Turn w3id.org into a did web resolver with htaccess rewrite

[OR13]

Header set Access-Control-Allow-Origin *
Header set Access-Control-Allow-Headers DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified$
Options +FollowSymLinks
RewriteEngine on

# DID web via redirect

# RewriteRule ^did:web:(.+)$ https://did-web.web.app/api/v1/identifiers/did:web:$1 [R=302,L]

# http://localhost:8080/did:web:vc.did.ai 

RewriteRule ^did:web:([a-zA-Z0-9/.\\-_]+)$ https://$1/.well-known/did.json [R=302,L]

# http://localhost:8080/did:web:did.actor:alice

RewriteRule ^did:web:([A-Z|a-z\.]+)(?::)([a-zA-Z0-9/.\-:\\_]+)$ https://$1/$2/did.json [R=302,L]

# http://localhost:8080/did:web:did.actor:alice:1

RewriteRule ^did:web:([A-Z|a-z\.]+)(?::)([a-zA-Z0-9/.\-:\\_]+)(?::)([a-zA-Z0-9/.\-:\\_]+)$ https://$1/$2/$3/did.json [R=302,L]

# DID web via url rewrite 

# http://localhost:8080/did:web:did.actor:supply-chain:manufacturer:stacy

RewriteRule ^did:web:([A-Z|a-z\.]+)(?::)([a-zA-Z0-9/.\-:\\_]+)(?::)([a-zA-Z0-9/.\-:\\_]+)(?::)([a-zA-Z0-9/.\-:\\_]+)$ https://$1/$2/$3/$4/did.json [R=302,L]

If someone who is better with htaccess and regex can clean this up, we don't need a did web resolver any more.

[OR13]

demo here: https://github.com/transmute-industries/linked-data/pull/17

[gribneau]

The simplicity is admirable.

By clean up, do you mean reduce the number of statements?

... https://$1/$2/did.json [R=302,L]
... https://$1/$2/$3/did.json [R=302,L]
... https://$1/$2/$3/$4/did.json [R=302,L]

[OR13]

@gribneau yes, currently being forced to write a rule for very level of nesting because I can't figure out how to use htaccess rules to replace ":" with "/" in a recursive regex.

[gribneau]

I don't think we can do a global or recursive string replace in the context of a rewrite rule.

Something like mod_lua might be a cleaner path.

[OR13]

I asked on the w3id.org repo, even the regex opens them up for redos and other attacks but perhaps there are features they know of which might help.

another alternative would be to limit the nesting depth in the spec, which might be a good idea for security reasons anyway...

ping @dmitrizagidulin @awoie

[kdenhartog]

Interesting - using w3id.org as a resolver creates a nice herd privacy effect. I like where you're going with this, but not sure I know how to help with your issue around making this recursive at this point.