+38 -39

src/screens/Login/index.tsx

reviewed

··· 8 8 9 9 import {DEFAULT_SERVICE} from '#/lib/constants' 10 10 import {logger} from '#/logger' 11 11 - import {resolvePdsServiceUrl} from '#/state/queries/resolve-identity' 12 11 import {useServiceQuery} from '#/state/queries/service' 13 13 - import {type SessionAccount, useAgent, useSession} from '#/state/session' 12 12 + import {type SessionAccount, useSession} from '#/state/session' 13 13 + import { 14 14 + getPdsServiceUrlFromIdentityInfo, 15 15 + resolveIdentityUsingAppView, 16 16 + } from '#/state/session/identity-resolver' 14 17 import {useLoggedOutView} from '#/state/shell/logged-out' 15 18 import {LoggedOutLayout} from '#/view/com/util/layouts/LoggedOutLayout' 16 19 import {ForgotPasswordForm} from '#/screens/Login/ForgotPasswordForm' ··· 46 49 const failedAttemptCountRef = useRef(0) 47 50 const startTimeRef = useRef(Date.now()) 48 51 49 49 - const agent = useAgent() 50 52 const {accounts} = useSession() 51 53 const {requestedAccountSwitchTo} = useLoggedOutView() 52 54 const requestedAccount = accounts.find( ··· 109 111 } else { 110 112 setError('') 111 113 } 112 112 - }, [serviceError, serviceUrl, _]) 114 114 + }, [serviceError, serviceUrl, _, ax]) 113 115 114 114 - const resolveIdentity = useCallback( 115 115 - async (identifier: string) => { 116 116 - setIsResolvingService(true) 116 116 + const resolveIdentity = useCallback(async (identifier: string) => { 117 117 + setIsResolvingService(true) 117 118 118 118 - try { 119 119 - const getDid = async () => { 120 120 - if (identifier.startsWith('did:')) return identifier 121 121 - else 122 122 - return ( 123 123 - await agent.resolveHandle({ 124 124 - handle: identifier, 125 125 - }) 126 126 - ).data.did 127 127 - } 119 119 + try { 120 120 + const identity = await resolveIdentityUsingAppView(identifier) 121 121 + const did = identity.did as Did 122 122 + const pdsUrl = getPdsServiceUrlFromIdentityInfo(identity) 128 123 129 129 - const did = (await getDid()) as Did 130 130 - const pdsUrl = await resolvePdsServiceUrl(did) 124 124 + if (!pdsUrl) { 125 125 + throw new Error(`No PDS service found in DID document for ${did}`) 126 126 + } 131 127 132 132 - if (!pdsUrl) { 133 133 - throw new Error(`No PDS service found in DID document for ${did}`) 134 134 - } 135 135 - 136 136 - if (pdsUrl.endsWith('.bsky.network')) { 137 137 - setServiceUrl('https://bsky.social') 138 138 - } else { 139 139 - setServiceUrl(pdsUrl) 140 140 - } 141 141 - } catch (err) { 142 142 - logger.error( 143 143 - `Service auto-resolution failed: ${err instanceof Error ? err.message : String(err)}`, 144 144 - ) 145 145 - } finally { 146 146 - setIsResolvingService(false) 128 128 + if (pdsUrl.endsWith('.bsky.network')) { 129 129 + setServiceUrl('https://bsky.social') 130 130 + } else { 131 131 + setServiceUrl(pdsUrl) 147 132 } 148 148 - }, 149 149 - [agent], 150 150 - ) 133 133 + } catch (err) { 134 134 + logger.error( 135 135 + `Service auto-resolution failed: ${err instanceof Error ? err.message : String(err)}`, 136 136 + ) 137 137 + } finally { 138 138 + setIsResolvingService(false) 139 139 + } 140 140 + }, []) 151 141 152 142 const debouncedResolveService = useMemo( 153 143 () => debounce(resolveIdentity, 400), 154 144 [resolveIdentity], 145 145 + ) 146 146 + const onPressRetryConnect = useCallback(() => { 147 147 + void refetchService() 148 148 + }, [refetchService]) 149 149 + const onDebouncedResolveService = useCallback( 150 150 + (identifier: string) => { 151 151 + void debouncedResolveService(identifier) 152 152 + }, 153 153 + [debouncedResolveService], 155 154 ) 156 155 157 156 const onPressForgotPassword = () => { ··· 204 203 setServiceUrl={setServiceUrl} 205 204 onPressBack={goBack} 206 205 onPressForgotPassword={onPressForgotPassword} 207 207 - onPressRetryConnect={refetchService} 208 208 - debouncedResolveService={debouncedResolveService} 206 206 + onPressRetryConnect={onPressRetryConnect} 207 207 + debouncedResolveService={onDebouncedResolveService} 209 208 isResolvingService={isResolvingService} 210 209 /> 211 210 )

+193

src/state/session/__tests__/identity-resolver-test.ts

reviewed

··· 1 1 + import {beforeEach, describe, expect, it, jest} from '@jest/globals' 2 2 + 3 3 + const mockResolveHandle: jest.MockedFunction< 4 4 + ( 5 5 + params: {handle: string}, 6 6 + options?: {signal?: AbortSignal}, 7 7 + ) => Promise<{ 8 8 + data: { 9 9 + did: string 10 10 + } 11 11 + }> 12 12 + > = jest.fn() 13 13 + const mockDispose: jest.MockedFunction<() => void> = jest.fn() 14 14 + 15 15 + jest.mock('../agent', () => ({ 16 16 + createPublicAgent() { 17 17 + return { 18 18 + resolveHandle: mockResolveHandle, 19 19 + dispose: mockDispose, 20 20 + } 21 21 + }, 22 22 + })) 23 23 + 24 24 + import { 25 25 + createIdentityResolver, 26 26 + getPdsServiceUrlFromIdentityInfo, 27 27 + resolveIdentityUsingAppView, 28 28 + } from '../identity-resolver' 29 29 + 30 30 + describe('appview identity resolver', () => { 31 31 + beforeEach(() => { 32 32 + mockResolveHandle.mockReset() 33 33 + mockDispose.mockReset() 34 34 + jest.restoreAllMocks() 35 35 + }) 36 36 + 37 37 + it('resolves handles through the current appview and DID docs', async () => { 38 38 + const signal = new AbortController().signal 39 39 + mockResolveHandle.mockResolvedValueOnce({ 40 40 + data: { 41 41 + did: 'did:plc:alice12345678901234567890', 42 42 + }, 43 43 + }) 44 44 + jest.spyOn(globalThis, 'fetch').mockResolvedValueOnce({ 45 45 + ok: true, 46 46 + json: () => 47 47 + Promise.resolve({ 48 48 + id: 'did:plc:alice12345678901234567890', 49 49 + alsoKnownAs: ['at://xan.lol'], 50 50 + service: [ 51 51 + { 52 52 + id: '#atproto_pds', 53 53 + type: 'AtprotoPersonalDataServer', 54 54 + serviceEndpoint: 'https://pds.alice.example', 55 55 + }, 56 56 + ], 57 57 + }), 58 58 + } as Response) 59 59 + 60 60 + const identity = await resolveIdentityUsingAppView('xan.lol', signal) 61 61 + 62 62 + expect(mockResolveHandle).toHaveBeenCalledWith( 63 63 + {handle: 'xan.lol'}, 64 64 + {signal}, 65 65 + ) 66 66 + expect(mockDispose).toHaveBeenCalled() 67 67 + expect(identity).toEqual({ 68 68 + did: 'did:plc:alice12345678901234567890', 69 69 + handle: 'xan.lol', 70 70 + didDoc: { 71 71 + id: 'did:plc:alice12345678901234567890', 72 72 + alsoKnownAs: ['at://xan.lol'], 73 73 + service: [ 74 74 + { 75 75 + id: '#atproto_pds', 76 76 + type: 'AtprotoPersonalDataServer', 77 77 + serviceEndpoint: 'https://pds.alice.example', 78 78 + }, 79 79 + ], 80 80 + }, 81 81 + }) 82 82 + }) 83 83 + 84 84 + it('falls back to client-side handle resolution when appview resolution fails', async () => { 85 85 + const signal = new AbortController().signal 86 86 + mockResolveHandle.mockRejectedValueOnce(new Error('appview down')) 87 87 + jest 88 88 + .spyOn(globalThis, 'fetch') 89 89 + .mockResolvedValueOnce({ 90 90 + ok: true, 91 91 + json: () => 92 92 + Promise.resolve({ 93 93 + Answer: [ 94 94 + { 95 95 + type: 16, 96 96 + data: '"did=did:plc:alice12345678901234567890"', 97 97 + }, 98 98 + ], 99 99 + }), 100 100 + } as Response) 101 101 + .mockResolvedValueOnce({ 102 102 + ok: true, 103 103 + json: () => 104 104 + Promise.resolve({ 105 105 + id: 'did:plc:alice12345678901234567890', 106 106 + alsoKnownAs: ['at://xan.lol'], 107 107 + service: [ 108 108 + { 109 109 + id: '#atproto_pds', 110 110 + type: 'AtprotoPersonalDataServer', 111 111 + serviceEndpoint: 'https://pds.alice.example', 112 112 + }, 113 113 + ], 114 114 + }), 115 115 + } as Response) 116 116 + 117 117 + const identity = await resolveIdentityUsingAppView('xan.lol', signal) 118 118 + 119 119 + expect(mockResolveHandle).toHaveBeenCalledWith( 120 120 + {handle: 'xan.lol'}, 121 121 + {signal}, 122 122 + ) 123 123 + expect(identity.did).toBe('did:plc:alice12345678901234567890') 124 124 + expect(identity.handle).toBe('xan.lol') 125 125 + }) 126 126 + 127 127 + it('resolves did:web identities without requiring appview resolveIdentity', async () => { 128 128 + mockResolveHandle.mockResolvedValueOnce({ 129 129 + data: { 130 130 + did: 'did:web:alice.example', 131 131 + }, 132 132 + }) 133 133 + jest.spyOn(globalThis, 'fetch').mockResolvedValueOnce({ 134 134 + ok: true, 135 135 + json: () => 136 136 + Promise.resolve({ 137 137 + id: 'did:web:alice.example', 138 138 + alsoKnownAs: ['at://alice.example'], 139 139 + service: [ 140 140 + { 141 141 + id: '#atproto_pds', 142 142 + type: 'AtprotoPersonalDataServer', 143 143 + serviceEndpoint: 'https://pds.alice.example', 144 144 + }, 145 145 + ], 146 146 + }), 147 147 + } as Response) 148 148 + 149 149 + const resolver = createIdentityResolver() 150 150 + const identity = await resolver.resolve('did:web:alice.example') 151 151 + 152 152 + expect(mockResolveHandle).toHaveBeenCalledWith( 153 153 + {handle: 'alice.example'}, 154 154 + {signal: undefined}, 155 155 + ) 156 156 + expect(identity).toEqual({ 157 157 + did: 'did:web:alice.example', 158 158 + handle: 'alice.example', 159 159 + didDoc: { 160 160 + id: 'did:web:alice.example', 161 161 + alsoKnownAs: ['at://alice.example'], 162 162 + service: [ 163 163 + { 164 164 + id: '#atproto_pds', 165 165 + type: 'AtprotoPersonalDataServer', 166 166 + serviceEndpoint: 'https://pds.alice.example', 167 167 + }, 168 168 + ], 169 169 + }, 170 170 + }) 171 171 + }) 172 172 + 173 173 + it('extracts the pds service url from resolved identity info', () => { 174 174 + expect( 175 175 + getPdsServiceUrlFromIdentityInfo({ 176 176 + didDoc: { 177 177 + service: [ 178 178 + { 179 179 + id: '#bsky_appview', 180 180 + type: 'BskyAppView', 181 181 + serviceEndpoint: 'https://appview.example', 182 182 + }, 183 183 + { 184 184 + id: '#atproto_pds', 185 185 + type: 'AtprotoPersonalDataServer', 186 186 + serviceEndpoint: 'https://pds.example', 187 187 + }, 188 188 + ], 189 189 + }, 190 190 + }), 191 191 + ).toBe('https://pds.example') 192 192 + }) 193 193 + })

+269

src/state/session/identity-resolver.ts

reviewed

··· 1 1 + import {type ComAtprotoIdentityDefs, isDid} from '@atproto/api' 2 2 + 3 3 + import {createPublicAgent} from './agent' 4 4 + 5 5 + type AtprotoDid = `did:plc:${string}` | `did:web:${string}` 6 6 + type DidDocument = { 7 7 + id?: string 8 8 + alsoKnownAs?: string[] 9 9 + service?: Service[] 10 10 + } 11 11 + 12 12 + type Service = { 13 13 + id?: string 14 14 + type?: string 15 15 + serviceEndpoint?: string 16 16 + } 17 17 + 18 18 + type IdentityResolver = { 19 19 + resolve( 20 20 + input: string, 21 21 + options?: {signal?: AbortSignal}, 22 22 + ): Promise<{ 23 23 + did: AtprotoDid 24 24 + didDoc: DidDocument 25 25 + handle: string 26 26 + }> 27 27 + } 28 28 + 29 29 + const HANDLE_INVALID = 'handle.invalid' 30 30 + const DOH_ENDPOINT = 'https://cloudflare-dns.com/dns-query' 31 31 + 32 32 + function asNormalizedHandle(input: string) { 33 33 + const handle = input.toLowerCase() 34 34 + return /^([a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z]([a-z0-9-]{0,61}[a-z0-9])?$/.test( 35 35 + handle, 36 36 + ) 37 37 + ? handle 38 38 + : undefined 39 39 + } 40 40 + 41 41 + function extractNormalizedHandle(document: DidDocument) { 42 42 + if (!Array.isArray(document.alsoKnownAs)) return 43 43 + 44 44 + for (const value of document.alsoKnownAs) { 45 45 + if (value.startsWith('at://')) { 46 46 + return asNormalizedHandle(value.slice(5)) 47 47 + } 48 48 + } 49 49 + } 50 50 + 51 51 + function findService(doc: DidDocument, id: string, type?: string) { 52 52 + if (!Array.isArray(doc?.service)) return 53 53 + return doc.service.find( 54 54 + service => 55 55 + service?.serviceEndpoint && 56 56 + service?.id === id && 57 57 + (!type || service?.type === type), 58 58 + ) 59 59 + } 60 60 + 61 61 + async function resolveHandleUsingAppView( 62 62 + handle: string, 63 63 + signal?: AbortSignal, 64 64 + ): Promise<AtprotoDid> { 65 65 + const agent = createPublicAgent() 66 66 + 67 67 + try { 68 68 + const res = await agent.resolveHandle({handle}, {signal}) 69 69 + return res.data.did as AtprotoDid 70 70 + } finally { 71 71 + agent.dispose() 72 72 + } 73 73 + } 74 74 + 75 75 + async function resolveHandleUsingDoh( 76 76 + handle: string, 77 77 + signal?: AbortSignal, 78 78 + ): Promise<AtprotoDid | null> { 79 79 + const url = new URL(DOH_ENDPOINT) 80 80 + url.searchParams.set('type', 'TXT') 81 81 + url.searchParams.set('name', `_atproto.${handle}`) 82 82 + 83 83 + const response = await fetch(url, { 84 84 + headers: { 85 85 + accept: 'application/dns-json', 86 86 + }, 87 87 + redirect: 'follow', 88 88 + signal, 89 89 + }) 90 90 + 91 91 + if (!response.ok) { 92 92 + return null 93 93 + } 94 94 + 95 95 + const result = (await response.json()) as { 96 96 + Answer?: Array<{type?: number; data?: string}> 97 97 + } 98 98 + const txtRecords = 99 99 + result.Answer?.filter( 100 100 + answer => answer.type === 16 && typeof answer.data === 'string', 101 101 + ).map(answer => answer.data!.replace(/^"|"$/g, '').replace(/\\"/g, '"')) ?? 102 102 + [] 103 103 + 104 104 + let did: AtprotoDid | null = null 105 105 + for (const record of txtRecords) { 106 106 + if (!record.startsWith('did=')) continue 107 107 + 108 108 + const nextDid = record.slice(4) 109 109 + if (!isDid(nextDid)) { 110 110 + return null 111 111 + } 112 112 + 113 113 + if (did && did !== nextDid) { 114 114 + return null 115 115 + } 116 116 + 117 117 + did = nextDid as AtprotoDid 118 118 + } 119 119 + 120 120 + return did 121 121 + } 122 122 + 123 123 + async function resolveHandleUsingWellKnown( 124 124 + handle: string, 125 125 + signal?: AbortSignal, 126 126 + ): Promise<AtprotoDid | null> { 127 127 + try { 128 128 + const response = await fetch(`https://${handle}/.well-known/atproto-did`, { 129 129 + redirect: 'error', 130 130 + signal, 131 131 + }) 132 132 + const text = await response.text() 133 133 + const firstLine = text.split('\n')[0]?.trim() 134 134 + return firstLine && isDid(firstLine) ? (firstLine as AtprotoDid) : null 135 135 + } catch { 136 136 + signal?.throwIfAborted() 137 137 + return null 138 138 + } 139 139 + } 140 140 + 141 141 + async function resolveHandleClientSide( 142 142 + handle: string, 143 143 + signal?: AbortSignal, 144 144 + ): Promise<AtprotoDid | null> { 145 145 + try { 146 146 + const did = await resolveHandleUsingDoh(handle, signal) 147 147 + if (did) return did 148 148 + } catch { 149 149 + signal?.throwIfAborted() 150 150 + } 151 151 + 152 152 + return resolveHandleUsingWellKnown(handle, signal) 153 153 + } 154 154 + 155 155 + async function resolveHandle( 156 156 + handle: string, 157 157 + signal?: AbortSignal, 158 158 + ): Promise<AtprotoDid> { 159 159 + try { 160 160 + return await resolveHandleUsingAppView(handle, signal) 161 161 + } catch (appViewError) { 162 162 + const fallbackDid = await resolveHandleClientSide(handle, signal) 163 163 + if (fallbackDid) { 164 164 + return fallbackDid 165 165 + } 166 166 + 167 167 + throw appViewError 168 168 + } 169 169 + } 170 170 + 171 171 + async function resolveDidDocument( 172 172 + did: AtprotoDid, 173 173 + signal?: AbortSignal, 174 174 + ): Promise<DidDocument> { 175 175 + const docUrl = did.startsWith('did:plc:') 176 176 + ? `https://plc.directory/${did}` 177 177 + : `https://${did.substring(8)}/.well-known/did.json` 178 178 + 179 179 + const res = await fetch(docUrl, { 180 180 + headers: { 181 181 + accept: 'application/did+ld+json, application/json', 182 182 + }, 183 183 + signal, 184 184 + }) 185 185 + 186 186 + if (!res.ok) { 187 187 + throw new Error(`Failed to resolve DID document for ${did}`) 188 188 + } 189 189 + 190 190 + return (await res.json()) as DidDocument 191 191 + } 192 192 + 193 193 + async function getValidatedHandleFromDidDocument( 194 194 + did: AtprotoDid, 195 195 + didDoc: DidDocument, 196 196 + signal?: AbortSignal, 197 197 + ) { 198 198 + const handle = extractNormalizedHandle(didDoc) 199 199 + if (!handle) return HANDLE_INVALID 200 200 + 201 201 + try { 202 202 + const resolvedDid = await resolveHandle(handle, signal) 203 203 + return resolvedDid === did ? handle : HANDLE_INVALID 204 204 + } catch { 205 205 + return HANDLE_INVALID 206 206 + } 207 207 + } 208 208 + 209 209 + export async function resolveIdentityUsingAppView( 210 210 + identifier: string, 211 211 + signal?: AbortSignal, 212 212 + ): Promise<ComAtprotoIdentityDefs.IdentityInfo> { 213 213 + if (isDid(identifier)) { 214 214 + const did = identifier as AtprotoDid 215 215 + const didDoc = await resolveDidDocument(did, signal) 216 216 + const handle = await getValidatedHandleFromDidDocument(did, didDoc, signal) 217 217 + 218 218 + return { 219 219 + did, 220 220 + didDoc, 221 221 + handle, 222 222 + } 223 223 + } 224 224 + 225 225 + const handle = asNormalizedHandle(identifier) 226 226 + if (!handle) { 227 227 + throw new Error(`Invalid handle "${identifier}" provided.`) 228 228 + } 229 229 + 230 230 + const did = await resolveHandle(handle, signal) 231 231 + const didDoc = await resolveDidDocument(did, signal) 232 232 + 233 233 + return { 234 234 + did, 235 235 + didDoc, 236 236 + handle: extractNormalizedHandle(didDoc) ?? HANDLE_INVALID, 237 237 + } 238 238 + } 239 239 + 240 240 + export function createIdentityResolver(): IdentityResolver { 241 241 + return { 242 242 + async resolve( 243 243 + input: string, 244 244 + options?: {signal?: AbortSignal}, 245 245 + ): Promise<{ 246 246 + did: AtprotoDid 247 247 + didDoc: DidDocument 248 248 + handle: string 249 249 + }> { 250 250 + const identity = await resolveIdentityUsingAppView(input, options?.signal) 251 251 + 252 252 + return { 253 253 + did: identity.did as AtprotoDid, 254 254 + didDoc: identity.didDoc as DidDocument, 255 255 + handle: identity.handle, 256 256 + } 257 257 + }, 258 258 + } 259 259 + } 260 260 + 261 261 + export function getPdsServiceUrlFromIdentityInfo( 262 262 + identity: Pick<ComAtprotoIdentityDefs.IdentityInfo, 'didDoc'>, 263 263 + ) { 264 264 + return findService( 265 265 + identity.didDoc as DidDocument, 266 266 + '#atproto_pds', 267 267 + 'AtprotoPersonalDataServer', 268 268 + )?.serviceEndpoint 269 269 + }

+4 -2

src/state/session/oauth-web-client.ts

reviewed

··· 1 1 import {BrowserOAuthClient} from '@atproto/oauth-client-browser' 2 2 3 3 + import {createIdentityResolver} from './identity-resolver' 4 4 + 3 5 const OAUTH_BASE_URL: string = 4 6 process.env.EXPO_PUBLIC_OAUTH_BASE_URL || 'https://witchsky.app' 5 7 ··· 177 179 application_type: 'web', 178 180 dpop_bound_access_tokens: true, 179 181 }, 180 180 - handleResolver: 'https://bsky.social', 182 182 + identityResolver: createIdentityResolver(), 181 183 }) 182 184 } 183 185 ··· 194 196 application_type: 'web', 195 197 dpop_bound_access_tokens: true, 196 198 }, 197 197 - handleResolver: 'https://bsky.social', 199 199 + identityResolver: createIdentityResolver(), 198 200 }) 199 201 } 200 202