Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat!: upgrade capabilities to latest ucanto #463

Merged
merged 8 commits into from
Mar 1, 2023
Merged

Conversation

Gozala
Copy link
Contributor

@Gozala Gozala commented Feb 28, 2023

Upgrades everything to [email protected]

Overview

  1. Updates to capabilities package due to changes in ucanto
    • Dropping workarounds that were in place due to lack of native * support on abilities.
    • Removes obsolete derives: equalWith as that is default when derives is omitted.
    • Wraps nb defs in Schema.struct because ucanto removed bunch of code in capabality stuff that was duplicating Schema stuff.
  2. Changes to access/authorize to get tests to pass
    • Update capability definition according to spec
    • Updated capability provider which simply re-delegates access/authorize from service to account DID and passes that in the query parameter.
    • Email validator takes the clicked link and issues 1. absent signed delegation from account 2. attestation from the service
    • Above two are also send over websocket

I would encourage viewing this PR with "hide whitespace" option, otherwise indentation changes make it really hard to read.

image

fixes #457, #461

@Gozala Gozala temporarily deployed to dev March 1, 2023 00:51 — with GitHub Actions Inactive
@Gozala Gozala temporarily deployed to dev March 1, 2023 00:56 — with GitHub Actions Inactive
@Gozala Gozala temporarily deployed to dev March 1, 2023 03:45 — with GitHub Actions Inactive
@Gozala Gozala requested review from gobengo and alanshaw March 1, 2023 03:53
@Gozala Gozala marked this pull request as ready for review March 1, 2023 03:53
@Gozala Gozala temporarily deployed to dev March 1, 2023 03:56 — with GitHub Actions Inactive
with: URI.match({ protocol: 'did:' }),
derives: equalWith,
}),
export const space = capability({
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are we no longer deriving from top?

Copy link
Contributor Author

@Gozala Gozala Mar 1, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because ucanto now natively supports * patterns

@Gozala Gozala temporarily deployed to dev March 1, 2023 17:14 — with GitHub Actions Inactive
@heyjay44 heyjay44 added this to the w3up phase 3 milestone Mar 1, 2023
nb: {
key: capability.with,
},
audience: DID.parse(capability.nb.iss),
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

information coming in is

{
   with: "did:key:zAlice",
   can: "access/authorize",  
   nb: {
      iss:  "did:malito:web.mail:alice"
      att: [{ can: "*" }]
  }
}

Copy link
Contributor Author

@Gozala Gozala Mar 1, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

{ 
   "iss": "did:web:web3.storage",
   "aud": "did:malito:web.mail:alice",
   "expiration": 15,
   "att": [{
        can: "access/confirm",
        with: "did:web:web.storage",
        nb: {
            aud: "did:key:zAlice",
            iss: "did:malito:web.mail:alice",
            att: [{ can: "*" }]
        }
    }]
}

const claimAsAccount = Access.claim.invoke({
issuer: account,
issuer: agent,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should be able to issue this with account right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could, but you should not

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

after discussing with @Gozala I realized this isn't important. with is still accountDID so it still selects delegations with aud=accountDID. That's what @Gozala meant i think.

}

// TODO: We clearly should not render that access/delegate in the QR code, but
// I'm not sure what this QR code is used for.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same

@Gozala Gozala merged commit 2d786ee into main Mar 1, 2023
Gozala pushed a commit that referenced this pull request Mar 2, 2023
🤖 I have created a release *beep* *boop*
---


##
[3.0.0](capabilities-v2.3.0...capabilities-v3.0.0)
(2023-03-01)


### ⚠ BREAKING CHANGES

* upgrade capabilities to latest ucanto
([#463](#463))

### Features

* handle access/delegate invocations without error
([#427](#427))
([4f0bd1c](4f0bd1c))
* upgrade capabilities to latest ucanto
([#463](#463))
([2d786ee](2d786ee))


### Bug Fixes

* allow injecting email
([#466](#466))
([e19847f](e19847f))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
Gozala added a commit that referenced this pull request Mar 8, 2023
🤖 I have created a release *beep* *boop*
---


##
[7.0.0](upload-client-v6.0.0...upload-client-v7.0.0)
(2023-03-08)


### ⚠ BREAKING CHANGES

* upgrade capabilities to latest ucanto
([#463](#463))

### Features

* upgrade capabilities to latest ucanto
([#463](#463))
([2d786ee](2d786ee))
* upgrade to new ucanto
([#498](#498))
([dcb41a9](dcb41a9))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: Irakli Gozalishvili <[email protected]>
Gozala added a commit that referenced this pull request Mar 8, 2023
🤖 I have created a release *beep* *boop*
---


##
[10.0.0](access-v9.4.0...access-v10.0.0)
(2023-03-08)


### ⚠ BREAKING CHANGES

* upgrade capabilities to latest ucanto
([#463](#463))

### Features

* access-api handles provider/add invocations
([#462](#462))
([5fb56f7](5fb56f7))
* access-api serves access/claim invocations
([#456](#456))
([baacf35](baacf35))
* handle access/delegate invocations without error
([#427](#427))
([4f0bd1c](4f0bd1c))
* upgrade capabilities to latest ucanto
([#463](#463))
([2d786ee](2d786ee))
* upgrade to new ucanto
([#498](#498))
([dcb41a9](dcb41a9))


### Bug Fixes

* allow injecting email
([#466](#466))
([e19847f](e19847f))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: Irakli Gozalishvili <[email protected]>
alanshaw pushed a commit that referenced this pull request Mar 23, 2023
🤖 I have created a release *beep* *boop*
---


##
[5.0.0](access-api-v4.11.0...access-api-v5.0.0)
(2023-03-23)


### ⚠ BREAKING CHANGES

* implement new account-based multi-device flow
([#433](#433))
* upgrade capabilities to latest ucanto
([#463](#463))

### Features

* access-api handles provider/add invocations
([#462](#462))
([5fb56f7](5fb56f7))
* access-api serves access/claim invocations
([#456](#456))
([baacf35](baacf35))
* access/authorize confirmation email click results in a delegation back
to the issuer did:key so that access/claim works
([#460](#460))
([a466a7d](a466a7d))
* allow multiple providers
([#595](#595))
([96c5a2e](96c5a2e))
* define `access/confirm` handler and use it in ucanto-test-utils
registerSpaces + validate-email handler
([#530](#530))
([b1bbc90](b1bbc90))
* handle access/delegate invocations without error
([#427](#427))
([4f0bd1c](4f0bd1c))
* if POST /validate-email?mode=authorize catches error w/ too big qr
code ([#516](#516))
([d0df525](d0df525))
* implement new account-based multi-device flow
([#433](#433))
([1ddc6a0](1ddc6a0))
* includes proofs chains in the delegated authorization chain
([#467](#467))
([5144293](5144293))
* move access-api delegation bytes out of d1 and into r2
([#578](#578))
([4510c9a](4510c9a))
* move validation flow to a Durable Object to make it ⏩ fast ⏩ fast ⏩
fast ⏩ ([#449](#449))
([02d7552](02d7552))
* provision provider type is now the DID of the w3s service
([#528](#528))
([6a72855](6a72855))
* space/info will not error for spaces that have had storage provider
added via provider/add
([#510](#510))
([ea4e872](ea4e872))
* upgrade capabilities to latest ucanto
([#463](#463))
([2d786ee](2d786ee))
* upgrade to new ucanto
([#498](#498))
([dcb41a9](dcb41a9))
* write invocations and receipts into ucan log
([#592](#592))
([754bf52](754bf52))


### Bug Fixes

* access/delegate checks hasStorageProvider(space) in a way that
provider/add allows access/delegate
([#483](#483))
([f4c640d](f4c640d))
* adjust migration 0005 to keep delegations table but create new used
delegations_v2
([#469](#469))
([a205ad1](a205ad1))
* adjust migration 0005 to not do a drop table and instead rename
delegations -&gt; delegations_old and create a new delegations
([#468](#468))
([6c8242d](6c8242d))
* allow injecting email
([#466](#466))
([e19847f](e19847f))
* DbDelegationsStorage#find throws UnexpectedDelegation w/ { row } if
failed bytesToDelegations
([#476](#476))
([a6dafcb](a6dafcb))
* DbProvisionsStorage putMany doesnt error on cid col conflict
([#517](#517))
([c1fea63](c1fea63))
* delegations model tries to handle if row.bytes is Array not Buffer
(e.g. cloudflare)
([#478](#478))
([030e7b7](030e7b7))


### Miscellaneous Chores

* **access-client:** release 11.0.0-rc.0
([#573](#573))
([be4386d](be4386d))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
gobengo pushed a commit that referenced this pull request Apr 11, 2023
🤖 I have created a release *beep* *boop*
---


##
[3.0.0](capabilities-v2.3.0...capabilities-v3.0.0)
(2023-03-01)


### ⚠ BREAKING CHANGES

* upgrade capabilities to latest ucanto
([#463](#463))

### Features

* handle access/delegate invocations without error
([#427](#427))
([db01d07](db01d07))
* upgrade capabilities to latest ucanto
([#463](#463))
([e375ae4](e375ae4))


### Bug Fixes

* allow injecting email
([#466](#466))
([b4b0173](b4b0173))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
gobengo pushed a commit that referenced this pull request Apr 11, 2023
🤖 I have created a release *beep* *boop*
---


##
[7.0.0](upload-client-v6.0.0...upload-client-v7.0.0)
(2023-03-08)


### ⚠ BREAKING CHANGES

* upgrade capabilities to latest ucanto
([#463](#463))

### Features

* upgrade capabilities to latest ucanto
([#463](#463))
([e375ae4](e375ae4))
* upgrade to new ucanto
([#498](#498))
([790750d](790750d))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: Irakli Gozalishvili <[email protected]>
gobengo pushed a commit that referenced this pull request Apr 11, 2023
🤖 I have created a release *beep* *boop*
---


##
[10.0.0](access-v9.4.0...access-v10.0.0)
(2023-03-08)


### ⚠ BREAKING CHANGES

* upgrade capabilities to latest ucanto
([#463](#463))

### Features

* access-api handles provider/add invocations
([#462](#462))
([46da0df](46da0df))
* access-api serves access/claim invocations
([#456](#456))
([2ec16e9](2ec16e9))
* handle access/delegate invocations without error
([#427](#427))
([db01d07](db01d07))
* upgrade capabilities to latest ucanto
([#463](#463))
([e375ae4](e375ae4))
* upgrade to new ucanto
([#498](#498))
([790750d](790750d))


### Bug Fixes

* allow injecting email
([#466](#466))
([b4b0173](b4b0173))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: Irakli Gozalishvili <[email protected]>
gobengo pushed a commit that referenced this pull request Apr 11, 2023
🤖 I have created a release *beep* *boop*
---


##
[5.0.0](access-api-v4.11.0...access-api-v5.0.0)
(2023-03-23)


### ⚠ BREAKING CHANGES

* implement new account-based multi-device flow
([#433](#433))
* upgrade capabilities to latest ucanto
([#463](#463))

### Features

* access-api handles provider/add invocations
([#462](#462))
([46da0df](46da0df))
* access-api serves access/claim invocations
([#456](#456))
([2ec16e9](2ec16e9))
* access/authorize confirmation email click results in a delegation back
to the issuer did:key so that access/claim works
([#460](#460))
([fc62691](fc62691))
* allow multiple providers
([#595](#595))
([aba57b3](aba57b3))
* define `access/confirm` handler and use it in ucanto-test-utils
registerSpaces + validate-email handler
([#530](#530))
([a08b513](a08b513))
* handle access/delegate invocations without error
([#427](#427))
([db01d07](db01d07))
* if POST /validate-email?mode=authorize catches error w/ too big qr
code ([#516](#516))
([ab83b19](ab83b19))
* implement new account-based multi-device flow
([#433](#433))
([6152e55](6152e55))
* includes proofs chains in the delegated authorization chain
([#467](#467))
([743a72f](743a72f))
* move access-api delegation bytes out of d1 and into r2
([#578](#578))
([3029e4a](3029e4a))
* move validation flow to a Durable Object to make it ⏩ fast ⏩ fast ⏩
fast ⏩ ([#449](#449))
([3868d97](3868d97))
* provision provider type is now the DID of the w3s service
([#528](#528))
([4cd6cd9](4cd6cd9))
* space/info will not error for spaces that have had storage provider
added via provider/add
([#510](#510))
([362024f](362024f))
* upgrade capabilities to latest ucanto
([#463](#463))
([e375ae4](e375ae4))
* upgrade to new ucanto
([#498](#498))
([790750d](790750d))
* write invocations and receipts into ucan log
([#592](#592))
([d52a281](d52a281))


### Bug Fixes

* access/delegate checks hasStorageProvider(space) in a way that
provider/add allows access/delegate
([#483](#483))
([1d3d562](1d3d562))
* adjust migration 0005 to keep delegations table but create new used
delegations_v2
([#469](#469))
([d90825a](d90825a))
* adjust migration 0005 to not do a drop table and instead rename
delegations -&gt; delegations_old and create a new delegations
([#468](#468))
([89f2acd](89f2acd))
* allow injecting email
([#466](#466))
([b4b0173](b4b0173))
* DbDelegationsStorage#find throws UnexpectedDelegation w/ { row } if
failed bytesToDelegations
([#476](#476))
([660f773](660f773))
* DbProvisionsStorage putMany doesnt error on cid col conflict
([#517](#517))
([8c6dea8](8c6dea8))
* delegations model tries to handle if row.bytes is Array not Buffer
(e.g. cloudflare)
([#478](#478))
([02c0c28](02c0c28))


### Miscellaneous Chores

* **access-client:** release 11.0.0-rc.0
([#573](#573))
([29daa02](29daa02))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Succesfull access/authorize should delegate capabilities to the agent so it can claim them
4 participants