lexicon-level identifier validation helpers and test cases (bluesky-s…

…ocial#576) * hardening: permissive tests for handles * identifers: permissive tests for NSIDs * identifiers: add DID validation * identifiers: wrong about domain syntax (duh, 4chan.com) In short, labels can start with digits except for the final TLD part. I think that is all for "DNS domains as hostnames which are actually used in the real world", though there might be other modern things. Underscores are obviously allowed in DNS for things like SRV records, but I don't think as "regular hostnames". Not sure we want this for NSIDs, so not updating that code or tests yet. * identifiers: ATURI test corner cases * identifiers: remove TODOs (moved to formalism doc) * identifiers: small comment typos and corrections * move around & integrate indentifier hardneing * fixed up some tests --------- Co-authored-by: dholms <[email protected]>
tessoudali · Mar 17, 2023 · 228431e · 228431e
1 parent 9af530e
commit 228431e
Show file tree

Hide file tree

Showing 36 changed files with 992 additions and 320 deletions.
diff --git a/packages/dev-env/package.json b/packages/dev-env/package.json
@@ -22,6 +22,7 @@
     "@atproto/uri": "*",
     "@did-plc/lib": "^0.0.1",
     "@did-plc/server": "^0.0.1",
+    "better-sqlite3": "^7.6.2",
     "chalk": "^5.0.1",
     "dotenv": "^16.0.1",
     "get-port": "^6.1.2",

diff --git a/packages/handle/src/index.ts b/packages/handle/src/index.ts
diff --git a/packages/handle/tests/handle.test.ts b/packages/handle/tests/handle.test.ts
diff --git a/packages/handle/README.md → packages/identifier/README.md b/packages/handle/README.md → packages/identifier/README.md
@@ -1,11 +1,11 @@
-# Handle
+# Identifier
 
-Validation logic for AT handles
+Validation logic for AT identifiers - DIDs & Handles
 
 ## Usage
 
 ```typescript
-import * as handle from '@atproto/handle'
+import * as identifier from '@atproto/identifier'
 
 isValid('alice.test', ['.test']) // returns true
 ensureValid('alice.test', ['.test']) // returns void

diff --git a/packages/handle/babel.config.js → packages/identifier/babel.config.js b/packages/handle/babel.config.js → packages/identifier/babel.config.js
diff --git a/packages/handle/build.js → packages/identifier/build.js b/packages/handle/build.js → packages/identifier/build.js
diff --git a/packages/handle/jest.config.js → packages/identifier/jest.config.js b/packages/handle/jest.config.js → packages/identifier/jest.config.js
@@ -2,5 +2,5 @@ const base = require('../../jest.config.base.js')
 
 module.exports = {
   ...base,
-  displayName: 'Handle',
+  displayName: 'Identifier',
 }
diff --git a/packages/handle/package.json → packages/identifier/package.json b/packages/handle/package.json → packages/identifier/package.json
@@ -1,5 +1,5 @@
 {
-  "name": "@atproto/handle",
+  "name": "@atproto/identifier",
   "version": "0.0.1",
   "main": "src/index.ts",
   "scripts": {
@@ -19,7 +19,6 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@atproto/common": "*",
-    "@sideway/address": "^5.0.0"
+    "@atproto/common": "*"
   }
 }
diff --git a/packages/identifier/src/did.ts b/packages/identifier/src/did.ts
@@ -0,0 +1,54 @@
+// Human-readable constraints:
+//   - valid W3C DID (https://www.w3.org/TR/did-core/#did-syntax)
+//      - entire URI is ASCII: [a-zA-Z0-9._:%-]
+//      - always starts "did:" (lower-case)
+//      - method name is one or more lower-case letters, followed by ":"
+//      - remaining identifier can have any of the above chars, but can not end in ":"
+//      - it seems that a bunch of ":" can be included, and don't need spaces between
+//      - "%" is used only for "percent encoding" and must be followed by two hex characters (and thus can't end in "%")
+//      - query ("?") and fragment ("#") stuff is defined for "DID URIs", but not as part of identifier itself
+//      - "The current specification does not take a position on the maximum length of a DID"
+//   - in current atproto, only allowing did:plc and did:web. But not *forcing* this at lexico layer
+//   - hard length limit of 8KBytes
+//   - not going to validate "percent encoding" here
+export const ensureValidDid = (did: string): void => {
+  // check that all chars are boring ASCII
+  if (!/^[a-zA-Z0-9._:%-]*$/.test(did)) {
+    throw new Error(
+      'Disallowed characters in DID (ASCII letters, digits, and a couple other characters only)',
+    )
+  }
+
+  const parts = did.split(':')
+  if (parts.length < 3) {
+    throw new Error('DID requires prefix, method, and method-specific content')
+  }
+
+  if (parts[0] != 'did') {
+    throw new Error('DID requires "did:" prefix')
+  }
+
+  if (!/^[a-z]+$/.test(parts[1])) {
+    throw new Error('DID method must be lower-case letters')
+  }
+
+  if (did.endsWith(':') || did.endsWith('%')) {
+    throw new Error('DID can not end with ":" or "%"')
+  }
+
+  if (did.length > 8 * 1024) {
+    throw new Error('DID is far too long')
+  }
+}
+
+export const ensureValidDidRegex = (did: string): void => {
+  // simple regex to enforce most constraints via just regex and length.
+  // hand wrote this regex based on above constraints
+  if (!/^did:[a-z]+:[a-zA-Z0-9._:%-]*[a-zA-Z0-9._-]$/.test(did)) {
+    throw new Error("DID didn't validate via regex")
+  }
+
+  if (did.length > 8 * 1024) {
+    throw new Error('DID is far too long')
+  }
+}