npm - @ibgib/core-gib - Versions diffs - 0.1.47 → 0.1.48 - Mend

@ibgib/core-gib 0.1.47 → 0.1.48

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (98) hide show

package/src/sync/sync-peer/sync-peer-innerspace/sync-peer-innerspace-v1.mts CHANGED Viewed

@@ -198,11 +198,16 @@ export class SyncPeerInnerspace_V1 extends SyncPeer_V1<InitializeSyncPeerInnersp
             // the payload ibgibs. so the receiver coordinator should be ready
             // to do its thing.
+            const identitySecret = context.fnIdentitySecret ?
+                await context.fnIdentitySecret() :
+                undefined;
             const responseCtx = await receiverCoordinator.continueSync({
                 sagaContext: context,
                 metaspace: receiverMetaspace,
                 mySpace: receiverSpace,
                 myTempSpace: receiverTempSpace,
+                identity: context.signedSessionKeystone,
+                identitySecret,
             });
             if (logalot) { console.log(`${lc} receiverCoordinator.continueSync responseCtx: ${responseCtx ? pretty(responseCtx) : 'undefined'} (I: fb2831decde1f2b3589021f85ab19126)`); }

package/src/sync/sync-peer/sync-peer-v1.mts CHANGED Viewed

@@ -20,11 +20,14 @@ import { IbGibSpaceAny } from '../../witness/space/space-base-v1.mjs';
 import { newupSubject } from '../../common/pubsub/subject/subject-helper.mjs';
 import { authenticateContext, authorizeContext, validateContextAndSagaFrame } from '../sync-saga-context/sync-saga-context-helpers.mjs';
 import { getFromSpace } from '../../witness/space/space-helper.mjs';
+import { getFullSyncSagaHistory } from '../sync-helpers.mjs';
+import { SyncSagaFrameDependencyGraph } from '../sync-types.mjs';
 const logalot = GLOBAL_LOG_A_LOT;
 const logalotControlDomain = false;
 const lcControlDomain = '[ControlDomain]';
 /**
  * Abstract witness for talking to a Sync Peer (e.g. Remote Node or Local Simulator).
  *
@@ -66,8 +69,8 @@ export abstract class SyncPeer_V1<TInitializeOpts extends InitializeSyncPeerOpts
      *
      * @see {@link SyncPeerWitness.opts}
      */
-    public async initializeSender(opts: TInitializeOpts): Promise<void> {
-        const lc = `${this.lc}[${this.initializeSender.name}]`;
+    public async initializeOpts(opts: TInitializeOpts): Promise<void> {
+        const lc = `${this.lc}[${this.initializeOpts.name}]`;
         try {
             if (logalot) { console.log(`${lc} starting... (I: 31bd5fda37c89fa37fbaf14daf5fe726)`); }
             this.opts = opts;
@@ -117,6 +120,42 @@ export abstract class SyncPeer_V1<TInitializeOpts extends InitializeSyncPeerOpts
     protected abstract ensureReceiverTempSpace(): Promise<IbGibSpaceAny>;
+    protected async authenticateValidateAuthorize({
+        context,
+        fullSagaHistory,
+    }: {
+        context: SyncSagaContextIbGib_V1,
+        fullSagaHistory: SyncSagaFrameDependencyGraph[],
+    }): Promise<void> {
+        const lc = `${this.lc}[${this.authenticateValidateAuthorize.name}]`;
+        try {
+            if (logalot) { console.log(`${lc} starting... (I: add238055cd84a222c5b8c89913af526)`); }
+            // first authenticate, because invalid identity is a non-starter
+            const authenticationErrors = await authenticateContext({ context, fullSagaHistory });
+            if (authenticationErrors.length > 0) {
+                throw new Error(`invalid context authentication. authenticationErrors: ${authenticationErrors} (E: da89da5ee1269aeb78952d475d607526)`);
+            }
+            // next, we have a valid keystone, which should point to the
+            // context. But is that context and the saga data it contains valid?
+            // Does the keystone actually point to this context?
+            const validationErrors = await validateContextAndSagaFrame({ context, });
+            if (validationErrors.length > 0) {
+                throw new Error(`invalid context received. validationErrors: ${validationErrors} (E: 8b34c875c968af29bc433138e57a7826)`);
+            }
+            // we have a valid keystone that points to a valid context, but what
+            // exactly does the keystone authorize?
+            const authorizationErrors = await authorizeContext({ context, fullSagaHistory });
+            if (authorizationErrors.length > 0) {
+                throw new Error(`invalid context authorization. authorizationErrors: ${authorizationErrors} (E: 8ddc284a758cf10ba829334c1babb826)`);
+            }
+        } catch (error) {
+            console.error(`${lc} ${extractErrorMsg(error)}`);
+            throw error;
+        } finally {
+            if (logalot) { console.log(`${lc} complete.`); }
+        }
+    }
     /**
      * Witness the synchronization context (Send/Receive).
      *
@@ -133,16 +172,6 @@ export abstract class SyncPeer_V1<TInitializeOpts extends InitializeSyncPeerOpts
             if (!this.opts) { throw new Error(`(UNEXPECTED) this.opts falsy? Concrete class should have initialized sender opts by now. (E: 0b9e28287318fdf8bf9f5a6886a24826)`); }
-            // #region leaving off here
-            // NOTES: the context ibgib now has a reference to the signed
-            // keystone. the signed keystone targets the context ibgib, and the
-            // context ibgib itself points to the previous frame of the
-            // keystone. I've started on creating a validateKeystone function,
-            // whcih I need to at least add the validate transitions to. I
-            // _think_ I need to also fill in some authentication here in this
-            // peer at the very least, then I can move on to other layers.
-            // #endregion leaving off here
             // NOTE: There are three basic types of peers:
             // * local-only
             //   * this peer is both sender/receiver peer
@@ -183,19 +212,19 @@ export abstract class SyncPeer_V1<TInitializeOpts extends InitializeSyncPeerOpts
             //     when all domain ibgibs are pulled, publish complete to the observable
             // return resulting context ibgib (which the caller should get BEFORE the domain ibgibs observable completes)
-            // validate, authenticate, and authorize the context, sagaFrame, and identity(s)
-            const validationErrors = await validateContextAndSagaFrame({ context });
-            if (validationErrors.length > 0) {
-                throw new Error(`invalid context received. validationErrors: ${validationErrors} (E: 8b34c875c968af29bc433138e57a7826)`);
-            }
-            const authenticationErrors = await authenticateContext({ context });
-            if (authenticationErrors.length > 0) {
-                throw new Error(`invalid context authentication. authenticationErrors: ${authenticationErrors} (E: da89da5ee1269aeb78952d475d607526)`);
-            }
-            const authorizationErrors = await authorizeContext({ context });
-            if (authorizationErrors.length > 0) {
-                throw new Error(`invalid context authorization. authorizationErrors: ${authorizationErrors} (E: 8ddc284a758cf10ba829334c1babb826)`);
-            }
+            if (!context.sagaFrame) { throw new Error(`context.sagaFrame falsy. (E: a33dd88aa108e2bad9e885885731ce26)`); }
+            // this is not just happening on the client, but this peer may be
+            // the one receiving the context as well.
+            const sagaHistory_beforeSend = await getFullSyncSagaHistory({
+                sagaIbGib: context.sagaFrame,
+                space: this.opts.senderSpace
+            });
+            await this.authenticateValidateAuthorize({
+                context, fullSagaHistory: sagaHistory_beforeSend,
+            });
             // at this point, we have a valid, authenticated, authorized context
@@ -213,6 +242,15 @@ export abstract class SyncPeer_V1<TInitializeOpts extends InitializeSyncPeerOpts
                 // receive, they may still be transferring. These will be published
                 // to this.payloadIbGibsDomainReceived$
+                const sagaHistory_afterSend = await getFullSyncSagaHistory({
+                    sagaIbGib: context.sagaFrame,
+                    space: this.opts.senderSpace
+                });
+                await this.authenticateValidateAuthorize({
+                    context, fullSagaHistory: sagaHistory_afterSend,
+                });
                 return response;
             } else {
                 // response falsy. we could be done, or this could be an error.

package/src/sync/sync-saga-context/sync-saga-context-helpers.mts CHANGED Viewed

@@ -18,11 +18,12 @@ import {
 } from './sync-saga-context-types.mjs';
 import { IbGibSpaceAny } from '../../witness/space/space-base-v1.mjs';
 import { putInSpace, registerNewIbGib } from '../../witness/space/space-helper.mjs';
-import { SyncIbGib_V1 } from '../sync-types.mjs';
+import { SyncIbGib_V1, SyncSagaFrameDependencyGraph } from '../sync-types.mjs';
 import { validateSyncSagaFrame } from '../sync-helpers.mjs';
 import { validateKeystoneGraph, validateKeystoneTransition } from '../../keystone/keystone-helpers.mjs';
 import { KeystoneService_V1 } from '../../keystone/keystone-service-v1.mjs';
 import { KeystoneIbGib_V1 } from '../../keystone/keystone-types.mjs';
+import { isIbGibWithAtom } from '../../common/other/ibgib-helper.mjs';
 const logalot = GLOBAL_LOG_A_LOT;
@@ -96,6 +97,24 @@ export async function parseSyncSagaContextIb({
     }
 }
+export function isSyncSagaContextIbGib(x: any): x is SyncSagaContextIbGib_V1 {
+    const lc = `[${isSyncSagaContextIbGib.name}]`;
+    try {
+        if (logalot) { console.log(`${lc} starting... (I: 2bfa7f3cf5984b0c78aced881ce95226)`); }
+        const hasAtom = isIbGibWithAtom<SyncSagaContextIbGib_V1>(x, SYNC_SAGA_CONTEXT_ATOM);
+        // should be good enough in V1
+        return hasAtom;
+    } catch (error) {
+        console.error(`${lc} ${extractErrorMsg(error)}`);
+        throw error;
+    } finally {
+        if (logalot) { console.log(`${lc} complete.`); }
+    }
+}
 /**
  * Validates ONLY the {@link context} ibgib itself and saga frame/msg stone(s)
@@ -109,7 +128,11 @@ export async function parseSyncSagaContextIb({
  *
  * @returns empty array if valid, else validation errors
  */
-export async function validateContextAndSagaFrame({ context }: { context: SyncSagaContextIbGib_V1 }): Promise<string[]> {
+export async function validateContextAndSagaFrame({
+    context,
+}: {
+    context: SyncSagaContextIbGib_V1,
+}): Promise<string[]> {
     const lc = `[${validateContextAndSagaFrame.name}]`;
     try {
         if (logalot) { console.log(`${lc} starting... (I: 7797f8294bd8f7e5089cb722ad468226)`); }
@@ -178,13 +201,32 @@ export async function validateContextDomainPayloadIbGibs({ context }: { context:
 /**
  * move to sync-peer-helpers.mts as a pure function?
  */
-export async function authenticateContext({ context }: { context: SyncSagaContextIbGib_V1 }): Promise<string[]> {
+export async function authenticateContext({
+    context,
+    fullSagaHistory
+}: {
+    context: SyncSagaContextIbGib_V1,
+    fullSagaHistory: SyncSagaFrameDependencyGraph[],
+}): Promise<string[]> {
     const lc = `[${authenticateContext.name}]`;
     try {
         if (logalot) { console.log(`${lc} starting... (I: 2677a482dfa873dcd1aa04a3031ff826)`); }
         console.error(`${lc} NAG ERROR (NOT THROWN): not implemented. // todo: authenticate  (v1 must have this after we get merge logic workflow going) (E: bc3a78f2dab18ab64c36d055a4b50526)`);
+        // ensure the same identity rel8n timeline is in the first saga ibgib.
+        for (const sagaFrameDepGraph of fullSagaHistory) {
+            sagaFrameDepGraph.identities
+        }
+        // each saga ibgib should be updated with a new identity rel8n. each
+        // rel8n should correspond to each evolution of the keystone.
+        // if (context.sagaFrame.rel8ns?.sessionKeystone)
+        //     context.signedSessionKeystone
         return [];
     } catch (error) {
         console.error(`${lc} ${extractErrorMsg(error)}`);
@@ -197,7 +239,13 @@ export async function authenticateContext({ context }: { context: SyncSagaContex
 /**
  * move to sync-peer-helpers.mts as a pure function?
  */
-export async function authorizeContext({ context }: { context: SyncSagaContextIbGib_V1 }): Promise<string[]> {
+export async function authorizeContext({
+    context,
+    fullSagaHistory
+}: {
+    context: SyncSagaContextIbGib_V1,
+    fullSagaHistory: SyncSagaFrameDependencyGraph[],
+}): Promise<string[]> {
     const lc = `[${authorizeContext.name}]`;
     try {
         if (logalot) { console.log(`${lc} starting... (I: 48c918b41ceec0cd489ca3b8819e6826)`); }

package/src/sync/sync-saga-context/sync-saga-context-types.mts CHANGED Viewed

@@ -100,4 +100,21 @@ export interface SyncSagaContextIbGib_V1 extends IbGib_V1<SyncSagaContextData_V1
      * previous frame of the keystone.
      */
     signedSessionKeystone?: KeystoneIbGib_V1;
+    /**
+     * If identity is used in the sync transaction, this should be provided. It
+     * will drive both primary identity keystone evolution (to create session
+     * keystone), as well as signing the session keystone itself.
+     *
+     * when a peer transmits the context ibgib, this does not need to be
+     * transmitted. Note, however, that if sync is occuring between two remote
+     * peers and the peer design is not a proxy-based one, then the receiver
+     * should assign this with their own provider function.
+     *
+     * @returns the identity secret when needed to sign/evolve keystone
+     *
+     * NOTE: Not 100% sure where I'm putting this so this may end up being
+     * unused and should thus be removed. Right now, I think this will work.
+     */
+    fnIdentitySecret?: () => Promise<string>;
 }