start access/delegate invocation handler in access-api (and access-cl…

…ient types)
storacha · Feb 7, 2023 · 2991b71 · 2991b71
1 parent edeee6b
commit 2991b71
Show file tree

Hide file tree

Showing 6 changed files with 106 additions and 1 deletion.
diff --git a/packages/access-api/package.json b/packages/access-api/package.json
@@ -85,7 +85,17 @@
       "WebSocketPair": "readonly"
     },
     "rules": {
-      "unicorn/prefer-number-properties": "off"
+      "unicorn/prefer-number-properties": "off",
+      "jsdoc/no-undefined-types": [
+        "error",
+        {
+          "definedTypes": [
+            "Awaited",
+            "D1Database",
+            "Iterable"
+          ]
+        }
+      ]
     }
   },
   "eslintIgnore": [

diff --git a/packages/access-api/src/service/access-delegate.js b/packages/access-api/src/service/access-delegate.js
@@ -0,0 +1,11 @@
+import * as Server from '@ucanto/server'
+import { delegate } from '@web3-storage/capabilities/access'
+
+/**
+ * @param {import('../bindings').RouteContext} ctx
+ */
+export function accessDelegateProvider(ctx) {
+  return Server.provide(delegate, async ({ capability, invocation }) => {
+    return {}
+  })
+}
diff --git a/packages/access-api/src/service/index.js b/packages/access-api/src/service/index.js
@@ -11,6 +11,7 @@ import { voucherClaimProvider } from './voucher-claim.js'
 import { voucherRedeemProvider } from './voucher-redeem.js'
 import * as uploadApi from './upload-api-proxy.js'
 import { accessAuthorizeProvider } from './access-authorize.js'
+import { accessDelegateProvider } from './access-delegate.js'
 
 /**
  * @param {import('../bindings').RouteContext} ctx
@@ -26,6 +27,7 @@ export function service(ctx) {
 
     access: {
       authorize: accessAuthorizeProvider(ctx),
+      delegate: accessDelegateProvider(ctx),
     },
     voucher: {
       claim: voucherClaimProvider(ctx),

diff --git a/packages/access-api/test/access-delegate.test.js b/packages/access-api/test/access-delegate.test.js
@@ -0,0 +1,79 @@
+import { context } from './helpers/context.js'
+import * as Access from '@web3-storage/capabilities/access'
+import * as assert from 'node:assert'
+// eslint-disable-next-line no-unused-vars
+import * as Ucanto from '@ucanto/interface'
+import { delegate } from '@ucanto/core'
+
+describe('access/delegate', function () {
+  for (const [variantName, createInvocation] of Object.entries(
+    namedDelegateVariants()
+  )) {
+    it(`handles invocation variant ${variantName}`, async () => {
+      const { service, conn, issuer } = await context()
+      const invocation = await createInvocation({ issuer, audience: service })
+      const [result] = await conn.execute(invocation)
+      assert.notDeepEqual(
+        result.error,
+        true,
+        'invocation result is not an error'
+      )
+    })
+  }
+})
+
+/**
+ * @typedef {(options: { issuer: Ucanto.Signer<Ucanto.DID<'key'>>, audience: Ucanto.Principal }) => Promise<Ucanto.Delegation<[Ucanto.InferInvokedCapability<typeof Access.delegate>]>>} AccessDelegateInvocationFactory
+ */
+
+/**
+ * create valid delegate invocation with an empty delegation set
+ *
+ * @type {AccessDelegateInvocationFactory}
+ */
+function withEmptyDelegationSet({ issuer, audience }) {
+  return Access.delegate
+    .invoke({
+      issuer,
+      audience,
+      with: issuer.did(),
+      nb: {
+        delegations: {},
+      },
+    })
+    .delegate()
+}
+
+/**
+ * create a valid delegate invocation with a single delegation in nb.delegations set
+ *
+ * @type {AccessDelegateInvocationFactory}
+ */
+async function withSingleDelegation({ issuer, audience }) {
+  return Access.delegate
+    .invoke({
+      issuer,
+      audience,
+      with: issuer.did(),
+      nb: {
+        delegations: {
+          notACid: await delegate({
+            issuer,
+            audience,
+            capabilities: [{ can: '*', with: 'urn:foo' }],
+          }).then(({ cid }) => cid),
+        },
+      },
+    })
+    .delegate()
+}
+
+/**
+ * @returns {Record<string, AccessDelegateInvocationFactory>}
+ */
+function namedDelegateVariants() {
+  return {
+    withEmptyDelegationSet,
+    withSingleDelegation,
+  }
+}
diff --git a/packages/access-client/src/types.ts b/packages/access-client/src/types.ts
@@ -32,6 +32,7 @@ import type {
   VoucherRedeem,
   Top,
   AccessAuthorize,
+  AccessDelegate,
 } from '@web3-storage/capabilities/types'
 import type { SetRequired } from 'type-fest'
 import { Driver } from './drivers/types.js'
@@ -90,6 +91,7 @@ export interface Service {
   access: {
     // returns a URL string for tests or nothing in other envs
     authorize: ServiceMethod<AccessAuthorize, string | undefined, Failure>
+    delegate: ServiceMethod<AccessDelegate, void, Failure>
   }
   voucher: {
     claim: ServiceMethod<

diff --git a/packages/capabilities/src/types.ts b/packages/capabilities/src/types.ts
@@ -12,6 +12,7 @@ export type Access = InferInvokedCapability<typeof AccessCaps.access>
 export type AccessAuthorize = InferInvokedCapability<
   typeof AccessCaps.authorize
 >
+export type AccessDelegate = InferInvokedCapability<typeof AccessCaps.delegate>
 export type AccessSession = InferInvokedCapability<typeof AccessCaps.session>
 
 // Space