Skip to content
This repository has been archived by the owner on Sep 21, 2024. It is now read-only.

Commit

Permalink
feat: Update to rs-ucan X, implementing Ucan 0.10ish.
Browse files Browse the repository at this point in the history
  • Loading branch information
jsantell committed Jun 27, 2023
1 parent 1e867b8 commit 2146dd0
Show file tree
Hide file tree
Showing 26 changed files with 235 additions and 353 deletions.
42 changes: 25 additions & 17 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,8 @@ tracing = { version = "0.1" }
tracing-subscriber = { version = "~0.3.16", features = ["env-filter", "tracing-log"] }
thiserror = { version = "1" }
gloo-timers = { version = "0.2", features = ["futures"] }
ucan = { version = "0.3.2" }
ucan-key-support = { version = "0.1.6" }
ucan = { git = "https://github.com/jsantell/rs-ucan.git", branch = "capabilities" }
ucan-key-support = { git = "https://github.com/jsantell/rs-ucan.git", branch = "capabilities" }
libipld = { version = "0.16" }
libipld-core = { version = "0.16" }
libipld-cbor = { version = "0.16" }
Expand Down
1 change: 1 addition & 0 deletions c/example/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ void test_errors() {
assert(error_message != NULL);
assert(ns_error_code_get(error) == NS_ERROR_CODE_OTHER);

ns_error_free(error);
ns_string_free(error_message);
ns_free(noosphere);
}
Expand Down
44 changes: 7 additions & 37 deletions rust/noosphere-api/src/client.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ use libipld_cbor::DagCborCodec;
use noosphere_car::CarReader;

use noosphere_core::{
authority::{Author, SphereAction, SphereReference},
authority::{generate_capability, Author, SphereAbility, SphereReference},
data::{Link, MemoIpld},
};
use noosphere_storage::{block_deserialize, block_serialize};
Expand All @@ -22,7 +22,7 @@ use tokio_stream::{Stream, StreamExt};
use tokio_util::io::StreamReader;
use ucan::{
builder::UcanBuilder,
capability::{Capability, Resource, With},
capability::CapabilityView,
crypto::{did::DidParser, KeyMaterial},
store::{UcanJwtStore, UcanStore},
ucan::Ucan,
Expand Down Expand Up @@ -82,14 +82,7 @@ where
let (jwt, ucan_headers) = Self::make_bearer_token(
&gateway_identity,
author,
&Capability {
with: With::Resource {
kind: Resource::Scoped(SphereReference {
did: sphere_identity.to_string(),
}),
},
can: SphereAction::Fetch,
},
&generate_capability(sphere_identity, SphereAbility::Fetch),
&store,
)
.await?;
Expand Down Expand Up @@ -123,7 +116,7 @@ where
async fn make_bearer_token(
gateway_identity: &str,
author: &Author<K>,
capability: &Capability<SphereReference, SphereAction>,
capability: &CapabilityView<SphereReference, SphereAbility>,
store: &S,
) -> Result<(String, HeaderMap)> {
let mut signable = UcanBuilder::default()
Expand Down Expand Up @@ -206,14 +199,7 @@ where

debug!("Client replicating {} from {}", memo_version, url);

let capability = Capability {
with: With::Resource {
kind: Resource::Scoped(SphereReference {
did: self.sphere_identity.clone(),
}),
},
can: SphereAction::Fetch,
};
let capability = generate_capability(&self.sphere_identity, SphereAbility::Fetch);

let (token, ucan_headers) = Self::make_bearer_token(
&self.session.gateway_identity,
Expand Down Expand Up @@ -258,15 +244,7 @@ where

debug!("Client fetching blocks from {}", url);

let capability = Capability {
with: With::Resource {
kind: Resource::Scoped(SphereReference {
did: self.sphere_identity.clone(),
}),
},
can: SphereAction::Fetch,
};

let capability = generate_capability(&self.sphere_identity, SphereAbility::Fetch);
let (token, ucan_headers) = Self::make_bearer_token(
&self.session.gateway_identity,
&self.author,
Expand Down Expand Up @@ -321,15 +299,7 @@ where
push_body.sphere,
url
);
let capability = Capability {
with: With::Resource {
kind: Resource::Scoped(SphereReference {
did: self.sphere_identity.clone(),
}),
},
can: SphereAction::Push,
};

let capability = generate_capability(&self.sphere_identity, SphereAbility::Push);
let (token, ucan_headers) = Self::make_bearer_token(
&self.session.gateway_identity,
&self.author,
Expand Down
13 changes: 2 additions & 11 deletions rust/noosphere-api/src/data.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,14 @@ use std::{fmt::Display, str::FromStr};
use anyhow::{anyhow, Result};
use cid::Cid;
use noosphere_core::{
authority::{SphereAction, SphereReference, SPHERE_SEMANTICS},
authority::{generate_capability, SphereAbility, SPHERE_SEMANTICS},
data::{Bundle, Did, Jwt, Link, MemoIpld},
};
use noosphere_storage::{base64_decode, base64_encode};
use reqwest::StatusCode;
use serde::{Deserialize, Deserializer, Serialize};
use thiserror::Error;
use ucan::{
capability::{Capability, Resource, With},
chain::ProofChain,
crypto::{did::DidParser, KeyMaterial},
store::UcanStore,
Expand Down Expand Up @@ -227,15 +226,7 @@ impl IdentifyResponse {
return Err(anyhow!("Wrong audience!"));
}

let capability = Capability {
with: With::Resource {
kind: Resource::Scoped(SphereReference {
did: self.sphere_identity.to_string(),
}),
},
can: SphereAction::Push,
};

let capability = generate_capability(&self.sphere_identity, SphereAbility::Push);
let capability_infos = proof.reduce_capabilities(&SPHERE_SEMANTICS);

for capability_info in capability_infos {
Expand Down
38 changes: 14 additions & 24 deletions rust/noosphere-cli/src/native/commands/auth.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,12 @@ use std::{convert::TryFrom, str::FromStr};
use anyhow::{anyhow, Result};
use cid::Cid;
use noosphere_core::{
authority::{SphereAction, SphereReference},
authority::{generate_capability, SphereAbility},
data::{DelegationIpld, Link, RevocationIpld},
view::{Sphere, SphereMutation},
};
use serde_json::{json, Value};
use ucan::{
builder::UcanBuilder,
capability::{Capability, Resource, With},
crypto::KeyMaterial,
store::UcanJwtStore,
Ucan,
};
use ucan::{builder::UcanBuilder, crypto::KeyMaterial, store::UcanJwtStore, Ucan};

use tokio_stream::StreamExt;

Expand Down Expand Up @@ -76,28 +70,24 @@ You will be able to add a new one after the old one is revoked"#,
let my_did = my_key.get_did().await?;
let latest_sphere_cid = db.require_version(&sphere_did).await?;
let authorization = workspace.authorization().await?;
let authorization_expiry: u64 = {
let authorization_expiry: Option<u64> = {
let ucan = authorization.resolve_ucan(&db).await?;
*ucan.expires_at()
ucan.expires_at().to_owned()
};

let mut signable = UcanBuilder::default()
let mut builder = UcanBuilder::default()
.issued_by(&my_key)
.for_audience(did)
.claiming_capability(&Capability {
with: With::Resource {
kind: Resource::Scoped(SphereReference {
did: sphere_did.to_string(),
}),
},
can: SphereAction::Authorize,
})
.with_expiration(authorization_expiry)
.with_nonce()
// TODO(ucan-wg/rs-ucan#32): Clean this up when we can use a CID as an authorization
// .witnessed_by(&authorization)
.build()?;
.claiming_capability(&generate_capability(&sphere_did, SphereAbility::Authorize))
.with_nonce();
// TODO(ucan-wg/rs-ucan#32): Clean this up when we can use a CID as an authorization
// .witnessed_by(&authorization)

if let Some(exp) = authorization_expiry {
builder = builder.with_expiration(exp);
}

let mut signable = builder.build()?;
signable
.proofs
.push(Cid::try_from(&authorization)?.to_string());
Expand Down
2 changes: 1 addition & 1 deletion rust/noosphere-core/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ anyhow = "^1"
fastcdc = "3"
futures = "~0.3"
serde = { workspace = true }
serde_json = { workspace = true }
byteorder = "^1.4"
base64 = "0.21"
ed25519-zebra = "^3"
Expand All @@ -58,7 +59,6 @@ sentry-tracing = { workspace = true, optional = true }
[dev-dependencies]
wasm-bindgen-test = { workspace = true }
serde_bytes = "~0.11"
serde_json = { workspace = true }

[target.'cfg(not(target_arch = "wasm32"))'.dependencies]
tokio = { version = "^1", features = ["full"] }
Expand Down
15 changes: 4 additions & 11 deletions rust/noosphere-core/src/authority/author.rs
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
use crate::{
authority::{
generate_ed25519_key, Authorization, SphereAction, SphereReference, SPHERE_SEMANTICS,
SUPPORTED_KEYS,
generate_ed25519_key, Authorization, SphereAbility, SPHERE_SEMANTICS, SUPPORTED_KEYS,
},
data::Did,
};
use anyhow::{anyhow, Result};
use noosphere_storage::{SphereDb, Storage};
use ucan::{
capability::{Capability, Resource, With},
chain::ProofChain,
crypto::{did::DidParser, KeyMaterial},
};
use ucan_key_support::ed25519::Ed25519KeyMaterial;

use super::generate_capability;

/// The level of access that a given user has to a related resource. Broadly,
/// a user will always have either read/write access (to their own sphere) or
/// else read-only access (to all other spheres).
Expand Down Expand Up @@ -79,14 +79,7 @@ where
return Ok(Access::ReadOnly);
}

let read_write_capability = Capability {
with: With::Resource {
kind: Resource::Scoped(SphereReference {
did: sphere_identity.to_string(),
}),
},
can: SphereAction::Push,
};
let read_write_capability = generate_capability(sphere_identity, SphereAbility::Push);
let mut did_parser = DidParser::new(SUPPORTED_KEYS);
let proof_chain = ProofChain::from_ucan(ucan, None, &mut did_parser, db).await?;

Expand Down
Loading

0 comments on commit 2146dd0

Please sign in to comment.