feat(identity-resolver): handle resolvers

Author: mary-ext

README.md

@@ -40,8 +40,8 @@ of atcute.
 | **Identity packages** _(work in progress)_                                                                             |
 | [`did-plc`](./packages/identity/did-plc): validations, type definitions and schemas for did:plc operations             |
 | [`identity`](./packages/identity/identity): syntax, type definitions and schemas for handles, DIDs and DID documents   |
-| [`identity-resolver`]('./packages/identity/identity-resolver): DID document resolution                                 |
-| `identity-resolver-node`: node.js dns handle resolution                                                                |
+| [`identity-resolver`]('./packages/identity/identity-resolver): handle and DID document resolution                      |
+| `identity-resolver-node`: `node:dns`-powered handle resolution                                                         |
 | **Lexicon definitions**                                                                                                |
 | [`bluemoji`](./packages/definitions/bluemoji): adds `blue.moji.*` lexicons                                             |
 | [`bluesky`](./packages/definitions/bluesky): adds `app.bsky.*` and `chat.bsky.*` lexicons                              |

packages/identity/identity-resolver/README.md

@@ -6,13 +6,26 @@
 atproto handle and DID document resolution
 
 ```ts
-const resolver = new CompositeDidResolver({
+// handle resolution
+const handleResolver = new CompositeHandleResolver({
+	strategy: 'race',
+	methods: {
+		dns: new DohJsonHandleResolver({ dohUrl: 'https://mozilla.cloudflare-dns.com/dns-query' }),
+		http: new WellKnownHandleResolver(),
+	},
+});
+
+const handle = await didResolver.resolve('bsky.app');
+//    ^? 'did:plc:z72i7hdynmk6r22z27h6tvur'
+
+// did doc resolution
+const didResolver = new CompositeDidResolver({
 	methods: {
 		plc: new PlcDidResolver(),
 		web: new WebDidResolver(),
 	},
 });
 
-const doc = await resolver.resolve('did:plc:ia76kvnndjutgedggx2ibrem');
-//    ^? { '@context': [...], id: 'did:plc:ia76kvnndjutgedggx2ibrem', ... }
+const doc = await didResolver.resolve('did:plc:z72i7hdynmk6r22z27h6tvur');
+//    ^? { '@context': [...], id: 'did:plc:z72i7hdynmk6r22z27h6tvur', ... }
 ```

packages/identity/identity-resolver/lib/errors.ts

@@ -19,3 +19,45 @@ export class ImproperDidError extends DidResolutionError {
 		super(`improper did; did=${did}`);
 	}
 }
+
+export class HandleResolutionError extends Error {
+	override name = 'HandleResolutionError';
+}
+
+export class MissingDidError extends HandleResolutionError {
+	override name = 'MissingDidError';
+
+	constructor(public handle: string) {
+		super(`handle returned no did; handle=${handle}`);
+	}
+}
+
+export class FailedDidResolutionError extends HandleResolutionError {
+	override name = 'FailedDidResolutionError';
+
+	constructor(
+		public handle: string,
+		options?: ErrorOptions,
+	) {
+		super(`failed to resolve handle; handle=${handle}`, options);
+	}
+}
+
+export class InvalidResolvedDidError extends HandleResolutionError {
+	override name = 'InvalidResolvedDidError';
+
+	constructor(
+		public handle: string,
+		public did: string,
+	) {
+		super(`handle returned invalid did; handle=${handle}; did=${did}`);
+	}
+}
+
+export class DuplicateResolvedDidError extends HandleResolutionError {
+	override name = 'DuplicateResolvedDidError';
+
+	constructor(handle: string) {
+		super(`handle returned multiple did values; handle=${handle}`);
+	}
+}

packages/identity/identity-resolver/lib/handle/composite.ts

@@ -0,0 +1,78 @@
+import type { Did, Handle } from '@atcute/identity';
+
+import type { HandleResolver, ResolveHandleOptions } from '../types.js';
+
+export type CompositeStrategy = 'http-first' | 'dns-first' | 'race';
+
+export interface CompositeHandleResolverOptions {
+	/** controls how the resolution is done, defaults to 'race' */
+	strategy?: CompositeStrategy;
+	/** the methods to use for resolving the handle. */
+	methods: Record<'http' | 'dns', HandleResolver>;
+}
+
+export class CompositeHandleResolver implements HandleResolver {
+	#methods: Record<string, HandleResolver>;
+	strategy: CompositeStrategy;
+
+	constructor({ methods, strategy = 'race' }: CompositeHandleResolverOptions) {
+		this.#methods = methods;
+		this.strategy = strategy;
+	}
+
+	async resolve(handle: Handle, options?: ResolveHandleOptions): Promise<Did> {
+		const { http, dns } = this.#methods;
+
+		const parentSignal = options?.signal;
+		const controller = new AbortController();
+		if (parentSignal) {
+			parentSignal.addEventListener('abort', () => controller.abort(), { signal: controller.signal });
+		}
+
+		const dnsPromise = dns.resolve(handle, { ...options, signal: controller.signal });
+		const httpPromise = http.resolve(handle, { ...options, signal: controller.signal });
+
+		switch (this.strategy) {
+			case 'race': {
+				return new Promise((resolve) => {
+					dnsPromise.then(
+						(did) => {
+							controller.abort();
+							resolve(did);
+						},
+						() => resolve(httpPromise),
+					);
+
+					httpPromise.then(
+						(did) => {
+							controller.abort();
+							resolve(did);
+						},
+						() => resolve(dnsPromise),
+					);
+				});
+			}
+			case 'dns-first': {
+				const resolved = await dnsPromise.catch(noopPromise);
+				if (resolved) {
+					controller.abort();
+					return resolved;
+				}
+
+				return httpPromise;
+			}
+			case 'http-first': {
+				const resolved = await httpPromise.catch(noopPromise);
+				if (resolved) {
+					controller.abort();
+					return resolved;
+				}
+
+				return dnsPromise;
+			}
+		}
+	}
+}
+
+const noop = () => {};
+const noopPromise = () => new Promise<never>(noop);

packages/identity/identity-resolver/lib/handle/methods/doh-json.ts

@@ -0,0 +1,129 @@
+import * as v from '@badrap/valita';
+
+import { isAtprotoDid, type Did, type Handle } from '@atcute/identity';
+import { isResponseOk, parseResponseAsJson, pipe, validateJsonWith } from '@atcute/util-fetch';
+
+import * as err from '../../errors.js';
+import type { HandleResolver, ResolveHandleOptions } from '../../types.js';
+
+const uint32 = v.number().assert((input) => Number.isInteger(input) && input >= 0 && input <= 2 ** 32 - 1);
+
+const question = v.object({
+	name: v.string(),
+	type: v.literal(16), // TXT
+});
+
+const answer = v.object({
+	name: v.string(),
+	type: v.literal(16), // TXT
+	TTL: uint32,
+	data: v.string(),
+});
+
+const result = v.object({
+	/** DNS response code */
+	Status: uint32,
+	/** Whether response is truncated */
+	TC: v.boolean(),
+	/** Whether recursive desired bit is set, always true for Google and Cloudflare DoH */
+	RD: v.boolean(),
+	/** Whether recursive available bit is set, always true for Google and Cloudflare DoH */
+	RA: v.boolean(),
+	/** Whether response data was validated with DNSSEC */
+	AD: v.boolean(),
+	/** Whether client asked to disable DNSSEC validation */
+	CD: v.boolean(),
+	/** Requested records */
+	Question: v.tuple([question]),
+	/** Answers */
+	Answer: v.array(answer),
+});
+
+const extractTxtData = (input: string) => {
+	return input.replace(/^"|"$/g, '').replace(/\\"/g, '"');
+};
+
+const SUBDOMAIN = '_atproto';
+const PREFIX = 'did=';
+
+const fetchDohJsonHandler = pipe(
+	isResponseOk,
+	parseResponseAsJson(/^application\/(dns-)?json$/, 16 * 1024),
+	validateJsonWith(result),
+);
+
+export interface DohJsonHandleResolverOptions {
+	dohUrl: string;
+	fetch?: typeof fetch;
+}
+
+export class DohJsonHandleResolver implements HandleResolver {
+	readonly dohUrl: string;
+	#fetch: typeof fetch;
+
+	constructor({ dohUrl, fetch: fetchThis = fetch }: DohJsonHandleResolverOptions) {
+		this.dohUrl = dohUrl;
+		this.#fetch = fetchThis;
+	}
+
+	async resolve(handle: Handle, options?: ResolveHandleOptions): Promise<Did> {
+		let json: v.Infer<typeof result>;
+
+		try {
+			const url = new URL(this.dohUrl);
+			url.searchParams.set('name', `${SUBDOMAIN}.${handle}`);
+			url.searchParams.set('type', 'TXT');
+
+			const response = await (0, this.#fetch)(url, {
+				signal: options?.signal,
+				cache: options?.noCache ? 'no-cache' : 'default',
+				headers: { accept: 'application/dns-json' },
+			});
+
+			const handled = await fetchDohJsonHandler(response);
+
+			json = handled.json;
+		} catch (cause) {
+			throw new err.FailedDidResolutionError(handle, { cause });
+		}
+
+		const status = json.Status;
+		const answers = json.Answer;
+
+		if (status !== 0 /* NOERROR */) {
+			if (status === 3 /* NXDOMAIN */) {
+				throw new err.MissingDidError(handle);
+			}
+
+			throw new err.FailedDidResolutionError(handle, {
+				cause: new TypeError(`dns returned ${status}`),
+			});
+		}
+
+		for (let i = 0, il = answers.length; i < il; i++) {
+			const answer = answers[i];
+			const data = extractTxtData(answer.data);
+
+			if (!data.startsWith(PREFIX)) {
+				continue;
+			}
+
+			for (let j = i + 1; j < il; j++) {
+				const data = extractTxtData(answers[j].data);
+				if (data.startsWith(PREFIX)) {
+					throw new err.DuplicateResolvedDidError(handle);
+				}
+			}
+
+			const did = data.slice(PREFIX.length);
+			if (!isAtprotoDid(did)) {
+				throw new err.InvalidResolvedDidError(handle, did);
+			}
+
+			return did;
+		}
+
+		// theoretically this shouldn't happen, it should've returned NXDOMAIN
+		throw new err.MissingDidError(handle);
+	}
+}

packages/identity/identity-resolver/lib/handle/methods/well-known.ts

@@ -0,0 +1,50 @@
+import { isAtprotoDid, type Did, type Handle } from '@atcute/identity';
+import { FailedResponseError, isResponseOk, pipe, readResponseAsText } from '@atcute/util-fetch';
+
+import * as err from '../../errors.js';
+import type { HandleResolver, ResolveHandleOptions } from '../../types.js';
+
+export interface WellKnownHandleResolverOptions {
+	fetch?: typeof fetch;
+}
+
+const fetchWellKnownHandler = pipe(isResponseOk, readResponseAsText(2048 + 16));
+
+export class WellKnownHandleResolver implements HandleResolver {
+	#fetch: typeof fetch;
+
+	constructor({ fetch: fetchThis = fetch }: WellKnownHandleResolverOptions = {}) {
+		this.#fetch = fetchThis;
+	}
+
+	async resolve(handle: Handle, options?: ResolveHandleOptions): Promise<Did> {
+		let text: string;
+
+		try {
+			const url = new URL('/.well-known/atproto-did', `https://${handle}`);
+
+			const response = await (0, this.#fetch)(url, {
+				signal: options?.signal,
+				cache: options?.noCache ? 'no-cache' : 'default',
+				redirect: 'error',
+			});
+
+			const handled = await fetchWellKnownHandler(response);
+
+			text = handled.text;
+		} catch (cause) {
+			if (cause instanceof FailedResponseError && cause.status === 404) {
+				throw new err.MissingDidError(handle);
+			}
+
+			throw new err.FailedDidResolutionError(handle, { cause });
+		}
+
+		const did = text.split('\n')[0]!.trim();
+		if (!isAtprotoDid(did)) {
+			throw new err.InvalidResolvedDidError(handle, did);
+		}
+
+		return did;
+	}
+}