Skip to content
This repository has been archived by the owner on Sep 21, 2024. It is now read-only.

feat: Update to rs-ucan 0.4.0, implementing Ucan 0.10ish. #449

Merged
merged 1 commit into from
Jun 28, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 43 additions & 20 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,8 @@ tracing = { version = "0.1" }
tracing-subscriber = { version = "~0.3.16", features = ["env-filter", "tracing-log"] }
thiserror = { version = "1" }
gloo-timers = { version = "0.2", features = ["futures"] }
ucan = { version = "0.3.2" }
ucan-key-support = { version = "0.1.6" }
ucan = { version = "0.4.0" }
ucan-key-support = { version = "0.1.7" }
libipld = { version = "0.16" }
libipld-core = { version = "0.16" }
libipld-cbor = { version = "0.16" }
Expand Down
1 change: 1 addition & 0 deletions c/example/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ void test_errors() {
assert(error_message != NULL);
assert(ns_error_code_get(error) == NS_ERROR_CODE_OTHER);

ns_error_free(error);
ns_string_free(error_message);
ns_free(noosphere);
}
Expand Down
44 changes: 7 additions & 37 deletions rust/noosphere-api/src/client.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ use libipld_cbor::DagCborCodec;
use noosphere_car::CarReader;

use noosphere_core::{
authority::{Author, SphereAction, SphereReference},
authority::{generate_capability, Author, SphereAbility, SphereReference},
data::{Link, MemoIpld},
};
use noosphere_storage::{block_deserialize, block_serialize};
Expand All @@ -22,7 +22,7 @@ use tokio_stream::{Stream, StreamExt};
use tokio_util::io::StreamReader;
use ucan::{
builder::UcanBuilder,
capability::{Capability, Resource, With},
capability::CapabilityView,
crypto::{did::DidParser, KeyMaterial},
store::{UcanJwtStore, UcanStore},
ucan::Ucan,
Expand Down Expand Up @@ -82,14 +82,7 @@ where
let (jwt, ucan_headers) = Self::make_bearer_token(
&gateway_identity,
author,
&Capability {
with: With::Resource {
kind: Resource::Scoped(SphereReference {
did: sphere_identity.to_string(),
}),
},
can: SphereAction::Fetch,
},
&generate_capability(sphere_identity, SphereAbility::Fetch),
&store,
)
.await?;
Expand Down Expand Up @@ -123,7 +116,7 @@ where
async fn make_bearer_token(
gateway_identity: &str,
author: &Author<K>,
capability: &Capability<SphereReference, SphereAction>,
capability: &CapabilityView<SphereReference, SphereAbility>,
store: &S,
) -> Result<(String, HeaderMap)> {
let mut signable = UcanBuilder::default()
Expand Down Expand Up @@ -206,14 +199,7 @@ where

debug!("Client replicating {} from {}", memo_version, url);

let capability = Capability {
with: With::Resource {
kind: Resource::Scoped(SphereReference {
did: self.sphere_identity.clone(),
}),
},
can: SphereAction::Fetch,
};
let capability = generate_capability(&self.sphere_identity, SphereAbility::Fetch);

let (token, ucan_headers) = Self::make_bearer_token(
&self.session.gateway_identity,
Expand Down Expand Up @@ -258,15 +244,7 @@ where

debug!("Client fetching blocks from {}", url);

let capability = Capability {
with: With::Resource {
kind: Resource::Scoped(SphereReference {
did: self.sphere_identity.clone(),
}),
},
can: SphereAction::Fetch,
};

let capability = generate_capability(&self.sphere_identity, SphereAbility::Fetch);
let (token, ucan_headers) = Self::make_bearer_token(
&self.session.gateway_identity,
&self.author,
Expand Down Expand Up @@ -321,15 +299,7 @@ where
push_body.sphere,
url
);
let capability = Capability {
with: With::Resource {
kind: Resource::Scoped(SphereReference {
did: self.sphere_identity.clone(),
}),
},
can: SphereAction::Push,
};

let capability = generate_capability(&self.sphere_identity, SphereAbility::Push);
let (token, ucan_headers) = Self::make_bearer_token(
&self.session.gateway_identity,
&self.author,
Expand Down
13 changes: 2 additions & 11 deletions rust/noosphere-api/src/data.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,14 @@ use std::{fmt::Display, str::FromStr};
use anyhow::{anyhow, Result};
use cid::Cid;
use noosphere_core::{
authority::{SphereAction, SphereReference, SPHERE_SEMANTICS},
authority::{generate_capability, SphereAbility, SPHERE_SEMANTICS},
data::{Bundle, Did, Jwt, Link, MemoIpld},
};
use noosphere_storage::{base64_decode, base64_encode};
use reqwest::StatusCode;
use serde::{Deserialize, Deserializer, Serialize};
use thiserror::Error;
use ucan::{
capability::{Capability, Resource, With},
chain::ProofChain,
crypto::{did::DidParser, KeyMaterial},
store::UcanStore,
Expand Down Expand Up @@ -227,15 +226,7 @@ impl IdentifyResponse {
return Err(anyhow!("Wrong audience!"));
}

let capability = Capability {
with: With::Resource {
kind: Resource::Scoped(SphereReference {
did: self.sphere_identity.to_string(),
}),
},
can: SphereAction::Push,
};

let capability = generate_capability(&self.sphere_identity, SphereAbility::Push);
let capability_infos = proof.reduce_capabilities(&SPHERE_SEMANTICS);

for capability_info in capability_infos {
Expand Down
38 changes: 14 additions & 24 deletions rust/noosphere-cli/src/native/commands/auth.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,12 @@ use std::{convert::TryFrom, str::FromStr};
use anyhow::{anyhow, Result};
use cid::Cid;
use noosphere_core::{
authority::{SphereAction, SphereReference},
authority::{generate_capability, SphereAbility},
data::{DelegationIpld, Link, RevocationIpld},
view::{Sphere, SphereMutation},
};
use serde_json::{json, Value};
use ucan::{
builder::UcanBuilder,
capability::{Capability, Resource, With},
crypto::KeyMaterial,
store::UcanJwtStore,
Ucan,
};
use ucan::{builder::UcanBuilder, crypto::KeyMaterial, store::UcanJwtStore, Ucan};

use tokio_stream::StreamExt;

Expand Down Expand Up @@ -76,28 +70,24 @@ You will be able to add a new one after the old one is revoked"#,
let my_did = my_key.get_did().await?;
let latest_sphere_cid = db.require_version(&sphere_did).await?;
let authorization = workspace.authorization().await?;
let authorization_expiry: u64 = {
let authorization_expiry: Option<u64> = {
let ucan = authorization.resolve_ucan(&db).await?;
*ucan.expires_at()
ucan.expires_at().to_owned()
};

let mut signable = UcanBuilder::default()
let mut builder = UcanBuilder::default()
.issued_by(&my_key)
.for_audience(did)
.claiming_capability(&Capability {
with: With::Resource {
kind: Resource::Scoped(SphereReference {
did: sphere_did.to_string(),
}),
},
can: SphereAction::Authorize,
})
.with_expiration(authorization_expiry)
.with_nonce()
// TODO(ucan-wg/rs-ucan#32): Clean this up when we can use a CID as an authorization
// .witnessed_by(&authorization)
.build()?;
.claiming_capability(&generate_capability(&sphere_did, SphereAbility::Authorize))
.with_nonce();
// TODO(ucan-wg/rs-ucan#32): Clean this up when we can use a CID as an authorization
// .witnessed_by(&authorization)

if let Some(exp) = authorization_expiry {
builder = builder.with_expiration(exp);
}

let mut signable = builder.build()?;
signable
.proofs
.push(Cid::try_from(&authorization)?.to_string());
Expand Down
2 changes: 1 addition & 1 deletion rust/noosphere-core/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ anyhow = "^1"
fastcdc = "3"
futures = "~0.3"
serde = { workspace = true }
serde_json = { workspace = true }
byteorder = "^1.4"
base64 = "0.21"
ed25519-zebra = "^3"
Expand All @@ -58,7 +59,6 @@ sentry-tracing = { workspace = true, optional = true }
[dev-dependencies]
wasm-bindgen-test = { workspace = true }
serde_bytes = "~0.11"
serde_json = { workspace = true }

[target.'cfg(not(target_arch = "wasm32"))'.dependencies]
tokio = { version = "^1", features = ["full"] }
Expand Down
Loading