'https://w3id.org/security/suites/ecdsa-2019/v1',


     

       
43

       
 

       
    ])


     

       
44

       
 

       
    expect(doc.id).toEqual(data.did)


     

       
45

       
+

       
    expect(doc.alsoKnownAs).toEqual(alsoKnownAs)


     

       
46

       
+

       



     

       
47

       
+

       
    expect(doc.verificationMethod.length).toBe(2)


     

       
48

       
+

       



     

       
49

       
+

       
    expect(doc.verificationMethod[0].id).toEqual('#atproto')


     

       
50

       
 

       
    expect(doc.verificationMethod[0].type).toEqual(


     

       
51

       
 

       
      'EcdsaSecp256k1VerificationKey2019',


     

       
52

       
 

       
    )


     

       
53

       
 

       
    expect(doc.verificationMethod[0].controller).toEqual(data.did)


     

       
54

       
+

       
    const parsedAtprotoKey = parseDidKey(atprotoKey.did())


     

       
55

       
+

       
    const atprotoKeyMultibase =


     

       
56

       
+

       
      'z' + uint8arrays.toString(parsedAtprotoKey.keyBytes, 'base58btc')


     

       
57

       
 

       
    expect(doc.verificationMethod[0].publicKeyMultibase).toEqual(


     

       
58

       
+

       
      atprotoKeyMultibase,


     

       
59

       
 

       
    )


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
60

       
 

       



     

       
61

       
+

       
    expect(doc.verificationMethod[1].id).toEqual('#other')


     

       
62

       
+

       
    expect(doc.verificationMethod[1].type).toEqual(


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
63

       
 

       
      'EcdsaSecp256r1VerificationKey2019',


     

       
64

       
 

       
    )


     

       
65

       
+

       
    expect(doc.verificationMethod[1].controller).toEqual(data.did)


     

       
66

       
+

       
    const parsedOtherKey = parseDidKey(otherKey.did())


     

       
67

       
+

       
    const otherKeyMultibase =


     

       
68

       
+

       
      'z' + uint8arrays.toString(parsedOtherKey.keyBytes, 'base58btc')


     

       
69

       
+

       
    expect(doc.verificationMethod[1].publicKeyMultibase).toEqual(


     

       
70

       
+

       
      otherKeyMultibase,


     

       
71

       
 

       
    )


     

       

       

       
     

       
72

       
 

       



     

       
73

       
+

       
    expect(doc.service.length).toBe(2)


     

       
74

       
+

       
    expect(doc.service[0].id).toEqual('#atproto_pds')


     

       
75

       
+

       
    expect(doc.service[0].type).toEqual('AtprotoPersonalDataServer')


     

       
76

       
+

       
    expect(doc.service[0].serviceEndpoint).toEqual(atpPds)


     

       
77

       
+

       
    expect(doc.service[1].id).toEqual('#other')


     

       
78

       
+

       
    expect(doc.service[1].type).toEqual('SomeService')


     

       
79

       
+

       
    expect(doc.service[1].serviceEndpoint).toEqual(otherService)


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
80

       
 

       
  })


     

       
81

       
 

       
})
+10 -12
packages/lib/tests/recovery.test.ts 
···

       
46

       
 

       
    signer: Keypair,


     

       
47

       
 

       
    otherChanges: Partial<t.Operation> = {},


     

       
48

       
 

       
  ) => {


     

       
49

       
-

       
    const op = await operations.signOperation(


     

       
50

       
-

       
      {


     

       
51

       
 

       
        signingKey: signingKey.did(),


     

       
52

       
 

       
        rotationKeys: keys.map((k) => k.did()),


     

       
53

       
-

       
        handles: [handle],


     

       
54

       
-

       
        services: {


     

       
55

       
-

       
          atpPds,


     

       
56

       
-

       
        },


     

       
57

       
-

       
        prev: prev ? prev.toString() : null,


     

       
58

       
-

       
        ...otherChanges,


     

       
59

       
-

       
      },


     

       
60

       
-

       
      signer,


     

       
61

       
-

       
    )


     

       
62

       
 

       
    const indexed = await formatIndexed(op)


     

       
63

       
 

       
    return { op, indexed }


     

       
64

       
 

       
  }


     
···

       
89

       
 

       
      [rotationKey3],


     

       
90

       
 

       
      rotate.indexed.cid,


     

       
91

       
 

       
      rotationKey3,


     

       
92

       
-

       
      { handles: ['newhandle.test'] },


     

       
93

       
 

       
    )


     

       
94

       
 

       



     

       
95

       
 

       
    log.push({


     
···

       
46

       
 

       
    signer: Keypair,


     

       
47

       
 

       
    otherChanges: Partial<t.Operation> = {},


     

       
48

       
 

       
  ) => {


     

       
49

       
+

       
    const unsigned = {


     

       
50

       
+

       
      ...operations.formatAtprotoOp({


     

       
51

       
 

       
        signingKey: signingKey.did(),


     

       
52

       
 

       
        rotationKeys: keys.map((k) => k.did()),


     

       
53

       
+

       
        handle,


     

       
54

       
+

       
        pds: atpPds,


     

       
55

       
+

       
        prev,


     

       
56

       
+

       
      }),


     

       
57

       
+

       
      ...otherChanges,


     

       
58

       
+

       
    }


     

       
59

       
+

       
    const op = await operations.addSignature(unsigned, signer)


     

       

       

       
     

       

       

       
     

       
60

       
 

       
    const indexed = await formatIndexed(op)


     

       
61

       
 

       
    return { op, indexed }


     

       
62

       
 

       
  }


     
···

       
87

       
 

       
      [rotationKey3],


     

       
88

       
 

       
      rotate.indexed.cid,


     

       
89

       
 

       
      rotationKey3,


     

       
90

       
+

       
      { alsoKnownAs: ['newhandle.test'] },


     

       
91

       
 

       
    )


     

       
92

       
 

       



     

       
93

       
 

       
    log.push({