UNPKG

mina-attestations

Version:

Private Attestations on Mina

github.com/zksecurity/mina-attestations

zksecurity/mina-attestations

86 lines 2.9 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
/** * This entire file was copied and modified from zk-email-verify: * https://github.com/zkemail/zk-email-verify */ export { resolveDNSHTTP }; // DoH servers list const DoHServer = { // Google Public DNS Google: 'https://dns.google/resolve', // Cloudflare DNS Cloudflare: 'https://cloudflare-dns.com/dns-query', }; async function resolveDNSHTTP(name) { let googleResult = await resolveDKIMPublicKey(name, DoHServer.Google); if (googleResult === undefined) { throw Error('No DKIM record found in Google'); } let regex = /p=([^;]*)/; let match = regex.exec(googleResult); if (match) { let valueAfterP = match[1]; // Extracting the value after p= if (valueAfterP === '') { throw Error('No DKIM record found in Google (empty p=)'); } } let cloudflareResult = await resolveDKIMPublicKey(name, DoHServer.Cloudflare); // Log an error if there is a mismatch in the result if (googleResult !== cloudflareResult) { console.error('DKIM record mismatch between Google and Cloudflare! Using Google result.'); } return googleResult; } // DNS response codes const DoHStatusNoError = 0; // DNS RR types const DoHTypeTXT = 16; /** * Resolve DKIM public key from DNS * * @param name DKIM record name (e.g. 20230601._domainkey.gmail.com) * @param dnsServerURL DNS over HTTPS API URL * @return DKIM public key or undefined if not found */ async function resolveDKIMPublicKey(name, dnsServerURL) { let cleanURL = dnsServerURL; if (!cleanURL.startsWith('https://')) { cleanURL = `https://${cleanURL}`; } if (cleanURL.endsWith('/')) { cleanURL = cleanURL.slice(0, -1); } let queryUrl = new URL(cleanURL); queryUrl.searchParams.set('name', name); queryUrl.searchParams.set('type', DoHTypeTXT.toString()); let res = await fetch(queryUrl, { headers: { accept: 'application/dns-json' }, }); if (!res.ok) return undefined; let result = await res.json(); if (!isDoHResponse(result)) return undefined; if (result.Status !== DoHStatusNoError) return undefined; for (let answer of result.Answer) { if (answer.type !== DoHTypeTXT) continue; let dkimRecord = answer.data; /* Remove all double quotes Some DNS providers wrap TXT records in double quotes, and others like Cloudflare may include them. According to TXT (potentially multi-line) and DKIM (Base64 data) standards, we can directly remove all double quotes from the DKIM public key. */ return dkimRecord.replace(/"/g, ''); } return undefined; } function isDoHResponse(res) { return (typeof res === 'object' && res !== null && 'Status' in res && 'Answer' in res); } //# sourceMappingURL=dns-over-http.js.map