nekomimi.pet / jacquard
forked from nonbinary.computer/jacquard
A better Rust ATProto crate
fork atom

moved identity resolution stuff into its own crate

Orual 102d6666 36ef115b

options
unified split
Changed files
+134 -81
Cargo.lock
Cargo.toml
crates
jacquard
Cargo.toml
src
client
at_client.rs
client.rs
lib.rs
main.rs
jacquard-common
Cargo.toml
src
cowstr.rs
lib.rs
jacquard-identity
Cargo.toml
src
lib.rs
resolver.rs
jacquard-oauth
Cargo.toml
src
atproto.rs
dpop.rs
request.rs
resolver.rs
session.rs
utils.rs
+38 -3
Cargo.lock
··· 1539 1539 "bon", 1540 1540 "bytes", 1541 1541 "clap", 1542 - "hickory-resolver", 1543 1542 "http", 1544 1543 "jacquard-api", 1545 1544 "jacquard-common", 1546 1545 "jacquard-derive", 1546 + "jacquard-identity", 1547 1547 "jacquard-oauth", 1548 1548 "jose-jwk", 1549 1549 "miette", ··· 1588 1588 "cid", 1589 1589 "ed25519-dalek", 1590 1590 "enum_dispatch", 1591 - "hickory-resolver", 1592 1591 "http", 1593 1592 "ipld-core", 1594 1593 "k256", ··· 1610 1609 "smol_str", 1611 1610 "thiserror 2.0.17", 1612 1611 "tokio", 1612 + "trait-variant", 1613 1613 "url", 1614 1614 ] 1615 1615 ··· 1631 1631 ] 1632 1632 1633 1633 [[package]] 1634 + name = "jacquard-identity" 1635 + version = "0.2.0" 1636 + dependencies = [ 1637 + "async-trait", 1638 + "bon", 1639 + "bytes", 1640 + "hickory-resolver", 1641 + "http", 1642 + "jacquard-api", 1643 + "jacquard-common", 1644 + "miette", 1645 + "percent-encoding", 1646 + "reqwest", 1647 + "serde", 1648 + "serde_html_form", 1649 + "serde_json", 1650 + "thiserror 2.0.17", 1651 + "tokio", 1652 + "url", 1653 + "urlencoding", 1654 + ] 1655 + 1656 + [[package]] 1634 1657 name = "jacquard-lexicon" 1635 1658 version = "0.2.0" 1636 1659 dependencies = [ ··· 1657 1680 dependencies = [ 1658 1681 "async-trait", 1659 1682 "base64 0.22.1", 1660 - "bon", 1661 1683 "chrono", 1662 1684 "dashmap", 1663 1685 "elliptic-curve", 1664 1686 "http", 1665 1687 "jacquard-common", 1688 + "jacquard-identity", 1666 1689 "jose-jwa", 1667 1690 "jose-jwk", 1668 1691 "miette", ··· 1678 1701 "smol_str", 1679 1702 "thiserror 2.0.17", 1680 1703 "tokio", 1704 + "trait-variant", 1681 1705 "url", 1682 1706 "uuid", 1683 1707 ] ··· 3344 3368 checksum = "b9d12581f227e93f094d3af2ae690a574abb8a2b9b7a96e7cfe9647b2b617678" 3345 3369 dependencies = [ 3346 3370 "once_cell", 3371 + ] 3372 + 3373 + [[package]] 3374 + name = "trait-variant" 3375 + version = "0.1.2" 3376 + source = "registry+https://github.com/rust-lang/crates.io-index" 3377 + checksum = "70977707304198400eb4835a78f6a9f928bf41bba420deb8fdb175cd965d77a7" 3378 + dependencies = [ 3379 + "proc-macro2", 3380 + "quote", 3381 + "syn 2.0.106", 3347 3382 ] 3348 3383 3349 3384 [[package]]
+6
Cargo.toml
··· 35 35 miette = "7.6" 36 36 thiserror = "2.0" 37 37 38 + # trait stuff 39 + trait-variant = "0.1.2" 40 + 41 + 42 + bon = "3.8.0" 43 + 38 44 # Data types 39 45 bytes = "1.10" 40 46 smol_str = { version = "0.3", features = ["serde"] }
+1 -2
crates/jacquard-common/Cargo.toml
··· 39 39 async-trait = "0.1" 40 40 tokio = { version = "1", features = ["sync"] } 41 41 reqwest = { workspace = true, optional = true, features = ["charset", "http2", "json", "system-proxy", "gzip", "rustls-tls"] } 42 - hickory-resolver = { version = "0.24", default-features = false, features = ["system-config", "tokio-runtime"], optional = true } 43 42 serde_ipld_dagcbor.workspace = true 43 + trait-variant.workspace = true 44 44 45 45 [features] 46 46 default = [] 47 - dns = ["dep:hickory-resolver"] 48 47 crypto = [] 49 48 crypto-ed25519 = ["crypto", "dep:ed25519-dalek"] 50 49 crypto-k256 = ["crypto", "dep:k256"]
+2 -2
crates/jacquard-common/src/cowstr.rs
··· 1 - use serde::{Deserialize, Serialize, de::DeserializeOwned}; 2 - use smol_str::{SmolStr, ToSmolStr}; 1 + use serde::{Deserialize, Serialize}; 2 + use smol_str::SmolStr; 3 3 use std::{ 4 4 borrow::Cow, 5 5 fmt,
+12 -12
crates/jacquard-common/src/ident_resolver.rs crates/jacquard-identity/src/resolver.rs
··· 12 12 use std::collections::BTreeMap; 13 13 use std::str::FromStr; 14 14 15 - use crate::error::TransportError; 16 - use crate::types::did_doc::Service; 17 - use crate::types::ident::AtIdentifier; 18 - use crate::types::string::AtprotoStr; 19 - use crate::types::uri::Uri; 20 - use crate::types::value::Data; 21 - use crate::{CowStr, IntoStatic}; 22 15 use bon::Builder; 23 16 use bytes::Bytes; 24 17 use http::StatusCode; 18 + use jacquard_common::error::TransportError; 19 + use jacquard_common::types::did::Did; 20 + use jacquard_common::types::did_doc::{DidDocument, Service}; 21 + use jacquard_common::types::ident::AtIdentifier; 22 + use jacquard_common::types::string::{AtprotoStr, Handle}; 23 + use jacquard_common::types::uri::Uri; 24 + use jacquard_common::types::value::{AtDataError, Data}; 25 + use jacquard_common::{CowStr, IntoStatic}; 25 26 use miette::Diagnostic; 26 27 use thiserror::Error; 27 28 use url::Url; 28 29 29 - use crate::types::did_doc::DidDocument; 30 - use crate::types::string::{Did, Handle}; 31 - use crate::types::value::AtDataError; 32 30 /// Errors that can occur during identity resolution. 33 31 /// 34 32 /// Note: when validating a fetched DID document against a requested DID, a ··· 114 112 /// mismatch). Use `into_owned()` to parse into an owned document. 115 113 #[derive(Clone)] 116 114 pub struct DidDocResponse { 115 + #[allow(missing_docs)] 117 116 pub buffer: Bytes, 117 + #[allow(missing_docs)] 118 118 pub status: StatusCode, 119 119 /// Optional DID we intended to resolve; used for validation helpers 120 120 pub requested: Option<Did<'static>>, ··· 205 205 #[serde(borrow)] 206 206 pub handle: Handle<'a>, 207 207 #[serde(borrow)] 208 - pub pds: crate::CowStr<'a>, 208 + pub pds: CowStr<'a>, 209 209 #[serde(borrow, rename = "signingKey", alias = "signing_key")] 210 - pub signing_key: crate::CowStr<'a>, 210 + pub signing_key: CowStr<'a>, 211 211 } 212 212 213 213 /// Handle → DID fallback step.
-1
crates/jacquard-common/src/lib.rs
··· 16 16 pub mod error; 17 17 /// HTTP client abstraction used by jacquard crates. 18 18 pub mod http_client; 19 - pub mod ident_resolver; 20 19 pub mod macros; 21 20 /// Generic session storage traits and utilities. 22 21 pub mod session;
+35
crates/jacquard-identity/Cargo.toml
··· 1 + [package] 2 + name = "jacquard-identity" 3 + edition.workspace = true 4 + version.workspace = true 5 + authors.workspace = true 6 + repository.workspace = true 7 + keywords.workspace = true 8 + categories.workspace = true 9 + readme.workspace = true 10 + exclude.workspace = true 11 + homepage.workspace = true 12 + license.workspace = true 13 + description.workspace = true 14 + 15 + [features] 16 + dns = ["dep:hickory-resolver"] 17 + 18 + [dependencies] 19 + async-trait = "0.1.89" 20 + bon.workspace = true 21 + bytes.workspace = true 22 + jacquard-common = { version = "0.2", path = "../jacquard-common" } 23 + percent-encoding = "2.3.2" 24 + reqwest.workspace = true 25 + url.workspace = true 26 + tokio = { version = "1", features = ["macros", "rt-multi-thread", "fs"] } 27 + hickory-resolver = { optional = true, version = "0.24", default-features = false, features = ["system-config", "tokio-runtime"]} 28 + serde.workspace = true 29 + serde_json.workspace = true 30 + thiserror.workspace = true 31 + miette.workspace = true 32 + http.workspace = true 33 + jacquard-api = { version = "0.2.0", path = "../jacquard-api" } 34 + serde_html_form.workspace = true 35 + urlencoding = "2.1.3"
+3 -1
crates/jacquard-oauth/Cargo.toml
··· 29 29 async-trait = "0.1.89" 30 30 dashmap = "6.1.0" 31 31 tokio = { version = "1.47.1", features = ["sync"] } 32 - bon = "3.8.0" 32 + 33 33 reqwest.workspace = true 34 + trait-variant.workspace = true 35 + jacquard-identity = { version = "0.2.0", path = "../jacquard-identity" }
+1 -1
crates/jacquard-oauth/src/atproto.rs
··· 5 5 use jacquard_common::CowStr; 6 6 use serde::{Deserialize, Serialize}; 7 7 use thiserror::Error; 8 - use url::{Host, Url}; 8 + use url::Url; 9 9 10 10 #[derive(Error, Debug)] 11 11 pub enum Error {
-13
crates/jacquard-oauth/src/dpop.rs
··· 63 63 { 64 64 DpopCall::client(self, data_source) 65 65 } 66 - 67 - async fn wrap_with_dpop<'r, D>( 68 - &'r self, 69 - is_to_auth_server: bool, 70 - data_source: &'r mut D, 71 - request: Request<Vec<u8>>, 72 - ) -> Result<Response<Vec<u8>>> 73 - where 74 - Self: Sized, 75 - D: DpopDataSource, 76 - { 77 - wrap_request_with_dpop(self, data_source, is_to_auth_server, request).await 78 - } 79 66 } 80 67 81 68 pub struct DpopCall<'r, C: HttpClient, D: DpopDataSource> {
+13 -17
crates/jacquard-oauth/src/request.rs
··· 1 - use chrono::{DateTime, FixedOffset, TimeDelta, Utc}; 1 + use chrono::{TimeDelta, Utc}; 2 2 use http::{Method, Request, StatusCode}; 3 3 use jacquard_common::{ 4 4 CowStr, IntoStatic, 5 5 cowstr::ToCowStr, 6 6 http_client::HttpClient, 7 - ident_resolver::{IdentityError, IdentityResolver}, 8 7 session::SessionStoreError, 9 8 types::{ 10 9 did::Did, 11 10 string::{AtStrError, Datetime}, 12 11 }, 13 12 }; 14 - use jose_jwk::Key; 15 - use serde::{Serialize, de::DeserializeOwned}; 13 + use jacquard_identity::resolver::IdentityError; 14 + use serde::Serialize; 16 15 use serde_json::Value; 17 16 use smol_str::ToSmolStr; 18 - use std::sync::Arc; 19 17 use thiserror::Error; 20 - use url::Url; 21 18 22 19 use crate::{ 23 20 FALLBACK_ALG, 24 - atproto::{AtprotoClientMetadata, atproto_client_metadata}, 25 - dpop::{DpopClient, DpopExt}, 21 + atproto::atproto_client_metadata, 22 + dpop::DpopExt, 26 23 jose::jwt::{RegisteredClaims, RegisteredClaimsAud}, 27 24 keyset::Keyset, 28 25 resolver::OAuthResolver, ··· 424 421 } 425 422 } 426 423 424 + #[inline] 427 425 fn endpoint_for_req<'a, 'r>( 428 426 server_metadata: &'r OAuthAuthorizationServerMetadata<'a>, 429 427 request: &'r OAuthRequest, ··· 438 436 } 439 437 } 440 438 441 - fn build_oauth_req_body<'a, S>( 442 - client_assertions: ClientAssertions<'a>, 443 - parameters: S, 444 - ) -> Result<String> 439 + #[inline] 440 + fn build_oauth_req_body<'a, S>(client_assertions: ClientAuth<'a>, parameters: S) -> Result<String> 445 441 where 446 442 S: Serialize, 447 443 { ··· 454 450 } 455 451 456 452 #[derive(Debug, Clone, Default)] 457 - pub struct ClientAssertions<'a> { 453 + pub struct ClientAuth<'a> { 458 454 client_id: CowStr<'a>, 459 455 assertion_type: Option<CowStr<'a>>, // either none or `CLIENT_ASSERTION_TYPE_JWT_BEARER` 460 456 assertion: Option<CowStr<'a>>, 461 457 } 462 458 463 - impl<'s> ClientAssertions<'s> { 459 + impl<'s> ClientAuth<'s> { 464 460 pub fn new_id(client_id: CowStr<'s>) -> Self { 465 461 Self { 466 462 client_id, ··· 474 470 keyset: Option<&Keyset>, 475 471 server_metadata: &OAuthAuthorizationServerMetadata<'a>, 476 472 client_metadata: &OAuthClientMetadata<'a>, 477 - ) -> Result<ClientAssertions<'a>> { 473 + ) -> Result<ClientAuth<'a>> { 478 474 let method_supported = server_metadata 479 475 .token_endpoint_auth_methods_supported 480 476 .as_ref(); ··· 494 490 .unwrap_or(vec![FALLBACK_ALG.into()]); 495 491 algs.sort_by(compare_algos); 496 492 let iat = Utc::now().timestamp(); 497 - return Ok(ClientAssertions { 493 + return Ok(ClientAuth { 498 494 client_id: client_id.clone(), 499 495 assertion_type: Some(CowStr::new_static(CLIENT_ASSERTION_TYPE_JWT_BEARER)), 500 496 assertion: Some( ··· 526 522 .as_ref() 527 523 .is_some_and(|v| v.contains(&CowStr::new_static("none"))) => 528 524 { 529 - return Ok(ClientAssertions::new_id(client_id)); 525 + return Ok(ClientAuth::new_id(client_id)); 530 526 } 531 527 _ => {} 532 528 }
+1 -5
crates/jacquard-oauth/src/resolver.rs
··· 1 1 use crate::types::{OAuthAuthorizationServerMetadata, OAuthProtectedResourceMetadata}; 2 2 use http::{Request, StatusCode}; 3 3 use jacquard_common::IntoStatic; 4 - use jacquard_common::ident_resolver::{IdentityError, IdentityResolver}; 5 4 use jacquard_common::types::did_doc::DidDocument; 6 5 use jacquard_common::types::ident::AtIdentifier; 7 6 use jacquard_common::{http_client::HttpClient, types::did::Did}; 8 - use sha2::digest::const_oid::Arc; 7 + use jacquard_identity::resolver::{IdentityError, IdentityResolver}; 9 8 use url::Url; 10 9 11 10 #[derive(thiserror::Error, Debug, miette::Diagnostic)] ··· 160 159 Ok(as_metadata) 161 160 } 162 161 } 163 - 164 - #[async_trait::async_trait] 165 - impl<T: OAuthResolver + Sync + Send> OAuthResolver for std::sync::Arc<T> {} 166 162 167 163 pub async fn resolve_authorization_server<T: HttpClient + ?Sized>( 168 164 client: &T,
+2 -1
crates/jacquard-oauth/src/session.rs
··· 308 308 return Ok(session); 309 309 } 310 310 } 311 - let metadata = OAuthMetadata::new(&self.client, &self.client_data, &session).await?; 311 + let metadata = 312 + OAuthMetadata::new(self.client.as_ref(), &self.client_data, &session).await?; 312 313 session = refresh(self.client.as_ref(), session, &metadata).await?; 313 314 self.store.upsert_session(session.clone()).await?; 314 315
+1 -2
crates/jacquard-oauth/src/utils.rs
··· 1 1 use base64::Engine; 2 2 use base64::engine::general_purpose::URL_SAFE_NO_PAD; 3 3 use elliptic_curve::SecretKey; 4 - use jacquard_common::{CowStr, IntoStatic, cowstr::ToCowStr}; 4 + use jacquard_common::CowStr; 5 5 use jose_jwk::{Key, crypto}; 6 6 use rand::{CryptoRng, RngCore, rngs::ThreadRng}; 7 7 use sha2::{Digest, Sha256}; 8 - use smol_str::ToSmolStr; 9 8 use std::cmp::Ordering; 10 9 11 10 use crate::{FALLBACK_ALG, types::OAuthAuthorizationServerMetadata};
+2 -2
crates/jacquard/Cargo.toml
··· 16 16 derive = ["dep:jacquard-derive"] 17 17 api = ["jacquard-api/com_atproto"] 18 18 api_all = ["api", "jacquard-api/app_bsky", "jacquard-api/chat_bsky", "jacquard-api/tools_ozone"] 19 - dns = ["dep:hickory-resolver", "jacquard-common/dns"] 19 + dns = ["jacquard-identity/dns"] 20 20 fancy = ["miette/fancy"] 21 21 loopback = ["dep:rouille"] 22 22 ··· 47 47 serde_json.workspace = true 48 48 thiserror.workspace = true 49 49 tokio = { version = "1", features = ["macros", "rt-multi-thread", "fs"] } 50 - hickory-resolver = { version = "0.24", default-features = false, features = ["system-config", "tokio-runtime"], optional = true } 51 50 url.workspace = true 52 51 smol_str.workspace = true 53 52 percent-encoding = "2" ··· 56 55 p256 = { version = "0.13", features = ["ecdsa"] } 57 56 rand_core = "0.6" 58 57 rouille = { version = "3.6.2", optional = true } 58 + jacquard-identity = { version = "0.2.0", path = "../jacquard-identity" }
+3 -5
crates/jacquard/src/client.rs
··· 21 21 pub use token::FileTokenStore; 22 22 use url::Url; 23 23 24 - use p256::SecretKey; 25 - 26 24 // Note: Stateless and stateful XRPC clients are implemented in xrpc_call.rs and at_client.rs 27 25 28 26 pub(crate) const NSID_REFRESH_SESSION: &str = "com.atproto.server.refreshSession"; ··· 133 131 #[derive(Debug, Clone)] 134 132 pub enum AuthSession { 135 133 AppPassword(AtpSession), 136 - OAuth(jacquard_oauth::session::OauthSession<'static>), 134 + OAuth(jacquard_oauth::session::ClientSessionData<'static>), 137 135 } 138 136 139 137 impl AuthSession { ··· 187 185 } 188 186 } 189 187 190 - impl From<jacquard_oauth::session::OauthSession<'static>> for AuthSession { 191 - fn from(session: jacquard_oauth::session::OauthSession<'static>) -> Self { 188 + impl From<jacquard_oauth::session::ClientSessionData<'static>> for AuthSession { 189 + fn from(session: jacquard_oauth::session::ClientSessionData<'static>) -> Self { 192 190 AuthSession::OAuth(session) 193 191 } 194 192 }
+1 -1
crates/jacquard/src/client/at_client.rs
··· 13 13 14 14 use jacquard_common::types::xrpc::{XrpcRequest, build_http_request}; 15 15 16 - use crate::client::{AtpSession, AuthSession, FileTokenStore, NSID_REFRESH_SESSION}; 16 + use crate::client::{AtpSession, AuthSession, NSID_REFRESH_SESSION}; 17 17 18 18 /// Per-call overrides when sending via `AtClient`. 19 19 #[derive(Debug, Default, Clone)]
+11 -10
crates/jacquard/src/identity.rs crates/jacquard-identity/src/lib.rs
··· 12 12 //! and optionally validate the document `id` against the requested DID. 13 13 14 14 // use crate::CowStr; // not currently needed directly here 15 + pub mod resolver; 15 16 17 + use crate::resolver::{ 18 + DidDocResponse, DidStep, HandleStep, IdentityError, IdentityResolver, MiniDoc, PlcSource, 19 + ResolverOptions, 20 + }; 16 21 use bytes::Bytes; 17 - use jacquard_common::IntoStatic; 22 + use jacquard_api::com_atproto::identity::resolve_did; 23 + use jacquard_api::com_atproto::identity::resolve_handle::ResolveHandle; 18 24 use jacquard_common::error::TransportError; 19 25 use jacquard_common::http_client::HttpClient; 20 - use jacquard_common::ident_resolver::{ 21 - DidDocResponse, DidStep, HandleStep, IdentityError, IdentityResolver, MiniDoc, PlcSource, 22 - ResolverOptions, 23 - }; 26 + use jacquard_common::types::did::Did; 27 + use jacquard_common::types::did_doc::DidDocument; 28 + use jacquard_common::types::ident::AtIdentifier; 24 29 use jacquard_common::types::xrpc::XrpcExt; 30 + use jacquard_common::{IntoStatic, types::string::Handle}; 25 31 use percent_encoding::percent_decode_str; 26 32 use reqwest::StatusCode; 27 33 use url::{ParseError, Url}; 28 - 29 - use crate::api::com_atproto::identity::{resolve_did, resolve_handle::ResolveHandle}; 30 - use crate::types::did_doc::DidDocument; 31 - use crate::types::ident::AtIdentifier; 32 - use crate::types::string::{Did, Handle}; 33 34 34 35 #[cfg(feature = "dns")] 35 36 use hickory_resolver::{TokioAsyncResolver, config::ResolverConfig};
+1 -2
crates/jacquard/src/lib.rs
··· 174 174 /// if enabled, reexport the attribute macros 175 175 pub use jacquard_derive::*; 176 176 177 - /// Identity resolution helpers (DIDs, handles, PDS endpoints) 178 - pub mod identity; 177 + pub use jacquard_identity as identity;
+1 -1
crates/jacquard/src/main.rs
··· 3 3 use jacquard::api::app_bsky::feed::get_timeline::GetTimeline; 4 4 use jacquard::api::com_atproto::server::create_session::CreateSession; 5 5 use jacquard::client::{AtpSession, AuthSession, BasicClient}; 6 - use jacquard::ident_resolver::IdentityResolver; 6 + use jacquard::identity::resolver::IdentityResolver; 7 7 use jacquard::identity::slingshot_resolver_default; 8 8 use jacquard::types::string::Handle; 9 9 use miette::IntoDiagnostic;