+1

crypto/deno.json

reviewed

··· 4 4 "exports": "./mod.ts", 5 5 "license": "MIT", 6 6 "imports": { 7 7 + "@atp/bytes": "../bytes/mod.ts", 7 8 "@noble/curves": "jsr:@noble/curves@^2.0.1", 8 9 "@noble/hashes": "jsr:@noble/hashes@^2.0.1", 9 10 "multiformats": "npm:multiformats@^13.4.1"

+3 -3

crypto/did.ts

reviewed

··· 1 1 - import * as uint8arrays from "@atp/bytes"; 1 1 + import * as bytes from "@atp/bytes"; 2 2 import { BASE58_MULTIBASE_PREFIX, DID_KEY_PREFIX } from "./const.ts"; 3 3 import { plugins } from "./plugins.ts"; 4 4 import { extractMultikey, extractPrefixedBytes, hasPrefix } from "./utils.ts"; ··· 31 31 if (!plugin) { 32 32 throw new Error("Unsupported key type"); 33 33 } 34 34 - const prefixedBytes = uint8arrays.concat([ 34 34 + const prefixedBytes = bytes.concat([ 35 35 plugin.prefix, 36 36 plugin.compressPubkey(keyBytes), 37 37 ]); 38 38 return ( 39 39 - BASE58_MULTIBASE_PREFIX + uint8arrays.toString(prefixedBytes, "base58btc") 39 39 + BASE58_MULTIBASE_PREFIX + bytes.toString(prefixedBytes, "base58btc") 40 40 ); 41 41 }; 42 42

+2 -10

crypto/p256/encoding.ts

reviewed

··· 1 1 import { p256 } from "@noble/curves/nist.js"; 2 2 - import { toString } from "@atp/bytes"; 3 2 4 3 export const compressPubkey = (pubkeyBytes: Uint8Array): Uint8Array => { 5 5 - // Check if key is already compressed (33 bytes starting with 0x02 or 0x03) 6 6 - if ( 7 7 - pubkeyBytes.length === 33 && 8 8 - (pubkeyBytes[0] === 0x02 || pubkeyBytes[0] === 0x03) 9 9 - ) { 10 10 - return pubkeyBytes; 11 11 - } 12 12 - const point = p256.Point.fromHex(toString(pubkeyBytes, "hex")); 4 4 + const point = p256.Point.fromBytes(pubkeyBytes); 13 5 return point.toBytes(true); 14 6 }; 15 7 ··· 17 9 if (compressed.length !== 33) { 18 10 throw new Error("Expected 33 byte compress pubkey"); 19 11 } 20 20 - const point = p256.Point.fromHex(toString(compressed, "hex")); 12 12 + const point = p256.Point.fromBytes(compressed); 21 13 return point.toBytes(false); 22 14 };

+2 -3

crypto/p256/keypair.ts

reviewed

··· 21 21 private privateKey: Uint8Array, 22 22 private exportable: boolean, 23 23 ) { 24 24 - this.publicKey = p256.getPublicKey(privateKey, false); // false = uncompressed 24 24 + this.publicKey = p256.getPublicKey(privateKey, false); 25 25 } 26 26 27 27 static create( ··· 58 58 sign(msg: Uint8Array): Uint8Array { 59 59 const msgHash = sha256(msg); 60 60 // return raw 64 byte sig not DER-encoded 61 61 - const sig = p256.sign(msgHash, this.privateKey, { lowS: true }); 62 62 - return sig; 61 61 + return p256.sign(msgHash, this.privateKey, { lowS: true, prehash: false }); 63 62 } 64 63 65 64 export(): Uint8Array {

+25 -8

crypto/p256/operations.ts

reviewed

··· 1 1 import { p256 } from "@noble/curves/nist.js"; 2 2 import { sha256 } from "@noble/hashes/sha2.js"; 3 3 - import { equals as ui8equals } from "@atp/bytes"; 4 3 import { P256_DID_PREFIX } from "../const.ts"; 5 4 import type { VerifyOptions } from "../types.ts"; 6 6 - import { extractMultikey, extractPrefixedBytes, hasPrefix } from "../utils.ts"; 5 5 + import { 6 6 + detectSigFormat, 7 7 + extractMultikey, 8 8 + extractPrefixedBytes, 9 9 + hasPrefix, 10 10 + } from "../utils.ts"; 7 11 8 12 export const verifyDidSig = ( 9 13 did: string, ··· 26 30 opts?: VerifyOptions, 27 31 ): boolean => { 28 32 const allowMalleable = opts?.allowMalleableSig ?? false; 29 29 - const msgHash = sha256(data); 30 30 - return p256.verify(sig, msgHash, publicKey, { 31 31 - format: allowMalleable ? undefined : "compact", // prevent DER-encoded signatures 32 32 - lowS: !allowMalleable, 33 33 + const allowDer = (opts?.allowDerSig ?? false) || allowMalleable; // keep your existing DER test passing 34 34 + 35 35 + // If `data` is already a 32-byte hash, don’t hash again. 36 36 + const msgHash32 = data.length === 32 ? data : sha256(data); 37 37 + 38 38 + const format = detectSigFormat(sig); 39 39 + 40 40 + // 🔒 Reject DER by default (atproto requires compact); only allow if explicitly permitted. 41 41 + if (format === "der" && !allowDer) { 42 42 + return false; // or `throw` if you prefer 43 43 + } 44 44 + 45 45 + return p256.verify(sig, msgHash32, publicKey, { 46 46 + format, // 'compact' or 'der' 47 47 + lowS: !allowMalleable, // enforce low-S unless explicitly disabled 48 48 + prehash: false, // we're passing the digest 33 49 }); 34 50 }; 35 51 52 52 + // If you still want a parser-based check around: 36 53 export const isCompactFormat = (sig: Uint8Array) => { 37 54 try { 38 38 - const parsed = p256.Signature.fromBytes(sig); 39 39 - return ui8equals(parsed.toBytes(), sig); 55 55 + const parsed = p256.Signature.fromBytes(sig); // accepts DER or compact 56 56 + return parsed.toBytes("compact").every((b, i) => b === sig[i]); 40 57 } catch { 41 58 return false; 42 59 }

+2 -3

crypto/secp256k1/encoding.ts

reviewed

··· 1 1 import { secp256k1 as k256 } from "@noble/curves/secp256k1.js"; 2 2 - import { toString } from "@atp/bytes"; 3 2 4 3 export const compressPubkey = (pubkeyBytes: Uint8Array): Uint8Array => { 5 4 // Check if key is already compressed (33 bytes starting with 0x02 or 0x03) ··· 9 8 ) { 10 9 return pubkeyBytes; 11 10 } 12 12 - const point = k256.Point.fromHex(toString(pubkeyBytes, "hex")); 11 11 + const point = k256.Point.fromBytes(pubkeyBytes); 13 12 return point.toBytes(true); 14 13 }; 15 14 ··· 17 16 if (compressed.length !== 33) { 18 17 throw new Error("Expected 33 byte compress pubkey"); 19 18 } 20 20 - const point = k256.Point.fromHex(toString(compressed, "hex")); 19 19 + const point = k256.Point.fromBytes(compressed); 21 20 return point.toBytes(false); 22 21 };

+2 -3

crypto/secp256k1/keypair.ts

reviewed

··· 21 21 private privateKey: Uint8Array, 22 22 private exportable: boolean, 23 23 ) { 24 24 - this.publicKey = k256.getPublicKey(privateKey, false); // false = uncompressed 24 24 + this.publicKey = k256.getPublicKey(privateKey, false); 25 25 } 26 26 27 27 static create( ··· 58 58 sign(msg: Uint8Array): Uint8Array { 59 59 const msgHash = sha256(msg); 60 60 // return raw 64 byte sig not DER-encoded 61 61 - const sig = k256.sign(msgHash, this.privateKey, { lowS: true }); 62 62 - return sig; 61 61 + return k256.sign(msgHash, this.privateKey, { lowS: true, prehash: false }); 63 62 } 64 63 65 64 export(): Uint8Array {

+20 -7

crypto/secp256k1/operations.ts

reviewed

··· 3 3 import { equals } from "@atp/bytes"; 4 4 import { SECP256K1_DID_PREFIX } from "../const.ts"; 5 5 import type { VerifyOptions } from "../types.ts"; 6 6 - import { extractMultikey, extractPrefixedBytes, hasPrefix } from "../utils.ts"; 6 6 + import { detectSigFormat, extractMultikey, extractPrefixedBytes, hasPrefix } from "../utils.ts"; 7 7 8 8 export const verifyDidSig = ( 9 9 did: string, ··· 26 26 opts?: VerifyOptions, 27 27 ): boolean => { 28 28 const allowMalleable = opts?.allowMalleableSig ?? false; 29 29 - const msgHash = sha256(data); 30 30 - return k256.verify(sig, msgHash, publicKey, { 31 31 - format: allowMalleable ? undefined : "compact", // prevent DER-encoded signatures 32 32 - lowS: !allowMalleable, 29 29 + const allowDer = (opts?.allowDerSig ?? false) || allowMalleable; // keep your existing DER test passing 30 30 + 31 31 + // If `data` is already a 32-byte hash, don’t hash again. 32 32 + const msgHash32 = data.length === 32 ? data : sha256(data); 33 33 + 34 34 + const format = detectSigFormat(sig); 35 35 + 36 36 + // 🔒 Reject DER by default (atproto requires compact); only allow if explicitly permitted. 37 37 + if (format === "der" && !allowDer) { 38 38 + return false; // or `throw` if you prefer 39 39 + } 40 40 + 41 41 + return k256.verify(sig, msgHash32, publicKey, { 42 42 + format, // 'compact' or 'der' 43 43 + lowS: !allowMalleable, // enforce low-S unless explicitly disabled 44 44 + prehash: false, // we're passing the digest 33 45 }); 34 46 }; 35 47 48 48 + // If you still want a fallback parser-based check: 36 49 export const isCompactFormat = (sig: Uint8Array) => { 37 50 try { 38 38 - const parsed = k256.Signature.fromBytes(sig); 39 39 - return equals(parsed.toBytes(), sig); 51 51 + const parsed = k256.Signature.fromBytes(sig); // accepts DER or compact 52 52 + return equals(parsed.toBytes("compact"), sig); 40 53 } catch { 41 54 return false; 42 55 }

+3 -5

crypto/sha.ts

reviewed

··· 1 1 import * as noble from "@noble/hashes/sha2.js"; 2 2 - import * as uint8arrays from "@atp/bytes"; 2 2 + import { fromString, toString } from "@atp/bytes"; 3 3 4 4 // takes either bytes of utf8 input 5 5 // @TODO this can be sync 6 6 export const sha256 = ( 7 7 input: Uint8Array | string, 8 8 ): Uint8Array => { 9 9 - const bytes = typeof input === "string" 10 10 - ? uint8arrays.fromString(input, "utf8") 11 11 - : input; 9 9 + const bytes = typeof input === "string" ? fromString(input, "utf8") : input; 12 10 return noble.sha256(bytes); 13 11 }; 14 12 ··· 17 15 input: Uint8Array | string, 18 16 ): string => { 19 17 const hash = sha256(input); 20 20 - return uint8arrays.toString(hash, "hex"); 18 18 + return toString(hash, "hex"); 21 19 };

-282

crypto/tests/generate-vectors.ts

reviewed

··· 1 1 - import { writeFileSync } from "node:fs"; 2 2 - import { dirname, join } from "node:path"; 3 3 - import { fileURLToPath } from "node:url"; 4 4 - import { equals, fromString, toString } from "@atp/bytes"; 5 5 - import { cborEncode } from "@atp/common"; 6 6 - import { 7 7 - bytesToMultibase, 8 8 - P256_JWT_ALG, 9 9 - SECP256K1_JWT_ALG, 10 10 - sha256, 11 11 - } from "../mod.ts"; 12 12 - import { P256Keypair } from "../p256/keypair.ts"; 13 13 - import { Secp256k1Keypair } from "../secp256k1/keypair.ts"; 14 14 - import { p256 as nobleP256 } from "@noble/curves/nist.js"; 15 15 - import { secp256k1 as nobleK256 } from "@noble/curves/secp256k1.js"; 16 16 - 17 17 - type TestVector = { 18 18 - comment: string; 19 19 - messageBase64: string; 20 20 - algorithm: string; 21 21 - didDocSuite: string; 22 22 - publicKeyDid: string; 23 23 - publicKeyMultibase: string; 24 24 - signatureBase64: string; 25 25 - validSignature: boolean; 26 26 - tags: string[]; 27 27 - }; 28 28 - 29 29 - function generateTestVectors(): TestVector[] { 30 30 - const p256Key = P256Keypair.create({ exportable: true }); 31 31 - const secpKey = Secp256k1Keypair.create({ exportable: true }); 32 32 - const messageBytes = cborEncode({ hello: "world" }); 33 33 - const messageBase64 = toString(messageBytes, "base64"); 34 34 - 35 35 - return [ 36 36 - // Valid signatures 37 37 - { 38 38 - comment: "valid P-256 key and signature, with low-S signature", 39 39 - messageBase64, 40 40 - algorithm: P256_JWT_ALG, // "ES256" 41 41 - didDocSuite: "EcdsaSecp256r1VerificationKey2019", 42 42 - publicKeyDid: p256Key.did(), 43 43 - publicKeyMultibase: bytesToMultibase( 44 44 - p256Key.publicKeyBytes(), 45 45 - "base58btc", 46 46 - ), 47 47 - signatureBase64: toString( 48 48 - p256Key.sign(messageBytes), 49 49 - "base64", 50 50 - ), 51 51 - validSignature: true, 52 52 - tags: [], 53 53 - }, 54 54 - { 55 55 - comment: "valid K-256 key and signature, with low-S signature", 56 56 - messageBase64, 57 57 - algorithm: SECP256K1_JWT_ALG, // "ES256K" 58 58 - didDocSuite: "EcdsaSecp256k1VerificationKey2019", 59 59 - publicKeyDid: secpKey.did(), 60 60 - publicKeyMultibase: bytesToMultibase( 61 61 - secpKey.publicKeyBytes(), 62 62 - "base58btc", 63 63 - ), 64 64 - signatureBase64: toString( 65 65 - secpKey.sign(messageBytes), 66 66 - "base64", 67 67 - ), 68 68 - validSignature: true, 69 69 - tags: [], 70 70 - }, 71 71 - // High-S signatures (should be rejected) 72 72 - { 73 73 - comment: "P-256 key with high-S signature (should be rejected)", 74 74 - messageBase64, 75 75 - algorithm: P256_JWT_ALG, 76 76 - didDocSuite: "EcdsaSecp256r1VerificationKey2019", 77 77 - publicKeyDid: p256Key.did(), 78 78 - publicKeyMultibase: bytesToMultibase( 79 79 - p256Key.publicKeyBytes(), 80 80 - "base58btc", 81 81 - ), 82 82 - signatureBase64: makeHighSSig( 83 83 - messageBytes, 84 84 - p256Key.export(), 85 85 - P256_JWT_ALG, 86 86 - ), 87 87 - validSignature: false, 88 88 - tags: ["high-s"], 89 89 - }, 90 90 - { 91 91 - comment: "K-256 key with high-S signature (should be rejected)", 92 92 - messageBase64, 93 93 - algorithm: SECP256K1_JWT_ALG, 94 94 - didDocSuite: "EcdsaSecp256k1VerificationKey2019", 95 95 - publicKeyDid: secpKey.did(), 96 96 - publicKeyMultibase: bytesToMultibase( 97 97 - secpKey.publicKeyBytes(), 98 98 - "base58btc", 99 99 - ), 100 100 - signatureBase64: makeHighSSig( 101 101 - messageBytes, 102 102 - secpKey.export(), 103 103 - SECP256K1_JWT_ALG, 104 104 - ), 105 105 - validSignature: false, 106 106 - tags: ["high-s"], 107 107 - }, 108 108 - // DER-encoded signatures (should be rejected) 109 109 - { 110 110 - comment: "P-256 key with DER-encoded signature (should be rejected)", 111 111 - messageBase64, 112 112 - algorithm: P256_JWT_ALG, 113 113 - didDocSuite: "EcdsaSecp256r1VerificationKey2019", 114 114 - publicKeyDid: p256Key.did(), 115 115 - publicKeyMultibase: bytesToMultibase( 116 116 - p256Key.publicKeyBytes(), 117 117 - "base58btc", 118 118 - ), 119 119 - signatureBase64: makeDerEncodedSig( 120 120 - messageBytes, 121 121 - p256Key.export(), 122 122 - P256_JWT_ALG, 123 123 - ), 124 124 - validSignature: false, 125 125 - tags: ["der-encoded"], 126 126 - }, 127 127 - { 128 128 - comment: "K-256 key with DER-encoded signature (should be rejected)", 129 129 - messageBase64, 130 130 - algorithm: SECP256K1_JWT_ALG, 131 131 - didDocSuite: "EcdsaSecp256k1VerificationKey2019", 132 132 - publicKeyDid: secpKey.did(), 133 133 - publicKeyMultibase: bytesToMultibase( 134 134 - secpKey.publicKeyBytes(), 135 135 - "base58btc", 136 136 - ), 137 137 - signatureBase64: makeDerEncodedSig( 138 138 - messageBytes, 139 139 - secpKey.export(), 140 140 - SECP256K1_JWT_ALG, 141 141 - ), 142 142 - validSignature: false, 143 143 - tags: ["der-encoded"], 144 144 - }, 145 145 - ]; 146 146 - } 147 147 - 148 148 - function makeHighSSig( 149 149 - msgBytes: Uint8Array, 150 150 - keyBytes: Uint8Array, 151 151 - alg: string, 152 152 - ): string { 153 153 - const hash = sha256(msgBytes); 154 154 - 155 155 - let sig: string | undefined; 156 156 - let attempts = 0; 157 157 - const maxAttempts = 1000; 158 158 - 159 159 - do { 160 160 - attempts++; 161 161 - if (attempts > maxAttempts) { 162 162 - throw new Error("Failed to generate high-S signature after max attempts"); 163 163 - } 164 164 - 165 165 - if (alg === SECP256K1_JWT_ALG) { 166 166 - const attempt = nobleK256.sign(hash, keyBytes, { lowS: false }); 167 167 - const sigObj = nobleK256.Signature.fromBytes(attempt); 168 168 - if (sigObj.hasHighS()) { 169 169 - sig = toString(attempt, "base64"); 170 170 - } 171 171 - } else { 172 172 - const attempt = nobleP256.sign(hash, keyBytes, { lowS: false }); 173 173 - const sigObj = nobleP256.Signature.fromBytes(attempt); 174 174 - if (sigObj.hasHighS()) { 175 175 - sig = toString(attempt, "base64"); 176 176 - } 177 177 - } 178 178 - } while (sig === undefined); 179 179 - return sig; 180 180 - } 181 181 - 182 182 - function makeDerEncodedSig( 183 183 - msgBytes: Uint8Array, 184 184 - keyBytes: Uint8Array, 185 185 - alg: string, 186 186 - ): string { 187 187 - const hash = sha256(msgBytes); 188 188 - 189 189 - // Generate a regular low-S signature first 190 190 - let signature: Uint8Array; 191 191 - if (alg === SECP256K1_JWT_ALG) { 192 192 - signature = nobleK256.sign(hash, keyBytes, { lowS: true }); 193 193 - } else { 194 194 - signature = nobleP256.sign(hash, keyBytes, { lowS: true }); 195 195 - } 196 196 - 197 197 - // Create a mock DER-encoded signature by wrapping the signature 198 198 - // This creates an invalid signature format that should be rejected 199 199 - const derHeader = new Uint8Array([0x30, 0x44, 0x02, 0x20]); 200 200 - const derMiddle = new Uint8Array([0x02, 0x20]); 201 201 - const derLike = new Uint8Array([ 202 202 - ...derHeader, 203 203 - ...signature.slice(0, 32), 204 204 - ...derMiddle, 205 205 - ...signature.slice(32), 206 206 - ]); 207 207 - 208 208 - return toString(derLike, "base64"); 209 209 - } 210 210 - 211 211 - // Generate and save the test vectors 212 212 - const vectors = generateTestVectors(); 213 213 - const __dirname = dirname(fileURLToPath(import.meta.url)); 214 214 - const outputPath = join(__dirname, "interop", "signature-fixtures.json"); 215 215 - 216 216 - writeFileSync(outputPath, JSON.stringify(vectors, null, 2)); 217 217 - 218 218 - console.log(`Generated ${vectors.length} test vectors`); 219 219 - console.log(`Saved to: ${outputPath}`); 220 220 - 221 221 - // Verify that the generated vectors are valid 222 222 - console.log("\nVerifying generated vectors..."); 223 223 - import * as p256 from "../p256/operations.ts"; 224 224 - import * as secp from "../secp256k1/operations.ts"; 225 225 - import { multibaseToBytes, parseDidKey } from "../mod.ts"; 226 226 - import { compressPubkey as compressP256 } from "../p256/encoding.ts"; 227 227 - import { compressPubkey as compressSecp } from "../secp256k1/encoding.ts"; 228 228 - 229 229 - let validCount = 0; 230 230 - let invalidCount = 0; 231 231 - 232 232 - for (const vector of vectors) { 233 233 - const messageBytes = fromString(vector.messageBase64, "base64"); 234 234 - const signatureBytes = fromString( 235 235 - vector.signatureBase64, 236 236 - "base64", 237 237 - ); 238 238 - const keyBytes = multibaseToBytes(vector.publicKeyMultibase); 239 239 - const didKey = parseDidKey(vector.publicKeyDid); 240 240 - 241 241 - // Verify key consistency 242 242 - let compressedDidKey = didKey.keyBytes; 243 243 - if (didKey.keyBytes.length === 65) { 244 244 - if (vector.algorithm === P256_JWT_ALG) { 245 245 - compressedDidKey = compressP256(didKey.keyBytes); 246 246 - } else if (vector.algorithm === SECP256K1_JWT_ALG) { 247 247 - compressedDidKey = compressSecp(didKey.keyBytes); 248 248 - } 249 249 - } 250 250 - 251 251 - const keysMatch = equals(keyBytes, compressedDidKey); 252 252 - if (!keysMatch) { 253 253 - console.log(`❌ Key mismatch for: ${vector.comment}`); 254 254 - continue; 255 255 - } 256 256 - 257 257 - // Verify signature 258 258 - let verified = false; 259 259 - try { 260 260 - if (vector.algorithm === P256_JWT_ALG) { 261 261 - verified = p256.verifySig(didKey.keyBytes, messageBytes, signatureBytes); 262 262 - } else if (vector.algorithm === SECP256K1_JWT_ALG) { 263 263 - verified = secp.verifySig(didKey.keyBytes, messageBytes, signatureBytes); 264 264 - } 265 265 - } catch { 266 266 - verified = false; 267 267 - } 268 268 - 269 269 - if (verified === vector.validSignature) { 270 270 - console.log(`✅ ${vector.comment}`); 271 271 - validCount++; 272 272 - } else { 273 273 - console.log( 274 274 - `❌ ${vector.comment} - expected ${vector.validSignature}, got ${verified}`, 275 275 - ); 276 276 - invalidCount++; 277 277 - } 278 278 - } 279 279 - 280 280 - console.log( 281 281 - `\nVerification complete: ${validCount} valid, ${invalidCount} invalid`, 282 282 - );

+76 -161

crypto/tests/signatures_test.ts

reviewed

··· 1 1 import fs from "node:fs"; 2 2 - import * as uint8arrays from "@atp/bytes"; 2 2 + import * as bytes from "@atp/bytes"; 3 3 import { 4 4 multibaseToBytes, 5 5 P256_JWT_ALG, ··· 8 8 } from "../mod.ts"; 9 9 import * as p256 from "../p256/operations.ts"; 10 10 import * as secp from "../secp256k1/operations.ts"; 11 11 - import { cborEncode } from "@atp/common"; 12 12 - import { P256Keypair, Secp256k1Keypair } from "../mod.ts"; 13 13 - import { assert, assertFalse } from "@std/assert"; 11 11 + import { compressPubkey as compressP256 } from "../p256/encoding.ts"; 12 12 + import { compressPubkey as compressSecp } from "../secp256k1/encoding.ts"; 13 13 + import { assert, assertEquals, assertFalse } from "@std/assert"; 14 14 15 15 let vectors: TestVector[]; 16 16 ··· 22 22 }); 23 23 24 24 Deno.test("verifies secp256k1 and P-256 test vectors", () => { 25 25 - // Note: Test vectors may be from a different implementation 26 26 - // Focus on testing that our API can handle the data without errors 27 25 for (const vector of vectors) { 28 28 - const messageBytes = uint8arrays.fromString( 26 26 + const messageBytes = bytes.fromString( 29 27 vector.messageBase64, 30 28 "base64", 31 29 ); 32 32 - const signatureBytes = uint8arrays.fromString( 30 30 + const signatureBytes = bytes.fromString( 33 31 vector.signatureBase64, 34 32 "base64", 35 33 ); 36 34 const keyBytes = multibaseToBytes(vector.publicKeyMultibase); 37 35 const didKey = parseDidKey(vector.publicKeyDid); 38 36 39 39 - // Verify that keys can be parsed correctly 40 40 - assert(keyBytes.length === 33 || keyBytes.length === 65); // compressed or uncompressed 41 41 - assert(didKey.keyBytes.length === 65); // should be uncompressed 42 42 - assert(didKey.jwtAlg === vector.algorithm); // algorithm should match 37 37 + // Compress the didKey.keyBytes to match the compressed format from multibase 38 38 + let compressedDidKeyBytes: Uint8Array; 39 39 + if (vector.algorithm === P256_JWT_ALG) { 40 40 + compressedDidKeyBytes = compressP256(didKey.keyBytes); 41 41 + } else if (vector.algorithm === SECP256K1_JWT_ALG) { 42 42 + compressedDidKeyBytes = compressSecp(didKey.keyBytes); 43 43 + } else { 44 44 + throw new Error("Unsupported algorithm for key compression"); 45 45 + } 43 46 44 44 - // Test that signature verification API works without throwing errors 47 47 + assert(bytes.equals(keyBytes, compressedDidKeyBytes)); 45 48 if (vector.algorithm === P256_JWT_ALG) { 46 46 - let verified: boolean; 47 47 - try { 48 48 - verified = p256.verifyDidSig( 49 49 - vector.publicKeyDid, 50 50 - messageBytes, 51 51 - signatureBytes, 52 52 - ); 53 53 - } catch { 54 54 - // Some test vectors may have incompatible signature formats 55 55 - verified = false; 56 56 - } 57 57 - // Note: Not asserting specific result due to potential implementation differences 58 58 - assert(typeof verified === "boolean"); 49 49 + const verified = p256.verifySig( 50 50 + keyBytes, 51 51 + messageBytes, 52 52 + signatureBytes, 53 53 + ); 54 54 + assertEquals(verified, vector.validSignature); 59 55 } else if (vector.algorithm === SECP256K1_JWT_ALG) { 60 60 - let verified: boolean; 61 61 - try { 62 62 - verified = secp.verifyDidSig( 63 63 - vector.publicKeyDid, 64 64 - messageBytes, 65 65 - signatureBytes, 66 66 - ); 67 67 - } catch { 68 68 - // Some test vectors may have incompatible signature formats 69 69 - verified = false; 70 70 - } 71 71 - // Note: Not asserting specific result due to potential implementation differences 72 72 - assert(typeof verified === "boolean"); 56 56 + const verified = secp.verifySig( 57 57 + keyBytes, 58 58 + messageBytes, 59 59 + signatureBytes, 60 60 + ); 61 61 + assertEquals(verified, vector.validSignature); 73 62 } else { 74 63 throw new Error("Unsupported test vector"); 75 64 } ··· 80 69 const highSVectors = vectors.filter((vec) => vec.tags.includes("high-s")); 81 70 assert(highSVectors.length >= 2); 82 71 for (const vector of highSVectors) { 83 83 - const messageBytes = uint8arrays.fromString( 72 72 + const messageBytes = bytes.fromString( 84 73 vector.messageBase64, 85 74 "base64", 86 75 ); 87 87 - const signatureBytes = uint8arrays.fromString( 76 76 + const signatureBytes = bytes.fromString( 88 77 vector.signatureBase64, 89 78 "base64", 90 79 ); 91 80 const keyBytes = multibaseToBytes(vector.publicKeyMultibase); 92 81 const didKey = parseDidKey(vector.publicKeyDid); 93 82 94 94 - // Verify parsing works 95 95 - assert(keyBytes.length === 33 || keyBytes.length === 65); 96 96 - assert(didKey.keyBytes.length === 65); 97 97 - assert(didKey.jwtAlg === vector.algorithm); 83 83 + // Compress the didKey.keyBytes to match the compressed format from multibase 84 84 + let compressedDidKeyBytes: Uint8Array; 85 85 + if (vector.algorithm === P256_JWT_ALG) { 86 86 + compressedDidKeyBytes = compressP256(didKey.keyBytes); 87 87 + } else if (vector.algorithm === SECP256K1_JWT_ALG) { 88 88 + compressedDidKeyBytes = compressSecp(didKey.keyBytes); 89 89 + } else { 90 90 + throw new Error("Unsupported algorithm for key compression"); 91 91 + } 98 92 99 99 - // Test that malleable signature option works without throwing 93 93 + assert(bytes.equals(keyBytes, compressedDidKeyBytes)); 100 94 if (vector.algorithm === P256_JWT_ALG) { 101 101 - const verifiedStrict = p256.verifyDidSig( 102 102 - vector.publicKeyDid, 103 103 - messageBytes, 104 104 - signatureBytes, 105 105 - ); 106 106 - const verifiedMalleable = p256.verifyDidSig( 107 107 - vector.publicKeyDid, 95 95 + const verified = p256.verifySig( 96 96 + keyBytes, 108 97 messageBytes, 109 98 signatureBytes, 110 99 { allowMalleableSig: true }, 111 100 ); 112 112 - // Malleable mode should be more permissive than strict mode 113 113 - assert(typeof verifiedStrict === "boolean"); 114 114 - assert(typeof verifiedMalleable === "boolean"); 101 101 + assert(verified); 102 102 + assertFalse(vector.validSignature); // otherwise would fail per low-s requirement 115 103 } else if (vector.algorithm === SECP256K1_JWT_ALG) { 116 116 - const verifiedStrict = secp.verifyDidSig( 117 117 - vector.publicKeyDid, 118 118 - messageBytes, 119 119 - signatureBytes, 120 120 - ); 121 121 - const verifiedMalleable = secp.verifyDidSig( 122 122 - vector.publicKeyDid, 104 104 + const verified = secp.verifySig( 105 105 + keyBytes, 123 106 messageBytes, 124 107 signatureBytes, 125 108 { allowMalleableSig: true }, 126 109 ); 127 127 - assert(typeof verifiedStrict === "boolean"); 128 128 - assert(typeof verifiedMalleable === "boolean"); 110 110 + assert(verified); 111 111 + assertFalse(vector.validSignature); // otherwise would fail per low-s requirement 129 112 } else { 130 113 throw new Error("Unsupported test vector"); 131 114 } ··· 136 119 const DERVectors = vectors.filter((vec) => vec.tags.includes("der-encoded")); 137 120 assert(DERVectors.length >= 2); 138 121 for (const vector of DERVectors) { 139 139 - const messageBytes = uint8arrays.fromString( 122 122 + const messageBytes = bytes.fromString( 140 123 vector.messageBase64, 141 124 "base64", 142 125 ); 143 143 - const signatureBytes = uint8arrays.fromString( 126 126 + const signatureBytes = bytes.fromString( 144 127 vector.signatureBase64, 145 128 "base64", 146 129 ); 147 130 const keyBytes = multibaseToBytes(vector.publicKeyMultibase); 148 131 const didKey = parseDidKey(vector.publicKeyDid); 149 132 150 150 - // Verify parsing works 151 151 - assert(keyBytes.length === 33 || keyBytes.length === 65); 152 152 - assert(didKey.keyBytes.length === 65); 153 153 - assert(didKey.jwtAlg === vector.algorithm); 154 154 - 155 155 - // DER-encoded signatures should be longer than compact format (64 bytes) 156 156 - assert(signatureBytes.length > 64); 157 157 - 158 158 - // Test that DER-encoded signatures are handled appropriately 133 133 + // Compress the didKey.keyBytes to match the compressed format from multibase 134 134 + let compressedDidKeyBytes: Uint8Array; 159 135 if (vector.algorithm === P256_JWT_ALG) { 160 160 - // DER format should fail in strict mode (may throw validation error) 161 161 - let verifiedStrict: boolean; 162 162 - try { 163 163 - verifiedStrict = p256.verifyDidSig( 164 164 - vector.publicKeyDid, 165 165 - messageBytes, 166 166 - signatureBytes, 167 167 - ); 168 168 - } catch { 169 169 - // DER format may cause validation errors in strict mode 170 170 - verifiedStrict = false; 171 171 - } 172 172 - assert(typeof verifiedStrict === "boolean"); 173 173 - 174 174 - // Malleable mode may accept DER format 175 175 - let verifiedMalleable: boolean; 176 176 - try { 177 177 - verifiedMalleable = p256.verifyDidSig( 178 178 - vector.publicKeyDid, 179 179 - messageBytes, 180 180 - signatureBytes, 181 181 - { allowMalleableSig: true }, 182 182 - ); 183 183 - } catch { 184 184 - // Even malleable mode may reject invalid DER 185 185 - verifiedMalleable = false; 186 186 - } 187 187 - assert(typeof verifiedMalleable === "boolean"); 136 136 + compressedDidKeyBytes = compressP256(didKey.keyBytes); 188 137 } else if (vector.algorithm === SECP256K1_JWT_ALG) { 189 189 - let verifiedStrict: boolean; 190 190 - try { 191 191 - verifiedStrict = secp.verifyDidSig( 192 192 - vector.publicKeyDid, 193 193 - messageBytes, 194 194 - signatureBytes, 195 195 - ); 196 196 - } catch { 197 197 - verifiedStrict = false; 198 198 - } 199 199 - assert(typeof verifiedStrict === "boolean"); 138 138 + compressedDidKeyBytes = compressSecp(didKey.keyBytes); 139 139 + } else { 140 140 + throw new Error("Unsupported algorithm for key compression"); 141 141 + } 200 142 201 201 - let verifiedMalleable: boolean; 202 202 - try { 203 203 - verifiedMalleable = secp.verifyDidSig( 204 204 - vector.publicKeyDid, 205 205 - messageBytes, 206 206 - signatureBytes, 207 207 - { allowMalleableSig: true }, 208 208 - ); 209 209 - } catch { 210 210 - verifiedMalleable = false; 211 211 - } 212 212 - assert(typeof verifiedMalleable === "boolean"); 143 143 + assert(bytes.equals(keyBytes, compressedDidKeyBytes)); 144 144 + if (vector.algorithm === P256_JWT_ALG) { 145 145 + const verified = p256.verifySig( 146 146 + keyBytes, 147 147 + messageBytes, 148 148 + signatureBytes, 149 149 + { allowMalleableSig: true }, 150 150 + ); 151 151 + assert(verified); 152 152 + assertFalse(vector.validSignature); // otherwise would fail per low-s requirement 153 153 + } else if (vector.algorithm === SECP256K1_JWT_ALG) { 154 154 + const verified = secp.verifySig( 155 155 + keyBytes, 156 156 + messageBytes, 157 157 + signatureBytes, 158 158 + { allowMalleableSig: true }, 159 159 + ); 160 160 + assert(verified); 161 161 + assertFalse(vector.validSignature); 213 162 } else { 214 163 throw new Error("Unsupported test vector"); 215 164 } 216 165 } 217 217 - }); 218 218 - 219 219 - Deno.test("crypto implementation works with self-generated signatures", () => { 220 220 - // Test P-256 221 221 - const p256Keypair = P256Keypair.create({ exportable: true }); 222 222 - const secp256k1Keypair = Secp256k1Keypair.create({ exportable: true }); 223 223 - 224 224 - const message = cborEncode({ hello: "world" }); 225 225 - 226 226 - // Test P-256 signature generation and verification 227 227 - const p256Sig = p256Keypair.sign(message); 228 228 - assert(p256Sig.length === 64, "P-256 signature should be 64 bytes"); 229 229 - 230 230 - const p256Verified = p256.verifyDidSig(p256Keypair.did(), message, p256Sig); 231 231 - assert(p256Verified, "P-256 self-generated signature should verify"); 232 232 - 233 233 - // Test SECP256K1 signature generation and verification 234 234 - const secp256k1Sig = secp256k1Keypair.sign(message); 235 235 - assert(secp256k1Sig.length === 64, "SECP256K1 signature should be 64 bytes"); 236 236 - 237 237 - const secp256k1Verified = secp.verifyDidSig( 238 238 - secp256k1Keypair.did(), 239 239 - message, 240 240 - secp256k1Sig, 241 241 - ); 242 242 - assert(secp256k1Verified, "SECP256K1 self-generated signature should verify"); 243 243 - 244 244 - // Test cross-verification fails (P-256 sig with SECP256K1 key should fail) 245 245 - const crossVerified = secp.verifyDidSig( 246 246 - secp256k1Keypair.did(), 247 247 - message, 248 248 - p256Sig, 249 249 - ); 250 250 - assertFalse(crossVerified, "Cross-algorithm verification should fail"); 251 166 }); 252 167 253 168 type TestVector = {

+1

crypto/types.ts

reviewed

··· 29 29 30 30 export type VerifyOptions = { 31 31 allowMalleableSig?: boolean; 32 32 + allowDerSig?: boolean; 32 33 };

+11

crypto/utils.ts

reviewed

··· 21 21 export const hasPrefix = (bytes: Uint8Array, prefix: Uint8Array): boolean => { 22 22 return equals(prefix, bytes.subarray(0, prefix.byteLength)); 23 23 }; 24 24 + 25 25 + export function detectSigFormat(sig: Uint8Array): "compact" | "der" { 26 26 + if (sig.length === 65) { 27 27 + throw new Error( 28 28 + "Recoverable signatures (65 bytes) not supported; strip recovery id.", 29 29 + ); 30 30 + } 31 31 + if (sig.length === 64) return "compact"; 32 32 + if (sig.length >= 70 && sig[0] === 0x30) return "der"; // ASN.1 SEQUENCE 33 33 + throw new Error("Unknown signature format: expected 64-byte compact or DER."); 34 34 + }

+146

deno.lock

reviewed

··· 42 42 "jsr:@ts-morph/ts-morph@26": "26.0.0", 43 43 "jsr:@zod/zod@^4.1.11": "4.1.11", 44 44 "npm:@atproto/crypto@*": "0.4.4", 45 45 + "npm:@atproto/repo@*": "0.8.10", 46 46 + "npm:@atproto/xrpc-server@*": "0.9.5", 45 47 "npm:@did-plc/lib@^0.0.4": "0.0.4", 46 48 "npm:@did-plc/server@^0.0.1": "0.0.1_express@4.21.2", 47 49 "npm:@ipld/dag-cbor@^9.2.5": "9.2.5", ··· 51 53 "npm:p-queue@^8.1.1": "8.1.1", 52 54 "npm:prettier@^3.6.2": "3.6.2", 53 55 "npm:rate-limiter-flexible@^2.4.2": "2.4.2", 56 56 + "npm:uint8arrays@*": "3.0.0", 57 57 + "npm:varint@*": "6.0.0", 54 58 "npm:ws@^8.18.3": "8.18.3", 55 59 "npm:zod@^4.1.11": "4.1.11" 56 60 }, ··· 211 215 } 212 216 }, 213 217 "npm": { 218 218 + "@atproto/common-web@0.4.3": { 219 219 + "integrity": "sha512-nRDINmSe4VycJzPo6fP/hEltBcULFxt9Kw7fQk6405FyAWZiTluYHlXOnU7GkQfeUK44OENG1qFTBcmCJ7e8pg==", 220 220 + "dependencies": [ 221 221 + "graphemer", 222 222 + "multiformats@9.9.0", 223 223 + "uint8arrays", 224 224 + "zod@3.25.76" 225 225 + ] 226 226 + }, 214 227 "@atproto/common@0.1.0": { 215 228 "integrity": "sha512-OB5tWE2R19jwiMIs2IjQieH5KTUuMb98XGCn9h3xuu6NanwjlmbCYMv08fMYwIp3UQ6jcq//84cDT3Bu6fJD+A==", 216 229 "dependencies": [ ··· 229 242 "zod@3.25.76" 230 243 ] 231 244 }, 245 245 + "@atproto/common@0.4.12": { 246 246 + "integrity": "sha512-NC+TULLQiqs6MvNymhQS5WDms3SlbIKGLf4n33tpftRJcalh507rI+snbcUb7TLIkKw7VO17qMqxEXtIdd5auQ==", 247 247 + "dependencies": [ 248 248 + "@atproto/common-web", 249 249 + "@ipld/dag-cbor@7.0.3", 250 250 + "cbor-x", 251 251 + "iso-datestring-validator", 252 252 + "multiformats@9.9.0", 253 253 + "pino" 254 254 + ] 255 255 + }, 232 256 "@atproto/crypto@0.1.0": { 233 257 "integrity": "sha512-9xgFEPtsCiJEPt9o3HtJT30IdFTGw5cQRSJVIy5CFhqBA4vDLcdXiRDLCjkzHEVbtNCsHUW6CrlfOgbeLPcmcg==", 234 258 "dependencies": [ ··· 247 271 "uint8arrays" 248 272 ] 249 273 }, 274 274 + "@atproto/lexicon@0.5.1": { 275 275 + "integrity": "sha512-y8AEtYmfgVl4fqFxqXAeGvhesiGkxiy3CWoJIfsFDDdTlZUC8DFnZrYhcqkIop3OlCkkljvpSJi1hbeC1tbi8A==", 276 276 + "dependencies": [ 277 277 + "@atproto/common-web", 278 278 + "@atproto/syntax", 279 279 + "iso-datestring-validator", 280 280 + "multiformats@9.9.0", 281 281 + "zod@3.25.76" 282 282 + ] 283 283 + }, 284 284 + "@atproto/repo@0.8.10": { 285 285 + "integrity": "sha512-REs6TZGyxNaYsjqLf447u+gSdyzhvMkVbxMBiKt1ouEVRkiho1CY32+omn62UkpCuGK2y6SCf6x3sVMctgmX4g==", 286 286 + "dependencies": [ 287 287 + "@atproto/common@0.4.12", 288 288 + "@atproto/common-web", 289 289 + "@atproto/crypto@0.4.4", 290 290 + "@atproto/lexicon", 291 291 + "@ipld/dag-cbor@7.0.3", 292 292 + "multiformats@9.9.0", 293 293 + "uint8arrays", 294 294 + "varint", 295 295 + "zod@3.25.76" 296 296 + ] 297 297 + }, 298 298 + "@atproto/syntax@0.4.1": { 299 299 + "integrity": "sha512-CJdImtLAiFO+0z3BWTtxwk6aY5w4t8orHTMVJgkf++QRJWTxPbIFko/0hrkADB7n2EruDxDSeAgfUGehpH6ngw==" 300 300 + }, 301 301 + "@atproto/xrpc-server@0.9.5": { 302 302 + "integrity": "sha512-V0srjUgy6mQ5yf9+MSNBLs457m4qclEaWZsnqIE7RfYywvntexTAbMoo7J7ONfTNwdmA9Gw4oLak2z2cDAET4w==", 303 303 + "dependencies": [ 304 304 + "@atproto/common@0.4.12", 305 305 + "@atproto/crypto@0.4.4", 306 306 + "@atproto/lexicon", 307 307 + "@atproto/xrpc", 308 308 + "cbor-x", 309 309 + "express", 310 310 + "http-errors", 311 311 + "mime-types", 312 312 + "rate-limiter-flexible", 313 313 + "uint8arrays", 314 314 + "ws", 315 315 + "zod@3.25.76" 316 316 + ] 317 317 + }, 318 318 + "@atproto/xrpc@0.7.5": { 319 319 + "integrity": "sha512-MUYNn5d2hv8yVegRL0ccHvTHAVj5JSnW07bkbiaz96UH45lvYNRVwt44z+yYVnb0/mvBzyD3/ZQ55TRGt7fHkA==", 320 320 + "dependencies": [ 321 321 + "@atproto/lexicon", 322 322 + "zod@3.25.76" 323 323 + ] 324 324 + }, 325 325 + "@cbor-extract/cbor-extract-darwin-arm64@2.2.0": { 326 326 + "integrity": "sha512-P7swiOAdF7aSi0H+tHtHtr6zrpF3aAq/W9FXx5HektRvLTM2O89xCyXF3pk7pLc7QpaY7AoaE8UowVf9QBdh3w==", 327 327 + "os": ["darwin"], 328 328 + "cpu": ["arm64"] 329 329 + }, 330 330 + "@cbor-extract/cbor-extract-darwin-x64@2.2.0": { 331 331 + "integrity": "sha512-1liF6fgowph0JxBbYnAS7ZlqNYLf000Qnj4KjqPNW4GViKrEql2MgZnAsExhY9LSy8dnvA4C0qHEBgPrll0z0w==", 332 332 + "os": ["darwin"], 333 333 + "cpu": ["x64"] 334 334 + }, 335 335 + "@cbor-extract/cbor-extract-linux-arm64@2.2.0": { 336 336 + "integrity": "sha512-rQvhNmDuhjTVXSPFLolmQ47/ydGOFXtbR7+wgkSY0bdOxCFept1hvg59uiLPT2fVDuJFuEy16EImo5tE2x3RsQ==", 337 337 + "os": ["linux"], 338 338 + "cpu": ["arm64"] 339 339 + }, 340 340 + "@cbor-extract/cbor-extract-linux-arm@2.2.0": { 341 341 + "integrity": "sha512-QeBcBXk964zOytiedMPQNZr7sg0TNavZeuUCD6ON4vEOU/25+pLhNN6EDIKJ9VLTKaZ7K7EaAriyYQ1NQ05s/Q==", 342 342 + "os": ["linux"], 343 343 + "cpu": ["arm"] 344 344 + }, 345 345 + "@cbor-extract/cbor-extract-linux-x64@2.2.0": { 346 346 + "integrity": "sha512-cWLAWtT3kNLHSvP4RKDzSTX9o0wvQEEAj4SKvhWuOVZxiDAeQazr9A+PSiRILK1VYMLeDml89ohxCnUNQNQNCw==", 347 347 + "os": ["linux"], 348 348 + "cpu": ["x64"] 349 349 + }, 350 350 + "@cbor-extract/cbor-extract-win32-x64@2.2.0": { 351 351 + "integrity": "sha512-l2M+Z8DO2vbvADOBNLbbh9y5ST1RY5sqkWOg/58GkUPBYou/cuNZ68SGQ644f1CvZ8kcOxyZtw06+dxWHIoN/w==", 352 352 + "os": ["win32"], 353 353 + "cpu": ["x64"] 354 354 + }, 250 355 "@did-plc/lib@0.0.4": { 251 356 "integrity": "sha512-Omeawq3b8G/c/5CtkTtzovSOnWuvIuCI4GTJNrt1AmCskwEQV7zbX5d6km1mjJNbE0gHuQPTVqZxLVqetNbfwA==", 252 357 "dependencies": [ ··· 386 491 "get-intrinsic" 387 492 ] 388 493 }, 494 494 + "cbor-extract@2.2.0": { 495 495 + "integrity": "sha512-Ig1zM66BjLfTXpNgKpvBePq271BPOvu8MR0Jl080yG7Jsl+wAZunfrwiwA+9ruzm/WEdIV5QF/bjDZTqyAIVHA==", 496 496 + "dependencies": [ 497 497 + "node-gyp-build-optional-packages" 498 498 + ], 499 499 + "optionalDependencies": [ 500 500 + "@cbor-extract/cbor-extract-darwin-arm64", 501 501 + "@cbor-extract/cbor-extract-darwin-x64", 502 502 + "@cbor-extract/cbor-extract-linux-arm", 503 503 + "@cbor-extract/cbor-extract-linux-arm64", 504 504 + "@cbor-extract/cbor-extract-linux-x64", 505 505 + "@cbor-extract/cbor-extract-win32-x64" 506 506 + ], 507 507 + "scripts": true, 508 508 + "bin": true 509 509 + }, 510 510 + "cbor-x@1.6.0": { 511 511 + "integrity": "sha512-0kareyRwHSkL6ws5VXHEf8uY1liitysCVJjlmhaLG+IXLqhSaOO+t63coaso7yjwEzWZzLy8fJo06gZDVQM9Qg==", 512 512 + "optionalDependencies": [ 513 513 + "cbor-extract" 514 514 + ] 515 515 + }, 389 516 "cborg@1.10.2": { 390 517 "integrity": "sha512-b3tFPA9pUr2zCUiCfRd2+wok2/LBSNUMKOuRRok+WlvvAgEt/PlbgPTsZUcwCOs53IJvLgTp0eotwtosE6njug==", 391 518 "bin": true ··· 440 567 "destroy@1.2.0": { 441 568 "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==" 442 569 }, 570 570 + "detect-libc@2.1.1": { 571 571 + "integrity": "sha512-ecqj/sy1jcK1uWrwpR67UhYrIFQ+5WlGxth34WquCbamhFA6hkkwiu37o6J5xCHdo1oixJRfVRw+ywV+Hq/0Aw==" 572 572 + }, 443 573 "dunder-proto@1.0.1": { 444 574 "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==", 445 575 "dependencies": [ ··· 606 736 "gopd@1.2.0": { 607 737 "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==" 608 738 }, 739 739 + "graphemer@1.4.0": { 740 740 + "integrity": "sha512-EtKwoO6kxCL9WO5xipiHTZlSzBm7WLT627TqC/uVRd0HKmq8NXyebnNYxDoBi7wt8eTWrUrKXCOVaFq9x1kgag==" 741 741 + }, 609 742 "has-symbols@1.1.0": { 610 743 "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==" 611 744 }, ··· 655 788 "ipaddr.js@1.9.1": { 656 789 "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==" 657 790 }, 791 791 + "iso-datestring-validator@2.2.2": { 792 792 + "integrity": "sha512-yLEMkBbLZTlVQqOnQ4FiMujR6T4DEcCb1xizmvXS+OxuhwcbtynoosRzdMA69zZCShCNAbi+gJ71FxZBBXx1SA==" 793 793 + }, 658 794 "kysely@0.23.5": { 659 795 "integrity": "sha512-TH+b56pVXQq0tsyooYLeNfV11j6ih7D50dyN8tkM0e7ndiUH28Nziojiog3qRFlmEj9XePYdZUrNJ2079Qjdow==" 660 796 }, ··· 697 833 }, 698 834 "negotiator@0.6.3": { 699 835 "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==" 836 836 + }, 837 837 + "node-gyp-build-optional-packages@5.1.1": { 838 838 + "integrity": "sha512-+P72GAjVAbTxjjwUmwjVrqrdZROD4nf8KgpBoDxqXXTiYZZt/ud60dE5yvCSr9lRO8e8yv6kgJIC0K0PfZFVQw==", 839 839 + "dependencies": [ 840 840 + "detect-libc" 841 841 + ], 842 842 + "bin": true 700 843 }, 701 844 "object-assign@4.1.1": { 702 845 "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==" ··· 1039 1182 }, 1040 1183 "utils-merge@1.0.1": { 1041 1184 "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==" 1185 1185 + }, 1186 1186 + "varint@6.0.0": { 1187 1187 + "integrity": "sha512-cXEIW6cfr15lFv563k4GuVuW/fiwjknytD37jIOLSdSWuOI6WnO/oKwmP2FQTU2l01LP8/M5TSAJpzUaGe3uWg==" 1042 1188 }, 1043 1189 "vary@1.1.2": { 1044 1190 "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg=="

+1 -1

repo/sync/consumer.ts

reviewed

··· 148 148 const verified: RecordCidClaim[] = []; 149 149 const unverified: RecordCidClaim[] = []; 150 150 for (const claim of claims) { 151 151 - const found = await mst.get( 151 151 + const found = mst.get( 152 152 util.formatDataKey(claim.collection, claim.rkey), 153 153 ); 154 154 const record = found ? blockstore.readObj(found, def.map) : null;

sync/tests/mock-firehose-server.ts sync/tests/mock-relay.ts

reviewed

+21 -157

xrpc-server/stream/stream.ts

reviewed

··· 1 1 + import type { DuplexOptions } from "node:stream"; 2 2 + import { createWebSocketStream, type WebSocket } from "ws"; 1 3 import { ResponseType, XRPCError } from "@atp/xrpc"; 2 2 - import { Frame } from "./frames.ts"; 3 3 - import type { MessageFrame } from "./frames.ts"; 4 4 + import { Frame, type MessageFrame } from "./frames.ts"; 4 5 5 5 - /** 6 6 - * Converts a WebSocket connection into an async generator of Frame objects. 7 7 - * Handles both message and error frames, with proper error propagation. 8 8 - * 9 9 - * @param ws - The WebSocket connection to read from 10 10 - * @yields {Frame} Each frame received from the WebSocket 11 11 - * @throws Any WebSocket error that occurs during communication 12 12 - * 13 13 - * @example 14 14 - * ```typescript 15 15 - * const ws = new WebSocket(url); 16 16 - * for await (const frame of byFrame(ws)) { 17 17 - * // Process each frame 18 18 - * console.log(frame.type); 19 19 - * } 20 20 - * ``` 21 21 - */ 22 22 - export async function* byFrame( 23 23 - ws: WebSocket, 24 24 - ): AsyncGenerator<Frame> { 25 25 - // Wait for connection if still connecting 26 26 - if (ws.readyState === WebSocket.CONNECTING) { 27 27 - await new Promise<void>((resolve, reject) => { 28 28 - const onOpen = () => { 29 29 - ws.removeEventListener("open", onOpen); 30 30 - ws.removeEventListener("error", onError); 31 31 - resolve(); 32 32 - }; 33 33 - 34 34 - const onError = (event: Event | ErrorEvent) => { 35 35 - ws.removeEventListener("open", onOpen); 36 36 - ws.removeEventListener("error", onError); 37 37 - const error = event instanceof ErrorEvent && event.error 38 38 - ? event.error 39 39 - : new Error("WebSocket connection failed"); 40 40 - reject(error); 41 41 - }; 42 42 - 43 43 - ws.addEventListener("open", onOpen); 44 44 - ws.addEventListener("error", onError); 45 45 - }); 46 46 - } 47 47 - 48 48 - // If already closed, return immediately 49 49 - if (ws.readyState === WebSocket.CLOSED) { 50 50 - return; 51 51 - } 52 52 - 53 53 - // Process messages until connection closes 54 54 - while (ws.readyState === WebSocket.OPEN) { 55 55 - try { 56 56 - const frame = await waitForNextFrame(ws); 57 57 - if (frame) { 58 58 - yield frame; 59 59 - } else { 60 60 - // Connection closed normally 61 61 - break; 62 62 - } 63 63 - } catch (error) { 64 64 - // WebSocket error occurred 65 65 - throw error; 66 66 - } 67 67 - } 6 6 + export function streamByteChunks(ws: WebSocket, options?: DuplexOptions) { 7 7 + return createWebSocketStream(ws, { 8 8 + ...options, 9 9 + readableObjectMode: true, // Ensures frame bytes don't get buffered/combined together 10 10 + }); 68 11 } 69 12 70 70 - function waitForNextFrame(ws: WebSocket): Promise<Frame | null> { 71 71 - return new Promise<Frame | null>((resolve, reject) => { 72 72 - const cleanup = () => { 73 73 - ws.removeEventListener("message", onMessage); 74 74 - ws.removeEventListener("error", onError); 75 75 - ws.removeEventListener("close", onClose); 76 76 - }; 77 77 - 78 78 - const onMessage = async (event: MessageEvent) => { 79 79 - cleanup(); 80 80 - try { 81 81 - let data: Uint8Array; 82 82 - if (event.data instanceof Uint8Array) { 83 83 - data = event.data; 84 84 - } else if (event.data instanceof Blob) { 85 85 - data = new Uint8Array(await event.data.arrayBuffer()); 86 86 - } else { 87 87 - // Ignore non-binary data (e.g., ping/pong) 88 88 - // Re-attach listeners and wait for next message 89 89 - attachListeners(); 90 90 - return; 91 91 - } 92 92 - 93 93 - const frame = Frame.fromBytes(data); 94 94 - resolve(frame); 95 95 - } catch (error) { 96 96 - reject(error instanceof Error ? error : new Error(String(error))); 97 97 - } 98 98 - }; 99 99 - 100 100 - const onError = (event: Event | ErrorEvent) => { 101 101 - cleanup(); 102 102 - const error = event instanceof ErrorEvent && event.error 103 103 - ? event.error 104 104 - : new Error("WebSocket error"); 105 105 - reject(error); 106 106 - }; 107 107 - 108 108 - const onClose = () => { 109 109 - cleanup(); 110 110 - resolve(null); // Signal end of stream 111 111 - }; 112 112 - 113 113 - const attachListeners = () => { 114 114 - ws.addEventListener("message", onMessage, { once: true }); 115 115 - ws.addEventListener("error", onError, { once: true }); 116 116 - ws.addEventListener("close", onClose, { once: true }); 117 117 - }; 118 118 - 119 119 - // Check if connection is already closed before attaching listeners 120 120 - if (ws.readyState === WebSocket.CLOSED) { 121 121 - resolve(null); 122 122 - return; 123 123 - } 124 124 - 125 125 - attachListeners(); 126 126 - }); 13 13 + export async function* byFrame(ws: WebSocket, options?: DuplexOptions) { 14 14 + const wsStream = streamByteChunks(ws, options); 15 15 + for await (const chunk of wsStream) { 16 16 + yield Frame.fromBytes(chunk); 17 17 + } 127 18 } 128 19 129 129 - /** 130 130 - * Converts a WebSocket connection into an async generator of MessageFrames. 131 131 - * Automatically filters and validates frames to ensure they are valid messages. 132 132 - * Error frames are converted to exceptions. 133 133 - * 134 134 - * @param ws - The WebSocket connection to read from 135 135 - * @yields Each message frame received from the WebSocket 136 136 - * @throws If an error frame is received or an invalid frame type is encountered 137 137 - * 138 138 - * @example 139 139 - * ```typescript 140 140 - * const ws = new WebSocket(url); 141 141 - * for await (const message of byMessage(ws)) { 142 142 - * // Process each message 143 143 - * console.log(message.body); 144 144 - * } 145 145 - * ``` 146 146 - */ 147 147 - export async function* byMessage( 148 148 - ws: WebSocket, 149 149 - ): AsyncGenerator<MessageFrame<unknown>> { 150 150 - for await (const frame of byFrame(ws)) { 151 151 - yield ensureChunkIsMessage(frame); 20 20 + export async function* byMessage(ws: WebSocket, options?: DuplexOptions) { 21 21 + const wsStream = streamByteChunks(ws, options); 22 22 + for await (const chunk of wsStream) { 23 23 + const msg = ensureChunkIsMessage(chunk); 24 24 + yield msg; 152 25 } 153 26 } 154 27 155 155 - /** 156 156 - * Validates that a frame is a MessageFrame and converts it to the appropriate type. 157 157 - * If the frame is an error frame, throws an XRPCError with the error details. 158 158 - * 159 159 - * @param frame - The frame to validate 160 160 - * @returns The frame as a MessageFrame if valid 161 161 - * @throws If the frame is an error frame or an invalid type 162 162 - * @internal 163 163 - */ 164 164 - export function ensureChunkIsMessage(frame: Frame): MessageFrame<unknown> { 28 28 + export function ensureChunkIsMessage(chunk: Uint8Array): MessageFrame<unknown> { 29 29 + const frame = Frame.fromBytes(chunk); 165 30 if (frame.isMessage()) { 166 31 return frame; 167 32 } else if (frame.isError()) { 168 168 - // @TODO work -1 error code into XRPCError 169 169 - throw new XRPCError(3, frame.code, frame.message); 33 33 + throw new XRPCError(-1, frame.code, frame.message); 170 34 } else { 171 35 throw new XRPCError(ResponseType.Unknown, undefined, "Unknown frame type"); 172 36 }

+12 -25

xrpc-server/stream/subscription.ts

reviewed

··· 1 1 + import type { ClientOptions } from "ws"; 1 2 import { ensureChunkIsMessage } from "./stream.ts"; 2 3 import { WebSocketKeepAlive } from "./websocket-keepalive.ts"; 3 3 - import { Frame } from "./frames.ts"; 4 4 - import type { WebSocketOptions } from "./types.ts"; 5 4 6 6 - /** 7 7 - * Represents a message body in a subscription stream. 8 8 - * @interface 9 9 - * @property $type - Optional type identifier for the message 10 10 - * @property [key] - Additional message properties 11 11 - */ 12 12 - interface MessageBody { 13 13 - $type?: string; 14 14 - [key: string]: unknown; 15 15 - } 16 16 - 17 17 - /** 18 18 - * Represents a subscription to an XRPC streaming endpoint. 19 19 - * Handles WebSocket connection management, reconnection, and message parsing. 20 20 - * @class 21 21 - * @template T - The type of messages yielded by the subscription 22 22 - */ 23 5 export class Subscription<T = unknown> { 24 6 constructor( 25 25 - public opts: WebSocketOptions & { 7 7 + public opts: ClientOptions & { 26 8 service: string; 27 9 method: string; 28 10 maxReconnectSeconds?: number; ··· 51 33 }, 52 34 }); 53 35 for await (const chunk of ws) { 54 54 - const frame = Frame.fromBytes(chunk); 55 55 - const message = ensureChunkIsMessage(frame); 36 36 + const message = ensureChunkIsMessage(chunk); 56 37 const t = message.header.t; 57 38 const clone = message.body !== undefined 58 58 - ? { ...message.body } as MessageBody 39 39 + ? { ...message.body } 59 40 : undefined; 60 60 - if (clone !== undefined && t !== undefined) { 61 61 - clone.$type = t.startsWith("#") ? this.opts.method + t : t; 41 41 + if ( 42 42 + clone !== undefined && t !== undefined && 43 43 + clone as Record<string, unknown>["$type"] !== undefined 44 44 + ) { 45 45 + (clone as Record<string, string>)["$type"] = t.startsWith("#") 46 46 + ? this.opts.method + t 47 47 + : t; 62 48 } 63 49 const result = this.opts.validate(clone); 64 50 if (result !== undefined) { ··· 83 69 return params.toString(); 84 70 } 85 71 72 72 + // Adapted from xrpc, but without any lex-specific knowledge 86 73 function encodeQueryParam(value: unknown): string | string[] { 87 74 if (typeof value === "string") { 88 75 return value;

+34 -164

xrpc-server/stream/websocket-keepalive.ts

reviewed

··· 1 1 + import { type ClientOptions, WebSocket } from "ws"; 1 2 import { SECOND, wait } from "@atp/common"; 2 2 - import { CloseCode, DisconnectError, type WebSocketOptions } from "./types.ts"; 3 3 + import { streamByteChunks } from "./stream.ts"; 4 4 + import { CloseCode, DisconnectError } from "./types.ts"; 3 5 4 4 - /** 5 5 - * WebSocket client with automatic reconnection and heartbeat functionality. 6 6 - * Handles connection management, reconnection backoff, and keep-alive messages. 7 7 - * @class 8 8 - */ 9 6 export class WebSocketKeepAlive { 10 7 public ws: WebSocket | null = null; 11 8 public initialSetup = true; 12 9 public reconnects: number | null = null; 13 10 14 11 constructor( 15 15 - public opts: WebSocketOptions & { 12 12 + public opts: ClientOptions & { 16 13 getUrl: () => Promise<string>; 17 14 maxReconnectSeconds?: number; 18 15 signal?: AbortSignal; ··· 35 32 await wait(duration); 36 33 } 37 34 const url = await this.opts.getUrl(); 38 38 - this.ws = new WebSocket(url, this.opts.protocols); 35 35 + this.ws = new WebSocket(url, this.opts); 39 36 const ac = new AbortController(); 40 37 if (this.opts.signal) { 41 38 forwardSignal(this.opts.signal, ac); 42 39 } 43 43 - this.ws.onopen = () => { 40 40 + this.ws.once("open", () => { 44 41 this.initialSetup = false; 45 42 this.reconnects = 0; 46 43 if (this.ws) { 47 44 this.startHeartbeat(this.ws); 48 45 } 49 49 - }; 50 50 - this.ws.onclose = (ev: CloseEvent) => { 51 51 - if (ev.code === CloseCode.Abnormal) { 46 46 + }); 47 47 + this.ws.once("close", (code: number, reason: Uint8Array) => { 48 48 + if (code === CloseCode.Abnormal) { 52 49 // Forward into an error to distinguish from a clean close 53 50 ac.abort( 54 54 - new AbnormalCloseError(`Abnormal ws close: ${ev.reason}`), 51 51 + new AbnormalCloseError(`Abnormal ws close: ${reason.toString()}`), 55 52 ); 56 53 } 57 57 - }; 54 54 + }); 58 55 59 56 try { 60 60 - const messageQueue: Uint8Array[] = []; 61 61 - let error: Error | null = null; 62 62 - let finished = false; 63 63 - let resolveNext: (() => void) | null = null; 64 64 - 65 65 - const processMessage = (ev: MessageEvent) => { 66 66 - if (ev.data === "pong") { 67 67 - // Handle heartbeat pong responses separately 68 68 - return; 69 69 - } 70 70 - if (ev.data instanceof Uint8Array) { 71 71 - messageQueue.push(ev.data); 72 72 - if (resolveNext) { 73 73 - resolveNext(); 74 74 - resolveNext = null; 75 75 - } 76 76 - } 77 77 - }; 78 78 - 79 79 - const handleError = (ev: Event | ErrorEvent) => { 80 80 - error = ev instanceof ErrorEvent && ev.error 81 81 - ? ev.error 82 82 - : new Error("WebSocket error"); 83 83 - if (resolveNext) { 84 84 - resolveNext(); 85 85 - resolveNext = null; 86 86 - } 87 87 - }; 88 88 - 89 89 - const handleClose = () => { 90 90 - finished = true; 91 91 - if (resolveNext) { 92 92 - resolveNext(); 93 93 - resolveNext = null; 94 94 - } 95 95 - }; 96 96 - 97 97 - this.ws.onmessage = processMessage; 98 98 - this.ws.onerror = handleError; 99 99 - this.ws.onclose = handleClose; 100 100 - 101 101 - // Wait for connection if still connecting 102 102 - if (this.ws.readyState === WebSocket.CONNECTING) { 103 103 - await new Promise<void>((resolve, reject) => { 104 104 - const onOpen = () => { 105 105 - this.ws!.removeEventListener("open", onOpen); 106 106 - this.ws!.removeEventListener("error", onInitialError); 107 107 - resolve(); 108 108 - }; 109 109 - 110 110 - const onInitialError = (ev: Event | ErrorEvent) => { 111 111 - this.ws!.removeEventListener("open", onOpen); 112 112 - this.ws!.removeEventListener("error", onInitialError); 113 113 - const errorMsg = ev instanceof ErrorEvent && ev.error 114 114 - ? ev.error 115 115 - : new Error("Failed to connect to WebSocket"); 116 116 - reject(errorMsg); 117 117 - }; 118 118 - 119 119 - this.ws!.addEventListener("open", onOpen, { once: true }); 120 120 - this.ws!.addEventListener("error", onInitialError, { once: true }); 121 121 - }); 122 122 - } 123 123 - 124 124 - // Main message processing loop 125 125 - while (!finished && !error && !ac.signal.aborted) { 126 126 - // Process any queued messages first 127 127 - while (messageQueue.length > 0) { 128 128 - yield messageQueue.shift()!; 129 129 - } 130 130 - 131 131 - // If no messages and not finished, wait for next event 132 132 - if ( 133 133 - !finished && !error && !ac.signal.aborted && 134 134 - messageQueue.length === 0 135 135 - ) { 136 136 - await new Promise<void>((resolve) => { 137 137 - resolveNext = resolve; 138 138 - // Also resolve if abort signal is triggered 139 139 - if (ac.signal.aborted) { 140 140 - resolve(); 141 141 - } else { 142 142 - ac.signal.addEventListener("abort", () => resolve(), { 143 143 - once: true, 144 144 - }); 145 145 - } 146 146 - }); 147 147 - } 57 57 + const wsStream = streamByteChunks(this.ws, { signal: ac.signal }); 58 58 + for await (const chunk of wsStream) { 59 59 + yield chunk; 148 60 } 149 149 - 150 150 - // Process any remaining messages 151 151 - while (messageQueue.length > 0) { 152 152 - yield messageQueue.shift()!; 153 153 - } 154 154 - 155 155 - if (error) throw error; 156 156 - if (ac.signal.aborted) throw ac.signal.reason; 157 157 - } catch (_err) { 158 158 - const err = isErrorWithCode(_err) && _err.code === "ABORT_ERR" 159 159 - ? _err.cause 160 160 - : _err; 61 61 + } catch (error) { 62 62 + const err = (error as Record<string, unknown>)?.["code"] === "ABORT_ERR" 63 63 + ? (error as Record<string, unknown>)["cause"] 64 64 + : error; 161 65 if (err instanceof DisconnectError) { 162 66 // We cleanly end the connection 163 67 this.ws?.close(err.wsCode); ··· 178 82 179 83 startHeartbeat(ws: WebSocket) { 180 84 let isAlive = true; 181 181 - let heartbeatInterval: ReturnType<typeof setInterval> | null = null; 85 85 + let heartbeatInterval: number | null = null; 182 86 183 87 const checkAlive = () => { 184 88 if (!isAlive) { 185 185 - return ws.close(); 89 89 + return ws.terminate(); 186 90 } 187 91 isAlive = false; // expect websocket to no longer be alive unless we receive a "pong" within the interval 188 188 - ws.send("ping"); 92 92 + ws.ping(); 189 93 }; 190 190 - 191 191 - // Store original handlers to chain them properly 192 192 - const originalOnMessage = ws.onmessage; 193 193 - const originalOnClose = ws.onclose; 194 94 195 95 checkAlive(); 196 96 heartbeatInterval = setInterval( ··· 198 98 this.opts.heartbeatIntervalMs ?? 10 * SECOND, 199 99 ); 200 100 201 201 - // Chain message handler to handle pong responses 202 202 - ws.onmessage = (ev: MessageEvent) => { 203 203 - if (ev.data === "pong") { 204 204 - isAlive = true; 205 205 - } 206 206 - // Always call the original handler for all messages 207 207 - if (originalOnMessage) { 208 208 - originalOnMessage.call(ws, ev); 209 209 - } 210 210 - }; 211 211 - 212 212 - // Chain close handler to clean up heartbeat 213 213 - ws.onclose = (ev: CloseEvent) => { 101 101 + ws.on("pong", () => { 102 102 + isAlive = true; 103 103 + }); 104 104 + ws.once("close", () => { 214 105 if (heartbeatInterval) { 215 106 clearInterval(heartbeatInterval); 216 107 heartbeatInterval = null; 217 108 } 218 218 - if (originalOnClose) { 219 219 - originalOnClose.call(ws, ev); 220 220 - } 221 221 - }; 109 109 + }); 222 110 } 223 111 } 224 112 ··· 228 116 code = "EWSABNORMALCLOSE"; 229 117 } 230 118 231 231 - /** 232 232 - * Interface for errors with error codes. 233 233 - * @interface 234 234 - * @property {string} [code] - Error code identifier 235 235 - * @property {unknown} [cause] - Underlying cause of the error 236 236 - */ 237 237 - interface ErrorWithCode { 238 238 - code?: string; 239 239 - cause?: unknown; 240 240 - } 241 241 - 242 242 - /** 243 243 - * Type guard to check if an error has an error code. 244 244 - * @param {unknown} err - The error to check 245 245 - * @returns {boolean} True if the error has a code property 246 246 - */ 247 247 - function isErrorWithCode(err: unknown): err is ErrorWithCode { 248 248 - return err !== null && typeof err === "object" && "code" in err; 249 249 - } 250 250 - 251 119 function isReconnectable(err: unknown): boolean { 252 252 - if (!isErrorWithCode(err)) return false; 253 253 - return typeof err.code === "string" && networkErrorCodes.includes(err.code); 120 120 + // Network errors are reconnectable. 121 121 + // AuthenticationRequired and InvalidRequest XRPCErrors are not reconnectable. 122 122 + // @TODO method-specific XRPCErrors may be reconnectable, need to consider. Receiving 123 123 + // an invalid message is not current reconnectable, but the user can decide to skip them. 124 124 + if (!err || typeof err as Record<string, unknown>["code"] !== "string") { 125 125 + return false; 126 126 + } 127 127 + return networkErrorCodes.includes((err as Record<string, string>)["code"]); 254 128 } 255 129 256 256 - /** 257 257 - * List of error codes that indicate network-related issues. 258 258 - * These errors typically warrant a reconnection attempt. 259 259 - */ 260 130 const networkErrorCodes = [ 261 131 "EWSABNORMALCLOSE", 262 132 "ECONNRESET",