stream.place
Live video on the AT Protocol
improve atproto data model, allow multiple signing keys
Closes #81, #77
See merge request streamplace/streamplace!88
Changelog: feature
+433
-228
+14
-1
js/app/components/aqlink.tsx
+14
-1
js/app/components/aqlink.tsx
···
2
2
import { NavigationProp, ParamListBase } from "@react-navigation/native";
3
3
import usePlatform from "hooks/usePlatform";
4
4
import { Pressable, StyleProp, ViewStyle } from "react-native";
5
+
import Loading from "./loading/loading";
6
+
import { useEffect } from "react";
7
+
8
+
export type LinkParams = { screen: string; params?: Record<string, string> };
5
9
6
10
// Web and native have some disagreements about link styling
7
11
// so we have a custom component that handles that
···
11
15
style,
12
16
}: {
13
17
children: React.ReactNode;
14
-
to: { screen: string; params?: Record<string, string> };
18
+
to: LinkParams;
15
19
style?: StyleProp<ViewStyle>;
16
20
}) {
17
21
const { isWeb } = usePlatform();
···
37
41
</Pressable>
38
42
);
39
43
}
44
+
45
+
export function Redirect({ to }: { to: LinkParams }) {
46
+
const navigation = useNavigation<NavigationProp<ParamListBase>>();
47
+
useEffect(() => {
48
+
console.log("redirecting to", to);
49
+
navigation.navigate(to.screen, to.params);
50
+
}, []);
51
+
return <Loading />;
52
+
}
+9
-1
js/app/components/provider/provider.tsx
+9
-1
js/app/components/provider/provider.tsx
···
3
3
4
4
import { LinkingOptions } from "@react-navigation/native";
5
5
import SharedProvider from "./provider.shared";
6
-
import React from "react";
6
+
import React, { useEffect } from "react";
7
7
import { WalletProvider } from "hooks/useWallet";
8
8
9
9
export default function Provider({
···
13
13
children: React.ReactNode;
14
14
linking: LinkingOptions<ReactNavigation.RootParamList>;
15
15
}) {
16
+
useEffect(() => {
17
+
// atproto requires 127.0.0.1 rather than localhost
18
+
const u = new URL(document.location.href);
19
+
if (u.hostname === "localhost") {
20
+
u.hostname = "127.0.0.1";
21
+
document.location.href = u.toString();
22
+
}
23
+
}, []);
16
24
return (
17
25
<WalletProvider>
18
26
<SharedProvider linking={linking}>{children}</SharedProvider>
+67
-58
js/app/components/stream-list/stream-list.tsx
+67
-58
js/app/components/stream-list/stream-list.tsx
···
8
8
9
9
type Segment = {
10
10
id: string;
11
-
user: string;
11
+
repoDID: string;
12
+
signingKeyDID: string;
12
13
startTime: string;
13
-
endTime: string;
14
14
repo: Repo;
15
15
};
16
16
···
19
19
handle: string;
20
20
pds: string;
21
21
version: string;
22
-
streamplaceKey: string;
23
22
rootCid: string;
24
23
};
25
24
···
85
84
/>
86
85
}
87
86
>
88
-
{streams.map((segment, i) => (
89
-
<View flex={1} key={i} alignItems="stretch">
90
-
<AQLink
91
-
to={{
92
-
screen: "Stream",
93
-
params: { user: segment.repo?.handle || segment.user },
94
-
}}
95
-
>
96
-
<View
97
-
alignItems="center"
98
-
display="flex"
99
-
position="relative"
100
-
maxWidth={400}
101
-
flexBasis="100%"
102
-
marginHorizontal="auto"
87
+
{streams.map((segment, i) => {
88
+
const user =
89
+
segment.repo?.handle || segment.repoDID || segment.signingKeyDID;
90
+
return (
91
+
<View flex={1} key={i} alignItems="stretch">
92
+
<AQLink
93
+
to={{
94
+
screen: "Stream",
95
+
params: {
96
+
user: user,
97
+
},
98
+
}}
103
99
>
104
-
<Image
105
-
f={1}
106
-
aspectRatio={16 / 9}
107
-
width="100%"
108
-
src={`${url}/api/playback/${segment.user}/stream.jpg`}
109
-
resizeMode="contain"
110
-
objectFit="contain"
111
-
/>
112
100
<View
113
-
position="absolute"
114
-
top={0}
115
-
right={0}
116
-
flexDirection="row"
117
-
justifyContent="center"
118
101
alignItems="center"
119
-
overflow="visible"
102
+
display="flex"
103
+
position="relative"
104
+
maxWidth={400}
105
+
flexBasis="100%"
106
+
marginHorizontal="auto"
120
107
>
121
-
<View position="relative">
122
-
<Text
123
-
textShadowColor="black"
124
-
textShadowOffset={{ width: -1, height: 1 }}
125
-
textShadowRadius={3}
126
-
>
127
-
LIVE
128
-
</Text>
129
-
<Text
130
-
textShadowColor="black"
131
-
textShadowOffset={{ width: 1, height: -1 }}
132
-
textShadowRadius={3}
133
-
position="absolute"
134
-
>
135
-
LIVE
136
-
</Text>
108
+
<Image
109
+
f={1}
110
+
aspectRatio={16 / 9}
111
+
width="100%"
112
+
src={`${url}/api/playback/${user}/stream.jpg`}
113
+
resizeMode="contain"
114
+
objectFit="contain"
115
+
/>
116
+
<View
117
+
position="absolute"
118
+
top={0}
119
+
right={0}
120
+
flexDirection="row"
121
+
justifyContent="center"
122
+
alignItems="center"
123
+
overflow="visible"
124
+
>
125
+
<View position="relative">
126
+
<Text
127
+
textShadowColor="black"
128
+
textShadowOffset={{ width: -1, height: 1 }}
129
+
textShadowRadius={3}
130
+
>
131
+
LIVE
132
+
</Text>
133
+
<Text
134
+
textShadowColor="black"
135
+
textShadowOffset={{ width: 1, height: -1 }}
136
+
textShadowRadius={3}
137
+
position="absolute"
138
+
>
139
+
LIVE
140
+
</Text>
141
+
</View>
142
+
<View
143
+
bg="$red10"
144
+
w={15}
145
+
h={15}
146
+
margin={5}
147
+
borderRadius="$10"
148
+
/>
137
149
</View>
138
-
<View bg="$red10" w={15} h={15} margin={5} borderRadius="$10" />
150
+
<H6>
151
+
{segment.repo?.handle ? `@${segment.repo.handle}` : user}
152
+
</H6>
139
153
</View>
140
-
<H6>
141
-
{segment.repo?.handle
142
-
? `@${segment.repo.handle}`
143
-
: segment.user}
144
-
</H6>
145
-
</View>
146
-
</AQLink>
147
-
</View>
148
-
))}
154
+
</AQLink>
155
+
</View>
156
+
);
157
+
})}
149
158
<View f={1} justifyContent="center" alignItems="center">
150
159
{streams.length === 0 && <H6>No one is streaming right now 😭</H6>}
151
160
</View>
+24
js/app/features/bluesky/blueskySlice.tsx
+24
js/app/features/bluesky/blueskySlice.tsx
···
10
10
import { privateKeyToAccount } from "viem/accounts";
11
11
import { StreamKey } from "features/base/baseSlice";
12
12
import { hydrate, STORED_KEY_KEY } from "features/base/baseSlice";
13
+
import { isWeb } from "tamagui";
13
14
14
15
export interface BlueskyState {
15
16
status: "start" | "loggedIn" | "loggedOut";
···
51
52
storedKey: null,
52
53
};
53
54
55
+
// clear atproto login query params from url
56
+
const clearQueryParams = () => {
57
+
if (!isWeb) {
58
+
return;
59
+
}
60
+
const u = new URL(document.location.href);
61
+
const params = new URLSearchParams(u.search);
62
+
if (u.search === "") {
63
+
return;
64
+
}
65
+
params.delete("iss");
66
+
params.delete("state");
67
+
params.delete("code");
68
+
u.search = params.toString();
69
+
window.history.replaceState(null, "", u.toString());
70
+
};
71
+
54
72
export const blueskySlice = createAppSlice({
55
73
name: "bluesky",
56
74
initialState,
···
91
109
}
92
110
return {
93
111
...state,
112
+
status: "loggedOut",
94
113
client: client,
95
114
};
96
115
},
···
197
216
// state.status = "loading";
198
217
},
199
218
fulfilled: (state, action) => {
219
+
clearQueryParams();
200
220
return {
201
221
...state,
222
+
status: "loggedIn",
202
223
profiles: {
203
224
...state.profiles,
204
225
[action.meta.arg]: action.payload.data,
···
206
227
};
207
228
},
208
229
rejected: (state, action) => {
230
+
clearQueryParams();
209
231
console.error("getProfile rejected", action.error);
210
232
// state.status = "failed";
211
233
},
···
366
388
};
367
389
const record = {
368
390
signingKey: keypair.did(),
391
+
createdAt: new Date().toISOString(),
369
392
};
370
393
await bluesky.pdsAgent.com.atproto.repo.createRecord({
371
394
repo: did,
···
495
518
selectPDS,
496
519
selectLogin,
497
520
selectStoredKey,
521
+
selectIsReady,
498
522
} = blueskySlice.selectors;
+4
-1
js/app/src/router.tsx
+4
-1
js/app/src/router.tsx
···
149
149
150
150
export function StreamplaceDrawer() {
151
151
const theme = useTheme();
152
-
const { isWeb, isElectron } = usePlatform();
152
+
const { isWeb, isElectron, isNative, isBrowser } = usePlatform();
153
153
const navigation = useNavigation();
154
154
const dispatch = useAppDispatch();
155
155
useEffect(() => {
···
215
215
options={{
216
216
drawerLabel: () => <Text>What's Streamplace?</Text>,
217
217
drawerIcon: () => <ShieldQuestion />,
218
+
drawerItemStyle: isNative ? { display: "none" } : undefined,
218
219
}}
219
220
/>
220
221
<Drawer.Screen
···
223
224
options={{
224
225
drawerLabel: () => <Text>Download</Text>,
225
226
drawerIcon: () => <Download />,
227
+
drawerItemStyle: isBrowser ? undefined : { display: "none" },
226
228
}}
227
229
/>
228
230
<Drawer.Screen
···
247
249
options={{
248
250
drawerLabel: () => <Text>Go Live</Text>,
249
251
drawerIcon: () => <Video />,
252
+
drawerItemStyle: isNative ? { display: "none" } : undefined,
250
253
}}
251
254
/>
252
255
<Drawer.Screen
+15
-1
js/app/src/screens/live.tsx
+15
-1
js/app/src/screens/live.tsx
···
1
1
import { Camera, FerrisWheel } from "@tamagui/lucide-icons";
2
-
import AQLink from "components/aqlink";
2
+
import AQLink, { Redirect } from "components/aqlink";
3
+
import Loading from "components/loading/loading";
4
+
import {
5
+
selectIsReady,
6
+
selectUserProfile,
7
+
} from "features/bluesky/blueskySlice";
3
8
import React from "react";
9
+
import { useAppSelector } from "store/hooks";
4
10
import { H6, Text, View } from "tamagui";
5
11
const elems = [
6
12
{
···
16
22
];
17
23
18
24
export default function StreamScreen({ route }) {
25
+
const isReady = useAppSelector(selectIsReady);
26
+
if (!isReady) {
27
+
return <Loading />;
28
+
}
29
+
const userProfile = useAppSelector(selectUserProfile);
30
+
if (!userProfile) {
31
+
return <Redirect to={{ screen: "Login" }} />;
32
+
}
19
33
return (
20
34
<View f={1} jc="space-around" ai="stretch" padding="$3" flexDirection="row">
21
35
<View f={1} maxWidth={250} alignItems="stretch" justifyContent="center">
+9
-1
js/app/src/screens/stream-key.tsx
+9
-1
js/app/src/screens/stream-key.tsx
···
4
4
clearStreamKeyRecord,
5
5
createStreamKeyRecord,
6
6
selectUserProfile,
7
+
selectIsReady,
7
8
} from "features/bluesky/blueskySlice";
8
9
import { useEffect, useState } from "react";
9
10
import { useAppDispatch, useAppSelector } from "store/hooks";
10
11
import { View, Paragraph, Button, Text } from "tamagui";
11
-
12
+
import { Redirect } from "components/aqlink";
12
13
const Row = ({ children }: { children: React.ReactNode }) => {
13
14
return (
14
15
<View w="100%" f={1} fd="row" padding="$4">
···
34
35
};
35
36
36
37
export default function StreamKeyScreen() {
38
+
const isReady = useAppSelector(selectIsReady);
39
+
if (!isReady) {
40
+
return <Loading />;
41
+
}
37
42
const userProfile = useAppSelector(selectUserProfile);
43
+
if (!userProfile) {
44
+
return <Redirect to={{ screen: "Login" }} />;
45
+
}
38
46
const url = useAppSelector((state) => state.streamplace.url);
39
47
40
48
if (!userProfile) {
+15
js/app/src/screens/webcam.tsx
+15
js/app/src/screens/webcam.tsx
···
1
1
import { Player } from "components/player/player";
2
2
import { queryToProps } from "./util";
3
+
import Loading from "components/loading/loading";
4
+
import {
5
+
selectIsReady,
6
+
selectUserProfile,
7
+
} from "features/bluesky/blueskySlice";
8
+
import { useAppSelector } from "store/hooks";
9
+
import { Redirect } from "components/aqlink";
3
10
4
11
export default function StreamScreen() {
12
+
const isReady = useAppSelector(selectIsReady);
13
+
if (!isReady) {
14
+
return <Loading />;
15
+
}
16
+
const userProfile = useAppSelector(selectUserProfile);
17
+
if (!userProfile) {
18
+
return <Redirect to={{ screen: "Login" }} />;
19
+
}
5
20
const params = new URLSearchParams(window.location.search);
6
21
return <Player ingest={true} src="live" {...queryToProps(params)} />;
7
22
}
+2
js/desktop/src/tests/sync-test.ts
+2
js/desktop/src/tests/sync-test.ts
+11
-1
pkg/api/api.go
+11
-1
pkg/api/api.go
···
414
414
apierrors.WriteHTTPInternalServerError(w, "could not resolve streamplace key", err)
415
415
return
416
416
}
417
-
w.Write([]byte(key))
417
+
signingKeys, err := a.Model.GetSigningKeysForRepo(key.DID)
418
+
if err != nil {
419
+
apierrors.WriteHTTPInternalServerError(w, "could not get signing keys", err)
420
+
return
421
+
}
422
+
bs, err := json.Marshal(signingKeys)
423
+
if err != nil {
424
+
apierrors.WriteHTTPInternalServerError(w, "could not marshal signing keys", err)
425
+
return
426
+
}
427
+
w.Write(bs)
418
428
}
419
429
}
420
430
+6
-8
pkg/api/playback.go
+6
-8
pkg/api/playback.go
···
30
30
if ok {
31
31
user = alias
32
32
}
33
-
user = strings.ToLower(user)
34
-
// streamplace signing key
35
-
if strings.HasPrefix(user, "0x") {
33
+
// did:key, pass through unaltered
34
+
if strings.HasPrefix(user, atproto.DID_KEY_PREFIX) {
36
35
return user, nil
37
36
}
38
-
// assume bluesky handle
39
-
key, err := atproto.SyncBlueskyRepoCached(ctx, user, a.Model)
37
+
// only other allowed case is a bluesky handle
38
+
repo, err := atproto.SyncBlueskyRepoCached(ctx, user, a.Model)
40
39
if err != nil {
41
40
return "", err
42
41
}
43
-
return key, nil
42
+
return repo.DID, nil
44
43
}
45
44
46
45
func (a *StreamplaceAPI) HandleMP4Playback(ctx context.Context) httprouter.Handle {
···
198
197
var signer crypto.Signer = key.ToECDSA()
199
198
200
199
did := string(didBytes)
201
-
fmt.Println("did", did)
202
200
203
-
mediaSigner, err := media.MakeMediaSigner(ctx, a.CLI, "fixme-media-signer", signer, a.Model)
201
+
mediaSigner, err := media.MakeMediaSigner(ctx, a.CLI, did, signer, a.Model)
204
202
if err != nil {
205
203
errors.WriteHTTPUnauthorized(w, "invalid authorization key (not valid secp256k1)", err)
206
204
return
+61
-58
pkg/atproto/atproto.go
+61
-58
pkg/atproto/atproto.go
···
6
6
"fmt"
7
7
"strings"
8
8
"sync"
9
+
"time"
9
10
10
-
"stream.place/streamplace/pkg/aqhttp"
11
-
"stream.place/streamplace/pkg/crypto/aqpub"
12
-
"stream.place/streamplace/pkg/log"
13
-
"stream.place/streamplace/pkg/model"
14
11
comatproto "github.com/bluesky-social/indigo/api/atproto"
15
12
atcrypto "github.com/bluesky-social/indigo/atproto/crypto"
16
13
"github.com/bluesky-social/indigo/atproto/identity"
···
21
18
"github.com/ipfs/go-cid"
22
19
"github.com/ipfs/go-datastore"
23
20
blockstore "github.com/ipfs/go-ipfs-blockstore"
21
+
"stream.place/streamplace/pkg/aqhttp"
22
+
"stream.place/streamplace/pkg/log"
23
+
"stream.place/streamplace/pkg/model"
24
24
)
25
25
26
26
var SyncGetRepo = comatproto.SyncGetRepo
···
52
52
return lock
53
53
}
54
54
55
-
func SyncBlueskyRepoCached(ctx context.Context, handle string, mod model.Model) (string, error) {
56
-
repo, err := mod.GetRepoByHandle(handle)
55
+
func SyncBlueskyRepoCached(ctx context.Context, handle string, mod model.Model) (*model.Repo, error) {
56
+
repo, err := mod.GetRepoByHandleOrDID(handle)
57
57
if err != nil {
58
-
return "", fmt.Errorf("failed to get repo for %s: %w", handle, err)
58
+
return nil, fmt.Errorf("failed to get repo for %s: %w", handle, err)
59
59
}
60
60
if repo != nil {
61
-
return repo.SigningKey, nil
61
+
return repo, nil
62
62
}
63
63
return SyncBlueskyRepo(ctx, handle, mod)
64
64
}
65
65
66
-
func SyncBlueskyRepo(ctx context.Context, handle string, mod model.Model) (string, error) {
66
+
func SyncBlueskyRepo(ctx context.Context, handle string, mod model.Model) (*model.Repo, error) {
67
+
ctx = log.WithLogValues(ctx, "func", "SyncBlueskyRepo")
67
68
// Get handle-specific lock and ensure synchronized access
68
-
handleLock := getHandleLock(handle)
69
-
handleLock.Lock()
70
-
defer handleLock.Unlock()
71
69
72
70
ident, err := ResolveIdent(ctx, handle)
73
71
if err != nil {
74
-
return "", fmt.Errorf("failed to resolve Bluesky handle %s: %w", handle, err)
72
+
return nil, fmt.Errorf("failed to resolve Bluesky handle %s: %w", handle, err)
75
73
}
76
74
75
+
handleLock := getHandleLock(ident.DID.String())
76
+
handleLock.Lock()
77
+
defer handleLock.Unlock()
78
+
77
79
rev := ""
78
80
oldRepo, err := mod.GetRepo(ident.DID.String())
79
81
if err != nil {
80
-
return "", fmt.Errorf("failed to get DID record for %s: %w", ident.DID.String(), err)
82
+
return nil, fmt.Errorf("failed to get DID record for %s: %w", ident.DID.String(), err)
81
83
}
82
84
if oldRepo != nil {
83
85
log.Log(ctx, "found existing DID record", "did", oldRepo.DID, "version", oldRepo.Version)
···
90
92
Client: &aqhttp.Client,
91
93
}
92
94
if xrpcc.Host == "" {
93
-
return "", fmt.Errorf("no PDS endpoint found for Bluesky identity %s", handle)
95
+
return nil, fmt.Errorf("no PDS endpoint found for Bluesky identity %s", handle)
94
96
}
95
97
repoBytes, err := SyncGetRepo(ctx, &xrpcc, ident.DID.String(), rev)
96
98
if err != nil {
97
-
return "", fmt.Errorf("failed to fetch repo for %s from PDS %s: %w", ident.DID.String(), xrpcc.Host, err)
99
+
return nil, fmt.Errorf("failed to fetch repo for %s from PDS %s: %w", ident.DID.String(), xrpcc.Host, err)
98
100
}
99
101
100
102
// uncomment for saving new test cases:
···
104
106
// encodedBytes := base64.URLEncoding.EncodeToString(repoBytes)
105
107
// err = os.WriteFile(filename, []byte(encodedBytes), 0644)
106
108
// if err != nil {
107
-
// return "", fmt.Errorf("failed to write encoded repo bytes to file: %w", err)
109
+
// return nil, fmt.Errorf("failed to write encoded repo bytes to file: %w", err)
108
110
// }
109
111
110
112
log.Log(ctx, "got diff", "bytes", len(repoBytes))
···
112
114
bs := blockstore.NewBlockstore(datastore.NewMapDatastore())
113
115
root, err := repo.IngestRepo(ctx, bs, bytes.NewReader(repoBytes))
114
116
if err != nil {
115
-
return "", fmt.Errorf("failed to ingest repo for %s: %w", ident.DID.String(), err)
117
+
return nil, fmt.Errorf("failed to ingest repo for %s: %w", ident.DID.String(), err)
116
118
}
117
119
log.Log(ctx, "ingested repo", "root", root)
118
120
if oldRepo != nil {
119
121
oldRoot, err := cid.Decode(oldRepo.RootCID)
120
122
if err != nil {
121
-
return "", fmt.Errorf("failed to decode old root CID for %s: %w", ident.DID.String(), err)
123
+
return nil, fmt.Errorf("failed to decode old root CID for %s: %w", ident.DID.String(), err)
122
124
}
123
125
if oldRoot.Equals(root) {
124
126
log.Log(ctx, "no changes to repo", "root", root)
125
-
return oldRepo.SigningKey, nil
127
+
return oldRepo, nil
126
128
}
127
129
}
128
130
129
131
r, err := repo.ReadRepoFromCar(ctx, bytes.NewReader(repoBytes))
130
132
if err != nil {
131
-
return "", fmt.Errorf("failed to parse repo CAR data for %s: %w", ident.DID.String(), err)
133
+
return nil, fmt.Errorf("failed to parse repo CAR data for %s: %w", ident.DID.String(), err)
132
134
}
133
135
134
136
// extract DID from repo commit
135
137
sc := r.SignedCommit()
136
138
signerDID, err := syntax.ParseDID(sc.Did)
137
139
if err != nil {
138
-
return "", fmt.Errorf("invalid DID in repo commit for %s: %w", ident.DID.String(), err)
140
+
return nil, fmt.Errorf("invalid DID in repo commit for %s: %w", ident.DID.String(), err)
139
141
}
140
142
if signerDID != ident.DID {
141
-
return "", fmt.Errorf("signer DID %s does not match identity %s", signerDID, ident.DID.String())
143
+
return nil, fmt.Errorf("signer DID %s does not match identity %s", signerDID, ident.DID.String())
142
144
}
143
145
144
146
processed := 0
145
-
var key string
146
-
if oldRepo != nil {
147
-
key = oldRepo.SigningKey
148
-
}
149
147
bs = r.Blockstore()
150
148
cst := util.CborStore(bs)
151
149
allKeys, err := bs.AllKeysChan(ctx)
152
150
if err != nil {
153
-
return "", fmt.Errorf("failed to get all keys: %w", err)
151
+
return nil, fmt.Errorf("failed to get all keys: %w", err)
154
152
}
153
+
signingKeys := []string{}
155
154
for k := range allKeys {
156
-
log.Log(ctx, "processing key", "key", k)
155
+
log.Debug(ctx, "processing key", "key", k)
157
156
rec := map[string]any{}
158
157
err := cst.Get(ctx, k, &rec)
159
158
if err != nil {
160
-
return "", fmt.Errorf("failed to get block for key %s: %w", k, err)
159
+
return nil, fmt.Errorf("failed to get block for key %s: %w", k, err)
161
160
}
162
-
log.Log(ctx, "got block", "key", k, "size", len(rec))
161
+
log.Debug(ctx, "got block", "key", k, "size", len(rec), "record", rec)
163
162
typ, ok := rec["$type"]
164
163
if !ok {
165
164
continue
···
176
175
if !ok {
177
176
continue
178
177
}
179
-
key = streamplaceKey
178
+
signingKeys = append(signingKeys, streamplaceKey)
180
179
}
181
-
log.Log(ctx, "processed new posts", "postCount", processed)
180
+
log.Log(ctx, "processed new posts", "postCount", processed, "signingKeys", signingKeys)
182
181
183
-
var aqk aqpub.Pub
184
-
if strings.HasPrefix(key, DID_KEY_PREFIX) {
185
-
pubKey, err := atcrypto.ParsePublicDIDKey(key)
182
+
for _, key := range signingKeys {
183
+
err := parseSigningKey(ctx, key)
186
184
if err != nil {
187
-
return "", fmt.Errorf("failed to parse multibase key %s: %w", key, err)
188
-
}
189
-
aqk, err = aqpub.FromBytes(pubKey.UncompressedBytes())
190
-
if err != nil {
191
-
return "", fmt.Errorf("failed to parse public key for %s: %w", handle, err)
185
+
log.Warn(ctx, "ignoring non-DID key", "key", key, "error", err)
186
+
continue
192
187
}
193
-
} else if strings.HasPrefix(key, ADDRESS_KEY_PREFIX) {
194
-
aqk, err = aqpub.FromHexString(key)
188
+
err = mod.UpdateSigningKey(&model.SigningKey{
189
+
DID: key,
190
+
CreatedAt: time.Now(),
191
+
RepoDID: ident.DID.String(),
192
+
})
195
193
if err != nil {
196
-
return "", fmt.Errorf("failed to parse public key for %s: %w", handle, err)
194
+
return nil, fmt.Errorf("failed to create signing key for %s: %w", key, err)
197
195
}
198
-
} else {
199
-
return "", fmt.Errorf("invalid key format for %s: %s", handle, key)
200
196
}
201
-
if err != nil {
202
-
return "", fmt.Errorf("failed to parse public key for %s: %w", handle, err)
203
-
}
204
-
addr := aqk.String()
197
+
205
198
newRepo := model.Repo{
206
-
DID: ident.DID.String(),
207
-
PDS: ident.PDSEndpoint(),
208
-
Version: sc.Rev,
209
-
SigningKey: addr,
210
-
RootCID: root.String(),
211
-
Handle: handle,
199
+
DID: ident.DID.String(),
200
+
PDS: ident.PDSEndpoint(),
201
+
Version: sc.Rev,
202
+
RootCID: root.String(),
203
+
Handle: ident.Handle.String(),
212
204
}
213
205
err = mod.UpdateRepo(&newRepo)
214
206
if err != nil {
215
-
return "", fmt.Errorf("failed to update DID record for %s: %w", sc.Did, err)
207
+
return nil, fmt.Errorf("failed to update DID record for %s: %w", sc.Did, err)
216
208
}
217
209
218
-
return addr, nil
210
+
return &newRepo, nil
211
+
}
212
+
213
+
func parseSigningKey(ctx context.Context, key string) error {
214
+
if !strings.HasPrefix(key, DID_KEY_PREFIX) {
215
+
return fmt.Errorf("invalid key format for DID key: %s", key)
216
+
}
217
+
_, err := atcrypto.ParsePublicDIDKey(key)
218
+
if err != nil {
219
+
return fmt.Errorf("failed to parse multibase key %s: %w", key, err)
220
+
}
221
+
return nil
219
222
}
220
223
221
224
var ResolveIdent = resolveIdent
+38
-32
pkg/atproto/atproto_test.go
+38
-32
pkg/atproto/atproto_test.go
···
15
15
)
16
16
17
17
func TestKeyResolution(t *testing.T) {
18
-
// i wrote these tests before i renamed this and i don't wanna re-export, okay?
19
-
oldStreamplaceCollection := STREAMPLACE_COLLECTION
20
-
oldStreamplaceKey := STREAMPLACE_SIGNING_KEY
21
-
defer func() { STREAMPLACE_COLLECTION = oldStreamplaceCollection }()
22
-
defer func() { STREAMPLACE_SIGNING_KEY = oldStreamplaceKey }()
23
-
STREAMPLACE_COLLECTION = "app.bsky.feed.post"
24
-
STREAMPLACE_SIGNING_KEY = "aquareumKey"
25
-
26
18
dir, err := os.MkdirTemp("", "atproto-test-*")
27
19
require.NoError(t, err)
28
20
defer os.RemoveAll(dir)
···
45
37
46
38
// full sync
47
39
SyncGetRepo = MockSyncGetRepo(fullSync)
48
-
k, err := SyncBlueskyRepo(context.Background(), "streamplace.bsky.social", mod)
40
+
repo, err := SyncBlueskyRepo(context.Background(), "streamplace-test", mod)
49
41
require.NoError(t, err)
50
-
require.Equal(t, firstKey, k)
51
-
52
-
// empty sync
53
-
SyncGetRepo = MockSyncGetRepo(emptySync)
54
-
k, err = SyncBlueskyRepo(context.Background(), "streamplace.bsky.social", mod)
42
+
keys, err := mod.GetSigningKeysForRepo(repo.DID)
55
43
require.NoError(t, err)
56
-
require.Equal(t, firstKey, k)
44
+
require.Len(t, keys, 1)
45
+
require.Equal(t, firstKey, keys[0].DID)
57
46
58
47
// incremental sync with no changes
59
48
SyncGetRepo = MockSyncGetRepo(incrementalSyncSameKey)
60
-
k, err = SyncBlueskyRepo(context.Background(), "streamplace.bsky.social", mod)
49
+
repo, err = SyncBlueskyRepo(context.Background(), "streamplace-test", mod)
50
+
require.NoError(t, err)
51
+
keys, err = mod.GetSigningKeysForRepo(repo.DID)
61
52
require.NoError(t, err)
62
-
require.Equal(t, firstKey, k)
53
+
require.Len(t, keys, 1)
54
+
require.Equal(t, firstKey, keys[0].DID)
63
55
64
56
// incremental sync with a new streamplace key
65
57
SyncGetRepo = MockSyncGetRepo(incrementalSyncNewKey)
66
-
k, err = SyncBlueskyRepo(context.Background(), "streamplace.bsky.social", mod)
58
+
repo, err = SyncBlueskyRepo(context.Background(), "streamplace-test", mod)
67
59
require.NoError(t, err)
68
-
require.Equal(t, secondKey, k)
60
+
keys, err = mod.GetSigningKeysForRepo(repo.DID)
61
+
require.NoError(t, err)
62
+
require.Len(t, keys, 2)
63
+
require.Equal(t, firstKey, keys[0].DID)
64
+
require.Equal(t, secondKey, keys[1].DID)
65
+
66
+
// empty sync
67
+
SyncGetRepo = MockSyncGetRepo(emptySync)
68
+
repo, err = SyncBlueskyRepo(context.Background(), "streamplace-test", mod)
69
+
require.NoError(t, err)
70
+
keys, err = mod.GetSigningKeysForRepo(repo.DID)
71
+
require.NoError(t, err)
72
+
require.Len(t, keys, 2)
73
+
require.Equal(t, firstKey, keys[0].DID)
74
+
require.Equal(t, secondKey, keys[1].DID)
69
75
}
70
76
71
77
func MockSyncGetRepo(res string) func(ctx context.Context, xrpcc *xrpc.Client, did string, rev string) ([]byte, error) {
···
78
84
}
79
85
}
80
86
81
-
// captured from streamplace.bsky.social pds
87
+
// captured from plc.directory
82
88
var didDoc = []byte(`
83
89
{
84
90
"@context": [
···
87
93
"https://w3id.org/security/suites/secp256k1-2019/v1"
88
94
],
89
95
"alsoKnownAs": [
90
-
"at://streamplace.bsky.social"
96
+
"at://streamplace-test.bsky.social"
91
97
],
92
-
"id": "did:plc:dkh4rwafdcda4ko7lewe43ml",
98
+
"id": "did:plc:ee3n2hs2wkgrkskrz6whzrfs",
93
99
"service": [
94
100
{
95
101
"id": "#atproto_pds",
96
-
"serviceEndpoint": "https://milkcap.us-west.host.bsky.network",
102
+
"serviceEndpoint": "https://grisette.us-west.host.bsky.network",
97
103
"type": "AtprotoPersonalDataServer"
98
104
}
99
105
],
100
106
"verificationMethod": [
101
107
{
102
-
"controller": "did:plc:dkh4rwafdcda4ko7lewe43ml",
103
-
"id": "did:plc:dkh4rwafdcda4ko7lewe43ml#atproto",
104
-
"publicKeyMultibase": "zQ3shMdd6GA2eefzDHPoTGmtt1D8tTfbE7MqBzrF9Dv78m5Lr",
108
+
"controller": "did:plc:ee3n2hs2wkgrkskrz6whzrfs",
109
+
"id": "did:plc:ee3n2hs2wkgrkskrz6whzrfs#atproto",
110
+
"publicKeyMultibase": "zQ3shYTpdwFJJppCFwncKrB1hSTsKE48s1kTQASKvgSNm3jTt",
105
111
"type": "Multikey"
106
112
}
107
113
]
108
114
}
109
115
`)
110
-
var firstKey = "0x6fbe6863cf1efc713899455e526a13239d371175"
111
-
var secondKey = "0xf081d6383777482868faa8d5534a5f1a7777bee8"
112
-
var fullSync = `OqJlcm9vdHOB2CpYJQABcRIg8rwOSz2yxfhVsZgjPLoriASZoxACV-0nDsPTufChhC9ndmVyc2lvbgGpAQFxEiD1lx4wXXrKA3-lEka_76FDOL8Q3pMLSDBF9K6kjyhASaJhZYGkYWtYIGFwcC5ic2t5LmZlZWQucG9zdC8zbGJnY2VvcHJjazJ3YXAAYXTYKlglAAFxEiBlb4TL7j6T5EHCS1GK-CGp1CWQEgnI4ijAdWdW5PUSGGF22CpYJQABcRIg7JoAcR_XotwhnWDAJMYUechMtv8fu_w24h5CEkzOfXphbPbgAQFxEiDyvA5LPbLF-FWxmCM8uiuIBJmjEAJX7ScOw9O58KGEL6ZjZGlkeCBkaWQ6cGxjOmRraDRyd2FmZGNkYTRrbzdsZXdlNDNtbGNyZXZtM2xiaHo3Zm1qZnIybmNzaWdYQLJdVuxKJ_H9MWWiyHEs0CHfGSWTHkSwuGec-RE7ZZT2B6tR7JQ8ozUfovYlLoa_mf_LbswCmrXIJLbdI9FAeB5kZGF0YdgqWCUAAXESIPoII-xqjgtyN-IobBCXzv9p3xi__PTUHGkTOVK9Tl98ZHByZXb2Z3ZlcnNpb24D0QEBcRIg-ggj7GqOC3I34ihsEJfO_2nfGL_89NQcaRM5Ur1OX3yiYWWBpGFrWCBhcHAuYnNreS5mZWVkLnBvc3QvM2xiZ2Nkc29lajIyd2FwAGF02CpYJQABcRIg9ZceMF16ygN_pRJGv--hQzi_EN6TC0gwRfSupI8oQElhdtgqWCUAAXESIMjKJlapR-7V4yEIHJsqS3tUsugqlklsmHY4I486V1ekYWzYKlglAAFxEiDofs8Z467E_81R8yTDTUSKkRwplLtF-xSPUoQL7ndVuJACAXESINU_reY-Ie7fBQaJWzLubV_8TShioMnyVASU35S5K7ZaomFlg6Rha1ggYXBwLmJza3kuZmVlZC5wb3N0LzNsYmdjcWduZWwyMndhcABhdPZhdtgqWCUAAXESIB0okVvvemjrqHVTVvGYAt9q9PuLU7V-RI9EqJ_RgZSWpGFrSmh6N2ZncWJjMmZhcBZhdPZhdtgqWCUAAXESIEwBqj4S9YJ1_QDbEJa2QwL_dmXgQHja0uXcF1GCvdlipGFrWBpncmFwaC5mb2xsb3cvM2xhemZvaHA2cmsyd2FwCWF09mF22CpYJQABcRIg_vrZNDHQ8ZAisJQ8oKCV6_rAP69h9rzwl8HNWhZKlqFhbPZTAXESIGVvhMvuPpPkQcJLUYr4IanUJZASCcjiKMB1Z1bk9RIYomFlgGFs2CpYJQABcRIg1T-t5j4h7t8FBolbMu5tX_xNKGKgyfJUBJTflLkrtlq_AwFxEiBMAao-EvWCdf0A2xCWtkMC_3Zl4EB42tLl3BdRgr3ZYqVkdGV4dHgddGhleSBhcmUgbm93IGRvbid0IHdvcnJ5IPCfpJdlJHR5cGVyYXBwLmJza3kuZmVlZC5wb3N0ZWxhbmdzgWJlbmVyZXBseaJkcm9vdKJjY2lkeDtiYWZ5cmVpZ2xldG8yYWNwbW5maDZxNXB3czZ4Z2JzdmpsbndmcWl0ZXcydTJhMzVrM3czd3QyNGVuYWN1cml4RmF0Oi8vZGlkOnBsYzoyem14aWtpZzJzajdncWFlemw1Z250YWUvYXBwLmJza3kuZmVlZC5wb3N0LzNsYmd2Y3VrYWNrMjVmcGFyZW50omNjaWR4O2JhZnlyZWlnbGV0bzJhY3BtbmZoNnE1cHdzNnhnYnN2amxud2ZxaXRldzJ1MmEzNWszdzN3dDI0ZW5hY3VyaXhGYXQ6Ly9kaWQ6cGxjOjJ6bXhpa2lnMnNqN2dxYWV6bDVnbnRhZS9hcHAuYnNreS5mZWVkLnBvc3QvM2xiZ3ZjdWthY2syNWljcmVhdGVkQXR4GDIwMjQtMTEtMjFUMTc6NDI6MzYuMDY2WtEBAXESIOh-zxnjrsT_zVHzJMNNRIqRHCmUu0X7FI9ShAvud1W4omFlgaRha1ggYXBwLmJza3kuZmVlZC5saWtlLzNsYmRpNDRpYWt5MmJhcABhdNgqWCUAAXESIF66hfxKLwWeDj1wC8fUC0Vts3oouA83cjytyVOZuKgOYXbYKlglAAFxEiBnRrSTDjAiSBlUXxlBHbX1riFlwwrvGeLiPrKiRVqwtmFs2CpYJQABcRIgtcl2NrLyqA87bqGCHgYFI8zrg1goxRWohu0QTqYU6V24AgFxEiBeuoX8Si8Fng49cAvH1AtFbbN6KLgPN3I8rclTmbioDqJhZYKkYWtYIGFwcC5ic2t5LmZlZWQucG9zdC8zbGJkbDN6eGlkcDJyYXAAYXTYKlglAAFxEiCliJ0EuHabX2fmYQ5LUEIZP5U1qOp9Wkodr5bSOGA6y2F22CpYJQABcRIgMkMZX3_3xRnY5shHGYJkFCuT3i_0r9YjJyrksoN5k2CkYWtKZ2FyYmNyc2Myd2FwFmF02CpYJQABcRIglmlU9IJklExqIGP4xzRd9bxftBzlRK1lEA6oXhsC8VlhdtgqWCUAAXESICB15VbgVux27OAevULqO2_FKKgdndxnw5RXfadpVUkoYWzYKlglAAFxEiAzY6Nwv73IeBv-FKpb2d6uv-E6-UJvUVNIZGGWX4OU58gBAXESIDNjo3C_vch4G_4UqlvZ3q6_4Tr5Qm9RU0hkYZZfg5TnomFlgqRha1ggYXBwLmJza3kuZmVlZC5saWtlLzNsYmh6NzJ5YXJoMmJhcABhdPZhdtgqWCUAAXESIBek7BnkUPmK5RQRrQnGyEjL-VafNR4wQdVDX4PhCItspGFrUnBvc3QvM2xiZGtyZ3NoaTUyeWFwDmF09mF22CpYJQABcRIgqeOaphsHW2DZB2ar5azxeEOTDYLTyE0BS-n4izuYuwRhbPb4AQFxEiAXpOwZ5FD5iuUUEa0JxshIy_lWnzUeMEHVQ1-D4QiLbKNlJHR5cGVyYXBwLmJza3kuZmVlZC5saWtlZ3N1YmplY3SiY2NpZHg7YmFmeXJlaWdsZXRvMmFjcG1uZmg2cTVwd3M2eGdic3ZqbG53ZnFpdGV3MnUyYTM1azN3M3d0MjRlbmFjdXJpeEZhdDovL2RpZDpwbGM6MnpteGlraWcyc2o3Z3FhZXpsNWdudGFlL2FwcC5ic2t5LmZlZWQucG9zdC8zbGJndmN1a2FjazI1aWNyZWF0ZWRBdHgYMjAyNC0xMS0yMVQxNzo0MjoyNS4wMDZadgFxEiAdKJFb73po66h1U1bxmALfavT7i1O1fkSPRKif0YGUlqRkdGV4dGRhc2RmZSR0eXBlcmFwcC5ic2t5LmZlZWQucG9zdGVsYW5nc4FiZW5pY3JlYXRlZEF0eBgyMDI0LTExLTIxVDAxOjI3OjUxLjk1N1qDAQFxEiDsmgBxH9ei3CGdYMAkxhR5yEy2_x-7_DbiHkISTM59eqRkdGV4dHFtb3JycmUgY2hhYWFhbmdlc2UkdHlwZXJhcHAuYnNreS5mZWVkLnBvc3RlbGFuZ3OBYmVuaWNyZWF0ZWRBdHgYMjAyNC0xMS0yMVQwMToyMToxNy43NzFaggEBcRIgyMomVqlH7tXjIQgcmypLe1Sy6CqWSWyYdjgjjzpXV6SkZHRleHRwY2hhbmdlcyB0byByZXBvIWUkdHlwZXJhcHAuYnNreS5mZWVkLnBvc3RlbGFuZ3OBYmVuaWNyZWF0ZWRBdHgYMjAyNC0xMS0yMVQwMToyMDo0OC4zNjVa_QEBcRIglmlU9IJklExqIGP4xzRd9bxftBzlRK1lEA6oXhsC8VmiYWWDpGFrWCBhcHAuYnNreS5mZWVkLnBvc3QvM2xiZ2I2Z3g2bjIyd2FwAGF09mF22CpYJQABcRIgLxBb4icJ_BQwcs-kvumagTA5e1Z68NfTPM7ThDZaAL-kYWtIY3VpenBrMndhcBgYYXT2YXbYKlglAAFxEiCWr8BqJRXiQ2c-zXT-k3IC25feECpmvXG2HI6P3CIcKaRha0ljNmtheWtjMndhcBdhdPZhdtgqWCUAAXESIEwPwWqbLz22EnCy4APTNYqpx29j3ILg7s_mMQDxOVHkYWz2iwEBcRIgTA_BapsvPbYScLLgA9M1iqnHb2PcguDuz-YxAPE5UeSkZHRleHR4GHRoaXMgaXMgQU5PVEhFUiBwb3N0IG9tZ2UkdHlwZXJhcHAuYnNreS5mZWVkLnBvc3RlbGFuZ3OBYmVuaWNyZWF0ZWRBdHgYMjAyNC0xMS0yMVQwMToxNzo1MS43NjZadgFxEiCWr8BqJRXiQ2c-zXT-k3IC25feECpmvXG2HI6P3CIcKaRkdGV4dGRhc2RmZSR0eXBlcmFwcC5ic2t5LmZlZWQucG9zdGVsYW5nc4FiZW5pY3JlYXRlZEF0eBgyMDI0LTExLTIxVDAxOjAyOjIyLjk5MVqUAQFxEiAvEFviJwn8FDByz6S-6ZqBMDl7Vnrw19M8ztOENloAv6RkdGV4dHghcG9zdGluZyBhZ2FpbiBmb3IgdGhlIHNhbWUgcmVhc29uZSR0eXBlcmFwcC5ic2t5LmZlZWQucG9zdGVsYW5nc4FiZW5pY3JlYXRlZEF0eBgyMDI0LTExLTIxVDAwOjU5OjU0LjU1N1q7AgFxEiCliJ0EuHabX2fmYQ5LUEIZP5U1qOp9Wkodr5bSOGA6y6JhZYSkYWtYIGFwcC5ic2t5LmZlZWQucG9zdC8zbGJkbDZpZGJmNDJyYXAAYXT2YXbYKlglAAFxEiDtDbTZGhHmOXf14xiPT2WvYiOXGRHzajD5nAmkU9K616Rha0lvM2o1azRvMmxhcBdhdPZhdtgqWCUAAXESIPmPTQkPb2FdtOrZSKMMn3W1z09XL5XLt36QUW4OjXCfpGFrSGJjN28zcDJpYXAYGGF09mF22CpYJQABcRIgtUiWwIJyHlbInWVdNykpIncaQhC95qGdZMZhsBO3IeykYWtIZWFlcHhqMmxhcBgYYXT2YXbYKlglAAFxEiD79pjyILG-1iQ26WLWTE4hxm3AZH9gyzITeqSVvAydWmFs9qUBAXESICB15VbgVux27OAevULqO2_FKKgdndxnw5RXfadpVUkopGR0ZXh0eDJoZWxsbyBpIGFtIG1ha2luZyBhIHBvc3QgdG8gYWR2YW5jZSBteSBtZXJrbGUgcm9vdGUkdHlwZXJhcHAuYnNreS5mZWVkLnBvc3RlbGFuZ3OBYmVuaWNyZWF0ZWRBdHgYMjAyNC0xMS0yMVQwMDo1MjozMi40Mzha5wMBcRIg-_aY8iCxvtYkNuli1kxOIcZtwGR_YMsyE3qklbwMnVqlZHRleHR4RvCflLQgTElWRSBodHRwOi8vbG9jYWxob3N0OjM4MDgwL0BhcXVhcmV1bS5ic2t5LnNvY2lhbCBEb2VzIHRoaXMgd29yaz9lJHR5cGVyYXBwLmJza3kuZmVlZC5wb3N0ZmZhY2V0c4GiZWluZGV4omdieXRlRW5kGDZpYnl0ZVN0YXJ0CmhmZWF0dXJlc4GiY3VyaXimaHR0cDovL2xvY2FsaG9zdDozODA4MC9AYXF1YXJldW0uYnNreS5zb2NpYWw_a2V5PTB4NmZiZTY4NjNjZjFlZmM3MTM4OTk0NTVlNTI2YTEzMjM5ZDM3MTE3NSZkaWQ9ZGlkJTNBcGxjJTNBZGtoNHJ3YWZkY2RhNGtvN2xld2U0M21sJnRpbWU9MjAyNC0xMS0yMFQwMCUzQTE3JTNBNDguMTE5WmUkdHlwZXgcYXBwLmJza3kucmljaHRleHQuZmFjZXQjbGlua2ljcmVhdGVkQXR4GDIwMjQtMTEtMjBUMDA6MTc6NDguMTE5WmthcXVhcmV1bUtleXgqMHg2ZmJlNjg2M2NmMWVmYzcxMzg5OTQ1NWU1MjZhMTMyMzlkMzcxMTc1qgMBcRIgtUiWwIJyHlbInWVdNykpIncaQhC95qGdZMZhsBO3IeykZHRleHR4QfCflLQgTElWRSBodHRwOi8vbG9jYWxob3N0OjM4MDgwL0BhcXVhcmV1bS5ic2t5LnNvY2lhbCBBcXVhcmV1bSAyZSR0eXBlcmFwcC5ic2t5LmZlZWQucG9zdGZmYWNldHOBomVpbmRleKJnYnl0ZUVuZBg2aWJ5dGVTdGFydApoZmVhdHVyZXOBomN1cml4pmh0dHA6Ly9sb2NhbGhvc3Q6MzgwODAvQGFxdWFyZXVtLmJza3kuc29jaWFsP2tleT0weDZmYmU2ODYzY2YxZWZjNzEzODk5NDU1ZTUyNmExMzIzOWQzNzExNzUmZGlkPWRpZCUzQXBsYyUzQWRraDRyd2FmZGNkYTRrbzdsZXdlNDNtbCZ0aW1lPTIwMjQtMTEtMjBUMDAlM0ExNiUzQTA5LjUzMVplJHR5cGV4HGFwcC5ic2t5LnJpY2h0ZXh0LmZhY2V0I2xpbmtpY3JlYXRlZEF0eBgyMDI0LTExLTIwVDAwOjE2OjA5LjUzMVqoAwFxEiD5j00JD29hXbTq2UijDJ91tc9PVy-Vy7d-kFFuDo1wn6RkdGV4dHg_8J-UtCBMSVZFIGh0dHA6Ly9sb2NhbGhvc3Q6MzgwODAvQGFxdWFyZXVtLmJza3kuc29jaWFsIEFxdWFyZXVtZSR0eXBlcmFwcC5ic2t5LmZlZWQucG9zdGZmYWNldHOBomVpbmRleKJnYnl0ZUVuZBg2aWJ5dGVTdGFydApoZmVhdHVyZXOBomN1cml4pmh0dHA6Ly9sb2NhbGhvc3Q6MzgwODAvQGFxdWFyZXVtLmJza3kuc29jaWFsP2tleT0weDZmYmU2ODYzY2YxZWZjNzEzODk5NDU1ZTUyNmExMzIzOWQzNzExNzUmZGlkPWRpZCUzQXBsYyUzQWRraDRyd2FmZGNkYTRrbzdsZXdlNDNtbCZ0aW1lPTIwMjQtMTEtMjBUMDAlM0ExMiUzQTU1LjU0OFplJHR5cGV4HGFwcC5ic2t5LnJpY2h0ZXh0LmZhY2V0I2xpbmtpY3JlYXRlZEF0eBgyMDI0LTExLTIwVDAwOjEyOjU1LjU0OFqkAwFxEiDtDbTZGhHmOXf14xiPT2WvYiOXGRHzajD5nAmkU9K616RkdGV4dHg78J-UtCBMSVZFIGh0dHA6Ly9sb2NhbGhvc3Q6MzgwODAvQGFxdWFyZXVtLmJza3kuc29jaWFsIGFzZGZlJHR5cGVyYXBwLmJza3kuZmVlZC5wb3N0ZmZhY2V0c4GiZWluZGV4omdieXRlRW5kGDZpYnl0ZVN0YXJ0CmhmZWF0dXJlc4GiY3VyaXimaHR0cDovL2xvY2FsaG9zdDozODA4MC9AYXF1YXJldW0uYnNreS5zb2NpYWw_a2V5PTB4NmZiZTY4NjNjZjFlZmM3MTM4OTk0NTVlNTI2YTEzMjM5ZDM3MTE3NSZkaWQ9ZGlkJTNBcGxjJTNBZGtoNHJ3YWZkY2RhNGtvN2xld2U0M21sJnRpbWU9MjAyNC0xMS0xOVQyMyUzQTIwJTNBNTQuMTA1WmUkdHlwZXgcYXBwLmJza3kucmljaHRleHQuZmFjZXQjbGlua2ljcmVhdGVkQXR4GDIwMjQtMTEtMTlUMjM6MjA6NTQuMTA1Wq0DAXESIDJDGV9_98UZ2ObIRxmCZBQrk94v9K_WIycq5LKDeZNgpGR0ZXh0eETwn5S0IExJVkUgaHR0cDovL2xvY2FsaG9zdDozODA4MC9AYXF1YXJldW0uYnNreS5zb2NpYWwgaGVsbG8gd29ybGQgMmUkdHlwZXJhcHAuYnNreS5mZWVkLnBvc3RmZmFjZXRzgaJlaW5kZXiiZ2J5dGVFbmQYM2lieXRlU3RhcnQJaGZlYXR1cmVzgaJjdXJpeKZodHRwOi8vbG9jYWxob3N0OjM4MDgwL0BhcXVhcmV1bS5ic2t5LnNvY2lhbD9rZXk9MHg2ZmJlNjg2M2NmMWVmYzcxMzg5OTQ1NWU1MjZhMTMyMzlkMzcxMTc1JmRpZD1kaWQlM0FwbGMlM0Fka2g0cndhZmRjZGE0a283bGV3ZTQzbWwmdGltZT0yMDI0LTExLTE5VDIzJTNBMTklM0EzMS45NjNaZSR0eXBleBxhcHAuYnNreS5yaWNodGV4dC5mYWNldCNsaW5raWNyZWF0ZWRBdHgYMjAyNC0xMS0xOVQyMzoxOTozMS45NjNawwMBcRIgqeOaphsHW2DZB2ar5azxeEOTDYLTyE0BS-n4izuYuwSkZHRleHR4TvCflLQgTElWRSBodHRwOi8vbG9jYWxob3N0OjM4MDgwL0BkaWQ6cGxjOmRraDRyd2FmZGNkYTRrbzdsZXdlNDNtbCBIZWxsbyBXb3JsZGUkdHlwZXJhcHAuYnNreS5mZWVkLnBvc3RmZmFjZXRzgaJlaW5kZXiiZ2J5dGVFbmQYP2lieXRlU3RhcnQJaGZlYXR1cmVzgaJjdXJpeLJodHRwOi8vbG9jYWxob3N0OjM4MDgwL0BkaWQ6cGxjOmRraDRyd2FmZGNkYTRrbzdsZXdlNDNtbD9rZXk9MHg2ZmJlNjg2M2NmMWVmYzcxMzg5OTQ1NWU1MjZhMTMyMzlkMzcxMTc1JmRpZD1kaWQlM0FwbGMlM0Fka2g0cndhZmRjZGE0a283bGV3ZTQzbWwmdGltZT0yMDI0LTExLTE5VDIzJTNBMTMlM0EzNi4yMTVaZSR0eXBleBxhcHAuYnNreS5yaWNodGV4dC5mYWNldCNsaW5raWNyZWF0ZWRBdHgYMjAyNC0xMS0xOVQyMzoxMzozNi4yMTVafAFxEiC1yXY2svKoDztuoYIeBgUjzOuDWCjFFaiG7RBOphTpXaJhZYGkYWtYG2FwcC5ic2t5LmFjdG9yLnByb2ZpbGUvc2VsZmFwAGF09mF22CpYJQABcRIgGy6G483c4VnSETZ5R0_nZ5HAkTrPGCGjLlH641qJspphbPb4AQFxEiBnRrSTDjAiSBlUXxlBHbX1riFlwwrvGeLiPrKiRVqwtqNlJHR5cGVyYXBwLmJza3kuZmVlZC5saWtlZ3N1YmplY3SiY2NpZHg7YmFmeXJlaWR4cWxpZXZubnF5Mmp4enh6dzJobjd2cm81YjRlNW5idng3Z3RmeDI1d3N5bHFhbzU3amFjdXJpeEZhdDovL2RpZDpwbGM6cmFndGpzbTJqMnZrbndrejN6cDRveHJkL2FwcC5ic2t5LmZlZWQucG9zdC8zbGJkNXV5emRqMjJlaWNyZWF0ZWRBdHgYMjAyNC0xMS0xOVQyMjoyNTo1My4zODFazgEBcRIgGy6G483c4VnSETZ5R0_nZ5HAkTrPGCGjLlH641qJspqkZSR0eXBldmFwcC5ic2t5LmFjdG9yLnByb2ZpbGVmYXZhdGFypGNyZWbYKlglAAFVEiBzJwFz0HhsvLZGqELGc9olbRm43lm2S_sd-3c09sIKiGRzaXplGWcjZSR0eXBlZGJsb2JobWltZVR5cGVpaW1hZ2UvcG5naWNyZWF0ZWRBdHgYMjAyNC0xMS0xNVQyMjoxNTo1MC44NDRaa2Rpc3BsYXlOYW1lYI8BAXESIP762TQx0PGQIrCUPKCglev6wD-vYfa88JfBzVoWSpaho2UkdHlwZXVhcHAuYnNreS5ncmFwaC5mb2xsb3dnc3ViamVjdHggZGlkOnBsYzp6NzJpN2hkeW5tazZyMjJ6MjdoNnR2dXJpY3JlYXRlZEF0eBgyMDI0LTExLTE1VDIyOjE1OjUwLjU4Mlo=`
113
-
var emptySync = `OqJlcm9vdHOB2CpYJQABcRIg8rwOSz2yxfhVsZgjPLoriASZoxACV-0nDsPTufChhC9ndmVyc2lvbgE=`
114
-
var incrementalSyncSameKey = `OqJlcm9vdHOB2CpYJQABcRIgdhLeadhDAlvvliNZ91vqLHN8c6LclTANHL8Q-FlFlIFndmVyc2lvbgFTAXESIPiJM3VDjXQr5z7x-bsva4X15YlKyWhAsOvMBjsB4bBKomFlgGFs2CpYJQABcRIgAlvQk2EZEGxiBramc2dycvZ-LRaMDcVPtpd7WSsu-gLRAQFxEiDMDWgr6u3JA5D-8hiiyE0LeoHnQY5hn6NVzFXpiQN73aJhZYGkYWtYIGFwcC5ic2t5LmZlZWQucG9zdC8zbGJnY2Rzb2VqMjJ3YXAAYXTYKlglAAFxEiBqSWsQ9j1pxMH7phtowUv7ZPJFknl4cpQB7CUctm1_7mF22CpYJQABcRIgyMomVqlH7tXjIQgcmypLe1Sy6CqWSWyYdjgjjzpXV6RhbNgqWCUAAXESIOh-zxnjrsT_zVHzJMNNRIqRHCmUu0X7FI9ShAvud1W44AEBcRIgdhLeadhDAlvvliNZ91vqLHN8c6LclTANHL8Q-FlFlIGmY2RpZHggZGlkOnBsYzpka2g0cndhZmRjZGE0a283bGV3ZTQzbWxjcmV2bTNsYmh6bWRpbGc0Mmljc2lnWEAW-iVraQPm5ge58bCGNajPg7_ZlO0Gyxlw5ijQCx8hI18cQ9OC5571SB40qjmx1JCPXIZAx8LLPhcOluA7JPCVZGRhdGHYKlglAAFxEiDMDWgr6u3JA5D-8hiiyE0LeoHnQY5hn6NVzFXpiQN73WRwcmV29md2ZXJzaW9uA6kBAXESIGpJaxD2PWnEwfumG2jBS_tk8kWSeXhylAHsJRy2bX_uomFlgaRha1ggYXBwLmJza3kuZmVlZC5wb3N0LzNsYmdjZW9wcmNrMndhcABhdNgqWCUAAXESIPiJM3VDjXQr5z7x-bsva4X15YlKyWhAsOvMBjsB4bBKYXbYKlglAAFxEiDsmgBxH9ei3CGdYMAkxhR5yEy2_x-7_DbiHkISTM59emFs9s8BAXESIAulGNhPZXfwLpqwV129i1UEmCZN5C7CXaFGU-3fa3lRpGR0ZXh0eFx0aGlzIHBvc3Qgd2lsbCBiZSBjYXB0dXJlZCBmb3IgYWxsIHRpbWUgYXMgbXkgdGVzdCBjYXNlIGZvciBjb20uYXRwcm90by5zeW5jLmdldFJlcG8gc3luY2luZ2UkdHlwZXJhcHAuYnNreS5mZWVkLnBvc3RlbGFuZ3OBYmVuaWNyZWF0ZWRBdHgYMjAyNC0xMS0yMVQxNzo0OTo1MC4xNzJazgIBcRIgAlvQk2EZEGxiBramc2dycvZ-LRaMDcVPtpd7WSsu-gKiYWWEpGFrWCBhcHAuYnNreS5mZWVkLnBvc3QvM2xiZ2NxZ25lbDIyd2FwAGF09mF22CpYJQABcRIgHSiRW-96aOuodVNW8ZgC32r0-4tTtX5Ej0Son9GBlJakYWtKaHo3ZmdxYmMyZmFwFmF09mF22CpYJQABcRIgTAGqPhL1gnX9ANsQlrZDAv92ZeBAeNrS5dwXUYK92WKkYWtIbWRnbHZzMmZhcBgYYXT2YXbYKlglAAFxEiALpRjYT2V38C6asFddvYtVBJgmTeQuwl2hRlPt32t5UaRha1gaZ3JhcGguZm9sbG93LzNsYXpmb2hwNnJrMndhcAlhdPZhdtgqWCUAAXESIP762TQx0PGQIrCUPKCglev6wD-vYfa88JfBzVoWSpahYWz2`
115
-
var incrementalSyncNewKey = `OqJlcm9vdHOB2CpYJQABcRIgB2TQAlnaxTYfIckTwj-R7tPD8QHdp4zM3pcxtdHCI0lndmVyc2lvbgFTAXESIFPdMSIS6fZG-VQgDLljNkNuKopgvgaYta3FwUNXvr-uomFlgGFs2CpYJQABcRIgXFvELxXqfbpIofY8zkLEYq_3wWmso5_7w--Wu4tuXOaNAwFxEiBcW8QvFep9ukih9jzOQsRir_fBaayjn_vD75a7i25c5qJhZYWkYWtYIGFwcC5ic2t5LmZlZWQucG9zdC8zbGJnY3FnbmVsMjJ3YXAAYXT2YXbYKlglAAFxEiAdKJFb73po66h1U1bxmALfavT7i1O1fkSPRKif0YGUlqRha0poejdmZ3FiYzJmYXAWYXT2YXbYKlglAAFxEiBMAao-EvWCdf0A2xCWtkMC_3Zl4EB42tLl3BdRgr3ZYqRha0htZGdsdnMyZmFwGBhhdPZhdtgqWCUAAXESIAulGNhPZXfwLpqwV129i1UEmCZN5C7CXaFGU-3fa3lRpGFrSmkyM203MmZrMmNhcBZhdPZhdtgqWCUAAXESIC8FWdZF395B48PPS802LlehSw9YGhaWJWBDFZD8AZ6kpGFrWBpncmFwaC5mb2xsb3cvM2xhemZvaHA2cmsyd2FwCWF09mF22CpYJQABcRIg_vrZNDHQ8ZAisJQ8oKCV6_rAP69h9rzwl8HNWhZKlqFhbPapAQFxEiA1kWVtns-NexGKYJlEFapjC-XsaaL0PSZCXQRn1se4TqJhZYGkYWtYIGFwcC5ic2t5LmZlZWQucG9zdC8zbGJnY2VvcHJjazJ3YXAAYXTYKlglAAFxEiBT3TEiEun2RvlUIAy5YzZDbiqKYL4GmLWtxcFDV76_rmF22CpYJQABcRIg7JoAcR_XotwhnWDAJMYUechMtv8fu_w24h5CEkzOfXphbPbeBAFxEiAvBVnWRd_eQePDz0vNNi5XoUsPWBoWliVgQxWQ_AGepKVkdGV4dHi98J-UtCBMSVZFIGh0dHA6Ly9sb2NhbGhvc3Q6MzgwODAvQGFxdWFyZXVtLmJza3kuc29jaWFsIEFuZCBub3cgZm9yIG15IG5leHQgdHJpY2sgSSB3aWxsIGNoYW5nZSBteSBBcXVhcmV1bSBzaWduaW5nIGtleS4gU28uLi4geW91IGNhbiByZWFsbHkganVzdCBhZGQgYXJiaXRyYXJ5IGZpZWxkcyB0byBCbHVlc2t5IHBvc3RzLCBodWg_ZSR0eXBlcmFwcC5ic2t5LmZlZWQucG9zdGZmYWNldHOBomVpbmRleKJnYnl0ZUVuZBg2aWJ5dGVTdGFydApoZmVhdHVyZXOBomN1cml4pmh0dHA6Ly9sb2NhbGhvc3Q6MzgwODAvQGFxdWFyZXVtLmJza3kuc29jaWFsP2tleT0weGYwODFkNjM4Mzc3NzQ4Mjg2OGZhYThkNTUzNGE1ZjFhNzc3N2JlZTgmZGlkPWRpZCUzQXBsYyUzQWRraDRyd2FmZGNkYTRrbzdsZXdlNDNtbCZ0aW1lPTIwMjQtMTEtMjFUMTclM0E1OCUzQTIyLjUyMVplJHR5cGV4HGFwcC5ic2t5LnJpY2h0ZXh0LmZhY2V0I2xpbmtpY3JlYXRlZEF0eBgyMDI0LTExLTIxVDE3OjU4OjIyLjUyMVprYXF1YXJldW1LZXl4KjB4ZjA4MWQ2MzgzNzc3NDgyODY4ZmFhOGQ1NTM0YTVmMWE3Nzc3YmVlONEBAXESIAm_x_mMHBZ631TB7c6Sx8GK_74KclOkNvYBhw_vEcquomFlgaRha1ggYXBwLmJza3kuZmVlZC5wb3N0LzNsYmdjZHNvZWoyMndhcABhdNgqWCUAAXESIDWRZW2ez417EYpgmUQVqmML5expovQ9JkJdBGfWx7hOYXbYKlglAAFxEiDIyiZWqUfu1eMhCBybKkt7VLLoKpZJbJh2OCOPOldXpGFs2CpYJQABcRIg6H7PGeOuxP_NUfMkw01EipEcKZS7RfsUj1KEC-53VbjgAQFxEiAHZNACWdrFNh8hyRPCP5Hu08PxAd2njMzelzG10cIjSaZjZGlkeCBkaWQ6cGxjOmRraDRyd2FmZGNkYTRrbzdsZXdlNDNtbGNyZXZtM2xiaTIzbTc1ZGMyY2NzaWdYQHdNm4gZkbQlNuMZXVDiTcjd13XT53ngjqGqShE7TINQHWekxpst3-n4ZMUWAlBaLSs_1aX3ZNratIyseukp5itkZGF0YdgqWCUAAXESIAm_x_mMHBZ631TB7c6Sx8GK_74KclOkNvYBhw_vEcquZHByZXb2Z3ZlcnNpb24DzwEBcRIgC6UY2E9ld_AumrBXXb2LVQSYJk3kLsJdoUZT7d9reVGkZHRleHR4XHRoaXMgcG9zdCB3aWxsIGJlIGNhcHR1cmVkIGZvciBhbGwgdGltZSBhcyBteSB0ZXN0IGNhc2UgZm9yIGNvbS5hdHByb3RvLnN5bmMuZ2V0UmVwbyBzeW5jaW5nZSR0eXBlcmFwcC5ic2t5LmZlZWQucG9zdGVsYW5nc4FiZW5pY3JlYXRlZEF0eBgyMDI0LTExLTIxVDE3OjQ5OjUwLjE3Mlo=`
116
+
var firstKey = "did:key:zQ3shkP7pgLBqp7PYQYnFRSCTBdKAGHWKKghF3GidVmEMUrct"
117
+
var secondKey = "did:key:zQ3shUjidTbELwdHjeNyvx8iQ8adi4789Eaan9Lgc9AUh1Vzm"
118
+
var fullSync = `OqJlcm9vdHOB2CpYJQABcRIgMDc7EDUmj3o8uSuYkHfG46c34xUOpb9gmVTu-M9CbNdndmVyc2lvbgGmAQFxEiCHwNkrZ3dGh8V43q6FFuRg5LlgE50hifxzDmAdATYc6aNlJHR5cGVwcGxhY2Uuc3RyZWFtLmtleWljcmVhdGVkQXR4GDIwMjUtMDEtMjZUMjE6MDc6MzkuMTYxWmpzaWduaW5nS2V5eDlkaWQ6a2V5OnpRM3Noa1A3cGdMQnFwN1BZUVluRlJTQ1RCZEtBR0hXS0tnaEYzR2lkVm1FTVVyY3T4AQFxEiBzaFlz2gS4XkDfdJHIjomgqdCpk7Cc49rX3kvYqLP6eaJhZYKkYWtYG2FwcC5ic2t5LmFjdG9yLnByb2ZpbGUvc2VsZmFwAGF02CpYJQABcRIgVDDzvM6e19so-zvPpJEldfpzAbpZZ6WxE81LAYvjCv1hdtgqWCUAAXESIMzJIP4DaRsw1NyMu1Su2ggAXMDz0nOK13rNPkQz00L0pGFrWB5wbGFjZS5zdHJlYW0ua2V5LzNsZ29kZ3Q2bzY1MjRhcABhdPZhdtgqWCUAAXESIIfA2Stnd0aHxXjeroUW5GDkuWATnSGJ_HMOYB0BNhzpYWz24AEBcRIgMDc7EDUmj3o8uSuYkHfG46c34xUOpb9gmVTu-M9CbNemY2RpZHggZGlkOnBsYzplZTNuMmhzMndrZ3Jrc2tyejZ3aHpyZnNjcmV2bTNsZ29kZ3Q2dHpuMjRjc2lnWEDo6aLAaagS8QCgO_fuXpYApipc9VpFI4mmOPpmIIKWyHQnXiMurYyqNs0oGX31lXUmBlNQq0mUDKY8D2FbxSyaZGRhdGHYKlglAAFxEiBzaFlz2gS4XkDfdJHIjomgqdCpk7Cc49rX3kvYqLP6eWRwcmV29md2ZXJzaW9uA84BAXESIMzJIP4DaRsw1NyMu1Su2ggAXMDz0nOK13rNPkQz00L0pGUkdHlwZXZhcHAuYnNreS5hY3Rvci5wcm9maWxlZmF2YXRhcqRjcmVm2CpYJQABVRIgHdCQPIz2IErjjii59bHG-XOJjtGVJLiR1RRnLKsXK3xkc2l6ZRl3ZmUkdHlwZWRibG9iaG1pbWVUeXBlaWltYWdlL3BuZ2ljcmVhdGVkQXR4GDIwMjUtMDEtMjZUMjE6MDQ6MzUuNjMxWmtkaXNwbGF5TmFtZWCEAQFxEiBUMPO8zp7X2yj7O8-kkSV1-nMBullnpbETzUsBi-MK_aJhZYGkYWtYI2FwcC5ic2t5LmdyYXBoLmZvbGxvdy8zbGdvZGJkM3poYzJoYXAAYXT2YXbYKlglAAFxEiAOO157S10FbyFkhacvqpz-lvrDDv1i9kTTw7p26_NFX2Fs9o8BAXESIA47XntLXQVvIWSFpy-qnP6W-sMO_WL2RNPDunbr80Vfo2UkdHlwZXVhcHAuYnNreS5ncmFwaC5mb2xsb3dnc3ViamVjdHggZGlkOnBsYzp6NzJpN2hkeW5tazZyMjJ6MjdoNnR2dXJpY3JlYXRlZEF0eBgyMDI1LTAxLTI2VDIxOjA0OjM0LjcxM1o=`
119
+
var incrementalSyncSameKey = `OqJlcm9vdHOB2CpYJQABcRIgKRCUWJjPxaq1aqO7srwRxpJeURCsoQ_sXJaSkyscKXRndmVyc2lvbgHRAQFxEiD8HmkbON-0uUXvBD5PHbTu9hfJYYh7BcQBBbua6OlXNqJhZYKkYWtYIGFwcC5ic2t5LmZlZWQucG9zdC8zbGdvZGx3eGg0dDJoYXAAYXT2YXbYKlglAAFxEiAJRIEWBgnKqUlv19Ese8UO557t5YL7jfcEBItUpEm9IqRha1gaZ3JhcGguZm9sbG93LzNsZ29kYmQzemhjMmhhcAlhdPZhdtgqWCUAAXESIA47XntLXQVvIWSFpy-qnP6W-sMO_WL2RNPDunbr80VfYWz2-AEBcRIguxQZbYxqjerYzPJzsB2cq47_Cy-M9DbdfX3zgsZsHSKiYWWCpGFrWBthcHAuYnNreS5hY3Rvci5wcm9maWxlL3NlbGZhcABhdNgqWCUAAXESIPweaRs437S5Re8EPk8dtO72F8lhiHsFxAEFu5ro6Vc2YXbYKlglAAFxEiDMySD-A2kbMNTcjLtUrtoIAFzA89Jzitd6zT5EM9NC9KRha1gecGxhY2Uuc3RyZWFtLmtleS8zbGdvZGd0Nm82NTI0YXAAYXT2YXbYKlglAAFxEiCHwNkrZ3dGh8V43q6FFuRg5LlgE50hifxzDmAdATYc6WFs9uABAXESICkQlFiYz8WqtWqju7K8EcaSXlEQrKEP7FyWkpMrHCl0pmNkaWR4IGRpZDpwbGM6ZWUzbjJoczJ3a2dya3Nrcno2d2h6cmZzY3Jldm0zbGdvZGx3eXhkeDJqY3NpZ1hAokbAmjkgNdLlufRil-TeFuxKggit3Ljqkbw7QKRY794EPZYnb1WQE6sPhcF7Z0VNTl05APJPEb0s4SKM8qloRGRkYXRh2CpYJQABcRIguxQZbYxqjerYzPJzsB2cq47_Cy-M9DbdfX3zgsZsHSJkcHJldvZndmVyc2lvbgOIAQFxEiAJRIEWBgnKqUlv19Ese8UO557t5YL7jfcEBItUpEm9IqRkdGV4dHZIaSB0aGlzIGlzIGEgdGVzdCBwb3N0ZSR0eXBlcmFwcC5ic2t5LmZlZWQucG9zdGVsYW5nc4FiZW5pY3JlYXRlZEF0eBgyMDI1LTAxLTI2VDIxOjEwOjMxLjA4MFo=`
120
+
var incrementalSyncNewKey = `OqJlcm9vdHOB2CpYJQABcRIglIEJIf3uyrHn7zpaDG0VZ5LFVpEnAO4COXPLdZVI5N5ndmVyc2lvbgGmAQFxEiC7UEFQdgwPLi4Aph-E0JNXfiJhpy7EK7yIae9mt-JLlqNlJHR5cGVwcGxhY2Uuc3RyZWFtLmtleWljcmVhdGVkQXR4GDIwMjUtMDEtMjZUMjE6MTA6NTkuMDI5WmpzaWduaW5nS2V5eDlkaWQ6a2V5OnpRM3NoVWppZFRiRUx3ZEhqZU55dng4aVE4YWRpNDc4OUVhYW45TGdjOUFVaDFWem3gAQFxEiCUgQkh_e7KsefvOloMbRVnksVWkScA7gI5c8t1lUjk3qZjZGlkeCBkaWQ6cGxjOmVlM24yaHMyd2tncmtza3J6NndoenJmc2NyZXZtM2xnb2RtcnJqb3EydGNzaWdYQPoUwYR8ZFqHPygnPU0Yzo14pRo35huNbjVwtQudrSIMErQMHsGhZL-JdLnq5avgxXYqq7k4jcMUEkUIgmZFI51kZGF0YdgqWCUAAXESIEBLuaWzxeuRKjP8Kovw6ZWkkvqfMkhDOBymBuE4ZZhRZHByZXb2Z3ZlcnNpb24DtQIBcRIgQEu5pbPF65EqM_wqi_DplaSS-p8ySEM4HKYG4ThlmFGiYWWDpGFrWBthcHAuYnNreS5hY3Rvci5wcm9maWxlL3NlbGZhcABhdNgqWCUAAXESIPweaRs437S5Re8EPk8dtO72F8lhiHsFxAEFu5ro6Vc2YXbYKlglAAFxEiDMySD-A2kbMNTcjLtUrtoIAFzA89Jzitd6zT5EM9NC9KRha1gecGxhY2Uuc3RyZWFtLmtleS8zbGdvZGd0Nm82NTI0YXAAYXT2YXbYKlglAAFxEiCHwNkrZ3dGh8V43q6FFuRg5LlgE50hifxzDmAdATYc6aRha0htcnJmcnEydGFwFmF09mF22CpYJQABcRIgu1BBUHYMDy4uAKYfhNCTV34iYacuxCu8iGnvZrfiS5ZhbPY=`
121
+
var emptySync = `OqJlcm9vdHOB2CpYJQABcRIglIEJIf3uyrHn7zpaDG0VZ5LFVpEnAO4COXPLdZVI5N5ndmVyc2lvbgE=`
+19
-8
pkg/cmd/streamplace.go
+19
-8
pkg/cmd/streamplace.go
···
4
4
"bytes"
5
5
"context"
6
6
"crypto"
7
+
"crypto/ecdsa"
8
+
"crypto/elliptic"
7
9
"errors"
8
10
"flag"
9
11
"fmt"
···
16
18
"syscall"
17
19
"time"
18
20
21
+
atcrypto "github.com/bluesky-social/indigo/atproto/crypto"
22
+
ethcrypto "github.com/ethereum/go-ethereum/crypto"
19
23
"golang.org/x/term"
20
24
"gorm.io/gorm"
21
25
"stream.place/streamplace/pkg/aqhttp"
···
313
317
case <-ctx.Done():
314
318
return nil
315
319
case not := <-newSeg:
316
-
prevSeg, prevErr := mod.LatestSegmentForUser(not.Segment.User)
320
+
prevSeg, prevErr := mod.LatestSegmentForUser(not.Segment.RepoDID)
317
321
err := mod.CreateSegment(not.Segment)
318
322
if err != nil {
319
323
log.Error(ctx, "could not add segment to database", "error", err)
320
324
}
321
325
go func() {
322
326
err := func() error {
323
-
oldThumb, err := mod.LatestThumbnailForUser(not.Segment.User)
327
+
oldThumb, err := mod.LatestThumbnailForUser(not.Segment.RepoDID)
324
328
if err != nil {
325
329
return err
326
330
}
···
330
334
}
331
335
r := bytes.NewReader(not.Data)
332
336
aqt := aqtime.FromTime(not.Segment.StartTime)
333
-
fd, err := cli.SegmentFileCreate(not.Segment.User, aqt, "jpg")
337
+
fd, err := cli.SegmentFileCreate(not.Segment.RepoDID, aqt, "jpg")
334
338
if err != nil {
335
339
return err
336
340
}
···
361
365
if prevSeg != nil {
362
366
dur := not.Segment.StartTime.Sub(prevSeg.StartTime)
363
367
if prevSeg != nil && dur < (5*time.Minute) {
364
-
log.Debug(ctx, "skipping notification, less than 5 minutes since last segment", "user", not.Segment.User, "duration", dur)
368
+
log.Debug(ctx, "skipping notification, less than 5 minutes since last segment", "user", not.Segment.RepoDID, "duration", dur)
365
369
// it's been less than 5 minutes since the last segment, skip notification
366
370
return nil
367
371
}
···
379
383
if noter != nil {
380
384
noter.Blast(ctx, notifications, nb)
381
385
} else {
382
-
log.Log(ctx, "no notifier configured, skipping notifications", "user", not.Segment.User, "count", len(notifications), "content", nb)
386
+
log.Log(ctx, "no notifier configured, skipping notifications", "user", not.Segment.RepoDID, "count", len(notifications), "content", nb)
383
387
}
384
388
return nil
385
389
}()
···
399
403
if err != nil {
400
404
return err
401
405
}
402
-
testMediaSigner, err := media.MakeMediaSigner(ctx, &cli, "self-test-signer", testSigner, mod)
406
+
pub := signer.Public().(*ecdsa.PublicKey)
407
+
publicKeyBytes := elliptic.Marshal(ethcrypto.S256(), pub.X, pub.Y)
408
+
atkey, err := atcrypto.ParsePublicUncompressedBytesK256(publicKeyBytes)
409
+
if err != nil {
410
+
return err
411
+
}
412
+
did := atkey.DIDKey()
413
+
testMediaSigner, err := media.MakeMediaSigner(ctx, &cli, did, testSigner, mod)
403
414
if err != nil {
404
415
return err
405
416
}
···
411
422
if err != nil {
412
423
return err
413
424
}
414
-
cli.AllowedStreams = append(cli.AllowedStreams, testMediaSigner.Pub.String())
415
-
a.Aliases["self-test"] = testMediaSigner.Pub.String()
425
+
cli.AllowedStreams = append(cli.AllowedStreams, did)
426
+
a.Aliases["self-test"] = did
416
427
group.Go(func() error {
417
428
return mm.TestSource(ctx, testMediaSigner)
418
429
})
+8
-3
pkg/config/config.go
+8
-3
pkg/config/config.go
···
16
16
"strings"
17
17
"time"
18
18
19
+
"github.com/peterbourgon/ff/v3"
20
+
"golang.org/x/exp/rand"
19
21
"stream.place/streamplace/pkg/aqtime"
20
22
"stream.place/streamplace/pkg/crypto/aqpub"
21
-
"github.com/peterbourgon/ff/v3"
22
-
"golang.org/x/exp/rand"
23
23
)
24
24
25
25
const AQ_DATA_DIR = "$AQ_DATA_DIR"
···
149
149
if cli.DataDir == "" {
150
150
panic("no data dir configured")
151
151
}
152
-
fpath = append([]string{cli.DataDir}, fpath...)
152
+
// windows does not like colons
153
+
safe := []string{}
154
+
for _, p := range fpath {
155
+
safe = append(safe, strings.ReplaceAll(p, ":", "-"))
156
+
}
157
+
fpath = append([]string{cli.DataDir}, safe...)
153
158
fdpath := filepath.Join(fpath...)
154
159
return fdpath
155
160
}
+3
-9
pkg/crypto/signers/signers.go
+3
-9
pkg/crypto/signers/signers.go
···
14
14
"math/big"
15
15
"time"
16
16
17
-
"stream.place/streamplace/pkg/crypto/aqpub"
18
17
"git.aquareum.tv/streamplace/c2pa-go/pkg/c2pa"
18
+
atcrypto "github.com/bluesky-social/indigo/atproto/crypto"
19
19
"github.com/ethereum/go-ethereum/common/hexutil"
20
20
"github.com/ethereum/go-ethereum/crypto"
21
-
"github.com/ethereum/go-ethereum/crypto/secp256k1"
22
21
)
23
22
24
23
// uses Go code to generate a es256p cert, then rewrites and resigns it into an es256k cert
···
131
130
return bs, nil
132
131
}
133
132
134
-
func ParseES256KCert(pembs []byte) (aqpub.Pub, error) {
133
+
func ParseES256KCert(pembs []byte) (*atcrypto.PublicKeyK256, error) {
135
134
// todo: there may be a chain here
136
135
block, _ := pem.Decode(pembs)
137
136
···
145
144
return nil, err
146
145
}
147
146
148
-
x, y := secp256k1.S256().Unmarshal(k256cert.TBSCertificate.PublicKey.PublicKey.Bytes)
149
-
if x == nil {
150
-
return nil, fmt.Errorf("unable to unmarshal k256 public key")
151
-
}
152
-
153
-
pub, err := aqpub.FromPoints(x, y)
147
+
pub, err := atcrypto.ParsePublicUncompressedBytesK256(k256cert.TBSCertificate.PublicKey.PublicKey.Bytes)
154
148
if err != nil {
155
149
return nil, err
156
150
}
+38
-21
pkg/media/media.go
+38
-21
pkg/media/media.go
···
8
8
"errors"
9
9
"fmt"
10
10
"io"
11
+
"strings"
11
12
"sync"
12
13
13
14
"github.com/go-gst/go-gst/gst"
···
15
16
"github.com/livepeer/lpms/ffmpeg"
16
17
"golang.org/x/sync/errgroup"
17
18
"stream.place/streamplace/pkg/aqtime"
19
+
"stream.place/streamplace/pkg/atproto"
18
20
"stream.place/streamplace/pkg/config"
19
21
"stream.place/streamplace/pkg/crypto/signers"
20
22
"stream.place/streamplace/pkg/log"
···
334
336
if err != nil {
335
337
return err
336
338
}
337
-
var repo *model.Repo
338
-
if mm.model != nil {
339
-
repo, err = mm.model.GetRepoBySigningKey(pub.String())
339
+
meta, err := ParseSegmentAssertions(mani)
340
+
if err != nil {
341
+
return err
342
+
}
343
+
// special case for test signers that are only signed with a key
344
+
var repoDID string
345
+
var signingKeyDID string
346
+
var isDIDKey bool
347
+
if strings.HasPrefix(meta.Creator, atproto.DID_KEY_PREFIX) {
348
+
signingKeyDID = meta.Creator
349
+
repoDID = meta.Creator
350
+
isDIDKey = true
351
+
} else {
352
+
repo, err := atproto.SyncBlueskyRepoCached(ctx, meta.Creator, mm.model)
353
+
if err != nil {
354
+
return err
355
+
}
356
+
signingKey, err := mm.model.GetSigningKey(pub.DIDKey(), repo.DID)
340
357
if err != nil {
341
358
return err
342
359
}
360
+
if signingKey == nil {
361
+
return fmt.Errorf("no signing key found for %s", pub.DIDKey())
362
+
}
363
+
repoDID = repo.DID
364
+
signingKeyDID = signingKey.DID
365
+
isDIDKey = false
343
366
}
367
+
344
368
found := false
345
-
if len(mm.cli.AllowedStreams) == 0 {
369
+
if !isDIDKey && (len(mm.cli.AllowedStreams) == 0 || (mm.cli.TestStream && len(mm.cli.AllowedStreams) == 1)) {
346
370
found = true
347
371
} else {
348
372
for _, a := range mm.cli.AllowedStreams {
349
-
if a == pub.String() {
350
-
found = true
351
-
break
352
-
}
353
-
if repo != nil && repo.DID == a {
373
+
if a == repoDID {
354
374
found = true
355
375
break
356
376
}
357
377
}
358
378
}
359
379
if !found {
360
-
return fmt.Errorf("got valid segment, but address is not allowed: %s", pub.String())
380
+
return fmt.Errorf("got valid segment, but user is not allowed: %s", repoDID)
361
381
}
362
-
meta, err := ParseSegmentAssertions(mani)
363
-
if err != nil {
364
-
return err
365
-
}
366
-
fd, err := mm.cli.SegmentFileCreate(pub.String(), meta.StartTime, "mp4")
382
+
fd, err := mm.cli.SegmentFileCreate(repoDID, meta.StartTime, "mp4")
367
383
if err != nil {
368
384
return err
369
385
}
···
371
387
go mm.replicator.NewSegment(ctx, buf)
372
388
r = bytes.NewReader(buf)
373
389
io.Copy(fd, r)
374
-
go mm.PublishSegment(ctx, pub.String(), fd.Name())
390
+
go mm.PublishSegment(ctx, repoDID, fd.Name())
375
391
seg := &model.Segment{
376
-
ID: *mani.Label,
377
-
User: pub.String(),
378
-
StartTime: meta.StartTime.Time(),
379
-
Title: meta.Title,
392
+
ID: *mani.Label,
393
+
SigningKeyDID: signingKeyDID,
394
+
RepoDID: repoDID,
395
+
StartTime: meta.StartTime.Time(),
396
+
Title: meta.Title,
380
397
}
381
398
mm.newSegmentSubsMutex.RLock()
382
399
defer mm.newSegmentSubsMutex.RUnlock()
···
388
405
for _, ch := range mm.newSegmentSubs {
389
406
go func() { ch <- not }()
390
407
}
391
-
log.Log(ctx, "successfully ingested segment", "user", pub.String(), "timestamp", meta.StartTime, "segmentID", *mani.Label)
408
+
log.Log(ctx, "successfully ingested segment", "user", repoDID, "signingKey", signingKeyDID, "timestamp", meta.StartTime, "segmentID", *mani.Label)
392
409
return nil
393
410
}
+11
-8
pkg/media/media_test.go
+11
-8
pkg/media/media_test.go
···
11
11
"github.com/stretchr/testify/require"
12
12
"stream.place/streamplace/pkg/config"
13
13
ct "stream.place/streamplace/pkg/config/configtesting"
14
-
"stream.place/streamplace/pkg/crypto/aqpub"
15
14
"stream.place/streamplace/pkg/crypto/signers/eip712/eip712test"
16
15
_ "stream.place/streamplace/pkg/media/mediatesting"
16
+
"stream.place/streamplace/pkg/model"
17
17
"stream.place/streamplace/pkg/replication/boring"
18
18
)
19
19
···
24
24
}
25
25
26
26
func getStaticTestMediaManager(t *testing.T) (*MediaManager, *MediaSigner) {
27
+
dir, err := os.MkdirTemp("", "atproto-test-*")
28
+
require.NoError(t, err)
29
+
// defer os.RemoveAll(dir)
30
+
31
+
fname := filepath.Join(dir, "db.sqlite")
32
+
mod, err := model.MakeDB(fname)
33
+
require.NoError(t, err)
27
34
signer, err := c2pa.MakeStaticSigner(eip712test.KeyBytes)
28
35
require.NoError(t, err)
29
-
pub, err := aqpub.FromHexString("0x16e4f04bc3c9d12fde3d238f60662161d0b87cce")
30
36
if err != nil {
31
37
panic(err)
32
38
}
33
39
cli := ct.CLI(t, &config.CLI{
34
40
TAURL: "http://timestamp.digicert.com",
35
-
AllowedStreams: []string{pub.String()},
41
+
AllowedStreams: []string{},
36
42
})
37
-
mm, err := MakeMediaManager(context.Background(), cli, signer, &boring.BoringReplicator{}, nil)
43
+
mm, err := MakeMediaManager(context.Background(), cli, signer, &boring.BoringReplicator{}, mod)
38
44
require.NoError(t, err)
39
-
ms, err := MakeMediaSigner(context.Background(), cli, "test-person", signer, nil)
45
+
ms, err := MakeMediaSigner(context.Background(), cli, "test-person", signer, mod)
40
46
return mm, ms
41
47
}
42
48
···
116
122
// }
117
123
118
124
func TestVerifyMP4(t *testing.T) {
119
-
oldStreamplaceMetadata := STREAMPLACE_METADATA
120
-
STREAMPLACE_METADATA = "tv.aquareum.metadata"
121
-
defer func() { STREAMPLACE_METADATA = oldStreamplaceMetadata }()
122
125
f, err := os.Open(getFixture("sample-segment.mp4"))
123
126
require.NoError(t, err)
124
127
mm, _ := getStaticTestMediaManager(t)
+7
-2
pkg/model/model.go
+7
-2
pkg/model/model.go
···
8
8
"strings"
9
9
"time"
10
10
11
-
"stream.place/streamplace/pkg/log"
12
11
"github.com/lmittmann/tint"
13
12
slogGorm "github.com/orandin/slog-gorm"
14
13
"gorm.io/driver/sqlite"
15
14
"gorm.io/gorm"
15
+
"stream.place/streamplace/pkg/log"
16
16
)
17
17
18
18
type DBModel struct {
···
39
39
40
40
GetRepo(did string) (*Repo, error)
41
41
GetRepoByHandle(handle string) (*Repo, error)
42
+
GetRepoByHandleOrDID(arg string) (*Repo, error)
42
43
GetRepoBySigningKey(signingKey string) (*Repo, error)
43
44
UpdateRepo(repo *Repo) error
44
45
45
46
GetLiveUsers() ([]Segment, error)
47
+
48
+
UpdateSigningKey(key *SigningKey) error
49
+
GetSigningKey(did, repoDID string) (*SigningKey, error)
50
+
GetSigningKeysForRepo(repoDID string) ([]SigningKey, error)
46
51
}
47
52
48
53
func MakeDB(dbURL string) (Model, error) {
···
73
78
if err != nil {
74
79
return nil, fmt.Errorf("error starting database: %w", err)
75
80
}
76
-
for _, model := range []any{Notification{}, PlayerEvent{}, Segment{}, Thumbnail{}, Identity{}, Repo{}} {
81
+
for _, model := range []any{Notification{}, PlayerEvent{}, Segment{}, Thumbnail{}, Identity{}, Repo{}, SigningKey{}} {
77
82
err = db.AutoMigrate(model)
78
83
if err != nil {
79
84
return nil, err
+16
-6
pkg/model/repo.go
+16
-6
pkg/model/repo.go
···
7
7
)
8
8
9
9
type Repo struct {
10
-
DID string `gorm:"primaryKey;column:did" json:"did"`
11
-
Handle string `gorm:"index" json:"handle"`
12
-
PDS string `json:"pds"`
13
-
Version string `json:"version"`
14
-
SigningKey string `gorm:"index" json:"signingKey"`
15
-
RootCID string `json:"rootCid"`
10
+
DID string `gorm:"primaryKey;column:did" json:"did"`
11
+
Handle string `gorm:"index" json:"handle"`
12
+
PDS string `json:"pds"`
13
+
Version string `json:"version"`
14
+
RootCID string `json:"rootCid"`
16
15
}
17
16
18
17
func (Repo) TableName() string {
···
53
52
return nil, res.Error
54
53
}
55
54
return &repoModel, nil
55
+
}
56
+
57
+
func (m *DBModel) GetRepoByHandleOrDID(arg string) (*Repo, error) {
58
+
repo, err := m.GetRepoByHandle(arg)
59
+
if err != nil {
60
+
return nil, err
61
+
}
62
+
if repo != nil {
63
+
return repo, nil
64
+
}
65
+
return m.GetRepo(arg)
56
66
}
57
67
58
68
func (m *DBModel) UpdateRepo(repo *Repo) error {
+10
-8
pkg/model/segment.go
+10
-8
pkg/model/segment.go
···
7
7
)
8
8
9
9
type Segment struct {
10
-
ID string `json:"id" gorm:"primaryKey"`
11
-
User string `json:"user" gorm:"index:latest_segments"`
12
-
StartTime time.Time `json:"startTime" gorm:"index:latest_segments"`
13
-
Title string `json:"title"`
14
-
Repo *Repo `json:"repo,omitempty" gorm:"foreignKey:User;references:SigningKey"`
10
+
ID string `json:"id" gorm:"primaryKey"`
11
+
SigningKeyDID string `json:"signingKeyDID" gorm:"column:signing_key_did"`
12
+
SigningKey *SigningKey `json:"signingKey,omitempty" gorm:"foreignKey:DID;references:SigningKeyDID"`
13
+
StartTime time.Time `json:"startTime" gorm:"index:latest_segments"`
14
+
RepoDID string `json:"repoDID" gorm:"index:latest_segments;column:repo_did"`
15
+
Repo *Repo `json:"repo,omitempty" gorm:"foreignKey:DID;references:RepoDID"`
16
+
Title string `json:"title"`
15
17
}
16
18
17
19
func (m *DBModel) CreateSegment(seg *Segment) error {
···
28
30
29
31
err := m.DB.Table("segments AS s1").
30
32
Select("s1.*").
31
-
Where("start_time = (SELECT MAX(start_time) FROM segments AS s2 WHERE s2.user = s1.user)").
33
+
Where("start_time = (SELECT MAX(start_time) FROM segments AS s2 WHERE s2.repo_did = s1.repo_did)").
32
34
Order("start_time DESC").
33
35
Scan(&segments).Error
34
36
···
44
46
45
47
func (m *DBModel) LatestSegmentForUser(user string) (*Segment, error) {
46
48
var seg Segment
47
-
err := m.DB.Model(Segment{}).Where("user = ?", user).Order("start_time DESC").First(&seg).Error
49
+
err := m.DB.Model(Segment{}).Where("repo_did = ?", user).Order("start_time DESC").First(&seg).Error
48
50
if err != nil {
49
51
return nil, err
50
52
}
···
58
60
err := m.DB.Model(&Segment{}).
59
61
Preload("Repo").
60
62
Where("start_time >= ?", thirtySecondsAgo).
61
-
Where("start_time = (SELECT MAX(start_time) FROM segments s2 WHERE s2.user = segments.user)").
63
+
Where("start_time = (SELECT MAX(start_time) FROM segments s2 WHERE s2.repo_did = segments.repo_did)").
62
64
Order("start_time DESC").
63
65
Find(&liveUsers).Error
64
66
+45
pkg/model/signing_key.go
+45
pkg/model/signing_key.go
···
1
+
package model
2
+
3
+
import (
4
+
"errors"
5
+
"time"
6
+
7
+
"gorm.io/gorm"
8
+
)
9
+
10
+
type SigningKey struct {
11
+
DID string `gorm:"primaryKey;column:did" json:"did"`
12
+
RepoDID string `gorm:"primaryKey;column:repo_did" json:"repoDID"`
13
+
Repo *Repo `json:"repo,omitempty" gorm:"foreignKey:RepoDID;references:DID"`
14
+
CreatedAt time.Time `json:"createdAt"`
15
+
RevokedAt time.Time `json:"revokedAt"`
16
+
}
17
+
18
+
func (SigningKey) TableName() string {
19
+
return "signing_keys"
20
+
}
21
+
22
+
func (m *DBModel) UpdateSigningKey(key *SigningKey) error {
23
+
return m.DB.Save(key).Error
24
+
}
25
+
26
+
func (m *DBModel) GetSigningKey(did, repoDID string) (*SigningKey, error) {
27
+
var key SigningKey
28
+
res := m.DB.Model(SigningKey{}).Where("did = ?", did).Where("repo_did = ?", repoDID).First(&key)
29
+
if errors.Is(res.Error, gorm.ErrRecordNotFound) {
30
+
return nil, nil
31
+
}
32
+
if res.Error != nil {
33
+
return nil, res.Error
34
+
}
35
+
return &key, nil
36
+
}
37
+
38
+
func (m *DBModel) GetSigningKeysForRepo(repoDID string) ([]SigningKey, error) {
39
+
var keys []SigningKey
40
+
res := m.DB.Model(SigningKey{}).Where("repo_did = ?", repoDID).Find(&keys)
41
+
if res.Error != nil {
42
+
return nil, res.Error
43
+
}
44
+
return keys, nil
45
+
}
+1
-1
pkg/model/thumbnail.go
+1
-1
pkg/model/thumbnail.go
test/fixtures/sample-segment.mp4
test/fixtures/sample-segment.mp4
This is a binary file and will not be displayed.