edouard.paris / did-method-plc
Fork of github.com/did-method-plc/did-method-plc
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

add verificationMethod count limit, key length limit, require b58btc

David Buchanan 80489452 92410613

+21 -2
+21 -2
packages/server/src/constraints.ts
··· 1 1 import { DAY, HOUR, cborEncode } from '@atproto/common' 2 2 import * as plc from '@did-plc/lib' 3 3 import { ServerError } from './error' 4 - import { extractMultikey, parseDidKey } from '@atproto/crypto' 4 + import { 5 + extractPrefixedBytes, 6 + extractMultikey, 7 + parseDidKey, 8 + } from '@atproto/crypto' 5 9 6 10 const MAX_OP_BYTES = 4000 7 11 const MAX_AKA_ENTRIES = 10 ··· 10 14 const MAX_SERVICE_ENTRIES = 10 11 15 const MAX_SERVICE_TYPE_LENGTH = 256 12 16 const MAX_SERVICE_ENDPOINT_LENGTH = 512 17 + const MAX_VERIF_METHOD_ENTRIES = 10 13 18 const MAX_ID_LENGTH = 32 19 + const MAX_DID_KEY_LENGTH = 256 // k256 = 57, BLS12-381 = 143 14 20 15 21 export function validateIncomingOp(input: unknown): plc.OpOrTombstone { 16 22 const byteLength = cborEncode(input).byteLength ··· 104 110 } 105 111 } 106 112 const verifyMethods = Object.entries(op.verificationMethods) 113 + if (verifyMethods.length > MAX_VERIF_METHOD_ENTRIES) { 114 + throw new ServerError( 115 + 400, 116 + `Too many Verification Method entries (max ${MAX_VERIF_METHOD_ENTRIES})`, 117 + ) 118 + } 107 119 for (const [id, key] of verifyMethods) { 108 120 if (id.length > MAX_ID_LENGTH) { 109 121 throw new ServerError( ··· 111 123 `Verification Method id too long (max ${MAX_ID_LENGTH}): ${id}`, 112 124 ) 113 125 } 126 + if (key.length > MAX_DID_KEY_LENGTH) { 127 + throw new ServerError( 128 + 400, 129 + `Verification Method key too long (max ${MAX_DID_KEY_LENGTH}): ${id}`, 130 + ) 131 + } 114 132 try { 115 133 // perform only minimal did:key syntax checking, with no restrictions on 116 134 // key types 117 - extractMultikey(key) 135 + const multikey = extractMultikey(key) // enforces did:key: prefix 136 + extractPrefixedBytes(multikey) // enforces base58-btc encoding 118 137 } catch (err) { 119 138 throw new ServerError(400, `Invalid verificationMethod key: ${key}`) 120 139 }