DukeInc/Kez
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Kez/nodejs/packages/kez-channels/src/activitypub.ts
Tudisco d0db6f00f1 Initial implementation of KEZ — protocol, two impls, and storage server 
KEZ is a portable, decentralized identity graph: a person signs claims
linking their many accounts, publishes those claims in places only the
claimed account can publish to, and anyone can verify the connections
without trusting a central server.

Layout
------
- SPEC.md            Language-agnostic protocol spec (v0.2)
- rust/              Rust implementation: kez-core, kez-channels, kez-cli
- nodejs/            TypeScript port at full parity
- rust-sig-server/   Optional axum + SQLite storage server for sigchains
- crosstest.sh       Cross-implementation interop harness

Capabilities (both implementations, byte-compatible)
----------------------------------------------------
- Two primary-key algorithms: nostr/secp256k1 Schnorr (BIP-340) and
  Ed25519 (RFC 8032). Identifiers: nostr:npub1... and ed25519:<hex>.
- JCS (RFC 8785) canonicalization for everything signed.
- Four proof encodings: JSON envelope, compact (kez:z1:<base64url(zstd(json))>),
  Markdown fence, DNS TXT.
- Five channel plugins (no API keys, no auth needed for any of them):
    dns:        system resolver, _kez.<domain> TXT records
    github:     public gist scan + <user>/<user> profile README fallback
    nostr:      kind-30078 events from default relays
    bluesky:    public AppView author feed
    ap:         WebFinger + actor JSON (alias mastodon:)
- Identical CLI surface:
    kez identity new [--key-type nostr|ed25519]
    kez claim create <subject> (--nsec | --ed25519-seed) [--format ...] [--out ...]
    kez claim dns <domain>     (--nsec | --ed25519-seed)
    kez verify file <path>
    kez verify id <identifier>
    kez sigchain add|revoke|show|export|publish
- Sigchains: append-only signed log per primary, hash-chained per spec §6,
  stored locally at ~/.kez/sigchains/, exportable as JSONL or kez:zc1: bundle.
- Sigchain publish destinations: chain server, web (file dump), DNS (zone
  record print), nostr (kind-30078 wrapping event).

kez-sig-server
--------------
Optional storage tier. Axum + SQLite, single binary, no external deps.

- No auth — the cryptography is the access control. The server validates
  every signature, every seq, every prev hash before storing.
- REST API: POST /v1/sigchains/{scheme}/{id}/events (append signed event,
  201 with new head hash or 4xx); GET /{scheme}/{id} (full chain as JSONL);
  GET /head; GET /healthz.
- Designed for one central instance for now; the design doesn't preclude
  running more later (clients gain a configurable list, verifiers
  reconcile per spec §6.2).
- Channel-based publishing remains the always-available fallback if the
  server is unavailable.

Tests
-----
- rust/                 99 tests
- rust-sig-server/      10 integration tests (real HTTP, real SQLite)
- nodejs/               91 tests (vitest)
- crosstest.sh          19 cross-impl scenarios — proves JCS bytes,
                        Schnorr + Ed25519 sigs, all four claim encodings,
                        and the sigchain JSONL bundle are byte-compatible
                        between Rust and Node in both directions.

What's not done yet
-------------------
- verify id consulting the sigchain for revocations (data path exists,
  just not wired into the verifier output).
- rotate and add_device sigchain ops (types reserved).
- expires_at enforcement during claim verification.
- Typed VerificationStatus.status reflecting the five failure modes.
- Auth-required publishers (GitHub gist, Bluesky, ActivityPub).
2026-05-24 14:41:00 -06:00

175 lines
5.6 KiB
TypeScript
Raw Blame History

// ActivityPub channel: WebFinger → actor JSON → attachment / summary scan.
// Works for Mastodon, Pleroma, Akkoma, Misskey, GoToSocial, Friendica, PeerTube.
import type { Identity } from "@kez/core";
import { ChannelError, type Channel, type ChannelHit, parseAndVerifyFor } from "./index.js";
const USER_AGENT = "kez-channels-node/0.1 (+https://example.invalid/kez)";
export interface ActivityPubChannelOptions {
/** Test override: route every fetch here regardless of server name. */
baseOverride?: string;
/** Canonical scheme this instance reports as `system`. Default "ap". */
system?: string;
fetch?: typeof fetch;
}
export class ActivityPubChannel implements Channel {
readonly system: string;
private readonly baseOverride?: string;
private readonly fetch: typeof fetch;
constructor(opts: ActivityPubChannelOptions = {}) {
this.system = opts.system ?? "ap";
this.baseOverride = opts.baseOverride;
this.fetch = opts.fetch ?? globalThis.fetch;
}
async fetchAndVerify(identity: Identity): Promise<ChannelHit> {
const { user, server } = parseHandle(identity.id);
const base = this.baseOverride ?? `https://${server}`;
// 1. WebFinger → actor URL
const wfUrl = webfingerUrl(base, user, server);
const wf = await this.fetchJson(wfUrl, "application/jrd+json");
const actorUrl = extractActorUrl(wf);
if (!actorUrl) throw ChannelError.notFound(identity);
// 2. Actor JSON → candidate proof strings
const actor = await this.fetchJson(actorUrl, "application/activity+json");
const candidates = extractActorCandidates(actor);
// 3. parse + verify each candidate
let lastError: ChannelError | undefined;
for (const raw of candidates) {
try {
return parseAndVerifyFor(raw, identity);
} catch (e) {
lastError = e instanceof ChannelError ? e : ChannelError.invalid((e as Error).message, e);
}
}
throw lastError ?? ChannelError.notFound(identity);
}
private async fetchJson(url: string, accept: string): Promise<unknown> {
let resp: Response;
try {
resp = await this.fetch(url, {
headers: { "User-Agent": USER_AGENT, Accept: accept },
});
} catch (e) {
throw ChannelError.unreachable(`GET ${url}: ${(e as Error).message}`, e);
}
if (resp.status === 404) throw ChannelError.unreachable(`GET ${url}: 404`);
if (!resp.ok) throw ChannelError.unreachable(`GET ${url}: ${resp.status}`);
return resp.json();
}
}
export function parseHandle(value: string): { user: string; server: string } {
const trimmed = value.startsWith("@") ? value.slice(1) : value;
const at = trimmed.indexOf("@");
if (at < 0) throw ChannelError.other(`expected @user@server, got: ${value}`);
const user = trimmed.slice(0, at);
const server = trimmed.slice(at + 1);
if (!user || !server) throw ChannelError.other(`invalid handle (empty part): ${value}`);
return { user, server };
}
export function webfingerUrl(base: string, user: string, server: string): string {
// Match Rust verbatim: no URL encoding — WebFinger servers accept both
// forms, and keeping bytes identical helps cross-implementation tests.
return `${base}/.well-known/webfinger?resource=acct:${user}@${server}`;
}
export function extractActorUrl(webfinger: unknown): string | undefined {
if (typeof webfinger !== "object" || webfinger === null) return undefined;
const links = (webfinger as Record<string, unknown>).links;
if (!Array.isArray(links)) return undefined;
for (const link of links) {
if (typeof link !== "object" || link === null) continue;
const rel = (link as Record<string, unknown>).rel;
const typ = (link as Record<string, unknown>).type;
const href = (link as Record<string, unknown>).href;
if (
rel === "self" &&
typeof typ === "string" &&
(typ.includes("activity+json") || typ.includes("ld+json")) &&
typeof href === "string"
) {
return href;
}
}
return undefined;
}
export function extractActorCandidates(actor: unknown): string[] {
if (typeof actor !== "object" || actor === null) return [];
const out: string[] = [];
const attachments = (actor as Record<string, unknown>).attachment;
if (Array.isArray(attachments)) {
for (const att of attachments) {
const value = (att as Record<string, unknown>)?.value;
if (typeof value === "string") out.push(stripHtml(value));
}
}
const summary = (actor as Record<string, unknown>).summary;
if (typeof summary === "string") out.push(stripHtml(summary));
return out;
}
/** Drop HTML tags and decode the small set of named entities a bio uses. */
export function stripHtml(html: string): string {
let out = "";
let i = 0;
while (i < html.length) {
const c = html[i];
if (c === "<") {
const end = html.indexOf(">", i + 1);
if (end < 0) break;
i = end + 1;
} else if (c === "&") {
// try to read an entity name
const semi = html.indexOf(";", i + 1);
if (semi < 0 || semi > i + 9) {
out += c;
i++;
continue;
}
const entity = html.slice(i + 1, semi);
const decoded = decodeEntity(entity);
if (decoded !== undefined) {
out += decoded;
i = semi + 1;
} else {
out += c;
i++;
}
} else {
out += c;
i++;
}
}
return out;
}
function decodeEntity(name: string): string | undefined {
switch (name) {
case "amp":
return "&";
case "lt":
return "<";
case "gt":
return ">";
case "quot":
return '"';
case "apos":
case "#39":
return "'";
case "nbsp":
return " ";
default:
return undefined;
}
}
Reference in New Issue View Git Blame Copy Permalink