@abaxxtech/id 0.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +201 -0
- package/README.md +31 -0
- package/README.npm.md +31 -0
- package/dist/bundles/dwn.js +83 -0
- package/dist/cjs/index.js +31250 -0
- package/dist/cjs/package.json +1 -0
- package/dist/esm/generated/precompiled-validators.js +7820 -0
- package/dist/esm/generated/precompiled-validators.js.map +1 -0
- package/dist/esm/json-schemas/definitions.json +23 -0
- package/dist/esm/src/core/abstract-message.js +37 -0
- package/dist/esm/src/core/abstract-message.js.map +1 -0
- package/dist/esm/src/core/auth.js +97 -0
- package/dist/esm/src/core/auth.js.map +1 -0
- package/dist/esm/src/core/dwn-constant.js +8 -0
- package/dist/esm/src/core/dwn-constant.js.map +1 -0
- package/dist/esm/src/core/dwn-error.js +138 -0
- package/dist/esm/src/core/dwn-error.js.map +1 -0
- package/dist/esm/src/core/grant-authorization.js +108 -0
- package/dist/esm/src/core/grant-authorization.js.map +1 -0
- package/dist/esm/src/core/message-reply.js +5 -0
- package/dist/esm/src/core/message-reply.js.map +1 -0
- package/dist/esm/src/core/message.js +200 -0
- package/dist/esm/src/core/message.js.map +1 -0
- package/dist/esm/src/core/protocol-authorization.js +449 -0
- package/dist/esm/src/core/protocol-authorization.js.map +1 -0
- package/dist/esm/src/core/records-grant-authorization.js +106 -0
- package/dist/esm/src/core/records-grant-authorization.js.map +1 -0
- package/dist/esm/src/core/tenant-gate.js +20 -0
- package/dist/esm/src/core/tenant-gate.js.map +1 -0
- package/dist/esm/src/did/did-dht-resolver.js +241 -0
- package/dist/esm/src/did/did-dht-resolver.js.map +1 -0
- package/dist/esm/src/did/did-ion-resolver.js +53 -0
- package/dist/esm/src/did/did-ion-resolver.js.map +1 -0
- package/dist/esm/src/did/did-key-resolver.js +135 -0
- package/dist/esm/src/did/did-key-resolver.js.map +1 -0
- package/dist/esm/src/did/did-resolver.js +70 -0
- package/dist/esm/src/did/did-resolver.js.map +1 -0
- package/dist/esm/src/did/did.js +36 -0
- package/dist/esm/src/did/did.js.map +1 -0
- package/dist/esm/src/dwn.js +164 -0
- package/dist/esm/src/dwn.js.map +1 -0
- package/dist/esm/src/enums/dwn-interface-method.js +22 -0
- package/dist/esm/src/enums/dwn-interface-method.js.map +1 -0
- package/dist/esm/src/event-log/event-log-level.js +112 -0
- package/dist/esm/src/event-log/event-log-level.js.map +1 -0
- package/dist/esm/src/handlers/events-get.js +48 -0
- package/dist/esm/src/handlers/events-get.js.map +1 -0
- package/dist/esm/src/handlers/messages-get.js +76 -0
- package/dist/esm/src/handlers/messages-get.js.map +1 -0
- package/dist/esm/src/handlers/permissions-grant.js +62 -0
- package/dist/esm/src/handlers/permissions-grant.js.map +1 -0
- package/dist/esm/src/handlers/permissions-request.js +63 -0
- package/dist/esm/src/handlers/permissions-request.js.map +1 -0
- package/dist/esm/src/handlers/permissions-revoke.js +114 -0
- package/dist/esm/src/handlers/permissions-revoke.js.map +1 -0
- package/dist/esm/src/handlers/protocols-configure.js +102 -0
- package/dist/esm/src/handlers/protocols-configure.js.map +1 -0
- package/dist/esm/src/handlers/protocols-query.js +72 -0
- package/dist/esm/src/handlers/protocols-query.js.map +1 -0
- package/dist/esm/src/handlers/records-delete.js +119 -0
- package/dist/esm/src/handlers/records-delete.js.map +1 -0
- package/dist/esm/src/handlers/records-query.js +206 -0
- package/dist/esm/src/handlers/records-query.js.map +1 -0
- package/dist/esm/src/handlers/records-read.js +118 -0
- package/dist/esm/src/handlers/records-read.js.map +1 -0
- package/dist/esm/src/handlers/records-write.js +252 -0
- package/dist/esm/src/handlers/records-write.js.map +1 -0
- package/dist/esm/src/index.js +43 -0
- package/dist/esm/src/index.js.map +1 -0
- package/dist/esm/src/interfaces/events-get.js +41 -0
- package/dist/esm/src/interfaces/events-get.js.map +1 -0
- package/dist/esm/src/interfaces/messages-get.js +58 -0
- package/dist/esm/src/interfaces/messages-get.js.map +1 -0
- package/dist/esm/src/interfaces/permissions-grant.js +130 -0
- package/dist/esm/src/interfaces/permissions-grant.js.map +1 -0
- package/dist/esm/src/interfaces/permissions-request.js +47 -0
- package/dist/esm/src/interfaces/permissions-request.js.map +1 -0
- package/dist/esm/src/interfaces/permissions-revoke.js +47 -0
- package/dist/esm/src/interfaces/permissions-revoke.js.map +1 -0
- package/dist/esm/src/interfaces/protocols-configure.js +149 -0
- package/dist/esm/src/interfaces/protocols-configure.js.map +1 -0
- package/dist/esm/src/interfaces/protocols-query.js +80 -0
- package/dist/esm/src/interfaces/protocols-query.js.map +1 -0
- package/dist/esm/src/interfaces/records-delete.js +56 -0
- package/dist/esm/src/interfaces/records-delete.js.map +1 -0
- package/dist/esm/src/interfaces/records-query.js +81 -0
- package/dist/esm/src/interfaces/records-query.js.map +1 -0
- package/dist/esm/src/interfaces/records-read.js +65 -0
- package/dist/esm/src/interfaces/records-read.js.map +1 -0
- package/dist/esm/src/interfaces/records-write.js +677 -0
- package/dist/esm/src/interfaces/records-write.js.map +1 -0
- package/dist/esm/src/jose/algorithms/signing/ed25519.js +54 -0
- package/dist/esm/src/jose/algorithms/signing/ed25519.js.map +1 -0
- package/dist/esm/src/jose/algorithms/signing/signature-algorithms.js +13 -0
- package/dist/esm/src/jose/algorithms/signing/signature-algorithms.js.map +1 -0
- package/dist/esm/src/jose/jws/general/builder.js +47 -0
- package/dist/esm/src/jose/jws/general/builder.js.map +1 -0
- package/dist/esm/src/jose/jws/general/signer.js +36 -0
- package/dist/esm/src/jose/jws/general/signer.js.map +1 -0
- package/dist/esm/src/jose/jws/general/verifier.js +97 -0
- package/dist/esm/src/jose/jws/general/verifier.js.map +1 -0
- package/dist/esm/src/schema-validator.js +28 -0
- package/dist/esm/src/schema-validator.js.map +1 -0
- package/dist/esm/src/store/blockstore-level.js +187 -0
- package/dist/esm/src/store/blockstore-level.js.map +1 -0
- package/dist/esm/src/store/data-store-level.js +192 -0
- package/dist/esm/src/store/data-store-level.js.map +1 -0
- package/dist/esm/src/store/index-level.js +302 -0
- package/dist/esm/src/store/index-level.js.map +1 -0
- package/dist/esm/src/store/level-wrapper.js +296 -0
- package/dist/esm/src/store/level-wrapper.js.map +1 -0
- package/dist/esm/src/store/message-store-level.js +236 -0
- package/dist/esm/src/store/message-store-level.js.map +1 -0
- package/dist/esm/src/store/storage-controller.js +69 -0
- package/dist/esm/src/store/storage-controller.js.map +1 -0
- package/dist/esm/src/types/cache.js +2 -0
- package/dist/esm/src/types/cache.js.map +1 -0
- package/dist/esm/src/types/data-store.js +2 -0
- package/dist/esm/src/types/data-store.js.map +1 -0
- package/dist/esm/src/types/delegated-grant-message.js +2 -0
- package/dist/esm/src/types/delegated-grant-message.js.map +1 -0
- package/dist/esm/src/types/did-types.js +2 -0
- package/dist/esm/src/types/did-types.js.map +1 -0
- package/dist/esm/src/types/event-log.js +2 -0
- package/dist/esm/src/types/event-log.js.map +1 -0
- package/dist/esm/src/types/event-types.js +2 -0
- package/dist/esm/src/types/event-types.js.map +1 -0
- package/dist/esm/src/types/jose-types.js +2 -0
- package/dist/esm/src/types/jose-types.js.map +1 -0
- package/dist/esm/src/types/jws-types.js +2 -0
- package/dist/esm/src/types/jws-types.js.map +1 -0
- package/dist/esm/src/types/message-interface.js +2 -0
- package/dist/esm/src/types/message-interface.js.map +1 -0
- package/dist/esm/src/types/message-store.js +2 -0
- package/dist/esm/src/types/message-store.js.map +1 -0
- package/dist/esm/src/types/message-types.js +6 -0
- package/dist/esm/src/types/message-types.js.map +1 -0
- package/dist/esm/src/types/messages-types.js +2 -0
- package/dist/esm/src/types/messages-types.js.map +1 -0
- package/dist/esm/src/types/method-handler.js +2 -0
- package/dist/esm/src/types/method-handler.js.map +1 -0
- package/dist/esm/src/types/permissions-grant-descriptor.js +6 -0
- package/dist/esm/src/types/permissions-grant-descriptor.js.map +1 -0
- package/dist/esm/src/types/permissions-types.js +2 -0
- package/dist/esm/src/types/permissions-types.js.map +1 -0
- package/dist/esm/src/types/protocols-types.js +15 -0
- package/dist/esm/src/types/protocols-types.js.map +1 -0
- package/dist/esm/src/types/records-types.js +8 -0
- package/dist/esm/src/types/records-types.js.map +1 -0
- package/dist/esm/src/types/signer.js +2 -0
- package/dist/esm/src/types/signer.js.map +1 -0
- package/dist/esm/src/utils/abort.js +40 -0
- package/dist/esm/src/utils/abort.js.map +1 -0
- package/dist/esm/src/utils/array.js +72 -0
- package/dist/esm/src/utils/array.js.map +1 -0
- package/dist/esm/src/utils/cid.js +130 -0
- package/dist/esm/src/utils/cid.js.map +1 -0
- package/dist/esm/src/utils/data-stream.js +88 -0
- package/dist/esm/src/utils/data-stream.js.map +1 -0
- package/dist/esm/src/utils/encoder.js +45 -0
- package/dist/esm/src/utils/encoder.js.map +1 -0
- package/dist/esm/src/utils/encryption.js +128 -0
- package/dist/esm/src/utils/encryption.js.map +1 -0
- package/dist/esm/src/utils/hd-key.js +60 -0
- package/dist/esm/src/utils/hd-key.js.map +1 -0
- package/dist/esm/src/utils/jws.js +89 -0
- package/dist/esm/src/utils/jws.js.map +1 -0
- package/dist/esm/src/utils/memory-cache.js +41 -0
- package/dist/esm/src/utils/memory-cache.js.map +1 -0
- package/dist/esm/src/utils/object.js +50 -0
- package/dist/esm/src/utils/object.js.map +1 -0
- package/dist/esm/src/utils/private-key-signer.js +43 -0
- package/dist/esm/src/utils/private-key-signer.js.map +1 -0
- package/dist/esm/src/utils/protocols.js +51 -0
- package/dist/esm/src/utils/protocols.js.map +1 -0
- package/dist/esm/src/utils/records.js +267 -0
- package/dist/esm/src/utils/records.js.map +1 -0
- package/dist/esm/src/utils/secp256k1.js +219 -0
- package/dist/esm/src/utils/secp256k1.js.map +1 -0
- package/dist/esm/src/utils/string.js +16 -0
- package/dist/esm/src/utils/string.js.map +1 -0
- package/dist/esm/src/utils/time.js +84 -0
- package/dist/esm/src/utils/time.js.map +1 -0
- package/dist/esm/src/utils/url.js +63 -0
- package/dist/esm/src/utils/url.js.map +1 -0
- package/dist/esm/tests/core/auth.spec.js +25 -0
- package/dist/esm/tests/core/auth.spec.js.map +1 -0
- package/dist/esm/tests/core/message-reply.spec.js +19 -0
- package/dist/esm/tests/core/message-reply.spec.js.map +1 -0
- package/dist/esm/tests/core/message.spec.js +85 -0
- package/dist/esm/tests/core/message.spec.js.map +1 -0
- package/dist/esm/tests/did/did-ion-resolver.spec.js +82 -0
- package/dist/esm/tests/did/did-ion-resolver.spec.js.map +1 -0
- package/dist/esm/tests/did/did-key-resolver.spec.js +74 -0
- package/dist/esm/tests/did/did-key-resolver.spec.js.map +1 -0
- package/dist/esm/tests/did/did-resolver.spec.js +84 -0
- package/dist/esm/tests/did/did-resolver.spec.js.map +1 -0
- package/dist/esm/tests/did/did.spec.js +22 -0
- package/dist/esm/tests/did/did.spec.js.map +1 -0
- package/dist/esm/tests/dwn.spec.js +252 -0
- package/dist/esm/tests/dwn.spec.js.map +1 -0
- package/dist/esm/tests/end-to-end-tests.spec.js +218 -0
- package/dist/esm/tests/end-to-end-tests.spec.js.map +1 -0
- package/dist/esm/tests/event-log/event-log-level.spec.js +137 -0
- package/dist/esm/tests/event-log/event-log-level.spec.js.map +1 -0
- package/dist/esm/tests/handlers/events-get.spec.js +108 -0
- package/dist/esm/tests/handlers/events-get.spec.js.map +1 -0
- package/dist/esm/tests/handlers/messages-get.spec.js +209 -0
- package/dist/esm/tests/handlers/messages-get.spec.js.map +1 -0
- package/dist/esm/tests/handlers/permissions-grant.spec.js +249 -0
- package/dist/esm/tests/handlers/permissions-grant.spec.js.map +1 -0
- package/dist/esm/tests/handlers/permissions-request.spec.js +132 -0
- package/dist/esm/tests/handlers/permissions-request.spec.js.map +1 -0
- package/dist/esm/tests/handlers/permissions-revoke.spec.js +311 -0
- package/dist/esm/tests/handlers/permissions-revoke.spec.js.map +1 -0
- package/dist/esm/tests/handlers/protocols-configure.spec.js +254 -0
- package/dist/esm/tests/handlers/protocols-configure.spec.js.map +1 -0
- package/dist/esm/tests/handlers/protocols-query.spec.js +373 -0
- package/dist/esm/tests/handlers/protocols-query.spec.js.map +1 -0
- package/dist/esm/tests/handlers/records-delete.spec.js +630 -0
- package/dist/esm/tests/handlers/records-delete.spec.js.map +1 -0
- package/dist/esm/tests/handlers/records-query.spec.js +1937 -0
- package/dist/esm/tests/handlers/records-query.spec.js.map +1 -0
- package/dist/esm/tests/handlers/records-read.spec.js +1729 -0
- package/dist/esm/tests/handlers/records-read.spec.js.map +1 -0
- package/dist/esm/tests/handlers/records-write.spec.js +3381 -0
- package/dist/esm/tests/handlers/records-write.spec.js.map +1 -0
- package/dist/esm/tests/interfaces/events-get.spec.js +73 -0
- package/dist/esm/tests/interfaces/events-get.spec.js.map +1 -0
- package/dist/esm/tests/interfaces/messages-get.spec.js +93 -0
- package/dist/esm/tests/interfaces/messages-get.spec.js.map +1 -0
- package/dist/esm/tests/interfaces/permissions-grant.spec.js +216 -0
- package/dist/esm/tests/interfaces/permissions-grant.spec.js.map +1 -0
- package/dist/esm/tests/interfaces/permissions-request.spec.js +45 -0
- package/dist/esm/tests/interfaces/permissions-request.spec.js.map +1 -0
- package/dist/esm/tests/interfaces/protocols-configure.spec.js +334 -0
- package/dist/esm/tests/interfaces/protocols-configure.spec.js.map +1 -0
- package/dist/esm/tests/interfaces/protocols-query.spec.js +49 -0
- package/dist/esm/tests/interfaces/protocols-query.spec.js.map +1 -0
- package/dist/esm/tests/interfaces/records-delete.spec.js +42 -0
- package/dist/esm/tests/interfaces/records-delete.spec.js.map +1 -0
- package/dist/esm/tests/interfaces/records-query.spec.js +75 -0
- package/dist/esm/tests/interfaces/records-query.spec.js.map +1 -0
- package/dist/esm/tests/interfaces/records-read.spec.js +65 -0
- package/dist/esm/tests/interfaces/records-read.spec.js.map +1 -0
- package/dist/esm/tests/interfaces/records-write.spec.js +369 -0
- package/dist/esm/tests/interfaces/records-write.spec.js.map +1 -0
- package/dist/esm/tests/jose/jws/general.spec.js +185 -0
- package/dist/esm/tests/jose/jws/general.spec.js.map +1 -0
- package/dist/esm/tests/scenarios/delegated-grant.spec.js +490 -0
- package/dist/esm/tests/scenarios/delegated-grant.spec.js.map +1 -0
- package/dist/esm/tests/scenarios/end-to-end-tests.spec.js +218 -0
- package/dist/esm/tests/scenarios/end-to-end-tests.spec.js.map +1 -0
- package/dist/esm/tests/store/data-store-level.spec.js +192 -0
- package/dist/esm/tests/store/data-store-level.spec.js.map +1 -0
- package/dist/esm/tests/store/index-level.spec.js +428 -0
- package/dist/esm/tests/store/index-level.spec.js.map +1 -0
- package/dist/esm/tests/store/message-store-level.spec.js +51 -0
- package/dist/esm/tests/store/message-store-level.spec.js.map +1 -0
- package/dist/esm/tests/store/message-store.spec.js +395 -0
- package/dist/esm/tests/store/message-store.spec.js.map +1 -0
- package/dist/esm/tests/store-dependent-tests.spec.js +8 -0
- package/dist/esm/tests/store-dependent-tests.spec.js.map +1 -0
- package/dist/esm/tests/test-stores.js +40 -0
- package/dist/esm/tests/test-stores.js.map +1 -0
- package/dist/esm/tests/test-suite.js +51 -0
- package/dist/esm/tests/test-suite.js.map +1 -0
- package/dist/esm/tests/utils/cid.spec.js +83 -0
- package/dist/esm/tests/utils/cid.spec.js.map +1 -0
- package/dist/esm/tests/utils/data-stream.spec.js +30 -0
- package/dist/esm/tests/utils/data-stream.spec.js.map +1 -0
- package/dist/esm/tests/utils/encryption.spec.js +151 -0
- package/dist/esm/tests/utils/encryption.spec.js.map +1 -0
- package/dist/esm/tests/utils/jws.spec.js +11 -0
- package/dist/esm/tests/utils/jws.spec.js.map +1 -0
- package/dist/esm/tests/utils/memory-cache.spec.js +38 -0
- package/dist/esm/tests/utils/memory-cache.spec.js.map +1 -0
- package/dist/esm/tests/utils/object.spec.js +39 -0
- package/dist/esm/tests/utils/object.spec.js.map +1 -0
- package/dist/esm/tests/utils/private-key-signer.spec.js +47 -0
- package/dist/esm/tests/utils/private-key-signer.spec.js.map +1 -0
- package/dist/esm/tests/utils/records.spec.js +56 -0
- package/dist/esm/tests/utils/records.spec.js.map +1 -0
- package/dist/esm/tests/utils/secp256k1.spec.js +77 -0
- package/dist/esm/tests/utils/secp256k1.spec.js.map +1 -0
- package/dist/esm/tests/utils/test-data-generator.js +570 -0
- package/dist/esm/tests/utils/test-data-generator.js.map +1 -0
- package/dist/esm/tests/utils/test-stub-generator.js +39 -0
- package/dist/esm/tests/utils/test-stub-generator.js.map +1 -0
- package/dist/esm/tests/utils/time.spec.js +67 -0
- package/dist/esm/tests/utils/time.spec.js.map +1 -0
- package/dist/esm/tests/utils/url.spec.js +46 -0
- package/dist/esm/tests/utils/url.spec.js.map +1 -0
- package/dist/esm/tests/validation/json-schemas/definitions.spec.js +36 -0
- package/dist/esm/tests/validation/json-schemas/definitions.spec.js.map +1 -0
- package/dist/esm/tests/validation/json-schemas/jwk/general-jwk.spec.js +53 -0
- package/dist/esm/tests/validation/json-schemas/jwk/general-jwk.spec.js.map +1 -0
- package/dist/esm/tests/validation/json-schemas/jwk/public-jwk.spec.js +39 -0
- package/dist/esm/tests/validation/json-schemas/jwk/public-jwk.spec.js.map +1 -0
- package/dist/esm/tests/validation/json-schemas/jwk-verification-method.spec.js +76 -0
- package/dist/esm/tests/validation/json-schemas/jwk-verification-method.spec.js.map +1 -0
- package/dist/esm/tests/validation/json-schemas/protocols/protocols-configure.spec.js +74 -0
- package/dist/esm/tests/validation/json-schemas/protocols/protocols-configure.spec.js.map +1 -0
- package/dist/esm/tests/validation/json-schemas/records/records-query.spec.js +151 -0
- package/dist/esm/tests/validation/json-schemas/records/records-query.spec.js.map +1 -0
- package/dist/esm/tests/validation/json-schemas/records/records-write.spec.js +389 -0
- package/dist/esm/tests/validation/json-schemas/records/records-write.spec.js.map +1 -0
- package/dist/esm/tests/vectors/protocol-definitions/anyone-collaborate.json +25 -0
- package/dist/esm/tests/vectors/protocol-definitions/author-can.json +32 -0
- package/dist/esm/tests/vectors/protocol-definitions/chat.json +56 -0
- package/dist/esm/tests/vectors/protocol-definitions/credential-issuance.json +37 -0
- package/dist/esm/tests/vectors/protocol-definitions/dex.json +52 -0
- package/dist/esm/tests/vectors/protocol-definitions/email.json +50 -0
- package/dist/esm/tests/vectors/protocol-definitions/free-for-all.json +30 -0
- package/dist/esm/tests/vectors/protocol-definitions/friend-role.json +48 -0
- package/dist/esm/tests/vectors/protocol-definitions/message.json +20 -0
- package/dist/esm/tests/vectors/protocol-definitions/minimal.json +10 -0
- package/dist/esm/tests/vectors/protocol-definitions/nested.json +31 -0
- package/dist/esm/tests/vectors/protocol-definitions/private-protocol.json +13 -0
- package/dist/esm/tests/vectors/protocol-definitions/recipient-can.json +36 -0
- package/dist/esm/tests/vectors/protocol-definitions/social-media.json +88 -0
- package/dist/esm/tests/vectors/protocol-definitions/thread-role.json +68 -0
- package/dist/types/generated/precompiled-validators.d.ts +113 -0
- package/dist/types/generated/precompiled-validators.d.ts.map +1 -0
- package/dist/types/src/core/abstract-message.d.ts +19 -0
- package/dist/types/src/core/abstract-message.d.ts.map +1 -0
- package/dist/types/src/core/auth.d.ts +30 -0
- package/dist/types/src/core/auth.d.ts.map +1 -0
- package/dist/types/src/core/dwn-constant.d.ts +8 -0
- package/dist/types/src/core/dwn-constant.d.ts.map +1 -0
- package/dist/types/src/core/dwn-error.d.ts +133 -0
- package/dist/types/src/core/dwn-error.d.ts.map +1 -0
- package/dist/types/src/core/grant-authorization.d.ts +35 -0
- package/dist/types/src/core/grant-authorization.d.ts.map +1 -0
- package/dist/types/src/core/message-reply.d.ts +33 -0
- package/dist/types/src/core/message-reply.d.ts.map +1 -0
- package/dist/types/src/core/message.d.ts +79 -0
- package/dist/types/src/core/message.d.ts.map +1 -0
- package/dist/types/src/core/protocol-authorization.d.ts +85 -0
- package/dist/types/src/core/protocol-authorization.d.ts.map +1 -0
- package/dist/types/src/core/records-grant-authorization.d.ts +38 -0
- package/dist/types/src/core/records-grant-authorization.d.ts.map +1 -0
- package/dist/types/src/core/tenant-gate.d.ts +16 -0
- package/dist/types/src/core/tenant-gate.d.ts.map +1 -0
- package/dist/types/src/did/did-dht-resolver.d.ts +26 -0
- package/dist/types/src/did/did-dht-resolver.d.ts.map +1 -0
- package/dist/types/src/did/did-ion-resolver.d.ts +20 -0
- package/dist/types/src/did/did-ion-resolver.d.ts.map +1 -0
- package/dist/types/src/did/did-key-resolver.d.ts +32 -0
- package/dist/types/src/did/did-key-resolver.d.ts.map +1 -0
- package/dist/types/src/did/did-resolver.d.ts +20 -0
- package/dist/types/src/did/did-resolver.d.ts.map +1 -0
- package/dist/types/src/did/did.d.ts +15 -0
- package/dist/types/src/did/did.d.ts.map +1 -0
- package/dist/types/src/dwn.d.ts +74 -0
- package/dist/types/src/dwn.d.ts.map +1 -0
- package/dist/types/src/enums/dwn-interface-method.d.ts +20 -0
- package/dist/types/src/enums/dwn-interface-method.d.ts.map +1 -0
- package/dist/types/src/event-log/event-log-level.d.ts +26 -0
- package/dist/types/src/event-log/event-log-level.d.ts.map +1 -0
- package/dist/types/src/handlers/events-get.d.ts +16 -0
- package/dist/types/src/handlers/events-get.d.ts.map +1 -0
- package/dist/types/src/handlers/messages-get.d.ts +18 -0
- package/dist/types/src/handlers/messages-get.d.ts.map +1 -0
- package/dist/types/src/handlers/permissions-grant.d.ts +17 -0
- package/dist/types/src/handlers/permissions-grant.d.ts.map +1 -0
- package/dist/types/src/handlers/permissions-request.d.ts +17 -0
- package/dist/types/src/handlers/permissions-request.d.ts.map +1 -0
- package/dist/types/src/handlers/permissions-revoke.d.ts +17 -0
- package/dist/types/src/handlers/permissions-revoke.d.ts.map +1 -0
- package/dist/types/src/handlers/protocols-configure.d.ts +21 -0
- package/dist/types/src/handlers/protocols-configure.d.ts.map +1 -0
- package/dist/types/src/handlers/protocols-query.d.ts +20 -0
- package/dist/types/src/handlers/protocols-query.d.ts.map +1 -0
- package/dist/types/src/handlers/records-delete.d.ts +22 -0
- package/dist/types/src/handlers/records-delete.d.ts.map +1 -0
- package/dist/types/src/handlers/records-query.d.ts +78 -0
- package/dist/types/src/handlers/records-query.d.ts.map +1 -0
- package/dist/types/src/handlers/records-read.d.ts +17 -0
- package/dist/types/src/handlers/records-read.d.ts.map +1 -0
- package/dist/types/src/handlers/records-write.d.ts +61 -0
- package/dist/types/src/handlers/records-write.d.ts.map +1 -0
- package/dist/types/src/index.d.ts +72 -0
- package/dist/types/src/index.d.ts.map +1 -0
- package/dist/types/src/interfaces/events-get.d.ts +13 -0
- package/dist/types/src/interfaces/events-get.d.ts.map +1 -0
- package/dist/types/src/interfaces/messages-get.d.ts +19 -0
- package/dist/types/src/interfaces/messages-get.d.ts.map +1 -0
- package/dist/types/src/interfaces/permissions-grant.d.ts +59 -0
- package/dist/types/src/interfaces/permissions-grant.d.ts.map +1 -0
- package/dist/types/src/interfaces/permissions-request.d.ts +19 -0
- package/dist/types/src/interfaces/permissions-request.d.ts.map +1 -0
- package/dist/types/src/interfaces/permissions-revoke.d.ts +14 -0
- package/dist/types/src/interfaces/permissions-revoke.d.ts.map +1 -0
- package/dist/types/src/interfaces/protocols-configure.d.ts +21 -0
- package/dist/types/src/interfaces/protocols-configure.d.ts.map +1 -0
- package/dist/types/src/interfaces/protocols-query.d.ts +17 -0
- package/dist/types/src/interfaces/protocols-query.d.ts.map +1 -0
- package/dist/types/src/interfaces/records-delete.d.ts +24 -0
- package/dist/types/src/interfaces/records-delete.d.ts.map +1 -0
- package/dist/types/src/interfaces/records-query.d.ts +29 -0
- package/dist/types/src/interfaces/records-query.d.ts.map +1 -0
- package/dist/types/src/interfaces/records-read.d.ts +31 -0
- package/dist/types/src/interfaces/records-read.d.ts.map +1 -0
- package/dist/types/src/interfaces/records-write.d.ts +259 -0
- package/dist/types/src/interfaces/records-write.d.ts.map +1 -0
- package/dist/types/src/jose/algorithms/signing/ed25519.d.ts +3 -0
- package/dist/types/src/jose/algorithms/signing/ed25519.d.ts.map +1 -0
- package/dist/types/src/jose/algorithms/signing/signature-algorithms.d.ts +3 -0
- package/dist/types/src/jose/algorithms/signing/signature-algorithms.d.ts.map +1 -0
- package/dist/types/src/jose/jws/general/builder.d.ts +10 -0
- package/dist/types/src/jose/jws/general/builder.d.ts.map +1 -0
- package/dist/types/src/jose/jws/general/signer.d.ts +8 -0
- package/dist/types/src/jose/jws/general/signer.d.ts.map +1 -0
- package/dist/types/src/jose/jws/general/verifier.d.ts +32 -0
- package/dist/types/src/jose/jws/general/verifier.d.ts.map +1 -0
- package/dist/types/src/schema-validator.d.ts +8 -0
- package/dist/types/src/schema-validator.d.ts.map +1 -0
- package/dist/types/src/store/blockstore-level.d.ts +35 -0
- package/dist/types/src/store/blockstore-level.d.ts.map +1 -0
- package/dist/types/src/store/data-store-level.d.ts +44 -0
- package/dist/types/src/store/data-store-level.d.ts.map +1 -0
- package/dist/types/src/store/index-level.d.ts +69 -0
- package/dist/types/src/store/index-level.d.ts.map +1 -0
- package/dist/types/src/store/level-wrapper.d.ts +44 -0
- package/dist/types/src/store/level-wrapper.d.ts.map +1 -0
- package/dist/types/src/store/message-store-level.d.ts +70 -0
- package/dist/types/src/store/message-store-level.d.ts.map +1 -0
- package/dist/types/src/store/storage-controller.d.ts +19 -0
- package/dist/types/src/store/storage-controller.d.ts.map +1 -0
- package/dist/types/src/types/cache.d.ts +16 -0
- package/dist/types/src/types/cache.d.ts.map +1 -0
- package/dist/types/src/types/data-store.d.ts +69 -0
- package/dist/types/src/types/data-store.d.ts.map +1 -0
- package/dist/types/src/types/delegated-grant-message.d.ts +14 -0
- package/dist/types/src/types/delegated-grant-message.d.ts.map +1 -0
- package/dist/types/src/types/did-types.d.ts +68 -0
- package/dist/types/src/types/did-types.d.ts.map +1 -0
- package/dist/types/src/types/event-log.d.ts +39 -0
- package/dist/types/src/types/event-log.d.ts.map +1 -0
- package/dist/types/src/types/event-types.d.ts +18 -0
- package/dist/types/src/types/event-types.d.ts.map +1 -0
- package/dist/types/src/types/jose-types.d.ts +75 -0
- package/dist/types/src/types/jose-types.d.ts.map +1 -0
- package/dist/types/src/types/jws-types.d.ts +27 -0
- package/dist/types/src/types/jws-types.d.ts.map +1 -0
- package/dist/types/src/types/message-interface.d.ts +22 -0
- package/dist/types/src/types/message-interface.d.ts.map +1 -0
- package/dist/types/src/types/message-store.d.ts +43 -0
- package/dist/types/src/types/message-store.d.ts.map +1 -0
- package/dist/types/src/types/message-types.d.ts +113 -0
- package/dist/types/src/types/message-types.d.ts.map +1 -0
- package/dist/types/src/types/messages-types.d.ts +23 -0
- package/dist/types/src/types/messages-types.d.ts.map +1 -0
- package/dist/types/src/types/method-handler.d.ts +17 -0
- package/dist/types/src/types/method-handler.d.ts.map +1 -0
- package/dist/types/src/types/permissions-grant-descriptor.d.ts +65 -0
- package/dist/types/src/types/permissions-grant-descriptor.d.ts.map +1 -0
- package/dist/types/src/types/permissions-types.d.ts +33 -0
- package/dist/types/src/types/permissions-types.d.ts.map +1 -0
- package/dist/types/src/types/protocols-types.d.ts +138 -0
- package/dist/types/src/types/protocols-types.d.ts.map +1 -0
- package/dist/types/src/types/records-types.d.ts +164 -0
- package/dist/types/src/types/records-types.d.ts.map +1 -0
- package/dist/types/src/types/signer.d.ts +26 -0
- package/dist/types/src/types/signer.d.ts.map +1 -0
- package/dist/types/src/utils/abort.d.ts +5 -0
- package/dist/types/src/utils/abort.d.ts.map +1 -0
- package/dist/types/src/utils/array.d.ts +18 -0
- package/dist/types/src/utils/array.d.ts.map +1 -0
- package/dist/types/src/utils/cid.d.ts +30 -0
- package/dist/types/src/utils/cid.d.ts.map +1 -0
- package/dist/types/src/utils/data-stream.d.ts +27 -0
- package/dist/types/src/utils/data-stream.d.ts.map +1 -0
- package/dist/types/src/utils/encoder.d.ts +14 -0
- package/dist/types/src/utils/encoder.d.ts.map +1 -0
- package/dist/types/src/utils/encryption.d.ts +44 -0
- package/dist/types/src/utils/encryption.d.ts.map +1 -0
- package/dist/types/src/utils/hd-key.d.ts +35 -0
- package/dist/types/src/utils/hd-key.d.ts.map +1 -0
- package/dist/types/src/utils/jws.d.ts +39 -0
- package/dist/types/src/utils/jws.d.ts.map +1 -0
- package/dist/types/src/utils/memory-cache.d.ts +15 -0
- package/dist/types/src/utils/memory-cache.d.ts.map +1 -0
- package/dist/types/src/utils/object.d.ts +18 -0
- package/dist/types/src/utils/object.d.ts.map +1 -0
- package/dist/types/src/utils/private-key-signer.d.ts +34 -0
- package/dist/types/src/utils/private-key-signer.d.ts.map +1 -0
- package/dist/types/src/utils/protocols.d.ts +14 -0
- package/dist/types/src/utils/protocols.d.ts.map +1 -0
- package/dist/types/src/utils/records.d.ts +68 -0
- package/dist/types/src/utils/records.d.ts.map +1 -0
- package/dist/types/src/utils/secp256k1.d.ts +78 -0
- package/dist/types/src/utils/secp256k1.d.ts.map +1 -0
- package/dist/types/src/utils/string.d.ts +6 -0
- package/dist/types/src/utils/string.d.ts.map +1 -0
- package/dist/types/src/utils/time.d.ts +49 -0
- package/dist/types/src/utils/time.d.ts.map +1 -0
- package/dist/types/src/utils/url.d.ts +5 -0
- package/dist/types/src/utils/url.d.ts.map +1 -0
- package/dist/types/tests/core/auth.spec.d.ts +2 -0
- package/dist/types/tests/core/auth.spec.d.ts.map +1 -0
- package/dist/types/tests/core/message-reply.spec.d.ts +2 -0
- package/dist/types/tests/core/message-reply.spec.d.ts.map +1 -0
- package/dist/types/tests/core/message.spec.d.ts +2 -0
- package/dist/types/tests/core/message.spec.d.ts.map +1 -0
- package/dist/types/tests/did/did-ion-resolver.spec.d.ts +2 -0
- package/dist/types/tests/did/did-ion-resolver.spec.d.ts.map +1 -0
- package/dist/types/tests/did/did-key-resolver.spec.d.ts +2 -0
- package/dist/types/tests/did/did-key-resolver.spec.d.ts.map +1 -0
- package/dist/types/tests/did/did-resolver.spec.d.ts +2 -0
- package/dist/types/tests/did/did-resolver.spec.d.ts.map +1 -0
- package/dist/types/tests/did/did.spec.d.ts +2 -0
- package/dist/types/tests/did/did.spec.d.ts.map +1 -0
- package/dist/types/tests/dwn.spec.d.ts +2 -0
- package/dist/types/tests/dwn.spec.d.ts.map +1 -0
- package/dist/types/tests/end-to-end-tests.spec.d.ts +2 -0
- package/dist/types/tests/end-to-end-tests.spec.d.ts.map +1 -0
- package/dist/types/tests/event-log/event-log-level.spec.d.ts +2 -0
- package/dist/types/tests/event-log/event-log-level.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/events-get.spec.d.ts +2 -0
- package/dist/types/tests/handlers/events-get.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/messages-get.spec.d.ts +2 -0
- package/dist/types/tests/handlers/messages-get.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/permissions-grant.spec.d.ts +2 -0
- package/dist/types/tests/handlers/permissions-grant.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/permissions-request.spec.d.ts +2 -0
- package/dist/types/tests/handlers/permissions-request.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/permissions-revoke.spec.d.ts +2 -0
- package/dist/types/tests/handlers/permissions-revoke.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/protocols-configure.spec.d.ts +2 -0
- package/dist/types/tests/handlers/protocols-configure.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/protocols-query.spec.d.ts +2 -0
- package/dist/types/tests/handlers/protocols-query.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/records-delete.spec.d.ts +2 -0
- package/dist/types/tests/handlers/records-delete.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/records-query.spec.d.ts +2 -0
- package/dist/types/tests/handlers/records-query.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/records-read.spec.d.ts +2 -0
- package/dist/types/tests/handlers/records-read.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/records-write.spec.d.ts +2 -0
- package/dist/types/tests/handlers/records-write.spec.d.ts.map +1 -0
- package/dist/types/tests/interfaces/events-get.spec.d.ts +2 -0
- package/dist/types/tests/interfaces/events-get.spec.d.ts.map +1 -0
- package/dist/types/tests/interfaces/messages-get.spec.d.ts +2 -0
- package/dist/types/tests/interfaces/messages-get.spec.d.ts.map +1 -0
- package/dist/types/tests/interfaces/permissions-grant.spec.d.ts +2 -0
- package/dist/types/tests/interfaces/permissions-grant.spec.d.ts.map +1 -0
- package/dist/types/tests/interfaces/permissions-request.spec.d.ts +2 -0
- package/dist/types/tests/interfaces/permissions-request.spec.d.ts.map +1 -0
- package/dist/types/tests/interfaces/protocols-configure.spec.d.ts +2 -0
- package/dist/types/tests/interfaces/protocols-configure.spec.d.ts.map +1 -0
- package/dist/types/tests/interfaces/protocols-query.spec.d.ts +2 -0
- package/dist/types/tests/interfaces/protocols-query.spec.d.ts.map +1 -0
- package/dist/types/tests/interfaces/records-delete.spec.d.ts +2 -0
- package/dist/types/tests/interfaces/records-delete.spec.d.ts.map +1 -0
- package/dist/types/tests/interfaces/records-query.spec.d.ts +2 -0
- package/dist/types/tests/interfaces/records-query.spec.d.ts.map +1 -0
- package/dist/types/tests/interfaces/records-read.spec.d.ts +2 -0
- package/dist/types/tests/interfaces/records-read.spec.d.ts.map +1 -0
- package/dist/types/tests/interfaces/records-write.spec.d.ts +2 -0
- package/dist/types/tests/interfaces/records-write.spec.d.ts.map +1 -0
- package/dist/types/tests/jose/jws/general.spec.d.ts +2 -0
- package/dist/types/tests/jose/jws/general.spec.d.ts.map +1 -0
- package/dist/types/tests/scenarios/delegated-grant.spec.d.ts +2 -0
- package/dist/types/tests/scenarios/delegated-grant.spec.d.ts.map +1 -0
- package/dist/types/tests/scenarios/end-to-end-tests.spec.d.ts +2 -0
- package/dist/types/tests/scenarios/end-to-end-tests.spec.d.ts.map +1 -0
- package/dist/types/tests/store/data-store-level.spec.d.ts +2 -0
- package/dist/types/tests/store/data-store-level.spec.d.ts.map +1 -0
- package/dist/types/tests/store/index-level.spec.d.ts +2 -0
- package/dist/types/tests/store/index-level.spec.d.ts.map +1 -0
- package/dist/types/tests/store/message-store-level.spec.d.ts +2 -0
- package/dist/types/tests/store/message-store-level.spec.d.ts.map +1 -0
- package/dist/types/tests/store/message-store.spec.d.ts +2 -0
- package/dist/types/tests/store/message-store.spec.d.ts.map +1 -0
- package/dist/types/tests/store-dependent-tests.spec.d.ts +2 -0
- package/dist/types/tests/store-dependent-tests.spec.d.ts.map +1 -0
- package/dist/types/tests/test-stores.d.ts +30 -0
- package/dist/types/tests/test-stores.d.ts.map +1 -0
- package/dist/types/tests/test-suite.d.ts +16 -0
- package/dist/types/tests/test-suite.d.ts.map +1 -0
- package/dist/types/tests/utils/cid.spec.d.ts +2 -0
- package/dist/types/tests/utils/cid.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/data-stream.spec.d.ts +2 -0
- package/dist/types/tests/utils/data-stream.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/encryption.spec.d.ts +2 -0
- package/dist/types/tests/utils/encryption.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/jws.spec.d.ts +2 -0
- package/dist/types/tests/utils/jws.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/memory-cache.spec.d.ts +2 -0
- package/dist/types/tests/utils/memory-cache.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/object.spec.d.ts +2 -0
- package/dist/types/tests/utils/object.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/private-key-signer.spec.d.ts +2 -0
- package/dist/types/tests/utils/private-key-signer.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/records.spec.d.ts +2 -0
- package/dist/types/tests/utils/records.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/secp256k1.spec.d.ts +2 -0
- package/dist/types/tests/utils/secp256k1.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/test-data-generator.d.ts +323 -0
- package/dist/types/tests/utils/test-data-generator.d.ts.map +1 -0
- package/dist/types/tests/utils/test-stub-generator.d.ts +16 -0
- package/dist/types/tests/utils/test-stub-generator.d.ts.map +1 -0
- package/dist/types/tests/utils/time.spec.d.ts +2 -0
- package/dist/types/tests/utils/time.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/url.spec.d.ts +2 -0
- package/dist/types/tests/utils/url.spec.d.ts.map +1 -0
- package/dist/types/tests/validation/json-schemas/definitions.spec.d.ts +2 -0
- package/dist/types/tests/validation/json-schemas/definitions.spec.d.ts.map +1 -0
- package/dist/types/tests/validation/json-schemas/jwk/general-jwk.spec.d.ts +2 -0
- package/dist/types/tests/validation/json-schemas/jwk/general-jwk.spec.d.ts.map +1 -0
- package/dist/types/tests/validation/json-schemas/jwk/public-jwk.spec.d.ts +2 -0
- package/dist/types/tests/validation/json-schemas/jwk/public-jwk.spec.d.ts.map +1 -0
- package/dist/types/tests/validation/json-schemas/jwk-verification-method.spec.d.ts +2 -0
- package/dist/types/tests/validation/json-schemas/jwk-verification-method.spec.d.ts.map +1 -0
- package/dist/types/tests/validation/json-schemas/protocols/protocols-configure.spec.d.ts +2 -0
- package/dist/types/tests/validation/json-schemas/protocols/protocols-configure.spec.d.ts.map +1 -0
- package/dist/types/tests/validation/json-schemas/records/records-query.spec.d.ts +2 -0
- package/dist/types/tests/validation/json-schemas/records/records-query.spec.d.ts.map +1 -0
- package/dist/types/tests/validation/json-schemas/records/records-write.spec.d.ts +2 -0
- package/dist/types/tests/validation/json-schemas/records/records-write.spec.d.ts.map +1 -0
- package/package.json +156 -0
- package/src/core/abstract-message.ts +48 -0
- package/src/core/auth.ts +108 -0
- package/src/core/dwn-constant.ts +7 -0
- package/src/core/dwn-error.ts +136 -0
- package/src/core/grant-authorization.ts +163 -0
- package/src/core/message-reply.ts +42 -0
- package/src/core/message.ts +224 -0
- package/src/core/protocol-authorization.ts +691 -0
- package/src/core/records-grant-authorization.ts +167 -0
- package/src/core/tenant-gate.ts +18 -0
- package/src/did/did-dht-resolver.ts +241 -0
- package/src/did/did-ion-resolver.ts +52 -0
- package/src/did/did-key-resolver.ts +137 -0
- package/src/did/did-resolver.ts +77 -0
- package/src/did/did.ts +39 -0
- package/src/dwn.ts +213 -0
- package/src/enums/dwn-interface-method.ts +20 -0
- package/src/event-log/event-log-level.ts +116 -0
- package/src/handlers/events-get.ts +46 -0
- package/src/handlers/messages-get.ts +80 -0
- package/src/handlers/permissions-grant.ts +52 -0
- package/src/handlers/permissions-request.ts +54 -0
- package/src/handlers/permissions-revoke.ts +121 -0
- package/src/handlers/protocols-configure.ts +104 -0
- package/src/handlers/protocols-query.ts +81 -0
- package/src/handlers/records-delete.ts +139 -0
- package/src/handlers/records-query.ts +253 -0
- package/src/handlers/records-read.ts +127 -0
- package/src/handlers/records-write.ts +296 -0
- package/src/index.ts +81 -0
- package/src/interfaces/events-get.ts +43 -0
- package/src/interfaces/messages-get.ts +59 -0
- package/src/interfaces/permissions-grant.ts +175 -0
- package/src/interfaces/permissions-request.ts +55 -0
- package/src/interfaces/permissions-revoke.ts +46 -0
- package/src/interfaces/protocols-configure.ts +188 -0
- package/src/interfaces/protocols-query.ts +99 -0
- package/src/interfaces/records-delete.ts +67 -0
- package/src/interfaces/records-query.ts +100 -0
- package/src/interfaces/records-read.ts +82 -0
- package/src/interfaces/records-write.ts +924 -0
- package/src/jose/algorithms/signing/ed25519.ts +61 -0
- package/src/jose/algorithms/signing/signature-algorithms.ts +15 -0
- package/src/jose/jws/general/builder.ts +48 -0
- package/src/jose/jws/general/signer.ts +29 -0
- package/src/jose/jws/general/verifier.ts +113 -0
- package/src/schema-validator.ts +34 -0
- package/src/store/blockstore-level.ts +113 -0
- package/src/store/data-store-level.ts +188 -0
- package/src/store/index-level.ts +306 -0
- package/src/store/level-wrapper.ts +262 -0
- package/src/store/message-store-level.ts +284 -0
- package/src/store/storage-controller.ts +80 -0
- package/src/types/cache.ts +16 -0
- package/src/types/data-store.ts +78 -0
- package/src/types/delegated-grant-message.ts +15 -0
- package/src/types/did-types.ts +95 -0
- package/src/types/event-log.ts +46 -0
- package/src/types/event-types.ts +20 -0
- package/src/types/jose-types.ts +76 -0
- package/src/types/jws-types.ts +28 -0
- package/src/types/message-interface.ts +24 -0
- package/src/types/message-store.ts +56 -0
- package/src/types/message-types.ts +115 -0
- package/src/types/messages-types.ts +26 -0
- package/src/types/method-handler.ts +17 -0
- package/src/types/permissions-grant-descriptor.ts +79 -0
- package/src/types/permissions-types.ts +42 -0
- package/src/types/protocols-types.ts +154 -0
- package/src/types/records-types.ts +184 -0
- package/src/types/signer.ts +27 -0
- package/src/utils/abort.ts +31 -0
- package/src/utils/array.ts +39 -0
- package/src/utils/cid.ts +101 -0
- package/src/utils/data-stream.ts +85 -0
- package/src/utils/encoder.ts +54 -0
- package/src/utils/encryption.ts +145 -0
- package/src/utils/hd-key.ts +58 -0
- package/src/utils/jws.ts +95 -0
- package/src/utils/memory-cache.ts +31 -0
- package/src/utils/object.ts +55 -0
- package/src/utils/private-key-signer.ts +72 -0
- package/src/utils/protocols.ts +50 -0
- package/src/utils/records.ts +326 -0
- package/src/utils/secp256k1.ts +209 -0
- package/src/utils/string.ts +13 -0
- package/src/utils/time.ts +77 -0
- package/src/utils/url.ts +66 -0
|
@@ -0,0 +1,691 @@
|
|
|
1
|
+
import type { Filter } from '../types/message-types.js';
|
|
2
|
+
import type { MessageStore } from '../types/message-store.js';
|
|
3
|
+
import type { RecordsDelete } from '../interfaces/records-delete.js';
|
|
4
|
+
import type { RecordsQuery } from '../interfaces/records-query.js';
|
|
5
|
+
import type { RecordsRead } from '../interfaces/records-read.js';
|
|
6
|
+
import type { RecordsWriteMessage } from '../types/records-types.js';
|
|
7
|
+
import type { ProtocolActionRule, ProtocolDefinition, ProtocolRuleSet, ProtocolsConfigureMessage, ProtocolType, ProtocolTypes } from '../types/protocols-types.js';
|
|
8
|
+
|
|
9
|
+
import { RecordsWrite } from '../interfaces/records-write.js';
|
|
10
|
+
import { DwnError, DwnErrorCode } from './dwn-error.js';
|
|
11
|
+
import { DwnInterfaceName, DwnMethodName } from '../enums/dwn-interface-method.js';
|
|
12
|
+
import { ProtocolAction, ProtocolActor } from '../types/protocols-types.js';
|
|
13
|
+
|
|
14
|
+
export class ProtocolAuthorization {
|
|
15
|
+
|
|
16
|
+
/**
|
|
17
|
+
* Performs validation on the structure of RecordsWrite messages that use a protocol.
|
|
18
|
+
* @throws {Error} if validation fails.
|
|
19
|
+
*/
|
|
20
|
+
public static async validateReferentialIntegrity(
|
|
21
|
+
tenant: string,
|
|
22
|
+
incomingMessage: RecordsWrite,
|
|
23
|
+
messageStore: MessageStore,
|
|
24
|
+
): Promise<void> {
|
|
25
|
+
// fetch the protocol definition
|
|
26
|
+
const protocolDefinition = await ProtocolAuthorization.fetchProtocolDefinition(
|
|
27
|
+
tenant,
|
|
28
|
+
incomingMessage.message.descriptor.protocol!,
|
|
29
|
+
messageStore,
|
|
30
|
+
);
|
|
31
|
+
|
|
32
|
+
// verify declared protocol type exists in protocol and that it conforms to type specification
|
|
33
|
+
ProtocolAuthorization.verifyType(
|
|
34
|
+
incomingMessage.message,
|
|
35
|
+
protocolDefinition.types
|
|
36
|
+
);
|
|
37
|
+
|
|
38
|
+
// validate `protocolPath`
|
|
39
|
+
await ProtocolAuthorization.verifyProtocolPath(
|
|
40
|
+
tenant,
|
|
41
|
+
incomingMessage,
|
|
42
|
+
messageStore,
|
|
43
|
+
);
|
|
44
|
+
|
|
45
|
+
// get the rule set for the inbound message
|
|
46
|
+
const inboundMessageRuleSet = ProtocolAuthorization.getRuleSet(
|
|
47
|
+
incomingMessage.message.descriptor.protocolPath!,
|
|
48
|
+
protocolDefinition,
|
|
49
|
+
);
|
|
50
|
+
|
|
51
|
+
// If the incoming message is writing a $globalRole record, validate that the recipient is unique
|
|
52
|
+
await ProtocolAuthorization.verifyUniqueRoleRecipient(
|
|
53
|
+
tenant,
|
|
54
|
+
incomingMessage,
|
|
55
|
+
inboundMessageRuleSet,
|
|
56
|
+
messageStore,
|
|
57
|
+
);
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
/**
|
|
61
|
+
* Performs protocol-based authorization against the incoming RecordsWrite message.
|
|
62
|
+
* @throws {Error} if authorization fails.
|
|
63
|
+
*/
|
|
64
|
+
public static async authorizeWrite(
|
|
65
|
+
tenant: string,
|
|
66
|
+
incomingMessage: RecordsWrite,
|
|
67
|
+
messageStore: MessageStore,
|
|
68
|
+
): Promise<void> {
|
|
69
|
+
// fetch ancestor message chain
|
|
70
|
+
const ancestorMessageChain: RecordsWriteMessage[] =
|
|
71
|
+
await ProtocolAuthorization.constructAncestorMessageChain(tenant, incomingMessage, incomingMessage, messageStore);
|
|
72
|
+
|
|
73
|
+
// fetch the protocol definition
|
|
74
|
+
const protocolDefinition = await ProtocolAuthorization.fetchProtocolDefinition(
|
|
75
|
+
tenant,
|
|
76
|
+
incomingMessage.message.descriptor.protocol!,
|
|
77
|
+
messageStore,
|
|
78
|
+
);
|
|
79
|
+
|
|
80
|
+
// get the rule set for the inbound message
|
|
81
|
+
const inboundMessageRuleSet = ProtocolAuthorization.getRuleSet(
|
|
82
|
+
incomingMessage.message.descriptor.protocolPath!,
|
|
83
|
+
protocolDefinition,
|
|
84
|
+
);
|
|
85
|
+
|
|
86
|
+
// If the incoming message has `protocolRole` in the descriptor, validate the invoked role
|
|
87
|
+
await ProtocolAuthorization.verifyInvokedRole(
|
|
88
|
+
tenant,
|
|
89
|
+
incomingMessage,
|
|
90
|
+
incomingMessage.message.descriptor.protocol!,
|
|
91
|
+
incomingMessage.message.contextId!,
|
|
92
|
+
protocolDefinition,
|
|
93
|
+
messageStore,
|
|
94
|
+
);
|
|
95
|
+
|
|
96
|
+
// verify method invoked against the allowed actions
|
|
97
|
+
await ProtocolAuthorization.verifyAllowedActions(
|
|
98
|
+
tenant,
|
|
99
|
+
incomingMessage,
|
|
100
|
+
inboundMessageRuleSet,
|
|
101
|
+
ancestorMessageChain,
|
|
102
|
+
messageStore,
|
|
103
|
+
);
|
|
104
|
+
}
|
|
105
|
+
|
|
106
|
+
/**
|
|
107
|
+
* Performs protocol-based authorization against the incoming RecordsRead message.
|
|
108
|
+
* @param newestRecordsWrite Either the incomingMessage itself if the incoming is a RecordsWrite,
|
|
109
|
+
* or the latest RecordsWrite associated with the recordId being read.
|
|
110
|
+
* @throws {Error} if authorization fails.
|
|
111
|
+
*/
|
|
112
|
+
public static async authorizeRead(
|
|
113
|
+
tenant: string,
|
|
114
|
+
incomingMessage: RecordsRead,
|
|
115
|
+
newestRecordsWrite: RecordsWrite,
|
|
116
|
+
messageStore: MessageStore,
|
|
117
|
+
): Promise<void> {
|
|
118
|
+
// fetch ancestor message chain
|
|
119
|
+
const ancestorMessageChain: RecordsWriteMessage[] =
|
|
120
|
+
await ProtocolAuthorization.constructAncestorMessageChain(tenant, incomingMessage, newestRecordsWrite, messageStore);
|
|
121
|
+
|
|
122
|
+
// fetch the protocol definition
|
|
123
|
+
const protocolDefinition = await ProtocolAuthorization.fetchProtocolDefinition(
|
|
124
|
+
tenant,
|
|
125
|
+
newestRecordsWrite.message.descriptor.protocol!,
|
|
126
|
+
messageStore,
|
|
127
|
+
);
|
|
128
|
+
|
|
129
|
+
// get the rule set for the inbound message
|
|
130
|
+
const inboundMessageRuleSet = ProtocolAuthorization.getRuleSet(
|
|
131
|
+
newestRecordsWrite.message.descriptor.protocolPath!,
|
|
132
|
+
protocolDefinition,
|
|
133
|
+
);
|
|
134
|
+
|
|
135
|
+
// If the incoming message has `protocolRole` in the descriptor, validate the invoked role
|
|
136
|
+
await ProtocolAuthorization.verifyInvokedRole(
|
|
137
|
+
tenant,
|
|
138
|
+
incomingMessage,
|
|
139
|
+
newestRecordsWrite.message.descriptor.protocol!,
|
|
140
|
+
newestRecordsWrite.message.contextId!,
|
|
141
|
+
protocolDefinition,
|
|
142
|
+
messageStore,
|
|
143
|
+
);
|
|
144
|
+
|
|
145
|
+
// verify method invoked against the allowed actions
|
|
146
|
+
await ProtocolAuthorization.verifyAllowedActions(
|
|
147
|
+
tenant,
|
|
148
|
+
incomingMessage,
|
|
149
|
+
inboundMessageRuleSet,
|
|
150
|
+
ancestorMessageChain,
|
|
151
|
+
messageStore,
|
|
152
|
+
);
|
|
153
|
+
}
|
|
154
|
+
|
|
155
|
+
/**
|
|
156
|
+
* Performs protocol-based authorization against the incoming RecordsQuery message.
|
|
157
|
+
* @throws {Error} if authorization fails.
|
|
158
|
+
*/
|
|
159
|
+
public static async authorizeQuery(
|
|
160
|
+
tenant: string,
|
|
161
|
+
incomingMessage: RecordsQuery,
|
|
162
|
+
messageStore: MessageStore,
|
|
163
|
+
): Promise<void> {
|
|
164
|
+
// validate that required properties exist in query filter
|
|
165
|
+
const { protocol, protocolPath, contextId } = incomingMessage.message.descriptor.filter;
|
|
166
|
+
|
|
167
|
+
// fetch the protocol definition
|
|
168
|
+
const protocolDefinition = await ProtocolAuthorization.fetchProtocolDefinition(
|
|
169
|
+
tenant,
|
|
170
|
+
protocol!, // authorizeQuery` is only called if `protocol` is present
|
|
171
|
+
messageStore,
|
|
172
|
+
);
|
|
173
|
+
|
|
174
|
+
// get the rule set for the inbound message
|
|
175
|
+
const inboundMessageRuleSet = ProtocolAuthorization.getRuleSet(
|
|
176
|
+
protocolPath!, // presence of `protocolPath` is verified in `parse()`
|
|
177
|
+
protocolDefinition,
|
|
178
|
+
);
|
|
179
|
+
|
|
180
|
+
// If the incoming message has `protocolRole` in the descriptor, validate the invoked role
|
|
181
|
+
await ProtocolAuthorization.verifyInvokedRole(
|
|
182
|
+
tenant,
|
|
183
|
+
incomingMessage,
|
|
184
|
+
protocol!,
|
|
185
|
+
contextId,
|
|
186
|
+
protocolDefinition,
|
|
187
|
+
messageStore,
|
|
188
|
+
);
|
|
189
|
+
|
|
190
|
+
// verify method invoked against the allowed actions
|
|
191
|
+
await ProtocolAuthorization.verifyAllowedActions(
|
|
192
|
+
tenant,
|
|
193
|
+
incomingMessage,
|
|
194
|
+
inboundMessageRuleSet,
|
|
195
|
+
[], // ancestor chain is not relevant to queries
|
|
196
|
+
messageStore,
|
|
197
|
+
);
|
|
198
|
+
}
|
|
199
|
+
|
|
200
|
+
public static async authorizeDelete(
|
|
201
|
+
tenant: string,
|
|
202
|
+
incomingMessage: RecordsDelete,
|
|
203
|
+
newestRecordsWrite: RecordsWrite,
|
|
204
|
+
messageStore: MessageStore,
|
|
205
|
+
): Promise<void> {
|
|
206
|
+
|
|
207
|
+
// fetch ancestor message chain
|
|
208
|
+
const ancestorMessageChain: RecordsWriteMessage[] =
|
|
209
|
+
await ProtocolAuthorization.constructAncestorMessageChain(tenant, incomingMessage, newestRecordsWrite, messageStore);
|
|
210
|
+
|
|
211
|
+
// fetch the protocol definition
|
|
212
|
+
const protocolDefinition = await ProtocolAuthorization.fetchProtocolDefinition(
|
|
213
|
+
tenant,
|
|
214
|
+
newestRecordsWrite.message.descriptor.protocol!,
|
|
215
|
+
messageStore,
|
|
216
|
+
);
|
|
217
|
+
|
|
218
|
+
// get the rule set for the inbound message
|
|
219
|
+
const inboundMessageRuleSet = ProtocolAuthorization.getRuleSet(
|
|
220
|
+
newestRecordsWrite.message.descriptor.protocolPath!,
|
|
221
|
+
protocolDefinition,
|
|
222
|
+
);
|
|
223
|
+
|
|
224
|
+
// If the incoming message has `protocolRole` in the descriptor, validate the invoked role
|
|
225
|
+
await ProtocolAuthorization.verifyInvokedRole(
|
|
226
|
+
tenant,
|
|
227
|
+
incomingMessage,
|
|
228
|
+
newestRecordsWrite.message.descriptor.protocol!,
|
|
229
|
+
newestRecordsWrite.message.contextId!,
|
|
230
|
+
protocolDefinition,
|
|
231
|
+
messageStore,
|
|
232
|
+
);
|
|
233
|
+
|
|
234
|
+
// verify method invoked against the allowed actions
|
|
235
|
+
await ProtocolAuthorization.verifyAllowedActions(
|
|
236
|
+
tenant,
|
|
237
|
+
incomingMessage,
|
|
238
|
+
inboundMessageRuleSet,
|
|
239
|
+
ancestorMessageChain,
|
|
240
|
+
messageStore,
|
|
241
|
+
);
|
|
242
|
+
|
|
243
|
+
}
|
|
244
|
+
|
|
245
|
+
/**
|
|
246
|
+
* Fetches the protocol definition based on the protocol specified in the given message.
|
|
247
|
+
*/
|
|
248
|
+
private static async fetchProtocolDefinition(
|
|
249
|
+
tenant: string,
|
|
250
|
+
protocolUri: string,
|
|
251
|
+
messageStore: MessageStore
|
|
252
|
+
): Promise<ProtocolDefinition> {
|
|
253
|
+
// fetch the corresponding protocol definition
|
|
254
|
+
const query: Filter = {
|
|
255
|
+
interface : DwnInterfaceName.Protocols,
|
|
256
|
+
method : DwnMethodName.Configure,
|
|
257
|
+
protocol : protocolUri
|
|
258
|
+
};
|
|
259
|
+
const { messages: protocols } = await messageStore.query(tenant, [query]);
|
|
260
|
+
|
|
261
|
+
if (protocols.length === 0) {
|
|
262
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationProtocolNotFound, `unable to find protocol definition for ${protocolUri}`);
|
|
263
|
+
}
|
|
264
|
+
|
|
265
|
+
const protocolMessage = protocols[0] as ProtocolsConfigureMessage;
|
|
266
|
+
return protocolMessage.descriptor.definition;
|
|
267
|
+
}
|
|
268
|
+
|
|
269
|
+
/**
|
|
270
|
+
* Constructs a chain of ancestor messages
|
|
271
|
+
* @param newestRecordsWrite The newest RecordsWrite associated with the recordId being written.
|
|
272
|
+
* This will be the incoming RecordsWrite itself if the incoming message is a RecordsWrite.
|
|
273
|
+
* @returns the ancestor chain of messages where the first element is the root of the chain; returns empty array if no parent is specified.
|
|
274
|
+
*/
|
|
275
|
+
private static async constructAncestorMessageChain(
|
|
276
|
+
tenant: string,
|
|
277
|
+
incomingMessage: RecordsDelete | RecordsRead | RecordsWrite,
|
|
278
|
+
newestRecordsWrite: RecordsWrite,
|
|
279
|
+
messageStore: MessageStore
|
|
280
|
+
)
|
|
281
|
+
: Promise<RecordsWriteMessage[]> {
|
|
282
|
+
const ancestorMessageChain: RecordsWriteMessage[] = [];
|
|
283
|
+
|
|
284
|
+
if (incomingMessage.message.descriptor.method !== DwnMethodName.Write) {
|
|
285
|
+
// Unless inboundMessage is a Write, recordsWrite is also an ancestor message
|
|
286
|
+
ancestorMessageChain.push(newestRecordsWrite.message);
|
|
287
|
+
}
|
|
288
|
+
|
|
289
|
+
const protocol = newestRecordsWrite.message.descriptor.protocol!;
|
|
290
|
+
const contextId = newestRecordsWrite.message.contextId!;
|
|
291
|
+
|
|
292
|
+
// keep walking up the chain from the inbound message's parent, until there is no more parent
|
|
293
|
+
let currentParentId = newestRecordsWrite.message.descriptor.parentId;
|
|
294
|
+
while (currentParentId !== undefined) {
|
|
295
|
+
// fetch parent
|
|
296
|
+
const query: Filter = {
|
|
297
|
+
interface : DwnInterfaceName.Records,
|
|
298
|
+
method : DwnMethodName.Write,
|
|
299
|
+
protocol,
|
|
300
|
+
contextId,
|
|
301
|
+
recordId : currentParentId
|
|
302
|
+
};
|
|
303
|
+
const { messages: parentMessages } = await messageStore.query(tenant, [query]);
|
|
304
|
+
|
|
305
|
+
// We already check the immediate parent in `verifyProtocolPath`, so if it triggers,
|
|
306
|
+
// it means a bug that caused an invalid message to be saved to the DWN.
|
|
307
|
+
if (parentMessages.length === 0) {
|
|
308
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationParentNotFound, `no parent found with ID ${currentParentId}`);
|
|
309
|
+
}
|
|
310
|
+
|
|
311
|
+
const parent = parentMessages[0] as RecordsWriteMessage;
|
|
312
|
+
ancestorMessageChain.push(parent);
|
|
313
|
+
|
|
314
|
+
currentParentId = parent.descriptor.parentId;
|
|
315
|
+
}
|
|
316
|
+
|
|
317
|
+
return ancestorMessageChain.reverse(); // root ancestor first
|
|
318
|
+
}
|
|
319
|
+
|
|
320
|
+
/**
|
|
321
|
+
* Gets the rule set corresponding to the given message chain.
|
|
322
|
+
*/
|
|
323
|
+
private static getRuleSet(
|
|
324
|
+
protocolPath: string,
|
|
325
|
+
protocolDefinition: ProtocolDefinition,
|
|
326
|
+
): ProtocolRuleSet {
|
|
327
|
+
const ruleSet = ProtocolAuthorization.getRuleSetAtProtocolPath(protocolPath, protocolDefinition);
|
|
328
|
+
if (ruleSet === undefined) {
|
|
329
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationMissingRuleSet,
|
|
330
|
+
`No rule set defined for protocolPath ${protocolPath}`);
|
|
331
|
+
}
|
|
332
|
+
return ruleSet;
|
|
333
|
+
}
|
|
334
|
+
|
|
335
|
+
/**
|
|
336
|
+
* Verifies the `protocolPath` declared in the given message (if it is a RecordsWrite) matches the path of actual ancestor chain.
|
|
337
|
+
* @throws {DwnError} if fails verification.
|
|
338
|
+
*/
|
|
339
|
+
private static async verifyProtocolPath(
|
|
340
|
+
tenant: string,
|
|
341
|
+
inboundMessage: RecordsWrite,
|
|
342
|
+
messageStore: MessageStore
|
|
343
|
+
): Promise<void> {
|
|
344
|
+
const declaredProtocolPath = inboundMessage.message.descriptor.protocolPath!;
|
|
345
|
+
const declaredTypeName = ProtocolAuthorization.getTypeName(declaredProtocolPath);
|
|
346
|
+
|
|
347
|
+
const parentId = inboundMessage.message.descriptor.parentId;
|
|
348
|
+
if (parentId === undefined) {
|
|
349
|
+
if (declaredProtocolPath !== declaredTypeName) {
|
|
350
|
+
throw new DwnError(
|
|
351
|
+
DwnErrorCode.ProtocolAuthorizationParentlessIncorrectProtocolPath,
|
|
352
|
+
`Declared protocol path '${declaredProtocolPath}' is not valid for records with no parentId'.`
|
|
353
|
+
);
|
|
354
|
+
}
|
|
355
|
+
} else {
|
|
356
|
+
const protocol = inboundMessage.message.descriptor.protocol!;
|
|
357
|
+
const contextId = inboundMessage.message.contextId!;
|
|
358
|
+
const query: Filter = {
|
|
359
|
+
interface : DwnInterfaceName.Records,
|
|
360
|
+
method : DwnMethodName.Write,
|
|
361
|
+
protocol,
|
|
362
|
+
contextId,
|
|
363
|
+
recordId : parentId
|
|
364
|
+
};
|
|
365
|
+
const { messages: parentMessages } = await messageStore.query(tenant, [query]);
|
|
366
|
+
const parentProtocolPath = (parentMessages as RecordsWriteMessage[])[0]?.descriptor?.protocolPath;
|
|
367
|
+
const actualProtocolPath = `${parentProtocolPath}/${declaredTypeName}`;
|
|
368
|
+
if (parentProtocolPath === undefined || actualProtocolPath !== declaredProtocolPath) {
|
|
369
|
+
throw new DwnError(
|
|
370
|
+
DwnErrorCode.ProtocolAuthorizationIncorrectProtocolPath,
|
|
371
|
+
`Could not find matching parent record to verify declared protocol path '${declaredProtocolPath}'.`
|
|
372
|
+
);
|
|
373
|
+
}
|
|
374
|
+
}
|
|
375
|
+
}
|
|
376
|
+
|
|
377
|
+
/**
|
|
378
|
+
* Verifies the `dataFormat` and `schema` declared in the given message (if it is a RecordsWrite) matches dataFormat
|
|
379
|
+
* and schema of the type in the given protocol.
|
|
380
|
+
* @throws {DwnError} if fails verification.
|
|
381
|
+
*/
|
|
382
|
+
private static verifyType(
|
|
383
|
+
inboundMessage: RecordsWriteMessage,
|
|
384
|
+
protocolTypes: ProtocolTypes,
|
|
385
|
+
): void {
|
|
386
|
+
|
|
387
|
+
const typeNames = Object.keys(protocolTypes);
|
|
388
|
+
const declaredProtocolPath = inboundMessage.descriptor.protocolPath!;
|
|
389
|
+
const declaredTypeName = ProtocolAuthorization.getTypeName(declaredProtocolPath);
|
|
390
|
+
if (!typeNames.includes(declaredTypeName)) {
|
|
391
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationInvalidType,
|
|
392
|
+
`record with type ${declaredTypeName} not allowed in protocol`);
|
|
393
|
+
}
|
|
394
|
+
|
|
395
|
+
const protocolPath = inboundMessage.descriptor.protocolPath!;
|
|
396
|
+
// existence of `protocolType` has already been verified
|
|
397
|
+
const typeName = ProtocolAuthorization.getTypeName(protocolPath);
|
|
398
|
+
const protocolType: ProtocolType = protocolTypes[typeName];
|
|
399
|
+
|
|
400
|
+
// no `schema` specified in protocol definition means that any schema is allowed
|
|
401
|
+
const { schema } = inboundMessage.descriptor;
|
|
402
|
+
if (protocolType.schema !== undefined && protocolType.schema !== schema) {
|
|
403
|
+
throw new DwnError(
|
|
404
|
+
DwnErrorCode.ProtocolAuthorizationInvalidSchema,
|
|
405
|
+
`type '${typeName}' must have schema '${protocolType.schema}', \
|
|
406
|
+
instead has '${schema}'`
|
|
407
|
+
);
|
|
408
|
+
}
|
|
409
|
+
|
|
410
|
+
// no `dataFormats` specified in protocol definition means that all dataFormats are allowed
|
|
411
|
+
const { dataFormat } = inboundMessage.descriptor;
|
|
412
|
+
if (protocolType.dataFormats !== undefined && !protocolType.dataFormats.includes(dataFormat)) {
|
|
413
|
+
throw new DwnError(
|
|
414
|
+
DwnErrorCode.ProtocolAuthorizationIncorrectDataFormat,
|
|
415
|
+
`type '${typeName}' must have data format in (${protocolType.dataFormats}), \
|
|
416
|
+
instead has '${dataFormat}'`
|
|
417
|
+
);
|
|
418
|
+
}
|
|
419
|
+
}
|
|
420
|
+
|
|
421
|
+
/**
|
|
422
|
+
* Check if the incoming message is invoking a role. If so, validate the invoked role.
|
|
423
|
+
*/
|
|
424
|
+
private static async verifyInvokedRole(
|
|
425
|
+
tenant: string,
|
|
426
|
+
incomingMessage: RecordsDelete | RecordsQuery | RecordsRead | RecordsWrite,
|
|
427
|
+
protocolUri: string,
|
|
428
|
+
contextId: string | undefined,
|
|
429
|
+
protocolDefinition: ProtocolDefinition,
|
|
430
|
+
messageStore: MessageStore,
|
|
431
|
+
): Promise<void> {
|
|
432
|
+
const protocolRole = incomingMessage.signaturePayload?.protocolRole;
|
|
433
|
+
|
|
434
|
+
// Only verify role if there is a role being invoked
|
|
435
|
+
if (protocolRole === undefined) {
|
|
436
|
+
return;
|
|
437
|
+
}
|
|
438
|
+
|
|
439
|
+
const roleRuleSet = ProtocolAuthorization.getRuleSetAtProtocolPath(protocolRole, protocolDefinition);
|
|
440
|
+
if (roleRuleSet === undefined || (!roleRuleSet.$globalRole && !roleRuleSet.$contextRole)) {
|
|
441
|
+
throw new DwnError(
|
|
442
|
+
DwnErrorCode.ProtocolAuthorizationNotARole,
|
|
443
|
+
`Protocol path ${protocolRole} is not a valid protocolRole`
|
|
444
|
+
);
|
|
445
|
+
}
|
|
446
|
+
|
|
447
|
+
const roleRecordFilter: Filter = {
|
|
448
|
+
interface : DwnInterfaceName.Records,
|
|
449
|
+
method : DwnMethodName.Write,
|
|
450
|
+
protocol : protocolUri,
|
|
451
|
+
protocolPath : protocolRole,
|
|
452
|
+
recipient : incomingMessage.author!,
|
|
453
|
+
isLatestBaseState : true,
|
|
454
|
+
};
|
|
455
|
+
|
|
456
|
+
if (roleRuleSet.$contextRole) {
|
|
457
|
+
if (contextId === undefined) {
|
|
458
|
+
throw new DwnError(
|
|
459
|
+
DwnErrorCode.ProtocolAuthorizationMissingContextId,
|
|
460
|
+
'Could not verify $contextRole because contextId is missing'
|
|
461
|
+
);
|
|
462
|
+
}
|
|
463
|
+
roleRecordFilter.contextId = contextId;
|
|
464
|
+
}
|
|
465
|
+
|
|
466
|
+
const { messages: matchingMessages } = await messageStore.query(tenant, [roleRecordFilter]);
|
|
467
|
+
|
|
468
|
+
if (matchingMessages.length === 0) {
|
|
469
|
+
throw new DwnError(
|
|
470
|
+
DwnErrorCode.ProtocolAuthorizationMissingRole,
|
|
471
|
+
`No matching role found for protocol path ${protocolRole}`
|
|
472
|
+
);
|
|
473
|
+
}
|
|
474
|
+
}
|
|
475
|
+
|
|
476
|
+
/**
|
|
477
|
+
* Returns a list of ProtocolAction(s) based on the incoming message, one of which must be allowed for the message to be authorized.
|
|
478
|
+
* NOTE: the reason why there could be multiple actions is because in case of an "update" RecordsWrite by the original record author,
|
|
479
|
+
* the RecordsWrite can either be authorized by a `write` or `update` allow rule. It is important to recognize that the `write` access that allowed
|
|
480
|
+
* the original record author to create the record maybe revoked (e.g. by role revocation) by the time an "update" by the same author is attempted.
|
|
481
|
+
*/
|
|
482
|
+
private static async getActionsSeekingARuleMatch(
|
|
483
|
+
tenant: string,
|
|
484
|
+
incomingMessage: RecordsDelete | RecordsQuery | RecordsRead | RecordsWrite,
|
|
485
|
+
messageStore: MessageStore,
|
|
486
|
+
): Promise<ProtocolAction[]> {
|
|
487
|
+
|
|
488
|
+
switch (incomingMessage.message.descriptor.method) {
|
|
489
|
+
case DwnMethodName.Delete:
|
|
490
|
+
return [ProtocolAction.Delete];
|
|
491
|
+
|
|
492
|
+
case DwnMethodName.Query:
|
|
493
|
+
return [ProtocolAction.Query];
|
|
494
|
+
|
|
495
|
+
case DwnMethodName.Read:
|
|
496
|
+
return [ProtocolAction.Read];
|
|
497
|
+
|
|
498
|
+
case DwnMethodName.Write:
|
|
499
|
+
const incomingRecordsWrite = incomingMessage as RecordsWrite;
|
|
500
|
+
if (await incomingRecordsWrite.isInitialWrite()) {
|
|
501
|
+
// only 'write' allows initial RecordsWrites; 'update' only applies to subsequent RecordsWrites
|
|
502
|
+
return [ProtocolAction.Write];
|
|
503
|
+
} else if (await incomingRecordsWrite.isAuthoredByInitialRecordAuthor(tenant, messageStore)) {
|
|
504
|
+
// Both 'update' and 'write' authorize the incoming message
|
|
505
|
+
return [ProtocolAction.Write, ProtocolAction.Update];
|
|
506
|
+
} else {
|
|
507
|
+
// Actors other than the initial record author must be authorized to 'update' the message
|
|
508
|
+
return [ProtocolAction.Update];
|
|
509
|
+
}
|
|
510
|
+
|
|
511
|
+
// default:
|
|
512
|
+
// not reachable in typescript
|
|
513
|
+
}
|
|
514
|
+
}
|
|
515
|
+
|
|
516
|
+
/**
|
|
517
|
+
* Verifies the action (e.g. read/write) specified in the given message matches the allowed actions in the rule set.
|
|
518
|
+
* @throws {Error} if action not allowed.
|
|
519
|
+
*/
|
|
520
|
+
private static async verifyAllowedActions(
|
|
521
|
+
tenant: string,
|
|
522
|
+
incomingMessage: RecordsDelete | RecordsQuery | RecordsRead | RecordsWrite,
|
|
523
|
+
inboundMessageRuleSet: ProtocolRuleSet,
|
|
524
|
+
ancestorMessageChain: RecordsWriteMessage[],
|
|
525
|
+
messageStore: MessageStore,
|
|
526
|
+
): Promise<void> {
|
|
527
|
+
const incomingMessageMethod = incomingMessage.message.descriptor.method;
|
|
528
|
+
const inboundMessageActions = await ProtocolAuthorization.getActionsSeekingARuleMatch(tenant, incomingMessage, messageStore);
|
|
529
|
+
const author = incomingMessage.author;
|
|
530
|
+
const actionRules = inboundMessageRuleSet.$actions;
|
|
531
|
+
|
|
532
|
+
// We have already checked that the message is not from tenant, owner, or permissionsGrant
|
|
533
|
+
if (actionRules === undefined) {
|
|
534
|
+
throw new DwnError(
|
|
535
|
+
DwnErrorCode.ProtocolAuthorizationActionRulesNotFound,
|
|
536
|
+
`no action rule defined for ${incomingMessageMethod}, ${author} is unauthorized`
|
|
537
|
+
);
|
|
538
|
+
}
|
|
539
|
+
|
|
540
|
+
const invokedRole = incomingMessage.signaturePayload?.protocolRole;
|
|
541
|
+
|
|
542
|
+
for (const actionRule of actionRules) {
|
|
543
|
+
if (!inboundMessageActions.includes(actionRule.can as ProtocolAction)) {
|
|
544
|
+
continue;
|
|
545
|
+
}
|
|
546
|
+
|
|
547
|
+
if (invokedRole !== undefined) {
|
|
548
|
+
// When a protocol role is being invoked, we require that there is a matching `role` rule.
|
|
549
|
+
if (actionRule.role === invokedRole) {
|
|
550
|
+
// role is successfully invoked
|
|
551
|
+
return;
|
|
552
|
+
} else {
|
|
553
|
+
continue;
|
|
554
|
+
}
|
|
555
|
+
} else if (actionRule.who === ProtocolActor.Recipient && actionRule.of === undefined && author !== undefined) {
|
|
556
|
+
// Author must be recipient of the record being accessed
|
|
557
|
+
let recordsWriteMessage: RecordsWriteMessage;
|
|
558
|
+
if (incomingMessage.message.descriptor.method === DwnMethodName.Write) {
|
|
559
|
+
recordsWriteMessage = incomingMessage.message as RecordsWriteMessage;
|
|
560
|
+
} else {
|
|
561
|
+
// else the incoming message must be a RecordsDelete because only `update` and `delete` are allowed recipient actions
|
|
562
|
+
recordsWriteMessage = ancestorMessageChain[ancestorMessageChain.length - 1];
|
|
563
|
+
}
|
|
564
|
+
if (recordsWriteMessage.descriptor.recipient === author) {
|
|
565
|
+
return;
|
|
566
|
+
}
|
|
567
|
+
} else if (actionRule.who === ProtocolActor.Anyone) {
|
|
568
|
+
return;
|
|
569
|
+
} else if (author === undefined) {
|
|
570
|
+
continue;
|
|
571
|
+
}
|
|
572
|
+
|
|
573
|
+
const ancestorRuleSuccess: boolean = await ProtocolAuthorization.checkActor(author, actionRule, ancestorMessageChain);
|
|
574
|
+
if (ancestorRuleSuccess) {
|
|
575
|
+
return;
|
|
576
|
+
}
|
|
577
|
+
}
|
|
578
|
+
|
|
579
|
+
// No action rules were satisfied, author is not authorized
|
|
580
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationActionNotAllowed, `inbound message action not allowed for author`);
|
|
581
|
+
}
|
|
582
|
+
|
|
583
|
+
/**
|
|
584
|
+
* Verifies that writes to a $globalRole or $contextRole record do not have the same recipient as an existing RecordsWrite
|
|
585
|
+
* to the same $globalRole or the same $contextRole in the same context.
|
|
586
|
+
*/
|
|
587
|
+
private static async verifyUniqueRoleRecipient(
|
|
588
|
+
tenant: string,
|
|
589
|
+
incomingMessage: RecordsWrite,
|
|
590
|
+
inboundMessageRuleSet: ProtocolRuleSet,
|
|
591
|
+
messageStore: MessageStore,
|
|
592
|
+
): Promise<void> {
|
|
593
|
+
const incomingRecordsWrite = incomingMessage as RecordsWrite;
|
|
594
|
+
if (!inboundMessageRuleSet.$globalRole && !inboundMessageRuleSet.$contextRole) {
|
|
595
|
+
return;
|
|
596
|
+
}
|
|
597
|
+
|
|
598
|
+
const recipient = incomingRecordsWrite.message.descriptor.recipient;
|
|
599
|
+
if (recipient === undefined) {
|
|
600
|
+
throw new DwnError(
|
|
601
|
+
DwnErrorCode.ProtocolAuthorizationRoleMissingRecipient,
|
|
602
|
+
'Role records must have a recipient'
|
|
603
|
+
);
|
|
604
|
+
}
|
|
605
|
+
const protocolPath = incomingRecordsWrite.message.descriptor.protocolPath!;
|
|
606
|
+
const filter: Filter = {
|
|
607
|
+
interface : DwnInterfaceName.Records,
|
|
608
|
+
method : DwnMethodName.Write,
|
|
609
|
+
isLatestBaseState : true,
|
|
610
|
+
protocol : incomingRecordsWrite.message.descriptor.protocol!,
|
|
611
|
+
protocolPath,
|
|
612
|
+
recipient,
|
|
613
|
+
};
|
|
614
|
+
if (inboundMessageRuleSet.$contextRole) {
|
|
615
|
+
filter.contextId = incomingRecordsWrite.message.contextId!;
|
|
616
|
+
}
|
|
617
|
+
const { messages: matchingMessages } = await messageStore.query(tenant, [filter]);
|
|
618
|
+
const matchingRecords = matchingMessages as RecordsWriteMessage[];
|
|
619
|
+
const matchingRecordsExceptIncomingRecordId = matchingRecords.filter((recordsWriteMessage) =>
|
|
620
|
+
recordsWriteMessage.recordId !== incomingRecordsWrite.message.recordId
|
|
621
|
+
);
|
|
622
|
+
if (matchingRecordsExceptIncomingRecordId.length > 0) {
|
|
623
|
+
if (inboundMessageRuleSet.$globalRole) {
|
|
624
|
+
throw new DwnError(
|
|
625
|
+
DwnErrorCode.ProtocolAuthorizationDuplicateGlobalRoleRecipient,
|
|
626
|
+
`DID '${recipient}' is already recipient of a $globalRole record at protocol path '${protocolPath}`
|
|
627
|
+
);
|
|
628
|
+
} else {
|
|
629
|
+
// $contextRole
|
|
630
|
+
throw new DwnError(
|
|
631
|
+
DwnErrorCode.ProtocolAuthorizationDuplicateContextRoleRecipient,
|
|
632
|
+
`DID '${recipient}' is already recipient of a $contextRole record at protocol path '${protocolPath} in the same context`
|
|
633
|
+
);
|
|
634
|
+
}
|
|
635
|
+
}
|
|
636
|
+
}
|
|
637
|
+
|
|
638
|
+
private static getRuleSetAtProtocolPath(protocolPath: string, protocolDefinition: ProtocolDefinition): ProtocolRuleSet | undefined {
|
|
639
|
+
const protocolPathArray = protocolPath.split('/');
|
|
640
|
+
let currentRuleSet: ProtocolRuleSet = protocolDefinition.structure;
|
|
641
|
+
let i = 0;
|
|
642
|
+
while (i < protocolPathArray.length) {
|
|
643
|
+
const currentTypeName = protocolPathArray[i];
|
|
644
|
+
const nextRuleSet: ProtocolRuleSet | undefined = currentRuleSet[currentTypeName];
|
|
645
|
+
|
|
646
|
+
if (nextRuleSet === undefined) {
|
|
647
|
+
return undefined;
|
|
648
|
+
}
|
|
649
|
+
|
|
650
|
+
currentRuleSet = nextRuleSet;
|
|
651
|
+
i++;
|
|
652
|
+
}
|
|
653
|
+
|
|
654
|
+
return currentRuleSet;
|
|
655
|
+
}
|
|
656
|
+
|
|
657
|
+
/**
|
|
658
|
+
* Checks if there is a record in the ancestor chain matching the `who: 'author' | 'recipient'` action rule.
|
|
659
|
+
* @returns true if the action rule is satisfied. false otherwise
|
|
660
|
+
*/
|
|
661
|
+
private static async checkActor(
|
|
662
|
+
author: string,
|
|
663
|
+
actionRule: ProtocolActionRule,
|
|
664
|
+
ancestorMessageChain: RecordsWriteMessage[],
|
|
665
|
+
): Promise<boolean> {
|
|
666
|
+
// Iterate up the ancestor chain to find a message with matching protocolPath
|
|
667
|
+
const ancestorRecordsWrite = ancestorMessageChain.find((recordsWriteMessage) =>
|
|
668
|
+
recordsWriteMessage.descriptor.protocolPath === actionRule.of!
|
|
669
|
+
);
|
|
670
|
+
|
|
671
|
+
// If this is reached, there is likely an issue with the protocol definition.
|
|
672
|
+
// The protocolPath to the actionRule should start with actionRule.of
|
|
673
|
+
// consider moving this check to ProtocolsConfigure message ingestion
|
|
674
|
+
if (ancestorRecordsWrite === undefined) {
|
|
675
|
+
return false;
|
|
676
|
+
}
|
|
677
|
+
|
|
678
|
+
if (actionRule.who === ProtocolActor.Recipient) {
|
|
679
|
+
// Recipient of ancestor message must be the author of the incoming message
|
|
680
|
+
return author === ancestorRecordsWrite.descriptor.recipient;
|
|
681
|
+
} else { // actionRule.who === ProtocolActor.Author
|
|
682
|
+
// Author of ancestor message must be the author of the incoming message
|
|
683
|
+
const ancestorAuthor = (await RecordsWrite.parse(ancestorRecordsWrite)).author;
|
|
684
|
+
return author === ancestorAuthor;
|
|
685
|
+
}
|
|
686
|
+
}
|
|
687
|
+
|
|
688
|
+
private static getTypeName(protocolPath: string): string {
|
|
689
|
+
return protocolPath.split('/').slice(-1)[0];
|
|
690
|
+
}
|
|
691
|
+
}
|