feat: convert to typescript (#154)

* Upgrades aegir to the latest version
* Switches protobufjs for protons

BREAKING CHANGE: this module is now ESM-only

Author: achingbrain

.aegir.cjs .aegir.js

@@ -1,11 +1,7 @@
-'use strict'
 
 /** @type {import('aegir').PartialOptions} */
-module.exports = {
+export default {
   build: {
     bundlesizeMax: '143KB'
-  },
-  ts: {
-    copyTo: './dist/types'
   }
 }

.github/dependabot.yml

@@ -4,5 +4,5 @@ updates:
   directory: "/"
   schedule:
     interval: daily
-    time: "11:00"
+    time: "10:00"
   open-pull-requests-limit: 10

.github/workflows/automerge.yml

@@ -0,0 +1,8 @@
+name: Automerge
+on: [ pull_request ]
+
+jobs:
+  automerge:
+    uses: protocol/.github/.github/workflows/automerge.yml@master
+    with:
+      job: 'automerge'

.github/workflows/js-test-and-release.yml

@@ -0,0 +1,152 @@
+name: test & maybe release
+on:
+  push:
+    branches:
+      - master # with #262 - ${{{ github.default_branch }}}
+  pull_request:
+    branches:
+      - master # with #262 - ${{{ github.default_branch }}}
+
+jobs:
+
+  check:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-node@v2
+      with:
+        node-version: lts/*
+    - uses: ipfs/aegir/actions/cache-node-modules@master
+    - run: npm run --if-present lint
+    - run: npm run --if-present dep-check
+
+  test-node:
+    needs: check
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [windows-latest, ubuntu-latest, macos-latest]
+        node: [16]
+      fail-fast: true
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
+        with:
+          node-version: ${{ matrix.node }}
+      - uses: ipfs/aegir/actions/cache-node-modules@master
+      - run: npm run --if-present test:node
+      - uses: codecov/codecov-action@f32b3a3741e1053eb607407145bc9619351dc93b # v2.1.0
+        with:
+          directory: ./.nyc_output
+          flags: node
+
+  test-chrome:
+    needs: check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
+        with:
+          node-version: lts/*
+      - uses: ipfs/aegir/actions/cache-node-modules@master
+      - run: npm run --if-present test:chrome
+      - uses: codecov/codecov-action@f32b3a3741e1053eb607407145bc9619351dc93b # v2.1.0
+        with:
+          directory: ./.nyc_output
+          flags: chrome
+
+  test-chrome-webworker:
+    needs: check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
+        with:
+          node-version: lts/*
+      - uses: ipfs/aegir/actions/cache-node-modules@master
+      - run: npm run --if-present test:chrome-webworker
+      - uses: codecov/codecov-action@f32b3a3741e1053eb607407145bc9619351dc93b # v2.1.0
+        with:
+          directory: ./.nyc_output
+          flags: chrome-webworker
+
+  test-firefox:
+    needs: check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
+        with:
+          node-version: lts/*
+      - uses: ipfs/aegir/actions/cache-node-modules@master
+      - run: npm run --if-present test:firefox
+      - uses: codecov/codecov-action@f32b3a3741e1053eb607407145bc9619351dc93b # v2.1.0
+        with:
+          directory: ./.nyc_output
+          flags: firefox
+
+  test-firefox-webworker:
+    needs: check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
+        with:
+          node-version: lts/*
+      - uses: ipfs/aegir/actions/cache-node-modules@master
+      - run: npm run --if-present test:firefox-webworker
+      - uses: codecov/codecov-action@f32b3a3741e1053eb607407145bc9619351dc93b # v2.1.0
+        with:
+          directory: ./.nyc_output
+          flags: firefox-webworker
+
+  test-electron-main:
+    needs: check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
+        with:
+          node-version: lts/*
+      - uses: ipfs/aegir/actions/cache-node-modules@master
+      - run: npx xvfb-maybe npm run --if-present test:electron-main
+      - uses: codecov/codecov-action@f32b3a3741e1053eb607407145bc9619351dc93b # v2.1.0
+        with:
+          directory: ./.nyc_output
+          flags: electron-main
+
+  test-electron-renderer:
+    needs: check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
+        with:
+          node-version: lts/*
+      - uses: ipfs/aegir/actions/cache-node-modules@master
+      - run: npx xvfb-maybe npm run --if-present test:electron-renderer
+      - uses: codecov/codecov-action@f32b3a3741e1053eb607407145bc9619351dc93b # v2.1.0
+        with:
+          directory: ./.nyc_output
+          flags: electron-renderer
+
+  release:
+    needs: [test-node, test-chrome, test-chrome-webworker, test-firefox, test-firefox-webworker, test-electron-main, test-electron-renderer]
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && github.ref == 'refs/heads/master' # with #262 - 'refs/heads/${{{ github.default_branch }}}'
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-node@v2
+        with:
+          node-version: lts/*
+      - uses: ipfs/aegir/actions/cache-node-modules@master
+      - uses: ipfs/aegir/actions/docker-login@master
+        with:
+          docker-token: ${{ secrets.DOCKER_TOKEN }}
+          docker-username: ${{ secrets.DOCKER_USERNAME }}
+      - run: npm run --if-present release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

.github/workflows/main.yml

@@ -1,21 +1,4 @@
-The MIT License (MIT)
+This project is dual licensed under MIT and Apache-2.0.
 
-Copyright (c) 2018 Protocol Labs, Inc.
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+MIT: https://www.opensource.org/licenses/mit
+Apache-2.0: https://www.apache.org/licenses/license-2.0

LICENSE

@@ -0,0 +1,5 @@
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

LICENSE-APACHE

@@ -0,0 +1,19 @@
+The MIT License (MIT)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

LICENSE-MIT

@@ -2,14 +2,59 @@
   "name": "ipns",
   "version": "0.16.0",
   "description": "ipns record definitions",
-  "leadMaintainer": "Vasco Santos <vasco.santos@moxy.studio>",
-  "main": "src/index.js",
-  "types": "types/src/index.d.ts",
+  "author": "Vasco Santos <vasco.santos@moxy.studio>",
+  "license": "Apache-2.0 OR MIT",
+  "homepage": "https://github.com/ipfs/js-ipns#readme",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/ipfs/js-ipns.git"
+  },
+  "bugs": {
+    "url": "https://github.com/ipfs/js-ipns/issues"
+  },
+  "keywords": [
+    "ipfs",
+    "ipns"
+  ],
+  "engines": {
+    "node": ">=16.0.0",
+    "npm": ">=7.0.0"
+  },
   "type": "module",
+  "types": "./dist/src/index.d.ts",
+  "typesVersions": {
+    "*": {
+      "*": [
+        "*",
+        "dist/*",
+        "dist/src/*",
+        "dist/src/*/index"
+      ],
+      "src/*": [
+        "*",
+        "dist/*",
+        "dist/src/*",
+        "dist/src/*/index"
+      ]
+    }
+  },
   "files": [
-    "*",
+    "src",
+    "dist/src",
+    "!dist/test",
     "!**/*.tsbuildinfo"
   ],
+  "exports": {
+    ".": {
+      "import": "./dist/src/index.js"
+    },
+    "./selector": {
+      "import": "./dist/src/selector.js"
+    },
+    "./validator": {
+      "import": "./dist/src/validator.js"
+    }
+  },
   "eslintConfig": {
     "extends": "ipfs",
     "parserOptions": {
@@ -19,68 +64,123 @@
       "src/pb/ipns.d.ts"
     ]
   },
+  "release": {
+    "branches": [
+      "master"
+    ],
+    "plugins": [
+      [
+        "@semantic-release/commit-analyzer",
+        {
+          "preset": "conventionalcommits",
+          "releaseRules": [
+            {
+              "breaking": true,
+              "release": "major"
+            },
+            {
+              "revert": true,
+              "release": "patch"
+            },
+            {
+              "type": "feat",
+              "release": "minor"
+            },
+            {
+              "type": "fix",
+              "release": "patch"
+            },
+            {
+              "type": "chore",
+              "release": "patch"
+            },
+            {
+              "type": "docs",
+              "release": "patch"
+            },
+            {
+              "type": "test",
+              "release": "patch"
+            },
+            {
+              "scope": "no-release",
+              "release": false
+            }
+          ]
+        }
+      ],
+      [
+        "@semantic-release/release-notes-generator",
+        {
+          "preset": "conventionalcommits",
+          "presetConfig": {
+            "types": [
+              {
+                "type": "feat",
+                "section": "Features"
+              },
+              {
+                "type": "fix",
+                "section": "Bug Fixes"
+              },
+              {
+                "type": "chore",
+                "section": "Trivial Changes"
+              },
+              {
+                "type": "docs",
+                "section": "Trivial Changes"
+              },
+              {
+                "type": "test",
+                "section": "Tests"
+              }
+            ]
+          }
+        }
+      ],
+      "@semantic-release/changelog",
+      "@semantic-release/npm",
+      "@semantic-release/github",
+      "@semantic-release/git"
+    ]
+  },
   "scripts": {
-    "generate": "run-s generate:*",
-    "generate:proto": "pbjs -t static-module -w es6 -r ipfs-ipns --no-verify --no-delimited --no-create --no-beautify --no-defaults --lint eslint-disable -o src/pb/ipns.js src/pb/ipns.proto",
-    "generate:proto-types": "pbts -o src/pb/ipns.d.ts src/pb/ipns.js",
+    "clean": "aegir clean",
+    "lint": "aegir lint",
+    "dep-check": "aegir dep-check",
     "build": "aegir build",
-    "clean": "rimraf dist types",
-    "lint": "aegir ts -p check && aegir lint",
-    "release": "aegir release --target node",
-    "release-minor": "aegir release --type minor --target node",
-    "release-major": "aegir release --type major --target node",
-    "pretest": "aegir build --esm-tests",
     "test": "aegir test",
-    "dep-check": "aegir dep-check -i rimraf"
+    "test:node": "aegir test -t node --cov",
+    "test:chrome": "aegir test -t browser --cov",
+    "test:chrome-webworker": "aegir test -t webworker",
+    "test:firefox": "aegir test -t browser -- --browser firefox",
+    "test:firefox-webworker": "aegir test -t webworker -- --browser firefox",
+    "test:electron-main": "aegir test -t electron-main",
+    "release": "aegir release",
+    "generate": "protons src/pb/ipns.proto"
   },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/ipfs/js-ipns.git"
-  },
-  "keywords": [
-    "ipfs",
-    "ipns"
-  ],
-  "author": "Vasco Santos <vasco.santos@moxy.studio>",
-  "license": "MIT",
-  "bugs": {
-    "url": "https://github.com/ipfs/js-ipns/issues"
-  },
-  "homepage": "https://github.com/ipfs/js-ipns#readme",
   "dependencies": {
+    "@libp2p/crypto": "^0.22.10",
+    "@libp2p/interfaces": "^1.3.20",
+    "@libp2p/logger": "^1.1.3",
+    "@libp2p/peer-id": "^1.1.9",
     "cborg": "^1.3.3",
     "debug": "^4.2.0",
     "err-code": "^3.0.1",
     "interface-datastore": "^6.0.2",
-    "libp2p-crypto": "^0.21.0",
-    "long": "^4.0.0",
     "multiformats": "^9.4.5",
-    "peer-id": "^0.16.0",
-    "protobufjs": "^6.10.2",
+    "protons-runtime": "^1.0.3",
     "timestamp-nano": "^1.0.0",
     "uint8arrays": "^3.0.0"
   },
   "devDependencies": {
+    "@libp2p/peer-id-factory": "^1.0.9",
     "@types/debug": "^4.1.5",
-    "aegir": "^36.0.2",
+    "aegir": "^37.0.11",
     "npm-run-all": "^4.1.5",
+    "protons": "3.0.3",
     "rimraf": "^3.0.2",
     "util": "^0.12.3"
-  },
-  "contributors": [
-    "Vasco Santos <vasco.santos@moxy.studio>",
-    "achingbrain <alex@achingbrain.net>",
-    "Jacob Heun <jacobheun@gmail.com>",
-    "Hugo Dias <hugomrdias@gmail.com>",
-    "Hector Sanjuan <code@hector.link>",
-    "dirkmc <dirkmdev@gmail.com>",
-    "Alan Shaw <alan.shaw@protocol.ai>",
-    "swedneck <40505480+swedneck@users.noreply.github.com>",
-    "Bryan Stenson <bryan.stenson@gmail.com>",
-    "Diogo Silva <fsdiogo@gmail.com>",
-    "Esteban Ordano <eordano@gmail.com>",
-    "Juhamatti Niemelä <iiska@iki.fi>",
-    "Rob Brackett <rob@robbrackett.com>",
-    "Steven Allen <steven@stebalien.com>"
-  ]
+  }
 }

package.json

@@ -9,3 +9,4 @@ export const ERR_PUBLIC_KEY_FROM_ID = 'ERR_PUBLIC_KEY_FROM_ID'
 export const ERR_UNDEFINED_PARAMETER = 'ERR_UNDEFINED_PARAMETER'
 export const ERR_INVALID_RECORD_DATA = 'ERR_INVALID_RECORD_DATA'
 export const ERR_INVALID_EMBEDDED_KEY = 'ERR_INVALID_EMBEDDED_KEY'
+export const ERR_MISSING_PRIVATE_KEY = 'ERR_MISSING_PRIVATE_KEY'

src/errors.js src/errors.ts

@@ -0,0 +1,158 @@
+import NanoDate from 'timestamp-nano'
+import { Key } from 'interface-datastore/key'
+import { unmarshalPrivateKey } from '@libp2p/crypto/keys'
+import errCode from 'err-code'
+import { base32upper } from 'multiformats/bases/base32'
+import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
+import { logger } from '@libp2p/logger'
+import { createCborData, ipnsEntryDataForV1Sig, ipnsEntryDataForV2Sig } from './utils.js'
+import * as ERRORS from './errors.js'
+import { equals as uint8ArrayEquals } from 'uint8arrays/equals'
+import * as Digest from 'multiformats/hashes/digest'
+import { identity } from 'multiformats/hashes/identity'
+import { IpnsEntry } from './pb/ipns.js'
+import type { PrivateKey } from '@libp2p/interfaces/keys'
+import type { PeerId } from '@libp2p/interfaces/peer-id'
+
+const log = logger('ipns')
+const ID_MULTIHASH_CODE = identity.code
+
+export const namespace = '/ipns/'
+export const namespaceLength = namespace.length
+
+export interface IPNSEntry {
+  value: Uint8Array
+  signature: Uint8Array // signature of the record
+  validityType: IpnsEntry.ValidityType // Type of validation being used
+  validity: Uint8Array // expiration datetime for the record in RFC3339 format
+  sequence: bigint // number representing the version of the record
+  ttl?: bigint // ttl in nanoseconds
+  pubKey?: Uint8Array // the public portion of the key that signed this record (only present if it was not embedded in the IPNS key)
+  signatureV2?: Uint8Array // the v2 signature of the record
+  data?: Uint8Array // extensible data
+}
+
+export interface IPNSEntryData {
+  Value: Uint8Array
+  Validity: Uint8Array
+  ValidityType: IpnsEntry.ValidityType
+  Sequence: bigint
+  TTL: bigint
+}
+
+export interface IDKeys {
+  routingPubKey: Key
+  pkKey: Key
+  routingKey: Key
+  ipnsKey: Key
+}
+
+/**
+ * Creates a new ipns entry and signs it with the given private key.
+ * The ipns entry validity should follow the [RFC3339]{@link https://www.ietf.org/rfc/rfc3339.txt} with nanoseconds precision.
+ * Note: This function does not embed the public key. If you want to do that, use `EmbedPublicKey`.
+ *
+ * @param {PeerId} peerId - peer id containing private key for signing the record.
+ * @param {Uint8Array} value - value to be stored in the record.
+ * @param {number | bigint} seq - number representing the current version of the record.
+ * @param {number} lifetime - lifetime of the record (in milliseconds).
+ */
+export const create = async (peerId: PeerId, value: Uint8Array, seq: number | bigint, lifetime: number): Promise<IPNSEntry> => {
+  // Validity in ISOString with nanoseconds precision and validity type EOL
+  const expirationDate = new NanoDate(Date.now() + Number(lifetime))
+  const validityType = IpnsEntry.ValidityType.EOL
+  const [ms, ns] = lifetime.toString().split('.')
+  const lifetimeNs = (BigInt(ms) * BigInt(100000)) + BigInt(ns ?? '0')
+
+  return await _create(peerId, value, seq, validityType, expirationDate, lifetimeNs)
+}
+
+/**
+ * Same as create(), but instead of generating a new Date, it receives the intended expiration time
+ * WARNING: nano precision is not standard, make sure the value in seconds is 9 orders of magnitude lesser than the one provided.
+ *
+ * @param {PeerId} peerId - PeerId containing private key for signing the record.
+ * @param {Uint8Array} value - value to be stored in the record.
+ * @param {number | bigint} seq - number representing the current version of the record.
+ * @param {string} expiration - expiration datetime for record in the [RFC3339]{@link https://www.ietf.org/rfc/rfc3339.txt} with nanoseconds precision.
+ */
+export const createWithExpiration = async (peerId: PeerId, value: Uint8Array, seq: number | bigint, expiration: string): Promise<IPNSEntry> => {
+  const expirationDate = NanoDate.fromString(expiration)
+  const validityType = IpnsEntry.ValidityType.EOL
+
+  const ttlMs = expirationDate.toDate().getTime() - Date.now()
+  const ttlNs = (BigInt(ttlMs) * BigInt(100000)) + BigInt(expirationDate.getNano())
+
+  return await _create(peerId, value, seq, validityType, expirationDate, ttlNs)
+}
+
+const _create = async (peerId: PeerId, value: Uint8Array, seq: number | bigint, validityType: IpnsEntry.ValidityType, expirationDate: NanoDate, ttl: bigint): Promise<IPNSEntry> => {
+  seq = BigInt(seq)
+  const isoValidity = uint8ArrayFromString(expirationDate.toString())
+
+  if (peerId.privateKey == null) {
+    throw errCode(new Error('Missing private key'), ERRORS.ERR_MISSING_PRIVATE_KEY)
+  }
+
+  const privateKey = await unmarshalPrivateKey(peerId.privateKey)
+  const signatureV1 = await sign(privateKey, value, validityType, isoValidity)
+  const data = createCborData(value, isoValidity, validityType, seq, ttl)
+  const sigData = ipnsEntryDataForV2Sig(data)
+  const signatureV2 = await privateKey.sign(sigData)
+
+  const entry: IPNSEntry = {
+    value,
+    signature: signatureV1,
+    validityType: validityType,
+    validity: isoValidity,
+    sequence: seq,
+    ttl,
+    signatureV2,
+    data
+  }
+
+  // if we cannot derive the public key from the PeerId (e.g. RSA PeerIDs),
+  // we have to embed it in the IPNS record
+  if (peerId.publicKey != null) {
+    const digest = Digest.decode(peerId.toBytes())
+
+    if (digest.code !== ID_MULTIHASH_CODE || !uint8ArrayEquals(peerId.publicKey, digest.digest)) {
+      entry.pubKey = peerId.publicKey
+    }
+  }
+
+  log('ipns entry for %b created', value)
+  return entry
+}
+
+/**
+ * rawStdEncoding with RFC4648
+ */
+const rawStdEncoding = (key: Uint8Array): string => base32upper.encode(key).slice(1)
+
+/**
+ * Get key for storing the record locally.
+ * Format: /ipns/${base32(<HASH>)}
+ *
+ * @param {Uint8Array} key - peer identifier object.
+ */
+export const getLocalKey = (key: Uint8Array): Key => new Key(`/ipns/${rawStdEncoding(key)}`)
+
+export { unmarshal } from './utils.js'
+export { marshal } from './utils.js'
+export { peerIdToRoutingKey } from './utils.js'
+export { peerIdFromRoutingKey } from './utils.js'
+
+/**
+ * Sign ipns record data
+ */
+const sign = async (privateKey: PrivateKey, value: Uint8Array, validityType: IpnsEntry.ValidityType, validity: Uint8Array) => {
+  try {
+    const dataForSignature = ipnsEntryDataForV1Sig(value, validityType, validity)
+
+    return await privateKey.sign(dataForSignature)
+  } catch (error: any) {
+    log.error('record signature creation failed', error)
+    throw errCode(new Error('record signature creation failed'), ERRORS.ERR_SIGNATURE_CREATION)
+  }
+}

src/index.js

@@ -1,18 +1,28 @@
 // https://github.com/ipfs/go-ipns/blob/master/pb/ipns.proto
 
+syntax = "proto3";
+
 message IpnsEntry {
   enum ValidityType {
 		EOL = 0; // setting an EOL says "this record is valid until..."
 	}
 
+	// value to be stored in the record
   optional bytes value = 1;
+
+	// signature of the record
 	optional bytes signature = 2;
 
+	// Type of validation being used
 	optional ValidityType validityType = 3;
+
+	// expiration datetime for the record in RFC3339 format
 	optional bytes validity = 4;
 
+	// number representing the version of the record
 	optional uint64 sequence = 5;
 
+	// ttl in nanoseconds
 	optional uint64 ttl = 6;
 
 	// in order for nodes to properly validate a record upon receipt, they need the public
@@ -21,7 +31,9 @@ message IpnsEntry {
 	// peerID, making this field unnecessary.
 	optional bytes pubKey = 7;
 
+	// the v2 signature of the record
 	optional bytes signatureV2 = 8;
 
+	// extensible data
 	optional bytes data = 9;
 }

src/index.ts

@@ -0,0 +1,51 @@
+/* eslint-disable import/export */
+/* eslint-disable @typescript-eslint/no-namespace */
+
+import { enumeration, encodeMessage, decodeMessage, message, bytes, uint64 } from 'protons-runtime'
+import type { Codec } from 'protons-runtime'
+
+export interface IpnsEntry {
+  value?: Uint8Array
+  signature?: Uint8Array
+  validityType?: IpnsEntry.ValidityType
+  validity?: Uint8Array
+  sequence?: bigint
+  ttl?: bigint
+  pubKey?: Uint8Array
+  signatureV2?: Uint8Array
+  data?: Uint8Array
+}
+
+export namespace IpnsEntry {
+  export enum ValidityType {
+    EOL = 'EOL'
+  }
+
+  export namespace ValidityType {
+    export const codec = () => {
+      return enumeration<typeof ValidityType>(ValidityType)
+    }
+  }
+
+  export const codec = (): Codec<IpnsEntry> => {
+    return message<IpnsEntry>({
+      1: { name: 'value', codec: bytes, optional: true },
+      2: { name: 'signature', codec: bytes, optional: true },
+      3: { name: 'validityType', codec: IpnsEntry.ValidityType.codec(), optional: true },
+      4: { name: 'validity', codec: bytes, optional: true },
+      5: { name: 'sequence', codec: uint64, optional: true },
+      6: { name: 'ttl', codec: uint64, optional: true },
+      7: { name: 'pubKey', codec: bytes, optional: true },
+      8: { name: 'signatureV2', codec: bytes, optional: true },
+      9: { name: 'data', codec: bytes, optional: true }
+    })
+  }
+
+  export const encode = (obj: IpnsEntry): Uint8Array => {
+    return encodeMessage(obj, IpnsEntry.codec())
+  }
+
+  export const decode = (buf: Uint8Array): IpnsEntry => {
+    return decodeMessage(buf, IpnsEntry.codec())
+  }
+}

src/pb/ipns.d.ts

@@ -0,0 +1,49 @@
+import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
+import { IpnsEntry } from './pb/ipns.js'
+import { parseRFC3339 } from './utils.js'
+import type { SelectFn } from '@libp2p/interfaces/dht'
+
+export const ipnsSelector: SelectFn = (key, data) => {
+  const entries = data.map((buf, index) => ({
+    entry: IpnsEntry.decode(buf),
+    index
+  }))
+
+  entries.sort((a, b) => {
+    // having a newer signature version is better than an older signature version
+    if (a.entry.signatureV2 != null && b.entry.signatureV2 == null) {
+      return -1
+    } else if (a.entry.signatureV2 == null && b.entry.signatureV2 != null) {
+      return 1
+    }
+
+    const aSeq = a.entry.sequence ?? 0n
+    const bSeq = b.entry.sequence ?? 0n
+
+    // choose later sequence number
+    if (aSeq > bSeq) {
+      return -1
+    } else if (aSeq < bSeq) {
+      return 1
+    }
+
+    const aValidty = a.entry.validity ?? new Uint8Array(0)
+    const bValidty = b.entry.validity ?? new Uint8Array(0)
+
+    // choose longer lived record if sequence numbers the same
+    const entryAValidityDate = parseRFC3339(uint8ArrayToString(aValidty))
+    const entryBValidityDate = parseRFC3339(uint8ArrayToString(bValidty))
+
+    if (entryAValidityDate.getTime() > entryBValidityDate.getTime()) {
+      return -1
+    }
+
+    if (entryAValidityDate.getTime() < entryBValidityDate.getTime()) {
+      return 1
+    }
+
+    return 0
+  })
+
+  return entries[0].index
+}

src/pb/ipns.js

@@ -0,0 +1,190 @@
+import errCode from 'err-code'
+import type { PeerId } from '@libp2p/interfaces/peer-id'
+import type { IPNSEntry, IPNSEntryData } from './index.js'
+import * as ERRORS from './errors.js'
+import { unmarshalPublicKey } from '@libp2p/crypto/keys'
+import { peerIdFromBytes, peerIdFromKeys } from '@libp2p/peer-id'
+import { logger } from '@libp2p/logger'
+import { IpnsEntry } from './pb/ipns.js'
+import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
+import { concat as uint8ArrayConcat } from 'uint8arrays/concat'
+import * as cborg from 'cborg'
+
+const log = logger('ipns:utils')
+const IPNS_PREFIX = uint8ArrayFromString('/ipns/')
+
+/**
+ * Convert a JavaScript date into an `RFC3339Nano` formatted
+ * string
+ */
+export function toRFC3339 (time: Date) {
+  const year = time.getUTCFullYear()
+  const month = String(time.getUTCMonth() + 1).padStart(2, '0')
+  const day = String(time.getUTCDate()).padStart(2, '0')
+  const hour = String(time.getUTCHours()).padStart(2, '0')
+  const minute = String(time.getUTCMinutes()).padStart(2, '0')
+  const seconds = String(time.getUTCSeconds()).padStart(2, '0')
+  const milliseconds = time.getUTCMilliseconds()
+  const nanoseconds = milliseconds * 1000 * 1000
+
+  return `${year}-${month}-${day}T${hour}:${minute}:${seconds}.${nanoseconds}Z`
+}
+
+/**
+ * Parses a date string formatted as `RFC3339Nano` into a
+ * JavaScript Date object
+ */
+export function parseRFC3339 (time: string) {
+  const rfc3339Matcher = new RegExp(
+    // 2006-01-02T
+    '(\\d{4})-(\\d{2})-(\\d{2})T' +
+    // 15:04:05
+    '(\\d{2}):(\\d{2}):(\\d{2})' +
+    // .999999999Z
+    '\\.(\\d+)Z'
+  )
+  const m = String(time).trim().match(rfc3339Matcher)
+
+  if (m == null) {
+    throw new Error('Invalid format')
+  }
+
+  const year = parseInt(m[1], 10)
+  const month = parseInt(m[2], 10) - 1
+  const date = parseInt(m[3], 10)
+  const hour = parseInt(m[4], 10)
+  const minute = parseInt(m[5], 10)
+  const second = parseInt(m[6], 10)
+  const millisecond = parseInt(m[7].slice(0, -6), 10)
+
+  return new Date(Date.UTC(year, month, date, hour, minute, second, millisecond))
+}
+
+/**
+ * Extracts a public key from the passed PeerId, falling
+ * back to the pubKey embedded in the ipns record
+ */
+export const extractPublicKey = async (peerId: PeerId, entry: IpnsEntry) => {
+  if (entry == null || peerId == null) {
+    const error = new Error('one or more of the provided parameters are not defined')
+
+    log.error(error)
+    throw errCode(error, ERRORS.ERR_UNDEFINED_PARAMETER)
+  }
+
+  let pubKey
+
+  if (entry.pubKey != null) {
+    try {
+      pubKey = unmarshalPublicKey(entry.pubKey)
+    } catch (err) {
+      log.error(err)
+      throw err
+    }
+
+    const otherId = await peerIdFromKeys(entry.pubKey)
+
+    if (!otherId.equals(peerId)) {
+      throw errCode(new Error('Embedded public key did not match PeerID'), ERRORS.ERR_INVALID_EMBEDDED_KEY)
+    }
+  } else if (peerId.publicKey != null) {
+    pubKey = unmarshalPublicKey(peerId.publicKey)
+  }
+
+  if (pubKey != null) {
+    return pubKey
+  }
+
+  throw errCode(new Error('no public key is available'), ERRORS.ERR_UNDEFINED_PARAMETER)
+}
+
+/**
+ * Utility for creating the record data for being signed
+ */
+export const ipnsEntryDataForV1Sig = (value: Uint8Array, validityType: IpnsEntry.ValidityType, validity: Uint8Array): Uint8Array => {
+  const validityTypeBuffer = uint8ArrayFromString(validityType)
+
+  return uint8ArrayConcat([value, validity, validityTypeBuffer])
+}
+
+/**
+ * Utility for creating the record data for being signed
+ */
+export const ipnsEntryDataForV2Sig = (data: Uint8Array): Uint8Array => {
+  const entryData = uint8ArrayFromString('ipns-signature:')
+
+  return uint8ArrayConcat([entryData, data])
+}
+
+export const marshal = (obj: IPNSEntry): Uint8Array => {
+  return IpnsEntry.encode(obj)
+}
+
+export const unmarshal = (buf: Uint8Array): IPNSEntry => {
+  const message = IpnsEntry.decode(buf)
+
+  return {
+    value: message.value ?? new Uint8Array(0),
+    signature: message.signature ?? new Uint8Array(0),
+    validityType: message.validityType ?? IpnsEntry.ValidityType.EOL,
+    validity: message.validity ?? new Uint8Array(0),
+    sequence: message.sequence ?? 0n,
+    pubKey: message.pubKey,
+    ttl: message.ttl ?? undefined,
+    signatureV2: message.signatureV2,
+    data: message.data
+  }
+}
+
+export const peerIdToRoutingKey = (peerId: PeerId): Uint8Array => {
+  return uint8ArrayConcat([
+    IPNS_PREFIX,
+    peerId.toBytes()
+  ])
+}
+
+export const peerIdFromRoutingKey = (key: Uint8Array): PeerId => {
+  return peerIdFromBytes(key.slice(IPNS_PREFIX.length))
+}
+
+export const createCborData = (value: Uint8Array, validity: Uint8Array, validityType: string, sequence: bigint, ttl: bigint): Uint8Array => {
+  let ValidityType
+
+  if (validityType === IpnsEntry.ValidityType.EOL) {
+    ValidityType = 0
+  } else {
+    throw errCode(new Error('Unknown validity type'), ERRORS.ERR_UNRECOGNIZED_VALIDITY)
+  }
+
+  const data = {
+    Value: value,
+    Validity: validity,
+    ValidityType,
+    Sequence: sequence,
+    TTL: ttl
+  }
+
+  return cborg.encode(data)
+}
+
+export const parseCborData = (buf: Uint8Array): IPNSEntryData => {
+  const data = cborg.decode(buf)
+
+  if (data.ValidityType === 0) {
+    data.ValidityType = IpnsEntry.ValidityType.EOL
+  } else {
+    throw errCode(new Error('Unknown validity type'), ERRORS.ERR_UNRECOGNIZED_VALIDITY)
+  }
+
+  if (Number.isInteger(data.Sequence)) {
+    // sequence must be a BigInt, but DAG-CBOR doesn't preserve this for Numbers within the safe-integer range
+    data.Sequence = BigInt(data.Sequence)
+  }
+
+  if (Number.isInteger(data.TTL)) {
+    // ttl must be a BigInt, but DAG-CBOR doesn't preserve this for Numbers within the safe-integer range
+    data.TTL = BigInt(data.TTL)
+  }
+
+  return data
+}

src/pb/ipns.proto

@@ -0,0 +1,106 @@
+import errCode from 'err-code'
+import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
+import { equals as uint8ArrayEquals } from 'uint8arrays/equals'
+import { IpnsEntry } from './pb/ipns.js'
+import { parseRFC3339, extractPublicKey, ipnsEntryDataForV1Sig, ipnsEntryDataForV2Sig, unmarshal, peerIdFromRoutingKey, parseCborData } from './utils.js'
+import * as ERRORS from './errors.js'
+import type { IPNSEntry } from './index.js'
+import type { PublicKey } from '@libp2p/interfaces/keys'
+import type { ValidateFn } from '@libp2p/interfaces/dht'
+import { logger } from '@libp2p/logger'
+
+const log = logger('ipns:validator')
+
+/**
+ * Validates the given ipns entry against the given public key
+ */
+export const validate = async (publicKey: PublicKey, entry: IPNSEntry) => {
+  const { value, validityType, validity } = entry
+
+  let dataForSignature: Uint8Array
+  let signature: Uint8Array
+
+  // Check v2 signature if it's available, otherwise use the v1 signature
+  if ((entry.signatureV2 != null) && (entry.data != null)) {
+    signature = entry.signatureV2
+    dataForSignature = ipnsEntryDataForV2Sig(entry.data)
+
+    validateCborDataMatchesPbData(entry)
+  } else {
+    signature = entry.signature ?? new Uint8Array(0)
+    dataForSignature = ipnsEntryDataForV1Sig(value, validityType, validity)
+  }
+
+  // Validate Signature
+  let isValid
+  try {
+    isValid = await publicKey.verify(dataForSignature, signature)
+  } catch (err) {
+    isValid = false
+  }
+  if (!isValid) {
+    log.error('record signature verification failed')
+    throw errCode(new Error('record signature verification failed'), ERRORS.ERR_SIGNATURE_VERIFICATION)
+  }
+
+  // Validate according to the validity type
+  if (validity != null && validityType === IpnsEntry.ValidityType.EOL) {
+    let validityDate
+
+    try {
+      validityDate = parseRFC3339(uint8ArrayToString(validity))
+    } catch (e) {
+      log.error('unrecognized validity format (not an rfc3339 format)')
+      throw errCode(new Error('unrecognized validity format (not an rfc3339 format)'), ERRORS.ERR_UNRECOGNIZED_FORMAT)
+    }
+
+    if (validityDate.getTime() < Date.now()) {
+      log.error('record has expired')
+      throw errCode(new Error('record has expired'), ERRORS.ERR_IPNS_EXPIRED_RECORD)
+    }
+  } else if (validityType != null) {
+    log.error('unrecognized validity type')
+    throw errCode(new Error('unrecognized validity type'), ERRORS.ERR_UNRECOGNIZED_VALIDITY)
+  }
+
+  log('ipns entry for %b is valid', value)
+}
+
+const validateCborDataMatchesPbData = (entry: IPNSEntry) => {
+  if (entry.data == null) {
+    throw errCode(new Error('Record data is missing'), ERRORS.ERR_INVALID_RECORD_DATA)
+  }
+
+  const data = parseCborData(entry.data)
+
+  if (!uint8ArrayEquals(data.Value, entry.value)) {
+    throw errCode(new Error('Field "value" did not match between protobuf and CBOR'), ERRORS.ERR_SIGNATURE_VERIFICATION)
+  }
+
+  if (!uint8ArrayEquals(data.Validity, entry.validity)) {
+    throw errCode(new Error('Field "validity" did not match between protobuf and CBOR'), ERRORS.ERR_SIGNATURE_VERIFICATION)
+  }
+
+  if (data.ValidityType !== entry.validityType) {
+    throw errCode(new Error('Field "validityType" did not match between protobuf and CBOR'), ERRORS.ERR_SIGNATURE_VERIFICATION)
+  }
+
+  if (data.Sequence !== entry.sequence) {
+    throw errCode(new Error('Field "sequence" did not match between protobuf and CBOR'), ERRORS.ERR_SIGNATURE_VERIFICATION)
+  }
+
+  if (data.TTL !== entry.ttl) {
+    throw errCode(new Error('Field "ttl" did not match between protobuf and CBOR'), ERRORS.ERR_SIGNATURE_VERIFICATION)
+  }
+}
+
+export const ipnsValidator: ValidateFn = async (key, marshalledData) => {
+  const peerId = peerIdFromRoutingKey(key)
+  const receivedEntry = unmarshal(marshalledData)
+
+  // extract public key
+  const pubKey = await extractPublicKey(peerId, receivedEntry)
+
+  // Record validation
+  await validate(pubKey, receivedEntry)
+}

src/pb/ipns.ts

@@ -0,0 +1,202 @@
+/* eslint-env mocha */
+
+import { expect } from 'aegir/chai'
+import { base58btc } from 'multiformats/bases/base58'
+import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
+import { peerIdFromKeys, peerIdFromString } from '@libp2p/peer-id'
+import { generateKeyPair } from '@libp2p/crypto/keys'
+import { randomBytes } from '@libp2p/crypto'
+import * as ipns from '../src/index.js'
+import * as ERRORS from '../src/errors.js'
+import type { PeerId } from '@libp2p/interfaces/peer-id'
+import { unmarshal, marshal, extractPublicKey, peerIdToRoutingKey } from '../src/utils.js'
+import { ipnsValidator } from '../src/validator.js'
+import { createEd25519PeerId } from '@libp2p/peer-id-factory'
+
+describe('ipns', function () {
+  this.timeout(20 * 1000)
+
+  const cid = uint8ArrayFromString('QmWEekX7EZLUd9VXRNMRXW3LXe4F6x7mB8oPxY5XLptrBq')
+  let peerId: PeerId
+
+  before(async () => {
+    const rsa = await generateKeyPair('RSA', 2048)
+    peerId = await peerIdFromKeys(rsa.public.bytes, rsa.bytes)
+  })
+
+  it('should create an ipns record correctly', async () => {
+    const sequence = 0
+    const validity = 1000000
+
+    const entry = await ipns.create(peerId, cid, sequence, validity)
+    expect(entry).to.deep.include({
+      value: cid,
+      sequence: BigInt(sequence)
+    })
+    expect(entry).to.have.property('validity')
+    expect(entry).to.have.property('signature')
+    expect(entry).to.have.property('validityType')
+    expect(entry).to.have.property('signatureV2')
+    expect(entry).to.have.property('data')
+  })
+
+  it('should be able to create a record with a fixed expiration', async () => {
+    const sequence = 0
+    // 2033-05-18T03:33:20.000000000Z
+    const expiration = '2033-05-18T03:33:20.000000000Z'
+
+    const entry = await ipns.createWithExpiration(peerId, cid, sequence, expiration)
+
+    await ipnsValidator(peerIdToRoutingKey(peerId), marshal(entry))
+    expect(entry).to.have.property('validity')
+    expect(entry.validity).to.equalBytes(uint8ArrayFromString('2033-05-18T03:33:20.000000000Z'))
+  })
+
+  it('should create an ipns record and validate it correctly', async () => {
+    const sequence = 0
+    const validity = 1000000
+
+    const entry = await ipns.create(peerId, cid, sequence, validity)
+    await ipnsValidator(peerIdToRoutingKey(peerId), marshal(entry))
+  })
+
+  it('should validate a v1 message', async () => {
+    const sequence = 0
+    const validity = 1000000
+
+    const entry = await ipns.create(peerId, cid, sequence, validity)
+
+    // extra fields added for v2 sigs
+    delete entry.data
+    delete entry.signatureV2
+
+    await ipnsValidator(peerIdToRoutingKey(peerId), marshal(entry))
+  })
+
+  it('should fail to validate a bad record', async () => {
+    const sequence = 0
+    const validity = 1000000
+
+    const entry = await ipns.create(peerId, cid, sequence, validity)
+
+    // corrupt the record by changing the value to random bytes
+    entry.value = randomBytes(46)
+
+    await expect(ipnsValidator(peerIdToRoutingKey(peerId), marshal(entry))).to.eventually.be.rejected().with.property('code', ERRORS.ERR_SIGNATURE_VERIFICATION)
+  })
+
+  it('should create an ipns record with a validity of 1 nanosecond correctly and it should not be valid 1ms later', async () => {
+    const sequence = 0
+    const validity = 0.00001
+
+    const entry = await ipns.create(peerId, cid, sequence, validity)
+
+    await new Promise(resolve => setTimeout(resolve, 1))
+
+    await expect(ipnsValidator(peerIdToRoutingKey(peerId), marshal(entry))).to.eventually.be.rejected().with.property('code', ERRORS.ERR_IPNS_EXPIRED_RECORD)
+  })
+
+  it('should create an ipns record, marshal and unmarshal it, as well as validate it correctly', async () => {
+    const sequence = 0
+    const validity = 1000000
+
+    const entryDataCreated = await ipns.create(peerId, cid, sequence, validity)
+
+    const marshalledData = marshal(entryDataCreated)
+    const unmarshalledData = unmarshal(marshalledData)
+
+    expect(entryDataCreated.value).to.equalBytes(unmarshalledData.value)
+    expect(entryDataCreated.validity).to.equalBytes(unmarshalledData.validity)
+    expect(entryDataCreated.validityType).to.equal(unmarshalledData.validityType)
+    expect(entryDataCreated.signature).to.equalBytes(unmarshalledData.signature)
+    expect(entryDataCreated.sequence).to.equal(unmarshalledData.sequence)
+    expect(entryDataCreated.ttl).to.equal(unmarshalledData.ttl)
+
+    if (unmarshalledData.signatureV2 == null) {
+      throw new Error('No v2 sig found')
+    }
+
+    expect(entryDataCreated.signatureV2).to.equalBytes(unmarshalledData.signatureV2)
+
+    if (unmarshalledData.data == null) {
+      throw new Error('No v2 data found')
+    }
+
+    expect(entryDataCreated.data).to.equalBytes(unmarshalledData.data)
+
+    await ipnsValidator(peerIdToRoutingKey(peerId), marshal(unmarshalledData))
+  })
+
+  it('should get datastore key correctly', () => {
+    const datastoreKey = ipns.getLocalKey(base58btc.decode(`z${peerId.toString()}`))
+
+    expect(datastoreKey).to.exist()
+    expect(datastoreKey.toString()).to.startWith('/ipns/CIQ')
+  })
+
+  it('should be able to turn routing key back into id', () => {
+    const keys = [
+      'QmQd5Enz5tzP8u5wHur8ADuJMbcNhEf86CkWkqRzoWUhst',
+      'QmW6mcoqDKJRch2oph2FmvZhPLJn6wPU648Vv9iMyMtmtG'
+    ]
+
+    keys.forEach(key => {
+      const routingKey = ipns.peerIdToRoutingKey(peerIdFromString(key))
+      const id = ipns.peerIdFromRoutingKey(routingKey)
+
+      expect(id.toString()).to.equal(key)
+    })
+  })
+
+  it('should be able to embed a public key in an ipns record', async () => {
+    const sequence = 0
+    const validity = 1000000
+
+    const entry = await ipns.create(peerId, cid, sequence, validity)
+
+    expect(entry).to.deep.include({
+      pubKey: peerId.publicKey
+    })
+  })
+
+  // It should have a public key embedded for newer ed25519 keys
+  // https://github.com/ipfs/go-ipns/blob/d51115b4b14ed7fcca5472aadff0fee6772aca8c/ipns.go#L81
+  // https://github.com/ipfs/go-ipns/blob/d51115b4b14ed7fcca5472aadff0fee6772aca8c/ipns_test.go
+  // https://github.com/libp2p/go-libp2p-peer/blob/7f219a1e70011a258c5d3e502aef6896c60d03ce/peer.go#L80
+  // IDFromEd25519PublicKey is not currently implement on js-libp2p-peer
+  // https://github.com/libp2p/go-libp2p-peer/pull/30
+  it('should be able to extract a public key directly from the peer', async () => {
+    const sequence = 0
+    const validity = 1000000
+
+    const ed25519 = await createEd25519PeerId()
+    const entry = await ipns.create(ed25519, cid, sequence, validity)
+
+    expect(entry).to.not.have.property('pubKey') // ed25519 keys should not be embedded
+  })
+
+  it('validator with no valid public key should error', async () => {
+    const sequence = 0
+    const validity = 1000000
+
+    const entry = await ipns.create(peerId, cid, sequence, validity)
+    delete entry.pubKey
+
+    const marshalledData = marshal(entry)
+    const key = peerIdToRoutingKey(peerId)
+
+    await expect(ipnsValidator(key, marshalledData)).to.eventually.be.rejected().with.property('code', ERRORS.ERR_UNDEFINED_PARAMETER)
+  })
+
+  it('should be able to export a previously embedded public key from an ipns record', async () => {
+    const sequence = 0
+    const validity = 1000000
+
+    const entry = await ipns.create(peerId, cid, sequence, validity)
+
+    const publicKey = await extractPublicKey(peerId, entry)
+    expect(publicKey).to.deep.include({
+      bytes: peerId.publicKey
+    })
+  })
+})

src/selector.ts

@@ -0,0 +1,81 @@
+/* eslint-env mocha */
+
+import { expect } from 'aegir/chai'
+import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
+import { peerIdFromKeys } from '@libp2p/peer-id'
+import { generateKeyPair } from '@libp2p/crypto/keys'
+import * as ipns from '../src/index.js'
+import { marshal, peerIdToRoutingKey } from '../src/utils.js'
+import { ipnsSelector } from '../src/selector.js'
+import type { PeerId } from '@libp2p/interfaces/peer-id'
+
+describe('selector', function () {
+  this.timeout(20 * 1000)
+
+  const cid = uint8ArrayFromString('QmWEekX7EZLUd9VXRNMRXW3LXe4F6x7mB8oPxY5XLptrBq')
+  let peerId: PeerId
+
+  before(async () => {
+    const rsa = await generateKeyPair('RSA', 2048)
+    peerId = await peerIdFromKeys(rsa.public.bytes, rsa.bytes)
+  })
+
+  it('should use validator.select to select the record with the highest sequence number', async () => {
+    const sequence = 0
+    const lifetime = 1000000
+
+    const entry = await ipns.create(peerId, cid, sequence, lifetime)
+    const newEntry = await ipns.create(peerId, cid, (sequence + 1), lifetime)
+
+    const marshalledData = marshal(entry)
+    const marshalledNewData = marshal(newEntry)
+
+    const key = peerIdToRoutingKey(peerId)
+
+    let valid = ipnsSelector(key, [marshalledNewData, marshalledData])
+    expect(valid).to.equal(0) // new data is the selected one
+
+    valid = ipnsSelector(key, [marshalledData, marshalledNewData])
+    expect(valid).to.equal(1) // new data is the selected one
+  })
+
+  it('should use validator.select to select the record with the longest validity', async () => {
+    const sequence = 0
+    const lifetime = 1000000
+
+    const entry = await ipns.create(peerId, cid, sequence, lifetime)
+    const newEntry = await ipns.create(peerId, cid, sequence, (lifetime + 1))
+
+    const marshalledData = marshal(entry)
+    const marshalledNewData = marshal(newEntry)
+
+    const key = peerIdToRoutingKey(peerId)
+
+    let valid = ipnsSelector(key, [marshalledNewData, marshalledData])
+    expect(valid).to.equal(0) // new data is the selected one
+
+    valid = ipnsSelector(key, [marshalledData, marshalledNewData])
+    expect(valid).to.equal(1) // new data is the selected one
+  })
+
+  it('should use validator.select to select an older record with a v2 sig when the newer record only uses v1', async () => {
+    const sequence = 0
+    const lifetime = 1000000
+
+    const entry = await ipns.create(peerId, cid, sequence, lifetime)
+
+    const newEntry = await ipns.create(peerId, cid, sequence + 1, lifetime)
+    delete newEntry.signatureV2
+
+    const marshalledData = marshal(entry)
+    const marshalledNewData = marshal(newEntry)
+
+    const key = peerIdToRoutingKey(peerId)
+
+    let valid = ipnsSelector(key, [marshalledNewData, marshalledData])
+    expect(valid).to.equal(1) // old data is the selected one
+
+    valid = ipnsSelector(key, [marshalledData, marshalledNewData])
+    expect(valid).to.equal(0) // old data is the selected one
+  })
+})

src/types.ts

@@ -0,0 +1,83 @@
+/* eslint-env mocha */
+
+import { expect } from 'aegir/chai'
+import { base58btc } from 'multiformats/bases/base58'
+import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
+import { concat as uint8ArrayConcat } from 'uint8arrays/concat'
+import { peerIdFromKeys } from '@libp2p/peer-id'
+import { generateKeyPair } from '@libp2p/crypto/keys'
+import { randomBytes } from '@libp2p/crypto'
+import * as ipns from '../src/index.js'
+import * as ERRORS from '../src/errors.js'
+import type { PeerId } from '@libp2p/interfaces/peer-id'
+import { marshal, peerIdToRoutingKey } from '../src/utils.js'
+import { ipnsValidator } from '../src/validator.js'
+
+describe('validator', function () {
+  this.timeout(20 * 1000)
+
+  const cid = uint8ArrayFromString('QmWEekX7EZLUd9VXRNMRXW3LXe4F6x7mB8oPxY5XLptrBq')
+  let peerId1: PeerId
+  let peerId2: PeerId
+
+  before(async () => {
+    const rsa = await generateKeyPair('RSA', 2048)
+    peerId1 = await peerIdFromKeys(rsa.public.bytes, rsa.bytes)
+
+    const rsa2 = await generateKeyPair('RSA', 2048)
+    peerId2 = await peerIdFromKeys(rsa2.public.bytes, rsa2.bytes)
+  })
+
+  it('should validate a record', async () => {
+    const sequence = 0
+    const validity = 1000000
+
+    const entry = await ipns.create(peerId1, cid, sequence, validity)
+    const marshalledData = marshal(entry)
+
+    const keyBytes = base58btc.decode(`z${peerId1.toString()}`)
+    const key = uint8ArrayConcat([uint8ArrayFromString('/ipns/'), keyBytes])
+
+    await ipnsValidator(key, marshalledData)
+  })
+
+  it('should use validator.validate to verify that a record is not valid', async () => {
+    const sequence = 0
+    const validity = 1000000
+
+    const entry = await ipns.create(peerId1, cid, sequence, validity)
+
+    // corrupt the record by changing the value to random bytes
+    entry.value = randomBytes(entry.value.length)
+    const marshalledData = marshal(entry)
+
+    const key = peerIdToRoutingKey(peerId1)
+
+    await expect(ipnsValidator(key, marshalledData)).to.eventually.be.rejected().with.property('code', ERRORS.ERR_SIGNATURE_VERIFICATION)
+  })
+
+  it('should use validator.validate to verify that a record is not valid when it is passed with the wrong IPNS key', async () => {
+    const sequence = 0
+    const validity = 1000000
+
+    const entry = await ipns.create(peerId1, cid, sequence, validity)
+    const marshalledData = marshal(entry)
+
+    const key = peerIdToRoutingKey(peerId2)
+
+    await expect(ipnsValidator(key, marshalledData)).to.eventually.be.rejected().with.property('code', ERRORS.ERR_INVALID_EMBEDDED_KEY)
+  })
+
+  it('should use validator.validate to verify that a record is not valid when the wrong key is embedded', async () => {
+    const sequence = 0
+    const validity = 1000000
+
+    const entry = await ipns.create(peerId1, cid, sequence, validity)
+    entry.pubKey = peerId2.publicKey
+    const marshalledData = marshal(entry)
+
+    const key = peerIdToRoutingKey(peerId1)
+
+    await expect(ipnsValidator(key, marshalledData)).to.eventually.be.rejected().with.property('code', ERRORS.ERR_INVALID_EMBEDDED_KEY)
+  })
+})

src/utils.js

@@ -1,13 +1,10 @@
 {
   "extends": "aegir/src/config/tsconfig.aegir.json",
   "compilerOptions": {
-    "outDir": "types"
+    "outDir": "dist"
   },
   "include": [
     "src",
     "test"
-  ],
-  "exclude": [
-    "src/pb/ipns.js"
   ]
 }