atproto_identity/

model.rs

//! Data structures for DID documents and AT Protocol entities.
//!
//! Defines the core data models used throughout the AT Protocol identity system
//! including DID documents, services, and verification methods. All structures
//! support JSON serialization/deserialization for working with AT Protocol APIs.

use serde::{Deserialize, Serialize};
use serde_json::Value;
use std::collections::HashMap;

/// AT Protocol service configuration from a DID document.
/// Represents services like Personal Data Servers (PDS).
#[cfg_attr(debug_assertions, derive(Debug))]
#[derive(Clone, Serialize, Deserialize, PartialEq)]
#[serde(rename_all = "camelCase")]
pub struct Service {
    /// Unique identifier for the service.
    pub id: String,
    /// Service type (e.g., "AtprotoPersonalDataServer").
    pub r#type: String,
    /// URL endpoint where the service can be reached.
    pub service_endpoint: String,

    /// Additional service properties not explicitly defined.
    #[serde(flatten)]
    pub extra: HashMap<String, Value>,
}

/// Cryptographic verification method from a DID document.
/// Used to verify signatures and authenticate identity operations.
#[cfg_attr(debug_assertions, derive(Debug))]
#[derive(Clone, Serialize, Deserialize, PartialEq)]
#[serde(tag = "type")]
pub enum VerificationMethod {
    /// Multikey verification method with multibase-encoded public key.
    Multikey {
        /// Unique identifier for this verification method.
        id: String,
        /// DID that controls this verification method.
        controller: String,

        /// Public key encoded in multibase format.
        #[serde(rename = "publicKeyMultibase")]
        public_key_multibase: String,

        /// Additional verification method properties.
        #[serde(flatten)]
        extra: HashMap<String, Value>,
    },

    /// Other verification method types not explicitly supported.
    #[serde(untagged)]
    Other {
        /// All properties of the unsupported verification method.
        #[serde(flatten)]
        extra: HashMap<String, Value>,
    },
}

/// Complete DID document containing identity information.
/// Contains services, verification methods, and aliases for a DID.
#[cfg_attr(debug_assertions, derive(Debug))]
#[derive(Clone, Serialize, Deserialize, PartialEq)]
#[serde(rename_all = "camelCase")]
pub struct Document {
    /// The DID identifier (e.g., "did:plc:abc123").
    pub id: String,
    /// Alternative identifiers like handles and domains.
    pub also_known_as: Vec<String>,
    /// Available services for this identity.
    pub service: Vec<Service>,

    /// Cryptographic verification methods.
    #[serde(alias = "verificationMethod")]
    pub verification_method: Vec<VerificationMethod>,

    /// Additional document properties not explicitly defined.
    #[serde(flatten)]
    pub extra: HashMap<String, Value>,
}

impl Document {
    /// Extracts Personal Data Server endpoints from services.
    /// Returns URLs of all AtprotoPersonalDataServer services.
    pub fn pds_endpoints(&self) -> Vec<&str> {
        self.service
            .iter()
            .filter_map(|service| {
                if service.r#type == "AtprotoPersonalDataServer" {
                    Some(service.service_endpoint.as_str())
                } else {
                    None
                }
            })
            .collect()
    }

    /// Gets the primary handle from alsoKnownAs aliases.
    /// Returns the first alias with "at://" prefix stripped if present.
    pub fn handles(&self) -> Option<&str> {
        self.also_known_as.first().map(|handle| {
            if let Some(trimmed) = handle.strip_prefix("at://") {
                trimmed
            } else {
                handle.as_str()
            }
        })
    }

    /// Extracts multibase public keys from verification methods.
    /// Returns public keys from Multikey verification methods only.
    pub fn did_keys(&self) -> Vec<&str> {
        self.verification_method
            .iter()
            .filter_map(|verification_method| match verification_method {
                VerificationMethod::Multikey {
                    public_key_multibase,
                    ..
                } => Some(public_key_multibase.as_str()),
                VerificationMethod::Other { extra: _ } => None,
            })
            .collect()
    }
}

/// Resolved handle information linking DID to human-readable identifier.
/// Contains the complete identity resolution result.
#[cfg_attr(debug_assertions, derive(Debug))]
#[derive(Clone, Deserialize, Serialize)]
pub struct Handle {
    /// The resolved DID identifier.
    pub did: String,
    /// Human-readable handle (e.g., "alice.bsky.social").
    pub handle: String,
    /// Personal Data Server URL hosting the identity.
    pub pds: String,
    /// Available cryptographic verification methods.
    pub verification_methods: Vec<String>,
}

#[cfg(test)]
mod tests {
    use crate::model::Document;

    #[test]
    fn test_deserialize() {
        let document = serde_json::from_str::<Document>(
            r##"{"@context":["https://www.w3.org/ns/did/v1","https://w3id.org/security/multikey/v1","https://w3id.org/security/suites/secp256k1-2019/v1"],"id":"did:plc:cbkjy5n7bk3ax2wplmtjofq2","alsoKnownAs":["at://ngerakines.me","at://nick.gerakines.net","at://nick.thegem.city","https://github.com/ngerakines","https://ngerakines.me/","dns:ngerakines.me"],"verificationMethod":[{"id":"did:plc:cbkjy5n7bk3ax2wplmtjofq2#atproto","type":"Multikey","controller":"did:plc:cbkjy5n7bk3ax2wplmtjofq2","publicKeyMultibase":"zQ3shXvCK2RyPrSLYQjBEw5CExZkUhJH3n1K2Mb9sC7JbvRMF"}],"service":[{"id":"#atproto_pds","type":"AtprotoPersonalDataServer","serviceEndpoint":"https://pds.cauda.cloud"}]}"##,
        );
        assert!(document.is_ok());

        let document = document.unwrap();
        assert_eq!(document.id, "did:plc:cbkjy5n7bk3ax2wplmtjofq2");
    }

    #[test]
    fn test_deserialize_unsupported_verification_method() {
        let documents = vec![
            r##"{"@context":["https://www.w3.org/ns/did/v1","https://w3id.org/security/multikey/v1","https://w3id.org/security/suites/secp256k1-2019/v1"],"id":"did:plc:cbkjy5n7bk3ax2wplmtjofq2","alsoKnownAs":["at://ngerakines.me","at://nick.gerakines.net","at://nick.thegem.city","https://github.com/ngerakines","https://ngerakines.me/","dns:ngerakines.me"],"verificationMethod":[{"id":"did:plc:cbkjy5n7bk3ax2wplmtjofq2#atproto","type":"Ed25519VerificationKey2020","controller":"did:plc:cbkjy5n7bk3ax2wplmtjofq2","publicKeyMultibase":"zQ3shXvCK2RyPrSLYQjBEw5CExZkUhJH3n1K2Mb9sC7JbvRMF"}],"service":[{"id":"#atproto_pds","type":"AtprotoPersonalDataServer","serviceEndpoint":"https://pds.cauda.cloud"}]}"##,
            r##"{"@context":["https://www.w3.org/ns/did/v1","https://w3id.org/security/multikey/v1","https://w3id.org/security/suites/secp256k1-2019/v1"],"id":"did:plc:cbkjy5n7bk3ax2wplmtjofq2","alsoKnownAs":["at://ngerakines.me","at://nick.gerakines.net","at://nick.thegem.city","https://github.com/ngerakines","https://ngerakines.me/","dns:ngerakines.me"],"verificationMethod":[{"id": "did:example:123#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A","type": "JsonWebKey2020","controller": "did:example:123","publicKeyJwk": {"crv": "Ed25519","x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ","kty": "OKP","kid": "_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A"}}],"service":[{"id":"#atproto_pds","type":"AtprotoPersonalDataServer","serviceEndpoint":"https://pds.cauda.cloud"}]}"##,
        ];
        for document in documents {
            let document = serde_json::from_str::<Document>(document);
            assert!(document.is_ok());

            let document = document.unwrap();
            assert_eq!(document.id, "did:plc:cbkjy5n7bk3ax2wplmtjofq2");
        }
    }
}