add prism-resolver

Author: sebasti810

packages/bsky/src/auth-verifier.ts

@@ -124,7 +124,7 @@ export class AuthVerifier {
         if (header?.typ === 'at+jwt') {
           // we should never use entryway session tokens in the case of flexible auth audiences (namely in the case of getFeed)
           if (opts.skipAudCheck) {
-            console.log('HERE <<------- is the problem1234')
+            throw new AuthRequiredError('Malformed token', 'InvalidToken')
           }
           return this.entrywaySession(ctx)
         }

packages/identity/src/did/prism-resolver.ts

@@ -0,0 +1,38 @@
+import { DidCache } from '../types'
+import { BaseResolver } from './base-resolver'
+import { timed } from './util'
+
+export class DidPrismResolver extends BaseResolver {
+  constructor(
+    public prismUrl: string,
+    public timeout: number,
+    public cache?: DidCache,
+  ) {
+    super(cache)
+  }
+
+  async resolveNoCheck(did: string): Promise<unknown> {
+    // Extract account ID from did:prism:abc123 -> abc123
+    console.log('use prism did resolver 🫂')
+    const accountId = did.split(':')[2]
+    return timed(this.timeout, async (signal) => {
+      const res = await fetch(`${this.prismUrl}/get-did-document`, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          Accept: 'application/json',
+        },
+        body: JSON.stringify({ id: accountId }),
+        signal,
+      })
+
+      if (!res.ok) {
+        throw Object.assign(new Error(res.statusText), { status: res.status })
+      }
+
+      const response = await res.json()
+      console.log(response)
+      return response.did_document
+    })
+  }
+}

packages/pds/src/api/com/atproto/server/createAccount.ts

@@ -106,6 +106,8 @@ export default function (server: Server, ctx: AppContext) {
       // @NOTE Until this code and the OAuthStore's `createAccount` are
       // refactored together, any change made here must be reflected over there.
 
+      console.log(ctx.entrywayAgent, 'entrywayAgent in createAccount')
+
       const requester = auth.credentials?.did ?? null
       const {
         did,
@@ -120,6 +122,8 @@ export default function (server: Server, ctx: AppContext) {
         ? await validateInputsForEntrywayPds(ctx, input.body)
         : await validateInputsForLocalPds(ctx, input.body, requester)
 
+      console.log('request in createAccount', requester)
+
       let didDoc: DidDocument | undefined
       let creds: { accessJwt: string; refreshJwt: string }
       await ctx.actorStore.create(did, signingKey)
@@ -131,8 +135,6 @@ export default function (server: Server, ctx: AppContext) {
         // Generate a real did with Prism
         if (plcOp) {
           try {
-            await ctx.plcClient.sendOperation(did, plcOp)
-            console.log('herer3')
             // Extract rotation keys matching the ones used in formatDidAndPlcOp
             const rotationKeys = plcOp.rotationKeys || [
               ctx.plcRotationKey.did(),
@@ -159,12 +161,9 @@ export default function (server: Server, ctx: AppContext) {
         console.log('lets wait for 15 seconds')
         await new Promise((resolve) => setTimeout(resolve, 15000))
         console.log('waited 15 seconds')
-        console.log(did)
 
         didDoc = await safeResolveDidDoc(ctx, did, true)
 
-        console.log(didDoc)
-
         creds = await ctx.accountManager.createAccountAndSession({
           did,
           handle,
@@ -176,6 +175,8 @@ export default function (server: Server, ctx: AppContext) {
           deactivated,
         })
 
+        console.log('creds', creds)
+
         if (!deactivated) {
           await ctx.sequencer.sequenceIdentityEvt(did, handle)
           await ctx.sequencer.sequenceAccountEvt(did, AccountStatus.Active)

packages/pds/src/api/com/atproto/server/util.ts

@@ -35,6 +35,7 @@ export const safeResolveDidDoc = async (
 ): Promise<DidDocument | undefined> => {
   try {
     const didDoc = await ctx.idResolver.did.resolve(did, forceRefresh)
+    console.log('resolved did doc for', did, didDoc)
     return didDoc ?? undefined
   } catch (err) {
     httpLogger.warn({ err, did }, 'failed to resolve did doc')

packages/pds/src/context.ts

@@ -348,7 +348,9 @@ export class AppContext {
         })
       : undefined
 
-    console.log(oauthProvider, 'OAUTH PROVIDER HERE')
+    console.log(oauthProvider?.keyset.privateJwks, 'OAUTH PROVIDER HERE')
+    console.log(oauthProvider?.keyset.publicJwks, 'OAUTH PROVIDER HERE')
+    console.log(oauthProvider?.keyset.toJSON(), 'OAUTH PROVIDER HERE')
 
     const oauthVerifier: OAuthVerifier =
       oauthProvider ?? // OAuthProvider extends OAuthVerifier
@@ -359,6 +361,10 @@ export class AppContext {
         redis: redisScratch,
       })
 
+    console.log(oauthVerifier.keyset.privateJwks, 'OAUTH VERIFIER HERE')
+    console.log(oauthVerifier.keyset.publicJwks, 'OAUTH VERIFIER HERE')
+    console.log(oauthVerifier.keyset.toJSON(), 'OAUTH VERIFIER HERE')
+
     const authVerifier = new AuthVerifier(
       accountManager,
       idResolver,

packages/pds/src/prism-plc.ts

@@ -0,0 +1,14 @@
+import * as plc from '@did-plc/lib'
+
+export async function createOp(input: any) {
+  const result = await plc.createOp(input)
+
+  const prismDid = result.did.replace('did:plc:', 'did:prism:')
+
+  return {
+    ...result,
+    did: prismDid,
+  }
+}
+
+export * from '@did-plc/lib'