@1sat/wallet 0.0.42 → 0.0.44
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -2
- package/dist/index.js.map +1 -1
- package/dist/permissions/index.d.ts +2 -3
- package/dist/permissions/index.d.ts.map +1 -1
- package/dist/permissions/index.js +1 -1
- package/dist/permissions/index.js.map +1 -1
- package/dist/permissions/manager.d.ts +120 -0
- package/dist/permissions/manager.d.ts.map +1 -0
- package/dist/permissions/manager.js +470 -0
- package/dist/permissions/manager.js.map +1 -0
- package/dist/permissions/types.d.ts +2 -69
- package/dist/permissions/types.d.ts.map +1 -1
- package/package.json +2 -2
- package/dist/permissions/adapter.d.ts +0 -91
- package/dist/permissions/adapter.d.ts.map +0 -1
- package/dist/permissions/adapter.js +0 -317
- package/dist/permissions/adapter.js.map +0 -1
package/dist/index.d.ts
CHANGED
|
@@ -8,6 +8,6 @@ export { FileBackupProvider, FileRestoreReader, Zip, ZipDeflate, unzip, type Bac
|
|
|
8
8
|
export { ChromeCWI, CWIEventName, EventCWI, createChromeCWI, createCWI, createEventCWI, createSigmaCWI, createWebCWI, type CWIResponseDetail, type CWITransport, type SigmaCWIConfig, type SigmaCWIResult, type WebCWIConfig, type WebCWIResult, } from './cwi';
|
|
9
9
|
export { parsePrivateKey } from './parsePrivateKey';
|
|
10
10
|
export { createWalletCore, DEFAULT_FEE_MODEL, DEFAULT_CONNECTION_TIMEOUT, type Chain, type WalletCoreConfig, type WalletCoreResult, } from './factory';
|
|
11
|
-
export { filterGroupedByMissing, InMemoryPermissionStore, isExpired,
|
|
12
|
-
export type {
|
|
11
|
+
export { filterGroupedByMissing, InMemoryPermissionStore, isExpired, LocalWalletPermissionsManager, normalizeOriginator, permissionKeyFromRequest, permissionKeysFromGroup, permissionKeyToString, } from './permissions';
|
|
12
|
+
export type { IPermissionStore, ListGrantsFilter, LocalWalletPermissionsManagerOptions, PermissionKey, PermissionType, StoredGrant, } from './permissions';
|
|
13
13
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAC7C,YAAY,EACX,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,UAAU,EACV,aAAa,EACb,UAAU,GACV,MAAM,aAAa,CAAA;AAGpB,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAA;AAGzD,OAAO,EACN,YAAY,EACZ,UAAU,EACV,UAAU,EACV,WAAW,EACX,iBAAiB,EACjB,WAAW,EACX,WAAW,EACX,aAAa,EACb,SAAS,GACT,MAAM,cAAc,CAAA;AAGrB,OAAO,EACN,YAAY,EACZ,aAAa,EACb,iBAAiB,EACjB,WAAW,EACX,OAAO,EACP,kBAAkB,EAClB,WAAW,EACX,OAAO,EACP,UAAU,EACV,WAAW,EACX,cAAc,EACd,aAAa,EACb,QAAQ,EACR,YAAY,EACZ,YAAY,EACZ,KAAK,KAAK,EACV,KAAK,UAAU,EACf,KAAK,IAAI,EACT,KAAK,SAAS,EACd,KAAK,YAAY,EACjB,KAAK,WAAW,EAChB,KAAK,MAAM,EACX,KAAK,YAAY,EACjB,KAAK,WAAW,EAChB,KAAK,KAAK,EACV,KAAK,GAAG,GACR,MAAM,YAAY,CAAA;AAGnB,OAAO,EACN,cAAc,EACd,iBAAiB,EACjB,YAAY,EACZ,KAAK,iBAAiB,GACtB,MAAM,gBAAgB,CAAA;AAGvB,OAAO,EACN,kBAAkB,EAClB,iBAAiB,EACjB,GAAG,EACH,UAAU,EACV,KAAK,EACL,KAAK,cAAc,EACnB,KAAK,sBAAsB,EAC3B,KAAK,mBAAmB,EACxB,KAAK,QAAQ,GACb,MAAM,UAAU,CAAA;AAGjB,OAAO,EACN,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,eAAe,EACf,SAAS,EACT,cAAc,EACd,cAAc,EACd,YAAY,EACZ,KAAK,iBAAiB,EACtB,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,YAAY,GACjB,MAAM,OAAO,CAAA;AAMd,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAGnD,OAAO,EACN,gBAAgB,EAChB,iBAAiB,EACjB,0BAA0B,EAC1B,KAAK,KAAK,EACV,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,GACrB,MAAM,WAAW,CAAA;AAGlB,OAAO,EACN,sBAAsB,EACtB,uBAAuB,EACvB,SAAS,EACT,mBAAmB,EACnB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAC7C,YAAY,EACX,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,UAAU,EACV,aAAa,EACb,UAAU,GACV,MAAM,aAAa,CAAA;AAGpB,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAA;AAGzD,OAAO,EACN,YAAY,EACZ,UAAU,EACV,UAAU,EACV,WAAW,EACX,iBAAiB,EACjB,WAAW,EACX,WAAW,EACX,aAAa,EACb,SAAS,GACT,MAAM,cAAc,CAAA;AAGrB,OAAO,EACN,YAAY,EACZ,aAAa,EACb,iBAAiB,EACjB,WAAW,EACX,OAAO,EACP,kBAAkB,EAClB,WAAW,EACX,OAAO,EACP,UAAU,EACV,WAAW,EACX,cAAc,EACd,aAAa,EACb,QAAQ,EACR,YAAY,EACZ,YAAY,EACZ,KAAK,KAAK,EACV,KAAK,UAAU,EACf,KAAK,IAAI,EACT,KAAK,SAAS,EACd,KAAK,YAAY,EACjB,KAAK,WAAW,EAChB,KAAK,MAAM,EACX,KAAK,YAAY,EACjB,KAAK,WAAW,EAChB,KAAK,KAAK,EACV,KAAK,GAAG,GACR,MAAM,YAAY,CAAA;AAGnB,OAAO,EACN,cAAc,EACd,iBAAiB,EACjB,YAAY,EACZ,KAAK,iBAAiB,GACtB,MAAM,gBAAgB,CAAA;AAGvB,OAAO,EACN,kBAAkB,EAClB,iBAAiB,EACjB,GAAG,EACH,UAAU,EACV,KAAK,EACL,KAAK,cAAc,EACnB,KAAK,sBAAsB,EAC3B,KAAK,mBAAmB,EACxB,KAAK,QAAQ,GACb,MAAM,UAAU,CAAA;AAGjB,OAAO,EACN,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,eAAe,EACf,SAAS,EACT,cAAc,EACd,cAAc,EACd,YAAY,EACZ,KAAK,iBAAiB,EACtB,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,YAAY,GACjB,MAAM,OAAO,CAAA;AAMd,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAGnD,OAAO,EACN,gBAAgB,EAChB,iBAAiB,EACjB,0BAA0B,EAC1B,KAAK,KAAK,EACV,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,GACrB,MAAM,WAAW,CAAA;AAGlB,OAAO,EACN,sBAAsB,EACtB,uBAAuB,EACvB,SAAS,EACT,6BAA6B,EAC7B,mBAAmB,EACnB,wBAAwB,EACxB,uBAAuB,EACvB,qBAAqB,GACrB,MAAM,eAAe,CAAA;AACtB,YAAY,EACX,gBAAgB,EAChB,gBAAgB,EAChB,oCAAoC,EACpC,aAAa,EACb,cAAc,EACd,WAAW,GACX,MAAM,eAAe,CAAA"}
|
package/dist/index.js
CHANGED
|
@@ -18,6 +18,6 @@ export { ChromeCWI, CWIEventName, EventCWI, createChromeCWI, createCWI, createEv
|
|
|
18
18
|
export { parsePrivateKey } from './parsePrivateKey';
|
|
19
19
|
// Factory core
|
|
20
20
|
export { createWalletCore, DEFAULT_FEE_MODEL, DEFAULT_CONNECTION_TIMEOUT, } from './factory';
|
|
21
|
-
// Permissions
|
|
22
|
-
export { filterGroupedByMissing, InMemoryPermissionStore, isExpired,
|
|
21
|
+
// Permissions — local-storage-backed WalletPermissionsManager
|
|
22
|
+
export { filterGroupedByMissing, InMemoryPermissionStore, isExpired, LocalWalletPermissionsManager, normalizeOriginator, permissionKeyFromRequest, permissionKeysFromGroup, permissionKeyToString, } from './permissions';
|
|
23
23
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,WAAW;AACX,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAU7C,UAAU;AACV,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAA;AAEzD,cAAc;AACd,OAAO,EACN,YAAY,EACZ,UAAU,EACV,UAAU,EACV,WAAW,EACX,iBAAiB,EACjB,WAAW,EACX,WAAW,EACX,aAAa,EACb,SAAS,GACT,MAAM,cAAc,CAAA;AAErB,WAAW;AACX,OAAO,EACN,YAAY,EACZ,aAAa,EACb,iBAAiB,EACjB,WAAW,EACX,OAAO,EACP,kBAAkB,EAClB,WAAW,EACX,OAAO,EACP,UAAU,EACV,WAAW,EACX,cAAc,EACd,aAAa,EACb,QAAQ,EACR,YAAY,EACZ,YAAY,GAYZ,MAAM,YAAY,CAAA;AAEnB,eAAe;AACf,OAAO,EACN,cAAc,EACd,iBAAiB,EACjB,YAAY,GAEZ,MAAM,gBAAgB,CAAA;AAEvB,SAAS;AACT,OAAO,EACN,kBAAkB,EAClB,iBAAiB,EACjB,GAAG,EACH,UAAU,EACV,KAAK,GAKL,MAAM,UAAU,CAAA;AAEjB,+BAA+B;AAC/B,OAAO,EACN,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,eAAe,EACf,SAAS,EACT,cAAc,EACd,cAAc,EACd,YAAY,GAOZ,MAAM,OAAO,CAAA;AAEd,8EAA8E;AAC9E,sDAAsD;AAEtD,oBAAoB;AACpB,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAEnD,eAAe;AACf,OAAO,EACN,gBAAgB,EAChB,iBAAiB,EACjB,0BAA0B,GAI1B,MAAM,WAAW,CAAA;AAElB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,WAAW;AACX,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAU7C,UAAU;AACV,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAA;AAEzD,cAAc;AACd,OAAO,EACN,YAAY,EACZ,UAAU,EACV,UAAU,EACV,WAAW,EACX,iBAAiB,EACjB,WAAW,EACX,WAAW,EACX,aAAa,EACb,SAAS,GACT,MAAM,cAAc,CAAA;AAErB,WAAW;AACX,OAAO,EACN,YAAY,EACZ,aAAa,EACb,iBAAiB,EACjB,WAAW,EACX,OAAO,EACP,kBAAkB,EAClB,WAAW,EACX,OAAO,EACP,UAAU,EACV,WAAW,EACX,cAAc,EACd,aAAa,EACb,QAAQ,EACR,YAAY,EACZ,YAAY,GAYZ,MAAM,YAAY,CAAA;AAEnB,eAAe;AACf,OAAO,EACN,cAAc,EACd,iBAAiB,EACjB,YAAY,GAEZ,MAAM,gBAAgB,CAAA;AAEvB,SAAS;AACT,OAAO,EACN,kBAAkB,EAClB,iBAAiB,EACjB,GAAG,EACH,UAAU,EACV,KAAK,GAKL,MAAM,UAAU,CAAA;AAEjB,+BAA+B;AAC/B,OAAO,EACN,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,eAAe,EACf,SAAS,EACT,cAAc,EACd,cAAc,EACd,YAAY,GAOZ,MAAM,OAAO,CAAA;AAEd,8EAA8E;AAC9E,sDAAsD;AAEtD,oBAAoB;AACpB,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAEnD,eAAe;AACf,OAAO,EACN,gBAAgB,EAChB,iBAAiB,EACjB,0BAA0B,GAI1B,MAAM,WAAW,CAAA;AAElB,8DAA8D;AAC9D,OAAO,EACN,sBAAsB,EACtB,uBAAuB,EACvB,SAAS,EACT,6BAA6B,EAC7B,mBAAmB,EACnB,wBAAwB,EACxB,uBAAuB,EACvB,qBAAqB,GACrB,MAAM,eAAe,CAAA"}
|
|
@@ -1,6 +1,5 @@
|
|
|
1
|
-
export { PermissionLedgerAdapter } from './adapter';
|
|
2
|
-
export type { PermissionLedgerAdapterOptions } from './adapter';
|
|
3
1
|
export { InMemoryPermissionStore } from './in-memory-store';
|
|
4
2
|
export { filterGroupedByMissing, isExpired, normalizeOriginator, permissionKeyFromRequest, permissionKeysFromGroup, permissionKeyToString, } from './key';
|
|
5
|
-
export
|
|
3
|
+
export { LocalWalletPermissionsManager, type LocalWalletPermissionsManagerOptions, } from './manager';
|
|
4
|
+
export type { IPermissionStore, ListGrantsFilter, PermissionKey, PermissionType, StoredGrant, } from './types';
|
|
6
5
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/permissions/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,uBAAuB,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/permissions/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,uBAAuB,EAAE,MAAM,mBAAmB,CAAA;AAC3D,OAAO,EACN,sBAAsB,EACtB,SAAS,EACT,mBAAmB,EACnB,wBAAwB,EACxB,uBAAuB,EACvB,qBAAqB,GACrB,MAAM,OAAO,CAAA;AACd,OAAO,EACN,6BAA6B,EAC7B,KAAK,oCAAoC,GACzC,MAAM,WAAW,CAAA;AAClB,YAAY,EACX,gBAAgB,EAChB,gBAAgB,EAChB,aAAa,EACb,cAAc,EACd,WAAW,GACX,MAAM,SAAS,CAAA"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { PermissionLedgerAdapter } from './adapter';
|
|
2
1
|
export { InMemoryPermissionStore } from './in-memory-store';
|
|
3
2
|
export { filterGroupedByMissing, isExpired, normalizeOriginator, permissionKeyFromRequest, permissionKeysFromGroup, permissionKeyToString, } from './key';
|
|
3
|
+
export { LocalWalletPermissionsManager, } from './manager';
|
|
4
4
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/permissions/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,uBAAuB,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/permissions/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,uBAAuB,EAAE,MAAM,mBAAmB,CAAA;AAC3D,OAAO,EACN,sBAAsB,EACtB,SAAS,EACT,mBAAmB,EACnB,wBAAwB,EACxB,uBAAuB,EACvB,qBAAqB,GACrB,MAAM,OAAO,CAAA;AACd,OAAO,EACN,6BAA6B,GAE7B,MAAM,WAAW,CAAA"}
|
|
@@ -0,0 +1,120 @@
|
|
|
1
|
+
import type { WalletInterface, WalletProtocol } from '@bsv/sdk';
|
|
2
|
+
import { type CounterpartyPermissionEventHandler, type GroupedPermissionEventHandler, type PermissionEventHandler, type PermissionToken, type PermissionsManagerConfig, WalletPermissionsManager, type WalletPermissionsManagerCallbacks } from '@bsv/wallet-toolbox/out/src/index.client.js';
|
|
3
|
+
import type { IPermissionStore } from './types';
|
|
4
|
+
export interface LocalWalletPermissionsManagerOptions {
|
|
5
|
+
/** Store grants are persisted into and read from. */
|
|
6
|
+
store: IPermissionStore;
|
|
7
|
+
}
|
|
8
|
+
type AnyPermissionEventHandler = PermissionEventHandler | GroupedPermissionEventHandler | CounterpartyPermissionEventHandler;
|
|
9
|
+
/**
|
|
10
|
+
* `WalletPermissionsManager` variant that persists grants to an injected
|
|
11
|
+
* `IPermissionStore` instead of minting on-chain PushDrop tokens.
|
|
12
|
+
*
|
|
13
|
+
* Interface-compatible with `WalletPermissionsManager` — swap the class name
|
|
14
|
+
* and keep every other call the same (`bindCallback`, `grantPermission`,
|
|
15
|
+
* `denyPermission`, etc.).
|
|
16
|
+
*
|
|
17
|
+
* Reads:
|
|
18
|
+
* - `ensure*Access` checks the local store first; on miss it delegates to
|
|
19
|
+
* super (which then consults its own cache, on-chain tokens, and falls
|
|
20
|
+
* through to firing a prompt). Existing on-chain grants are honored.
|
|
21
|
+
* - Because super's grouped-permission filter calls back through
|
|
22
|
+
* `this.has*Access` → `this.ensure*Access`, our overrides are picked up
|
|
23
|
+
* polymorphically and the connect-time grouped prompt only requests
|
|
24
|
+
* permissions still missing from the store.
|
|
25
|
+
*
|
|
26
|
+
* Writes:
|
|
27
|
+
* - `grantPermission` writes to the store and resolves super's pending
|
|
28
|
+
* request via `super.grantPermission({ ephemeral: true })` (no on-chain
|
|
29
|
+
* mint, no cache write).
|
|
30
|
+
* - `grantGroupedPermission` writes each granted sub-permission to the
|
|
31
|
+
* store and resolves super's pending request via
|
|
32
|
+
* `super.dismissGroupedPermission` (no on-chain mint).
|
|
33
|
+
*
|
|
34
|
+
* Counterparty pact grants pass through to super unchanged — those still go
|
|
35
|
+
* on-chain by design.
|
|
36
|
+
*/
|
|
37
|
+
export declare class LocalWalletPermissionsManager extends WalletPermissionsManager {
|
|
38
|
+
private readonly permissionStore;
|
|
39
|
+
private readonly pendingSingle;
|
|
40
|
+
private readonly pendingGrouped;
|
|
41
|
+
constructor(underlyingWallet: WalletInterface, adminOriginator: string, config: PermissionsManagerConfig | undefined, options: LocalWalletPermissionsManagerOptions);
|
|
42
|
+
bindCallback(eventName: keyof WalletPermissionsManagerCallbacks, handler: AnyPermissionEventHandler): number;
|
|
43
|
+
ensureProtocolPermission(args: {
|
|
44
|
+
originator: string;
|
|
45
|
+
privileged: boolean;
|
|
46
|
+
protocolID: WalletProtocol;
|
|
47
|
+
counterparty: string;
|
|
48
|
+
reason?: string;
|
|
49
|
+
seekPermission?: boolean;
|
|
50
|
+
usageType: 'signing' | 'encrypting' | 'hmac' | 'publicKey' | 'identityKey' | 'linkageRevelation' | 'generic';
|
|
51
|
+
}): Promise<boolean>;
|
|
52
|
+
ensureBasketAccess(args: {
|
|
53
|
+
originator: string;
|
|
54
|
+
basket: string;
|
|
55
|
+
reason?: string;
|
|
56
|
+
seekPermission?: boolean;
|
|
57
|
+
usageType: 'insertion' | 'removal' | 'listing';
|
|
58
|
+
}): Promise<boolean>;
|
|
59
|
+
ensureCertificateAccess(args: {
|
|
60
|
+
originator: string;
|
|
61
|
+
privileged: boolean;
|
|
62
|
+
verifier: string;
|
|
63
|
+
certType: string;
|
|
64
|
+
fields: string[];
|
|
65
|
+
reason?: string;
|
|
66
|
+
seekPermission?: boolean;
|
|
67
|
+
usageType: 'disclosure';
|
|
68
|
+
}): Promise<boolean>;
|
|
69
|
+
ensureSpendingAuthorization(args: {
|
|
70
|
+
originator: string;
|
|
71
|
+
satoshis: number;
|
|
72
|
+
lineItems?: Array<{
|
|
73
|
+
type: 'input' | 'output' | 'fee';
|
|
74
|
+
description: string;
|
|
75
|
+
satoshis: number;
|
|
76
|
+
}>;
|
|
77
|
+
reason?: string;
|
|
78
|
+
seekPermission?: boolean;
|
|
79
|
+
}): Promise<boolean>;
|
|
80
|
+
private storeHit;
|
|
81
|
+
grantPermission(params: {
|
|
82
|
+
requestID: string;
|
|
83
|
+
expiry?: number;
|
|
84
|
+
ephemeral?: boolean;
|
|
85
|
+
amount?: number;
|
|
86
|
+
}): Promise<void>;
|
|
87
|
+
denyPermission(requestID: string): Promise<void>;
|
|
88
|
+
grantGroupedPermission(params: {
|
|
89
|
+
requestID: string;
|
|
90
|
+
granted: Partial<import('@bsv/wallet-toolbox/out/src/index.client.js').GroupedPermissions>;
|
|
91
|
+
expiry?: number;
|
|
92
|
+
}): Promise<void>;
|
|
93
|
+
denyGroupedPermission(requestID: string): Promise<void>;
|
|
94
|
+
dismissGroupedPermission(requestID: string): Promise<void>;
|
|
95
|
+
listProtocolPermissions(filter?: {
|
|
96
|
+
originator?: string;
|
|
97
|
+
privileged?: boolean;
|
|
98
|
+
protocolName?: string;
|
|
99
|
+
protocolSecurityLevel?: number;
|
|
100
|
+
counterparty?: string;
|
|
101
|
+
}): Promise<PermissionToken[]>;
|
|
102
|
+
listBasketAccess(params?: {
|
|
103
|
+
originator?: string;
|
|
104
|
+
basket?: string;
|
|
105
|
+
}): Promise<PermissionToken[]>;
|
|
106
|
+
listSpendingAuthorizations(params: {
|
|
107
|
+
originator?: string;
|
|
108
|
+
}): Promise<PermissionToken[]>;
|
|
109
|
+
listCertificateAccess(params?: {
|
|
110
|
+
originator?: string;
|
|
111
|
+
privileged?: boolean;
|
|
112
|
+
certType?: string;
|
|
113
|
+
verifier?: string;
|
|
114
|
+
}): Promise<PermissionToken[]>;
|
|
115
|
+
private idbTokensFor;
|
|
116
|
+
revokeAllForOriginator(originator: string): Promise<PermissionToken[]>;
|
|
117
|
+
revokePermission(oldToken: PermissionToken): Promise<void>;
|
|
118
|
+
}
|
|
119
|
+
export {};
|
|
120
|
+
//# sourceMappingURL=manager.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../src/permissions/manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,UAAU,CAAA;AAC/D,OAAO,EACN,KAAK,kCAAkC,EACvC,KAAK,6BAA6B,EAElC,KAAK,sBAAsB,EAE3B,KAAK,eAAe,EACpB,KAAK,wBAAwB,EAC7B,wBAAwB,EACxB,KAAK,iCAAiC,EACtC,MAAM,6CAA6C,CAAA;AAOpD,OAAO,KAAK,EACX,gBAAgB,EAIhB,MAAM,SAAS,CAAA;AAIhB,MAAM,WAAW,oCAAoC;IACpD,qDAAqD;IACrD,KAAK,EAAE,gBAAgB,CAAA;CACvB;AAED,KAAK,yBAAyB,GAC3B,sBAAsB,GACtB,6BAA6B,GAC7B,kCAAkC,CAAA;AAErC;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,qBAAa,6BAA8B,SAAQ,wBAAwB;IAC1E,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAkB;IAClD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAG3B;IACH,OAAO,CAAC,QAAQ,CAAC,cAAc,CAA8C;gBAG5E,gBAAgB,EAAE,eAAe,EACjC,eAAe,EAAE,MAAM,EAEvB,MAAM,EAAE,wBAAwB,YAAK,EACrC,OAAO,EAAE,oCAAoC;IAW9B,YAAY,CAC3B,SAAS,EAAE,MAAM,iCAAiC,EAClD,OAAO,EAAE,yBAAyB,GAChC,MAAM;IAyBa,wBAAwB,CAAC,IAAI,EAAE;QACpD,UAAU,EAAE,MAAM,CAAA;QAClB,UAAU,EAAE,OAAO,CAAA;QACnB,UAAU,EAAE,cAAc,CAAA;QAC1B,YAAY,EAAE,MAAM,CAAA;QACpB,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,cAAc,CAAC,EAAE,OAAO,CAAA;QACxB,SAAS,EACN,SAAS,GACT,YAAY,GACZ,MAAM,GACN,WAAW,GACX,aAAa,GACb,mBAAmB,GACnB,SAAS,CAAA;KACZ,GAAG,OAAO,CAAC,OAAO,CAAC;IAeE,kBAAkB,CAAC,IAAI,EAAE;QAC9C,UAAU,EAAE,MAAM,CAAA;QAClB,MAAM,EAAE,MAAM,CAAA;QACd,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,cAAc,CAAC,EAAE,OAAO,CAAA;QACxB,SAAS,EAAE,WAAW,GAAG,SAAS,GAAG,SAAS,CAAA;KAC9C,GAAG,OAAO,CAAC,OAAO,CAAC;IAUE,uBAAuB,CAAC,IAAI,EAAE;QACnD,UAAU,EAAE,MAAM,CAAA;QAClB,UAAU,EAAE,OAAO,CAAA;QACnB,QAAQ,EAAE,MAAM,CAAA;QAChB,QAAQ,EAAE,MAAM,CAAA;QAChB,MAAM,EAAE,MAAM,EAAE,CAAA;QAChB,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,cAAc,CAAC,EAAE,OAAO,CAAA;QACxB,SAAS,EAAE,YAAY,CAAA;KACvB,GAAG,OAAO,CAAC,OAAO,CAAC;IAaE,2BAA2B,CAAC,IAAI,EAAE;QACvD,UAAU,EAAE,MAAM,CAAA;QAClB,QAAQ,EAAE,MAAM,CAAA;QAChB,SAAS,CAAC,EAAE,KAAK,CAAC;YACjB,IAAI,EAAE,OAAO,GAAG,QAAQ,GAAG,KAAK,CAAA;YAChC,WAAW,EAAE,MAAM,CAAA;YACnB,QAAQ,EAAE,MAAM,CAAA;SAChB,CAAC,CAAA;QACF,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,cAAc,CAAC,EAAE,OAAO,CAAA;KACxB,GAAG,OAAO,CAAC,OAAO,CAAC;YAgBN,QAAQ;IAUA,eAAe,CAAC,MAAM,EAAE;QAC7C,SAAS,EAAE,MAAM,CAAA;QACjB,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,SAAS,CAAC,EAAE,OAAO,CAAA;QACnB,MAAM,CAAC,EAAE,MAAM,CAAA;KACf,GAAG,OAAO,CAAC,IAAI,CAAC;IAwBK,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAKhD,sBAAsB,CAAC,MAAM,EAAE;QACpD,SAAS,EAAE,MAAM,CAAA;QACjB,OAAO,EAAE,OAAO,CACf,OAAO,6CAA6C,EAAE,kBAAkB,CACxE,CAAA;QACD,MAAM,CAAC,EAAE,MAAM,CAAA;KACf,GAAG,OAAO,CAAC,IAAI,CAAC;IAkEK,qBAAqB,CAC1C,SAAS,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC;IAKM,wBAAwB,CAC7C,SAAS,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC;IASM,uBAAuB,CAC5C,MAAM,GAAE;QACP,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,UAAU,CAAC,EAAE,OAAO,CAAA;QACpB,YAAY,CAAC,EAAE,MAAM,CAAA;QACrB,qBAAqB,CAAC,EAAE,MAAM,CAAA;QAC9B,YAAY,CAAC,EAAE,MAAM,CAAA;KAChB,GACJ,OAAO,CAAC,eAAe,EAAE,CAAC;IAiCP,gBAAgB,CACrC,MAAM,GAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAO,GACnD,OAAO,CAAC,eAAe,EAAE,CAAC;IAYP,0BAA0B,CAAC,MAAM,EAAE;QACxD,UAAU,CAAC,EAAE,MAAM,CAAA;KACnB,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAUR,qBAAqB,CAC1C,MAAM,GAAE;QACP,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,UAAU,CAAC,EAAE,OAAO,CAAA;QACpB,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAA;KACZ,GACJ,OAAO,CAAC,eAAe,EAAE,CAAC;YA+Bf,YAAY;IAeJ,sBAAsB,CAC3C,UAAU,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,EAAE,CAAC;IAMP,gBAAgB,CACrC,QAAQ,EAAE,eAAe,GACvB,OAAO,CAAC,IAAI,CAAC;CAUhB"}
|
|
@@ -0,0 +1,470 @@
|
|
|
1
|
+
import { WalletPermissionsManager, } from '@bsv/wallet-toolbox/out/src/index.client.js';
|
|
2
|
+
import { isExpired, normalizeOriginator, permissionKeyFromRequest, permissionKeyToString, } from './key';
|
|
3
|
+
const IDB_TXID_PREFIX = 'idb:';
|
|
4
|
+
/**
|
|
5
|
+
* `WalletPermissionsManager` variant that persists grants to an injected
|
|
6
|
+
* `IPermissionStore` instead of minting on-chain PushDrop tokens.
|
|
7
|
+
*
|
|
8
|
+
* Interface-compatible with `WalletPermissionsManager` — swap the class name
|
|
9
|
+
* and keep every other call the same (`bindCallback`, `grantPermission`,
|
|
10
|
+
* `denyPermission`, etc.).
|
|
11
|
+
*
|
|
12
|
+
* Reads:
|
|
13
|
+
* - `ensure*Access` checks the local store first; on miss it delegates to
|
|
14
|
+
* super (which then consults its own cache, on-chain tokens, and falls
|
|
15
|
+
* through to firing a prompt). Existing on-chain grants are honored.
|
|
16
|
+
* - Because super's grouped-permission filter calls back through
|
|
17
|
+
* `this.has*Access` → `this.ensure*Access`, our overrides are picked up
|
|
18
|
+
* polymorphically and the connect-time grouped prompt only requests
|
|
19
|
+
* permissions still missing from the store.
|
|
20
|
+
*
|
|
21
|
+
* Writes:
|
|
22
|
+
* - `grantPermission` writes to the store and resolves super's pending
|
|
23
|
+
* request via `super.grantPermission({ ephemeral: true })` (no on-chain
|
|
24
|
+
* mint, no cache write).
|
|
25
|
+
* - `grantGroupedPermission` writes each granted sub-permission to the
|
|
26
|
+
* store and resolves super's pending request via
|
|
27
|
+
* `super.dismissGroupedPermission` (no on-chain mint).
|
|
28
|
+
*
|
|
29
|
+
* Counterparty pact grants pass through to super unchanged — those still go
|
|
30
|
+
* on-chain by design.
|
|
31
|
+
*/
|
|
32
|
+
export class LocalWalletPermissionsManager extends WalletPermissionsManager {
|
|
33
|
+
permissionStore;
|
|
34
|
+
pendingSingle = new Map();
|
|
35
|
+
pendingGrouped = new Map();
|
|
36
|
+
constructor(underlyingWallet, adminOriginator,
|
|
37
|
+
// biome-ignore lint/style/useDefaultParameterLast: keeps signature aligned with WalletPermissionsManager
|
|
38
|
+
config = {}, options) {
|
|
39
|
+
super(underlyingWallet, adminOriginator, config);
|
|
40
|
+
this.permissionStore = options.store;
|
|
41
|
+
}
|
|
42
|
+
// -----------------------------------------------------------------
|
|
43
|
+
// Callback binding — capture the request so grant overrides can
|
|
44
|
+
// look it up by requestID later.
|
|
45
|
+
// -----------------------------------------------------------------
|
|
46
|
+
bindCallback(eventName, handler) {
|
|
47
|
+
if (eventName === 'onCounterpartyPermissionRequested') {
|
|
48
|
+
return super.bindCallback(eventName, handler);
|
|
49
|
+
}
|
|
50
|
+
if (eventName === 'onGroupedPermissionRequested') {
|
|
51
|
+
const userHandler = handler;
|
|
52
|
+
const wrapped = async (request) => {
|
|
53
|
+
this.pendingGrouped.set(request.requestID, request);
|
|
54
|
+
return userHandler(request);
|
|
55
|
+
};
|
|
56
|
+
return super.bindCallback(eventName, wrapped);
|
|
57
|
+
}
|
|
58
|
+
const userHandler = handler;
|
|
59
|
+
const wrapped = async (request) => {
|
|
60
|
+
this.pendingSingle.set(request.requestID, request);
|
|
61
|
+
return userHandler(request);
|
|
62
|
+
};
|
|
63
|
+
return super.bindCallback(eventName, wrapped);
|
|
64
|
+
}
|
|
65
|
+
// -----------------------------------------------------------------
|
|
66
|
+
// Read overrides — store-first, then delegate to super.
|
|
67
|
+
// -----------------------------------------------------------------
|
|
68
|
+
async ensureProtocolPermission(args) {
|
|
69
|
+
const counterparty = args.protocolID[0] === 1 ? '' : (args.counterparty ?? 'self');
|
|
70
|
+
const key = {
|
|
71
|
+
type: 'protocol',
|
|
72
|
+
originator: normalizeOriginator(args.originator),
|
|
73
|
+
privileged: !!args.privileged,
|
|
74
|
+
protocolLevel: args.protocolID[0],
|
|
75
|
+
protocolName: args.protocolID[1],
|
|
76
|
+
counterparty,
|
|
77
|
+
};
|
|
78
|
+
if (await this.storeHit(key))
|
|
79
|
+
return true;
|
|
80
|
+
return super.ensureProtocolPermission(args);
|
|
81
|
+
}
|
|
82
|
+
async ensureBasketAccess(args) {
|
|
83
|
+
const key = {
|
|
84
|
+
type: 'basket',
|
|
85
|
+
originator: normalizeOriginator(args.originator),
|
|
86
|
+
basket: args.basket,
|
|
87
|
+
};
|
|
88
|
+
if (await this.storeHit(key))
|
|
89
|
+
return true;
|
|
90
|
+
return super.ensureBasketAccess(args);
|
|
91
|
+
}
|
|
92
|
+
async ensureCertificateAccess(args) {
|
|
93
|
+
const key = {
|
|
94
|
+
type: 'certificate',
|
|
95
|
+
originator: normalizeOriginator(args.originator),
|
|
96
|
+
privileged: !!args.privileged,
|
|
97
|
+
verifier: args.verifier,
|
|
98
|
+
certType: args.certType,
|
|
99
|
+
fields: [...args.fields].sort(),
|
|
100
|
+
};
|
|
101
|
+
if (await this.storeHit(key))
|
|
102
|
+
return true;
|
|
103
|
+
return super.ensureCertificateAccess(args);
|
|
104
|
+
}
|
|
105
|
+
async ensureSpendingAuthorization(args) {
|
|
106
|
+
const key = {
|
|
107
|
+
type: 'spending',
|
|
108
|
+
originator: normalizeOriginator(args.originator),
|
|
109
|
+
};
|
|
110
|
+
const grant = await this.permissionStore.findGrant(key);
|
|
111
|
+
if (grant &&
|
|
112
|
+
!isExpired(grant.expiry) &&
|
|
113
|
+
(grant.authorizedAmount ?? 0) >= args.satoshis) {
|
|
114
|
+
return true;
|
|
115
|
+
}
|
|
116
|
+
return super.ensureSpendingAuthorization(args);
|
|
117
|
+
}
|
|
118
|
+
async storeHit(key) {
|
|
119
|
+
const grant = await this.permissionStore.findGrant(key);
|
|
120
|
+
return !!grant && !isExpired(grant.expiry);
|
|
121
|
+
}
|
|
122
|
+
// -----------------------------------------------------------------
|
|
123
|
+
// Grant / deny overrides — write store, resolve super's pending
|
|
124
|
+
// without minting on chain.
|
|
125
|
+
// -----------------------------------------------------------------
|
|
126
|
+
async grantPermission(params) {
|
|
127
|
+
const request = this.pendingSingle.get(params.requestID);
|
|
128
|
+
if (request) {
|
|
129
|
+
const key = permissionKeyFromRequest(request);
|
|
130
|
+
const grant = {
|
|
131
|
+
key,
|
|
132
|
+
expiry: params.expiry ?? 0,
|
|
133
|
+
grantedAt: Date.now(),
|
|
134
|
+
reason: request.reason,
|
|
135
|
+
};
|
|
136
|
+
if (key.type === 'spending' && params.amount != null) {
|
|
137
|
+
grant.authorizedAmount = params.amount;
|
|
138
|
+
}
|
|
139
|
+
else if (request.type === 'spending' &&
|
|
140
|
+
request.spending?.satoshis != null) {
|
|
141
|
+
grant.authorizedAmount = request.spending.satoshis;
|
|
142
|
+
}
|
|
143
|
+
await this.permissionStore.putGrant(grant);
|
|
144
|
+
this.pendingSingle.delete(params.requestID);
|
|
145
|
+
}
|
|
146
|
+
return super.grantPermission({ ...params, ephemeral: true });
|
|
147
|
+
}
|
|
148
|
+
async denyPermission(requestID) {
|
|
149
|
+
this.pendingSingle.delete(requestID);
|
|
150
|
+
return super.denyPermission(requestID);
|
|
151
|
+
}
|
|
152
|
+
async grantGroupedPermission(params) {
|
|
153
|
+
const request = this.pendingGrouped.get(params.requestID);
|
|
154
|
+
if (request) {
|
|
155
|
+
const originator = normalizeOriginator(request.originator);
|
|
156
|
+
const now = Date.now();
|
|
157
|
+
const expiry = params.expiry ?? 0;
|
|
158
|
+
if (params.granted.spendingAuthorization) {
|
|
159
|
+
await this.permissionStore.putGrant({
|
|
160
|
+
key: { type: 'spending', originator },
|
|
161
|
+
expiry,
|
|
162
|
+
grantedAt: now,
|
|
163
|
+
authorizedAmount: params.granted.spendingAuthorization.amount,
|
|
164
|
+
reason: params.granted.spendingAuthorization.description,
|
|
165
|
+
});
|
|
166
|
+
}
|
|
167
|
+
for (const p of params.granted.protocolPermissions ?? []) {
|
|
168
|
+
if (p.counterparty === '')
|
|
169
|
+
continue;
|
|
170
|
+
const level = p.protocolID[0];
|
|
171
|
+
const counterparty = level === 1 ? '' : (p.counterparty ?? 'self');
|
|
172
|
+
await this.permissionStore.putGrant({
|
|
173
|
+
key: {
|
|
174
|
+
type: 'protocol',
|
|
175
|
+
originator,
|
|
176
|
+
privileged: false,
|
|
177
|
+
protocolLevel: level,
|
|
178
|
+
protocolName: p.protocolID[1],
|
|
179
|
+
counterparty,
|
|
180
|
+
},
|
|
181
|
+
expiry,
|
|
182
|
+
grantedAt: now,
|
|
183
|
+
reason: p.description,
|
|
184
|
+
});
|
|
185
|
+
}
|
|
186
|
+
for (const b of params.granted.basketAccess ?? []) {
|
|
187
|
+
await this.permissionStore.putGrant({
|
|
188
|
+
key: { type: 'basket', originator, basket: b.basket },
|
|
189
|
+
expiry,
|
|
190
|
+
grantedAt: now,
|
|
191
|
+
reason: b.description,
|
|
192
|
+
});
|
|
193
|
+
}
|
|
194
|
+
for (const c of params.granted.certificateAccess ?? []) {
|
|
195
|
+
await this.permissionStore.putGrant({
|
|
196
|
+
key: {
|
|
197
|
+
type: 'certificate',
|
|
198
|
+
originator,
|
|
199
|
+
privileged: false,
|
|
200
|
+
verifier: c.verifierPublicKey,
|
|
201
|
+
certType: c.type,
|
|
202
|
+
fields: [...c.fields].sort(),
|
|
203
|
+
},
|
|
204
|
+
expiry,
|
|
205
|
+
grantedAt: now,
|
|
206
|
+
reason: c.description,
|
|
207
|
+
});
|
|
208
|
+
}
|
|
209
|
+
this.pendingGrouped.delete(params.requestID);
|
|
210
|
+
}
|
|
211
|
+
return super.dismissGroupedPermission(params.requestID);
|
|
212
|
+
}
|
|
213
|
+
async denyGroupedPermission(requestID) {
|
|
214
|
+
this.pendingGrouped.delete(requestID);
|
|
215
|
+
return super.denyGroupedPermission(requestID);
|
|
216
|
+
}
|
|
217
|
+
async dismissGroupedPermission(requestID) {
|
|
218
|
+
this.pendingGrouped.delete(requestID);
|
|
219
|
+
return super.dismissGroupedPermission(requestID);
|
|
220
|
+
}
|
|
221
|
+
// -----------------------------------------------------------------
|
|
222
|
+
// Listing — merge IDB grants with super's on-chain tokens.
|
|
223
|
+
// -----------------------------------------------------------------
|
|
224
|
+
async listProtocolPermissions(filter = {}) {
|
|
225
|
+
const onchain = await super.listProtocolPermissions(filter);
|
|
226
|
+
const idb = await this.idbTokensFor('protocol', filter.originator, (g) => {
|
|
227
|
+
if (g.key.type !== 'protocol')
|
|
228
|
+
return false;
|
|
229
|
+
if (filter.privileged !== undefined &&
|
|
230
|
+
g.key.privileged !== filter.privileged) {
|
|
231
|
+
return false;
|
|
232
|
+
}
|
|
233
|
+
if (filter.protocolName !== undefined &&
|
|
234
|
+
g.key.protocolName !== filter.protocolName) {
|
|
235
|
+
return false;
|
|
236
|
+
}
|
|
237
|
+
if (filter.protocolSecurityLevel !== undefined &&
|
|
238
|
+
g.key.protocolLevel !== filter.protocolSecurityLevel) {
|
|
239
|
+
return false;
|
|
240
|
+
}
|
|
241
|
+
if (filter.counterparty !== undefined &&
|
|
242
|
+
g.key.counterparty !== filter.counterparty) {
|
|
243
|
+
return false;
|
|
244
|
+
}
|
|
245
|
+
return true;
|
|
246
|
+
});
|
|
247
|
+
return mergeTokens(onchain, idb);
|
|
248
|
+
}
|
|
249
|
+
async listBasketAccess(params = {}) {
|
|
250
|
+
const onchain = await super.listBasketAccess(params);
|
|
251
|
+
const idb = await this.idbTokensFor('basket', params.originator, (g) => {
|
|
252
|
+
if (g.key.type !== 'basket')
|
|
253
|
+
return false;
|
|
254
|
+
if (params.basket !== undefined && g.key.basket !== params.basket) {
|
|
255
|
+
return false;
|
|
256
|
+
}
|
|
257
|
+
return true;
|
|
258
|
+
});
|
|
259
|
+
return mergeTokens(onchain, idb);
|
|
260
|
+
}
|
|
261
|
+
async listSpendingAuthorizations(params) {
|
|
262
|
+
const onchain = await super.listSpendingAuthorizations(params);
|
|
263
|
+
const idb = await this.idbTokensFor('spending', params.originator, (g) => g.key.type === 'spending');
|
|
264
|
+
return mergeTokens(onchain, idb);
|
|
265
|
+
}
|
|
266
|
+
async listCertificateAccess(params = {}) {
|
|
267
|
+
const onchain = await super.listCertificateAccess(params);
|
|
268
|
+
const idb = await this.idbTokensFor('certificate', params.originator, (g) => {
|
|
269
|
+
if (g.key.type !== 'certificate')
|
|
270
|
+
return false;
|
|
271
|
+
if (params.privileged !== undefined &&
|
|
272
|
+
g.key.privileged !== params.privileged) {
|
|
273
|
+
return false;
|
|
274
|
+
}
|
|
275
|
+
if (params.certType !== undefined &&
|
|
276
|
+
g.key.certType !== params.certType) {
|
|
277
|
+
return false;
|
|
278
|
+
}
|
|
279
|
+
if (params.verifier !== undefined &&
|
|
280
|
+
g.key.verifier !== params.verifier) {
|
|
281
|
+
return false;
|
|
282
|
+
}
|
|
283
|
+
return true;
|
|
284
|
+
});
|
|
285
|
+
return mergeTokens(onchain, idb);
|
|
286
|
+
}
|
|
287
|
+
async idbTokensFor(type, originator, predicate) {
|
|
288
|
+
const filter = { type };
|
|
289
|
+
if (originator)
|
|
290
|
+
filter.originator = normalizeOriginator(originator);
|
|
291
|
+
const grants = await this.permissionStore.listGrants(filter);
|
|
292
|
+
return grants.filter(predicate).map(grantToToken);
|
|
293
|
+
}
|
|
294
|
+
// -----------------------------------------------------------------
|
|
295
|
+
// Revocation — clear store, then delegate on-chain spend to super.
|
|
296
|
+
// -----------------------------------------------------------------
|
|
297
|
+
async revokeAllForOriginator(originator) {
|
|
298
|
+
const normalized = normalizeOriginator(originator);
|
|
299
|
+
await this.permissionStore.deleteAllForOriginator(normalized);
|
|
300
|
+
return super.revokeAllForOriginator(normalized);
|
|
301
|
+
}
|
|
302
|
+
async revokePermission(oldToken) {
|
|
303
|
+
const idbKey = idbKeyFromToken(oldToken);
|
|
304
|
+
if (idbKey) {
|
|
305
|
+
await this.permissionStore.deleteGrant(idbKey);
|
|
306
|
+
}
|
|
307
|
+
if (oldToken.txid.startsWith(IDB_TXID_PREFIX)) {
|
|
308
|
+
return;
|
|
309
|
+
}
|
|
310
|
+
return super.revokePermission(oldToken);
|
|
311
|
+
}
|
|
312
|
+
}
|
|
313
|
+
function grantToToken(grant) {
|
|
314
|
+
const base = {
|
|
315
|
+
txid: `${IDB_TXID_PREFIX}${permissionKeyToString(grant.key)}`,
|
|
316
|
+
tx: [],
|
|
317
|
+
outputIndex: 0,
|
|
318
|
+
outputScript: '',
|
|
319
|
+
satoshis: 0,
|
|
320
|
+
originator: grant.key.originator,
|
|
321
|
+
expiry: grant.expiry,
|
|
322
|
+
};
|
|
323
|
+
switch (grant.key.type) {
|
|
324
|
+
case 'protocol':
|
|
325
|
+
base.privileged = grant.key.privileged;
|
|
326
|
+
base.protocol = grant.key.protocolName;
|
|
327
|
+
base.securityLevel = grant.key.protocolLevel;
|
|
328
|
+
base.counterparty = grant.key.counterparty;
|
|
329
|
+
break;
|
|
330
|
+
case 'basket':
|
|
331
|
+
base.basketName = grant.key.basket;
|
|
332
|
+
break;
|
|
333
|
+
case 'certificate':
|
|
334
|
+
base.privileged = grant.key.privileged;
|
|
335
|
+
base.certType = grant.key.certType;
|
|
336
|
+
base.certFields = grant.key.fields;
|
|
337
|
+
base.verifier = grant.key.verifier;
|
|
338
|
+
break;
|
|
339
|
+
case 'spending':
|
|
340
|
+
if (grant.authorizedAmount != null) {
|
|
341
|
+
base.authorizedAmount = grant.authorizedAmount;
|
|
342
|
+
}
|
|
343
|
+
break;
|
|
344
|
+
}
|
|
345
|
+
return base;
|
|
346
|
+
}
|
|
347
|
+
function idbKeyFromToken(token) {
|
|
348
|
+
if (token.txid.startsWith(IDB_TXID_PREFIX)) {
|
|
349
|
+
return parseIdbKey(token.txid.slice(IDB_TXID_PREFIX.length));
|
|
350
|
+
}
|
|
351
|
+
const originator = normalizeOriginator(token.originator);
|
|
352
|
+
if (token.basketName) {
|
|
353
|
+
return { type: 'basket', originator, basket: token.basketName };
|
|
354
|
+
}
|
|
355
|
+
if (token.protocol && token.securityLevel !== undefined) {
|
|
356
|
+
return {
|
|
357
|
+
type: 'protocol',
|
|
358
|
+
originator,
|
|
359
|
+
privileged: !!token.privileged,
|
|
360
|
+
protocolLevel: token.securityLevel,
|
|
361
|
+
protocolName: token.protocol,
|
|
362
|
+
counterparty: token.counterparty ?? 'self',
|
|
363
|
+
};
|
|
364
|
+
}
|
|
365
|
+
if (token.certType && token.verifier && token.certFields) {
|
|
366
|
+
return {
|
|
367
|
+
type: 'certificate',
|
|
368
|
+
originator,
|
|
369
|
+
privileged: !!token.privileged,
|
|
370
|
+
verifier: token.verifier,
|
|
371
|
+
certType: token.certType,
|
|
372
|
+
fields: [...token.certFields].sort(),
|
|
373
|
+
};
|
|
374
|
+
}
|
|
375
|
+
if (token.authorizedAmount !== undefined) {
|
|
376
|
+
return { type: 'spending', originator };
|
|
377
|
+
}
|
|
378
|
+
return null;
|
|
379
|
+
}
|
|
380
|
+
function parseIdbKey(serialized) {
|
|
381
|
+
const idx = serialized.indexOf(':');
|
|
382
|
+
if (idx < 0)
|
|
383
|
+
return null;
|
|
384
|
+
const tag = serialized.slice(0, idx);
|
|
385
|
+
const rest = serialized.slice(idx + 1);
|
|
386
|
+
if (tag === 'basket') {
|
|
387
|
+
const sep = rest.indexOf(':');
|
|
388
|
+
if (sep < 0)
|
|
389
|
+
return null;
|
|
390
|
+
return {
|
|
391
|
+
type: 'basket',
|
|
392
|
+
originator: rest.slice(0, sep),
|
|
393
|
+
basket: rest.slice(sep + 1),
|
|
394
|
+
};
|
|
395
|
+
}
|
|
396
|
+
if (tag === 'spend') {
|
|
397
|
+
return { type: 'spending', originator: rest };
|
|
398
|
+
}
|
|
399
|
+
if (tag === 'proto') {
|
|
400
|
+
const parts = rest.split(':');
|
|
401
|
+
if (parts.length < 4)
|
|
402
|
+
return null;
|
|
403
|
+
const [originator, privileged, levelAndName, counterparty] = parts;
|
|
404
|
+
const commaIdx = levelAndName.indexOf(',');
|
|
405
|
+
if (commaIdx < 0)
|
|
406
|
+
return null;
|
|
407
|
+
const level = Number(levelAndName.slice(0, commaIdx));
|
|
408
|
+
const protocolName = levelAndName.slice(commaIdx + 1);
|
|
409
|
+
return {
|
|
410
|
+
type: 'protocol',
|
|
411
|
+
originator,
|
|
412
|
+
privileged: privileged === 'true',
|
|
413
|
+
protocolLevel: level,
|
|
414
|
+
protocolName,
|
|
415
|
+
counterparty,
|
|
416
|
+
};
|
|
417
|
+
}
|
|
418
|
+
if (tag === 'cert') {
|
|
419
|
+
const parts = rest.split(':');
|
|
420
|
+
if (parts.length < 5)
|
|
421
|
+
return null;
|
|
422
|
+
const [originator, privileged, verifier, certType, fieldsJoined] = parts;
|
|
423
|
+
return {
|
|
424
|
+
type: 'certificate',
|
|
425
|
+
originator,
|
|
426
|
+
privileged: privileged === 'true',
|
|
427
|
+
verifier,
|
|
428
|
+
certType,
|
|
429
|
+
fields: fieldsJoined ? fieldsJoined.split('|') : [],
|
|
430
|
+
};
|
|
431
|
+
}
|
|
432
|
+
return null;
|
|
433
|
+
}
|
|
434
|
+
function mergeTokens(onchain, idb) {
|
|
435
|
+
const seen = new Set();
|
|
436
|
+
const out = [];
|
|
437
|
+
for (const t of onchain) {
|
|
438
|
+
const k = onchainSignature(t);
|
|
439
|
+
if (k)
|
|
440
|
+
seen.add(k);
|
|
441
|
+
out.push(t);
|
|
442
|
+
}
|
|
443
|
+
for (const t of idb) {
|
|
444
|
+
const k = idbSignature(t);
|
|
445
|
+
if (k && seen.has(k))
|
|
446
|
+
continue;
|
|
447
|
+
out.push(t);
|
|
448
|
+
}
|
|
449
|
+
return out;
|
|
450
|
+
}
|
|
451
|
+
function onchainSignature(t) {
|
|
452
|
+
const originator = normalizeOriginator(t.originator);
|
|
453
|
+
if (t.basketName)
|
|
454
|
+
return `basket:${originator}:${t.basketName}`;
|
|
455
|
+
if (t.protocol && t.securityLevel !== undefined) {
|
|
456
|
+
return `proto:${originator}:${!!t.privileged}:${t.securityLevel},${t.protocol}:${t.counterparty ?? 'self'}`;
|
|
457
|
+
}
|
|
458
|
+
if (t.certType && t.verifier && t.certFields) {
|
|
459
|
+
return `cert:${originator}:${!!t.privileged}:${t.verifier}:${t.certType}:${[...t.certFields].sort().join('|')}`;
|
|
460
|
+
}
|
|
461
|
+
if (t.authorizedAmount !== undefined)
|
|
462
|
+
return `spend:${originator}`;
|
|
463
|
+
return null;
|
|
464
|
+
}
|
|
465
|
+
function idbSignature(t) {
|
|
466
|
+
if (!t.txid.startsWith(IDB_TXID_PREFIX))
|
|
467
|
+
return null;
|
|
468
|
+
return t.txid.slice(IDB_TXID_PREFIX.length);
|
|
469
|
+
}
|
|
470
|
+
//# sourceMappingURL=manager.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"manager.js","sourceRoot":"","sources":["../../src/permissions/manager.ts"],"names":[],"mappings":"AACA,OAAO,EAQN,wBAAwB,GAExB,MAAM,6CAA6C,CAAA;AACpD,OAAO,EACN,SAAS,EACT,mBAAmB,EACnB,wBAAwB,EACxB,qBAAqB,GACrB,MAAM,OAAO,CAAA;AAQd,MAAM,eAAe,GAAG,MAAM,CAAA;AAY9B;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,OAAO,6BAA8B,SAAQ,wBAAwB;IACzD,eAAe,CAAkB;IACjC,aAAa,GAAG,IAAI,GAAG,EAGrC,CAAA;IACc,cAAc,GAAG,IAAI,GAAG,EAAoC,CAAA;IAE7E,YACC,gBAAiC,EACjC,eAAuB;IACvB,yGAAyG;IACzG,SAAmC,EAAE,EACrC,OAA6C;QAE7C,KAAK,CAAC,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,CAAA;QAChD,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,KAAK,CAAA;IACrC,CAAC;IAED,oEAAoE;IACpE,gEAAgE;IAChE,iCAAiC;IACjC,oEAAoE;IAEpD,YAAY,CAC3B,SAAkD,EAClD,OAAkC;QAElC,IAAI,SAAS,KAAK,mCAAmC,EAAE,CAAC;YACvD,OAAO,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;QAC9C,CAAC;QACD,IAAI,SAAS,KAAK,8BAA8B,EAAE,CAAC;YAClD,MAAM,WAAW,GAAG,OAAwC,CAAA;YAC5D,MAAM,OAAO,GAAkC,KAAK,EAAE,OAAO,EAAE,EAAE;gBAChE,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;gBACnD,OAAO,WAAW,CAAC,OAAO,CAAC,CAAA;YAC5B,CAAC,CAAA;YACD,OAAO,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;QAC9C,CAAC;QAED,MAAM,WAAW,GAAG,OAAiC,CAAA;QACrD,MAAM,OAAO,GAA2B,KAAK,EAAE,OAAO,EAAE,EAAE;YACzD,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;YAClD,OAAO,WAAW,CAAC,OAAO,CAAC,CAAA;QAC5B,CAAC,CAAA;QACD,OAAO,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;IAC9C,CAAC;IAED,oEAAoE;IACpE,wDAAwD;IACxD,oEAAoE;IAEpD,KAAK,CAAC,wBAAwB,CAAC,IAe9C;QACA,MAAM,YAAY,GACjB,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,IAAI,MAAM,CAAC,CAAA;QAC9D,MAAM,GAAG,GAAkB;YAC1B,IAAI,EAAE,UAAU;YAChB,UAAU,EAAE,mBAAmB,CAAC,IAAI,CAAC,UAAU,CAAC;YAChD,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU;YAC7B,aAAa,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAc;YAC9C,YAAY,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;YAChC,YAAY;SACZ,CAAA;QACD,IAAI,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAA;QACzC,OAAO,KAAK,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAA;IAC5C,CAAC;IAEe,KAAK,CAAC,kBAAkB,CAAC,IAMxC;QACA,MAAM,GAAG,GAAkB;YAC1B,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,mBAAmB,CAAC,IAAI,CAAC,UAAU,CAAC;YAChD,MAAM,EAAE,IAAI,CAAC,MAAM;SACnB,CAAA;QACD,IAAI,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAA;QACzC,OAAO,KAAK,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAA;IACtC,CAAC;IAEe,KAAK,CAAC,uBAAuB,CAAC,IAS7C;QACA,MAAM,GAAG,GAAkB;YAC1B,IAAI,EAAE,aAAa;YACnB,UAAU,EAAE,mBAAmB,CAAC,IAAI,CAAC,UAAU,CAAC;YAChD,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU;YAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE;SAC/B,CAAA;QACD,IAAI,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAA;QACzC,OAAO,KAAK,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;IAC3C,CAAC;IAEe,KAAK,CAAC,2BAA2B,CAAC,IAUjD;QACA,MAAM,GAAG,GAAkB;YAC1B,IAAI,EAAE,UAAU;YAChB,UAAU,EAAE,mBAAmB,CAAC,IAAI,CAAC,UAAU,CAAC;SAChD,CAAA;QACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;QACvD,IACC,KAAK;YACL,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC;YACxB,CAAC,KAAK,CAAC,gBAAgB,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,EAC7C,CAAC;YACF,OAAO,IAAI,CAAA;QACZ,CAAC;QACD,OAAO,KAAK,CAAC,2BAA2B,CAAC,IAAI,CAAC,CAAA;IAC/C,CAAC;IAEO,KAAK,CAAC,QAAQ,CAAC,GAAkB;QACxC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;QACvD,OAAO,CAAC,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;IAC3C,CAAC;IAED,oEAAoE;IACpE,gEAAgE;IAChE,4BAA4B;IAC5B,oEAAoE;IAEpD,KAAK,CAAC,eAAe,CAAC,MAKrC;QACA,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QACxD,IAAI,OAAO,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAA;YAC7C,MAAM,KAAK,GAAgB;gBAC1B,GAAG;gBACH,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,CAAC;gBAC1B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,MAAM,EAAE,OAAO,CAAC,MAAM;aACtB,CAAA;YACD,IAAI,GAAG,CAAC,IAAI,KAAK,UAAU,IAAI,MAAM,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC;gBACtD,KAAK,CAAC,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAA;YACvC,CAAC;iBAAM,IACN,OAAO,CAAC,IAAI,KAAK,UAAU;gBAC3B,OAAO,CAAC,QAAQ,EAAE,QAAQ,IAAI,IAAI,EACjC,CAAC;gBACF,KAAK,CAAC,gBAAgB,GAAG,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAA;YACnD,CAAC;YACD,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;YAC1C,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QAC5C,CAAC;QACD,OAAO,KAAK,CAAC,eAAe,CAAC,EAAE,GAAG,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IAC7D,CAAC;IAEe,KAAK,CAAC,cAAc,CAAC,SAAiB;QACrD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QACpC,OAAO,KAAK,CAAC,cAAc,CAAC,SAAS,CAAC,CAAA;IACvC,CAAC;IAEe,KAAK,CAAC,sBAAsB,CAAC,MAM5C;QACA,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QACzD,IAAI,OAAO,EAAE,CAAC;YACb,MAAM,UAAU,GAAG,mBAAmB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;YAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;YACtB,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,CAAC,CAAA;YAEjC,IAAI,MAAM,CAAC,OAAO,CAAC,qBAAqB,EAAE,CAAC;gBAC1C,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC;oBACnC,GAAG,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,UAAU,EAAE;oBACrC,MAAM;oBACN,SAAS,EAAE,GAAG;oBACd,gBAAgB,EAAE,MAAM,CAAC,OAAO,CAAC,qBAAqB,CAAC,MAAM;oBAC7D,MAAM,EAAE,MAAM,CAAC,OAAO,CAAC,qBAAqB,CAAC,WAAW;iBACxD,CAAC,CAAA;YACH,CAAC;YAED,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,IAAI,EAAE,EAAE,CAAC;gBAC1D,IAAI,CAAC,CAAC,YAAY,KAAK,EAAE;oBAAE,SAAQ;gBACnC,MAAM,KAAK,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAc,CAAA;gBAC1C,MAAM,YAAY,GAAG,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,IAAI,MAAM,CAAC,CAAA;gBAClE,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC;oBACnC,GAAG,EAAE;wBACJ,IAAI,EAAE,UAAU;wBAChB,UAAU;wBACV,UAAU,EAAE,KAAK;wBACjB,aAAa,EAAE,KAAK;wBACpB,YAAY,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;wBAC7B,YAAY;qBACZ;oBACD,MAAM;oBACN,SAAS,EAAE,GAAG;oBACd,MAAM,EAAE,CAAC,CAAC,WAAW;iBACrB,CAAC,CAAA;YACH,CAAC;YAED,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,EAAE,CAAC;gBACnD,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC;oBACnC,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;oBACrD,MAAM;oBACN,SAAS,EAAE,GAAG;oBACd,MAAM,EAAE,CAAC,CAAC,WAAW;iBACrB,CAAC,CAAA;YACH,CAAC;YAED,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,iBAAiB,IAAI,EAAE,EAAE,CAAC;gBACxD,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC;oBACnC,GAAG,EAAE;wBACJ,IAAI,EAAE,aAAa;wBACnB,UAAU;wBACV,UAAU,EAAE,KAAK;wBACjB,QAAQ,EAAE,CAAC,CAAC,iBAAiB;wBAC7B,QAAQ,EAAE,CAAC,CAAC,IAAI;wBAChB,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE;qBAC5B;oBACD,MAAM;oBACN,SAAS,EAAE,GAAG;oBACd,MAAM,EAAE,CAAC,CAAC,WAAW;iBACrB,CAAC,CAAA;YACH,CAAC;YAED,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QAC7C,CAAC;QACD,OAAO,KAAK,CAAC,wBAAwB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;IACxD,CAAC;IAEe,KAAK,CAAC,qBAAqB,CAC1C,SAAiB;QAEjB,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QACrC,OAAO,KAAK,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAA;IAC9C,CAAC;IAEe,KAAK,CAAC,wBAAwB,CAC7C,SAAiB;QAEjB,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QACrC,OAAO,KAAK,CAAC,wBAAwB,CAAC,SAAS,CAAC,CAAA;IACjD,CAAC;IAED,oEAAoE;IACpE,2DAA2D;IAC3D,oEAAoE;IAEpD,KAAK,CAAC,uBAAuB,CAC5C,SAMI,EAAE;QAEN,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAA;QAC3D,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE;YACxE,IAAI,CAAC,CAAC,GAAG,CAAC,IAAI,KAAK,UAAU;gBAAE,OAAO,KAAK,CAAA;YAC3C,IACC,MAAM,CAAC,UAAU,KAAK,SAAS;gBAC/B,CAAC,CAAC,GAAG,CAAC,UAAU,KAAK,MAAM,CAAC,UAAU,EACrC,CAAC;gBACF,OAAO,KAAK,CAAA;YACb,CAAC;YACD,IACC,MAAM,CAAC,YAAY,KAAK,SAAS;gBACjC,CAAC,CAAC,GAAG,CAAC,YAAY,KAAK,MAAM,CAAC,YAAY,EACzC,CAAC;gBACF,OAAO,KAAK,CAAA;YACb,CAAC;YACD,IACC,MAAM,CAAC,qBAAqB,KAAK,SAAS;gBAC1C,CAAC,CAAC,GAAG,CAAC,aAAa,KAAK,MAAM,CAAC,qBAAqB,EACnD,CAAC;gBACF,OAAO,KAAK,CAAA;YACb,CAAC;YACD,IACC,MAAM,CAAC,YAAY,KAAK,SAAS;gBACjC,CAAC,CAAC,GAAG,CAAC,YAAY,KAAK,MAAM,CAAC,YAAY,EACzC,CAAC;gBACF,OAAO,KAAK,CAAA;YACb,CAAC;YACD,OAAO,IAAI,CAAA;QACZ,CAAC,CAAC,CAAA;QACF,OAAO,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IACjC,CAAC;IAEe,KAAK,CAAC,gBAAgB,CACrC,SAAmD,EAAE;QAErD,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAA;QACpD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE;YACtE,IAAI,CAAC,CAAC,GAAG,CAAC,IAAI,KAAK,QAAQ;gBAAE,OAAO,KAAK,CAAA;YACzC,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;gBACnE,OAAO,KAAK,CAAA;YACb,CAAC;YACD,OAAO,IAAI,CAAA;QACZ,CAAC,CAAC,CAAA;QACF,OAAO,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IACjC,CAAC;IAEe,KAAK,CAAC,0BAA0B,CAAC,MAEhD;QACA,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,0BAA0B,CAAC,MAAM,CAAC,CAAA;QAC9D,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAClC,UAAU,EACV,MAAM,CAAC,UAAU,EACjB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,KAAK,UAAU,CAChC,CAAA;QACD,OAAO,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IACjC,CAAC;IAEe,KAAK,CAAC,qBAAqB,CAC1C,SAKI,EAAE;QAEN,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAA;QACzD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAClC,aAAa,EACb,MAAM,CAAC,UAAU,EACjB,CAAC,CAAC,EAAE,EAAE;YACL,IAAI,CAAC,CAAC,GAAG,CAAC,IAAI,KAAK,aAAa;gBAAE,OAAO,KAAK,CAAA;YAC9C,IACC,MAAM,CAAC,UAAU,KAAK,SAAS;gBAC/B,CAAC,CAAC,GAAG,CAAC,UAAU,KAAK,MAAM,CAAC,UAAU,EACrC,CAAC;gBACF,OAAO,KAAK,CAAA;YACb,CAAC;YACD,IACC,MAAM,CAAC,QAAQ,KAAK,SAAS;gBAC7B,CAAC,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,EACjC,CAAC;gBACF,OAAO,KAAK,CAAA;YACb,CAAC;YACD,IACC,MAAM,CAAC,QAAQ,KAAK,SAAS;gBAC7B,CAAC,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,EACjC,CAAC;gBACF,OAAO,KAAK,CAAA;YACb,CAAC;YACD,OAAO,IAAI,CAAA;QACZ,CAAC,CACD,CAAA;QACD,OAAO,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IACjC,CAAC;IAEO,KAAK,CAAC,YAAY,CACzB,IAA8B,EAC9B,UAA8B,EAC9B,SAAsC;QAEtC,MAAM,MAAM,GAAqB,EAAE,IAAI,EAAE,CAAA;QACzC,IAAI,UAAU;YAAE,MAAM,CAAC,UAAU,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAA;QACnE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;QAC5D,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;IAClD,CAAC;IAED,oEAAoE;IACpE,mEAAmE;IACnE,oEAAoE;IAEpD,KAAK,CAAC,sBAAsB,CAC3C,UAAkB;QAElB,MAAM,UAAU,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAA;QAClD,MAAM,IAAI,CAAC,eAAe,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAA;QAC7D,OAAO,KAAK,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAA;IAChD,CAAC;IAEe,KAAK,CAAC,gBAAgB,CACrC,QAAyB;QAEzB,MAAM,MAAM,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAA;QACxC,IAAI,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,MAAM,CAAC,CAAA;QAC/C,CAAC;QACD,IAAI,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;YAC/C,OAAM;QACP,CAAC;QACD,OAAO,KAAK,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAA;IACxC,CAAC;CACD;AAED,SAAS,YAAY,CAAC,KAAkB;IACvC,MAAM,IAAI,GAAoB;QAC7B,IAAI,EAAE,GAAG,eAAe,GAAG,qBAAqB,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;QAC7D,EAAE,EAAE,EAAE;QACN,WAAW,EAAE,CAAC;QACd,YAAY,EAAE,EAAE;QAChB,QAAQ,EAAE,CAAC;QACX,UAAU,EAAE,KAAK,CAAC,GAAG,CAAC,UAAU;QAChC,MAAM,EAAE,KAAK,CAAC,MAAM;KACpB,CAAA;IACD,QAAQ,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACxB,KAAK,UAAU;YACd,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,GAAG,CAAC,UAAU,CAAA;YACtC,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC,YAAY,CAAA;YACtC,IAAI,CAAC,aAAa,GAAG,KAAK,CAAC,GAAG,CAAC,aAAa,CAAA;YAC5C,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC,GAAG,CAAC,YAAY,CAAA;YAC1C,MAAK;QACN,KAAK,QAAQ;YACZ,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,GAAG,CAAC,MAAM,CAAA;YAClC,MAAK;QACN,KAAK,aAAa;YACjB,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,GAAG,CAAC,UAAU,CAAA;YACtC,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAA;YAClC,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,GAAG,CAAC,MAAM,CAAA;YAClC,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAA;YAClC,MAAK;QACN,KAAK,UAAU;YACd,IAAI,KAAK,CAAC,gBAAgB,IAAI,IAAI,EAAE,CAAC;gBACpC,IAAI,CAAC,gBAAgB,GAAG,KAAK,CAAC,gBAAgB,CAAA;YAC/C,CAAC;YACD,MAAK;IACP,CAAC;IACD,OAAO,IAAI,CAAA;AACZ,CAAC;AAED,SAAS,eAAe,CAAC,KAAsB;IAC9C,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QAC5C,OAAO,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAA;IAC7D,CAAC;IACD,MAAM,UAAU,GAAG,mBAAmB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;IACxD,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;QACtB,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,CAAC,UAAU,EAAE,CAAA;IAChE,CAAC;IACD,IAAI,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;QACzD,OAAO;YACN,IAAI,EAAE,UAAU;YAChB,UAAU;YACV,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU;YAC9B,aAAa,EAAE,KAAK,CAAC,aAAa;YAClC,YAAY,EAAE,KAAK,CAAC,QAAQ;YAC5B,YAAY,EAAE,KAAK,CAAC,YAAY,IAAI,MAAM;SAC1C,CAAA;IACF,CAAC;IACD,IAAI,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;QAC1D,OAAO;YACN,IAAI,EAAE,aAAa;YACnB,UAAU;YACV,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU;YAC9B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,MAAM,EAAE,CAAC,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE;SACpC,CAAA;IACF,CAAC;IACD,IAAI,KAAK,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;QAC1C,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,UAAU,EAAE,CAAA;IACxC,CAAC;IACD,OAAO,IAAI,CAAA;AACZ,CAAC;AAED,SAAS,WAAW,CAAC,UAAkB;IACtC,MAAM,GAAG,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACnC,IAAI,GAAG,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IACxB,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;IACpC,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAA;IACtC,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAC7B,IAAI,GAAG,GAAG,CAAC;YAAE,OAAO,IAAI,CAAA;QACxB,OAAO;YACN,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YAC9B,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC;SAC3B,CAAA;IACF,CAAC;IACD,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;QACrB,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,UAAU,EAAE,IAAI,EAAE,CAAA;IAC9C,CAAC;IACD,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC7B,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,IAAI,CAAA;QACjC,MAAM,CAAC,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,YAAY,CAAC,GAAG,KAAK,CAAA;QAClE,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAC1C,IAAI,QAAQ,GAAG,CAAC;YAAE,OAAO,IAAI,CAAA;QAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAc,CAAA;QAClE,MAAM,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAA;QACrD,OAAO;YACN,IAAI,EAAE,UAAU;YAChB,UAAU;YACV,UAAU,EAAE,UAAU,KAAK,MAAM;YACjC,aAAa,EAAE,KAAK;YACpB,YAAY;YACZ,YAAY;SACZ,CAAA;IACF,CAAC;IACD,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QACpB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC7B,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,IAAI,CAAA;QACjC,MAAM,CAAC,UAAU,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,CAAC,GAAG,KAAK,CAAA;QACxE,OAAO;YACN,IAAI,EAAE,aAAa;YACnB,UAAU;YACV,UAAU,EAAE,UAAU,KAAK,MAAM;YACjC,QAAQ;YACR,QAAQ;YACR,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;SACnD,CAAA;IACF,CAAC;IACD,OAAO,IAAI,CAAA;AACZ,CAAC;AAED,SAAS,WAAW,CACnB,OAA0B,EAC1B,GAAsB;IAEtB,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAA;IAC9B,MAAM,GAAG,GAAsB,EAAE,CAAA;IACjC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACzB,MAAM,CAAC,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAA;QAC7B,IAAI,CAAC;YAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;QAClB,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACZ,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,GAAG,EAAE,CAAC;QACrB,MAAM,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,CAAA;QACzB,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YAAE,SAAQ;QAC9B,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACZ,CAAC;IACD,OAAO,GAAG,CAAA;AACX,CAAC;AAED,SAAS,gBAAgB,CAAC,CAAkB;IAC3C,MAAM,UAAU,GAAG,mBAAmB,CAAC,CAAC,CAAC,UAAU,CAAC,CAAA;IACpD,IAAI,CAAC,CAAC,UAAU;QAAE,OAAO,UAAU,UAAU,IAAI,CAAC,CAAC,UAAU,EAAE,CAAA;IAC/D,IAAI,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;QACjD,OAAO,SAAS,UAAU,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,aAAa,IAAI,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,YAAY,IAAI,MAAM,EAAE,CAAA;IAC5G,CAAC;IACD,IAAI,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC;QAC9C,OAAO,QAAQ,UAAU,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,IAAI,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAA;IAChH,CAAC;IACD,IAAI,CAAC,CAAC,gBAAgB,KAAK,SAAS;QAAE,OAAO,SAAS,UAAU,EAAE,CAAA;IAClE,OAAO,IAAI,CAAA;AACZ,CAAC;AAED,SAAS,YAAY,CAAC,CAAkB;IACvC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC;QAAE,OAAO,IAAI,CAAA;IACpD,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,CAAA;AAC5C,CAAC"}
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import type { CounterpartyPermissionRequest, CounterpartyPermissions, GroupedPermissionRequest, GroupedPermissions, PermissionRequest, PermissionToken } from '@bsv/wallet-toolbox';
|
|
2
1
|
/** The four BRC-100 permission categories. */
|
|
3
2
|
export type PermissionType = 'protocol' | 'basket' | 'certificate' | 'spending';
|
|
4
3
|
/** A normalized permission key, uniquely identifying a (originator, category, parameters) tuple. */
|
|
@@ -29,9 +28,7 @@ export type PermissionKey = {
|
|
|
29
28
|
*
|
|
30
29
|
* For spending (DSAP) grants, the ledger only stores the user-authorized cap
|
|
31
30
|
* (`authorizedAmount`). Actual monthly spend is read from the wallet's
|
|
32
|
-
* action history on every cap check via `WalletPermissionsManager.querySpentSince
|
|
33
|
-
* — the same mechanism WPM uses natively, so spent accounting remains exact
|
|
34
|
-
* and cross-device consistent.
|
|
31
|
+
* action history on every cap check via `WalletPermissionsManager.querySpentSince`.
|
|
35
32
|
*/
|
|
36
33
|
export interface StoredGrant {
|
|
37
34
|
key: PermissionKey;
|
|
@@ -50,7 +47,7 @@ export interface ListGrantsFilter {
|
|
|
50
47
|
type?: PermissionType;
|
|
51
48
|
}
|
|
52
49
|
/**
|
|
53
|
-
* Storage backend for permission grants
|
|
50
|
+
* Storage backend for permission grants used by `LocalWalletPermissionsManager`.
|
|
54
51
|
*
|
|
55
52
|
* Implementations should be keyed by the canonical string form of the
|
|
56
53
|
* `PermissionKey` (use `permissionKeyToString` from `./key`).
|
|
@@ -65,68 +62,4 @@ export interface IPermissionStore {
|
|
|
65
62
|
deleteAllForOriginator(originator: string): Promise<number>;
|
|
66
63
|
listGrants(filter?: ListGrantsFilter): Promise<StoredGrant[]>;
|
|
67
64
|
}
|
|
68
|
-
/** User decision returned from a single-permission prompt. */
|
|
69
|
-
export type PermissionPromptDecision = {
|
|
70
|
-
approved: true;
|
|
71
|
-
/** Optional override for the grant expiry in UNIX seconds. */
|
|
72
|
-
expiry?: number;
|
|
73
|
-
/** DSAP only — override the authorized amount (e.g. user chose a larger cap). */
|
|
74
|
-
authorizedAmount?: number;
|
|
75
|
-
} | {
|
|
76
|
-
approved: false;
|
|
77
|
-
};
|
|
78
|
-
/** User decision returned from a BRC-73 grouped-permission prompt. */
|
|
79
|
-
export type GroupedPermissionPromptDecision = {
|
|
80
|
-
approved: true;
|
|
81
|
-
/** Subset of the requested permissions that the user agreed to. */
|
|
82
|
-
granted: Partial<GroupedPermissions>;
|
|
83
|
-
expiry?: number;
|
|
84
|
-
} | {
|
|
85
|
-
approved: false;
|
|
86
|
-
};
|
|
87
|
-
/**
|
|
88
|
-
* User decision returned from a level-2 counterparty pact prompt.
|
|
89
|
-
*
|
|
90
|
-
* `granted` is a `Partial<CounterpartyPermissions>` because users typically
|
|
91
|
-
* approve a subset of the requested protocols, matching WPM's
|
|
92
|
-
* `grantCounterpartyPermission` signature.
|
|
93
|
-
*/
|
|
94
|
-
export type CounterpartyPermissionPromptDecision = {
|
|
95
|
-
approved: true;
|
|
96
|
-
granted: Partial<CounterpartyPermissions>;
|
|
97
|
-
expiry?: number;
|
|
98
|
-
} | {
|
|
99
|
-
approved: false;
|
|
100
|
-
};
|
|
101
|
-
/**
|
|
102
|
-
* Prompt callbacks supplied by the consumer (the host app).
|
|
103
|
-
*
|
|
104
|
-
* The adapter calls these when a grant is needed after the store lookup
|
|
105
|
-
* comes back empty. Counterparty prompts are optional — if omitted, the
|
|
106
|
-
* adapter auto-denies counterparty requests so the dApp call fails cleanly
|
|
107
|
-
* instead of hanging forever.
|
|
108
|
-
*/
|
|
109
|
-
export interface PermissionPromptHandler {
|
|
110
|
-
onPermissionRequested(request: PermissionRequest & {
|
|
111
|
-
requestID: string;
|
|
112
|
-
}): Promise<PermissionPromptDecision>;
|
|
113
|
-
onGroupedPermissionRequested(request: GroupedPermissionRequest): Promise<GroupedPermissionPromptDecision>;
|
|
114
|
-
onCounterpartyPermissionRequested?(request: CounterpartyPermissionRequest): Promise<CounterpartyPermissionPromptDecision>;
|
|
115
|
-
}
|
|
116
|
-
/** The source a permission record was loaded from when listing all permissions. */
|
|
117
|
-
export type PermissionRecordSource = 'ledger' | 'onchain';
|
|
118
|
-
/**
|
|
119
|
-
* Unified record returned by the adapter's `listAllPermissions` helper.
|
|
120
|
-
*
|
|
121
|
-
* `source: 'ledger'` records are local `StoredGrant`s; `source: 'onchain'`
|
|
122
|
-
* records are WPM `PermissionToken` shapes surfaced for level-2 counterparty
|
|
123
|
-
* pacts (and any pre-migration on-chain tokens that still exist).
|
|
124
|
-
*/
|
|
125
|
-
export type PermissionRecord = ({
|
|
126
|
-
source: 'ledger';
|
|
127
|
-
} & StoredGrant) | {
|
|
128
|
-
source: 'onchain';
|
|
129
|
-
type: PermissionType;
|
|
130
|
-
token: PermissionToken;
|
|
131
|
-
};
|
|
132
65
|
//# sourceMappingURL=types.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/permissions/types.ts"],"names":[],"mappings":"AAAA,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/permissions/types.ts"],"names":[],"mappings":"AAAA,8CAA8C;AAC9C,MAAM,MAAM,cAAc,GAAG,UAAU,GAAG,QAAQ,GAAG,aAAa,GAAG,UAAU,CAAA;AAE/E,oGAAoG;AACpG,MAAM,MAAM,aAAa,GACtB;IACA,IAAI,EAAE,UAAU,CAAA;IAChB,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,OAAO,CAAA;IACnB,aAAa,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IACxB,YAAY,EAAE,MAAM,CAAA;IACpB,YAAY,EAAE,MAAM,CAAA;CACnB,GACD;IACA,IAAI,EAAE,QAAQ,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,MAAM,CAAA;CACb,GACD;IACA,IAAI,EAAE,aAAa,CAAA;IACnB,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,OAAO,CAAA;IACnB,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,MAAM,EAAE,CAAA;CACf,GACD;IACA,IAAI,EAAE,UAAU,CAAA;IAChB,UAAU,EAAE,MAAM,CAAA;CACjB,CAAA;AAEJ;;;;;;GAMG;AACH,MAAM,WAAW,WAAW;IAC3B,GAAG,EAAE,aAAa,CAAA;IAClB,yCAAyC;IACzC,MAAM,EAAE,MAAM,CAAA;IACd,qDAAqD;IACrD,SAAS,EAAE,MAAM,CAAA;IACjB,gEAAgE;IAChE,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,sDAAsD;IACtD,gBAAgB,CAAC,EAAE,MAAM,CAAA;CACzB;AAED,sDAAsD;AACtD,MAAM,WAAW,gBAAgB;IAChC,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,IAAI,CAAC,EAAE,cAAc,CAAA;CACrB;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,gBAAgB;IAChC,SAAS,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAA;IAC1D,QAAQ,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAC3C,WAAW,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAC9C,sBAAsB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IAC3D,UAAU,CAAC,MAAM,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,CAAA;CAC7D"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@1sat/wallet",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.44",
|
|
4
4
|
"description": "BRC-100 wallet engine for 1Sat Ordinals SDK",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -44,4 +44,4 @@
|
|
|
44
44
|
"@types/chrome": "^0.1.32",
|
|
45
45
|
"typescript": "^5.9.3"
|
|
46
46
|
}
|
|
47
|
-
}
|
|
47
|
+
}
|
|
@@ -1,91 +0,0 @@
|
|
|
1
|
-
import type { WalletPermissionsManager } from '@bsv/wallet-toolbox';
|
|
2
|
-
import type { IPermissionStore, PermissionKey, PermissionPromptHandler, PermissionRecord } from './types';
|
|
3
|
-
export interface PermissionLedgerAdapterOptions {
|
|
4
|
-
/** The WPM instance to attach callbacks to. */
|
|
5
|
-
wallet: WalletPermissionsManager;
|
|
6
|
-
/** Persistent store for permission grants. */
|
|
7
|
-
store: IPermissionStore;
|
|
8
|
-
/** UI prompt callbacks. */
|
|
9
|
-
prompt: PermissionPromptHandler;
|
|
10
|
-
}
|
|
11
|
-
/**
|
|
12
|
-
* Bridges an {@link IPermissionStore} to a {@link WalletPermissionsManager}.
|
|
13
|
-
*
|
|
14
|
-
* The adapter owns WPM's permission callbacks. On every permission check:
|
|
15
|
-
*
|
|
16
|
-
* 1. It looks up a stored grant in the supplied store.
|
|
17
|
-
* 2. If a valid unexpired grant exists, it calls
|
|
18
|
-
* `wallet.grantPermission({ ephemeral: true })` silently. WPM resolves
|
|
19
|
-
* the pending dApp call without writing anything to the chain.
|
|
20
|
-
* 3. Otherwise it delegates to the host app's prompt handler. On approval,
|
|
21
|
-
* it writes the grant to the store and calls `grantPermission` ephemerally.
|
|
22
|
-
*
|
|
23
|
-
* BRC-73 grouped permissions are handled via `dismissGroupedPermission` after
|
|
24
|
-
* writing each sub-permission to the store. WPM's downstream per-method checks
|
|
25
|
-
* then find the entries on their individual callback paths. When a site adds
|
|
26
|
-
* a new permission between visits, the prompt receives only the missing
|
|
27
|
-
* subset — already-granted permissions are not re-listed.
|
|
28
|
-
*
|
|
29
|
-
* DSAP (spending) cap enforcement reads actual confirmed spend from the
|
|
30
|
-
* wallet's action history via `WalletPermissionsManager.querySpentSince` —
|
|
31
|
-
* the same mechanism WPM uses natively. No ledger-side counter is
|
|
32
|
-
* maintained, so failed broadcasts cannot cause drift.
|
|
33
|
-
*
|
|
34
|
-
* Level-2 counterparty pacts (`onCounterpartyPermissionRequested`) remain
|
|
35
|
-
* on-chain: the adapter just routes the UI decision to WPM's native
|
|
36
|
-
* `grantCounterpartyPermission` / `denyCounterpartyPermission`. If the
|
|
37
|
-
* consumer omits `prompt.onCounterpartyPermissionRequested`, the adapter
|
|
38
|
-
* auto-denies counterparty requests so the dApp call fails cleanly instead
|
|
39
|
-
* of hanging forever.
|
|
40
|
-
*
|
|
41
|
-
* Call {@link dispose} to unbind callbacks when tearing down the wallet.
|
|
42
|
-
*/
|
|
43
|
-
export declare class PermissionLedgerAdapter {
|
|
44
|
-
private readonly wallet;
|
|
45
|
-
private readonly store;
|
|
46
|
-
private readonly prompt;
|
|
47
|
-
private boundCallbacks;
|
|
48
|
-
constructor(options: PermissionLedgerAdapterOptions);
|
|
49
|
-
private bindCallbacks;
|
|
50
|
-
/** Unbinds every callback this adapter registered on the wallet. */
|
|
51
|
-
dispose(): void;
|
|
52
|
-
private handleSingle;
|
|
53
|
-
private handleSpending;
|
|
54
|
-
private handleGrouped;
|
|
55
|
-
private handleCounterparty;
|
|
56
|
-
private safeDeny;
|
|
57
|
-
/**
|
|
58
|
-
* Return the full union of local (ledger) grants and on-chain WPM tokens.
|
|
59
|
-
*
|
|
60
|
-
* Under the default setup, the on-chain side contains only level-2
|
|
61
|
-
* counterparty pacts (and any pre-migration tokens that still exist).
|
|
62
|
-
* Records are tagged with `source: 'ledger' | 'onchain'` so the revoke
|
|
63
|
-
* handler can route correctly.
|
|
64
|
-
*/
|
|
65
|
-
listAllPermissions(): Promise<PermissionRecord[]>;
|
|
66
|
-
/**
|
|
67
|
-
* Revoke a single ledger-backed grant.
|
|
68
|
-
*
|
|
69
|
-
* To revoke an on-chain (counterparty) token, call
|
|
70
|
-
* `wallet.revokePermission(token)` directly with the raw WPM token.
|
|
71
|
-
*/
|
|
72
|
-
revokeLedgerGrant(key: PermissionKey): Promise<void>;
|
|
73
|
-
/**
|
|
74
|
-
* Revoke every grant for an originator across both stores.
|
|
75
|
-
*
|
|
76
|
-
* Returns counts of what was removed from each side.
|
|
77
|
-
*/
|
|
78
|
-
revokeAllForOriginator(originator: string): Promise<{
|
|
79
|
-
ledger: number;
|
|
80
|
-
onchain: number;
|
|
81
|
-
}>;
|
|
82
|
-
/**
|
|
83
|
-
* Return the satoshi amount spent against the given DSAP grant in the
|
|
84
|
-
* current UTC month, read from the wallet's action history.
|
|
85
|
-
*
|
|
86
|
-
* Delegates to `WalletPermissionsManager.querySpentSince` for accuracy and
|
|
87
|
-
* cross-device consistency — the ledger does not track spend itself.
|
|
88
|
-
*/
|
|
89
|
-
querySpent(key: PermissionKey): Promise<number>;
|
|
90
|
-
}
|
|
91
|
-
//# sourceMappingURL=adapter.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"adapter.d.ts","sourceRoot":"","sources":["../../src/permissions/adapter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAQX,wBAAwB,EAExB,MAAM,qBAAqB,CAAA;AAS5B,OAAO,KAAK,EACX,gBAAgB,EAChB,aAAa,EACb,uBAAuB,EACvB,gBAAgB,EAEhB,MAAM,SAAS,CAAA;AAEhB,MAAM,WAAW,8BAA8B;IAC9C,+CAA+C;IAC/C,MAAM,EAAE,wBAAwB,CAAA;IAChC,8CAA8C;IAC9C,KAAK,EAAE,gBAAgB,CAAA;IACvB,2BAA2B;IAC3B,MAAM,EAAE,uBAAuB,CAAA;CAC/B;AAQD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,qBAAa,uBAAuB;IACnC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA0B;IACjD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAkB;IACxC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAyB;IAChD,OAAO,CAAC,cAAc,CAAoC;gBAE9C,OAAO,EAAE,8BAA8B;IAOnD,OAAO,CAAC,aAAa;IAoBrB,oEAAoE;IACpE,OAAO,IAAI,IAAI;YAWD,YAAY;YAmCZ,cAAc;YAwDd,aAAa;YAgEb,kBAAkB;YA8BlB,QAAQ;IAQtB;;;;;;;OAOG;IACG,kBAAkB,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAqCvD;;;;;OAKG;IACG,iBAAiB,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAI1D;;;;OAIG;IACG,sBAAsB,CAC3B,UAAU,EAAE,MAAM,GAChB,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAO/C;;;;;;OAMG;IACG,UAAU,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC;CAMrD"}
|
|
@@ -1,317 +0,0 @@
|
|
|
1
|
-
import { filterGroupedByMissing, isExpired, normalizeOriginator, permissionKeyFromRequest, permissionKeyToString, permissionKeysFromGroup, } from './key';
|
|
2
|
-
/**
|
|
3
|
-
* Bridges an {@link IPermissionStore} to a {@link WalletPermissionsManager}.
|
|
4
|
-
*
|
|
5
|
-
* The adapter owns WPM's permission callbacks. On every permission check:
|
|
6
|
-
*
|
|
7
|
-
* 1. It looks up a stored grant in the supplied store.
|
|
8
|
-
* 2. If a valid unexpired grant exists, it calls
|
|
9
|
-
* `wallet.grantPermission({ ephemeral: true })` silently. WPM resolves
|
|
10
|
-
* the pending dApp call without writing anything to the chain.
|
|
11
|
-
* 3. Otherwise it delegates to the host app's prompt handler. On approval,
|
|
12
|
-
* it writes the grant to the store and calls `grantPermission` ephemerally.
|
|
13
|
-
*
|
|
14
|
-
* BRC-73 grouped permissions are handled via `dismissGroupedPermission` after
|
|
15
|
-
* writing each sub-permission to the store. WPM's downstream per-method checks
|
|
16
|
-
* then find the entries on their individual callback paths. When a site adds
|
|
17
|
-
* a new permission between visits, the prompt receives only the missing
|
|
18
|
-
* subset — already-granted permissions are not re-listed.
|
|
19
|
-
*
|
|
20
|
-
* DSAP (spending) cap enforcement reads actual confirmed spend from the
|
|
21
|
-
* wallet's action history via `WalletPermissionsManager.querySpentSince` —
|
|
22
|
-
* the same mechanism WPM uses natively. No ledger-side counter is
|
|
23
|
-
* maintained, so failed broadcasts cannot cause drift.
|
|
24
|
-
*
|
|
25
|
-
* Level-2 counterparty pacts (`onCounterpartyPermissionRequested`) remain
|
|
26
|
-
* on-chain: the adapter just routes the UI decision to WPM's native
|
|
27
|
-
* `grantCounterpartyPermission` / `denyCounterpartyPermission`. If the
|
|
28
|
-
* consumer omits `prompt.onCounterpartyPermissionRequested`, the adapter
|
|
29
|
-
* auto-denies counterparty requests so the dApp call fails cleanly instead
|
|
30
|
-
* of hanging forever.
|
|
31
|
-
*
|
|
32
|
-
* Call {@link dispose} to unbind callbacks when tearing down the wallet.
|
|
33
|
-
*/
|
|
34
|
-
export class PermissionLedgerAdapter {
|
|
35
|
-
wallet;
|
|
36
|
-
store;
|
|
37
|
-
prompt;
|
|
38
|
-
boundCallbacks = [];
|
|
39
|
-
constructor(options) {
|
|
40
|
-
this.wallet = options.wallet;
|
|
41
|
-
this.store = options.store;
|
|
42
|
-
this.prompt = options.prompt;
|
|
43
|
-
this.bindCallbacks();
|
|
44
|
-
}
|
|
45
|
-
bindCallbacks() {
|
|
46
|
-
const bind = (name, handler) => {
|
|
47
|
-
const id = this.wallet.bindCallback(name, handler);
|
|
48
|
-
this.boundCallbacks.push([name, id]);
|
|
49
|
-
};
|
|
50
|
-
const single = (r) => this.handleSingle(r);
|
|
51
|
-
const spending = (r) => this.handleSpending(r);
|
|
52
|
-
const grouped = (r) => this.handleGrouped(r);
|
|
53
|
-
const counterparty = (r) => this.handleCounterparty(r);
|
|
54
|
-
bind('onProtocolPermissionRequested', single);
|
|
55
|
-
bind('onBasketAccessRequested', single);
|
|
56
|
-
bind('onCertificateAccessRequested', single);
|
|
57
|
-
bind('onSpendingAuthorizationRequested', spending);
|
|
58
|
-
bind('onGroupedPermissionRequested', grouped);
|
|
59
|
-
bind('onCounterpartyPermissionRequested', counterparty);
|
|
60
|
-
}
|
|
61
|
-
/** Unbinds every callback this adapter registered on the wallet. */
|
|
62
|
-
dispose() {
|
|
63
|
-
for (const [name, id] of this.boundCallbacks) {
|
|
64
|
-
this.wallet.unbindCallback(name, id);
|
|
65
|
-
}
|
|
66
|
-
this.boundCallbacks = [];
|
|
67
|
-
}
|
|
68
|
-
// ---------------------------------------------------------------------
|
|
69
|
-
// Handlers
|
|
70
|
-
// ---------------------------------------------------------------------
|
|
71
|
-
async handleSingle(request) {
|
|
72
|
-
try {
|
|
73
|
-
const key = permissionKeyFromRequest(request);
|
|
74
|
-
const existing = await this.store.findGrant(key);
|
|
75
|
-
if (existing && !isExpired(existing.expiry)) {
|
|
76
|
-
await this.wallet.grantPermission({
|
|
77
|
-
requestID: request.requestID,
|
|
78
|
-
ephemeral: true,
|
|
79
|
-
});
|
|
80
|
-
return;
|
|
81
|
-
}
|
|
82
|
-
const decision = await this.prompt.onPermissionRequested(request);
|
|
83
|
-
if (decision.approved) {
|
|
84
|
-
await this.store.putGrant({
|
|
85
|
-
key,
|
|
86
|
-
expiry: decision.expiry ?? 0,
|
|
87
|
-
grantedAt: Date.now(),
|
|
88
|
-
reason: request.reason,
|
|
89
|
-
});
|
|
90
|
-
await this.wallet.grantPermission({
|
|
91
|
-
requestID: request.requestID,
|
|
92
|
-
ephemeral: true,
|
|
93
|
-
});
|
|
94
|
-
}
|
|
95
|
-
else {
|
|
96
|
-
await this.wallet.denyPermission(request.requestID);
|
|
97
|
-
}
|
|
98
|
-
}
|
|
99
|
-
catch (err) {
|
|
100
|
-
await this.safeDeny(request.requestID);
|
|
101
|
-
throw err;
|
|
102
|
-
}
|
|
103
|
-
}
|
|
104
|
-
async handleSpending(request) {
|
|
105
|
-
try {
|
|
106
|
-
if (request.type !== 'spending' || !request.spending) {
|
|
107
|
-
await this.wallet.denyPermission(request.requestID);
|
|
108
|
-
return;
|
|
109
|
-
}
|
|
110
|
-
const key = permissionKeyFromRequest(request);
|
|
111
|
-
const needed = request.spending.satoshis;
|
|
112
|
-
const existing = await this.store.findGrant(key);
|
|
113
|
-
if (existing &&
|
|
114
|
-
!isExpired(existing.expiry) &&
|
|
115
|
-
existing.key.type === 'spending' &&
|
|
116
|
-
existing.authorizedAmount != null) {
|
|
117
|
-
// Read actual confirmed spend for this originator this month directly
|
|
118
|
-
// from the wallet's action history. WPM's own `querySpentSince` only
|
|
119
|
-
// reads `token.originator` + `token.rawOriginator`, so we can pass a
|
|
120
|
-
// minimal stub rather than reconstruct a full PermissionToken.
|
|
121
|
-
const spent = await this.wallet.querySpentSince({
|
|
122
|
-
originator: existing.key.originator,
|
|
123
|
-
});
|
|
124
|
-
if (spent + needed <= existing.authorizedAmount) {
|
|
125
|
-
await this.wallet.grantPermission({
|
|
126
|
-
requestID: request.requestID,
|
|
127
|
-
ephemeral: true,
|
|
128
|
-
});
|
|
129
|
-
return;
|
|
130
|
-
}
|
|
131
|
-
}
|
|
132
|
-
const decision = await this.prompt.onPermissionRequested(request);
|
|
133
|
-
if (decision.approved) {
|
|
134
|
-
await this.store.putGrant({
|
|
135
|
-
key,
|
|
136
|
-
expiry: decision.expiry ?? 0,
|
|
137
|
-
grantedAt: Date.now(),
|
|
138
|
-
reason: request.reason,
|
|
139
|
-
authorizedAmount: decision.authorizedAmount ?? needed,
|
|
140
|
-
});
|
|
141
|
-
await this.wallet.grantPermission({
|
|
142
|
-
requestID: request.requestID,
|
|
143
|
-
ephemeral: true,
|
|
144
|
-
});
|
|
145
|
-
}
|
|
146
|
-
else {
|
|
147
|
-
await this.wallet.denyPermission(request.requestID);
|
|
148
|
-
}
|
|
149
|
-
}
|
|
150
|
-
catch (err) {
|
|
151
|
-
await this.safeDeny(request.requestID);
|
|
152
|
-
throw err;
|
|
153
|
-
}
|
|
154
|
-
}
|
|
155
|
-
async handleGrouped(request) {
|
|
156
|
-
try {
|
|
157
|
-
const neededKeys = permissionKeysFromGroup(request.originator, request.permissions);
|
|
158
|
-
const lookups = await Promise.all(neededKeys.map((k) => this.store.findGrant(k)));
|
|
159
|
-
const missingKeys = new Set();
|
|
160
|
-
for (let i = 0; i < neededKeys.length; i++) {
|
|
161
|
-
const g = lookups[i];
|
|
162
|
-
if (!g || isExpired(g.expiry)) {
|
|
163
|
-
missingKeys.add(permissionKeyToString(neededKeys[i]));
|
|
164
|
-
}
|
|
165
|
-
}
|
|
166
|
-
if (missingKeys.size === 0) {
|
|
167
|
-
await this.wallet.dismissGroupedPermission(request.requestID);
|
|
168
|
-
return;
|
|
169
|
-
}
|
|
170
|
-
// Hand the prompt only the sub-permissions that still need approval.
|
|
171
|
-
// On first visit this equals the full bundle; on a revisit where the
|
|
172
|
-
// site has added one new permission, only that new one is shown.
|
|
173
|
-
const trimmedPermissions = filterGroupedByMissing(request.originator, request.permissions, missingKeys);
|
|
174
|
-
const decision = await this.prompt.onGroupedPermissionRequested({
|
|
175
|
-
...request,
|
|
176
|
-
permissions: trimmedPermissions,
|
|
177
|
-
});
|
|
178
|
-
if (!decision.approved) {
|
|
179
|
-
await this.wallet.denyGroupedPermission(request.requestID);
|
|
180
|
-
return;
|
|
181
|
-
}
|
|
182
|
-
const normalized = normalizeOriginator(request.originator);
|
|
183
|
-
const grantedKeys = permissionKeysFromGroup(normalized, decision.granted);
|
|
184
|
-
const now = Date.now();
|
|
185
|
-
const expiry = decision.expiry ?? 0;
|
|
186
|
-
for (const key of grantedKeys) {
|
|
187
|
-
const grant = { key, expiry, grantedAt: now };
|
|
188
|
-
if (key.type === 'spending' && decision.granted.spendingAuthorization) {
|
|
189
|
-
grant.authorizedAmount = decision.granted.spendingAuthorization.amount;
|
|
190
|
-
grant.reason = decision.granted.spendingAuthorization.description;
|
|
191
|
-
}
|
|
192
|
-
await this.store.putGrant(grant);
|
|
193
|
-
}
|
|
194
|
-
await this.wallet.dismissGroupedPermission(request.requestID);
|
|
195
|
-
}
|
|
196
|
-
catch (err) {
|
|
197
|
-
await this.wallet
|
|
198
|
-
.denyGroupedPermission(request.requestID)
|
|
199
|
-
.catch(() => undefined);
|
|
200
|
-
throw err;
|
|
201
|
-
}
|
|
202
|
-
}
|
|
203
|
-
async handleCounterparty(request) {
|
|
204
|
-
// Level-2 counterparty pacts stay on-chain. The adapter does not consult
|
|
205
|
-
// the local store for these; it just routes the consumer's UI decision
|
|
206
|
-
// to WPM's native grant/deny (which writes the token to the chain).
|
|
207
|
-
const handler = this.prompt.onCounterpartyPermissionRequested;
|
|
208
|
-
if (!handler) {
|
|
209
|
-
await this.wallet.denyCounterpartyPermission(request.requestID);
|
|
210
|
-
return;
|
|
211
|
-
}
|
|
212
|
-
try {
|
|
213
|
-
const decision = await handler(request);
|
|
214
|
-
if (decision.approved) {
|
|
215
|
-
await this.wallet.grantCounterpartyPermission({
|
|
216
|
-
requestID: request.requestID,
|
|
217
|
-
granted: decision.granted,
|
|
218
|
-
expiry: decision.expiry,
|
|
219
|
-
});
|
|
220
|
-
}
|
|
221
|
-
else {
|
|
222
|
-
await this.wallet.denyCounterpartyPermission(request.requestID);
|
|
223
|
-
}
|
|
224
|
-
}
|
|
225
|
-
catch (err) {
|
|
226
|
-
await this.wallet
|
|
227
|
-
.denyCounterpartyPermission(request.requestID)
|
|
228
|
-
.catch(() => undefined);
|
|
229
|
-
throw err;
|
|
230
|
-
}
|
|
231
|
-
}
|
|
232
|
-
async safeDeny(requestID) {
|
|
233
|
-
await this.wallet.denyPermission(requestID).catch(() => undefined);
|
|
234
|
-
}
|
|
235
|
-
// ---------------------------------------------------------------------
|
|
236
|
-
// Management helpers (for consumers to rebuild UIs)
|
|
237
|
-
// ---------------------------------------------------------------------
|
|
238
|
-
/**
|
|
239
|
-
* Return the full union of local (ledger) grants and on-chain WPM tokens.
|
|
240
|
-
*
|
|
241
|
-
* Under the default setup, the on-chain side contains only level-2
|
|
242
|
-
* counterparty pacts (and any pre-migration tokens that still exist).
|
|
243
|
-
* Records are tagged with `source: 'ledger' | 'onchain'` so the revoke
|
|
244
|
-
* handler can route correctly.
|
|
245
|
-
*/
|
|
246
|
-
async listAllPermissions() {
|
|
247
|
-
const [ledger, protocols, baskets, spending, certs] = await Promise.all([
|
|
248
|
-
this.store.listGrants(),
|
|
249
|
-
this.wallet.listProtocolPermissions({}),
|
|
250
|
-
this.wallet.listBasketAccess({}),
|
|
251
|
-
this.wallet.listSpendingAuthorizations({}),
|
|
252
|
-
this.wallet.listCertificateAccess({}),
|
|
253
|
-
]);
|
|
254
|
-
const ledgerRecords = ledger.map((g) => ({
|
|
255
|
-
source: 'ledger',
|
|
256
|
-
...g,
|
|
257
|
-
}));
|
|
258
|
-
const onChain = [
|
|
259
|
-
...protocols.map((t) => ({
|
|
260
|
-
source: 'onchain',
|
|
261
|
-
type: 'protocol',
|
|
262
|
-
token: t,
|
|
263
|
-
})),
|
|
264
|
-
...baskets.map((t) => ({
|
|
265
|
-
source: 'onchain',
|
|
266
|
-
type: 'basket',
|
|
267
|
-
token: t,
|
|
268
|
-
})),
|
|
269
|
-
...spending.map((t) => ({
|
|
270
|
-
source: 'onchain',
|
|
271
|
-
type: 'spending',
|
|
272
|
-
token: t,
|
|
273
|
-
})),
|
|
274
|
-
...certs.map((t) => ({
|
|
275
|
-
source: 'onchain',
|
|
276
|
-
type: 'certificate',
|
|
277
|
-
token: t,
|
|
278
|
-
})),
|
|
279
|
-
];
|
|
280
|
-
return [...ledgerRecords, ...onChain];
|
|
281
|
-
}
|
|
282
|
-
/**
|
|
283
|
-
* Revoke a single ledger-backed grant.
|
|
284
|
-
*
|
|
285
|
-
* To revoke an on-chain (counterparty) token, call
|
|
286
|
-
* `wallet.revokePermission(token)` directly with the raw WPM token.
|
|
287
|
-
*/
|
|
288
|
-
async revokeLedgerGrant(key) {
|
|
289
|
-
await this.store.deleteGrant(key);
|
|
290
|
-
}
|
|
291
|
-
/**
|
|
292
|
-
* Revoke every grant for an originator across both stores.
|
|
293
|
-
*
|
|
294
|
-
* Returns counts of what was removed from each side.
|
|
295
|
-
*/
|
|
296
|
-
async revokeAllForOriginator(originator) {
|
|
297
|
-
const normalized = normalizeOriginator(originator);
|
|
298
|
-
const ledgerCount = await this.store.deleteAllForOriginator(normalized);
|
|
299
|
-
const onchainRevoked = await this.wallet.revokeAllForOriginator(normalized);
|
|
300
|
-
return { ledger: ledgerCount, onchain: onchainRevoked.length };
|
|
301
|
-
}
|
|
302
|
-
/**
|
|
303
|
-
* Return the satoshi amount spent against the given DSAP grant in the
|
|
304
|
-
* current UTC month, read from the wallet's action history.
|
|
305
|
-
*
|
|
306
|
-
* Delegates to `WalletPermissionsManager.querySpentSince` for accuracy and
|
|
307
|
-
* cross-device consistency — the ledger does not track spend itself.
|
|
308
|
-
*/
|
|
309
|
-
async querySpent(key) {
|
|
310
|
-
if (key.type !== 'spending')
|
|
311
|
-
return 0;
|
|
312
|
-
return this.wallet.querySpentSince({
|
|
313
|
-
originator: key.originator,
|
|
314
|
-
});
|
|
315
|
-
}
|
|
316
|
-
}
|
|
317
|
-
//# sourceMappingURL=adapter.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"adapter.js","sourceRoot":"","sources":["../../src/permissions/adapter.ts"],"names":[],"mappings":"AAWA,OAAO,EACN,sBAAsB,EACtB,SAAS,EACT,mBAAmB,EACnB,wBAAwB,EACxB,qBAAqB,EACrB,uBAAuB,GACvB,MAAM,OAAO,CAAA;AAwBd;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,MAAM,OAAO,uBAAuB;IAClB,MAAM,CAA0B;IAChC,KAAK,CAAkB;IACvB,MAAM,CAAyB;IACxC,cAAc,GAAkC,EAAE,CAAA;IAE1D,YAAY,OAAuC;QAClD,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAA;QAC5B,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAA;QAC1B,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAA;QAC5B,IAAI,CAAC,aAAa,EAAE,CAAA;IACrB,CAAC;IAEO,aAAa;QACpB,MAAM,IAAI,GAAG,CAAC,IAAkB,EAAE,OAAkC,EAAE,EAAE;YACvE,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;YAClD,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAA;QACrC,CAAC,CAAA;QAED,MAAM,MAAM,GAA2B,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;QAClE,MAAM,QAAQ,GAA2B,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAA;QACtE,MAAM,OAAO,GAAkC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAA;QAC3E,MAAM,YAAY,GAAuC,CAAC,CAAC,EAAE,EAAE,CAC9D,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAA;QAE3B,IAAI,CAAC,+BAA+B,EAAE,MAAM,CAAC,CAAA;QAC7C,IAAI,CAAC,yBAAyB,EAAE,MAAM,CAAC,CAAA;QACvC,IAAI,CAAC,8BAA8B,EAAE,MAAM,CAAC,CAAA;QAC5C,IAAI,CAAC,kCAAkC,EAAE,QAAQ,CAAC,CAAA;QAClD,IAAI,CAAC,8BAA8B,EAAE,OAAO,CAAC,CAAA;QAC7C,IAAI,CAAC,mCAAmC,EAAE,YAAY,CAAC,CAAA;IACxD,CAAC;IAED,oEAAoE;IACpE,OAAO;QACN,KAAK,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YAC9C,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;QACrC,CAAC;QACD,IAAI,CAAC,cAAc,GAAG,EAAE,CAAA;IACzB,CAAC;IAED,wEAAwE;IACxE,WAAW;IACX,wEAAwE;IAEhE,KAAK,CAAC,YAAY,CACzB,OAAkD;QAElD,IAAI,CAAC;YACJ,MAAM,GAAG,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAA;YAC7C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;YAChD,IAAI,QAAQ,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC7C,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC;oBACjC,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,SAAS,EAAE,IAAI;iBACf,CAAC,CAAA;gBACF,OAAM;YACP,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAA;YACjE,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;gBACvB,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;oBACzB,GAAG;oBACH,MAAM,EAAE,QAAQ,CAAC,MAAM,IAAI,CAAC;oBAC5B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,MAAM,EAAE,OAAO,CAAC,MAAM;iBACtB,CAAC,CAAA;gBACF,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC;oBACjC,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,SAAS,EAAE,IAAI;iBACf,CAAC,CAAA;YACH,CAAC;iBAAM,CAAC;gBACP,MAAM,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;YACpD,CAAC;QACF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;YACtC,MAAM,GAAG,CAAA;QACV,CAAC;IACF,CAAC;IAEO,KAAK,CAAC,cAAc,CAC3B,OAAkD;QAElD,IAAI,CAAC;YACJ,IAAI,OAAO,CAAC,IAAI,KAAK,UAAU,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACtD,MAAM,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;gBACnD,OAAM;YACP,CAAC;YACD,MAAM,GAAG,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAA;YAC7C,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAA;YACxC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;YAEhD,IACC,QAAQ;gBACR,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAC3B,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,UAAU;gBAChC,QAAQ,CAAC,gBAAgB,IAAI,IAAI,EAChC,CAAC;gBACF,sEAAsE;gBACtE,qEAAqE;gBACrE,qEAAqE;gBACrE,+DAA+D;gBAC/D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC;oBAC/C,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,UAAU;iBAChB,CAAC,CAAA;gBACrB,IAAI,KAAK,GAAG,MAAM,IAAI,QAAQ,CAAC,gBAAgB,EAAE,CAAC;oBACjD,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC;wBACjC,SAAS,EAAE,OAAO,CAAC,SAAS;wBAC5B,SAAS,EAAE,IAAI;qBACf,CAAC,CAAA;oBACF,OAAM;gBACP,CAAC;YACF,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAA;YACjE,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;gBACvB,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;oBACzB,GAAG;oBACH,MAAM,EAAE,QAAQ,CAAC,MAAM,IAAI,CAAC;oBAC5B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB,IAAI,MAAM;iBACrD,CAAC,CAAA;gBACF,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC;oBACjC,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,SAAS,EAAE,IAAI;iBACf,CAAC,CAAA;YACH,CAAC;iBAAM,CAAC;gBACP,MAAM,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;YACpD,CAAC;QACF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;YACtC,MAAM,GAAG,CAAA;QACV,CAAC;IACF,CAAC;IAEO,KAAK,CAAC,aAAa,CAC1B,OAAiC;QAEjC,IAAI,CAAC;YACJ,MAAM,UAAU,GAAG,uBAAuB,CACzC,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,WAAW,CACnB,CAAA;YACD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAChC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAC9C,CAAA;YACD,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAA;YACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC5C,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;gBACpB,IAAI,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC/B,WAAW,CAAC,GAAG,CAAC,qBAAqB,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;gBACtD,CAAC;YACF,CAAC;YAED,IAAI,WAAW,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBAC5B,MAAM,IAAI,CAAC,MAAM,CAAC,wBAAwB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;gBAC7D,OAAM;YACP,CAAC;YAED,qEAAqE;YACrE,qEAAqE;YACrE,iEAAiE;YACjE,MAAM,kBAAkB,GAAG,sBAAsB,CAChD,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,WAAW,EACnB,WAAW,CACX,CAAA;YACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,4BAA4B,CAAC;gBAC/D,GAAG,OAAO;gBACV,WAAW,EAAE,kBAAkB;aAC/B,CAAC,CAAA;YACF,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;gBACxB,MAAM,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;gBAC1D,OAAM;YACP,CAAC;YAED,MAAM,UAAU,GAAG,mBAAmB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;YAC1D,MAAM,WAAW,GAAG,uBAAuB,CAAC,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAA;YACzE,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;YACtB,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,IAAI,CAAC,CAAA;YAEnC,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;gBAC/B,MAAM,KAAK,GAAgB,EAAE,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,CAAA;gBAC1D,IAAI,GAAG,CAAC,IAAI,KAAK,UAAU,IAAI,QAAQ,CAAC,OAAO,CAAC,qBAAqB,EAAE,CAAC;oBACvE,KAAK,CAAC,gBAAgB,GAAG,QAAQ,CAAC,OAAO,CAAC,qBAAqB,CAAC,MAAM,CAAA;oBACtE,KAAK,CAAC,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,qBAAqB,CAAC,WAAW,CAAA;gBAClE,CAAC;gBACD,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;YACjC,CAAC;YAED,MAAM,IAAI,CAAC,MAAM,CAAC,wBAAwB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;QAC9D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,MAAM,IAAI,CAAC,MAAM;iBACf,qBAAqB,CAAC,OAAO,CAAC,SAAS,CAAC;iBACxC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAA;YACxB,MAAM,GAAG,CAAA;QACV,CAAC;IACF,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAC/B,OAAsC;QAEtC,yEAAyE;QACzE,uEAAuE;QACvE,oEAAoE;QACpE,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,iCAAiC,CAAA;QAC7D,IAAI,CAAC,OAAO,EAAE,CAAC;YACd,MAAM,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;YAC/D,OAAM;QACP,CAAC;QACD,IAAI,CAAC;YACJ,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,CAAA;YACvC,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;gBACvB,MAAM,IAAI,CAAC,MAAM,CAAC,2BAA2B,CAAC;oBAC7C,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,OAAO,EAAE,QAAQ,CAAC,OAAO;oBACzB,MAAM,EAAE,QAAQ,CAAC,MAAM;iBACvB,CAAC,CAAA;YACH,CAAC;iBAAM,CAAC;gBACP,MAAM,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;YAChE,CAAC;QACF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,MAAM,IAAI,CAAC,MAAM;iBACf,0BAA0B,CAAC,OAAO,CAAC,SAAS,CAAC;iBAC7C,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAA;YACxB,MAAM,GAAG,CAAA;QACV,CAAC;IACF,CAAC;IAEO,KAAK,CAAC,QAAQ,CAAC,SAAiB;QACvC,MAAM,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAA;IACnE,CAAC;IAED,wEAAwE;IACxE,oDAAoD;IACpD,wEAAwE;IAExE;;;;;;;OAOG;IACH,KAAK,CAAC,kBAAkB;QACvB,MAAM,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACvE,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE;YACvB,IAAI,CAAC,MAAM,CAAC,uBAAuB,CAAC,EAAE,CAAC;YACvC,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAChC,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC,EAAE,CAAC;YAC1C,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,EAAE,CAAC;SACrC,CAAC,CAAA;QACF,MAAM,aAAa,GAAuB,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC5D,MAAM,EAAE,QAAQ;YAChB,GAAG,CAAC;SACJ,CAAC,CAAC,CAAA;QACH,MAAM,OAAO,GAAuB;YACnC,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACxB,MAAM,EAAE,SAAkB;gBAC1B,IAAI,EAAE,UAAmB;gBACzB,KAAK,EAAE,CAAC;aACR,CAAC,CAAC;YACH,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACtB,MAAM,EAAE,SAAkB;gBAC1B,IAAI,EAAE,QAAiB;gBACvB,KAAK,EAAE,CAAC;aACR,CAAC,CAAC;YACH,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACvB,MAAM,EAAE,SAAkB;gBAC1B,IAAI,EAAE,UAAmB;gBACzB,KAAK,EAAE,CAAC;aACR,CAAC,CAAC;YACH,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACpB,MAAM,EAAE,SAAkB;gBAC1B,IAAI,EAAE,aAAsB;gBAC5B,KAAK,EAAE,CAAC;aACR,CAAC,CAAC;SACH,CAAA;QACD,OAAO,CAAC,GAAG,aAAa,EAAE,GAAG,OAAO,CAAC,CAAA;IACtC,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,iBAAiB,CAAC,GAAkB;QACzC,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;IAClC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,sBAAsB,CAC3B,UAAkB;QAElB,MAAM,UAAU,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAA;QAClD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAA;QACvE,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAA;QAC3E,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,cAAc,CAAC,MAAM,EAAE,CAAA;IAC/D,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,UAAU,CAAC,GAAkB;QAClC,IAAI,GAAG,CAAC,IAAI,KAAK,UAAU;YAAE,OAAO,CAAC,CAAA;QACrC,OAAO,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC;YAClC,UAAU,EAAE,GAAG,CAAC,UAAU;SACP,CAAC,CAAA;IACtB,CAAC;CACD"}
|