did-method-web icon indicating copy to clipboard operation
did-method-web copied to clipboard
verified publisher icon w3c-ccg

Turn w3id.org into a did web resolver with htaccess rewrite

Open OR13 opened this issue 4 years ago • 6 comments 

Header set Access-Control-Allow-Origin *
Header set Access-Control-Allow-Headers DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified$
Options +FollowSymLinks
RewriteEngine on

# DID web via redirect

# RewriteRule ^did:web:(.+)$ https://did-web.web.app/api/v1/identifiers/did:web:$1 [R=302,L]

# http://localhost:8080/did:web:vc.did.ai 

RewriteRule ^did:web:([a-zA-Z0-9/.\\-_]+)$ https://$1/.well-known/did.json [R=302,L]

# http://localhost:8080/did:web:did.actor:alice

RewriteRule ^did:web:([A-Z|a-z\.]+)(?::)([a-zA-Z0-9/.\-:\\_]+)$ https://$1/$2/did.json [R=302,L]

# http://localhost:8080/did:web:did.actor:alice:1

RewriteRule ^did:web:([A-Z|a-z\.]+)(?::)([a-zA-Z0-9/.\-:\\_]+)(?::)([a-zA-Z0-9/.\-:\\_]+)$ https://$1/$2/$3/did.json [R=302,L]

# DID web via url rewrite 

# http://localhost:8080/did:web:did.actor:supply-chain:manufacturer:stacy

RewriteRule ^did:web:([A-Z|a-z\.]+)(?::)([a-zA-Z0-9/.\-:\\_]+)(?::)([a-zA-Z0-9/.\-:\\_]+)(?::)([a-zA-Z0-9/.\-:\\_]+)$ https://$1/$2/$3/$4/did.json [R=302,L]

If someone who is better with htaccess and regex can clean this up, we don't need a did web resolver any more.

OR13 avatar Mar 14 '21 23:03 OR13

demo here: https://github.com/transmute-industries/linked-data/pull/17

OR13 avatar Mar 14 '21 23:03 OR13

The simplicity is admirable.

By clean up, do you mean reduce the number of statements?

... https://$1/$2/did.json [R=302,L]
... https://$1/$2/$3/did.json [R=302,L]
... https://$1/$2/$3/$4/did.json [R=302,L]

gribneau avatar Mar 19 '21 12:03 gribneau

@gribneau yes, currently being forced to write a rule for very level of nesting because I can't figure out how to use htaccess rules to replace ":" with "/" in a recursive regex.

OR13 avatar Mar 22 '21 17:03 OR13

I don't think we can do a global or recursive string replace in the context of a rewrite rule.

Something like mod_lua might be a cleaner path.

gribneau avatar Mar 22 '21 19:03 gribneau

I asked on the w3id.org repo, even the regex opens them up for redos and other attacks but perhaps there are features they know of which might help.

another alternative would be to limit the nesting depth in the spec, which might be a good idea for security reasons anyway...

ping @dmitrizagidulin @awoie

OR13 avatar Mar 25 '21 18:03 OR13

Interesting - using w3id.org as a resolver creates a nice herd privacy effect. I like where you're going with this, but not sure I know how to help with your issue around making this recursive at this point.

kdenhartog avatar Sep 08 '21 00:09 kdenhartog