pub struct PublishValidator<'a> { /* private fields */ }Expand description
Stateless publish request validator.
Runs §2.1 steps 1–8 (structural and cryptographic checks). Steps 9+ (identifier assignment, lineage, supersession, persistence) are registry-implementation concerns.
Implementations§
Source§impl<'a> PublishValidator<'a>
impl<'a> PublishValidator<'a>
Sourcepub fn new(caps: &'a CapabilitiesDocument) -> Self
pub fn new(caps: &'a CapabilitiesDocument) -> Self
Create a validator without same-registry supersession enforcement.
Create a validator that rejects cross-registry supersession.
own_authority is the registry’s DNS authority (e.g.
registry.example.com). When set, a publish request whose
supersedes ctx_id has a different authority will be rejected with
AcdpError::SupersededTarget / CrossRegistrySupersessionUnsupported
(RFC-ACDP-0006 — v0.1.0 only allows same-registry supersession).
Sourcepub fn validate_post_schema(
&self,
req: &PublishRequest,
raw_body_bytes: usize,
) -> Result<ValidatedPublish, AcdpError>
pub fn validate_post_schema( &self, req: &PublishRequest, raw_body_bytes: usize, ) -> Result<ValidatedPublish, AcdpError>
Validate a publish request through the structural / cryptographic
steps of RFC-ACDP-0003 §2.1, plus the cross-registry-supersession
guard if the validator was built with Self::for_authority.
Mapped steps from RFC-ACDP-0003 §2.1:
- Step 1 (schema validation) — assumed performed upstream
(e.g. by
validate_publish_request). - Step 2 (payload size vs
limits.max_payload_bytes). - Step 3 (embedded size vs
limits.max_embedded_bytes). - Step 4 (hash recomputation over ProducerContent).
- Step 5 (signature algorithm vs
supported_signature_algorithms). - Step 6 (key_id DID portion equals
agent_id). - Step 7–8 (DID resolution + signature verification) — async,
handled separately by
acdp_verify::Verifier::verify_body. - Cross-registry supersession check (RFC-ACDP-0006): when an own-authority is configured, rejects supersedes targets on a different authority.
Sourcepub fn validate_structural(
&self,
req: &PublishRequest,
raw_body_bytes: usize,
) -> Result<ValidatedPublish, AcdpError>
👎Deprecated since 0.1.0: Use validate_post_schema; this alias no longer skips runtime validation
pub fn validate_structural( &self, req: &PublishRequest, raw_body_bytes: usize, ) -> Result<ValidatedPublish, AcdpError>
Use validate_post_schema; this alias no longer skips runtime validation
Deprecated alias — now routes through Self::validate_post_schema.
The previous implementation skipped the schema-level validation
(title length, metadata depth, DataRef integrity, did:web check,
version coherence, …). Callers using validate_structural
directly were silently bypassing those checks. The deprecated
alias now runs the full pipeline so existing call sites remain
safe; new code should call validate_post_schema explicitly.