Reject messages with nonnormalize protocol URIs (#317)

* Reject messages with nonnormalize protocol URIs

* PR comments

* Lint

* Fix README + PR comment

Author: Diane Huxley

README.md

@@ -3,7 +3,7 @@
 # Decentralized Web Node (DWN) SDK
 
 Code Coverage
-![Statements](https://img.shields.io/badge/statements-93.86%25-brightgreen.svg?style=flat) ![Branches](https://img.shields.io/badge/branches-93.39%25-brightgreen.svg?style=flat) ![Functions](https://img.shields.io/badge/functions-91.54%25-brightgreen.svg?style=flat) ![Lines](https://img.shields.io/badge/lines-93.86%25-brightgreen.svg?style=flat)
+![Statements](https://img.shields.io/badge/statements-93.95%25-brightgreen.svg?style=flat) ![Branches](https://img.shields.io/badge/branches-93.46%25-brightgreen.svg?style=flat) ![Functions](https://img.shields.io/badge/functions-91.69%25-brightgreen.svg?style=flat) ![Lines](https://img.shields.io/badge/lines-93.95%25-brightgreen.svg?style=flat)
 
 ## Introduction
 

src/core/dwn-error.ts

@@ -26,5 +26,7 @@ export enum DwnErrorCode {
   RecordsInvalidAncestorKeyDerivationSegment = 'RecordsInvalidAncestorKeyDerivationSegment',
   RecordsWriteGetEntryIdUndefinedAuthor = 'RecordsWriteGetEntryIdUndefinedAuthor',
   RecordsWriteValidateIntegrityEncryptionCidMismatch = 'RecordsWriteValidateIntegrityEncryptionCidMismatch',
-  Secp256k1KeyNotValid = 'Secp256k1KeyNotValid'
+  Secp256k1KeyNotValid = 'Secp256k1KeyNotValid',
+  UrlProtocolNotNormalized = 'UrlProtocolNotNormalized',
+  UrlPrococolNotNormalizable = 'UriPrococolNotNormalizable'
 };

src/index.ts

@@ -8,7 +8,7 @@ export type { EventLog, Event } from './event-log/event-log.js';
 export type { EventsGetMessage, EventsGetReply } from './interfaces/events/types.js';
 export type { HooksWriteMessage } from './interfaces/hooks/types.js';
 export type { MessagesGetMessage, MessagesGetReply } from './interfaces/messages/types.js';
-export type { ProtocolDefinition, ProtocolRuleSet, ProtocolsConfigureMessage, ProtocolsQueryMessage } from './interfaces/protocols/types.js';
+export type { ProtocolDefinition, ProtocolRuleSet, ProtocolsQueryFilter, ProtocolsConfigureMessage, ProtocolsQueryMessage } from './interfaces/protocols/types.js';
 export type { RecordsDeleteMessage, RecordsQueryMessage, RecordsWriteMessage } from './interfaces/records/types.js';
 export { AllowAllTenantGate, TenantGate } from './core/tenant-gate.js';
 export { Cid } from './utils/cid.js';

src/interfaces/protocols/messages/protocols-configure.ts

@@ -5,6 +5,7 @@ import { getCurrentTimeInHighPrecision } from '../../../utils/time.js';
 import { validateAuthorizationIntegrity } from '../../../core/auth.js';
 
 import { DwnInterfaceName, DwnMethodName, Message } from '../../../core/message.js';
+import { normalizeProtocolUri, validateProtocolUriNormalized } from '../../../utils/url.js';
 
 export type ProtocolsConfigureOptions = {
   dateCreated? : string;
@@ -17,6 +18,7 @@ export class ProtocolsConfigure extends Message<ProtocolsConfigureMessage> {
 
   public static async parse(message: ProtocolsConfigureMessage): Promise<ProtocolsConfigure> {
     await validateAuthorizationIntegrity(message);
+    validateProtocolUriNormalized(message.descriptor.protocol);
 
     return new ProtocolsConfigure(message);
   }
@@ -26,7 +28,7 @@ export class ProtocolsConfigure extends Message<ProtocolsConfigureMessage> {
       interface   : DwnInterfaceName.Protocols,
       method      : DwnMethodName.Configure,
       dateCreated : options.dateCreated ?? getCurrentTimeInHighPrecision(),
-      protocol    : options.protocol,
+      protocol    : normalizeProtocolUri(options.protocol),
       definition  : options.definition // TODO: #139 - move definition out of the descriptor - https://github.com/TBD54566975/dwn-sdk-js/issues/139
     };
 

src/interfaces/protocols/messages/protocols-query.ts

@@ -1,17 +1,15 @@
 import type { SignatureInput } from '../../../jose/jws/general/types.js';
-import type { ProtocolsQueryDescriptor, ProtocolsQueryMessage } from '../types.js';
+import type { ProtocolsQueryDescriptor, ProtocolsQueryFilter, ProtocolsQueryMessage } from '../types.js';
 
 import { getCurrentTimeInHighPrecision } from '../../../utils/time.js';
 import { removeUndefinedProperties } from '../../../utils/object.js';
 import { validateAuthorizationIntegrity } from '../../../core/auth.js';
-
 import { DwnInterfaceName, DwnMethodName, Message } from '../../../core/message.js';
+import { normalizeProtocolUri, validateProtocolUriNormalized } from '../../../utils/url.js';
 
 export type ProtocolsQueryOptions = {
   dateCreated?: string;
-  filter?: {
-    protocol: string;
-  }
+  filter?: ProtocolsQueryFilter,
   authorizationSignatureInput: SignatureInput;
 };
 
@@ -20,6 +18,10 @@ export class ProtocolsQuery extends Message<ProtocolsQueryMessage> {
   public static async parse(message: ProtocolsQueryMessage): Promise<ProtocolsQuery> {
     await validateAuthorizationIntegrity(message);
 
+    if (message.descriptor.filter !== undefined) {
+      validateProtocolUriNormalized(message.descriptor.filter.protocol);
+    }
+
     return new ProtocolsQuery(message);
   }
 
@@ -28,7 +30,7 @@ export class ProtocolsQuery extends Message<ProtocolsQueryMessage> {
       interface   : DwnInterfaceName.Protocols,
       method      : DwnMethodName.Query,
       dateCreated : options.dateCreated ?? getCurrentTimeInHighPrecision(),
-      filter      : options.filter,
+      filter      : ProtocolsQuery.normalizeFilter(options.filter),
     };
 
     // delete all descriptor properties that are `undefined` else the code will encounter the following IPLD issue when attempting to generate CID:
@@ -43,4 +45,15 @@ export class ProtocolsQuery extends Message<ProtocolsQueryMessage> {
     const protocolsQuery = new ProtocolsQuery(message);
     return protocolsQuery;
   }
+
+  private static normalizeFilter(filter: ProtocolsQueryFilter | undefined): ProtocolsQueryFilter | undefined {
+    if (filter === undefined) {
+      return undefined;
+    }
+
+    return {
+      ...filter,
+      protocol: normalizeProtocolUri(filter.protocol),
+    };
+  }
 }

src/interfaces/protocols/types.ts

@@ -41,13 +41,15 @@ export type ProtocolsConfigureMessage = BaseMessage & {
   descriptor: ProtocolsConfigureDescriptor;
 };
 
+export type ProtocolsQueryFilter = {
+  protocol: string,
+};
+
 export type ProtocolsQueryDescriptor = {
   interface : DwnInterfaceName.Protocols,
   method: DwnMethodName.Query;
   dateCreated: string;
-  filter?: {
-    protocol: string;
-  }
+  filter?: ProtocolsQueryFilter
 };
 
 export type ProtocolsQueryMessage = BaseMessage & {

src/interfaces/records/messages/records-query.ts

@@ -7,6 +7,7 @@ import { Message } from '../../../core/message.js';
 import { removeUndefinedProperties } from '../../../utils/object.js';
 import { validateAuthorizationIntegrity } from '../../../core/auth.js';
 import { DwnInterfaceName, DwnMethodName } from '../../../core/message.js';
+import { normalizeProtocolUri, validateProtocolUriNormalized } from '../../../utils/url.js';
 
 export enum DateSort {
   CreatedAscending = 'createdAscending',
@@ -26,6 +27,11 @@ export class RecordsQuery extends Message<RecordsQueryMessage> {
 
   public static async parse(message: RecordsQueryMessage): Promise<RecordsQuery> {
     await validateAuthorizationIntegrity(message);
+
+    if (message.descriptor.filter?.protocol !== undefined) {
+      validateProtocolUriNormalized(message.descriptor.filter.protocol);
+    }
+
     return new RecordsQuery(message);
   }
 
@@ -34,7 +40,7 @@ export class RecordsQuery extends Message<RecordsQueryMessage> {
       interface   : DwnInterfaceName.Records,
       method      : DwnMethodName.Query,
       dateCreated : options.dateCreated ?? getCurrentTimeInHighPrecision(),
-      filter      : options.filter,
+      filter      : RecordsQuery.normalizerFilter(options.filter),
       dateSort    : options.dateSort
     };
 
@@ -94,4 +100,18 @@ export class RecordsQuery extends Message<RecordsQueryMessage> {
 
     return filterCopy as Filter;
   }
+
+  public static normalizerFilter(filter: RecordsQueryFilter): RecordsQueryFilter {
+    let protocol;
+    if (filter.protocol === undefined) {
+      protocol = undefined;
+    } else {
+      protocol = normalizeProtocolUri(filter.protocol);
+    }
+
+    return {
+      ...filter,
+      protocol,
+    };
+  }
 }

src/interfaces/records/messages/records-write.ts

@@ -24,11 +24,11 @@ import { ProtocolAuthorization } from '../../../core/protocol-authorization.js';
 import { Records } from '../../../utils/records.js';
 import { removeUndefinedProperties } from '../../../utils/object.js';
 import { Secp256k1 } from '../../../utils/secp256k1.js';
-
 import { authorize, validateAuthorizationIntegrity } from '../../../core/auth.js';
 import { Cid, computeCid } from '../../../utils/cid.js';
 import { DwnError, DwnErrorCode } from '../../../core/dwn-error.js';
 import { DwnInterfaceName, DwnMethodName } from '../../../core/message.js';
+import { normalizeProtocolUri, validateProtocolUriNormalized } from '../../../utils/url.js';
 
 export type RecordsWriteOptions = {
   recipient?: string;
@@ -161,7 +161,7 @@ export class RecordsWrite extends Message<RecordsWriteMessage> {
     const descriptor: RecordsWriteDescriptor = {
       interface     : DwnInterfaceName.Records,
       method        : DwnMethodName.Write,
-      protocol      : options.protocol,
+      protocol      : options.protocol !== undefined ? normalizeProtocolUri(options.protocol) : undefined,
       protocolPath  : options.protocolPath,
       recipient     : options.recipient!,
       schema        : options.schema,
@@ -368,6 +368,10 @@ export class RecordsWrite extends Message<RecordsWriteMessage> {
         );
       }
     }
+
+    if (this.message.descriptor.protocol !== undefined) {
+      validateProtocolUriNormalized(this.message.descriptor.protocol);
+    }
   }
 
   /**
@@ -500,7 +504,7 @@ export class RecordsWrite extends Message<RecordsWriteMessage> {
   /**
    * Creates the `attestation` property of a RecordsWrite message if given signature inputs; returns `undefined` otherwise.
    */
-  private static async createAttestation(descriptorCid: string, signatureInputs?: SignatureInput[]): Promise<GeneralJws | undefined> {
+  public static async createAttestation(descriptorCid: string, signatureInputs?: SignatureInput[]): Promise<GeneralJws | undefined> {
     if (signatureInputs === undefined || signatureInputs.length === 0) {
       return undefined;
     }
@@ -515,7 +519,7 @@ export class RecordsWrite extends Message<RecordsWriteMessage> {
   /**
    * Creates the `authorization` property of a RecordsWrite message.
    */
-  private static async createAuthorization(
+  public static async createAuthorization(
     recordId: string,
     contextId: string | undefined,
     descriptorCid: string,

src/utils/url.ts

@@ -0,0 +1,41 @@
+import { DwnError, DwnErrorCode } from '../core/dwn-error.js';
+
+
+export function validateProtocolUriNormalized(protocol: string): void {
+  let normalized: string | undefined;
+  try {
+    normalized = normalizeProtocolUri(protocol);
+  } catch {
+    normalized = undefined;
+  }
+
+  if (protocol !== normalized) {
+    throw new DwnError(DwnErrorCode.UrlProtocolNotNormalized, 'Protocol URI must be normalized.');
+  }
+}
+
+export function normalizeProtocolUri(url: string): string {
+  let fullUrl: string;
+  if (/^[^:]+:\/\/./.test(url)) {
+    fullUrl = url;
+  } else {
+    fullUrl = `http://${url}`;
+  }
+
+  try {
+    const result = new URL(fullUrl);
+    result.search = '';
+    result.hash = '';
+    return removeTrailingSlash(result.href);
+  } catch (e) {
+    throw new DwnError(DwnErrorCode.UrlPrococolNotNormalizable, 'Could not normalize protocol URI');
+  }
+}
+
+function removeTrailingSlash(str: string): string {
+  if (str.endsWith('/')) {
+    return str.slice(0, -1);
+  } else {
+    return str;
+  }
+}

tests/interfaces/protocols/handlers/protocols-configure.spec.ts

@@ -14,7 +14,7 @@ import { MessageStoreLevel } from '../../../../src/store/message-store-level.js'
 import { TestDataGenerator } from '../../../utils/test-data-generator.js';
 import { TestStubGenerator } from '../../../utils/test-stub-generator.js';
 
-import { DidResolver, Dwn, Encoder, Jws } from '../../../../src/index.js';
+import { DidResolver, Dwn, DwnErrorCode, Encoder, Jws } from '../../../../src/index.js';
 
 chai.use(chaiAsPromised);
 
@@ -140,6 +140,30 @@ describe('ProtocolsConfigureHandler.handle()', () => {
       expect(actualDefinition).to.equal(expectedDefinition);
     });
 
+    it('should return 400 if protocol is not normalized', async () => {
+      const alice = await DidKeyResolver.generate();
+
+      // query for non-normalized protocol
+      const protocolsConfig = await TestDataGenerator.generateProtocolsConfigure({
+        requester : alice,
+        protocol  : 'example.com/',
+      });
+
+      // overwrite protocol because #create auto-normalizes protocol
+      protocolsConfig.message.descriptor.protocol = 'example.com/';
+
+      // Re-create auth because we altered the descriptor after signing
+      protocolsConfig.message.authorization = await Message.signAsAuthorization(
+        protocolsConfig.message.descriptor,
+        Jws.createSignatureInput(alice)
+      );
+
+      // Send records write message
+      const reply = await dwn.processMessage(alice.did, protocolsConfig.message);
+      expect(reply.status.code).to.equal(400);
+      expect(reply.status.detail).to.contain(DwnErrorCode.UrlProtocolNotNormalized);
+    });
+
     describe('event log', () => {
       it('should add event for ProtocolsConfigure', async () => {
         const alice = await DidKeyResolver.generate();