@abaxxtech/id 0.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +201 -0
- package/README.md +31 -0
- package/README.npm.md +31 -0
- package/dist/bundles/dwn.js +83 -0
- package/dist/cjs/index.js +31250 -0
- package/dist/cjs/package.json +1 -0
- package/dist/esm/generated/precompiled-validators.js +7820 -0
- package/dist/esm/generated/precompiled-validators.js.map +1 -0
- package/dist/esm/json-schemas/definitions.json +23 -0
- package/dist/esm/src/core/abstract-message.js +37 -0
- package/dist/esm/src/core/abstract-message.js.map +1 -0
- package/dist/esm/src/core/auth.js +97 -0
- package/dist/esm/src/core/auth.js.map +1 -0
- package/dist/esm/src/core/dwn-constant.js +8 -0
- package/dist/esm/src/core/dwn-constant.js.map +1 -0
- package/dist/esm/src/core/dwn-error.js +138 -0
- package/dist/esm/src/core/dwn-error.js.map +1 -0
- package/dist/esm/src/core/grant-authorization.js +108 -0
- package/dist/esm/src/core/grant-authorization.js.map +1 -0
- package/dist/esm/src/core/message-reply.js +5 -0
- package/dist/esm/src/core/message-reply.js.map +1 -0
- package/dist/esm/src/core/message.js +200 -0
- package/dist/esm/src/core/message.js.map +1 -0
- package/dist/esm/src/core/protocol-authorization.js +449 -0
- package/dist/esm/src/core/protocol-authorization.js.map +1 -0
- package/dist/esm/src/core/records-grant-authorization.js +106 -0
- package/dist/esm/src/core/records-grant-authorization.js.map +1 -0
- package/dist/esm/src/core/tenant-gate.js +20 -0
- package/dist/esm/src/core/tenant-gate.js.map +1 -0
- package/dist/esm/src/did/did-dht-resolver.js +241 -0
- package/dist/esm/src/did/did-dht-resolver.js.map +1 -0
- package/dist/esm/src/did/did-ion-resolver.js +53 -0
- package/dist/esm/src/did/did-ion-resolver.js.map +1 -0
- package/dist/esm/src/did/did-key-resolver.js +135 -0
- package/dist/esm/src/did/did-key-resolver.js.map +1 -0
- package/dist/esm/src/did/did-resolver.js +70 -0
- package/dist/esm/src/did/did-resolver.js.map +1 -0
- package/dist/esm/src/did/did.js +36 -0
- package/dist/esm/src/did/did.js.map +1 -0
- package/dist/esm/src/dwn.js +164 -0
- package/dist/esm/src/dwn.js.map +1 -0
- package/dist/esm/src/enums/dwn-interface-method.js +22 -0
- package/dist/esm/src/enums/dwn-interface-method.js.map +1 -0
- package/dist/esm/src/event-log/event-log-level.js +112 -0
- package/dist/esm/src/event-log/event-log-level.js.map +1 -0
- package/dist/esm/src/handlers/events-get.js +48 -0
- package/dist/esm/src/handlers/events-get.js.map +1 -0
- package/dist/esm/src/handlers/messages-get.js +76 -0
- package/dist/esm/src/handlers/messages-get.js.map +1 -0
- package/dist/esm/src/handlers/permissions-grant.js +62 -0
- package/dist/esm/src/handlers/permissions-grant.js.map +1 -0
- package/dist/esm/src/handlers/permissions-request.js +63 -0
- package/dist/esm/src/handlers/permissions-request.js.map +1 -0
- package/dist/esm/src/handlers/permissions-revoke.js +114 -0
- package/dist/esm/src/handlers/permissions-revoke.js.map +1 -0
- package/dist/esm/src/handlers/protocols-configure.js +102 -0
- package/dist/esm/src/handlers/protocols-configure.js.map +1 -0
- package/dist/esm/src/handlers/protocols-query.js +72 -0
- package/dist/esm/src/handlers/protocols-query.js.map +1 -0
- package/dist/esm/src/handlers/records-delete.js +119 -0
- package/dist/esm/src/handlers/records-delete.js.map +1 -0
- package/dist/esm/src/handlers/records-query.js +206 -0
- package/dist/esm/src/handlers/records-query.js.map +1 -0
- package/dist/esm/src/handlers/records-read.js +118 -0
- package/dist/esm/src/handlers/records-read.js.map +1 -0
- package/dist/esm/src/handlers/records-write.js +252 -0
- package/dist/esm/src/handlers/records-write.js.map +1 -0
- package/dist/esm/src/index.js +43 -0
- package/dist/esm/src/index.js.map +1 -0
- package/dist/esm/src/interfaces/events-get.js +41 -0
- package/dist/esm/src/interfaces/events-get.js.map +1 -0
- package/dist/esm/src/interfaces/messages-get.js +58 -0
- package/dist/esm/src/interfaces/messages-get.js.map +1 -0
- package/dist/esm/src/interfaces/permissions-grant.js +130 -0
- package/dist/esm/src/interfaces/permissions-grant.js.map +1 -0
- package/dist/esm/src/interfaces/permissions-request.js +47 -0
- package/dist/esm/src/interfaces/permissions-request.js.map +1 -0
- package/dist/esm/src/interfaces/permissions-revoke.js +47 -0
- package/dist/esm/src/interfaces/permissions-revoke.js.map +1 -0
- package/dist/esm/src/interfaces/protocols-configure.js +149 -0
- package/dist/esm/src/interfaces/protocols-configure.js.map +1 -0
- package/dist/esm/src/interfaces/protocols-query.js +80 -0
- package/dist/esm/src/interfaces/protocols-query.js.map +1 -0
- package/dist/esm/src/interfaces/records-delete.js +56 -0
- package/dist/esm/src/interfaces/records-delete.js.map +1 -0
- package/dist/esm/src/interfaces/records-query.js +81 -0
- package/dist/esm/src/interfaces/records-query.js.map +1 -0
- package/dist/esm/src/interfaces/records-read.js +65 -0
- package/dist/esm/src/interfaces/records-read.js.map +1 -0
- package/dist/esm/src/interfaces/records-write.js +677 -0
- package/dist/esm/src/interfaces/records-write.js.map +1 -0
- package/dist/esm/src/jose/algorithms/signing/ed25519.js +54 -0
- package/dist/esm/src/jose/algorithms/signing/ed25519.js.map +1 -0
- package/dist/esm/src/jose/algorithms/signing/signature-algorithms.js +13 -0
- package/dist/esm/src/jose/algorithms/signing/signature-algorithms.js.map +1 -0
- package/dist/esm/src/jose/jws/general/builder.js +47 -0
- package/dist/esm/src/jose/jws/general/builder.js.map +1 -0
- package/dist/esm/src/jose/jws/general/signer.js +36 -0
- package/dist/esm/src/jose/jws/general/signer.js.map +1 -0
- package/dist/esm/src/jose/jws/general/verifier.js +97 -0
- package/dist/esm/src/jose/jws/general/verifier.js.map +1 -0
- package/dist/esm/src/schema-validator.js +28 -0
- package/dist/esm/src/schema-validator.js.map +1 -0
- package/dist/esm/src/store/blockstore-level.js +187 -0
- package/dist/esm/src/store/blockstore-level.js.map +1 -0
- package/dist/esm/src/store/data-store-level.js +192 -0
- package/dist/esm/src/store/data-store-level.js.map +1 -0
- package/dist/esm/src/store/index-level.js +302 -0
- package/dist/esm/src/store/index-level.js.map +1 -0
- package/dist/esm/src/store/level-wrapper.js +296 -0
- package/dist/esm/src/store/level-wrapper.js.map +1 -0
- package/dist/esm/src/store/message-store-level.js +236 -0
- package/dist/esm/src/store/message-store-level.js.map +1 -0
- package/dist/esm/src/store/storage-controller.js +69 -0
- package/dist/esm/src/store/storage-controller.js.map +1 -0
- package/dist/esm/src/types/cache.js +2 -0
- package/dist/esm/src/types/cache.js.map +1 -0
- package/dist/esm/src/types/data-store.js +2 -0
- package/dist/esm/src/types/data-store.js.map +1 -0
- package/dist/esm/src/types/delegated-grant-message.js +2 -0
- package/dist/esm/src/types/delegated-grant-message.js.map +1 -0
- package/dist/esm/src/types/did-types.js +2 -0
- package/dist/esm/src/types/did-types.js.map +1 -0
- package/dist/esm/src/types/event-log.js +2 -0
- package/dist/esm/src/types/event-log.js.map +1 -0
- package/dist/esm/src/types/event-types.js +2 -0
- package/dist/esm/src/types/event-types.js.map +1 -0
- package/dist/esm/src/types/jose-types.js +2 -0
- package/dist/esm/src/types/jose-types.js.map +1 -0
- package/dist/esm/src/types/jws-types.js +2 -0
- package/dist/esm/src/types/jws-types.js.map +1 -0
- package/dist/esm/src/types/message-interface.js +2 -0
- package/dist/esm/src/types/message-interface.js.map +1 -0
- package/dist/esm/src/types/message-store.js +2 -0
- package/dist/esm/src/types/message-store.js.map +1 -0
- package/dist/esm/src/types/message-types.js +6 -0
- package/dist/esm/src/types/message-types.js.map +1 -0
- package/dist/esm/src/types/messages-types.js +2 -0
- package/dist/esm/src/types/messages-types.js.map +1 -0
- package/dist/esm/src/types/method-handler.js +2 -0
- package/dist/esm/src/types/method-handler.js.map +1 -0
- package/dist/esm/src/types/permissions-grant-descriptor.js +6 -0
- package/dist/esm/src/types/permissions-grant-descriptor.js.map +1 -0
- package/dist/esm/src/types/permissions-types.js +2 -0
- package/dist/esm/src/types/permissions-types.js.map +1 -0
- package/dist/esm/src/types/protocols-types.js +15 -0
- package/dist/esm/src/types/protocols-types.js.map +1 -0
- package/dist/esm/src/types/records-types.js +8 -0
- package/dist/esm/src/types/records-types.js.map +1 -0
- package/dist/esm/src/types/signer.js +2 -0
- package/dist/esm/src/types/signer.js.map +1 -0
- package/dist/esm/src/utils/abort.js +40 -0
- package/dist/esm/src/utils/abort.js.map +1 -0
- package/dist/esm/src/utils/array.js +72 -0
- package/dist/esm/src/utils/array.js.map +1 -0
- package/dist/esm/src/utils/cid.js +130 -0
- package/dist/esm/src/utils/cid.js.map +1 -0
- package/dist/esm/src/utils/data-stream.js +88 -0
- package/dist/esm/src/utils/data-stream.js.map +1 -0
- package/dist/esm/src/utils/encoder.js +45 -0
- package/dist/esm/src/utils/encoder.js.map +1 -0
- package/dist/esm/src/utils/encryption.js +128 -0
- package/dist/esm/src/utils/encryption.js.map +1 -0
- package/dist/esm/src/utils/hd-key.js +60 -0
- package/dist/esm/src/utils/hd-key.js.map +1 -0
- package/dist/esm/src/utils/jws.js +89 -0
- package/dist/esm/src/utils/jws.js.map +1 -0
- package/dist/esm/src/utils/memory-cache.js +41 -0
- package/dist/esm/src/utils/memory-cache.js.map +1 -0
- package/dist/esm/src/utils/object.js +50 -0
- package/dist/esm/src/utils/object.js.map +1 -0
- package/dist/esm/src/utils/private-key-signer.js +43 -0
- package/dist/esm/src/utils/private-key-signer.js.map +1 -0
- package/dist/esm/src/utils/protocols.js +51 -0
- package/dist/esm/src/utils/protocols.js.map +1 -0
- package/dist/esm/src/utils/records.js +267 -0
- package/dist/esm/src/utils/records.js.map +1 -0
- package/dist/esm/src/utils/secp256k1.js +219 -0
- package/dist/esm/src/utils/secp256k1.js.map +1 -0
- package/dist/esm/src/utils/string.js +16 -0
- package/dist/esm/src/utils/string.js.map +1 -0
- package/dist/esm/src/utils/time.js +84 -0
- package/dist/esm/src/utils/time.js.map +1 -0
- package/dist/esm/src/utils/url.js +63 -0
- package/dist/esm/src/utils/url.js.map +1 -0
- package/dist/esm/tests/core/auth.spec.js +25 -0
- package/dist/esm/tests/core/auth.spec.js.map +1 -0
- package/dist/esm/tests/core/message-reply.spec.js +19 -0
- package/dist/esm/tests/core/message-reply.spec.js.map +1 -0
- package/dist/esm/tests/core/message.spec.js +85 -0
- package/dist/esm/tests/core/message.spec.js.map +1 -0
- package/dist/esm/tests/did/did-ion-resolver.spec.js +82 -0
- package/dist/esm/tests/did/did-ion-resolver.spec.js.map +1 -0
- package/dist/esm/tests/did/did-key-resolver.spec.js +74 -0
- package/dist/esm/tests/did/did-key-resolver.spec.js.map +1 -0
- package/dist/esm/tests/did/did-resolver.spec.js +84 -0
- package/dist/esm/tests/did/did-resolver.spec.js.map +1 -0
- package/dist/esm/tests/did/did.spec.js +22 -0
- package/dist/esm/tests/did/did.spec.js.map +1 -0
- package/dist/esm/tests/dwn.spec.js +252 -0
- package/dist/esm/tests/dwn.spec.js.map +1 -0
- package/dist/esm/tests/end-to-end-tests.spec.js +218 -0
- package/dist/esm/tests/end-to-end-tests.spec.js.map +1 -0
- package/dist/esm/tests/event-log/event-log-level.spec.js +137 -0
- package/dist/esm/tests/event-log/event-log-level.spec.js.map +1 -0
- package/dist/esm/tests/handlers/events-get.spec.js +108 -0
- package/dist/esm/tests/handlers/events-get.spec.js.map +1 -0
- package/dist/esm/tests/handlers/messages-get.spec.js +209 -0
- package/dist/esm/tests/handlers/messages-get.spec.js.map +1 -0
- package/dist/esm/tests/handlers/permissions-grant.spec.js +249 -0
- package/dist/esm/tests/handlers/permissions-grant.spec.js.map +1 -0
- package/dist/esm/tests/handlers/permissions-request.spec.js +132 -0
- package/dist/esm/tests/handlers/permissions-request.spec.js.map +1 -0
- package/dist/esm/tests/handlers/permissions-revoke.spec.js +311 -0
- package/dist/esm/tests/handlers/permissions-revoke.spec.js.map +1 -0
- package/dist/esm/tests/handlers/protocols-configure.spec.js +254 -0
- package/dist/esm/tests/handlers/protocols-configure.spec.js.map +1 -0
- package/dist/esm/tests/handlers/protocols-query.spec.js +373 -0
- package/dist/esm/tests/handlers/protocols-query.spec.js.map +1 -0
- package/dist/esm/tests/handlers/records-delete.spec.js +630 -0
- package/dist/esm/tests/handlers/records-delete.spec.js.map +1 -0
- package/dist/esm/tests/handlers/records-query.spec.js +1937 -0
- package/dist/esm/tests/handlers/records-query.spec.js.map +1 -0
- package/dist/esm/tests/handlers/records-read.spec.js +1729 -0
- package/dist/esm/tests/handlers/records-read.spec.js.map +1 -0
- package/dist/esm/tests/handlers/records-write.spec.js +3381 -0
- package/dist/esm/tests/handlers/records-write.spec.js.map +1 -0
- package/dist/esm/tests/interfaces/events-get.spec.js +73 -0
- package/dist/esm/tests/interfaces/events-get.spec.js.map +1 -0
- package/dist/esm/tests/interfaces/messages-get.spec.js +93 -0
- package/dist/esm/tests/interfaces/messages-get.spec.js.map +1 -0
- package/dist/esm/tests/interfaces/permissions-grant.spec.js +216 -0
- package/dist/esm/tests/interfaces/permissions-grant.spec.js.map +1 -0
- package/dist/esm/tests/interfaces/permissions-request.spec.js +45 -0
- package/dist/esm/tests/interfaces/permissions-request.spec.js.map +1 -0
- package/dist/esm/tests/interfaces/protocols-configure.spec.js +334 -0
- package/dist/esm/tests/interfaces/protocols-configure.spec.js.map +1 -0
- package/dist/esm/tests/interfaces/protocols-query.spec.js +49 -0
- package/dist/esm/tests/interfaces/protocols-query.spec.js.map +1 -0
- package/dist/esm/tests/interfaces/records-delete.spec.js +42 -0
- package/dist/esm/tests/interfaces/records-delete.spec.js.map +1 -0
- package/dist/esm/tests/interfaces/records-query.spec.js +75 -0
- package/dist/esm/tests/interfaces/records-query.spec.js.map +1 -0
- package/dist/esm/tests/interfaces/records-read.spec.js +65 -0
- package/dist/esm/tests/interfaces/records-read.spec.js.map +1 -0
- package/dist/esm/tests/interfaces/records-write.spec.js +369 -0
- package/dist/esm/tests/interfaces/records-write.spec.js.map +1 -0
- package/dist/esm/tests/jose/jws/general.spec.js +185 -0
- package/dist/esm/tests/jose/jws/general.spec.js.map +1 -0
- package/dist/esm/tests/scenarios/delegated-grant.spec.js +490 -0
- package/dist/esm/tests/scenarios/delegated-grant.spec.js.map +1 -0
- package/dist/esm/tests/scenarios/end-to-end-tests.spec.js +218 -0
- package/dist/esm/tests/scenarios/end-to-end-tests.spec.js.map +1 -0
- package/dist/esm/tests/store/data-store-level.spec.js +192 -0
- package/dist/esm/tests/store/data-store-level.spec.js.map +1 -0
- package/dist/esm/tests/store/index-level.spec.js +428 -0
- package/dist/esm/tests/store/index-level.spec.js.map +1 -0
- package/dist/esm/tests/store/message-store-level.spec.js +51 -0
- package/dist/esm/tests/store/message-store-level.spec.js.map +1 -0
- package/dist/esm/tests/store/message-store.spec.js +395 -0
- package/dist/esm/tests/store/message-store.spec.js.map +1 -0
- package/dist/esm/tests/store-dependent-tests.spec.js +8 -0
- package/dist/esm/tests/store-dependent-tests.spec.js.map +1 -0
- package/dist/esm/tests/test-stores.js +40 -0
- package/dist/esm/tests/test-stores.js.map +1 -0
- package/dist/esm/tests/test-suite.js +51 -0
- package/dist/esm/tests/test-suite.js.map +1 -0
- package/dist/esm/tests/utils/cid.spec.js +83 -0
- package/dist/esm/tests/utils/cid.spec.js.map +1 -0
- package/dist/esm/tests/utils/data-stream.spec.js +30 -0
- package/dist/esm/tests/utils/data-stream.spec.js.map +1 -0
- package/dist/esm/tests/utils/encryption.spec.js +151 -0
- package/dist/esm/tests/utils/encryption.spec.js.map +1 -0
- package/dist/esm/tests/utils/jws.spec.js +11 -0
- package/dist/esm/tests/utils/jws.spec.js.map +1 -0
- package/dist/esm/tests/utils/memory-cache.spec.js +38 -0
- package/dist/esm/tests/utils/memory-cache.spec.js.map +1 -0
- package/dist/esm/tests/utils/object.spec.js +39 -0
- package/dist/esm/tests/utils/object.spec.js.map +1 -0
- package/dist/esm/tests/utils/private-key-signer.spec.js +47 -0
- package/dist/esm/tests/utils/private-key-signer.spec.js.map +1 -0
- package/dist/esm/tests/utils/records.spec.js +56 -0
- package/dist/esm/tests/utils/records.spec.js.map +1 -0
- package/dist/esm/tests/utils/secp256k1.spec.js +77 -0
- package/dist/esm/tests/utils/secp256k1.spec.js.map +1 -0
- package/dist/esm/tests/utils/test-data-generator.js +570 -0
- package/dist/esm/tests/utils/test-data-generator.js.map +1 -0
- package/dist/esm/tests/utils/test-stub-generator.js +39 -0
- package/dist/esm/tests/utils/test-stub-generator.js.map +1 -0
- package/dist/esm/tests/utils/time.spec.js +67 -0
- package/dist/esm/tests/utils/time.spec.js.map +1 -0
- package/dist/esm/tests/utils/url.spec.js +46 -0
- package/dist/esm/tests/utils/url.spec.js.map +1 -0
- package/dist/esm/tests/validation/json-schemas/definitions.spec.js +36 -0
- package/dist/esm/tests/validation/json-schemas/definitions.spec.js.map +1 -0
- package/dist/esm/tests/validation/json-schemas/jwk/general-jwk.spec.js +53 -0
- package/dist/esm/tests/validation/json-schemas/jwk/general-jwk.spec.js.map +1 -0
- package/dist/esm/tests/validation/json-schemas/jwk/public-jwk.spec.js +39 -0
- package/dist/esm/tests/validation/json-schemas/jwk/public-jwk.spec.js.map +1 -0
- package/dist/esm/tests/validation/json-schemas/jwk-verification-method.spec.js +76 -0
- package/dist/esm/tests/validation/json-schemas/jwk-verification-method.spec.js.map +1 -0
- package/dist/esm/tests/validation/json-schemas/protocols/protocols-configure.spec.js +74 -0
- package/dist/esm/tests/validation/json-schemas/protocols/protocols-configure.spec.js.map +1 -0
- package/dist/esm/tests/validation/json-schemas/records/records-query.spec.js +151 -0
- package/dist/esm/tests/validation/json-schemas/records/records-query.spec.js.map +1 -0
- package/dist/esm/tests/validation/json-schemas/records/records-write.spec.js +389 -0
- package/dist/esm/tests/validation/json-schemas/records/records-write.spec.js.map +1 -0
- package/dist/esm/tests/vectors/protocol-definitions/anyone-collaborate.json +25 -0
- package/dist/esm/tests/vectors/protocol-definitions/author-can.json +32 -0
- package/dist/esm/tests/vectors/protocol-definitions/chat.json +56 -0
- package/dist/esm/tests/vectors/protocol-definitions/credential-issuance.json +37 -0
- package/dist/esm/tests/vectors/protocol-definitions/dex.json +52 -0
- package/dist/esm/tests/vectors/protocol-definitions/email.json +50 -0
- package/dist/esm/tests/vectors/protocol-definitions/free-for-all.json +30 -0
- package/dist/esm/tests/vectors/protocol-definitions/friend-role.json +48 -0
- package/dist/esm/tests/vectors/protocol-definitions/message.json +20 -0
- package/dist/esm/tests/vectors/protocol-definitions/minimal.json +10 -0
- package/dist/esm/tests/vectors/protocol-definitions/nested.json +31 -0
- package/dist/esm/tests/vectors/protocol-definitions/private-protocol.json +13 -0
- package/dist/esm/tests/vectors/protocol-definitions/recipient-can.json +36 -0
- package/dist/esm/tests/vectors/protocol-definitions/social-media.json +88 -0
- package/dist/esm/tests/vectors/protocol-definitions/thread-role.json +68 -0
- package/dist/types/generated/precompiled-validators.d.ts +113 -0
- package/dist/types/generated/precompiled-validators.d.ts.map +1 -0
- package/dist/types/src/core/abstract-message.d.ts +19 -0
- package/dist/types/src/core/abstract-message.d.ts.map +1 -0
- package/dist/types/src/core/auth.d.ts +30 -0
- package/dist/types/src/core/auth.d.ts.map +1 -0
- package/dist/types/src/core/dwn-constant.d.ts +8 -0
- package/dist/types/src/core/dwn-constant.d.ts.map +1 -0
- package/dist/types/src/core/dwn-error.d.ts +133 -0
- package/dist/types/src/core/dwn-error.d.ts.map +1 -0
- package/dist/types/src/core/grant-authorization.d.ts +35 -0
- package/dist/types/src/core/grant-authorization.d.ts.map +1 -0
- package/dist/types/src/core/message-reply.d.ts +33 -0
- package/dist/types/src/core/message-reply.d.ts.map +1 -0
- package/dist/types/src/core/message.d.ts +79 -0
- package/dist/types/src/core/message.d.ts.map +1 -0
- package/dist/types/src/core/protocol-authorization.d.ts +85 -0
- package/dist/types/src/core/protocol-authorization.d.ts.map +1 -0
- package/dist/types/src/core/records-grant-authorization.d.ts +38 -0
- package/dist/types/src/core/records-grant-authorization.d.ts.map +1 -0
- package/dist/types/src/core/tenant-gate.d.ts +16 -0
- package/dist/types/src/core/tenant-gate.d.ts.map +1 -0
- package/dist/types/src/did/did-dht-resolver.d.ts +26 -0
- package/dist/types/src/did/did-dht-resolver.d.ts.map +1 -0
- package/dist/types/src/did/did-ion-resolver.d.ts +20 -0
- package/dist/types/src/did/did-ion-resolver.d.ts.map +1 -0
- package/dist/types/src/did/did-key-resolver.d.ts +32 -0
- package/dist/types/src/did/did-key-resolver.d.ts.map +1 -0
- package/dist/types/src/did/did-resolver.d.ts +20 -0
- package/dist/types/src/did/did-resolver.d.ts.map +1 -0
- package/dist/types/src/did/did.d.ts +15 -0
- package/dist/types/src/did/did.d.ts.map +1 -0
- package/dist/types/src/dwn.d.ts +74 -0
- package/dist/types/src/dwn.d.ts.map +1 -0
- package/dist/types/src/enums/dwn-interface-method.d.ts +20 -0
- package/dist/types/src/enums/dwn-interface-method.d.ts.map +1 -0
- package/dist/types/src/event-log/event-log-level.d.ts +26 -0
- package/dist/types/src/event-log/event-log-level.d.ts.map +1 -0
- package/dist/types/src/handlers/events-get.d.ts +16 -0
- package/dist/types/src/handlers/events-get.d.ts.map +1 -0
- package/dist/types/src/handlers/messages-get.d.ts +18 -0
- package/dist/types/src/handlers/messages-get.d.ts.map +1 -0
- package/dist/types/src/handlers/permissions-grant.d.ts +17 -0
- package/dist/types/src/handlers/permissions-grant.d.ts.map +1 -0
- package/dist/types/src/handlers/permissions-request.d.ts +17 -0
- package/dist/types/src/handlers/permissions-request.d.ts.map +1 -0
- package/dist/types/src/handlers/permissions-revoke.d.ts +17 -0
- package/dist/types/src/handlers/permissions-revoke.d.ts.map +1 -0
- package/dist/types/src/handlers/protocols-configure.d.ts +21 -0
- package/dist/types/src/handlers/protocols-configure.d.ts.map +1 -0
- package/dist/types/src/handlers/protocols-query.d.ts +20 -0
- package/dist/types/src/handlers/protocols-query.d.ts.map +1 -0
- package/dist/types/src/handlers/records-delete.d.ts +22 -0
- package/dist/types/src/handlers/records-delete.d.ts.map +1 -0
- package/dist/types/src/handlers/records-query.d.ts +78 -0
- package/dist/types/src/handlers/records-query.d.ts.map +1 -0
- package/dist/types/src/handlers/records-read.d.ts +17 -0
- package/dist/types/src/handlers/records-read.d.ts.map +1 -0
- package/dist/types/src/handlers/records-write.d.ts +61 -0
- package/dist/types/src/handlers/records-write.d.ts.map +1 -0
- package/dist/types/src/index.d.ts +72 -0
- package/dist/types/src/index.d.ts.map +1 -0
- package/dist/types/src/interfaces/events-get.d.ts +13 -0
- package/dist/types/src/interfaces/events-get.d.ts.map +1 -0
- package/dist/types/src/interfaces/messages-get.d.ts +19 -0
- package/dist/types/src/interfaces/messages-get.d.ts.map +1 -0
- package/dist/types/src/interfaces/permissions-grant.d.ts +59 -0
- package/dist/types/src/interfaces/permissions-grant.d.ts.map +1 -0
- package/dist/types/src/interfaces/permissions-request.d.ts +19 -0
- package/dist/types/src/interfaces/permissions-request.d.ts.map +1 -0
- package/dist/types/src/interfaces/permissions-revoke.d.ts +14 -0
- package/dist/types/src/interfaces/permissions-revoke.d.ts.map +1 -0
- package/dist/types/src/interfaces/protocols-configure.d.ts +21 -0
- package/dist/types/src/interfaces/protocols-configure.d.ts.map +1 -0
- package/dist/types/src/interfaces/protocols-query.d.ts +17 -0
- package/dist/types/src/interfaces/protocols-query.d.ts.map +1 -0
- package/dist/types/src/interfaces/records-delete.d.ts +24 -0
- package/dist/types/src/interfaces/records-delete.d.ts.map +1 -0
- package/dist/types/src/interfaces/records-query.d.ts +29 -0
- package/dist/types/src/interfaces/records-query.d.ts.map +1 -0
- package/dist/types/src/interfaces/records-read.d.ts +31 -0
- package/dist/types/src/interfaces/records-read.d.ts.map +1 -0
- package/dist/types/src/interfaces/records-write.d.ts +259 -0
- package/dist/types/src/interfaces/records-write.d.ts.map +1 -0
- package/dist/types/src/jose/algorithms/signing/ed25519.d.ts +3 -0
- package/dist/types/src/jose/algorithms/signing/ed25519.d.ts.map +1 -0
- package/dist/types/src/jose/algorithms/signing/signature-algorithms.d.ts +3 -0
- package/dist/types/src/jose/algorithms/signing/signature-algorithms.d.ts.map +1 -0
- package/dist/types/src/jose/jws/general/builder.d.ts +10 -0
- package/dist/types/src/jose/jws/general/builder.d.ts.map +1 -0
- package/dist/types/src/jose/jws/general/signer.d.ts +8 -0
- package/dist/types/src/jose/jws/general/signer.d.ts.map +1 -0
- package/dist/types/src/jose/jws/general/verifier.d.ts +32 -0
- package/dist/types/src/jose/jws/general/verifier.d.ts.map +1 -0
- package/dist/types/src/schema-validator.d.ts +8 -0
- package/dist/types/src/schema-validator.d.ts.map +1 -0
- package/dist/types/src/store/blockstore-level.d.ts +35 -0
- package/dist/types/src/store/blockstore-level.d.ts.map +1 -0
- package/dist/types/src/store/data-store-level.d.ts +44 -0
- package/dist/types/src/store/data-store-level.d.ts.map +1 -0
- package/dist/types/src/store/index-level.d.ts +69 -0
- package/dist/types/src/store/index-level.d.ts.map +1 -0
- package/dist/types/src/store/level-wrapper.d.ts +44 -0
- package/dist/types/src/store/level-wrapper.d.ts.map +1 -0
- package/dist/types/src/store/message-store-level.d.ts +70 -0
- package/dist/types/src/store/message-store-level.d.ts.map +1 -0
- package/dist/types/src/store/storage-controller.d.ts +19 -0
- package/dist/types/src/store/storage-controller.d.ts.map +1 -0
- package/dist/types/src/types/cache.d.ts +16 -0
- package/dist/types/src/types/cache.d.ts.map +1 -0
- package/dist/types/src/types/data-store.d.ts +69 -0
- package/dist/types/src/types/data-store.d.ts.map +1 -0
- package/dist/types/src/types/delegated-grant-message.d.ts +14 -0
- package/dist/types/src/types/delegated-grant-message.d.ts.map +1 -0
- package/dist/types/src/types/did-types.d.ts +68 -0
- package/dist/types/src/types/did-types.d.ts.map +1 -0
- package/dist/types/src/types/event-log.d.ts +39 -0
- package/dist/types/src/types/event-log.d.ts.map +1 -0
- package/dist/types/src/types/event-types.d.ts +18 -0
- package/dist/types/src/types/event-types.d.ts.map +1 -0
- package/dist/types/src/types/jose-types.d.ts +75 -0
- package/dist/types/src/types/jose-types.d.ts.map +1 -0
- package/dist/types/src/types/jws-types.d.ts +27 -0
- package/dist/types/src/types/jws-types.d.ts.map +1 -0
- package/dist/types/src/types/message-interface.d.ts +22 -0
- package/dist/types/src/types/message-interface.d.ts.map +1 -0
- package/dist/types/src/types/message-store.d.ts +43 -0
- package/dist/types/src/types/message-store.d.ts.map +1 -0
- package/dist/types/src/types/message-types.d.ts +113 -0
- package/dist/types/src/types/message-types.d.ts.map +1 -0
- package/dist/types/src/types/messages-types.d.ts +23 -0
- package/dist/types/src/types/messages-types.d.ts.map +1 -0
- package/dist/types/src/types/method-handler.d.ts +17 -0
- package/dist/types/src/types/method-handler.d.ts.map +1 -0
- package/dist/types/src/types/permissions-grant-descriptor.d.ts +65 -0
- package/dist/types/src/types/permissions-grant-descriptor.d.ts.map +1 -0
- package/dist/types/src/types/permissions-types.d.ts +33 -0
- package/dist/types/src/types/permissions-types.d.ts.map +1 -0
- package/dist/types/src/types/protocols-types.d.ts +138 -0
- package/dist/types/src/types/protocols-types.d.ts.map +1 -0
- package/dist/types/src/types/records-types.d.ts +164 -0
- package/dist/types/src/types/records-types.d.ts.map +1 -0
- package/dist/types/src/types/signer.d.ts +26 -0
- package/dist/types/src/types/signer.d.ts.map +1 -0
- package/dist/types/src/utils/abort.d.ts +5 -0
- package/dist/types/src/utils/abort.d.ts.map +1 -0
- package/dist/types/src/utils/array.d.ts +18 -0
- package/dist/types/src/utils/array.d.ts.map +1 -0
- package/dist/types/src/utils/cid.d.ts +30 -0
- package/dist/types/src/utils/cid.d.ts.map +1 -0
- package/dist/types/src/utils/data-stream.d.ts +27 -0
- package/dist/types/src/utils/data-stream.d.ts.map +1 -0
- package/dist/types/src/utils/encoder.d.ts +14 -0
- package/dist/types/src/utils/encoder.d.ts.map +1 -0
- package/dist/types/src/utils/encryption.d.ts +44 -0
- package/dist/types/src/utils/encryption.d.ts.map +1 -0
- package/dist/types/src/utils/hd-key.d.ts +35 -0
- package/dist/types/src/utils/hd-key.d.ts.map +1 -0
- package/dist/types/src/utils/jws.d.ts +39 -0
- package/dist/types/src/utils/jws.d.ts.map +1 -0
- package/dist/types/src/utils/memory-cache.d.ts +15 -0
- package/dist/types/src/utils/memory-cache.d.ts.map +1 -0
- package/dist/types/src/utils/object.d.ts +18 -0
- package/dist/types/src/utils/object.d.ts.map +1 -0
- package/dist/types/src/utils/private-key-signer.d.ts +34 -0
- package/dist/types/src/utils/private-key-signer.d.ts.map +1 -0
- package/dist/types/src/utils/protocols.d.ts +14 -0
- package/dist/types/src/utils/protocols.d.ts.map +1 -0
- package/dist/types/src/utils/records.d.ts +68 -0
- package/dist/types/src/utils/records.d.ts.map +1 -0
- package/dist/types/src/utils/secp256k1.d.ts +78 -0
- package/dist/types/src/utils/secp256k1.d.ts.map +1 -0
- package/dist/types/src/utils/string.d.ts +6 -0
- package/dist/types/src/utils/string.d.ts.map +1 -0
- package/dist/types/src/utils/time.d.ts +49 -0
- package/dist/types/src/utils/time.d.ts.map +1 -0
- package/dist/types/src/utils/url.d.ts +5 -0
- package/dist/types/src/utils/url.d.ts.map +1 -0
- package/dist/types/tests/core/auth.spec.d.ts +2 -0
- package/dist/types/tests/core/auth.spec.d.ts.map +1 -0
- package/dist/types/tests/core/message-reply.spec.d.ts +2 -0
- package/dist/types/tests/core/message-reply.spec.d.ts.map +1 -0
- package/dist/types/tests/core/message.spec.d.ts +2 -0
- package/dist/types/tests/core/message.spec.d.ts.map +1 -0
- package/dist/types/tests/did/did-ion-resolver.spec.d.ts +2 -0
- package/dist/types/tests/did/did-ion-resolver.spec.d.ts.map +1 -0
- package/dist/types/tests/did/did-key-resolver.spec.d.ts +2 -0
- package/dist/types/tests/did/did-key-resolver.spec.d.ts.map +1 -0
- package/dist/types/tests/did/did-resolver.spec.d.ts +2 -0
- package/dist/types/tests/did/did-resolver.spec.d.ts.map +1 -0
- package/dist/types/tests/did/did.spec.d.ts +2 -0
- package/dist/types/tests/did/did.spec.d.ts.map +1 -0
- package/dist/types/tests/dwn.spec.d.ts +2 -0
- package/dist/types/tests/dwn.spec.d.ts.map +1 -0
- package/dist/types/tests/end-to-end-tests.spec.d.ts +2 -0
- package/dist/types/tests/end-to-end-tests.spec.d.ts.map +1 -0
- package/dist/types/tests/event-log/event-log-level.spec.d.ts +2 -0
- package/dist/types/tests/event-log/event-log-level.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/events-get.spec.d.ts +2 -0
- package/dist/types/tests/handlers/events-get.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/messages-get.spec.d.ts +2 -0
- package/dist/types/tests/handlers/messages-get.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/permissions-grant.spec.d.ts +2 -0
- package/dist/types/tests/handlers/permissions-grant.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/permissions-request.spec.d.ts +2 -0
- package/dist/types/tests/handlers/permissions-request.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/permissions-revoke.spec.d.ts +2 -0
- package/dist/types/tests/handlers/permissions-revoke.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/protocols-configure.spec.d.ts +2 -0
- package/dist/types/tests/handlers/protocols-configure.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/protocols-query.spec.d.ts +2 -0
- package/dist/types/tests/handlers/protocols-query.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/records-delete.spec.d.ts +2 -0
- package/dist/types/tests/handlers/records-delete.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/records-query.spec.d.ts +2 -0
- package/dist/types/tests/handlers/records-query.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/records-read.spec.d.ts +2 -0
- package/dist/types/tests/handlers/records-read.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/records-write.spec.d.ts +2 -0
- package/dist/types/tests/handlers/records-write.spec.d.ts.map +1 -0
- package/dist/types/tests/interfaces/events-get.spec.d.ts +2 -0
- package/dist/types/tests/interfaces/events-get.spec.d.ts.map +1 -0
- package/dist/types/tests/interfaces/messages-get.spec.d.ts +2 -0
- package/dist/types/tests/interfaces/messages-get.spec.d.ts.map +1 -0
- package/dist/types/tests/interfaces/permissions-grant.spec.d.ts +2 -0
- package/dist/types/tests/interfaces/permissions-grant.spec.d.ts.map +1 -0
- package/dist/types/tests/interfaces/permissions-request.spec.d.ts +2 -0
- package/dist/types/tests/interfaces/permissions-request.spec.d.ts.map +1 -0
- package/dist/types/tests/interfaces/protocols-configure.spec.d.ts +2 -0
- package/dist/types/tests/interfaces/protocols-configure.spec.d.ts.map +1 -0
- package/dist/types/tests/interfaces/protocols-query.spec.d.ts +2 -0
- package/dist/types/tests/interfaces/protocols-query.spec.d.ts.map +1 -0
- package/dist/types/tests/interfaces/records-delete.spec.d.ts +2 -0
- package/dist/types/tests/interfaces/records-delete.spec.d.ts.map +1 -0
- package/dist/types/tests/interfaces/records-query.spec.d.ts +2 -0
- package/dist/types/tests/interfaces/records-query.spec.d.ts.map +1 -0
- package/dist/types/tests/interfaces/records-read.spec.d.ts +2 -0
- package/dist/types/tests/interfaces/records-read.spec.d.ts.map +1 -0
- package/dist/types/tests/interfaces/records-write.spec.d.ts +2 -0
- package/dist/types/tests/interfaces/records-write.spec.d.ts.map +1 -0
- package/dist/types/tests/jose/jws/general.spec.d.ts +2 -0
- package/dist/types/tests/jose/jws/general.spec.d.ts.map +1 -0
- package/dist/types/tests/scenarios/delegated-grant.spec.d.ts +2 -0
- package/dist/types/tests/scenarios/delegated-grant.spec.d.ts.map +1 -0
- package/dist/types/tests/scenarios/end-to-end-tests.spec.d.ts +2 -0
- package/dist/types/tests/scenarios/end-to-end-tests.spec.d.ts.map +1 -0
- package/dist/types/tests/store/data-store-level.spec.d.ts +2 -0
- package/dist/types/tests/store/data-store-level.spec.d.ts.map +1 -0
- package/dist/types/tests/store/index-level.spec.d.ts +2 -0
- package/dist/types/tests/store/index-level.spec.d.ts.map +1 -0
- package/dist/types/tests/store/message-store-level.spec.d.ts +2 -0
- package/dist/types/tests/store/message-store-level.spec.d.ts.map +1 -0
- package/dist/types/tests/store/message-store.spec.d.ts +2 -0
- package/dist/types/tests/store/message-store.spec.d.ts.map +1 -0
- package/dist/types/tests/store-dependent-tests.spec.d.ts +2 -0
- package/dist/types/tests/store-dependent-tests.spec.d.ts.map +1 -0
- package/dist/types/tests/test-stores.d.ts +30 -0
- package/dist/types/tests/test-stores.d.ts.map +1 -0
- package/dist/types/tests/test-suite.d.ts +16 -0
- package/dist/types/tests/test-suite.d.ts.map +1 -0
- package/dist/types/tests/utils/cid.spec.d.ts +2 -0
- package/dist/types/tests/utils/cid.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/data-stream.spec.d.ts +2 -0
- package/dist/types/tests/utils/data-stream.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/encryption.spec.d.ts +2 -0
- package/dist/types/tests/utils/encryption.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/jws.spec.d.ts +2 -0
- package/dist/types/tests/utils/jws.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/memory-cache.spec.d.ts +2 -0
- package/dist/types/tests/utils/memory-cache.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/object.spec.d.ts +2 -0
- package/dist/types/tests/utils/object.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/private-key-signer.spec.d.ts +2 -0
- package/dist/types/tests/utils/private-key-signer.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/records.spec.d.ts +2 -0
- package/dist/types/tests/utils/records.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/secp256k1.spec.d.ts +2 -0
- package/dist/types/tests/utils/secp256k1.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/test-data-generator.d.ts +323 -0
- package/dist/types/tests/utils/test-data-generator.d.ts.map +1 -0
- package/dist/types/tests/utils/test-stub-generator.d.ts +16 -0
- package/dist/types/tests/utils/test-stub-generator.d.ts.map +1 -0
- package/dist/types/tests/utils/time.spec.d.ts +2 -0
- package/dist/types/tests/utils/time.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/url.spec.d.ts +2 -0
- package/dist/types/tests/utils/url.spec.d.ts.map +1 -0
- package/dist/types/tests/validation/json-schemas/definitions.spec.d.ts +2 -0
- package/dist/types/tests/validation/json-schemas/definitions.spec.d.ts.map +1 -0
- package/dist/types/tests/validation/json-schemas/jwk/general-jwk.spec.d.ts +2 -0
- package/dist/types/tests/validation/json-schemas/jwk/general-jwk.spec.d.ts.map +1 -0
- package/dist/types/tests/validation/json-schemas/jwk/public-jwk.spec.d.ts +2 -0
- package/dist/types/tests/validation/json-schemas/jwk/public-jwk.spec.d.ts.map +1 -0
- package/dist/types/tests/validation/json-schemas/jwk-verification-method.spec.d.ts +2 -0
- package/dist/types/tests/validation/json-schemas/jwk-verification-method.spec.d.ts.map +1 -0
- package/dist/types/tests/validation/json-schemas/protocols/protocols-configure.spec.d.ts +2 -0
- package/dist/types/tests/validation/json-schemas/protocols/protocols-configure.spec.d.ts.map +1 -0
- package/dist/types/tests/validation/json-schemas/records/records-query.spec.d.ts +2 -0
- package/dist/types/tests/validation/json-schemas/records/records-query.spec.d.ts.map +1 -0
- package/dist/types/tests/validation/json-schemas/records/records-write.spec.d.ts +2 -0
- package/dist/types/tests/validation/json-schemas/records/records-write.spec.d.ts.map +1 -0
- package/package.json +156 -0
- package/src/core/abstract-message.ts +48 -0
- package/src/core/auth.ts +108 -0
- package/src/core/dwn-constant.ts +7 -0
- package/src/core/dwn-error.ts +136 -0
- package/src/core/grant-authorization.ts +163 -0
- package/src/core/message-reply.ts +42 -0
- package/src/core/message.ts +224 -0
- package/src/core/protocol-authorization.ts +691 -0
- package/src/core/records-grant-authorization.ts +167 -0
- package/src/core/tenant-gate.ts +18 -0
- package/src/did/did-dht-resolver.ts +241 -0
- package/src/did/did-ion-resolver.ts +52 -0
- package/src/did/did-key-resolver.ts +137 -0
- package/src/did/did-resolver.ts +77 -0
- package/src/did/did.ts +39 -0
- package/src/dwn.ts +213 -0
- package/src/enums/dwn-interface-method.ts +20 -0
- package/src/event-log/event-log-level.ts +116 -0
- package/src/handlers/events-get.ts +46 -0
- package/src/handlers/messages-get.ts +80 -0
- package/src/handlers/permissions-grant.ts +52 -0
- package/src/handlers/permissions-request.ts +54 -0
- package/src/handlers/permissions-revoke.ts +121 -0
- package/src/handlers/protocols-configure.ts +104 -0
- package/src/handlers/protocols-query.ts +81 -0
- package/src/handlers/records-delete.ts +139 -0
- package/src/handlers/records-query.ts +253 -0
- package/src/handlers/records-read.ts +127 -0
- package/src/handlers/records-write.ts +296 -0
- package/src/index.ts +81 -0
- package/src/interfaces/events-get.ts +43 -0
- package/src/interfaces/messages-get.ts +59 -0
- package/src/interfaces/permissions-grant.ts +175 -0
- package/src/interfaces/permissions-request.ts +55 -0
- package/src/interfaces/permissions-revoke.ts +46 -0
- package/src/interfaces/protocols-configure.ts +188 -0
- package/src/interfaces/protocols-query.ts +99 -0
- package/src/interfaces/records-delete.ts +67 -0
- package/src/interfaces/records-query.ts +100 -0
- package/src/interfaces/records-read.ts +82 -0
- package/src/interfaces/records-write.ts +924 -0
- package/src/jose/algorithms/signing/ed25519.ts +61 -0
- package/src/jose/algorithms/signing/signature-algorithms.ts +15 -0
- package/src/jose/jws/general/builder.ts +48 -0
- package/src/jose/jws/general/signer.ts +29 -0
- package/src/jose/jws/general/verifier.ts +113 -0
- package/src/schema-validator.ts +34 -0
- package/src/store/blockstore-level.ts +113 -0
- package/src/store/data-store-level.ts +188 -0
- package/src/store/index-level.ts +306 -0
- package/src/store/level-wrapper.ts +262 -0
- package/src/store/message-store-level.ts +284 -0
- package/src/store/storage-controller.ts +80 -0
- package/src/types/cache.ts +16 -0
- package/src/types/data-store.ts +78 -0
- package/src/types/delegated-grant-message.ts +15 -0
- package/src/types/did-types.ts +95 -0
- package/src/types/event-log.ts +46 -0
- package/src/types/event-types.ts +20 -0
- package/src/types/jose-types.ts +76 -0
- package/src/types/jws-types.ts +28 -0
- package/src/types/message-interface.ts +24 -0
- package/src/types/message-store.ts +56 -0
- package/src/types/message-types.ts +115 -0
- package/src/types/messages-types.ts +26 -0
- package/src/types/method-handler.ts +17 -0
- package/src/types/permissions-grant-descriptor.ts +79 -0
- package/src/types/permissions-types.ts +42 -0
- package/src/types/protocols-types.ts +154 -0
- package/src/types/records-types.ts +184 -0
- package/src/types/signer.ts +27 -0
- package/src/utils/abort.ts +31 -0
- package/src/utils/array.ts +39 -0
- package/src/utils/cid.ts +101 -0
- package/src/utils/data-stream.ts +85 -0
- package/src/utils/encoder.ts +54 -0
- package/src/utils/encryption.ts +145 -0
- package/src/utils/hd-key.ts +58 -0
- package/src/utils/jws.ts +95 -0
- package/src/utils/memory-cache.ts +31 -0
- package/src/utils/object.ts +55 -0
- package/src/utils/private-key-signer.ts +72 -0
- package/src/utils/protocols.ts +50 -0
- package/src/utils/records.ts +326 -0
- package/src/utils/secp256k1.ts +209 -0
- package/src/utils/string.ts +13 -0
- package/src/utils/time.ts +77 -0
- package/src/utils/url.ts +66 -0
|
@@ -0,0 +1,200 @@
|
|
|
1
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
2
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
3
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
4
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
5
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
6
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
7
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
8
|
+
});
|
|
9
|
+
};
|
|
10
|
+
import { Cid } from '../utils/cid.js';
|
|
11
|
+
import { Encoder } from '../utils/encoder.js';
|
|
12
|
+
import { GeneralJwsBuilder } from '../jose/jws/general/builder.js';
|
|
13
|
+
import { Jws } from '../utils/jws.js';
|
|
14
|
+
import { lexicographicalCompare } from '../utils/string.js';
|
|
15
|
+
import { removeUndefinedProperties } from '../utils/object.js';
|
|
16
|
+
import { validateJsonSchema } from '../schema-validator.js';
|
|
17
|
+
import { DwnError, DwnErrorCode } from './dwn-error.js';
|
|
18
|
+
/**
|
|
19
|
+
* A class containing utility methods for working with DWN messages.
|
|
20
|
+
*/
|
|
21
|
+
export class Message {
|
|
22
|
+
/**
|
|
23
|
+
* Validates the given message against the corresponding JSON schema.
|
|
24
|
+
* @throws {Error} if fails validation.
|
|
25
|
+
*/
|
|
26
|
+
static validateJsonSchema(rawMessage) {
|
|
27
|
+
const dwnInterface = rawMessage.descriptor.interface;
|
|
28
|
+
const dwnMethod = rawMessage.descriptor.method;
|
|
29
|
+
const schemaLookupKey = dwnInterface + dwnMethod;
|
|
30
|
+
// throws an error if message is invalid
|
|
31
|
+
validateJsonSchema(schemaLookupKey, rawMessage);
|
|
32
|
+
}
|
|
33
|
+
;
|
|
34
|
+
/**
|
|
35
|
+
* Gets the DID of the signer of the given message, returns `undefined` if message is not signed.
|
|
36
|
+
*/
|
|
37
|
+
static getSigner(message) {
|
|
38
|
+
if (message.authorization === undefined) {
|
|
39
|
+
return undefined;
|
|
40
|
+
}
|
|
41
|
+
const signer = Jws.getSignerDid(message.authorization.signature.signatures[0]);
|
|
42
|
+
return signer;
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* Gets the CID of the given message.
|
|
46
|
+
*/
|
|
47
|
+
static getCid(message) {
|
|
48
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
49
|
+
// NOTE: we wrap the `computeCid()` here in case that
|
|
50
|
+
// the message will contain properties that should not be part of the CID computation
|
|
51
|
+
// and we need to strip them out (like `encodedData` that we historically had for a long time),
|
|
52
|
+
// but we can remove this method entirely if the code becomes stable and it is apparent that the wrapper is not needed
|
|
53
|
+
// ^--- seems like we might need to keep this around for now.
|
|
54
|
+
const rawMessage = Object.assign({}, message);
|
|
55
|
+
if (rawMessage.encodedData) {
|
|
56
|
+
delete rawMessage.encodedData;
|
|
57
|
+
}
|
|
58
|
+
const cid = yield Cid.computeCid(rawMessage);
|
|
59
|
+
return cid;
|
|
60
|
+
});
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Compares message CID in lexicographical order according to the spec.
|
|
64
|
+
* @returns 1 if `a` is larger than `b`; -1 if `a` is smaller/older than `b`; 0 otherwise (same message)
|
|
65
|
+
*/
|
|
66
|
+
static compareCid(a, b) {
|
|
67
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
68
|
+
// the < and > operators compare strings in lexicographical order
|
|
69
|
+
const cidA = yield Message.getCid(a);
|
|
70
|
+
const cidB = yield Message.getCid(b);
|
|
71
|
+
return lexicographicalCompare(cidA, cidB);
|
|
72
|
+
});
|
|
73
|
+
}
|
|
74
|
+
/**
|
|
75
|
+
* Creates the `authorization` property to be included in a DWN message.
|
|
76
|
+
* @param signer Message signer.
|
|
77
|
+
* @returns {AuthorizationModel} used as an `authorization` property.
|
|
78
|
+
*/
|
|
79
|
+
static createAuthorization(input) {
|
|
80
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
81
|
+
const { descriptor, signer, delegatedGrant, permissionsGrantId, protocolRole } = input;
|
|
82
|
+
let delegatedGrantId;
|
|
83
|
+
if (delegatedGrant !== undefined) {
|
|
84
|
+
delegatedGrantId = yield Message.getCid(delegatedGrant);
|
|
85
|
+
}
|
|
86
|
+
const signature = yield Message.createSignature(descriptor, signer, { delegatedGrantId, permissionsGrantId, protocolRole });
|
|
87
|
+
const authorization = {
|
|
88
|
+
signature
|
|
89
|
+
};
|
|
90
|
+
if (delegatedGrant !== undefined) {
|
|
91
|
+
authorization.authorDelegatedGrant = delegatedGrant;
|
|
92
|
+
}
|
|
93
|
+
return authorization;
|
|
94
|
+
});
|
|
95
|
+
}
|
|
96
|
+
/**
|
|
97
|
+
* Creates a generic signature from the given DWN message descriptor by including `descriptorCid` as the required property in the signature payload.
|
|
98
|
+
* NOTE: there is an opportunity to consolidate RecordsWrite.createSignerSignature() wth this method
|
|
99
|
+
*/
|
|
100
|
+
static createSignature(descriptor, signer, additionalPayloadProperties) {
|
|
101
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
102
|
+
const descriptorCid = yield Cid.computeCid(descriptor);
|
|
103
|
+
const signaturePayload = Object.assign({ descriptorCid }, additionalPayloadProperties);
|
|
104
|
+
removeUndefinedProperties(signaturePayload);
|
|
105
|
+
const signaturePayloadBytes = Encoder.objectToBytes(signaturePayload);
|
|
106
|
+
const builder = yield GeneralJwsBuilder.create(signaturePayloadBytes, [signer]);
|
|
107
|
+
const signature = builder.getJws();
|
|
108
|
+
return signature;
|
|
109
|
+
});
|
|
110
|
+
}
|
|
111
|
+
/**
|
|
112
|
+
* @returns newest message in the array. `undefined` if given array is empty.
|
|
113
|
+
*/
|
|
114
|
+
static getNewestMessage(messages) {
|
|
115
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
116
|
+
let currentNewestMessage = undefined;
|
|
117
|
+
for (const message of messages) {
|
|
118
|
+
if (currentNewestMessage === undefined || (yield Message.isNewer(message, currentNewestMessage))) {
|
|
119
|
+
currentNewestMessage = message;
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
return currentNewestMessage;
|
|
123
|
+
});
|
|
124
|
+
}
|
|
125
|
+
/**
|
|
126
|
+
* @returns oldest message in the array. `undefined` if given array is empty.
|
|
127
|
+
*/
|
|
128
|
+
static getOldestMessage(messages) {
|
|
129
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
130
|
+
let currentOldestMessage = undefined;
|
|
131
|
+
for (const message of messages) {
|
|
132
|
+
if (currentOldestMessage === undefined || (yield Message.isOlder(message, currentOldestMessage))) {
|
|
133
|
+
currentOldestMessage = message;
|
|
134
|
+
}
|
|
135
|
+
}
|
|
136
|
+
return currentOldestMessage;
|
|
137
|
+
});
|
|
138
|
+
}
|
|
139
|
+
/**
|
|
140
|
+
* Checks if first message is newer than second message.
|
|
141
|
+
* @returns `true` if `a` is newer than `b`; `false` otherwise
|
|
142
|
+
*/
|
|
143
|
+
static isNewer(a, b) {
|
|
144
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
145
|
+
const aIsNewer = ((yield Message.compareMessageTimestamp(a, b)) > 0);
|
|
146
|
+
return aIsNewer;
|
|
147
|
+
});
|
|
148
|
+
}
|
|
149
|
+
/**
|
|
150
|
+
* Checks if first message is older than second message.
|
|
151
|
+
* @returns `true` if `a` is older than `b`; `false` otherwise
|
|
152
|
+
*/
|
|
153
|
+
static isOlder(a, b) {
|
|
154
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
155
|
+
const aIsOlder = ((yield Message.compareMessageTimestamp(a, b)) < 0);
|
|
156
|
+
return aIsOlder;
|
|
157
|
+
});
|
|
158
|
+
}
|
|
159
|
+
/**
|
|
160
|
+
* Compares the `messageTimestamp` of the given messages with a fallback to message CID according to the spec.
|
|
161
|
+
* @returns 1 if `a` is larger/newer than `b`; -1 if `a` is smaller/older than `b`; 0 otherwise (same age)
|
|
162
|
+
*/
|
|
163
|
+
static compareMessageTimestamp(a, b) {
|
|
164
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
165
|
+
if (a.descriptor.messageTimestamp > b.descriptor.messageTimestamp) {
|
|
166
|
+
return 1;
|
|
167
|
+
}
|
|
168
|
+
else if (a.descriptor.messageTimestamp < b.descriptor.messageTimestamp) {
|
|
169
|
+
return -1;
|
|
170
|
+
}
|
|
171
|
+
// else `messageTimestamp` is the same between a and b
|
|
172
|
+
// compare the `dataCid` instead, the < and > operators compare strings in lexicographical order
|
|
173
|
+
return Message.compareCid(a, b);
|
|
174
|
+
});
|
|
175
|
+
}
|
|
176
|
+
/**
|
|
177
|
+
* Validates the structural integrity of the message signature given.
|
|
178
|
+
* NOTE: signature is not verified.
|
|
179
|
+
* @param payloadJsonSchemaKey The key to look up the JSON schema referenced in `compile-validators.js` and perform payload schema validation on.
|
|
180
|
+
* @returns the parsed JSON payload object if validation succeeds.
|
|
181
|
+
*/
|
|
182
|
+
static validateMessageSignatureIntegrity(messageSignature_1, messageDescriptor_1) {
|
|
183
|
+
return __awaiter(this, arguments, void 0, function* (messageSignature, messageDescriptor, payloadJsonSchemaKey = 'GenericSignaturePayload') {
|
|
184
|
+
if (messageSignature.signatures.length !== 1) {
|
|
185
|
+
throw new DwnError(DwnErrorCode.AuthenticationMoreThanOneSignatureNotSupported, 'expected no more than 1 signature for authorization purpose');
|
|
186
|
+
}
|
|
187
|
+
// validate payload integrity
|
|
188
|
+
const payloadJson = Jws.decodePlainObjectPayload(messageSignature);
|
|
189
|
+
validateJsonSchema(payloadJsonSchemaKey, payloadJson);
|
|
190
|
+
// `descriptorCid` validation - ensure that the provided descriptorCid matches the CID of the actual message
|
|
191
|
+
const { descriptorCid } = payloadJson;
|
|
192
|
+
const expectedDescriptorCid = yield Cid.computeCid(messageDescriptor);
|
|
193
|
+
if (descriptorCid !== expectedDescriptorCid) {
|
|
194
|
+
throw new DwnError(DwnErrorCode.AuthenticateDescriptorCidMismatch, `provided descriptorCid ${descriptorCid} does not match expected CID ${expectedDescriptorCid}`);
|
|
195
|
+
}
|
|
196
|
+
return payloadJson;
|
|
197
|
+
});
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
//# sourceMappingURL=message.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"message.js","sourceRoot":"","sources":["../../../../src/core/message.ts"],"names":[],"mappings":";;;;;;;;;AAKA,OAAO,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAC;AACtC,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAC5D,OAAO,EAAE,yBAAyB,EAAE,MAAM,oBAAoB,CAAC;AAC/D,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAExD;;GAEG;AACH,MAAM,OAAO,OAAO;IAClB;;;OAGG;IACI,MAAM,CAAC,kBAAkB,CAAC,UAAe;QAC9C,MAAM,YAAY,GAAG,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC;QACrD,MAAM,SAAS,GAAG,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC;QAC/C,MAAM,eAAe,GAAG,YAAY,GAAG,SAAS,CAAC;QAEjD,wCAAwC;QACxC,kBAAkB,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;IAClD,CAAC;IAAA,CAAC;IAEF;;OAEG;IACI,MAAM,CAAC,SAAS,CAAC,OAAuB;QAC7C,IAAI,OAAO,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;YACxC,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/E,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACI,MAAM,CAAO,MAAM,CAAC,OAAuB;;YAChD,qDAAqD;YACrD,qFAAqF;YACrF,+FAA+F;YAC/F,sHAAsH;YAEtH,6DAA6D;YAC7D,MAAM,UAAU,GAAG,kBAAK,OAAO,CAAS,CAAC;YACzC,IAAI,UAAU,CAAC,WAAW,EAAE,CAAC;gBAC3B,OAAO,UAAU,CAAC,WAAW,CAAC;YAChC,CAAC;YAED,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,UAA4B,CAAC,CAAC;YAC/D,OAAO,GAAG,CAAC;QACb,CAAC;KAAA;IAED;;;OAGG;IACI,MAAM,CAAO,UAAU,CAAC,CAAiB,EAAE,CAAiB;;YACjE,iEAAiE;YACjE,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACrC,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACrC,OAAO,sBAAsB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC5C,CAAC;KAAA;IAED;;;;OAIG;IACI,MAAM,CAAO,mBAAmB,CAAC,KAMvC;;YACC,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,cAAc,EAAE,kBAAkB,EAAE,YAAY,EAAE,GAAG,KAAK,CAAC;YAEvF,IAAI,gBAAgB,CAAC;YACrB,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;gBACjC,gBAAgB,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;YAC1D,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,eAAe,CAAC,UAAU,EAAE,MAAM,EAAE,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,YAAY,EAAE,CAAC,CAAC;YAE5H,MAAM,aAAa,GAAuB;gBACxC,SAAS;aACV,CAAC;YAEF,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;gBACjC,aAAa,CAAC,oBAAoB,GAAG,cAAc,CAAC;YACtD,CAAC;YAED,OAAO,aAAa,CAAC;QACvB,CAAC;KAAA;IAED;;;OAGG;IACI,MAAM,CAAO,eAAe,CACjC,UAAsB,EACtB,MAAc,EACd,2BAA+G;;YAE/G,MAAM,aAAa,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAEvD,MAAM,gBAAgB,mBAA8B,aAAa,IAAK,2BAA2B,CAAE,CAAC;YACpG,yBAAyB,CAAC,gBAAgB,CAAC,CAAC;YAE5C,MAAM,qBAAqB,GAAG,OAAO,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;YAEtE,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,MAAM,CAAC,qBAAqB,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;YAChF,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;YAEnC,OAAO,SAAS,CAAC;QACnB,CAAC;KAAA;IAED;;OAEG;IACI,MAAM,CAAO,gBAAgB,CAAC,QAA0B;;YAC7D,IAAI,oBAAoB,GAA+B,SAAS,CAAC;YACjE,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,IAAI,oBAAoB,KAAK,SAAS,KAAI,MAAM,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAA,EAAE,CAAC;oBAC/F,oBAAoB,GAAG,OAAO,CAAC;gBACjC,CAAC;YACH,CAAC;YAED,OAAO,oBAAoB,CAAC;QAC9B,CAAC;KAAA;IAED;;OAEG;IACI,MAAM,CAAO,gBAAgB,CAAC,QAA0B;;YAC7D,IAAI,oBAAoB,GAA+B,SAAS,CAAC;YACjE,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,IAAI,oBAAoB,KAAK,SAAS,KAAI,MAAM,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAA,EAAE,CAAC;oBAC/F,oBAAoB,GAAG,OAAO,CAAC;gBACjC,CAAC;YACH,CAAC;YAED,OAAO,oBAAoB,CAAC;QAC9B,CAAC;KAAA;IAED;;;OAGG;IACI,MAAM,CAAO,OAAO,CAAC,CAAiB,EAAE,CAAiB;;YAC9D,MAAM,QAAQ,GAAG,CAAC,CAAA,MAAM,OAAO,CAAC,uBAAuB,CAAC,CAAC,EAAE,CAAC,CAAC,IAAG,CAAC,CAAC,CAAC;YACnE,OAAO,QAAQ,CAAC;QAClB,CAAC;KAAA;IAED;;;OAGG;IACI,MAAM,CAAO,OAAO,CAAC,CAAiB,EAAE,CAAiB;;YAC9D,MAAM,QAAQ,GAAG,CAAC,CAAA,MAAM,OAAO,CAAC,uBAAuB,CAAC,CAAC,EAAE,CAAC,CAAC,IAAG,CAAC,CAAC,CAAC;YACnE,OAAO,QAAQ,CAAC;QAClB,CAAC;KAAA;IAED;;;OAGG;IACI,MAAM,CAAO,uBAAuB,CAAC,CAAiB,EAAE,CAAiB;;YAC9E,IAAI,CAAC,CAAC,UAAU,CAAC,gBAAgB,GAAG,CAAC,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC;gBAClE,OAAO,CAAC,CAAC;YACX,CAAC;iBAAM,IAAI,CAAC,CAAC,UAAU,CAAC,gBAAgB,GAAG,CAAC,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC;gBACzE,OAAO,CAAC,CAAC,CAAC;YACZ,CAAC;YAED,sDAAsD;YACtD,gGAAgG;YAChG,OAAO,OAAO,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAClC,CAAC;KAAA;IAGD;;;;;OAKG;IACI,MAAM,CAAO,iCAAiC;6DACnD,gBAA4B,EAC5B,iBAA6B,EAC7B,uBAA+B,yBAAyB;YAGxD,IAAI,gBAAgB,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC7C,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,8CAA8C,EAAE,6DAA6D,CAAC,CAAC;YACjJ,CAAC;YAED,6BAA6B;YAC7B,MAAM,WAAW,GAAG,GAAG,CAAC,wBAAwB,CAAC,gBAAgB,CAAC,CAAC;YAEnE,kBAAkB,CAAC,oBAAoB,EAAE,WAAW,CAAC,CAAC;YAEtD,4GAA4G;YAC5G,MAAM,EAAE,aAAa,EAAE,GAAG,WAAW,CAAC;YACtC,MAAM,qBAAqB,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;YACtE,IAAI,aAAa,KAAK,qBAAqB,EAAE,CAAC;gBAC5C,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,iCAAiC,EAC9C,0BAA0B,aAAa,gCAAgC,qBAAqB,EAAE,CAC/F,CAAC;YACJ,CAAC;YAED,OAAO,WAAW,CAAC;QACrB,CAAC;KAAA;CACF"}
|
|
@@ -0,0 +1,449 @@
|
|
|
1
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
2
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
3
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
4
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
5
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
6
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
7
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
8
|
+
});
|
|
9
|
+
};
|
|
10
|
+
import { RecordsWrite } from '../interfaces/records-write.js';
|
|
11
|
+
import { DwnError, DwnErrorCode } from './dwn-error.js';
|
|
12
|
+
import { DwnInterfaceName, DwnMethodName } from '../enums/dwn-interface-method.js';
|
|
13
|
+
import { ProtocolAction, ProtocolActor } from '../types/protocols-types.js';
|
|
14
|
+
export class ProtocolAuthorization {
|
|
15
|
+
/**
|
|
16
|
+
* Performs validation on the structure of RecordsWrite messages that use a protocol.
|
|
17
|
+
* @throws {Error} if validation fails.
|
|
18
|
+
*/
|
|
19
|
+
static validateReferentialIntegrity(tenant, incomingMessage, messageStore) {
|
|
20
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
21
|
+
// fetch the protocol definition
|
|
22
|
+
const protocolDefinition = yield ProtocolAuthorization.fetchProtocolDefinition(tenant, incomingMessage.message.descriptor.protocol, messageStore);
|
|
23
|
+
// verify declared protocol type exists in protocol and that it conforms to type specification
|
|
24
|
+
ProtocolAuthorization.verifyType(incomingMessage.message, protocolDefinition.types);
|
|
25
|
+
// validate `protocolPath`
|
|
26
|
+
yield ProtocolAuthorization.verifyProtocolPath(tenant, incomingMessage, messageStore);
|
|
27
|
+
// get the rule set for the inbound message
|
|
28
|
+
const inboundMessageRuleSet = ProtocolAuthorization.getRuleSet(incomingMessage.message.descriptor.protocolPath, protocolDefinition);
|
|
29
|
+
// If the incoming message is writing a $globalRole record, validate that the recipient is unique
|
|
30
|
+
yield ProtocolAuthorization.verifyUniqueRoleRecipient(tenant, incomingMessage, inboundMessageRuleSet, messageStore);
|
|
31
|
+
});
|
|
32
|
+
}
|
|
33
|
+
/**
|
|
34
|
+
* Performs protocol-based authorization against the incoming RecordsWrite message.
|
|
35
|
+
* @throws {Error} if authorization fails.
|
|
36
|
+
*/
|
|
37
|
+
static authorizeWrite(tenant, incomingMessage, messageStore) {
|
|
38
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
39
|
+
// fetch ancestor message chain
|
|
40
|
+
const ancestorMessageChain = yield ProtocolAuthorization.constructAncestorMessageChain(tenant, incomingMessage, incomingMessage, messageStore);
|
|
41
|
+
// fetch the protocol definition
|
|
42
|
+
const protocolDefinition = yield ProtocolAuthorization.fetchProtocolDefinition(tenant, incomingMessage.message.descriptor.protocol, messageStore);
|
|
43
|
+
// get the rule set for the inbound message
|
|
44
|
+
const inboundMessageRuleSet = ProtocolAuthorization.getRuleSet(incomingMessage.message.descriptor.protocolPath, protocolDefinition);
|
|
45
|
+
// If the incoming message has `protocolRole` in the descriptor, validate the invoked role
|
|
46
|
+
yield ProtocolAuthorization.verifyInvokedRole(tenant, incomingMessage, incomingMessage.message.descriptor.protocol, incomingMessage.message.contextId, protocolDefinition, messageStore);
|
|
47
|
+
// verify method invoked against the allowed actions
|
|
48
|
+
yield ProtocolAuthorization.verifyAllowedActions(tenant, incomingMessage, inboundMessageRuleSet, ancestorMessageChain, messageStore);
|
|
49
|
+
});
|
|
50
|
+
}
|
|
51
|
+
/**
|
|
52
|
+
* Performs protocol-based authorization against the incoming RecordsRead message.
|
|
53
|
+
* @param newestRecordsWrite Either the incomingMessage itself if the incoming is a RecordsWrite,
|
|
54
|
+
* or the latest RecordsWrite associated with the recordId being read.
|
|
55
|
+
* @throws {Error} if authorization fails.
|
|
56
|
+
*/
|
|
57
|
+
static authorizeRead(tenant, incomingMessage, newestRecordsWrite, messageStore) {
|
|
58
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
59
|
+
// fetch ancestor message chain
|
|
60
|
+
const ancestorMessageChain = yield ProtocolAuthorization.constructAncestorMessageChain(tenant, incomingMessage, newestRecordsWrite, messageStore);
|
|
61
|
+
// fetch the protocol definition
|
|
62
|
+
const protocolDefinition = yield ProtocolAuthorization.fetchProtocolDefinition(tenant, newestRecordsWrite.message.descriptor.protocol, messageStore);
|
|
63
|
+
// get the rule set for the inbound message
|
|
64
|
+
const inboundMessageRuleSet = ProtocolAuthorization.getRuleSet(newestRecordsWrite.message.descriptor.protocolPath, protocolDefinition);
|
|
65
|
+
// If the incoming message has `protocolRole` in the descriptor, validate the invoked role
|
|
66
|
+
yield ProtocolAuthorization.verifyInvokedRole(tenant, incomingMessage, newestRecordsWrite.message.descriptor.protocol, newestRecordsWrite.message.contextId, protocolDefinition, messageStore);
|
|
67
|
+
// verify method invoked against the allowed actions
|
|
68
|
+
yield ProtocolAuthorization.verifyAllowedActions(tenant, incomingMessage, inboundMessageRuleSet, ancestorMessageChain, messageStore);
|
|
69
|
+
});
|
|
70
|
+
}
|
|
71
|
+
/**
|
|
72
|
+
* Performs protocol-based authorization against the incoming RecordsQuery message.
|
|
73
|
+
* @throws {Error} if authorization fails.
|
|
74
|
+
*/
|
|
75
|
+
static authorizeQuery(tenant, incomingMessage, messageStore) {
|
|
76
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
77
|
+
// validate that required properties exist in query filter
|
|
78
|
+
const { protocol, protocolPath, contextId } = incomingMessage.message.descriptor.filter;
|
|
79
|
+
// fetch the protocol definition
|
|
80
|
+
const protocolDefinition = yield ProtocolAuthorization.fetchProtocolDefinition(tenant, protocol, // authorizeQuery` is only called if `protocol` is present
|
|
81
|
+
messageStore);
|
|
82
|
+
// get the rule set for the inbound message
|
|
83
|
+
const inboundMessageRuleSet = ProtocolAuthorization.getRuleSet(protocolPath, // presence of `protocolPath` is verified in `parse()`
|
|
84
|
+
protocolDefinition);
|
|
85
|
+
// If the incoming message has `protocolRole` in the descriptor, validate the invoked role
|
|
86
|
+
yield ProtocolAuthorization.verifyInvokedRole(tenant, incomingMessage, protocol, contextId, protocolDefinition, messageStore);
|
|
87
|
+
// verify method invoked against the allowed actions
|
|
88
|
+
yield ProtocolAuthorization.verifyAllowedActions(tenant, incomingMessage, inboundMessageRuleSet, [], // ancestor chain is not relevant to queries
|
|
89
|
+
messageStore);
|
|
90
|
+
});
|
|
91
|
+
}
|
|
92
|
+
static authorizeDelete(tenant, incomingMessage, newestRecordsWrite, messageStore) {
|
|
93
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
94
|
+
// fetch ancestor message chain
|
|
95
|
+
const ancestorMessageChain = yield ProtocolAuthorization.constructAncestorMessageChain(tenant, incomingMessage, newestRecordsWrite, messageStore);
|
|
96
|
+
// fetch the protocol definition
|
|
97
|
+
const protocolDefinition = yield ProtocolAuthorization.fetchProtocolDefinition(tenant, newestRecordsWrite.message.descriptor.protocol, messageStore);
|
|
98
|
+
// get the rule set for the inbound message
|
|
99
|
+
const inboundMessageRuleSet = ProtocolAuthorization.getRuleSet(newestRecordsWrite.message.descriptor.protocolPath, protocolDefinition);
|
|
100
|
+
// If the incoming message has `protocolRole` in the descriptor, validate the invoked role
|
|
101
|
+
yield ProtocolAuthorization.verifyInvokedRole(tenant, incomingMessage, newestRecordsWrite.message.descriptor.protocol, newestRecordsWrite.message.contextId, protocolDefinition, messageStore);
|
|
102
|
+
// verify method invoked against the allowed actions
|
|
103
|
+
yield ProtocolAuthorization.verifyAllowedActions(tenant, incomingMessage, inboundMessageRuleSet, ancestorMessageChain, messageStore);
|
|
104
|
+
});
|
|
105
|
+
}
|
|
106
|
+
/**
|
|
107
|
+
* Fetches the protocol definition based on the protocol specified in the given message.
|
|
108
|
+
*/
|
|
109
|
+
static fetchProtocolDefinition(tenant, protocolUri, messageStore) {
|
|
110
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
111
|
+
// fetch the corresponding protocol definition
|
|
112
|
+
const query = {
|
|
113
|
+
interface: DwnInterfaceName.Protocols,
|
|
114
|
+
method: DwnMethodName.Configure,
|
|
115
|
+
protocol: protocolUri
|
|
116
|
+
};
|
|
117
|
+
const { messages: protocols } = yield messageStore.query(tenant, [query]);
|
|
118
|
+
if (protocols.length === 0) {
|
|
119
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationProtocolNotFound, `unable to find protocol definition for ${protocolUri}`);
|
|
120
|
+
}
|
|
121
|
+
const protocolMessage = protocols[0];
|
|
122
|
+
return protocolMessage.descriptor.definition;
|
|
123
|
+
});
|
|
124
|
+
}
|
|
125
|
+
/**
|
|
126
|
+
* Constructs a chain of ancestor messages
|
|
127
|
+
* @param newestRecordsWrite The newest RecordsWrite associated with the recordId being written.
|
|
128
|
+
* This will be the incoming RecordsWrite itself if the incoming message is a RecordsWrite.
|
|
129
|
+
* @returns the ancestor chain of messages where the first element is the root of the chain; returns empty array if no parent is specified.
|
|
130
|
+
*/
|
|
131
|
+
static constructAncestorMessageChain(tenant, incomingMessage, newestRecordsWrite, messageStore) {
|
|
132
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
133
|
+
const ancestorMessageChain = [];
|
|
134
|
+
if (incomingMessage.message.descriptor.method !== DwnMethodName.Write) {
|
|
135
|
+
// Unless inboundMessage is a Write, recordsWrite is also an ancestor message
|
|
136
|
+
ancestorMessageChain.push(newestRecordsWrite.message);
|
|
137
|
+
}
|
|
138
|
+
const protocol = newestRecordsWrite.message.descriptor.protocol;
|
|
139
|
+
const contextId = newestRecordsWrite.message.contextId;
|
|
140
|
+
// keep walking up the chain from the inbound message's parent, until there is no more parent
|
|
141
|
+
let currentParentId = newestRecordsWrite.message.descriptor.parentId;
|
|
142
|
+
while (currentParentId !== undefined) {
|
|
143
|
+
// fetch parent
|
|
144
|
+
const query = {
|
|
145
|
+
interface: DwnInterfaceName.Records,
|
|
146
|
+
method: DwnMethodName.Write,
|
|
147
|
+
protocol,
|
|
148
|
+
contextId,
|
|
149
|
+
recordId: currentParentId
|
|
150
|
+
};
|
|
151
|
+
const { messages: parentMessages } = yield messageStore.query(tenant, [query]);
|
|
152
|
+
// We already check the immediate parent in `verifyProtocolPath`, so if it triggers,
|
|
153
|
+
// it means a bug that caused an invalid message to be saved to the DWN.
|
|
154
|
+
if (parentMessages.length === 0) {
|
|
155
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationParentNotFound, `no parent found with ID ${currentParentId}`);
|
|
156
|
+
}
|
|
157
|
+
const parent = parentMessages[0];
|
|
158
|
+
ancestorMessageChain.push(parent);
|
|
159
|
+
currentParentId = parent.descriptor.parentId;
|
|
160
|
+
}
|
|
161
|
+
return ancestorMessageChain.reverse(); // root ancestor first
|
|
162
|
+
});
|
|
163
|
+
}
|
|
164
|
+
/**
|
|
165
|
+
* Gets the rule set corresponding to the given message chain.
|
|
166
|
+
*/
|
|
167
|
+
static getRuleSet(protocolPath, protocolDefinition) {
|
|
168
|
+
const ruleSet = ProtocolAuthorization.getRuleSetAtProtocolPath(protocolPath, protocolDefinition);
|
|
169
|
+
if (ruleSet === undefined) {
|
|
170
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationMissingRuleSet, `No rule set defined for protocolPath ${protocolPath}`);
|
|
171
|
+
}
|
|
172
|
+
return ruleSet;
|
|
173
|
+
}
|
|
174
|
+
/**
|
|
175
|
+
* Verifies the `protocolPath` declared in the given message (if it is a RecordsWrite) matches the path of actual ancestor chain.
|
|
176
|
+
* @throws {DwnError} if fails verification.
|
|
177
|
+
*/
|
|
178
|
+
static verifyProtocolPath(tenant, inboundMessage, messageStore) {
|
|
179
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
180
|
+
var _a, _b;
|
|
181
|
+
const declaredProtocolPath = inboundMessage.message.descriptor.protocolPath;
|
|
182
|
+
const declaredTypeName = ProtocolAuthorization.getTypeName(declaredProtocolPath);
|
|
183
|
+
const parentId = inboundMessage.message.descriptor.parentId;
|
|
184
|
+
if (parentId === undefined) {
|
|
185
|
+
if (declaredProtocolPath !== declaredTypeName) {
|
|
186
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationParentlessIncorrectProtocolPath, `Declared protocol path '${declaredProtocolPath}' is not valid for records with no parentId'.`);
|
|
187
|
+
}
|
|
188
|
+
}
|
|
189
|
+
else {
|
|
190
|
+
const protocol = inboundMessage.message.descriptor.protocol;
|
|
191
|
+
const contextId = inboundMessage.message.contextId;
|
|
192
|
+
const query = {
|
|
193
|
+
interface: DwnInterfaceName.Records,
|
|
194
|
+
method: DwnMethodName.Write,
|
|
195
|
+
protocol,
|
|
196
|
+
contextId,
|
|
197
|
+
recordId: parentId
|
|
198
|
+
};
|
|
199
|
+
const { messages: parentMessages } = yield messageStore.query(tenant, [query]);
|
|
200
|
+
const parentProtocolPath = (_b = (_a = parentMessages[0]) === null || _a === void 0 ? void 0 : _a.descriptor) === null || _b === void 0 ? void 0 : _b.protocolPath;
|
|
201
|
+
const actualProtocolPath = `${parentProtocolPath}/${declaredTypeName}`;
|
|
202
|
+
if (parentProtocolPath === undefined || actualProtocolPath !== declaredProtocolPath) {
|
|
203
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationIncorrectProtocolPath, `Could not find matching parent record to verify declared protocol path '${declaredProtocolPath}'.`);
|
|
204
|
+
}
|
|
205
|
+
}
|
|
206
|
+
});
|
|
207
|
+
}
|
|
208
|
+
/**
|
|
209
|
+
* Verifies the `dataFormat` and `schema` declared in the given message (if it is a RecordsWrite) matches dataFormat
|
|
210
|
+
* and schema of the type in the given protocol.
|
|
211
|
+
* @throws {DwnError} if fails verification.
|
|
212
|
+
*/
|
|
213
|
+
static verifyType(inboundMessage, protocolTypes) {
|
|
214
|
+
const typeNames = Object.keys(protocolTypes);
|
|
215
|
+
const declaredProtocolPath = inboundMessage.descriptor.protocolPath;
|
|
216
|
+
const declaredTypeName = ProtocolAuthorization.getTypeName(declaredProtocolPath);
|
|
217
|
+
if (!typeNames.includes(declaredTypeName)) {
|
|
218
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationInvalidType, `record with type ${declaredTypeName} not allowed in protocol`);
|
|
219
|
+
}
|
|
220
|
+
const protocolPath = inboundMessage.descriptor.protocolPath;
|
|
221
|
+
// existence of `protocolType` has already been verified
|
|
222
|
+
const typeName = ProtocolAuthorization.getTypeName(protocolPath);
|
|
223
|
+
const protocolType = protocolTypes[typeName];
|
|
224
|
+
// no `schema` specified in protocol definition means that any schema is allowed
|
|
225
|
+
const { schema } = inboundMessage.descriptor;
|
|
226
|
+
if (protocolType.schema !== undefined && protocolType.schema !== schema) {
|
|
227
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationInvalidSchema, `type '${typeName}' must have schema '${protocolType.schema}', \
|
|
228
|
+
instead has '${schema}'`);
|
|
229
|
+
}
|
|
230
|
+
// no `dataFormats` specified in protocol definition means that all dataFormats are allowed
|
|
231
|
+
const { dataFormat } = inboundMessage.descriptor;
|
|
232
|
+
if (protocolType.dataFormats !== undefined && !protocolType.dataFormats.includes(dataFormat)) {
|
|
233
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationIncorrectDataFormat, `type '${typeName}' must have data format in (${protocolType.dataFormats}), \
|
|
234
|
+
instead has '${dataFormat}'`);
|
|
235
|
+
}
|
|
236
|
+
}
|
|
237
|
+
/**
|
|
238
|
+
* Check if the incoming message is invoking a role. If so, validate the invoked role.
|
|
239
|
+
*/
|
|
240
|
+
static verifyInvokedRole(tenant, incomingMessage, protocolUri, contextId, protocolDefinition, messageStore) {
|
|
241
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
242
|
+
var _a;
|
|
243
|
+
const protocolRole = (_a = incomingMessage.signaturePayload) === null || _a === void 0 ? void 0 : _a.protocolRole;
|
|
244
|
+
// Only verify role if there is a role being invoked
|
|
245
|
+
if (protocolRole === undefined) {
|
|
246
|
+
return;
|
|
247
|
+
}
|
|
248
|
+
const roleRuleSet = ProtocolAuthorization.getRuleSetAtProtocolPath(protocolRole, protocolDefinition);
|
|
249
|
+
if (roleRuleSet === undefined || (!roleRuleSet.$globalRole && !roleRuleSet.$contextRole)) {
|
|
250
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationNotARole, `Protocol path ${protocolRole} is not a valid protocolRole`);
|
|
251
|
+
}
|
|
252
|
+
const roleRecordFilter = {
|
|
253
|
+
interface: DwnInterfaceName.Records,
|
|
254
|
+
method: DwnMethodName.Write,
|
|
255
|
+
protocol: protocolUri,
|
|
256
|
+
protocolPath: protocolRole,
|
|
257
|
+
recipient: incomingMessage.author,
|
|
258
|
+
isLatestBaseState: true,
|
|
259
|
+
};
|
|
260
|
+
if (roleRuleSet.$contextRole) {
|
|
261
|
+
if (contextId === undefined) {
|
|
262
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationMissingContextId, 'Could not verify $contextRole because contextId is missing');
|
|
263
|
+
}
|
|
264
|
+
roleRecordFilter.contextId = contextId;
|
|
265
|
+
}
|
|
266
|
+
const { messages: matchingMessages } = yield messageStore.query(tenant, [roleRecordFilter]);
|
|
267
|
+
if (matchingMessages.length === 0) {
|
|
268
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationMissingRole, `No matching role found for protocol path ${protocolRole}`);
|
|
269
|
+
}
|
|
270
|
+
});
|
|
271
|
+
}
|
|
272
|
+
/**
|
|
273
|
+
* Returns a list of ProtocolAction(s) based on the incoming message, one of which must be allowed for the message to be authorized.
|
|
274
|
+
* NOTE: the reason why there could be multiple actions is because in case of an "update" RecordsWrite by the original record author,
|
|
275
|
+
* the RecordsWrite can either be authorized by a `write` or `update` allow rule. It is important to recognize that the `write` access that allowed
|
|
276
|
+
* the original record author to create the record maybe revoked (e.g. by role revocation) by the time an "update" by the same author is attempted.
|
|
277
|
+
*/
|
|
278
|
+
static getActionsSeekingARuleMatch(tenant, incomingMessage, messageStore) {
|
|
279
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
280
|
+
switch (incomingMessage.message.descriptor.method) {
|
|
281
|
+
case DwnMethodName.Delete:
|
|
282
|
+
return [ProtocolAction.Delete];
|
|
283
|
+
case DwnMethodName.Query:
|
|
284
|
+
return [ProtocolAction.Query];
|
|
285
|
+
case DwnMethodName.Read:
|
|
286
|
+
return [ProtocolAction.Read];
|
|
287
|
+
case DwnMethodName.Write:
|
|
288
|
+
const incomingRecordsWrite = incomingMessage;
|
|
289
|
+
if (yield incomingRecordsWrite.isInitialWrite()) {
|
|
290
|
+
// only 'write' allows initial RecordsWrites; 'update' only applies to subsequent RecordsWrites
|
|
291
|
+
return [ProtocolAction.Write];
|
|
292
|
+
}
|
|
293
|
+
else if (yield incomingRecordsWrite.isAuthoredByInitialRecordAuthor(tenant, messageStore)) {
|
|
294
|
+
// Both 'update' and 'write' authorize the incoming message
|
|
295
|
+
return [ProtocolAction.Write, ProtocolAction.Update];
|
|
296
|
+
}
|
|
297
|
+
else {
|
|
298
|
+
// Actors other than the initial record author must be authorized to 'update' the message
|
|
299
|
+
return [ProtocolAction.Update];
|
|
300
|
+
}
|
|
301
|
+
// default:
|
|
302
|
+
// not reachable in typescript
|
|
303
|
+
}
|
|
304
|
+
});
|
|
305
|
+
}
|
|
306
|
+
/**
|
|
307
|
+
* Verifies the action (e.g. read/write) specified in the given message matches the allowed actions in the rule set.
|
|
308
|
+
* @throws {Error} if action not allowed.
|
|
309
|
+
*/
|
|
310
|
+
static verifyAllowedActions(tenant, incomingMessage, inboundMessageRuleSet, ancestorMessageChain, messageStore) {
|
|
311
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
312
|
+
var _a;
|
|
313
|
+
const incomingMessageMethod = incomingMessage.message.descriptor.method;
|
|
314
|
+
const inboundMessageActions = yield ProtocolAuthorization.getActionsSeekingARuleMatch(tenant, incomingMessage, messageStore);
|
|
315
|
+
const author = incomingMessage.author;
|
|
316
|
+
const actionRules = inboundMessageRuleSet.$actions;
|
|
317
|
+
// We have already checked that the message is not from tenant, owner, or permissionsGrant
|
|
318
|
+
if (actionRules === undefined) {
|
|
319
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationActionRulesNotFound, `no action rule defined for ${incomingMessageMethod}, ${author} is unauthorized`);
|
|
320
|
+
}
|
|
321
|
+
const invokedRole = (_a = incomingMessage.signaturePayload) === null || _a === void 0 ? void 0 : _a.protocolRole;
|
|
322
|
+
for (const actionRule of actionRules) {
|
|
323
|
+
if (!inboundMessageActions.includes(actionRule.can)) {
|
|
324
|
+
continue;
|
|
325
|
+
}
|
|
326
|
+
if (invokedRole !== undefined) {
|
|
327
|
+
// When a protocol role is being invoked, we require that there is a matching `role` rule.
|
|
328
|
+
if (actionRule.role === invokedRole) {
|
|
329
|
+
// role is successfully invoked
|
|
330
|
+
return;
|
|
331
|
+
}
|
|
332
|
+
else {
|
|
333
|
+
continue;
|
|
334
|
+
}
|
|
335
|
+
}
|
|
336
|
+
else if (actionRule.who === ProtocolActor.Recipient && actionRule.of === undefined && author !== undefined) {
|
|
337
|
+
// Author must be recipient of the record being accessed
|
|
338
|
+
let recordsWriteMessage;
|
|
339
|
+
if (incomingMessage.message.descriptor.method === DwnMethodName.Write) {
|
|
340
|
+
recordsWriteMessage = incomingMessage.message;
|
|
341
|
+
}
|
|
342
|
+
else {
|
|
343
|
+
// else the incoming message must be a RecordsDelete because only `update` and `delete` are allowed recipient actions
|
|
344
|
+
recordsWriteMessage = ancestorMessageChain[ancestorMessageChain.length - 1];
|
|
345
|
+
}
|
|
346
|
+
if (recordsWriteMessage.descriptor.recipient === author) {
|
|
347
|
+
return;
|
|
348
|
+
}
|
|
349
|
+
}
|
|
350
|
+
else if (actionRule.who === ProtocolActor.Anyone) {
|
|
351
|
+
return;
|
|
352
|
+
}
|
|
353
|
+
else if (author === undefined) {
|
|
354
|
+
continue;
|
|
355
|
+
}
|
|
356
|
+
const ancestorRuleSuccess = yield ProtocolAuthorization.checkActor(author, actionRule, ancestorMessageChain);
|
|
357
|
+
if (ancestorRuleSuccess) {
|
|
358
|
+
return;
|
|
359
|
+
}
|
|
360
|
+
}
|
|
361
|
+
// No action rules were satisfied, author is not authorized
|
|
362
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationActionNotAllowed, `inbound message action not allowed for author`);
|
|
363
|
+
});
|
|
364
|
+
}
|
|
365
|
+
/**
|
|
366
|
+
* Verifies that writes to a $globalRole or $contextRole record do not have the same recipient as an existing RecordsWrite
|
|
367
|
+
* to the same $globalRole or the same $contextRole in the same context.
|
|
368
|
+
*/
|
|
369
|
+
static verifyUniqueRoleRecipient(tenant, incomingMessage, inboundMessageRuleSet, messageStore) {
|
|
370
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
371
|
+
const incomingRecordsWrite = incomingMessage;
|
|
372
|
+
if (!inboundMessageRuleSet.$globalRole && !inboundMessageRuleSet.$contextRole) {
|
|
373
|
+
return;
|
|
374
|
+
}
|
|
375
|
+
const recipient = incomingRecordsWrite.message.descriptor.recipient;
|
|
376
|
+
if (recipient === undefined) {
|
|
377
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationRoleMissingRecipient, 'Role records must have a recipient');
|
|
378
|
+
}
|
|
379
|
+
const protocolPath = incomingRecordsWrite.message.descriptor.protocolPath;
|
|
380
|
+
const filter = {
|
|
381
|
+
interface: DwnInterfaceName.Records,
|
|
382
|
+
method: DwnMethodName.Write,
|
|
383
|
+
isLatestBaseState: true,
|
|
384
|
+
protocol: incomingRecordsWrite.message.descriptor.protocol,
|
|
385
|
+
protocolPath,
|
|
386
|
+
recipient,
|
|
387
|
+
};
|
|
388
|
+
if (inboundMessageRuleSet.$contextRole) {
|
|
389
|
+
filter.contextId = incomingRecordsWrite.message.contextId;
|
|
390
|
+
}
|
|
391
|
+
const { messages: matchingMessages } = yield messageStore.query(tenant, [filter]);
|
|
392
|
+
const matchingRecords = matchingMessages;
|
|
393
|
+
const matchingRecordsExceptIncomingRecordId = matchingRecords.filter((recordsWriteMessage) => recordsWriteMessage.recordId !== incomingRecordsWrite.message.recordId);
|
|
394
|
+
if (matchingRecordsExceptIncomingRecordId.length > 0) {
|
|
395
|
+
if (inboundMessageRuleSet.$globalRole) {
|
|
396
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationDuplicateGlobalRoleRecipient, `DID '${recipient}' is already recipient of a $globalRole record at protocol path '${protocolPath}`);
|
|
397
|
+
}
|
|
398
|
+
else {
|
|
399
|
+
// $contextRole
|
|
400
|
+
throw new DwnError(DwnErrorCode.ProtocolAuthorizationDuplicateContextRoleRecipient, `DID '${recipient}' is already recipient of a $contextRole record at protocol path '${protocolPath} in the same context`);
|
|
401
|
+
}
|
|
402
|
+
}
|
|
403
|
+
});
|
|
404
|
+
}
|
|
405
|
+
static getRuleSetAtProtocolPath(protocolPath, protocolDefinition) {
|
|
406
|
+
const protocolPathArray = protocolPath.split('/');
|
|
407
|
+
let currentRuleSet = protocolDefinition.structure;
|
|
408
|
+
let i = 0;
|
|
409
|
+
while (i < protocolPathArray.length) {
|
|
410
|
+
const currentTypeName = protocolPathArray[i];
|
|
411
|
+
const nextRuleSet = currentRuleSet[currentTypeName];
|
|
412
|
+
if (nextRuleSet === undefined) {
|
|
413
|
+
return undefined;
|
|
414
|
+
}
|
|
415
|
+
currentRuleSet = nextRuleSet;
|
|
416
|
+
i++;
|
|
417
|
+
}
|
|
418
|
+
return currentRuleSet;
|
|
419
|
+
}
|
|
420
|
+
/**
|
|
421
|
+
* Checks if there is a record in the ancestor chain matching the `who: 'author' | 'recipient'` action rule.
|
|
422
|
+
* @returns true if the action rule is satisfied. false otherwise
|
|
423
|
+
*/
|
|
424
|
+
static checkActor(author, actionRule, ancestorMessageChain) {
|
|
425
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
426
|
+
// Iterate up the ancestor chain to find a message with matching protocolPath
|
|
427
|
+
const ancestorRecordsWrite = ancestorMessageChain.find((recordsWriteMessage) => recordsWriteMessage.descriptor.protocolPath === actionRule.of);
|
|
428
|
+
// If this is reached, there is likely an issue with the protocol definition.
|
|
429
|
+
// The protocolPath to the actionRule should start with actionRule.of
|
|
430
|
+
// consider moving this check to ProtocolsConfigure message ingestion
|
|
431
|
+
if (ancestorRecordsWrite === undefined) {
|
|
432
|
+
return false;
|
|
433
|
+
}
|
|
434
|
+
if (actionRule.who === ProtocolActor.Recipient) {
|
|
435
|
+
// Recipient of ancestor message must be the author of the incoming message
|
|
436
|
+
return author === ancestorRecordsWrite.descriptor.recipient;
|
|
437
|
+
}
|
|
438
|
+
else { // actionRule.who === ProtocolActor.Author
|
|
439
|
+
// Author of ancestor message must be the author of the incoming message
|
|
440
|
+
const ancestorAuthor = (yield RecordsWrite.parse(ancestorRecordsWrite)).author;
|
|
441
|
+
return author === ancestorAuthor;
|
|
442
|
+
}
|
|
443
|
+
});
|
|
444
|
+
}
|
|
445
|
+
static getTypeName(protocolPath) {
|
|
446
|
+
return protocolPath.split('/').slice(-1)[0];
|
|
447
|
+
}
|
|
448
|
+
}
|
|
449
|
+
//# sourceMappingURL=protocol-authorization.js.map
|