djara.dev
Secure storage and distribution of cryptographic keys in ATProto applications
fix: validate DIDs before generating keys.
zicklag.dev
+6
+6
main.ts
+6
main.ts
···
3
3
import { IdResolver } from "npm:@atproto/identity@0.4.3";
4
4
import * as earthstar from "jsr:@earthstar/earthstar@11.0.0-beta.7";
5
5
import { encodeBase32 } from "jsr:@std/encoding@1.0.6/base32";
6
+
import { assertDid } from "npm:@atproto/did@0.1.3";
6
7
7
8
type Keypair = { publicKey: Uint8Array; secretKey: Uint8Array };
8
9
···
84
85
// Get a user's public key
85
86
router.get("/xrpc/public.key.pigeon.muni.town", async ({ query }) => {
86
87
const { did } = query;
88
+
try {
89
+
assertDid(did);
90
+
} catch (e) {
91
+
return error(400, `Invalid DID: ${e}`);
92
+
}
87
93
if (typeof did !== "string" || !did)
88
94
return error(400, "DID query parameter required");
89
95
return {