@toa.io/extensions.origins 0.8.0-dev.0 → 0.8.0-dev.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@toa.io/extensions.origins",
-  "version": "0.8.0-dev.0",
+  "version": "0.8.0-dev.2",
   "description": "Toa Origins",
   "author": "temich <tema.gurtovoy@gmail.com>",
   "homepage": "https://github.com/toa-io/toa#readme",
@@ -19,15 +19,15 @@
     "test": "echo \"Error: run tests from root\" && exit 1"
   },
   "dependencies": {
-    "@toa.io/core": "0.8.0-dev.0",
-    "@toa.io/generic": "0.8.0-dev.0",
-    "@toa.io/schemas": "0.8.0-dev.0",
-    "@toa.io/yaml": "0.7.2-dev.1",
+    "@toa.io/core": "0.8.0-dev.2",
+    "@toa.io/generic": "0.8.0-dev.2",
+    "@toa.io/schemas": "0.8.0-dev.2",
+    "@toa.io/yaml": "0.7.2-dev.3",
     "comq": "0.6.0",
     "node-fetch": "2.6.7"
   },
   "devDependencies": {
     "@types/node-fetch": "2.6.2"
   },
-  "gitHead": "5f1bfd167bb7919492d249f78bbcc6bd9fc645a4"
+  "gitHead": "85a6e6ce4f5d90af087507e3db65b94f32e9a818"
 }

package/readme.md

@@ -1,6 +1,6 @@
 # Toa Origins
 
-Origins extension enables external communications over supported protocols (`HTTP` and `AMQP`).
+Enables external communications over supported protocols (HTTP and AMQP).
 
 ## TL;DR
 
@@ -10,15 +10,19 @@ name: dummy
 namespace: dummies
 
 origins:
-  website: http://www.domain.com/docs/
-  messages: amqps://amqp.amazon.com
+  docs: http://www.domain.com/docs/
+  amazon: amqps://amqp.amazon.com
 ```
 
 ```javascript
 // Node.js bridge 
 async function transition (input, object, context) {
-  await context.http.example.get() // GET http://www.domain.com/docs/example
-  await context.amqp.emit('something_happened', { really: true })
+  // direct Aspect invocation
+  await context.aspects.http('docs', './example', { method: 'GET' })
+
+  // shortcuts
+  await context.http.docs.example.get() // GET http://www.domain.com/docs/example
+  await context.amqp.amazon.emit('something_happened', { really: true })
 }
 ```
 
@@ -26,25 +30,92 @@ async function transition (input, object, context) {
 # context.toa.yaml
 origins:
   dummies.dummy:
-    messages: amqps://amqp.azure.com
-    messages@staging: amqp://amqp.stage
+    amazon: amqps://amqp.azure.com
+    amazon@staging: amqp://amqp.stage
 ```
 
-## Declaration
+## Manifest
+
+`origins` manifest is an object conforming declaring origin names as keys an origin URLs as values.
+Component's `origins` manifest can be overridden by the Context `origins` annotation.
+
+### Sharded Connections
+
+Origin value may contain [shards](/libraries/generic/readme.md#shards) placeholders.
+
+### Environment Variables
 
-Origins extension declaration is a [Pointer](/libraries/pointer). Declarations can be overridden by
-the context annotations.
+Origin value may contain environment variable placeholders.
+
+```yaml
+# manifest.toa.yaml
+origins:
+  foo@dev: stage${STAGE_NUMBER}.stages.com
+```
 
-## HTTP
+## HTTP Aspect
 
 Uses [node-fetch](https://github.com/node-fetch/node-fetch) and returns its result.
 
-## AMQP
+Aspect invocation function
+signature: `async (origin: string, rel: string, reuest: fetch.Request): fetch.Response`
+
+- `origin`: name of the origin in the manifest
+- `rel`: relative reference to a resource
+- `request`: `Request` form `node-fetch`
+
+### Absolute URLs
+
+Requests to arbitrary URLs can be implemented with overloaded direct Aspect invocation.
+
+`async (url: string, request: fetch.Request): fetch.Response`
+
+By default, requests to arbitrary URLs are not allowed and must be explicitly permitted by setting
+permissions in the Origins Annotation.
+
+The Rules object is stored in the `.http` property of the corresponding component. Each key in the
+Rules object is a regular expression that URLs will be tested against, and each value is a
+permission — either `true` to allow the URL or `false` to deny it. In cases where a URL matches
+multiple rules, denial takes priority.
+
+> The `null` key is a special case that represents "any URL".
+
+#### Example
+
+```yaml
+# context.toa.yaml
+origins:
+  dummies.dummy:
+    .http:
+      /^https?:\/\/api.domain.com/: true
+      /^http:\/\/sandbox.domain.com/@staging: true  # staging environment
+      /.*hackers.*/: false                          # deny rule
+      ~: true                                       # allow any URL
+```
+
+```javascript
+// Node.js bridge 
+async function transition (input, object, context) {
+  await context.aspects.http('https://api.domain.com/example', { method: 'POST' })
+}
+```
+
+#### `null` origins
+
+To enable the extension for a component that uses arbitrary URLs without any specific origins to
+declare, the Origins manifest should be set to `null`.
+
+```yaml
+# manifest.toa.yaml
+origins: ~
+```
+
+## AMQP Aspect
 
 Uses [ComQ](https://github.com/toa-io/comq), thus, provides interface of `comq.IO` restricted
 to `emit` and `request` methods.
 
-AMQP origins require credential secrets to be deployed. Secret's name must
+AMQP origins can have credential secrets deployed. Secret's name must
 follow `toa-origins-{namespace}-{component}-{origin}` and it must have keys `username`
 and `password`.
 

package/source/deployment.test.js

@@ -131,12 +131,11 @@ describe('amqp', () => {
 
     expect(variables).toBeDefined()
 
-    const envPrefix = `TOA_ORIGINS_${component.locator.uppercase}_`
-    const secPrefix = `toa-origins-${component.locator.label}-`
+    const envPrefix = `TOA_ORIGINS_${component.locator.uppercase}_${up(origin)}_`
+    const secretName = `toa-origins-${component.locator.label}-${origin}`
 
     for (const property of ['username', 'password']) {
       const variableName = envPrefix + up(property)
-      const secretName = secPrefix + property
       const variable = findVariable(variables, variableName)
 
       expect(variable).toBeDefined()

package/source/factory.js

@@ -3,12 +3,14 @@
 const protocols = require('./protocols')
 const env = require('./env')
 
-/**
- * @implements {toa.core.extensions.Factory}
- */
 class Factory {
+  /**
+   * @param {toa.core.Locator} locator
+   * @param {toa.origins.Manifest} manifest
+   * @return {toa.core.extensions.Aspect[]}
+   */
   aspect (locator, manifest) {
-    env.apply(locator, /** @type {toa.origins.Manifest} */ manifest)
+    env.apply(locator, manifest)
 
     return protocols.map((protocol) => this.#createAspect(protocol, manifest))
   }
@@ -21,13 +23,23 @@ class Factory {
   #createAspect (protocol, manifest) {
     const protocolManifest = {}
 
+    let properties
+
+    // let properties
+
     for (const [origin, reference] of Object.entries(manifest)) {
+      if (origin[0] === '.') {
+        if (origin.substring(1) === protocol.id) properties = reference
+
+        continue
+      }
+
       const url = new URL(reference)
 
       if (protocol.protocols.includes(url.protocol)) protocolManifest[origin] = reference
     }
 
-    return protocol.create(protocolManifest)
+    return protocol.create(protocolManifest, properties)
   }
 }
 

package/source/factory.test.js

@@ -13,7 +13,6 @@ const amqp = require('./protocols/amqp/aspect')
 const fixtures = require('./.test/factory.fixtures')
 const { Factory } = require('../')
 
-/** @type {toa.core.extensions.Factory} */
 let factory
 
 beforeEach(() => {
@@ -28,8 +27,8 @@ it('should create aspects', () => {
   const httpManifest = filterManifest(fixtures.manifest, 'http')
   const amqpManifest = filterManifest(fixtures.manifest, 'amqp')
 
-  expect(http.create).toHaveBeenCalledWith(httpManifest)
-  expect(amqp.create).toHaveBeenCalledWith(amqpManifest)
+  expect(http.create).toHaveBeenCalledWith(httpManifest, undefined)
+  expect(amqp.create).toHaveBeenCalledWith(amqpManifest, undefined)
 })
 
 describe('env', () => {
@@ -47,7 +46,7 @@ describe('env', () => {
 
     const expected = overwrite(httpManifest, override)
 
-    expect(http.create).toHaveBeenCalledWith(expected)
+    expect(http.create.mock.calls[0][0]).toStrictEqual(expected)
   })
 
   describe('amqp', () => {
@@ -104,6 +103,25 @@ describe('env', () => {
       expect(url.password).toStrictEqual(password)
     })
   })
+
+  describe('http', () => {
+    it('should read properties', async () => {
+      const properties = {
+        '.http': {
+          [generate()]: generate()
+        }
+      }
+
+      const locator = new Locator(generate(), generate())
+      const json = JSON.stringify(properties)
+
+      process.env['TOA_ORIGINS_' + locator.uppercase] = btoa(json)
+
+      factory.aspect(locator, fixtures.manifest)
+
+      expect(http.create).toHaveBeenCalledWith(expect.anything(), properties['.http'])
+    })
+  })
 })
 
 /**

package/source/manifest.js

@@ -1,5 +1,6 @@
 'use strict'
 
+const { remap, echo, shards } = require('@toa.io/generic')
 const schemas = require('./schemas')
 const protocols = require('./protocols')
 
@@ -8,16 +9,30 @@ const protocols = require('./protocols')
  * @returns {toa.origins.Manifest}
  */
 function manifest (manifest) {
-  schemas.manifest.validate(manifest)
+  if (manifest === null) return {}
+
+  manifest = remap(manifest, echo)
+  validate(manifest)
 
-  for (const uri of Object.values(manifest)) {
-    const protocol = new URL(uri).protocol
-    const supported = protocols.find((provider) => provider.protocols.includes(protocol))
+  for (const url of Object.values(manifest)) {
+    const supported = protocols.find((provider) => supports(provider, url))
 
-    if (supported === undefined) throw new Error(`'${protocol}' protocol is not supported`)
+    if (supported === undefined) throw new Error(`'${url}' protocol is not supported`)
   }
 
   return manifest
 }
 
+/**
+ * @param {toa.origins.Manifest} manifest
+ */
+function validate (manifest) {
+  manifest = remap(manifest, (value) => shards(value)[0])
+  schemas.manifest.validate(manifest)
+}
+
+function supports (provider, url) {
+  return provider.protocols.findIndex((protocol) => url.substring(0, protocol.length) === protocol) !== -1
+}
+
 exports.manifest = manifest

package/source/manifest.test.js

@@ -44,8 +44,32 @@ it('should throw if protocol is not supported', async () => {
   expect(() => manifest(input)).toThrow('is not supported')
 })
 
+it('should convert null to {}', async () => {
+  const output = manifest(null)
+
+  expect(output).toStrictEqual({})
+})
+
 it.each(PROTOCOLS)('should support %s protocol', async (protocol) => {
   const input = { foo: protocol + '//' + generate() }
 
   expect(() => manifest(input)).not.toThrow()
 })
+
+it('should handle placeholders', async () => {
+  const input = { foo: 'http://${FOO}' + generate() + ':${BAR}/' } // eslint-disable-line no-template-curly-in-string
+
+  expect(() => manifest(input)).not.toThrow()
+})
+
+it('should handle host shards', async () => {
+  const input = { foo: 'http://{0-3}' + generate() }
+
+  expect(() => manifest(input)).not.toThrow()
+})
+
+it('should handle port shards', async () => {
+  const input = { foo: 'http://' + generate() + ':888{0-9}' }
+
+  expect(() => manifest(input)).not.toThrow()
+})

package/source/protocols/amqp/aspect.js

@@ -4,11 +4,13 @@ const { connect } = require('comq')
 const { Connector } = require('@toa.io/core')
 const { shards } = require('@toa.io/generic')
 
+const { id } = require('./id')
+
 /**
  * @implements {toa.origins.amqp.Aspect}
  */
 class Aspect extends Connector {
-  name = 'amqp'
+  name = id
   /** @type {toa.origins.Manifest} */
   #manifest
 

package/source/protocols/amqp/deployment.js

@@ -12,13 +12,19 @@ function deployment (instances) {
   const variables = {}
 
   for (const { locator, manifest } of instances) {
+    const secrets = []
+
     for (const [origin, reference] of Object.entries(manifest)) {
       const url = new URL(reference)
 
       if (protocols.includes(url.protocol)) {
-        variables[locator.label] = secrets(locator, origin)
+        const originSecrets = createSecrets(locator, origin)
+
+        secrets.push(...originSecrets)
       }
     }
+
+    variables[locator.label] = secrets
   }
 
   return variables
@@ -29,10 +35,10 @@ function deployment (instances) {
  * @param {string} origin
  * @return {toa.deployment.dependency.Variable[]}
  */
-function secrets (locator, origin) {
+function createSecrets (locator, origin) {
   const properties = ['username', 'password']
 
-  return properties.map((property) => secret(locator, origin, property))
+  return properties.map((property) => createSecret(locator, origin, property))
 }
 
 /**
@@ -41,9 +47,9 @@ function secrets (locator, origin) {
  * @param {string} property
  * @return {toa.deployment.dependency.Variable}
  */
-function secret (locator, origin, property) {
-  const variable = `TOA_ORIGINS_${locator.uppercase}_${up(property)}`
-  const secret = `toa-origins-${locator.label}-${property}`
+function createSecret (locator, origin, property) {
+  const variable = `TOA_ORIGINS_${locator.uppercase}_${up(origin)}_${up(property)}`
+  const secret = `toa-origins-${locator.label}-${origin}`
 
   return {
     name: variable,

package/source/protocols/amqp/id.js

@@ -0,0 +1,3 @@
+'use strict'
+
+exports.id = 'amqp'

package/source/protocols/amqp/index.js

@@ -1,9 +1,11 @@
 'use strict'
 
 const protocols = require('./protocols')
+const { id } = require('./id')
 const { create } = require('./aspect')
 const { deployment } = require('./deployment')
 
 exports.protocols = protocols
+exports.id = id
 exports.create = create
 exports.deployment = deployment

package/source/protocols/http/.aspect/permissions.js

@@ -0,0 +1,65 @@
+'use strict'
+
+/**
+ * @implements {toa.origins.http.Permissions}
+ */
+class Permissions {
+  #default = process.env.TOA_DEV === '1'
+
+  /** @type {RegExp[]} */
+  #allowances = []
+
+  /** @type {RegExp[]} */
+  #denials = []
+
+  /**
+   * @param {toa.origins.http.Properties} properties
+   */
+  constructor (properties) {
+    if (properties !== undefined) this.#parse(properties)
+  }
+
+  test (url) {
+    const denial = this.#denials.findIndex((regexp) => regexp.test(url))
+
+    if (denial !== -1) return false
+
+    const allowance = this.#allowances.findIndex((regexp) => regexp.test(url))
+
+    if (allowance !== -1) return true
+
+    return this.#default
+  }
+
+  #parse (properties) {
+    if ('null' in properties) {
+      const always = /** @type {RegExp} */ { test: () => true }
+
+      this.#addRule(always, properties.null)
+      delete properties.null
+    }
+
+    for (const [key, rule] of Object.entries(properties)) {
+      const match = key.match(EXPRESSION)
+
+      if (match === null) throw new Error(`'${key}' is not a regular expression`)
+
+      const regex = new RegExp(match.groups.expression)
+
+      this.#addRule(regex, rule)
+    }
+  }
+
+  /**
+   * @param {RegExp} regex
+   * @param {boolean} rule
+   */
+  #addRule (regex, rule) {
+    if (rule === true) this.#allowances.push(regex)
+    else this.#denials.push(regex)
+  }
+}
+
+const EXPRESSION = /^\/(?<expression>.+)\/$/
+
+exports.Permissions = Permissions

package/source/protocols/http/aspect.js

@@ -5,29 +5,48 @@ const fetch = require('node-fetch')
 const { Connector } = require('@toa.io/core')
 const { retry } = require('@toa.io/generic')
 
+const { Permissions } = require('./.aspect/permissions')
+const { id } = require('./id')
+const protocols = require('./protocols')
+
 /**
  * @implements {toa.origins.http.Aspect}
  */
 class Aspect extends Connector {
   /** @readonly */
-  name = 'http'
+  name = id
 
   /** @type {toa.origins.Manifest} */
   #origins
 
+  /** @type {toa.origins.http.Permissions} */
+  #permissions
+
   /**
    * @param {toa.origins.Manifest} manifest
+   * @param {toa.origins.http.Permissions} permissions
    */
-  constructor (manifest) {
+  constructor (manifest, permissions) {
     super()
 
     this.#origins = manifest
+    this.#permissions = permissions
   }
 
   async invoke (name, path, request, options) {
     let origin = this.#origins[name]
 
-    if (origin === undefined) throw new Error(`Origin '${name}' is not defined`)
+    if (origin === undefined) {
+      if (isAbsoluteURL(/** @type {string} */ name)) {
+        return this.#invokeURL(
+          /** @type {string} */ name,
+          /** @type {import('node-fetch').RequestInit} */ path
+        )
+      } else throw new Error(`Origin '${name}' is not defined`)
+    }
+
+    // absolute urls are forbidden when using origins
+    if (typeof path === 'string' && isAbsoluteURL(path)) throw new Error(`Absolute URLs are forbidden (${path})`)
 
     if (options?.substitutions !== undefined) origin = substitute(origin, options.substitutions)
 
@@ -36,6 +55,17 @@ class Aspect extends Connector {
     return this.#request(url.href, request, options?.retry)
   }
 
+  /**
+   * @param {string} url
+   * @param {import('node-fetch').RequestInit} request
+   * @return {Promise<void>}
+   */
+  async #invokeURL (url, request) {
+    if (this.#permissions.test(url) === false) throw new Error(`URL '${url}' is not allowed`)
+
+    return this.#request(url, request)
+  }
+
   /**
    * @param {string} url
    * @param {import('node-fetch').RequestInit} request
@@ -70,19 +100,30 @@ class Aspect extends Connector {
  * @param {string[]} substitutions
  * @returns {string}
  */
-const substitute = (origin, substitutions) => {
+function substitute (origin, substitutions) {
   const replace = () => substitutions.shift()
 
   return origin.replace(PLACEHOLDER, replace)
 }
 
+/**
+ * @param {string} path
+ * @returns {boolean}
+ */
+function isAbsoluteURL (path) {
+  return protocols.findIndex((protocol) => path.indexOf(protocol) === 0) !== -1
+}
+
 const PLACEHOLDER = /\*/g
 
 /**
  * @param {toa.origins.Manifest} manifest
+ * @param {toa.origins.http.Properties} [properties]
  */
-function create (manifest) {
-  return new Aspect(manifest)
+function create (manifest, properties) {
+  const permissions = new Permissions(properties)
+
+  return new Aspect(manifest, permissions)
 }
 
 exports.create = create

package/source/protocols/http/aspect.test.js

@@ -3,9 +3,11 @@
 const clone = require('clone-deep')
 const { generate } = require('randomstring')
 const { random } = require('@toa.io/generic')
-
 const { Connector } = require('@toa.io/core')
 
+/** @type {string[]} */
+const protocols = require('../http/protocols')
+
 const fixtures = require('./.test/aspect.fixtures')
 const mock = fixtures.mock
 
@@ -13,7 +15,7 @@ jest.mock('node-fetch', () => mock.fetch)
 
 const { create } = require('./aspect')
 
-/** @type {toa.extensions.origins.Aspect} */ let aspect
+/** @type {toa.origins.http.Aspect} */ let aspect
 
 beforeEach(() => {
   jest.clearAllMocks()
@@ -45,7 +47,7 @@ describe('invoke', () => {
 
   beforeEach(async () => {
     jest.clearAllMocks()
-
+    mock.fetch.reset()
     mock.fetch.respond(200, response)
 
     result = await aspect.invoke(name, path, clone(request))
@@ -68,6 +70,15 @@ describe('invoke', () => {
     expect(mock.fetch.mock.calls[0][0]).toStrictEqual(fixtures.manifest.deep + path)
   })
 
+  it.each(protocols)('should throw on absolute URL (%s)',
+    async (protocol) => {
+      jest.clearAllMocks()
+      mock.fetch.respond(200, response)
+
+      await expect(aspect.invoke('deep', protocol + '//api.domain.com', clone(request)))
+        .rejects.toThrow('Absolute URLs are forbidden')
+    })
+
   it('should substitute wildcards', async () => {
     jest.clearAllMocks()
     mock.fetch.respond(200, response)
@@ -98,6 +109,7 @@ describe('invoke', () => {
     jest.clearAllMocks()
     mock.fetch.respond(200, response)
 
+    // noinspection JSCheckFunctionSignatures
     expect(() => aspect.invoke(name)).not.toThrow()
   })
 
@@ -125,7 +137,7 @@ describe('invoke', () => {
     it('should retry', async () => {
       jest.clearAllMocks()
 
-      const attempts = random(5) + 1
+      const attempts = random(5) + 2
 
       for (let i = 1; i < attempts; i++) mock.fetch.respond(500)
 
@@ -142,3 +154,86 @@ describe('invoke', () => {
     })
   })
 })
+
+describe.each(protocols)('absolute URL', (protocol) => {
+  const response = { [generate()]: generate() }
+
+  it('should request absolute URL', async () => {
+    mock.fetch.respond(200, response)
+
+    const properties = { null: true }
+    const url = protocol + '//' + generate()
+    const request = { method: 'POST' }
+
+    aspect = create(fixtures.manifest, properties)
+
+    await aspect.invoke(url, request)
+
+    expect(mock.fetch).toHaveBeenCalledWith(url, request)
+  })
+
+  it('should allow if TOA_DEV=1 and no properties', async () => {
+    const dev = process.env.TOA_DEV
+
+    process.env.TOA_DEV = '1'
+
+    mock.fetch.respond(200, response)
+
+    const url = protocol + '//' + generate()
+    const request = { method: 'POST' }
+
+    aspect = create(fixtures.manifest)
+
+    await aspect.invoke(url, request)
+
+    expect(mock.fetch).toHaveBeenCalledWith(url, request)
+
+    process.env.TOA_DEV = dev
+  })
+
+  it('should throw if URL not allowed', async () => {
+    mock.fetch.respond(200, response)
+
+    const properties = {}
+
+    aspect = create(fixtures.manifest, properties)
+
+    const url = protocol + '//' + generate()
+    const request = { method: 'POST' }
+
+    await expect(aspect.invoke(url, request)).rejects.toThrow('is not allowed')
+  })
+
+  it.each([
+    [String.raw`/^${protocol}\/\/api.\S+.com/`, `${protocol}//api.${generate()}.com/path/to`],
+    [String.raw`/${protocol}\/\/api.\S+.com/`, `${protocol}//api.${generate()}.com/path/to`]
+  ])('should allow requests %s', async (expression, url) => {
+    mock.fetch.respond(200, response)
+
+    const properties = { [expression]: true }
+
+    aspect = create(fixtures.manifest, properties)
+
+    await expect(aspect.invoke(url)).resolves.not.toThrow()
+  })
+
+  it.each([
+    [String.raw`/^${protocol}\/\/api.\S+.com/`, `${protocol}//api.${generate()}.com/path/to`],
+    [String.raw`/${protocol}\/\/api.\S+.com/`, `${protocol}//api.${generate()}.com/path/to`]
+  ])('should allow requests except %s', async (expression, url) => {
+    mock.fetch.respond(200, response)
+
+    const properties = { null: true, [expression]: false }
+
+    aspect = create(fixtures.manifest, properties)
+
+    await expect(aspect.invoke(url)).rejects.toThrow('is not allowed')
+  })
+
+  it.each([
+    ['starts', 'expression/'],
+    ['ends', '/expression']
+  ])('should throw if rule does not %s with /', async (_, expression) => {
+    expect(() => create(fixtures.manifest, { [expression]: true })).toThrow('is not a regular expression')
+  })
+})

package/source/protocols/http/id.js

@@ -0,0 +1,3 @@
+'use strict'
+
+exports.id = 'http'

package/source/protocols/http/index.js

@@ -1,7 +1,9 @@
 'use strict'
 
 const protocols = require('./protocols')
+const { id } = require('./id')
 const { create } = require('./aspect')
 
 exports.protocols = protocols
+exports.id = id
 exports.create = create

package/types/http.d.ts

@@ -0,0 +1,28 @@
+import * as fetch from 'node-fetch'
+import * as _extensions from '@toa.io/core/types/extensions'
+import * as _retry from '@toa.io/generic/types/retry'
+
+declare namespace toa.origins.http {
+
+  namespace invocation {
+    type Options = {
+      substitutions?: string[]
+      retry?: _retry.Options
+    }
+  }
+
+  type Properties = Record<string | null, boolean>
+
+  interface Permissions {
+    test(url: string): boolean
+  }
+
+  interface Aspect extends _extensions.Aspect {
+    invoke(origin: string, path: string, request?: fetch.RequestInit, options?: invocation.Options): Promise<fetch.Response>
+
+    invoke(url: string, request?: fetch.RequestInit): Promise<fetch.Response>
+  }
+
+}
+
+export type Aspect = toa.origins.http.Aspect

package/types/http.ts

@@ -1,18 +0,0 @@
-import * as fetch from 'node-fetch'
-import * as _extensions from '@toa.io/core/types/extensions'
-import * as _retry from '@toa.io/generic/types/retry'
-
-declare namespace toa.origins.http {
-
-  namespace invocation {
-    type Options = {
-      substitutions?: string[]
-      retry?: _retry.Options
-    }
-  }
-
-  interface Aspect extends _extensions.Aspect {
-    invoke(name: string, path: string, request: fetch.RequestInit, options?: invocation.Options): Promise<fetch.Response>
-  }
-
-}