@enbox/dwn-sdk-js 0.3.9 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -4
- package/dist/browser.mjs +11 -11
- package/dist/browser.mjs.map +4 -4
- package/dist/esm/generated/precompiled-validators.js +783 -1206
- package/dist/esm/generated/precompiled-validators.js.map +1 -1
- package/dist/esm/src/core/dwn-constant.js +5 -0
- package/dist/esm/src/core/dwn-constant.js.map +1 -1
- package/dist/esm/src/core/dwn-error.js +13 -7
- package/dist/esm/src/core/dwn-error.js.map +1 -1
- package/dist/esm/src/core/grant-authorization.js +9 -18
- package/dist/esm/src/core/grant-authorization.js.map +1 -1
- package/dist/esm/src/core/message-reply.js.map +1 -1
- package/dist/esm/src/core/messages-grant-authorization.js +28 -61
- package/dist/esm/src/core/messages-grant-authorization.js.map +1 -1
- package/dist/esm/src/core/protocol-authorization-action.js +25 -27
- package/dist/esm/src/core/protocol-authorization-action.js.map +1 -1
- package/dist/esm/src/core/protocol-authorization-validation.js +31 -69
- package/dist/esm/src/core/protocol-authorization-validation.js.map +1 -1
- package/dist/esm/src/core/protocol-authorization.js +44 -118
- package/dist/esm/src/core/protocol-authorization.js.map +1 -1
- package/dist/esm/src/core/protocols-grant-authorization.js +5 -5
- package/dist/esm/src/core/protocols-grant-authorization.js.map +1 -1
- package/dist/esm/src/core/recording-validation-state-reader.js +84 -0
- package/dist/esm/src/core/recording-validation-state-reader.js.map +1 -0
- package/dist/esm/src/core/records-grant-authorization.js +11 -11
- package/dist/esm/src/core/records-grant-authorization.js.map +1 -1
- package/dist/esm/src/core/replication-apply.js +295 -0
- package/dist/esm/src/core/replication-apply.js.map +1 -0
- package/dist/esm/src/core/resumable-task-manager.js +5 -4
- package/dist/esm/src/core/resumable-task-manager.js.map +1 -1
- package/dist/esm/src/core/validation-state-reader.js +237 -0
- package/dist/esm/src/core/validation-state-reader.js.map +1 -0
- package/dist/esm/src/dwn.js +261 -16
- package/dist/esm/src/dwn.js.map +1 -1
- package/dist/esm/src/enums/dwn-interface-method.js +0 -1
- package/dist/esm/src/enums/dwn-interface-method.js.map +1 -1
- package/dist/esm/src/event-stream/durable-event-log.js +365 -0
- package/dist/esm/src/event-stream/durable-event-log.js.map +1 -0
- package/dist/esm/src/event-stream/event-emitter-wake-publisher.js +25 -0
- package/dist/esm/src/event-stream/event-emitter-wake-publisher.js.map +1 -0
- package/dist/esm/src/handlers/messages-query.js +159 -0
- package/dist/esm/src/handlers/messages-query.js.map +1 -0
- package/dist/esm/src/handlers/messages-read.js +5 -5
- package/dist/esm/src/handlers/messages-read.js.map +1 -1
- package/dist/esm/src/handlers/messages-subscribe.js +8 -8
- package/dist/esm/src/handlers/messages-subscribe.js.map +1 -1
- package/dist/esm/src/handlers/protocols-configure.js +30 -49
- package/dist/esm/src/handlers/protocols-configure.js.map +1 -1
- package/dist/esm/src/handlers/protocols-query.js +1 -1
- package/dist/esm/src/handlers/protocols-query.js.map +1 -1
- package/dist/esm/src/handlers/records-count.js +20 -11
- package/dist/esm/src/handlers/records-count.js.map +1 -1
- package/dist/esm/src/handlers/records-delete.js +20 -16
- package/dist/esm/src/handlers/records-delete.js.map +1 -1
- package/dist/esm/src/handlers/records-query.js +35 -11
- package/dist/esm/src/handlers/records-query.js.map +1 -1
- package/dist/esm/src/handlers/records-read.js +52 -42
- package/dist/esm/src/handlers/records-read.js.map +1 -1
- package/dist/esm/src/handlers/records-subscribe.js +107 -11
- package/dist/esm/src/handlers/records-subscribe.js.map +1 -1
- package/dist/esm/src/handlers/records-write.js +62 -116
- package/dist/esm/src/handlers/records-write.js.map +1 -1
- package/dist/esm/src/index.js +7 -8
- package/dist/esm/src/index.js.map +1 -1
- package/dist/esm/src/interfaces/messages-query.js +49 -0
- package/dist/esm/src/interfaces/messages-query.js.map +1 -0
- package/dist/esm/src/interfaces/protocols-configure.js +7 -3
- package/dist/esm/src/interfaces/protocols-configure.js.map +1 -1
- package/dist/esm/src/interfaces/protocols-query.js +3 -4
- package/dist/esm/src/interfaces/protocols-query.js.map +1 -1
- package/dist/esm/src/interfaces/records-count.js +4 -3
- package/dist/esm/src/interfaces/records-count.js.map +1 -1
- package/dist/esm/src/interfaces/records-delete.js +21 -4
- package/dist/esm/src/interfaces/records-delete.js.map +1 -1
- package/dist/esm/src/interfaces/records-query.js +4 -3
- package/dist/esm/src/interfaces/records-query.js.map +1 -1
- package/dist/esm/src/interfaces/records-read.js +3 -3
- package/dist/esm/src/interfaces/records-read.js.map +1 -1
- package/dist/esm/src/interfaces/records-subscribe.js +4 -3
- package/dist/esm/src/interfaces/records-subscribe.js.map +1 -1
- package/dist/esm/src/interfaces/records-write.js +27 -13
- package/dist/esm/src/interfaces/records-write.js.map +1 -1
- package/dist/esm/src/protocols/permissions.js +27 -34
- package/dist/esm/src/protocols/permissions.js.map +1 -1
- package/dist/esm/src/store/index-level.js +24 -9
- package/dist/esm/src/store/index-level.js.map +1 -1
- package/dist/esm/src/store/level-wrapper.js +7 -0
- package/dist/esm/src/store/level-wrapper.js.map +1 -1
- package/dist/esm/src/store/message-store-level.js +536 -42
- package/dist/esm/src/store/message-store-level.js.map +1 -1
- package/dist/esm/src/store/storage-controller.js +58 -49
- package/dist/esm/src/store/storage-controller.js.map +1 -1
- package/dist/esm/src/types/message-types.js.map +1 -1
- package/dist/esm/src/types/validation-state-reader.js +2 -0
- package/dist/esm/src/types/validation-state-reader.js.map +1 -0
- package/dist/esm/src/utils/messages.js +17 -0
- package/dist/esm/src/utils/messages.js.map +1 -1
- package/dist/esm/src/utils/record-limit-occupancy.js +244 -0
- package/dist/esm/src/utils/record-limit-occupancy.js.map +1 -0
- package/dist/esm/src/utils/records.js +50 -14
- package/dist/esm/src/utils/records.js.map +1 -1
- package/dist/esm/src/utils/replication.js +85 -0
- package/dist/esm/src/utils/replication.js.map +1 -0
- package/dist/esm/tests/core/grant-authorization.spec.js +4 -4
- package/dist/esm/tests/core/grant-authorization.spec.js.map +1 -1
- package/dist/esm/tests/core/process-message-parity.spec.js +222 -0
- package/dist/esm/tests/core/process-message-parity.spec.js.map +1 -0
- package/dist/esm/tests/core/protocol-authorization.spec.js +5 -2
- package/dist/esm/tests/core/protocol-authorization.spec.js.map +1 -1
- package/dist/esm/tests/core/records-grant-authorization.spec.js +5 -5
- package/dist/esm/tests/core/records-grant-authorization.spec.js.map +1 -1
- package/dist/esm/tests/core/replication-apply.spec.js +274 -0
- package/dist/esm/tests/core/replication-apply.spec.js.map +1 -0
- package/dist/esm/tests/core/replication-replay-property.spec.js +350 -0
- package/dist/esm/tests/core/replication-replay-property.spec.js.map +1 -0
- package/dist/esm/tests/core/validation-read-closure.spec.js +469 -0
- package/dist/esm/tests/core/validation-read-closure.spec.js.map +1 -0
- package/dist/esm/tests/core/validation-state-reader.spec.js +716 -0
- package/dist/esm/tests/core/validation-state-reader.spec.js.map +1 -0
- package/dist/esm/tests/durable-event-log.spec.js +373 -0
- package/dist/esm/tests/durable-event-log.spec.js.map +1 -0
- package/dist/esm/tests/dwn.spec.js +620 -14
- package/dist/esm/tests/dwn.spec.js.map +1 -1
- package/dist/esm/tests/features/author-delegated-grant.spec.js +9 -6
- package/dist/esm/tests/features/author-delegated-grant.spec.js.map +1 -1
- package/dist/esm/tests/features/owner-delegated-grant.spec.js +1 -4
- package/dist/esm/tests/features/owner-delegated-grant.spec.js.map +1 -1
- package/dist/esm/tests/features/owner-signature.spec.js +1 -4
- package/dist/esm/tests/features/owner-signature.spec.js.map +1 -1
- package/dist/esm/tests/features/permissions.spec.js +165 -4
- package/dist/esm/tests/features/permissions.spec.js.map +1 -1
- package/dist/esm/tests/features/protocol-composition.spec.js +8 -11
- package/dist/esm/tests/features/protocol-composition.spec.js.map +1 -1
- package/dist/esm/tests/features/protocol-create-action.spec.js +1 -4
- package/dist/esm/tests/features/protocol-create-action.spec.js.map +1 -1
- package/dist/esm/tests/features/protocol-delete-action.spec.js +3 -5
- package/dist/esm/tests/features/protocol-delete-action.spec.js.map +1 -1
- package/dist/esm/tests/features/protocol-update-action.spec.js +3 -6
- package/dist/esm/tests/features/protocol-update-action.spec.js.map +1 -1
- package/dist/esm/tests/features/records-delivery.spec.js +1 -4
- package/dist/esm/tests/features/records-delivery.spec.js.map +1 -1
- package/dist/esm/tests/features/records-immutable.spec.js +1 -4
- package/dist/esm/tests/features/records-immutable.spec.js.map +1 -1
- package/dist/esm/tests/features/records-nested-query-scope.spec.js +281 -0
- package/dist/esm/tests/features/records-nested-query-scope.spec.js.map +1 -0
- package/dist/esm/tests/features/records-prune-cross-protocol.spec.js +3 -7
- package/dist/esm/tests/features/records-prune-cross-protocol.spec.js.map +1 -1
- package/dist/esm/tests/features/records-prune.spec.js +11 -22
- package/dist/esm/tests/features/records-prune.spec.js.map +1 -1
- package/dist/esm/tests/features/records-record-limit.spec.js +441 -231
- package/dist/esm/tests/features/records-record-limit.spec.js.map +1 -1
- package/dist/esm/tests/features/records-squash.spec.js +6 -4
- package/dist/esm/tests/features/records-squash.spec.js.map +1 -1
- package/dist/esm/tests/features/records-tags.spec.js +1 -4
- package/dist/esm/tests/features/records-tags.spec.js.map +1 -1
- package/dist/esm/tests/features/resumable-tasks.spec.js +3 -5
- package/dist/esm/tests/features/resumable-tasks.spec.js.map +1 -1
- package/dist/esm/tests/fuzz/message-store.fuzz.spec.js +1 -2
- package/dist/esm/tests/fuzz/message-store.fuzz.spec.js.map +1 -1
- package/dist/esm/tests/fuzz/process-message.fuzz.spec.js +2 -4
- package/dist/esm/tests/fuzz/process-message.fuzz.spec.js.map +1 -1
- package/dist/esm/tests/fuzz/schema-validation.fuzz.spec.js +1 -1
- package/dist/esm/tests/fuzz/schema-validation.fuzz.spec.js.map +1 -1
- package/dist/esm/tests/handlers/messages-query.spec.js +246 -0
- package/dist/esm/tests/handlers/messages-query.spec.js.map +1 -0
- package/dist/esm/tests/handlers/messages-read.spec.js +2 -5
- package/dist/esm/tests/handlers/messages-read.spec.js.map +1 -1
- package/dist/esm/tests/handlers/messages-subscribe.spec.js +3 -14
- package/dist/esm/tests/handlers/messages-subscribe.spec.js.map +1 -1
- package/dist/esm/tests/handlers/protocols-configure.spec.js +27 -26
- package/dist/esm/tests/handlers/protocols-configure.spec.js.map +1 -1
- package/dist/esm/tests/handlers/protocols-query.spec.js +1 -4
- package/dist/esm/tests/handlers/protocols-query.spec.js.map +1 -1
- package/dist/esm/tests/handlers/records-count.spec.js +1 -4
- package/dist/esm/tests/handlers/records-count.spec.js.map +1 -1
- package/dist/esm/tests/handlers/records-delete.spec.js +312 -30
- package/dist/esm/tests/handlers/records-delete.spec.js.map +1 -1
- package/dist/esm/tests/handlers/records-query.spec.js +32 -9
- package/dist/esm/tests/handlers/records-query.spec.js.map +1 -1
- package/dist/esm/tests/handlers/records-read.spec.js +4 -4
- package/dist/esm/tests/handlers/records-read.spec.js.map +1 -1
- package/dist/esm/tests/handlers/records-subscribe.spec.js +33 -14
- package/dist/esm/tests/handlers/records-subscribe.spec.js.map +1 -1
- package/dist/esm/tests/handlers/records-write.spec.js +84 -38
- package/dist/esm/tests/handlers/records-write.spec.js.map +1 -1
- package/dist/esm/tests/interfaces/records-delete.spec.js +69 -2
- package/dist/esm/tests/interfaces/records-delete.spec.js.map +1 -1
- package/dist/esm/tests/interfaces/records-write.spec.js +4 -3
- package/dist/esm/tests/interfaces/records-write.spec.js.map +1 -1
- package/dist/esm/tests/protocols/permissions.spec.js +55 -6
- package/dist/esm/tests/protocols/permissions.spec.js.map +1 -1
- package/dist/esm/tests/scenarios/aggregator.spec.js +1 -4
- package/dist/esm/tests/scenarios/aggregator.spec.js.map +1 -1
- package/dist/esm/tests/scenarios/deleted-record.spec.js +1 -4
- package/dist/esm/tests/scenarios/deleted-record.spec.js.map +1 -1
- package/dist/esm/tests/scenarios/end-to-end-tests.spec.js +1 -4
- package/dist/esm/tests/scenarios/end-to-end-tests.spec.js.map +1 -1
- package/dist/esm/tests/scenarios/nested-roles.spec.js +1 -4
- package/dist/esm/tests/scenarios/nested-roles.spec.js.map +1 -1
- package/dist/esm/tests/scenarios/subscriptions.spec.js +1 -4
- package/dist/esm/tests/scenarios/subscriptions.spec.js.map +1 -1
- package/dist/esm/tests/store/message-store-level.spec.js +361 -5
- package/dist/esm/tests/store/message-store-level.spec.js.map +1 -1
- package/dist/esm/tests/store/message-store.spec.js +60 -0
- package/dist/esm/tests/store/message-store.spec.js.map +1 -1
- package/dist/esm/tests/test-event-stream.js +7 -3
- package/dist/esm/tests/test-event-stream.js.map +1 -1
- package/dist/esm/tests/test-stores.js +19 -9
- package/dist/esm/tests/test-stores.js.map +1 -1
- package/dist/esm/tests/test-suite.js +4 -4
- package/dist/esm/tests/test-suite.js.map +1 -1
- package/dist/esm/tests/utils/test-data-generator.js +25 -0
- package/dist/esm/tests/utils/test-data-generator.js.map +1 -1
- package/dist/esm/tests/utils/test-stub-generator.js.map +1 -1
- package/dist/esm/tests/utils/test-validation-state-reader.js +16 -0
- package/dist/esm/tests/utils/test-validation-state-reader.js.map +1 -0
- package/dist/types/generated/precompiled-validators.d.ts +6 -6
- package/dist/types/generated/precompiled-validators.d.ts.map +1 -1
- package/dist/types/src/core/core-protocol.d.ts +3 -3
- package/dist/types/src/core/core-protocol.d.ts.map +1 -1
- package/dist/types/src/core/dwn-constant.d.ts +5 -0
- package/dist/types/src/core/dwn-constant.d.ts.map +1 -1
- package/dist/types/src/core/dwn-error.d.ts +13 -7
- package/dist/types/src/core/dwn-error.d.ts.map +1 -1
- package/dist/types/src/core/grant-authorization.d.ts +5 -5
- package/dist/types/src/core/grant-authorization.d.ts.map +1 -1
- package/dist/types/src/core/message-reply.d.ts +5 -4
- package/dist/types/src/core/message-reply.d.ts.map +1 -1
- package/dist/types/src/core/messages-grant-authorization.d.ts +12 -15
- package/dist/types/src/core/messages-grant-authorization.d.ts.map +1 -1
- package/dist/types/src/core/protocol-authorization-action.d.ts +4 -5
- package/dist/types/src/core/protocol-authorization-action.d.ts.map +1 -1
- package/dist/types/src/core/protocol-authorization-validation.d.ts +13 -16
- package/dist/types/src/core/protocol-authorization-validation.d.ts.map +1 -1
- package/dist/types/src/core/protocol-authorization.d.ts +8 -33
- package/dist/types/src/core/protocol-authorization.d.ts.map +1 -1
- package/dist/types/src/core/protocols-grant-authorization.d.ts +4 -4
- package/dist/types/src/core/protocols-grant-authorization.d.ts.map +1 -1
- package/dist/types/src/core/recording-validation-state-reader.d.ts +75 -0
- package/dist/types/src/core/recording-validation-state-reader.d.ts.map +1 -0
- package/dist/types/src/core/records-grant-authorization.d.ts +8 -8
- package/dist/types/src/core/records-grant-authorization.d.ts.map +1 -1
- package/dist/types/src/core/replication-apply.d.ts +129 -0
- package/dist/types/src/core/replication-apply.d.ts.map +1 -0
- package/dist/types/src/core/resumable-task-manager.d.ts +1 -1
- package/dist/types/src/core/resumable-task-manager.d.ts.map +1 -1
- package/dist/types/src/core/validation-state-reader.d.ts +79 -0
- package/dist/types/src/core/validation-state-reader.d.ts.map +1 -0
- package/dist/types/src/dwn.d.ts +47 -13
- package/dist/types/src/dwn.d.ts.map +1 -1
- package/dist/types/src/enums/dwn-interface-method.d.ts +0 -1
- package/dist/types/src/enums/dwn-interface-method.d.ts.map +1 -1
- package/dist/types/src/event-stream/durable-event-log.d.ts +69 -0
- package/dist/types/src/event-stream/durable-event-log.d.ts.map +1 -0
- package/dist/types/src/event-stream/event-emitter-wake-publisher.d.ts +13 -0
- package/dist/types/src/event-stream/event-emitter-wake-publisher.d.ts.map +1 -0
- package/dist/types/src/handlers/messages-query.d.ts +20 -0
- package/dist/types/src/handlers/messages-query.d.ts.map +1 -0
- package/dist/types/src/handlers/messages-read.d.ts +1 -1
- package/dist/types/src/handlers/messages-read.d.ts.map +1 -1
- package/dist/types/src/handlers/messages-subscribe.d.ts.map +1 -1
- package/dist/types/src/handlers/protocols-configure.d.ts +0 -5
- package/dist/types/src/handlers/protocols-configure.d.ts.map +1 -1
- package/dist/types/src/handlers/records-count.d.ts +2 -1
- package/dist/types/src/handlers/records-count.d.ts.map +1 -1
- package/dist/types/src/handlers/records-delete.d.ts +2 -2
- package/dist/types/src/handlers/records-delete.d.ts.map +1 -1
- package/dist/types/src/handlers/records-query.d.ts +1 -1
- package/dist/types/src/handlers/records-query.d.ts.map +1 -1
- package/dist/types/src/handlers/records-read.d.ts +2 -1
- package/dist/types/src/handlers/records-read.d.ts.map +1 -1
- package/dist/types/src/handlers/records-subscribe.d.ts +4 -5
- package/dist/types/src/handlers/records-subscribe.d.ts.map +1 -1
- package/dist/types/src/handlers/records-write.d.ts +3 -11
- package/dist/types/src/handlers/records-write.d.ts.map +1 -1
- package/dist/types/src/index.d.ts +16 -18
- package/dist/types/src/index.d.ts.map +1 -1
- package/dist/types/src/interfaces/messages-query.d.ts +23 -0
- package/dist/types/src/interfaces/messages-query.d.ts.map +1 -0
- package/dist/types/src/interfaces/protocols-configure.d.ts +3 -3
- package/dist/types/src/interfaces/protocols-configure.d.ts.map +1 -1
- package/dist/types/src/interfaces/protocols-query.d.ts +2 -2
- package/dist/types/src/interfaces/protocols-query.d.ts.map +1 -1
- package/dist/types/src/interfaces/records-count.d.ts +3 -3
- package/dist/types/src/interfaces/records-count.d.ts.map +1 -1
- package/dist/types/src/interfaces/records-delete.d.ts +11 -3
- package/dist/types/src/interfaces/records-delete.d.ts.map +1 -1
- package/dist/types/src/interfaces/records-query.d.ts +3 -3
- package/dist/types/src/interfaces/records-query.d.ts.map +1 -1
- package/dist/types/src/interfaces/records-read.d.ts +3 -3
- package/dist/types/src/interfaces/records-read.d.ts.map +1 -1
- package/dist/types/src/interfaces/records-subscribe.d.ts +3 -3
- package/dist/types/src/interfaces/records-subscribe.d.ts.map +1 -1
- package/dist/types/src/interfaces/records-write.d.ts +15 -7
- package/dist/types/src/interfaces/records-write.d.ts.map +1 -1
- package/dist/types/src/protocols/permissions.d.ts +9 -12
- package/dist/types/src/protocols/permissions.d.ts.map +1 -1
- package/dist/types/src/store/index-level.d.ts +10 -1
- package/dist/types/src/store/index-level.d.ts.map +1 -1
- package/dist/types/src/store/level-wrapper.d.ts +5 -0
- package/dist/types/src/store/level-wrapper.d.ts.map +1 -1
- package/dist/types/src/store/message-store-level.d.ts +94 -14
- package/dist/types/src/store/message-store-level.d.ts.map +1 -1
- package/dist/types/src/store/storage-controller.d.ts +17 -14
- package/dist/types/src/store/storage-controller.d.ts.map +1 -1
- package/dist/types/src/types/message-store.d.ts +29 -1
- package/dist/types/src/types/message-store.d.ts.map +1 -1
- package/dist/types/src/types/message-types.d.ts +2 -0
- package/dist/types/src/types/message-types.d.ts.map +1 -1
- package/dist/types/src/types/messages-types.d.ts +21 -55
- package/dist/types/src/types/messages-types.d.ts.map +1 -1
- package/dist/types/src/types/method-handler.d.ts +2 -2
- package/dist/types/src/types/method-handler.d.ts.map +1 -1
- package/dist/types/src/types/permission-types.d.ts +1 -1
- package/dist/types/src/types/subscriptions.d.ts +50 -39
- package/dist/types/src/types/subscriptions.d.ts.map +1 -1
- package/dist/types/src/types/validation-state-reader.d.ts +116 -0
- package/dist/types/src/types/validation-state-reader.d.ts.map +1 -0
- package/dist/types/src/utils/messages.d.ts +10 -0
- package/dist/types/src/utils/messages.d.ts.map +1 -1
- package/dist/types/src/utils/record-limit-occupancy.d.ts +40 -0
- package/dist/types/src/utils/record-limit-occupancy.d.ts.map +1 -0
- package/dist/types/src/utils/records.d.ts +25 -3
- package/dist/types/src/utils/records.d.ts.map +1 -1
- package/dist/types/src/utils/replication.d.ts +22 -0
- package/dist/types/src/utils/replication.d.ts.map +1 -0
- package/dist/types/tests/core/process-message-parity.spec.d.ts +2 -0
- package/dist/types/tests/core/process-message-parity.spec.d.ts.map +1 -0
- package/dist/types/tests/core/replication-apply.spec.d.ts +2 -0
- package/dist/types/tests/core/replication-apply.spec.d.ts.map +1 -0
- package/dist/types/tests/core/replication-replay-property.spec.d.ts +2 -0
- package/dist/types/tests/core/replication-replay-property.spec.d.ts.map +1 -0
- package/dist/types/tests/core/validation-read-closure.spec.d.ts +2 -0
- package/dist/types/tests/core/validation-read-closure.spec.d.ts.map +1 -0
- package/dist/types/tests/core/validation-state-reader.spec.d.ts +2 -0
- package/dist/types/tests/core/validation-state-reader.spec.d.ts.map +1 -0
- package/dist/types/tests/durable-event-log.spec.d.ts +2 -0
- package/dist/types/tests/durable-event-log.spec.d.ts.map +1 -0
- package/dist/types/tests/dwn.spec.d.ts.map +1 -1
- package/dist/types/tests/features/author-delegated-grant.spec.d.ts.map +1 -1
- package/dist/types/tests/features/owner-delegated-grant.spec.d.ts.map +1 -1
- package/dist/types/tests/features/owner-signature.spec.d.ts.map +1 -1
- package/dist/types/tests/features/permissions.spec.d.ts.map +1 -1
- package/dist/types/tests/features/protocol-composition.spec.d.ts.map +1 -1
- package/dist/types/tests/features/protocol-create-action.spec.d.ts.map +1 -1
- package/dist/types/tests/features/protocol-delete-action.spec.d.ts.map +1 -1
- package/dist/types/tests/features/protocol-update-action.spec.d.ts.map +1 -1
- package/dist/types/tests/features/records-delivery.spec.d.ts.map +1 -1
- package/dist/types/tests/features/records-immutable.spec.d.ts.map +1 -1
- package/dist/types/tests/features/records-nested-query-scope.spec.d.ts +2 -0
- package/dist/types/tests/features/records-nested-query-scope.spec.d.ts.map +1 -0
- package/dist/types/tests/features/records-prune-cross-protocol.spec.d.ts.map +1 -1
- package/dist/types/tests/features/records-prune.spec.d.ts.map +1 -1
- package/dist/types/tests/features/records-record-limit.spec.d.ts.map +1 -1
- package/dist/types/tests/features/records-squash.spec.d.ts.map +1 -1
- package/dist/types/tests/features/records-tags.spec.d.ts.map +1 -1
- package/dist/types/tests/features/resumable-tasks.spec.d.ts.map +1 -1
- package/dist/types/tests/handlers/messages-query.spec.d.ts +2 -0
- package/dist/types/tests/handlers/messages-query.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/messages-read.spec.d.ts.map +1 -1
- package/dist/types/tests/handlers/messages-subscribe.spec.d.ts.map +1 -1
- package/dist/types/tests/handlers/protocols-configure.spec.d.ts.map +1 -1
- package/dist/types/tests/handlers/protocols-query.spec.d.ts.map +1 -1
- package/dist/types/tests/handlers/records-count.spec.d.ts.map +1 -1
- package/dist/types/tests/handlers/records-delete.spec.d.ts.map +1 -1
- package/dist/types/tests/handlers/records-query.spec.d.ts.map +1 -1
- package/dist/types/tests/handlers/records-read.spec.d.ts.map +1 -1
- package/dist/types/tests/handlers/records-subscribe.spec.d.ts.map +1 -1
- package/dist/types/tests/handlers/records-write.spec.d.ts.map +1 -1
- package/dist/types/tests/scenarios/deleted-record.spec.d.ts.map +1 -1
- package/dist/types/tests/scenarios/end-to-end-tests.spec.d.ts.map +1 -1
- package/dist/types/tests/scenarios/nested-roles.spec.d.ts.map +1 -1
- package/dist/types/tests/scenarios/subscriptions.spec.d.ts.map +1 -1
- package/dist/types/tests/store/message-store.spec.d.ts.map +1 -1
- package/dist/types/tests/test-event-stream.d.ts +1 -1
- package/dist/types/tests/test-event-stream.d.ts.map +1 -1
- package/dist/types/tests/test-stores.d.ts +5 -4
- package/dist/types/tests/test-stores.d.ts.map +1 -1
- package/dist/types/tests/test-suite.d.ts +1 -2
- package/dist/types/tests/test-suite.d.ts.map +1 -1
- package/dist/types/tests/utils/test-data-generator.d.ts +20 -1
- package/dist/types/tests/utils/test-data-generator.d.ts.map +1 -1
- package/dist/types/tests/utils/test-validation-state-reader.d.ts +15 -0
- package/dist/types/tests/utils/test-validation-state-reader.d.ts.map +1 -0
- package/package.json +2 -2
- package/src/core/core-protocol.ts +3 -3
- package/src/core/dwn-constant.ts +7 -1
- package/src/core/dwn-error.ts +13 -7
- package/src/core/grant-authorization.ts +11 -20
- package/src/core/message-reply.ts +6 -5
- package/src/core/messages-grant-authorization.ts +37 -100
- package/src/core/protocol-authorization-action.ts +29 -38
- package/src/core/protocol-authorization-validation.ts +41 -98
- package/src/core/protocol-authorization.ts +56 -202
- package/src/core/protocols-grant-authorization.ts +9 -9
- package/src/core/recording-validation-state-reader.ts +130 -0
- package/src/core/records-grant-authorization.ts +16 -16
- package/src/core/replication-apply.ts +412 -0
- package/src/core/resumable-task-manager.ts +10 -8
- package/src/core/validation-state-reader.ts +350 -0
- package/src/dwn.ts +417 -30
- package/src/enums/dwn-interface-method.ts +0 -1
- package/src/event-stream/durable-event-log.ts +509 -0
- package/src/event-stream/event-emitter-wake-publisher.ts +34 -0
- package/src/handlers/messages-query.ts +203 -0
- package/src/handlers/messages-read.ts +9 -10
- package/src/handlers/messages-subscribe.ts +12 -13
- package/src/handlers/protocols-configure.ts +37 -58
- package/src/handlers/protocols-query.ts +1 -1
- package/src/handlers/records-count.ts +24 -17
- package/src/handlers/records-delete.ts +29 -27
- package/src/handlers/records-query.ts +38 -17
- package/src/handlers/records-read.ts +63 -50
- package/src/handlers/records-subscribe.ts +132 -19
- package/src/handlers/records-write.ts +77 -168
- package/src/index.ts +16 -20
- package/src/interfaces/messages-query.ts +70 -0
- package/src/interfaces/protocols-configure.ts +12 -4
- package/src/interfaces/protocols-query.ts +4 -5
- package/src/interfaces/records-count.ts +9 -4
- package/src/interfaces/records-delete.ts +25 -5
- package/src/interfaces/records-query.ts +9 -4
- package/src/interfaces/records-read.ts +4 -4
- package/src/interfaces/records-subscribe.ts +9 -4
- package/src/interfaces/records-write.ts +41 -13
- package/src/protocols/permissions.ts +32 -52
- package/src/store/index-level.ts +30 -9
- package/src/store/level-wrapper.ts +9 -1
- package/src/store/message-store-level.ts +757 -47
- package/src/store/storage-controller.ts +74 -63
- package/src/types/message-store.ts +45 -2
- package/src/types/message-types.ts +3 -1
- package/src/types/messages-types.ts +26 -65
- package/src/types/method-handler.ts +3 -3
- package/src/types/permission-types.ts +1 -1
- package/src/types/subscriptions.ts +53 -42
- package/src/types/validation-state-reader.ts +127 -0
- package/src/utils/messages.ts +25 -1
- package/src/utils/record-limit-occupancy.ts +377 -0
- package/src/utils/records.ts +69 -13
- package/src/utils/replication.ts +122 -0
- package/dist/esm/src/core/record-chain.js +0 -64
- package/dist/esm/src/core/record-chain.js.map +0 -1
- package/dist/esm/src/event-stream/event-emitter-event-log.js +0 -334
- package/dist/esm/src/event-stream/event-emitter-event-log.js.map +0 -1
- package/dist/esm/src/handlers/messages-sync.js +0 -581
- package/dist/esm/src/handlers/messages-sync.js.map +0 -1
- package/dist/esm/src/interfaces/messages-sync.js +0 -54
- package/dist/esm/src/interfaces/messages-sync.js.map +0 -1
- package/dist/esm/src/smt/smt-store-level.js +0 -103
- package/dist/esm/src/smt/smt-store-level.js.map +0 -1
- package/dist/esm/src/smt/smt-store-memory.js +0 -41
- package/dist/esm/src/smt/smt-store-memory.js.map +0 -1
- package/dist/esm/src/smt/smt-utils.js +0 -129
- package/dist/esm/src/smt/smt-utils.js.map +0 -1
- package/dist/esm/src/smt/sparse-merkle-tree.js +0 -577
- package/dist/esm/src/smt/sparse-merkle-tree.js.map +0 -1
- package/dist/esm/src/state-index/state-index-level.js +0 -191
- package/dist/esm/src/state-index/state-index-level.js.map +0 -1
- package/dist/esm/src/sync/records-projection.js +0 -228
- package/dist/esm/src/sync/records-projection.js.map +0 -1
- package/dist/esm/src/types/smt-types.js +0 -5
- package/dist/esm/src/types/smt-types.js.map +0 -1
- package/dist/esm/src/types/state-index.js +0 -2
- package/dist/esm/src/types/state-index.js.map +0 -1
- package/dist/esm/tests/event-emitter-event-log.spec.js +0 -499
- package/dist/esm/tests/event-emitter-event-log.spec.js.map +0 -1
- package/dist/esm/tests/handlers/messages-sync.spec.js +0 -1771
- package/dist/esm/tests/handlers/messages-sync.spec.js.map +0 -1
- package/dist/esm/tests/smt/smt-store-level.spec.js +0 -132
- package/dist/esm/tests/smt/smt-store-level.spec.js.map +0 -1
- package/dist/esm/tests/smt/sparse-merkle-tree.spec.js +0 -732
- package/dist/esm/tests/smt/sparse-merkle-tree.spec.js.map +0 -1
- package/dist/esm/tests/state-index/state-index-level.spec.js +0 -245
- package/dist/esm/tests/state-index/state-index-level.spec.js.map +0 -1
- package/dist/esm/tests/sync/records-projection.spec.js +0 -245
- package/dist/esm/tests/sync/records-projection.spec.js.map +0 -1
- package/dist/types/src/core/record-chain.d.ts +0 -24
- package/dist/types/src/core/record-chain.d.ts.map +0 -1
- package/dist/types/src/event-stream/event-emitter-event-log.d.ts +0 -80
- package/dist/types/src/event-stream/event-emitter-event-log.d.ts.map +0 -1
- package/dist/types/src/handlers/messages-sync.d.ts +0 -83
- package/dist/types/src/handlers/messages-sync.d.ts.map +0 -1
- package/dist/types/src/interfaces/messages-sync.d.ts +0 -23
- package/dist/types/src/interfaces/messages-sync.d.ts.map +0 -1
- package/dist/types/src/smt/smt-store-level.d.ts +0 -32
- package/dist/types/src/smt/smt-store-level.d.ts.map +0 -1
- package/dist/types/src/smt/smt-store-memory.d.ts +0 -22
- package/dist/types/src/smt/smt-store-memory.d.ts.map +0 -1
- package/dist/types/src/smt/smt-utils.d.ts +0 -58
- package/dist/types/src/smt/smt-utils.d.ts.map +0 -1
- package/dist/types/src/smt/sparse-merkle-tree.d.ts +0 -124
- package/dist/types/src/smt/sparse-merkle-tree.d.ts.map +0 -1
- package/dist/types/src/state-index/state-index-level.d.ts +0 -83
- package/dist/types/src/state-index/state-index-level.d.ts.map +0 -1
- package/dist/types/src/sync/records-projection.d.ts +0 -98
- package/dist/types/src/sync/records-projection.d.ts.map +0 -1
- package/dist/types/src/types/smt-types.d.ts +0 -81
- package/dist/types/src/types/smt-types.d.ts.map +0 -1
- package/dist/types/src/types/state-index.d.ts +0 -90
- package/dist/types/src/types/state-index.d.ts.map +0 -1
- package/dist/types/tests/event-emitter-event-log.spec.d.ts +0 -2
- package/dist/types/tests/event-emitter-event-log.spec.d.ts.map +0 -1
- package/dist/types/tests/handlers/messages-sync.spec.d.ts +0 -2
- package/dist/types/tests/handlers/messages-sync.spec.d.ts.map +0 -1
- package/dist/types/tests/smt/smt-store-level.spec.d.ts +0 -2
- package/dist/types/tests/smt/smt-store-level.spec.d.ts.map +0 -1
- package/dist/types/tests/smt/sparse-merkle-tree.spec.d.ts +0 -2
- package/dist/types/tests/smt/sparse-merkle-tree.spec.d.ts.map +0 -1
- package/dist/types/tests/state-index/state-index-level.spec.d.ts +0 -2
- package/dist/types/tests/state-index/state-index-level.spec.d.ts.map +0 -1
- package/dist/types/tests/sync/records-projection.spec.d.ts +0 -2
- package/dist/types/tests/sync/records-projection.spec.d.ts.map +0 -1
- package/src/core/record-chain.ts +0 -99
- package/src/event-stream/event-emitter-event-log.ts +0 -430
- package/src/handlers/messages-sync.ts +0 -896
- package/src/interfaces/messages-sync.ts +0 -86
- package/src/smt/smt-store-level.ts +0 -143
- package/src/smt/smt-store-memory.ts +0 -53
- package/src/smt/smt-utils.ts +0 -149
- package/src/smt/sparse-merkle-tree.ts +0 -698
- package/src/state-index/state-index-level.ts +0 -239
- package/src/sync/records-projection.ts +0 -328
- package/src/types/smt-types.ts +0 -95
- package/src/types/state-index.ts +0 -100
|
@@ -6,5 +6,10 @@ export class DwnConstant {
|
|
|
6
6
|
* We currently encode using base64url which is a 33% increase in size.
|
|
7
7
|
*/
|
|
8
8
|
static maxDataSizeAllowedToBeEncoded = 30_000;
|
|
9
|
+
/**
|
|
10
|
+
* Maximum supported `$recordLimit.max`. Read-time occupancy projection may load
|
|
11
|
+
* up to this many occupants per scope before applying the caller's filter/page.
|
|
12
|
+
*/
|
|
13
|
+
static maxRecordLimit = 1000;
|
|
9
14
|
}
|
|
10
15
|
//# sourceMappingURL=dwn-constant.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dwn-constant.js","sourceRoot":"","sources":["../../../../src/core/dwn-constant.ts"],"names":[],"mappings":"AAAA,MAAM,OAAO,WAAW;IACtB;;;;;OAKG;IACI,MAAM,CAAU,6BAA6B,GAAG,MAAM,CAAC"}
|
|
1
|
+
{"version":3,"file":"dwn-constant.js","sourceRoot":"","sources":["../../../../src/core/dwn-constant.ts"],"names":[],"mappings":"AAAA,MAAM,OAAO,WAAW;IACtB;;;;;OAKG;IACI,MAAM,CAAU,6BAA6B,GAAG,MAAM,CAAC;IAE9D;;;OAGG;IACI,MAAM,CAAU,cAAc,GAAG,IAAI,CAAC"}
|
|
@@ -24,9 +24,6 @@ export var DwnErrorCode;
|
|
|
24
24
|
DwnErrorCode["EventLogNotOpenError"] = "EventLogNotOpenError";
|
|
25
25
|
DwnErrorCode["EventLogProgressGap"] = "EventLogProgressGap";
|
|
26
26
|
DwnErrorCode["MessagesGrantAuthorizationMismatchedProtocol"] = "MessagesGrantAuthorizationMismatchedProtocol";
|
|
27
|
-
DwnErrorCode["MessagesGrantAuthorizationProjectionInfrastructureProtocol"] = "MessagesGrantAuthorizationProjectionInfrastructureProtocol";
|
|
28
|
-
DwnErrorCode["MessagesGrantAuthorizationProjectionScopeMismatch"] = "MessagesGrantAuthorizationProjectionScopeMismatch";
|
|
29
|
-
DwnErrorCode["MessagesGrantAuthorizationProtocolSyncInfrastructureProtocol"] = "MessagesGrantAuthorizationProtocolSyncInfrastructureProtocol";
|
|
30
27
|
DwnErrorCode["MessagesGrantAuthorizationSubscribeProtocolMismatch"] = "MessagesGrantAuthorizationSubscribeProtocolMismatch";
|
|
31
28
|
DwnErrorCode["MessagesGrantAuthorizationUnfilteredSubscribeProtocolScope"] = "MessagesGrantAuthorizationUnfilteredSubscribeProtocolScope";
|
|
32
29
|
DwnErrorCode["MessagesSubscribeAuthorizationFailed"] = "MessagesSubscribeAuthorizationFailed";
|
|
@@ -51,6 +48,13 @@ export var DwnErrorCode;
|
|
|
51
48
|
DwnErrorCode["IndexInvalidSortPropertyInMemory"] = "IndexInvalidSortPropertyInMemory";
|
|
52
49
|
DwnErrorCode["IndexMissingIndexableProperty"] = "IndexMissingIndexableProperty";
|
|
53
50
|
DwnErrorCode["JwsDecodePlainObjectPayloadInvalid"] = "JwsDecodePlainObjectPayloadInvalid";
|
|
51
|
+
DwnErrorCode["MessageStoreDeleteLogEntryMissing"] = "MessageStoreDeleteLogEntryMissing";
|
|
52
|
+
DwnErrorCode["MessageStoreFingerprintScopeMutation"] = "MessageStoreFingerprintScopeMutation";
|
|
53
|
+
DwnErrorCode["MessageStorePreSubstrateLayout"] = "MessageStorePreSubstrateLayout";
|
|
54
|
+
DwnErrorCode["MessageStoreReplicationPositionOverflow"] = "MessageStoreReplicationPositionOverflow";
|
|
55
|
+
DwnErrorCode["MessageStoreUpdateMessageAndIndexesCidMismatch"] = "MessageStoreUpdateMessageAndIndexesCidMismatch";
|
|
56
|
+
DwnErrorCode["MessageStoreUpdateMessageAndIndexesMessageNotFound"] = "MessageStoreUpdateMessageAndIndexesMessageNotFound";
|
|
57
|
+
DwnErrorCode["MessageStoreUpdateIndexesMessageNotFound"] = "MessageStoreUpdateIndexesMessageNotFound";
|
|
54
58
|
DwnErrorCode["MessagePermissionGrantCreateInvocationAmbiguous"] = "MessagePermissionGrantCreateInvocationAmbiguous";
|
|
55
59
|
DwnErrorCode["MessagePermissionGrantDescriptorPayloadMismatch"] = "MessagePermissionGrantDescriptorPayloadMismatch";
|
|
56
60
|
DwnErrorCode["MessagePermissionGrantIdsDescriptorPayloadMismatch"] = "MessagePermissionGrantIdsDescriptorPayloadMismatch";
|
|
@@ -58,12 +62,11 @@ export var DwnErrorCode;
|
|
|
58
62
|
DwnErrorCode["MessagePermissionGrantIdsNotCanonical"] = "MessagePermissionGrantIdsNotCanonical";
|
|
59
63
|
DwnErrorCode["MessagePermissionGrantValidateInvocationAmbiguous"] = "MessagePermissionGrantValidateInvocationAmbiguous";
|
|
60
64
|
DwnErrorCode["MessagesReadInvalidCid"] = "MessagesReadInvalidCid";
|
|
65
|
+
DwnErrorCode["MessagesQueryAuthorizationFailed"] = "MessagesQueryAuthorizationFailed";
|
|
66
|
+
DwnErrorCode["MessagesQueryReplicationFeedUnimplemented"] = "MessagesQueryReplicationFeedUnimplemented";
|
|
61
67
|
DwnErrorCode["MessagesReadAuthorizationFailed"] = "MessagesReadAuthorizationFailed";
|
|
62
68
|
DwnErrorCode["MessageGetInvalidCid"] = "MessageGetInvalidCid";
|
|
63
69
|
DwnErrorCode["MessagesReadVerifyScopeFailed"] = "MessagesReadVerifyScopeFailed";
|
|
64
|
-
DwnErrorCode["MessagesSyncAuthorizationFailed"] = "MessagesSyncAuthorizationFailed";
|
|
65
|
-
DwnErrorCode["MessagesSyncInvalidPrefix"] = "MessagesSyncInvalidPrefix";
|
|
66
|
-
DwnErrorCode["MessagesSyncUnsupportedProjectionRootVersion"] = "MessagesSyncUnsupportedProjectionRootVersion";
|
|
67
70
|
DwnErrorCode["ParseCidCodecNotSupported"] = "ParseCidCodecNotSupported";
|
|
68
71
|
DwnErrorCode["ParseCidMultihashNotSupported"] = "ParseCidMultihashNotSupported";
|
|
69
72
|
DwnErrorCode["PermissionsProtocolCreateGrantScopeContextIdProtocolPathConflict"] = "PermissionsProtocolCreateGrantScopeContextIdProtocolPathConflict";
|
|
@@ -105,7 +108,6 @@ export var DwnErrorCode;
|
|
|
105
108
|
DwnErrorCode["ProtocolAuthorizationMatchingRoleRecordNotFound"] = "ProtocolAuthorizationMatchingRoleRecordNotFound";
|
|
106
109
|
DwnErrorCode["ProtocolAuthorizationMaxSizeInvalid"] = "ProtocolAuthorizationMaxSizeInvalid";
|
|
107
110
|
DwnErrorCode["ProtocolAuthorizationMinSizeInvalid"] = "ProtocolAuthorizationMinSizeInvalid";
|
|
108
|
-
DwnErrorCode["ProtocolAuthorizationRecordLimitExceeded"] = "ProtocolAuthorizationRecordLimitExceeded";
|
|
109
111
|
DwnErrorCode["ProtocolAuthorizationRecordLimitStrategyNotImplemented"] = "ProtocolAuthorizationRecordLimitStrategyNotImplemented";
|
|
110
112
|
DwnErrorCode["ProtocolAuthorizationSquashNotEnabled"] = "ProtocolAuthorizationSquashNotEnabled";
|
|
111
113
|
DwnErrorCode["ProtocolAuthorizationSquashNotInitialWrite"] = "ProtocolAuthorizationSquashNotInitialWrite";
|
|
@@ -115,6 +117,7 @@ export var DwnErrorCode;
|
|
|
115
117
|
DwnErrorCode["ProtocolAuthorizationStoredInitialWriteRoleMissingRecipient"] = "ProtocolAuthorizationStoredInitialWriteRoleMissingRecipient";
|
|
116
118
|
DwnErrorCode["ProtocolAuthorizationMissingContextId"] = "ProtocolAuthorizationMissingContextId";
|
|
117
119
|
DwnErrorCode["ProtocolAuthorizationMissingRuleSet"] = "ProtocolAuthorizationMissingRuleSet";
|
|
120
|
+
DwnErrorCode["ProtocolAuthorizationParentRecordNotFound"] = "ProtocolAuthorizationParentRecordNotFound";
|
|
118
121
|
DwnErrorCode["ProtocolAuthorizationParentlessIncorrectProtocolPath"] = "ProtocolAuthorizationParentlessIncorrectProtocolPath";
|
|
119
122
|
DwnErrorCode["ProtocolAuthorizationNotARole"] = "ProtocolAuthorizationNotARole";
|
|
120
123
|
DwnErrorCode["ProtocolAuthorizationParentNotFoundConstructingRecordChain"] = "ProtocolAuthorizationParentNotFoundConstructingRecordChain";
|
|
@@ -157,6 +160,7 @@ export var DwnErrorCode;
|
|
|
157
160
|
DwnErrorCode["RecordsAuthorDelegatedGrantNotADelegatedGrant"] = "RecordsAuthorDelegatedGrantNotADelegatedGrant";
|
|
158
161
|
DwnErrorCode["RecordsDecryptNoMatchingKeyEncryptedFound"] = "RecordsDecryptNoMatchingKeyEncryptedFound";
|
|
159
162
|
DwnErrorCode["RecordsCountFilterMissingRequiredProperties"] = "RecordsCountFilterMissingRequiredProperties";
|
|
163
|
+
DwnErrorCode["RecordsCountNestedProtocolPathContextIdInvalid"] = "RecordsCountNestedProtocolPathContextIdInvalid";
|
|
160
164
|
DwnErrorCode["RecordsQueryCreateFilterPublishedSortInvalid"] = "RecordsQueryCreateFilterPublishedSortInvalid";
|
|
161
165
|
DwnErrorCode["RecordsQueryParseFilterPublishedSortInvalid"] = "RecordsQueryParseFilterPublishedSortInvalid";
|
|
162
166
|
DwnErrorCode["RecordsGrantAuthorizationConditionPublicationProhibited"] = "RecordsGrantAuthorizationConditionPublicationProhibited";
|
|
@@ -174,10 +178,12 @@ export var DwnErrorCode;
|
|
|
174
178
|
DwnErrorCode["RecordsOwnerDelegatedGrantGrantedToAndOwnerSignatureMismatch"] = "RecordsOwnerDelegatedGrantGrantedToAndOwnerSignatureMismatch";
|
|
175
179
|
DwnErrorCode["RecordsOwnerDelegatedGrantNotADelegatedGrant"] = "RecordsOwnerDelegatedGrantNotADelegatedGrant";
|
|
176
180
|
DwnErrorCode["RecordsQueryFilterMissingRequiredProperties"] = "RecordsQueryFilterMissingRequiredProperties";
|
|
181
|
+
DwnErrorCode["RecordsQueryNestedProtocolPathContextIdInvalid"] = "RecordsQueryNestedProtocolPathContextIdInvalid";
|
|
177
182
|
DwnErrorCode["RecordsReadCreateFilterPublishedSortInvalid"] = "RecordsReadCreateFilterPublishedSortInvalid";
|
|
178
183
|
DwnErrorCode["RecordsReadParseFilterPublishedSortInvalid"] = "RecordsReadParseFilterPublishedSortInvalid";
|
|
179
184
|
DwnErrorCode["RecordsSubscribeEventLogUnimplemented"] = "RecordsSubscribeEventLogUnimplemented";
|
|
180
185
|
DwnErrorCode["RecordsSubscribeFilterMissingRequiredProperties"] = "RecordsSubscribeFilterMissingRequiredProperties";
|
|
186
|
+
DwnErrorCode["RecordsSubscribeNestedProtocolPathContextIdInvalid"] = "RecordsSubscribeNestedProtocolPathContextIdInvalid";
|
|
181
187
|
DwnErrorCode["RecordsWriteAttestationIntegrityMoreThanOneSignature"] = "RecordsWriteAttestationIntegrityMoreThanOneSignature";
|
|
182
188
|
DwnErrorCode["RecordsWriteAttestationIntegrityDescriptorCidMismatch"] = "RecordsWriteAttestationIntegrityDescriptorCidMismatch";
|
|
183
189
|
DwnErrorCode["RecordsWriteAttestationIntegrityInvalidPayloadProperty"] = "RecordsWriteAttestationIntegrityInvalidPayloadProperty";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dwn-error.js","sourceRoot":"","sources":["../../../../src/core/dwn-error.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,OAAO,QAAS,SAAQ,KAAK;IACb;IAApB,YAAoB,IAAY,EAAE,OAAe;QAC/C,KAAK,CAAC,GAAG,IAAI,KAAK,OAAO,EAAE,CAAC,CAAC;QADX,SAAI,GAAJ,IAAI,CAAQ;QAG9B,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;IACzB,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAN,IAAY,
|
|
1
|
+
{"version":3,"file":"dwn-error.js","sourceRoot":"","sources":["../../../../src/core/dwn-error.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,OAAO,QAAS,SAAQ,KAAK;IACb;IAApB,YAAoB,IAAY,EAAE,OAAe;QAC/C,KAAK,CAAC,GAAG,IAAI,KAAK,OAAO,EAAE,CAAC,CAAC;QADX,SAAI,GAAJ,IAAI,CAAQ;QAG9B,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;IACzB,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAN,IAAY,YAuNX;AAvND,WAAY,YAAY;IACtB,iEAAiD,CAAA;IACjD,uFAAuE,CAAA;IACvE,iHAAiG,CAAA;IACjG,mFAAmE,CAAA;IACnE,2EAA2D,CAAA;IAC3D,mFAAmE,CAAA;IACnE,uDAAuC,CAAA;IACvC,6DAA6C,CAAA;IAC7C,2DAA2C,CAAA;IAC3C,6GAA6F,CAAA;IAC7F,2HAA2G,CAAA;IAC3G,yIAAyH,CAAA;IACzH,6FAA6E,CAAA;IAC7E,6GAA6F,CAAA;IAC7F,iGAAiF,CAAA;IACjF,iGAAiF,CAAA;IACjF,yFAAyE,CAAA;IACzE,6EAA6D,CAAA;IAC7D,6EAA6D,CAAA;IAC7D,iFAAiE,CAAA;IACjE,iFAAiE,CAAA;IACjE,iFAAiE,CAAA;IACjE,2FAA2E,CAAA;IAC3E,qFAAqE,CAAA;IACrE,+FAA+E,CAAA;IAC/E,6FAA6E,CAAA;IAC7E,2FAA2E,CAAA;IAC3E,yEAAyD,CAAA;IACzD,qFAAqE,CAAA;IACrE,2EAA2D,CAAA;IAC3D,iFAAiE,CAAA;IACjE,qFAAqE,CAAA;IACrE,+EAA+D,CAAA;IAC/D,yFAAyE,CAAA;IACzE,uFAAuE,CAAA;IACvE,6FAA6E,CAAA;IAC7E,iFAAiE,CAAA;IACjE,mGAAmF,CAAA;IACnF,iHAAiG,CAAA;IACjG,yHAAyG,CAAA;IACzG,qGAAqF,CAAA;IACrF,mHAAmG,CAAA;IACnG,mHAAmG,CAAA;IACnG,yHAAyG,CAAA;IACzG,iFAAiE,CAAA;IACjE,+FAA+E,CAAA;IAC/E,uHAAuG,CAAA;IACvG,iEAAiD,CAAA;IACjD,qFAAqE,CAAA;IACrE,uGAAuF,CAAA;IACvF,mFAAmE,CAAA;IACnE,6DAA6C,CAAA;IAC7C,+EAA+D,CAAA;IAC/D,uEAAuD,CAAA;IACvD,+EAA+D,CAAA;IAC/D,qJAAqI,CAAA;IACrI,uIAAuH,CAAA;IACvH,uIAAuH,CAAA;IACvH,yJAAyI,CAAA;IACzI,2IAA2H,CAAA;IAC3H,2IAA2H,CAAA;IAC3H,yGAAyF,CAAA;IACzF,uHAAuG,CAAA;IACvG,+IAA+H,CAAA;IAC/H,2IAA2H,CAAA;IAC3H,qHAAqG,CAAA;IACrG,yHAAyG,CAAA;IACzG,qIAAqH,CAAA;IACrH,qGAAqF,CAAA;IACrF,iGAAiF,CAAA;IACjF,6FAA6E,CAAA;IAC7E,qFAAqE,CAAA;IACrE,iGAAiF,CAAA;IACjF,yGAAyF,CAAA;IACzF,qGAAqF,CAAA;IACrF,yFAAyE,CAAA;IACzE,mGAAmF,CAAA;IACnF,2FAA2E,CAAA;IAC3E,qFAAqE,CAAA;IACrE,+FAA+E,CAAA;IAC/E,qGAAqF,CAAA;IACrF,qHAAqG,CAAA;IACrG,qGAAqF,CAAA;IACrF,mGAAmF,CAAA;IACnF,yGAAyF,CAAA;IACzF,mIAAmH,CAAA;IACnH,2GAA2F,CAAA;IAC3F,mGAAmF,CAAA;IACnF,6FAA6E,CAAA;IAC7E,yFAAyE,CAAA;IACzE,qFAAqE,CAAA;IACrE,mHAAmG,CAAA;IACnG,2FAA2E,CAAA;IAC3E,2FAA2E,CAAA;IAC3E,iIAAiH,CAAA;IACjH,+FAA+E,CAAA;IAC/E,yGAAyF,CAAA;IACzF,2FAA2E,CAAA;IAC3E,mIAAmH,CAAA;IACnH,yIAAyH,CAAA;IACzH,2IAA2H,CAAA;IAC3H,+FAA+E,CAAA;IAC/E,2FAA2E,CAAA;IAC3E,uGAAuF,CAAA;IACvF,6HAA6G,CAAA;IAC7G,+EAA+D,CAAA;IAC/D,yIAAyH,CAAA;IACzH,+FAA+E,CAAA;IAC/E,uGAAuF,CAAA;IACvF,iGAAiF,CAAA;IACjF,+FAA+E,CAAA;IAC/E,iHAAiG,CAAA;IACjG,uGAAuF,CAAA;IACvF,qGAAqF,CAAA;IACrF,uFAAuE,CAAA;IACvE,+GAA+F,CAAA;IAC/F,+FAA+E,CAAA;IAC/E,qGAAqF,CAAA;IACrF,6GAA6F,CAAA;IAC7F,6FAA6E,CAAA;IAC7E,+EAA+D,CAAA;IAC/D,qGAAqF,CAAA;IACrF,iHAAiG,CAAA;IACjG,2GAA2F,CAAA;IAC3F,yHAAyG,CAAA;IACzG,uHAAuG,CAAA;IACvG,yHAAyG,CAAA;IACzG,qGAAqF,CAAA;IACrF,yGAAyF,CAAA;IACzF,yGAAyF,CAAA;IACzF,yGAAyF,CAAA;IACzF,yFAAyE,CAAA;IACzE,yFAAyE,CAAA;IACzE,qGAAqF,CAAA;IACrF,yGAAyF,CAAA;IACzF,6GAA6F,CAAA;IAC7F,+GAA+F,CAAA;IAC/F,+HAA+G,CAAA;IAC/G,qHAAqG,CAAA;IACrG,yEAAyD,CAAA;IACzD,uHAAuG,CAAA;IACvG,iGAAiF,CAAA;IACjF,+IAA+H,CAAA;IAC/H,+GAA+F,CAAA;IAC/F,uGAAuF,CAAA;IACvF,2GAA2F,CAAA;IAC3F,iHAAiG,CAAA;IAEjG,6GAA6F,CAAA;IAC7F,2GAA2F,CAAA;IAC3F,mIAAmH,CAAA;IACnH,+HAA+G,CAAA;IAC/G,6HAA6G,CAAA;IAC7G,iJAAiI,CAAA;IACjI,mHAAmG,CAAA;IACnG,iGAAiF,CAAA;IACjF,iHAAiG,CAAA;IACjG,yHAAyG,CAAA;IACzG,mGAAmF,CAAA;IACnF,yGAAyF,CAAA;IACzF,qHAAqG,CAAA;IACrG,+FAA+E,CAAA;IAC/E,6IAA6H,CAAA;IAC7H,6GAA6F,CAAA;IAE7F,2GAA2F,CAAA;IAC3F,iHAAiG,CAAA;IAEjG,2GAA2F,CAAA;IAC3F,yGAAyF,CAAA;IACzF,+FAA+E,CAAA;IAC/E,mHAAmG,CAAA;IACnG,yHAAyG,CAAA;IAEzG,6HAA6G,CAAA;IAC7G,+HAA+G,CAAA;IAC/G,iIAAiH,CAAA;IAEjH,mFAAmE,CAAA;IACnE,uHAAuG,CAAA;IACvG,+HAA+G,CAAA;IAC/G,uFAAuE,CAAA;IACvE,2EAA2D,CAAA;IAC3D,6EAA6D,CAAA;IAC7D,+FAA+E,CAAA;IAC/E,qGAAqF,CAAA;IACrF,2FAA2E,CAAA;IAC3E,6FAA6E,CAAA;IAC7E,uEAAuD,CAAA;IACvD,uFAAuE,CAAA;IACvE,qGAAqF,CAAA;IACrF,+EAA+D,CAAA;IAE/D,uFAAuE,CAAA;IACvE,yFAAyE,CAAA;IACzE,6GAA6F,CAAA;IAC7F,6FAA6E,CAAA;IAC7E,qHAAqG,CAAA;IACrG,iHAAiG,CAAA;IACjG,uJAAuI,CAAA;IACvI,qHAAqG,CAAA;IACrG,yHAAyG,CAAA;IACzG,uHAAuG,CAAA;IACvG,2GAA2F,CAAA;IAC3F,iEAAiD,CAAA;IACjD,+EAA+D,CAAA;IAC/D,6GAA6F,CAAA;IAC7F,6DAA6C,CAAA;IAC7C,6DAA6C,CAAA;IAC7C,qDAAqC,CAAA;IACrC,qEAAqD,CAAA;IACrD,yEAAyD,CAAA;IACzD,iEAAiD,CAAA;IACjD,mFAAmE,CAAA;AACrE,CAAC,EAvNW,YAAY,KAAZ,YAAY,QAuNvB;AAAA,CAAC"}
|
|
@@ -1,5 +1,3 @@
|
|
|
1
|
-
import { Message } from './message.js';
|
|
2
|
-
import { PERMISSIONS_REVOCATION_PATH } from './constants.js';
|
|
3
1
|
import { DwnError, DwnErrorCode } from './dwn-error.js';
|
|
4
2
|
import { DwnInterfaceName, DwnMethodName } from '../enums/dwn-interface-method.js';
|
|
5
3
|
export class GrantAuthorization {
|
|
@@ -11,16 +9,16 @@ export class GrantAuthorization {
|
|
|
11
9
|
*
|
|
12
10
|
* NOTE: Does not validate grant `conditions` or `scope` beyond `interface` and `method`
|
|
13
11
|
*
|
|
14
|
-
* @param
|
|
12
|
+
* @param validationStateReader Used to check if the grant has been revoked.
|
|
15
13
|
* @throws {DwnError} if validation fails
|
|
16
14
|
*/
|
|
17
15
|
static async performBaseValidation(input) {
|
|
18
|
-
const { incomingMessage, expectedGrantor, expectedGrantee, permissionGrant,
|
|
16
|
+
const { incomingMessage, expectedGrantor, expectedGrantee, permissionGrant, validationStateReader } = input;
|
|
19
17
|
const incomingMessageDescriptor = incomingMessage.descriptor;
|
|
20
18
|
GrantAuthorization.verifyExpectedGrantorAndGrantee(expectedGrantor, expectedGrantee, permissionGrant);
|
|
21
19
|
// verify that grant is active during incomingMessage's timestamp
|
|
22
20
|
const grantedFor = expectedGrantor; // renaming for better readability now that we have verified the grantor above
|
|
23
|
-
await GrantAuthorization.verifyGrantActive(grantedFor, incomingMessageDescriptor.messageTimestamp, permissionGrant,
|
|
21
|
+
await GrantAuthorization.verifyGrantActive(grantedFor, incomingMessageDescriptor.messageTimestamp, permissionGrant, validationStateReader);
|
|
24
22
|
// Check grant scope for interface and method
|
|
25
23
|
await GrantAuthorization.verifyGrantScopeInterfaceAndMethod(incomingMessageDescriptor.interface, incomingMessageDescriptor.method, permissionGrant);
|
|
26
24
|
}
|
|
@@ -42,10 +40,10 @@ export class GrantAuthorization {
|
|
|
42
40
|
/**
|
|
43
41
|
* Verify that the incoming message is within the allowed time frame of the grant,
|
|
44
42
|
* and the grant has not been revoked.
|
|
45
|
-
* @param
|
|
43
|
+
* @param validationStateReader Used to check if the grant has been revoked.
|
|
46
44
|
* @throws {DwnError} if incomingMessage has timestamp for a time in which the grant is not active.
|
|
47
45
|
*/
|
|
48
|
-
static async verifyGrantActive(grantedFor, incomingMessageTimestamp, permissionGrant,
|
|
46
|
+
static async verifyGrantActive(grantedFor, incomingMessageTimestamp, permissionGrant, validationStateReader) {
|
|
49
47
|
// Check that incomingMessage is within the grant's time frame
|
|
50
48
|
if (incomingMessageTimestamp < permissionGrant.dateGranted) {
|
|
51
49
|
// grant is not yet active
|
|
@@ -55,14 +53,7 @@ export class GrantAuthorization {
|
|
|
55
53
|
// grant has expired
|
|
56
54
|
throw new DwnError(DwnErrorCode.GrantAuthorizationGrantExpired, `The message has timestamp after the expiry of the associated permission grant`);
|
|
57
55
|
}
|
|
58
|
-
|
|
59
|
-
const query = {
|
|
60
|
-
parentId: permissionGrant.id,
|
|
61
|
-
protocolPath: PERMISSIONS_REVOCATION_PATH,
|
|
62
|
-
isLatestBaseState: true
|
|
63
|
-
};
|
|
64
|
-
const { messages: revokes } = await messageStore.query(grantedFor, [query]);
|
|
65
|
-
const oldestExistingRevoke = await Message.getOldestMessage(revokes);
|
|
56
|
+
const oldestExistingRevoke = await validationStateReader.fetchOldestGrantRevocation(grantedFor, permissionGrant.id);
|
|
66
57
|
if (oldestExistingRevoke !== undefined && oldestExistingRevoke.descriptor.messageTimestamp <= incomingMessageTimestamp) {
|
|
67
58
|
throw new DwnError(DwnErrorCode.GrantAuthorizationGrantRevoked, `Permission grant with CID ${permissionGrant.id} has been revoked`);
|
|
68
59
|
}
|
|
@@ -71,7 +62,7 @@ export class GrantAuthorization {
|
|
|
71
62
|
* Verify that the `interface` and `method` grant scopes match the incoming message.
|
|
72
63
|
*
|
|
73
64
|
* For the Messages interface, a `Read` scope is treated as a unified scope that also authorizes
|
|
74
|
-
* `Subscribe
|
|
65
|
+
* `Query`, `Subscribe`, and `Sync` operations.
|
|
75
66
|
*
|
|
76
67
|
* @throws {DwnError} if the `interface` and `method` of the incoming message do not match the scope of the permission grant.
|
|
77
68
|
*/
|
|
@@ -79,13 +70,13 @@ export class GrantAuthorization {
|
|
|
79
70
|
if (dwnInterface !== permissionGrant.scope.interface) {
|
|
80
71
|
throw new DwnError(DwnErrorCode.GrantAuthorizationInterfaceMismatch, `DWN Interface of incoming message is outside the scope of permission grant with ID ${permissionGrant.id}`);
|
|
81
72
|
}
|
|
82
|
-
// Messages.Read is the only valid Messages scope and covers Read,
|
|
73
|
+
// Messages.Read is the only valid Messages scope and covers Read, Query, and Subscribe operations.
|
|
83
74
|
// Reject any Messages grant with method !== Read.
|
|
84
75
|
if (dwnInterface === DwnInterfaceName.Messages) {
|
|
85
76
|
if (permissionGrant.scope.method !== DwnMethodName.Read) {
|
|
86
77
|
throw new DwnError(DwnErrorCode.GrantAuthorizationMethodMismatch, `messages permission grant must have method 'Read', got '${permissionGrant.scope.method}' for grant ${permissionGrant.id}`);
|
|
87
78
|
}
|
|
88
|
-
const allowedMethods = [DwnMethodName.Read, DwnMethodName.
|
|
79
|
+
const allowedMethods = [DwnMethodName.Read, DwnMethodName.Query, DwnMethodName.Subscribe];
|
|
89
80
|
if (!allowedMethods.includes(dwnMethod)) {
|
|
90
81
|
throw new DwnError(DwnErrorCode.GrantAuthorizationMethodMismatch, `DWN Method of incoming message is outside the scope of permission grant with ID ${permissionGrant.id}`);
|
|
91
82
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"grant-authorization.js","sourceRoot":"","sources":["../../../../src/core/grant-authorization.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"grant-authorization.js","sourceRoot":"","sources":["../../../../src/core/grant-authorization.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AAEnF,MAAM,OAAO,kBAAkB;IAE7B;;;;;;;;;;OAUG;IACI,MAAM,CAAC,KAAK,CAAC,qBAAqB,CAAC,KAMvC;QACD,MAAM,EAAE,eAAe,EAAE,eAAe,EAAE,eAAe,EAAE,eAAe,EAAE,qBAAqB,EAAE,GAAG,KAAK,CAAC;QAE5G,MAAM,yBAAyB,GAAG,eAAe,CAAC,UAAU,CAAC;QAE7D,kBAAkB,CAAC,+BAA+B,CAAC,eAAe,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;QAEtG,iEAAiE;QACjE,MAAM,UAAU,GAAG,eAAe,CAAC,CAAC,8EAA8E;QAClH,MAAM,kBAAkB,CAAC,iBAAiB,CACxC,UAAU,EACV,yBAAyB,CAAC,gBAAgB,EAC1C,eAAe,EACf,qBAAqB,CACtB,CAAC;QAEF,6CAA6C;QAC7C,MAAM,kBAAkB,CAAC,kCAAkC,CACzD,yBAAyB,CAAC,SAAS,EACnC,yBAAyB,CAAC,MAAM,EAChC,eAAe,CAChB,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACK,MAAM,CAAC,+BAA+B,CAC5C,eAAuB,EACvB,eAAuB,EACvB,eAAgC;QAGhC,MAAM,aAAa,GAAG,eAAe,CAAC,OAAO,CAAC;QAC9C,IAAI,eAAe,KAAK,aAAa,EAAE,CAAC;YACtC,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,oCAAoC,EACjD,kCAAkC,aAAa,+BAA+B,eAAe,EAAE,CAChG,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,eAAe,CAAC,OAAO,CAAC;QAC9C,IAAI,eAAe,KAAK,aAAa,EAAE,CAAC;YACtC,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,qCAAqC,EAClD,kCAAkC,aAAa,+BAA+B,eAAe,EAAE,CAChG,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,KAAK,CAAC,iBAAiB,CACpC,UAAkB,EAClB,wBAAgC,EAChC,eAAgC,EAChC,qBAA4C;QAE5C,8DAA8D;QAC9D,IAAI,wBAAwB,GAAG,eAAe,CAAC,WAAW,EAAE,CAAC;YAC3D,0BAA0B;YAC1B,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,mCAAmC,EAChD,mFAAmF,CACpF,CAAC;QACJ,CAAC;QAED,IAAI,wBAAwB,IAAI,eAAe,CAAC,WAAW,EAAE,CAAC;YAC5D,oBAAoB;YACpB,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,8BAA8B,EAC3C,+EAA+E,CAChF,CAAC;QACJ,CAAC;QAED,MAAM,oBAAoB,GAAG,MAAM,qBAAqB,CAAC,0BAA0B,CAAC,UAAU,EAAE,eAAe,CAAC,EAAE,CAAC,CAAC;QAEpH,IAAI,oBAAoB,KAAK,SAAS,IAAI,oBAAoB,CAAC,UAAU,CAAC,gBAAgB,IAAI,wBAAwB,EAAE,CAAC;YACvH,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,8BAA8B,EAC3C,6BAA6B,eAAe,CAAC,EAAE,mBAAmB,CACnE,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACK,MAAM,CAAC,KAAK,CAAC,kCAAkC,CACrD,YAAoB,EACpB,SAAiB,EACjB,eAAgC;QAGhC,IAAI,YAAY,KAAK,eAAe,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;YACrD,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,mCAAmC,EAChD,sFAAsF,eAAe,CAAC,EAAE,EAAE,CAC3G,CAAC;QACJ,CAAC;QAED,mGAAmG;QACnG,kDAAkD;QAClD,IAAI,YAAY,KAAK,gBAAgB,CAAC,QAAQ,EAAE,CAAC;YAC/C,IAAI,eAAe,CAAC,KAAK,CAAC,MAAM,KAAK,aAAa,CAAC,IAAI,EAAE,CAAC;gBACxD,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,gCAAgC,EAC7C,2DAA2D,eAAe,CAAC,KAAK,CAAC,MAAM,eAAe,eAAe,CAAC,EAAE,EAAE,CAC3H,CAAC;YACJ,CAAC;YACD,MAAM,cAAc,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,aAAa,CAAC,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC,CAAC;YAC1F,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,SAA0B,CAAC,EAAE,CAAC;gBACzD,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,gCAAgC,EAC7C,mFAAmF,eAAe,CAAC,EAAE,EAAE,CACxG,CAAC;YACJ,CAAC;YACD,OAAO;QACT,CAAC;QAED,IAAI,SAAS,KAAK,eAAe,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YAC/C,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,gCAAgC,EAC7C,mFAAmF,eAAe,CAAC,EAAE,EAAE,CACxG,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"message-reply.js","sourceRoot":"","sources":["../../../../src/core/message-reply.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"message-reply.js","sourceRoot":"","sources":["../../../../src/core/message-reply.ts"],"names":[],"mappings":"AAOA,MAAM,UAAU,qBAAqB,CAAC,CAAU,EAAE,IAAY;IAE5D,MAAM,MAAM,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;IAExD,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,CAAC;AACtC,CAAC"}
|
|
@@ -1,85 +1,52 @@
|
|
|
1
1
|
import { DwnInterfaceName } from '../enums/dwn-interface-method.js';
|
|
2
2
|
import { GrantAuthorization } from './grant-authorization.js';
|
|
3
|
-
import { isRecordsPrimaryProjectionExcludedProtocol } from './constants.js';
|
|
4
3
|
import { PermissionScopeMatcher } from '../utils/permission-scope.js';
|
|
5
4
|
import { PermissionsProtocol } from '../protocols/permissions.js';
|
|
6
5
|
import { Records } from '../utils/records.js';
|
|
7
|
-
import { RecordsWrite } from '../interfaces/records-write.js';
|
|
8
6
|
import { DwnError, DwnErrorCode } from './dwn-error.js';
|
|
9
7
|
export class MessagesGrantAuthorization {
|
|
10
|
-
static async fetchPermissionGrants(tenant,
|
|
11
|
-
return Promise.all(permissionGrantIds.map(permissionGrantId =>
|
|
8
|
+
static async fetchPermissionGrants(tenant, validationStateReader, permissionGrantIds) {
|
|
9
|
+
return Promise.all(permissionGrantIds.map(permissionGrantId => validationStateReader.fetchGrant(tenant, permissionGrantId)));
|
|
12
10
|
}
|
|
13
11
|
/**
|
|
14
12
|
* Authorizes a MessagesReadMessage using the given permission grant.
|
|
15
|
-
* @param
|
|
13
|
+
* @param validationStateReader Used to check grant revocation and fetch related RecordsWrites if needed.
|
|
16
14
|
*/
|
|
17
15
|
static async authorizeMessagesRead(input) {
|
|
18
|
-
const { messagesReadMessage, messageToRead, expectedGrantor, expectedGrantee, permissionGrants,
|
|
16
|
+
const { messagesReadMessage, messageToRead, expectedGrantor, expectedGrantee, permissionGrants, validationStateReader } = input;
|
|
19
17
|
await MessagesGrantAuthorization.performBaseValidationForGrantSet({
|
|
20
18
|
incomingMessage: messagesReadMessage,
|
|
21
19
|
expectedGrantor,
|
|
22
20
|
expectedGrantee,
|
|
23
21
|
permissionGrants,
|
|
24
|
-
|
|
22
|
+
validationStateReader
|
|
25
23
|
});
|
|
26
24
|
for (const permissionGrant of permissionGrants) {
|
|
27
25
|
const scope = permissionGrant.scope;
|
|
28
|
-
if (await MessagesGrantAuthorization.isScopeAuthorized(expectedGrantor, messageToRead, scope,
|
|
26
|
+
if (await MessagesGrantAuthorization.isScopeAuthorized(expectedGrantor, messageToRead, scope, validationStateReader)) {
|
|
29
27
|
return;
|
|
30
28
|
}
|
|
31
29
|
}
|
|
32
30
|
throw new DwnError(DwnErrorCode.MessagesReadVerifyScopeFailed, 'record message failed scope authorization');
|
|
33
31
|
}
|
|
34
32
|
/**
|
|
35
|
-
* Authorizes the scope of a permission grant for
|
|
36
|
-
* @param
|
|
33
|
+
* Authorizes the scope of a permission grant for MessagesQuery or MessagesSubscribe.
|
|
34
|
+
* @param validationStateReader Used to check if the grant has been revoked.
|
|
37
35
|
*/
|
|
38
|
-
static async
|
|
39
|
-
const { incomingMessage, expectedGrantor, expectedGrantee, permissionGrants,
|
|
36
|
+
static async authorizeQueryOrSubscribe(input) {
|
|
37
|
+
const { incomingMessage, expectedGrantor, expectedGrantee, permissionGrants, validationStateReader } = input;
|
|
40
38
|
await MessagesGrantAuthorization.performBaseValidationForGrantSet({
|
|
41
39
|
incomingMessage,
|
|
42
40
|
expectedGrantor,
|
|
43
41
|
expectedGrantee,
|
|
44
42
|
permissionGrants,
|
|
45
|
-
|
|
43
|
+
validationStateReader
|
|
46
44
|
});
|
|
47
45
|
const scopes = permissionGrants.map(permissionGrant => permissionGrant.scope);
|
|
48
|
-
|
|
49
|
-
MessagesGrantAuthorization.authorizeSyncScope(incomingMessage, scopes);
|
|
50
|
-
return;
|
|
51
|
-
}
|
|
52
|
-
MessagesGrantAuthorization.authorizeSubscribeScope(incomingMessage, scopes);
|
|
53
|
-
}
|
|
54
|
-
static authorizeSyncScope(syncMessage, scopes) {
|
|
55
|
-
const { projectionScopes, protocol } = syncMessage.descriptor;
|
|
56
|
-
if (projectionScopes === undefined) {
|
|
57
|
-
MessagesGrantAuthorization.authorizeProtocolSyncScope(scopes, protocol);
|
|
58
|
-
return;
|
|
59
|
-
}
|
|
60
|
-
MessagesGrantAuthorization.authorizeProjectionScopes(scopes, projectionScopes);
|
|
61
|
-
}
|
|
62
|
-
static authorizeProtocolSyncScope(scopes, protocol) {
|
|
63
|
-
if (isRecordsPrimaryProjectionExcludedProtocol(protocol)) {
|
|
64
|
-
throw new DwnError(DwnErrorCode.MessagesGrantAuthorizationProtocolSyncInfrastructureProtocol, `Protocol-scoped MessagesSync cannot authorize infrastructure protocol ${protocol}`);
|
|
65
|
-
}
|
|
66
|
-
if (!MessagesGrantAuthorization.someScopeMatches(scopes, { protocol })) {
|
|
67
|
-
throw new DwnError(DwnErrorCode.MessagesGrantAuthorizationMismatchedProtocol, `No permission grant scope matches protocol ${protocol}`);
|
|
68
|
-
}
|
|
69
|
-
}
|
|
70
|
-
static authorizeProjectionScopes(scopes, projectionScopes) {
|
|
71
|
-
for (const projectionScope of projectionScopes) {
|
|
72
|
-
if (isRecordsPrimaryProjectionExcludedProtocol(projectionScope.protocol)) {
|
|
73
|
-
throw new DwnError(DwnErrorCode.MessagesGrantAuthorizationProjectionInfrastructureProtocol, `Projected MessagesSync cannot authorize infrastructure protocol ${projectionScope.protocol}`);
|
|
74
|
-
}
|
|
75
|
-
if (MessagesGrantAuthorization.someScopeMatches(scopes, projectionScope)) {
|
|
76
|
-
continue;
|
|
77
|
-
}
|
|
78
|
-
throw new DwnError(DwnErrorCode.MessagesGrantAuthorizationProjectionScopeMismatch, `No permission grant scope matches projection scope ${JSON.stringify(projectionScope)}`);
|
|
79
|
-
}
|
|
46
|
+
MessagesGrantAuthorization.authorizeFilterScope(incomingMessage, scopes);
|
|
80
47
|
}
|
|
81
|
-
static
|
|
82
|
-
const { filters } =
|
|
48
|
+
static authorizeFilterScope(messagesMessage, scopes) {
|
|
49
|
+
const { filters } = messagesMessage.descriptor;
|
|
83
50
|
if (filters.length === 0 && !MessagesGrantAuthorization.hasUnscopedGrant(scopes)) {
|
|
84
51
|
throw new DwnError(DwnErrorCode.MessagesGrantAuthorizationUnfilteredSubscribeProtocolScope, `A protocol-scoped grant cannot authorize an unfiltered subscription`);
|
|
85
52
|
}
|
|
@@ -103,7 +70,7 @@ export class MessagesGrantAuthorization {
|
|
|
103
70
|
* invalid.
|
|
104
71
|
*/
|
|
105
72
|
static async authorizeSubscribeDelivery(input) {
|
|
106
|
-
const { messagesSubscribeMessage, expectedGrantor, expectedGrantee, permissionGrants,
|
|
73
|
+
const { messagesSubscribeMessage, expectedGrantor, expectedGrantee, permissionGrants, validationStateReader, deliveryTimestamp, } = input;
|
|
107
74
|
const deliveryMessage = {
|
|
108
75
|
...messagesSubscribeMessage,
|
|
109
76
|
descriptor: {
|
|
@@ -111,12 +78,12 @@ export class MessagesGrantAuthorization {
|
|
|
111
78
|
messageTimestamp: deliveryTimestamp,
|
|
112
79
|
},
|
|
113
80
|
};
|
|
114
|
-
await MessagesGrantAuthorization.
|
|
81
|
+
await MessagesGrantAuthorization.authorizeQueryOrSubscribe({
|
|
115
82
|
incomingMessage: deliveryMessage,
|
|
116
83
|
expectedGrantor,
|
|
117
84
|
expectedGrantee,
|
|
118
85
|
permissionGrants,
|
|
119
|
-
|
|
86
|
+
validationStateReader,
|
|
120
87
|
});
|
|
121
88
|
}
|
|
122
89
|
/**
|
|
@@ -124,44 +91,44 @@ export class MessagesGrantAuthorization {
|
|
|
124
91
|
* unresolved, revoked, expired, or interface/method-mismatched grants fail the request.
|
|
125
92
|
*/
|
|
126
93
|
static async performBaseValidationForGrantSet(input) {
|
|
127
|
-
const { incomingMessage, expectedGrantor, expectedGrantee, permissionGrants,
|
|
94
|
+
const { incomingMessage, expectedGrantor, expectedGrantee, permissionGrants, validationStateReader } = input;
|
|
128
95
|
for (const permissionGrant of permissionGrants) {
|
|
129
96
|
await GrantAuthorization.performBaseValidation({
|
|
130
97
|
incomingMessage,
|
|
131
98
|
expectedGrantor,
|
|
132
99
|
expectedGrantee,
|
|
133
100
|
permissionGrant,
|
|
134
|
-
|
|
101
|
+
validationStateReader
|
|
135
102
|
});
|
|
136
103
|
}
|
|
137
104
|
}
|
|
138
105
|
/**
|
|
139
106
|
* Determines whether the given record is inside a grant scope.
|
|
140
107
|
*/
|
|
141
|
-
static async isScopeAuthorized(tenant, messageToGet, incomingScope,
|
|
108
|
+
static async isScopeAuthorized(tenant, messageToGet, incomingScope, validationStateReader) {
|
|
142
109
|
if (incomingScope.protocol === undefined) {
|
|
143
110
|
return true;
|
|
144
111
|
}
|
|
145
112
|
if (messageToGet.descriptor.interface === DwnInterfaceName.Records) {
|
|
146
|
-
return MessagesGrantAuthorization.isRecordsMessageScopeAuthorized(tenant, messageToGet, incomingScope,
|
|
113
|
+
return MessagesGrantAuthorization.isRecordsMessageScopeAuthorized(tenant, messageToGet, incomingScope, validationStateReader);
|
|
147
114
|
}
|
|
148
115
|
if (messageToGet.descriptor.interface === DwnInterfaceName.Protocols) {
|
|
149
116
|
return MessagesGrantAuthorization.isProtocolsConfigureScopeAuthorized(messageToGet, incomingScope);
|
|
150
117
|
}
|
|
151
118
|
return false;
|
|
152
119
|
}
|
|
153
|
-
static async isRecordsMessageScopeAuthorized(tenant, recordsMessage, incomingScope,
|
|
154
|
-
const recordsWriteMessage = await MessagesGrantAuthorization.getAssociatedRecordsWrite(tenant, recordsMessage,
|
|
120
|
+
static async isRecordsMessageScopeAuthorized(tenant, recordsMessage, incomingScope, validationStateReader) {
|
|
121
|
+
const recordsWriteMessage = await MessagesGrantAuthorization.getAssociatedRecordsWrite(tenant, recordsMessage, validationStateReader);
|
|
155
122
|
if (recordsWriteMessage.descriptor.protocol === PermissionsProtocol.uri) {
|
|
156
|
-
return MessagesGrantAuthorization.isPermissionRecordScopeAuthorized(tenant, recordsWriteMessage, incomingScope,
|
|
123
|
+
return MessagesGrantAuthorization.isPermissionRecordScopeAuthorized(tenant, recordsWriteMessage, incomingScope, validationStateReader);
|
|
157
124
|
}
|
|
158
125
|
return PermissionScopeMatcher.matches(incomingScope, MessagesGrantAuthorization.getRecordsScopeTarget(recordsWriteMessage));
|
|
159
126
|
}
|
|
160
|
-
static async isPermissionRecordScopeAuthorized(tenant, recordsWriteMessage, incomingScope,
|
|
127
|
+
static async isPermissionRecordScopeAuthorized(tenant, recordsWriteMessage, incomingScope, validationStateReader) {
|
|
161
128
|
if (MessagesGrantAuthorization.isSubtreeScope(incomingScope)) {
|
|
162
129
|
return false;
|
|
163
130
|
}
|
|
164
|
-
const permissionScope = await PermissionsProtocol.getScopeFromPermissionRecord(tenant,
|
|
131
|
+
const permissionScope = await PermissionsProtocol.getScopeFromPermissionRecord(tenant, validationStateReader, recordsWriteMessage);
|
|
165
132
|
return PermissionsProtocol.hasProtocolScope(permissionScope)
|
|
166
133
|
&& PermissionScopeMatcher.matches(incomingScope, permissionScope);
|
|
167
134
|
}
|
|
@@ -171,11 +138,11 @@ export class MessagesGrantAuthorization {
|
|
|
171
138
|
return incomingScope.protocol !== undefined &&
|
|
172
139
|
incomingScope.protocol === protocolsConfigureMessage.descriptor.definition.protocol;
|
|
173
140
|
}
|
|
174
|
-
static async getAssociatedRecordsWrite(tenant, recordsMessage,
|
|
141
|
+
static async getAssociatedRecordsWrite(tenant, recordsMessage, validationStateReader) {
|
|
175
142
|
if (Records.isRecordsWrite(recordsMessage)) {
|
|
176
143
|
return recordsMessage;
|
|
177
144
|
}
|
|
178
|
-
return
|
|
145
|
+
return validationStateReader.fetchNewestRecordsWrite(tenant, recordsMessage.descriptor.recordId);
|
|
179
146
|
}
|
|
180
147
|
static getRecordsScopeTarget(recordsWriteMessage) {
|
|
181
148
|
const { protocol, protocolPath } = recordsWriteMessage.descriptor;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"messages-grant-authorization.js","sourceRoot":"","sources":["../../../../src/core/messages-grant-authorization.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AACpE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"messages-grant-authorization.js","sourceRoot":"","sources":["../../../../src/core/messages-grant-authorization.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AACpE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAExD,MAAM,OAAO,0BAA0B;IAE9B,MAAM,CAAC,KAAK,CAAC,qBAAqB,CACvC,MAAc,EACd,qBAA4C,EAC5C,kBAA4B;QAE5B,OAAO,OAAO,CAAC,GAAG,CAChB,kBAAkB,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE,CAAC,qBAAqB,CAAC,UAAU,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC,CACzG,CAAC;IACJ,CAAC;IAED;;;OAGG;IACI,MAAM,CAAC,KAAK,CAAC,qBAAqB,CAAC,KAOzC;QACC,MAAM,EACJ,mBAAmB,EAAE,aAAa,EAAE,eAAe,EAAE,eAAe,EAAE,gBAAgB,EAAE,qBAAqB,EAC9G,GAAG,KAAK,CAAC;QAEV,MAAM,0BAA0B,CAAC,gCAAgC,CAAC;YAChE,eAAe,EAAE,mBAAmB;YACpC,eAAe;YACf,eAAe;YACf,gBAAgB;YAChB,qBAAqB;SACtB,CAAC,CAAC;QAEH,KAAK,MAAM,eAAe,IAAI,gBAAgB,EAAE,CAAC;YAC/C,MAAM,KAAK,GAAG,eAAe,CAAC,KAAgC,CAAC;YAC/D,IAAI,MAAM,0BAA0B,CAAC,iBAAiB,CAAC,eAAe,EAAE,aAAa,EAAE,KAAK,EAAE,qBAAqB,CAAC,EAAE,CAAC;gBACrH,OAAO;YACT,CAAC;QACH,CAAC;QAED,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,6BAA6B,EAAE,2CAA2C,CAAC,CAAC;IAC9G,CAAC;IAED;;;OAGG;IACI,MAAM,CAAC,KAAK,CAAC,yBAAyB,CAAC,KAM7C;QACC,MAAM,EACJ,eAAe,EAAE,eAAe,EAAE,eAAe,EAAE,gBAAgB,EAAE,qBAAqB,EAC3F,GAAG,KAAK,CAAC;QAEV,MAAM,0BAA0B,CAAC,gCAAgC,CAAC;YAChE,eAAe;YACf,eAAe;YACf,eAAe;YACf,gBAAgB;YAChB,qBAAqB;SACtB,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC,eAAe,CAAC,KAAgC,CAAC,CAAC;QAEzG,0BAA0B,CAAC,oBAAoB,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAC3E,CAAC;IAEO,MAAM,CAAC,oBAAoB,CACjC,eAAgE,EAChE,MAAiC;QAEjC,MAAM,EAAE,OAAO,EAAE,GAAG,eAAe,CAAC,UAAU,CAAC;QAE/C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,0BAA0B,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC;YACjF,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,0DAA0D,EACvE,qEAAqE,CACtE,CAAC;QACJ,CAAC;QAED,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,0BAA0B,CAAC,gBAAgB,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,EAAE,CAAC;gBACvF,SAAS;YACX,CAAC;YAED,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,mDAAmD,EAChE,8CAA8C,MAAM,CAAC,QAAQ,EAAE,CAChE,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,MAAM,CAAC,gBAAgB,CAAC,MAAiC,EAAE,MAAqB;QACtF,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,sBAAsB,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;IAC7E,CAAC;IAEO,MAAM,CAAC,gBAAgB,CAAC,MAAiC;QAC/D,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;IAC5D,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,KAO9C;QACC,MAAM,EACJ,wBAAwB,EACxB,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,qBAAqB,EACrB,iBAAiB,GAClB,GAAG,KAAK,CAAC;QAEV,MAAM,eAAe,GAA6B;YAChD,GAAG,wBAAwB;YAC3B,UAAU,EAAE;gBACV,GAAG,wBAAwB,CAAC,UAAU;gBACtC,gBAAgB,EAAE,iBAAiB;aACpC;SACF,CAAC;QAEF,MAAM,0BAA0B,CAAC,yBAAyB,CAAC;YACzD,eAAe,EAAE,eAAe;YAChC,eAAe;YACf,eAAe;YACf,gBAAgB;YAChB,qBAAqB;SACtB,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACK,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,KAMrD;QACC,MAAM,EACJ,eAAe,EAAE,eAAe,EAAE,eAAe,EAAE,gBAAgB,EAAE,qBAAqB,EAC3F,GAAG,KAAK,CAAC;QAEV,KAAK,MAAM,eAAe,IAAI,gBAAgB,EAAE,CAAC;YAC/C,MAAM,kBAAkB,CAAC,qBAAqB,CAAC;gBAC7C,eAAe;gBACf,eAAe;gBACf,eAAe;gBACf,eAAe;gBACf,qBAAqB;aACtB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,KAAK,CAAC,iBAAiB,CACpC,MAAc,EACd,YAA4B,EAC5B,aAAsC,EACtC,qBAA4C;QAE5C,IAAI,aAAa,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YACzC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,YAAY,CAAC,UAAU,CAAC,SAAS,KAAK,gBAAgB,CAAC,OAAO,EAAE,CAAC;YACnE,OAAO,0BAA0B,CAAC,+BAA+B,CAC/D,MAAM,EACN,YAA0D,EAC1D,aAAa,EACb,qBAAqB,CACtB,CAAC;QACJ,CAAC;QAED,IAAI,YAAY,CAAC,UAAU,CAAC,SAAS,KAAK,gBAAgB,CAAC,SAAS,EAAE,CAAC;YACrE,OAAO,0BAA0B,CAAC,mCAAmC,CACnE,YAAyC,EACzC,aAAa,CACd,CAAC;QACJ,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,MAAM,CAAC,KAAK,CAAC,+BAA+B,CAClD,MAAc,EACd,cAA0D,EAC1D,aAAsC,EACtC,qBAA4C;QAE5C,MAAM,mBAAmB,GAAG,MAAM,0BAA0B,CAAC,yBAAyB,CACpF,MAAM,EACN,cAAc,EACd,qBAAqB,CACtB,CAAC;QAEF,IAAI,mBAAmB,CAAC,UAAU,CAAC,QAAQ,KAAK,mBAAmB,CAAC,GAAG,EAAE,CAAC;YACxE,OAAO,0BAA0B,CAAC,iCAAiC,CACjE,MAAM,EACN,mBAAmB,EACnB,aAAa,EACb,qBAAqB,CACtB,CAAC;QACJ,CAAC;QAED,OAAO,sBAAsB,CAAC,OAAO,CAAC,aAAa,EAAE,0BAA0B,CAAC,qBAAqB,CAAC,mBAAmB,CAAC,CAAC,CAAC;IAC9H,CAAC;IAEO,MAAM,CAAC,KAAK,CAAC,iCAAiC,CACpD,MAAc,EACd,mBAAwC,EACxC,aAAsC,EACtC,qBAA4C;QAE5C,IAAI,0BAA0B,CAAC,cAAc,CAAC,aAAa,CAAC,EAAE,CAAC;YAC7D,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,mBAAmB,CAAC,4BAA4B,CAC5E,MAAM,EACN,qBAAqB,EACrB,mBAAqD,CACtD,CAAC;QAEF,OAAO,mBAAmB,CAAC,gBAAgB,CAAC,eAAe,CAAC;eACvD,sBAAsB,CAAC,OAAO,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;IACtE,CAAC;IAEO,MAAM,CAAC,mCAAmC,CAChD,yBAAoD,EACpD,aAAsC;QAEtC,uEAAuE;QACvE,yEAAyE;QACzE,OAAO,aAAa,CAAC,QAAQ,KAAK,SAAS;YACzC,aAAa,CAAC,QAAQ,KAAK,yBAAyB,CAAC,UAAU,CAAC,UAAU,CAAC,QAAQ,CAAC;IACxF,CAAC;IAEO,MAAM,CAAC,KAAK,CAAC,yBAAyB,CAC5C,MAAc,EACd,cAA0D,EAC1D,qBAA4C;QAE5C,IAAI,OAAO,CAAC,cAAc,CAAC,cAAc,CAAC,EAAE,CAAC;YAC3C,OAAO,cAAc,CAAC;QACxB,CAAC;QAED,OAAO,qBAAqB,CAAC,uBAAuB,CAAC,MAAM,EAAE,cAAc,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IACnG,CAAC;IAEO,MAAM,CAAC,qBAAqB,CAAC,mBAAwC;QAC3E,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,mBAAmB,CAAC,UAAU,CAAC;QAClE,MAAM,EAAE,SAAS,EAAE,GAAG,mBAAmB,CAAC;QAC1C,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,SAAS,EAAE,CAAC;IAC/C,CAAC;IAEO,MAAM,CAAC,cAAc,CAAC,KAA8B;QAC1D,OAAO,KAAK,CAAC,YAAY,KAAK,SAAS,IAAI,KAAK,CAAC,SAAS,KAAK,SAAS,CAAC;IAC3E,CAAC;CACF"}
|
|
@@ -1,7 +1,6 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { DwnMethodName } from '../enums/dwn-interface-method.js';
|
|
2
2
|
import { RecordsWrite } from '../interfaces/records-write.js';
|
|
3
3
|
import { DwnError, DwnErrorCode } from './dwn-error.js';
|
|
4
|
-
import { DwnInterfaceName, DwnMethodName } from '../enums/dwn-interface-method.js';
|
|
5
4
|
import { getRuleSetAtPath, isCrossProtocolRef, parseCrossProtocolRef } from '../utils/protocols.js';
|
|
6
5
|
import { ProtocolAction, ProtocolActor } from '../types/protocols-types.js';
|
|
7
6
|
/**
|
|
@@ -9,7 +8,7 @@ import { ProtocolAction, ProtocolActor } from '../types/protocols-types.js';
|
|
|
9
8
|
* For cross-protocol role invocation, the role record may live in a different protocol
|
|
10
9
|
* (resolved via the composing protocol's `uses` map).
|
|
11
10
|
*/
|
|
12
|
-
export async function verifyInvokedRole(tenant, incomingMessage, protocolUri, contextId, protocolDefinition,
|
|
11
|
+
export async function verifyInvokedRole(tenant, incomingMessage, protocolUri, contextId, protocolDefinition, validationStateReader, protocolDefinitionTimestamp) {
|
|
13
12
|
const protocolRole = incomingMessage.signaturePayload?.protocolRole;
|
|
14
13
|
// Only verify role if there is a role being invoked
|
|
15
14
|
if (protocolRole === undefined) {
|
|
@@ -30,7 +29,7 @@ export async function verifyInvokedRole(tenant, incomingMessage, protocolUri, co
|
|
|
30
29
|
roleProtocolUri = protocolDefinition.uses[parsed.alias];
|
|
31
30
|
roleProtocolPath = parsed.protocolPath;
|
|
32
31
|
// Fetch the referenced protocol's definition to validate the role exists
|
|
33
|
-
const refDefinition = await fetchProtocolDefinition(tenant, roleProtocolUri,
|
|
32
|
+
const refDefinition = await validationStateReader.fetchProtocolDefinition(tenant, roleProtocolUri, protocolDefinitionTimestamp);
|
|
34
33
|
const roleRuleSet = getRuleSetAtPath(roleProtocolPath, refDefinition.structure);
|
|
35
34
|
if (!roleRuleSet?.$role) {
|
|
36
35
|
throw new DwnError(DwnErrorCode.ProtocolAuthorizationNotARole, `Cross-protocol role path ${protocolRole} does not match role record type.`);
|
|
@@ -43,31 +42,28 @@ export async function verifyInvokedRole(tenant, incomingMessage, protocolUri, co
|
|
|
43
42
|
throw new DwnError(DwnErrorCode.ProtocolAuthorizationNotARole, `Protocol path ${protocolRole} does not match role record type.`);
|
|
44
43
|
}
|
|
45
44
|
}
|
|
46
|
-
// Construct a filter to fetch the invoked role record
|
|
47
|
-
const roleRecordFilter = {
|
|
48
|
-
interface: DwnInterfaceName.Records,
|
|
49
|
-
method: DwnMethodName.Write,
|
|
50
|
-
protocol: roleProtocolUri,
|
|
51
|
-
protocolPath: roleProtocolPath,
|
|
52
|
-
recipient: incomingMessage.author,
|
|
53
|
-
isLatestBaseState: true,
|
|
54
|
-
};
|
|
55
45
|
const ancestorSegmentCountOfRolePath = roleProtocolPath.split('/').length - 1;
|
|
56
46
|
if (contextId === undefined && ancestorSegmentCountOfRolePath > 0) {
|
|
57
47
|
throw new DwnError(DwnErrorCode.ProtocolAuthorizationMissingContextId, 'Could not verify role because contextId is missing.');
|
|
58
48
|
}
|
|
59
|
-
// Compute `contextId` prefix
|
|
49
|
+
// Compute `contextId` prefix for fetching the invoked role record if the role path is not at the root level.
|
|
60
50
|
// e.g. if invoked role path is `Thread/Participant`, and the `contextId` of the message is `threadX/messageY/attachmentZ`,
|
|
61
|
-
// then we need to
|
|
51
|
+
// then we need to use the prefix `threadX` for the `contextId`
|
|
62
52
|
// because the `contextId` of the Participant record would be in the form of be `threadX/participantA`
|
|
53
|
+
let contextIdPrefix;
|
|
63
54
|
if (ancestorSegmentCountOfRolePath > 0) {
|
|
64
55
|
const contextIdSegments = contextId.split('/'); // NOTE: currently contextId segment count is never shorter than the role path count.
|
|
65
|
-
|
|
66
|
-
const contextIdPrefixFilter = FilterUtility.constructPrefixFilterAsRangeFilter(contextIdPrefix);
|
|
67
|
-
roleRecordFilter.contextId = contextIdPrefixFilter;
|
|
56
|
+
contextIdPrefix = contextIdSegments.slice(0, ancestorSegmentCountOfRolePath).join('/');
|
|
68
57
|
}
|
|
69
|
-
|
|
70
|
-
|
|
58
|
+
// fetch the invoked role record
|
|
59
|
+
const matchingRoleRecordExists = await validationStateReader.hasMatchingRoleRecord({
|
|
60
|
+
tenant,
|
|
61
|
+
protocol: roleProtocolUri,
|
|
62
|
+
protocolPath: roleProtocolPath,
|
|
63
|
+
recipient: incomingMessage.author,
|
|
64
|
+
contextIdPrefix,
|
|
65
|
+
});
|
|
66
|
+
if (!matchingRoleRecordExists) {
|
|
71
67
|
throw new DwnError(DwnErrorCode.ProtocolAuthorizationMatchingRoleRecordNotFound, `No matching role record found for protocol path ${roleProtocolPath}`);
|
|
72
68
|
}
|
|
73
69
|
}
|
|
@@ -81,12 +77,12 @@ export async function verifyInvokedRole(tenant, incomingMessage, protocolUri, co
|
|
|
81
77
|
* It is important to recognize that the `write` access that allowed the original record author to create the record maybe revoked
|
|
82
78
|
* (e.g. by role revocation) by the time a "non-initial" write by the same author is attempted.
|
|
83
79
|
*/
|
|
84
|
-
export async function getActionsSeekingARuleMatch(tenant, incomingMessage,
|
|
80
|
+
export async function getActionsSeekingARuleMatch(tenant, incomingMessage, validationStateReader) {
|
|
85
81
|
switch (incomingMessage.message.descriptor.method) {
|
|
86
|
-
case DwnMethodName.Delete:
|
|
82
|
+
case DwnMethodName.Delete: {
|
|
87
83
|
const recordsDelete = incomingMessage;
|
|
88
84
|
const recordId = recordsDelete.message.descriptor.recordId;
|
|
89
|
-
const initialWrite = await
|
|
85
|
+
const initialWrite = await validationStateReader.fetchInitialRecordsWrite(tenant, recordId);
|
|
90
86
|
// if there is no initial write, then no action rule can authorize the incoming message, because we won't know who the original author is
|
|
91
87
|
// NOTE: purely defensive programming: currently not reachable
|
|
92
88
|
// because RecordsDelete handler already have an existence check prior to this method being called.
|
|
@@ -110,6 +106,7 @@ export async function getActionsSeekingARuleMatch(tenant, incomingMessage, messa
|
|
|
110
106
|
}
|
|
111
107
|
}
|
|
112
108
|
return actionsThatWouldAuthorizeDelete;
|
|
109
|
+
}
|
|
113
110
|
case DwnMethodName.Count:
|
|
114
111
|
return [ProtocolAction.Read];
|
|
115
112
|
case DwnMethodName.Query:
|
|
@@ -118,7 +115,7 @@ export async function getActionsSeekingARuleMatch(tenant, incomingMessage, messa
|
|
|
118
115
|
return [ProtocolAction.Read];
|
|
119
116
|
case DwnMethodName.Subscribe:
|
|
120
117
|
return [ProtocolAction.Read];
|
|
121
|
-
case DwnMethodName.Write:
|
|
118
|
+
case DwnMethodName.Write: {
|
|
122
119
|
const incomingRecordsWrite = incomingMessage;
|
|
123
120
|
if (await incomingRecordsWrite.isInitialWrite()) {
|
|
124
121
|
// A squash write seeks the `squash` action first, with fallback to `create`.
|
|
@@ -131,7 +128,7 @@ export async function getActionsSeekingARuleMatch(tenant, incomingMessage, messa
|
|
|
131
128
|
else {
|
|
132
129
|
// else incoming RecordsWrite not an initial write
|
|
133
130
|
const recordId = incomingMessage.message.recordId;
|
|
134
|
-
const initialWrite = await
|
|
131
|
+
const initialWrite = await validationStateReader.fetchInitialRecordsWrite(tenant, recordId);
|
|
135
132
|
// if there is no initial write to update from, then no action rule can authorize the incoming message
|
|
136
133
|
if (initialWrite === undefined) {
|
|
137
134
|
return [];
|
|
@@ -145,6 +142,7 @@ export async function getActionsSeekingARuleMatch(tenant, incomingMessage, messa
|
|
|
145
142
|
return [ProtocolAction.CoUpdate];
|
|
146
143
|
}
|
|
147
144
|
}
|
|
145
|
+
}
|
|
148
146
|
}
|
|
149
147
|
// purely defensive programming: should not be reachable
|
|
150
148
|
// setting to empty array will prevent any message from being authorized
|
|
@@ -155,9 +153,9 @@ export async function getActionsSeekingARuleMatch(tenant, incomingMessage, messa
|
|
|
155
153
|
* @param protocolDefinition Optional protocol definition for resolving cross-protocol `of` and `role` references.
|
|
156
154
|
* @throws {Error} if action not allowed.
|
|
157
155
|
*/
|
|
158
|
-
export async function authorizeAgainstAllowedActions(tenant, incomingMessage, ruleSet, recordChain,
|
|
156
|
+
export async function authorizeAgainstAllowedActions(tenant, incomingMessage, ruleSet, recordChain, validationStateReader, protocolDefinition) {
|
|
159
157
|
const incomingMessageMethod = incomingMessage.message.descriptor.method;
|
|
160
|
-
const actionsSeekingARuleMatch = await getActionsSeekingARuleMatch(tenant, incomingMessage,
|
|
158
|
+
const actionsSeekingARuleMatch = await getActionsSeekingARuleMatch(tenant, incomingMessage, validationStateReader);
|
|
161
159
|
const author = incomingMessage.author;
|
|
162
160
|
const actionRules = ruleSet.$actions;
|
|
163
161
|
// NOTE: We have already checked that the message is not from tenant, owner, or permission grant authorized prior to this method being called.
|