feathers-ucan 0.0.0 → 0.0.2

package/README.md

@@ -1,6 +1,12 @@
 # feathers-ucan
 
-An extension of jwt authentication in feathersjs to include the added functionality of UCAN `@ucans/ucans` tokens. More specifically, adding capabilities. 
+## Getting started
+
+`npm i feathers-ucan`
+
+`import {allUcanAuth, AuthService, ...<and so on>} from feathers-ucan`
+
+An extension of jwt authentication in feathersjs to include the added functionality of UCAN `@ucans/ucans` tokens. More specifically, adding capabilities.
 
 UCAN tokens are unopinionated in general, and still emerging. There is a lot more that possibly could be done with this concept, we have built only what we have managed to use in my own current scope of project needs with this library. We have tried to leav it as unopinionated as possible. 
 
@@ -50,10 +56,33 @@ genCapability() returns a standard ucan `Capability`
 
 # Authentication hooks
 
-## allUcanAuth(methods, options)(context:HookContext)
+### Config
+
+You'll need the following config options under `default.json` `authentication` settings - accessible at `app.get('authentication')`. These could obviously be anything, but the two that are especially noteworthy are the client_ucan and ucan_aud. These are necessary for managing a ucan. 
+
+**core:** Our chosen implementation is to pass what we label `core` params - the path to "core" is configurable in the app configuration as well. This allows us to pass along key authentication data from call to call internally so we don't lose our ucan context as we go. 
 
-### Methods
+It's worth noting that the `client_ucan` is typically the calling user's `ucan` token - so it would be accessible in vanilla feathers under `context.auth.user[ucan_path]`. The `ucan_aud` is a `did` and we also save this on the user - so it too would be accessible there. We simply use the core options to avoid redundant calls to authentication on internal calls.
+
+Also worth noting is that we expose a `CoreCall` class that allows you to make feathers service calls and automatically pass core params along in the call. We have found this to be extensible and useful over time.
+
+```JSON
+   ...
+    "authentication": {
+      "entity": "login",
+      "service": "logins",
+      "defaultScheme": "symbolDb",
+      "defaultHierPart": "commoncare/*",
+      "core_path": "core",
+      "ucan_path": "ucan",
+      "client_ucan": "core.client_ucan",
+        ...
+}
+```
+
+## allUcanAuth(methods, options)(context:HookContext)
 
+### using allUcanAuth
 **************methods**************: is an object that includes optional keys for all feathers service methods and the value is an array with 3 possible values:
 `Array<CapabilityParts>`where `CapabilityParts` is the `Partial<Capability>` from the **********************genCapability********************** method, or a simplified `Array<[string, string]>` where the 2 elements of the array are the ucan Capability `namespace` and `segments` sequentially
 

package/lib/auth-service/index.d.ts

@@ -1,7 +1,14 @@
+import { AuthenticationRequest, AuthenticationParams } from '../types';
 export declare class NotAuthError extends Error {
     constructor(message?: string);
 }
 export type AuthServiceOptions = {
     NotAuthenticated?: any;
 };
-export declare const genAuthService: (ParentClass: any, options?: AuthServiceOptions) => void;
+export declare const genAuthService: (ParentClass: any, options?: AuthServiceOptions) => {
+    new (app: any, configKey?: string, opts?: {}): {
+        [x: string]: any;
+        create(data: AuthenticationRequest, params?: AuthenticationParams): Promise<any>;
+    };
+    [x: string]: any;
+};

package/lib/core/methods.d.ts

@@ -1,5 +1,6 @@
 import { AnyObj } from '../types';
-export type Id = string | object;
+export type Id = number | string;
+export type NullableId = Id | null;
 export type CallFindResult<T = AnyObj> = {
     total: number;
     limit: number;
@@ -15,17 +16,17 @@ export declare class CoreCall {
     service: string;
     core: AnyObj;
     constructor(service: string, context: any, coreOptions?: CoreOpts);
-    get(id: Id, params?: {}): Promise<any>;
+    get(id: NullableId, params?: {}): Promise<any>;
     find(params?: {}): Promise<any>;
     create(data: AnyObj, params?: {}): Promise<any>;
-    patch(id: Id, data: AnyObj, params?: {}): Promise<any>;
-    update(id: Id, data: AnyObj, params?: {}): Promise<any>;
-    remove(id: Id, params?: {}): Promise<void>;
-    _get(id: Id, params?: {}): Promise<any>;
+    patch(id: NullableId, data: AnyObj, params?: {}): Promise<any>;
+    update(id: NullableId, data: AnyObj, params?: {}): Promise<any>;
+    remove(id: NullableId, params?: {}): Promise<any>;
+    _get(id: NullableId, params?: {}): Promise<any>;
     _find(params?: {}): Promise<any>;
     _create(data: AnyObj, params?: {}): Promise<any>;
-    _patch(id: Id, data: AnyObj, params?: {}): Promise<any>;
-    _update(id: Id, data: AnyObj, params?: {}): Promise<any>;
-    _remove(id: Id, params?: {}): Promise<void>;
+    _patch(id: NullableId, data: AnyObj, params?: {}): Promise<any>;
+    _update(id: NullableId, data: AnyObj, params?: {}): Promise<any>;
+    _remove(id: NullableId, params?: {}): Promise<any>;
 }
 export {};

package/lib/env/version.d.ts

@@ -1 +1 @@
-export declare const VERSION = "0.0.0";
+export declare const VERSION = "0.0.2";

package/lib/hooks/ucan-auth.d.ts

@@ -1,4 +1,4 @@
-import { AnyObj as HookContext } from '../types';
+import { HookContext } from '../types';
 import { Capability, VerifyOptions } from 'symbol-ucan';
 type AnyAuth = '*';
 export declare const anyAuth: AnyAuth;
@@ -28,26 +28,15 @@ export type UcanAllArgs = {
 type VerifyOne = {
     ucan: string;
 } & VerifyOptions;
-type Auth = (method: string) => (context: HookContext) => Promise<HookContext>;
-type Config = {
-    entity: string;
-    service: string;
-    defaultScheme: string;
-    defaultHierPart: string;
-};
 type VerifyRes = {
     ok: boolean;
-    value: Array<any>;
+    value?: Array<any>;
+    err?: Array<any>;
 };
-export declare class UcanAuth {
-    authenticate: Auth;
-    configuration: Config;
-    constructor(authenticate: Auth, configuration: Config);
-    noThrowAuth(context: HookContext): Promise<HookContext>;
-    bareAuth(context: HookContext): Promise<HookContext>;
-    orVerifyLoop(arr: Array<VerifyOne>): Promise<any>;
-    verifyAgainstReqs(ucan: string, audience: string, reqs: Array<RequiredCapability>, options?: UcanAuthOptions): (context: HookContext) => Promise<VerifyRes>;
-    ucanAuth(requiredCapabilities?: UcanCap, options?: UcanAuthOptions): (context: HookContext) => Promise<any>;
-    allUcanAuth(methods: UcanAllArgs, options?: UcanAuthOptions): (context: HookContext) => Promise<any>;
-}
+export declare const noThrowAuth: <S>(context: HookContext<S>) => Promise<HookContext<S>>;
+export declare const bareAuth: <S>(context: HookContext<S>) => Promise<HookContext<S>>;
+export declare const orVerifyLoop: (arr: Array<VerifyOne>) => Promise<VerifyRes>;
+export declare const verifyAgainstReqs: <S>(ucan: string, audience: string, reqs: Array<RequiredCapability>, options?: UcanAuthOptions) => (context: HookContext<S>) => Promise<VerifyRes>;
+export declare const ucanAuth: <S>(requiredCapabilities?: UcanCap, options?: UcanAuthOptions) => (context: HookContext<S>) => Promise<HookContext<S>>;
+export declare const allUcanAuth: <S>(methods: UcanAllArgs, options?: UcanAuthOptions) => (context: HookContext<S>) => Promise<HookContext<S>>;
 export {};

package/lib/index.cjs

@@ -1 +1 @@
-var e=require("symbol-ucan");function r(){return r=Object.assign?Object.assign.bind():function(e){for(var r=1;r<arguments.length;r++){var t=arguments[r];for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(e[n]=t[n])}return e},r.apply(this,arguments)}function t(e){return t=Object.setPrototypeOf?Object.getPrototypeOf.bind():function(e){return e.__proto__||Object.getPrototypeOf(e)},t(e)}function n(e,r){return n=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(e,r){return e.__proto__=r,e},n(e,r)}function o(e,r,t){return o=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){})),!0}catch(e){return!1}}()?Reflect.construct.bind():function(e,r,t){var o=[null];o.push.apply(o,r);var i=new(Function.bind.apply(e,o));return t&&n(i,t.prototype),i},o.apply(null,arguments)}function i(e){var r="function"==typeof Map?new Map:void 0;return i=function(e){if(null===e||-1===Function.toString.call(e).indexOf("[native code]"))return e;if("function"!=typeof e)throw new TypeError("Super expression must either be null or a function");if(void 0!==r){if(r.has(e))return r.get(e);r.set(e,i)}function i(){return o(e,arguments,t(this).constructor)}return i.prototype=Object.create(e.prototype,{constructor:{value:i,enumerable:!1,writable:!0,configurable:!0}}),n(i,e)},i(e)}var c=/*#__PURE__*/function(e){var r,t;function o(r){return e.call(this,r)||this}return t=e,(r=o).prototype=Object.create(t.prototype),r.prototype.constructor=r,n(r,t),o}(/*#__PURE__*/i(Error)),u=/*#__PURE__*/function(){function e(e,t,n){var o;this.context=void 0,this.service=void 0,this.core=void 0,this.service=e,this.context=t,this.core=r({},null==(o=t.params)?void 0:o.core,n)}var t=e.prototype;return t.get=function(e,t){void 0===t&&(t={});try{var n,o=this;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service).get(e,r({},t,{core:o.core})))}catch(e){return Promise.reject(e)}},t.find=function(e){void 0===e&&(e={});try{var t,n=this;return Promise.resolve(null==(t=n.context.app)?void 0:t.service(n.service).find(r({},e,{core:n.core})))}catch(e){return Promise.reject(e)}},t.create=function(e,t){void 0===t&&(t={});try{var n,o=this;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service).create(e,r({},t,{core:o.core})))}catch(e){return Promise.reject(e)}},t.patch=function(e,t,n){void 0===n&&(n={});try{var o,i=this;return Promise.resolve(null==(o=i.context.app)?void 0:o.service(i.service).patch(e,t,r({},n,{core:i.core})))}catch(e){return Promise.reject(e)}},t.update=function(e,t,n){void 0===n&&(n={});try{var o,i=this;return Promise.resolve(null==(o=i.context.app)?void 0:o.service(i.service).update(e,t,r({},n,{core:i.core})))}catch(e){return Promise.reject(e)}},t.remove=function(e,t){void 0===t&&(t={});try{var n,o=this;return null==(n=o.context.app)||n.service(o.service).remove(e,r({},t,{core:o.core})),Promise.resolve()}catch(e){return Promise.reject(e)}},t._get=function(e,t){void 0===t&&(t={});try{var n,o=this;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service)._get(e,r({},t,{core:o.core})))}catch(e){return Promise.reject(e)}},t._find=function(e){void 0===e&&(e={});try{var t,n=this;return Promise.resolve(null==(t=n.context.app)?void 0:t.service(n.service)._find(r({},e,{core:n.core})))}catch(e){return Promise.reject(e)}},t._create=function(e,t){void 0===t&&(t={});try{var n,o=this;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service)._create(e,r({},t,{core:o.core})))}catch(e){return Promise.reject(e)}},t._patch=function(e,t,n){void 0===n&&(n={});try{var o,i=this;return Promise.resolve(null==(o=i.context.app)?void 0:o.service(i.service)._patch(e,t,r({},n,{core:i.core})))}catch(e){return Promise.reject(e)}},t._update=function(e,t,n){void 0===n&&(n={});try{var o,i=this;return Promise.resolve(null==(o=i.context.app)?void 0:o.service(i.service)._update(e,t,r({},n,{core:i.core})))}catch(e){return Promise.reject(e)}},t._remove=function(e,t){void 0===t&&(t={});try{var n,o=this;return null==(n=o.context.app)||n.service(o.service)._remove(e,r({},t,{core:o.core})),Promise.resolve()}catch(e){return Promise.reject(e)}},e}(),a=["ucan"];function s(e,r,t){if(!e.s){if(t instanceof l){if(!t.s)return void(t.o=s.bind(null,e,r));1&r&&(r=t.s),t=t.v}if(t&&t.then)return void t.then(s.bind(null,e,r),s.bind(null,e,2));e.s=r,e.v=t;var n=e.o;n&&n(e)}}const l=/*#__PURE__*/function(){function e(){}return e.prototype.then=function(r,t){const n=new e,o=this.s;if(o){const e=1&o?r:t;if(e){try{s(n,1,e(this.v))}catch(e){s(n,2,e)}return n}return this}return this.o=function(e){try{const o=e.v;1&e.s?s(n,1,r?r(o):o):t?s(n,1,t(o)):s(n,2,o)}catch(e){s(n,2,e)}},n},e}();var v=/*#__PURE__*/function(){function r(e,r){this.authenticate=void 0,this.configuration={entity:"user",service:"users",defaultScheme:"symbol.storage",defaultHierPart:"*"},this.authenticate=e,r&&(this.configuration=r)}var t=r.prototype;return t.noThrowAuth=function(e){try{var r,t=null==(r=e.auth)?void 0:r.login;return t&&(e.core?e.core.login=t:e.core={login:t}),Promise.resolve(this.authenticate("jwt")(e).catch(function(r){return console.error("got error in no throw auth",r),e})).then(function(){return e})}catch(e){return Promise.reject(e)}},t.bareAuth=function(e){try{var r,t=null==(r=e.auth)?void 0:r.login;return t&&(e.core?e.core.login=t:e.core={login:t}),Promise.resolve(this.authenticate("jwt")(e))}catch(e){return Promise.reject(e)}},t.orVerifyLoop=function(r){try{var t,n={ok:!1,value:[]},o=function(o,i,c){var u=[];for(var v in o)u.push(v);return function(e,r,t){var n,o,i=-1;return function c(u){try{for(;++i<e.length&&(!t||!t());)if((u=r(i))&&u.then){if(!((a=u)instanceof l&&1&a.s))return void u.then(c,o||(o=s.bind(null,n=new l,2)));u=u.v}n?s(n,1,u):n=u}catch(e){s(n||(n=new l),2,e)}var a}(),n}(u,function(o){return function(o){var i=function(){var i;if(null==(i=n)||!i.ok){var c=r[o],u=c.ucan,s=function(e,r){if(null==e)return{};var t,n,o={},i=Object.keys(e);for(n=0;n<i.length;n++)r.indexOf(t=i[n])>=0||(o[t]=e[t]);return o}(c,a);return Promise.resolve(function(r,t){try{return Promise.resolve(e.verifyUcan(r,t))}catch(e){return Promise.reject(e)}}(u,s)).then(function(e){n=e})}t=1}();if(i&&i.then)return i.then(function(){})}(u[o])},function(){return t})}(r);return Promise.resolve(o&&o.then?o.then(function(){return n}):n)}catch(e){return Promise.reject(e)}},t.verifyAgainstReqs=function(r,t,n,o){var i=this;return function(c){try{var u;return r&&t&&null!=o&&null!=(u=o.or)&&u.includes(c.method)?Promise.resolve(i.orVerifyLoop((n||[]).map(function(e){return{ucan:r,audience:t,requiredCapabilities:[e]}}))):Promise.resolve(e.verifyUcan(r,{audience:t,requiredCapabilities:n}))}catch(e){return Promise.reject(e)}}},t.ucanAuth=function(r,t){var n=this;return function(o){try{var i,c=function(c){return i?c:Promise.resolve(n.bareAuth(o)).then(function(i){var c,a;function s(){var r;if(null!=(r=v)&&r.ok)return o;var i=function(){function r(){if(v.ok)return o;throw console.error("Ucan capabilities requirements not met: ",v,o.type,o.path),new Error("Missing proper capabilities for this action: "+o.type+": "+o.path+" - "+o.method)}var i=function(){var r;if(null==(r=v)||!r.ok){var o=!1,i=[];h.forEach(function(r,t){var n=(e._get(r,"capability.can.namespace")||"").split(":");n[1]&&(r=e._set(r,"capability.can.namespace",n[0]),o=!0),i.push(r)});var c=function(){if(o)return Promise.resolve(n.verifyAgainstReqs(p,d,h,t)).then(function(e){v=e})}();if(c&&c.then)return c.then(function(){})}}();return i&&i.then?i.then(r):r()},c=t||{creatorPass:!1},a=c.creatorPass,s=c.loginPass,l=function(){if(a&&("*"===a||a.includes(o.method))||null!=s&&s.length&&("*"===s[1]||s[1].includes(o.method)))return Promise.resolve(new u(o.path,o,{skipJoins:!0}).get(o.id)).then(function(r){var t,n;if(a)v.ok=(null==r||null==(t=r.createdBy)?void 0:t.login)===((null==(n=o.login)?void 0:n._id)||"***");else if(s){var i,c=e._flatten(s[0].map(function(t){return e._get(r,t)}));v.ok=c.filter(function(e){return!!e}).includes(null==(i=o.login)?void 0:i._id)}})}();return l&&l.then?l.then(i):i()}if(o=i,"*"===r)return o;if(null!=t&&t.adminPass&&o.params.admin_pass)return o;var l=o.app.get("authentication"),v={ok:!1,value:[]},f=e.encodeKeyPair({secretKey:l.secret}).did(),h=(r||[]).map(function(r){var t={defaultScheme:n.configuration.defaultScheme,defaultHierPart:n.configuration.defaultHierPart};return{capability:Array.isArray(r)?e.genCapability({with:{scheme:n.configuration.defaultScheme,hierPart:n.configuration.defaultHierPart},can:{namespace:r[0],segments:"string"==typeof r[1]?[r[1]]:r[1]}},t):e.genCapability(r,t),rootIssuer:f}}),p=null==(c=o.params.core)?void 0:c.client_ucan,d=null==(a=o.params.core)?void 0:a.ucan_aud,m=function(){if(h.length)return Promise.resolve(n.verifyAgainstReqs(p,d,h,t)).then(function(e){v=e});v.ok=!0}();return m&&m.then?m.then(s):s()})},a=function(){if("$"===r)return Promise.resolve(n.noThrowAuth(o)).then(function(e){return i=1,e})}();return Promise.resolve(a&&a.then?a.then(c):c(a))}catch(e){return Promise.reject(e)}}},t.allUcanAuth=function(e,r){var t=this;return function(n){try{var o,i=null==(o=n.auth)?void 0:o.login;if(i&&(n.core?n.core.login=i:n.core={login:i}),"before"===n.type){var c=n.method;return Promise.resolve(e[c]||e.all?t.ucanAuth(e[c]||e.all,r)(n):n)}return Promise.resolve(n)}catch(e){return Promise.reject(e)}}},r}();exports.CoreCall=u,exports.NotAuthError=c,exports.UcanAuth=v,exports.anyAuth="*",exports.genAuthService=function(e,r){},exports.noThrow="$",exports.updateUcan=function(){return function(t){try{var n=t.data,o=n.add,i=void 0===o?[]:o,c=n.remove,a=void 0===c?[]:c;if(!(null!=i&&i.length||null!=a&&a.length))throw new Error("No new capabilities passed");var s=t.app.get("authentication").secret,l=e.encodeKeyPair({secretKey:s}).did(),v=e.stackAbilities([].concat(i,a));return Promise.resolve(e.verifyUcan(t.params.login.ucan,{audience:t.params.core.ucan_aud,requiredCapabilities:v.map(function(e){return{capability:e,rootIssuer:l}})})).then(function(n){if(null==n||!n.ok)throw new Error("You don't have sufficient capabilities to grant those capabilities");var o=t.id,c=t.data.service||"logins",l=t.data.path||"ucan";return Promise.resolve(new u(c,t,{skipJoins:!0}).get(o)).then(function(n){var v=e.parseUcan(e._get(n,l)).payload,f=v.aud,h=v.att,p=v.prf,d=[].concat(h);return null!=a&&a.length&&(d=e.reduceAbilities(a,h)),null!=i&&i.length&&(d=e.stackAbilities([].concat(h,i))),Promise.resolve(e.buildUcan(r({issuer:e.encodeKeyPair({secretKey:s}),audience:f,proofs:p},t.data,{capabilities:d}))).then(function(r){var n=e.ucanToken(r);return Promise.resolve(e.validateUcan(n)).then(function(e){var r;if(!e)throw new Error("Invalid ucan generated when updating");return Promise.resolve(new u(c,t).patch(o,(r={},r[l]=n,r))).then(function(e){return t.result={raw:t.data,encoded:n,subject:e},t})})})})})}catch(e){return Promise.reject(e)}}};
+var e=require("symbol-ucan"),t=require("@feathersjs/authentication");function r(){return r=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var r=arguments[t];for(var n in r)Object.prototype.hasOwnProperty.call(r,n)&&(e[n]=r[n])}return e},r.apply(this,arguments)}function n(e,t){e.prototype=Object.create(t.prototype),e.prototype.constructor=e,i(e,t)}function o(e){return o=Object.setPrototypeOf?Object.getPrototypeOf.bind():function(e){return e.__proto__||Object.getPrototypeOf(e)},o(e)}function i(e,t){return i=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(e,t){return e.__proto__=t,e},i(e,t)}function a(e,t,r){return a=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){})),!0}catch(e){return!1}}()?Reflect.construct.bind():function(e,t,r){var n=[null];n.push.apply(n,t);var o=new(Function.bind.apply(e,n));return r&&i(o,r.prototype),o},a.apply(null,arguments)}function c(e){var t="function"==typeof Map?new Map:void 0;return c=function(e){if(null===e||-1===Function.toString.call(e).indexOf("[native code]"))return e;if("function"!=typeof e)throw new TypeError("Super expression must either be null or a function");if(void 0!==t){if(t.has(e))return t.get(e);t.set(e,r)}function r(){return a(e,arguments,o(this).constructor)}return r.prototype=Object.create(e.prototype,{constructor:{value:r,enumerable:!1,writable:!0,configurable:!0}}),i(r,e)},c(e)}var u=/*#__PURE__*/function(e){function t(t){return e.call(this,t)||this}return n(t,e),t}(/*#__PURE__*/c(Error)),s=/*#__PURE__*/function(){function e(e,t,n){var o;this.context=void 0,this.service=void 0,this.core=void 0,this.service=e,this.context=t,this.core=r({},null==(o=t.params)?void 0:o.core,n)}var t=e.prototype;return t.get=function(e,t){void 0===t&&(t={});try{var n,o,i=this,a=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service).get(e,r({},t,((o={})[a]=i.core,o))))}catch(e){return Promise.reject(e)}},t.find=function(e){void 0===e&&(e={});try{var t,n,o=this,i=o.context.app.get("authentication").core_path;return Promise.resolve(null==(t=o.context.app)?void 0:t.service(o.service).find(r({},e,((n={})[i]=o.core,n))))}catch(e){return Promise.reject(e)}},t.create=function(e,t){void 0===t&&(t={});try{var n,o,i=this,a=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service).create(e,r({},t,((o={})[a]=i.core,o))))}catch(e){return Promise.reject(e)}},t.patch=function(e,t,n){void 0===n&&(n={});try{var o,i,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(o=a.context.app)?void 0:o.service(a.service).patch(e,t,r({},n,((i={})[c]=a.core,i))))}catch(e){return Promise.reject(e)}},t.update=function(e,t,n){void 0===n&&(n={});try{var o,i,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(o=a.context.app)?void 0:o.service(a.service).update(e,t,r({},n,((i={})[c]=a.core,i))))}catch(e){return Promise.reject(e)}},t.remove=function(e,t){void 0===t&&(t={});try{var n,o,i=this,a=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service).remove(e,r({},t,((o={})[a]=i.core,o))))}catch(e){return Promise.reject(e)}},t._get=function(e,t){void 0===t&&(t={});try{var n,o,i=this,a=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service)._get(e,r({},t,((o={})[a]=i.core,o))))}catch(e){return Promise.reject(e)}},t._find=function(e){void 0===e&&(e={});try{var t,n,o=this,i=o.context.app.get("authentication").core_path;return Promise.resolve(null==(t=o.context.app)?void 0:t.service(o.service)._find(r({},e,((n={})[i]=o.core,n))))}catch(e){return Promise.reject(e)}},t._create=function(e,t){void 0===t&&(t={});try{var n,o,i=this,a=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service)._create(e,r({},t,((o={})[a]=i.core,o))))}catch(e){return Promise.reject(e)}},t._patch=function(e,t,n){void 0===n&&(n={});try{var o,i,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(o=a.context.app)?void 0:o.service(a.service)._patch(e,t,r({},n,((i={})[c]=a.core,i))))}catch(e){return Promise.reject(e)}},t._update=function(e,t,n){void 0===n&&(n={});try{var o,i,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(o=a.context.app)?void 0:o.service(a.service)._update(e,t,r({},n,((i={})[c]=a.core,i))))}catch(e){return Promise.reject(e)}},t._remove=function(e,t){void 0===t&&(t={});try{var n,o,i=this,a=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service)._remove(e,r({},t,((o={})[a]=i.core,o))))}catch(e){return Promise.reject(e)}},e}(),l=["ucan"];function p(e,t,r){if(!e.s){if(r instanceof h){if(!r.s)return void(r.o=p.bind(null,e,t));1&t&&(t=r.s),r=r.v}if(r&&r.then)return void r.then(p.bind(null,e,t),p.bind(null,e,2));e.s=t,e.v=r;var n=e.o;n&&n(e)}}const h=/*#__PURE__*/function(){function e(){}return e.prototype.then=function(t,r){const n=new e,o=this.s;if(o){const e=1&o?t:r;if(e){try{p(n,1,e(this.v))}catch(e){p(n,2,e)}return n}return this}return this.o=function(e){try{const o=e.v;1&e.s?p(n,1,t?t(o):o):r?p(n,1,r(o)):p(n,2,o)}catch(e){p(n,2,e)}},n},e}();var v=function(r){try{var n=r.app.get("authentication"),o=e._get(r,["auth",n.entity]);return o&&(r=e._set(r,[n.core_path,n.entity],o)),Promise.resolve(t.authenticate("jwt")(r).catch(function(e){return console.error("got error in no throw auth",e),r})).then(function(e){return r=e})}catch(e){return Promise.reject(e)}},f=function(r){try{var n=r.app.get("authentication"),o=e._get(r,["auth",n.entity]);return o&&(r=e._set(r,[n.core_path,n.entity],o)),Promise.resolve(t.authenticate("jwt")(r))}catch(e){return Promise.reject(e)}},d=function(t){try{var r,n={ok:!1,value:[]},o=function(o,i,a){var c=[];for(var u in o)c.push(u);return function(e,t,r){var n,o,i=-1;return function a(c){try{for(;++i<e.length&&(!r||!r());)if((c=t(i))&&c.then){if(!((u=c)instanceof h&&1&u.s))return void c.then(a,o||(o=p.bind(null,n=new h,2)));c=c.v}n?p(n,1,c):n=c}catch(e){p(n||(n=new h),2,e)}var u}(),n}(c,function(o){return function(o){var i=function(){var i;if(null==(i=n)||!i.ok){var a=t[o],c=a.ucan,u=function(e,t){if(null==e)return{};var r,n,o={},i=Object.keys(e);for(n=0;n<i.length;n++)t.indexOf(r=i[n])>=0||(o[r]=e[r]);return o}(a,l);return Promise.resolve(function(t,r){try{return Promise.resolve(e.verifyUcan(t,r))}catch(e){return Promise.reject(e)}}(c,u)).then(function(e){n=e})}r=1}();if(i&&i.then)return i.then(function(){})}(c[o])},function(){return r})}(t);return Promise.resolve(o&&o.then?o.then(function(){return n}):n)}catch(e){return Promise.reject(e)}},m=function(t,r,n,o){return function(i){try{var a;return t&&r&&null!=o&&null!=(a=o.or)&&a.includes(i.method)?Promise.resolve(d((n||[]).map(function(e){return{ucan:t,audience:r,requiredCapabilities:[e]}}))):Promise.resolve(e.verifyUcan(t,{audience:r,requiredCapabilities:n}))}catch(e){return Promise.reject(e)}}},y=function(t,r){return function(n){try{var o,i=function(i){return o?i:Promise.resolve(f(n)).then(function(o){var i;if(n=o,"*"===t)return n;if(null!=r&&r.adminPass&&n.params.admin_pass)return n;var a=n.app.get("authentication"),c={ok:!1,value:[]},u=e.encodeKeyPair({secretKey:a.secret}).did(),l=n.app.get("authentication"),p=(t||[]).map(function(t){var r={defaultScheme:l.defaultScheme,defaultHierPart:l.defaultHierPart};return{capability:Array.isArray(t)?e.genCapability({with:{scheme:l.defaultScheme,hierPart:l.defaultHierPart},can:{namespace:t[0],segments:"string"==typeof t[1]?[t[1]]:t[1]}},r):e.genCapability(t,r),rootIssuer:u}}),h=e._get(n.params,l.client_ucan),v=e._get(n.params,l.ucan_aud);if(p.length?c=m(h,v,p,r):c.ok=!0,null!=(i=c)&&i.ok)return n;var f=function(){var t;if(null==(t=c)||!t.ok){var o=!1,i=[];p.forEach(function(t,r){var n=(e._get(t,"capability.can.namespace")||"").split(":");n[1]&&(t=e._set(t,"capability.can.namespace",n[0]),o=!0),i.push(t)}),o&&(c=m(h,v,p,r))}if(c.ok)return n;throw console.error("Ucan capabilities requirements not met: ",c,n.type,n.path),new Error("Missing proper capabilities for this action: "+n.type+": "+n.path+" - "+n.method)},d=r||{creatorPass:!1},y=d.creatorPass,g=d.loginPass,P=function(){if(y&&("*"===y||y.includes(n.method))||null!=g&&g.length&&("*"===g[1]||g[1].includes(n.method)))return Promise.resolve(new s(n.path,n,{skipJoins:!0}).get(n.id)).then(function(t){var r,o;if(y)c.ok=(null==t||null==(r=t.createdBy)?void 0:r.login)===((null==(o=n.login)?void 0:o._id)||"***");else if(g){var i,a=e._flatten(g[0].map(function(r){return e._get(t,r)}));c.ok=a.filter(function(e){return!!e}).includes(null==(i=n.login)?void 0:i._id)}})}();return P&&P.then?P.then(f):f()})},a=function(){if("$"===t)return Promise.resolve(v(n)).then(function(e){return o=1,e})}();return Promise.resolve(a&&a.then?a.then(i):i(a))}catch(e){return Promise.reject(e)}}};exports.CoreCall=s,exports.NotAuthError=u,exports.allUcanAuth=function(t,r){return function(n){try{var o=n.app.get("authentication"),i=n.auth[o.entity];if(i&&(n=e._set(n,[o.core_path,o.entity],i)),"before"===n.type){var a=n.method;return Promise.resolve(t[a]||t.all?y(t[a]||t.all,r)(n):n)}return Promise.resolve(n)}catch(e){return Promise.reject(e)}}},exports.anyAuth="*",exports.bareAuth=f,exports.genAuthService=function(t,o){/*#__PURE__*/return function(t){function i(e,r,n){var o;return void 0===r&&(r="authentication"),void 0===n&&(n={}),(o=t.call(this,e,r,n)||this).app=e,o}return n(i,t),i.prototype.create=function(t,n){try{var i,a=this,c=(null==o?void 0:o.NotAuthenticated)||u,s=a.app.get("authentication"),l=s.entity,p=s.service,h=s.ucan_path,v=void 0===h?"ucan":h,f=(null==(i=n)?void 0:i.authStrategies)||a.configuration.authStrategies;if(n||(n={}),!f.length)throw new c("No authentication strategies allowed for creating a JWT (`authStrategies`)");return Promise.resolve(a.authenticate.apply(a,[t,n].concat(f)).catch(function(e){throw new Error(e.message)})).then(function(o){if(o.accessToken)return o;var i=t.did||e._get(o,[l,"did"]),c=t.ucan||e._get(o,[l,"ucan"]);if(!i)throw new Error("No did audience provided");if(!c)throw new Error("No ucan provided to authentication call");return Promise.resolve(e.validateUcan(c).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};return e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),console.warn("Could not validate ucan",c,t.message),null})).then(function(t){function i(){var t=e.ucanToken(c);return r({accessToken:t},o,{authentication:r({},o.authentication,{payload:t})})}var u=function(){if(!t){var i=e.parseUcan(c),u=a.app.get("authentication"),s=e.encodeKeyPair({secretKey:u.secret});return Promise.resolve(e.buildUcan({audience:i.payload.aud,issuer:s,capabilities:i.payload.att})).then(function(t){var i;return c=t,n.admin_pass=!0,Promise.resolve(a.app.service(p).patch(o[l]._id,(i={},i[v]=e.ucanToken(c),i),r({},n))).then(function(){})})}}();return u&&u.then?u.then(i):i()})})}catch(e){return Promise.reject(e)}},i}(t)},exports.noThrow="$",exports.noThrowAuth=v,exports.orVerifyLoop=d,exports.ucanAuth=y,exports.updateUcan=function(){return function(t){try{var n=t.data,o=n.add,i=void 0===o?[]:o,a=n.remove,c=void 0===a?[]:a;if(!(null!=i&&i.length||null!=c&&c.length))throw new Error("No new capabilities passed");var u=t.app.get("authentication"),l=u.secret,p=u.ucan_aud,h=e.encodeKeyPair({secretKey:l}).did(),v=e.stackAbilities([].concat(i,c));return Promise.resolve(e.verifyUcan(t.params.login.ucan,{audience:e._get(t.params,p),requiredCapabilities:v.map(function(e){return{capability:e,rootIssuer:h}})})).then(function(n){if(null==n||!n.ok)throw new Error("You don't have sufficient capabilities to grant those capabilities");var o=t.id,a=t.data.service||"logins",u=t.data.path||"ucan";return Promise.resolve(new s(a,t,{skipJoins:!0}).get(o)).then(function(n){var p=e.parseUcan(e._get(n,u)).payload,h=p.aud,v=p.att,f=p.prf,d=[].concat(v);return null!=c&&c.length&&(d=e.reduceAbilities(c,v)),null!=i&&i.length&&(d=e.stackAbilities([].concat(v,i))),Promise.resolve(e.buildUcan(r({issuer:e.encodeKeyPair({secretKey:l}),audience:h,proofs:f},t.data,{capabilities:d}))).then(function(r){var n=e.ucanToken(r);return Promise.resolve(e.validateUcan(n)).then(function(e){var r;if(!e)throw new Error("Invalid ucan generated when updating");return Promise.resolve(new s(a,t).patch(o,(r={},r[u]=n,r))).then(function(e){return t.result={raw:t.data,encoded:n,subject:e},t})})})})})}catch(e){return Promise.reject(e)}}},exports.verifyAgainstReqs=m;

package/lib/index.esm.js

@@ -1 +1 @@
-import{verifyUcan as e,_get as r,_set as t,_flatten as n,encodeKeyPair as o,genCapability as i,stackAbilities as c,parseUcan as u,reduceAbilities as a,buildUcan as s,ucanToken as l,validateUcan as f}from"symbol-ucan";function v(){return v=Object.assign?Object.assign.bind():function(e){for(var r=1;r<arguments.length;r++){var t=arguments[r];for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(e[n]=t[n])}return e},v.apply(this,arguments)}function h(e){return h=Object.setPrototypeOf?Object.getPrototypeOf.bind():function(e){return e.__proto__||Object.getPrototypeOf(e)},h(e)}function p(e,r){return p=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(e,r){return e.__proto__=r,e},p(e,r)}function d(e,r,t){return d=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){})),!0}catch(e){return!1}}()?Reflect.construct.bind():function(e,r,t){var n=[null];n.push.apply(n,r);var o=new(Function.bind.apply(e,n));return t&&p(o,t.prototype),o},d.apply(null,arguments)}function m(e){var r="function"==typeof Map?new Map:void 0;return m=function(e){if(null===e||-1===Function.toString.call(e).indexOf("[native code]"))return e;if("function"!=typeof e)throw new TypeError("Super expression must either be null or a function");if(void 0!==r){if(r.has(e))return r.get(e);r.set(e,t)}function t(){return d(e,arguments,h(this).constructor)}return t.prototype=Object.create(e.prototype,{constructor:{value:t,enumerable:!1,writable:!0,configurable:!0}}),p(t,e)},m(e)}var y=/*#__PURE__*/function(e){var r,t;function n(r){return e.call(this,r)||this}return t=e,(r=n).prototype=Object.create(t.prototype),r.prototype.constructor=r,p(r,t),n}(/*#__PURE__*/m(Error)),P=function(e,r){},g=/*#__PURE__*/function(){function e(e,r,t){var n;this.context=void 0,this.service=void 0,this.core=void 0,this.service=e,this.context=r,this.core=v({},null==(n=r.params)?void 0:n.core,t)}var r=e.prototype;return r.get=function(e,r){void 0===r&&(r={});try{var t,n=this;return Promise.resolve(null==(t=n.context.app)?void 0:t.service(n.service).get(e,v({},r,{core:n.core})))}catch(e){return Promise.reject(e)}},r.find=function(e){void 0===e&&(e={});try{var r,t=this;return Promise.resolve(null==(r=t.context.app)?void 0:r.service(t.service).find(v({},e,{core:t.core})))}catch(e){return Promise.reject(e)}},r.create=function(e,r){void 0===r&&(r={});try{var t,n=this;return Promise.resolve(null==(t=n.context.app)?void 0:t.service(n.service).create(e,v({},r,{core:n.core})))}catch(e){return Promise.reject(e)}},r.patch=function(e,r,t){void 0===t&&(t={});try{var n,o=this;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service).patch(e,r,v({},t,{core:o.core})))}catch(e){return Promise.reject(e)}},r.update=function(e,r,t){void 0===t&&(t={});try{var n,o=this;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service).update(e,r,v({},t,{core:o.core})))}catch(e){return Promise.reject(e)}},r.remove=function(e,r){void 0===r&&(r={});try{var t,n=this;return null==(t=n.context.app)||t.service(n.service).remove(e,v({},r,{core:n.core})),Promise.resolve()}catch(e){return Promise.reject(e)}},r._get=function(e,r){void 0===r&&(r={});try{var t,n=this;return Promise.resolve(null==(t=n.context.app)?void 0:t.service(n.service)._get(e,v({},r,{core:n.core})))}catch(e){return Promise.reject(e)}},r._find=function(e){void 0===e&&(e={});try{var r,t=this;return Promise.resolve(null==(r=t.context.app)?void 0:r.service(t.service)._find(v({},e,{core:t.core})))}catch(e){return Promise.reject(e)}},r._create=function(e,r){void 0===r&&(r={});try{var t,n=this;return Promise.resolve(null==(t=n.context.app)?void 0:t.service(n.service)._create(e,v({},r,{core:n.core})))}catch(e){return Promise.reject(e)}},r._patch=function(e,r,t){void 0===t&&(t={});try{var n,o=this;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service)._patch(e,r,v({},t,{core:o.core})))}catch(e){return Promise.reject(e)}},r._update=function(e,r,t){void 0===t&&(t={});try{var n,o=this;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service)._update(e,r,v({},t,{core:o.core})))}catch(e){return Promise.reject(e)}},r._remove=function(e,r){void 0===r&&(r={});try{var t,n=this;return null==(t=n.context.app)||t.service(n.service)._remove(e,v({},r,{core:n.core})),Promise.resolve()}catch(e){return Promise.reject(e)}},e}(),b=["ucan"];function j(e,r,t){if(!e.s){if(t instanceof w){if(!t.s)return void(t.o=j.bind(null,e,r));1&r&&(r=t.s),t=t.v}if(t&&t.then)return void t.then(j.bind(null,e,r),j.bind(null,e,2));e.s=r,e.v=t;var n=e.o;n&&n(e)}}const w=/*#__PURE__*/function(){function e(){}return e.prototype.then=function(r,t){const n=new e,o=this.s;if(o){const e=1&o?r:t;if(e){try{j(n,1,e(this.v))}catch(e){j(n,2,e)}return n}return this}return this.o=function(e){try{const o=e.v;1&e.s?j(n,1,r?r(o):o):t?j(n,1,t(o)):j(n,2,o)}catch(e){j(n,2,e)}},n},e}();var _="*",O="$",x=/*#__PURE__*/function(){function c(e,r){this.authenticate=void 0,this.configuration={entity:"user",service:"users",defaultScheme:"symbol.storage",defaultHierPart:"*"},this.authenticate=e,r&&(this.configuration=r)}var u=c.prototype;return u.noThrowAuth=function(e){try{var r,t=null==(r=e.auth)?void 0:r.login;return t&&(e.core?e.core.login=t:e.core={login:t}),Promise.resolve(this.authenticate("jwt")(e).catch(function(r){return console.error("got error in no throw auth",r),e})).then(function(){return e})}catch(e){return Promise.reject(e)}},u.bareAuth=function(e){try{var r,t=null==(r=e.auth)?void 0:r.login;return t&&(e.core?e.core.login=t:e.core={login:t}),Promise.resolve(this.authenticate("jwt")(e))}catch(e){return Promise.reject(e)}},u.orVerifyLoop=function(r){try{var t,n={ok:!1,value:[]},o=function(o,i,c){var u=[];for(var a in o)u.push(a);return function(e,r,t){var n,o,i=-1;return function c(u){try{for(;++i<e.length&&(!t||!t());)if((u=r(i))&&u.then){if(!((a=u)instanceof w&&1&a.s))return void u.then(c,o||(o=j.bind(null,n=new w,2)));u=u.v}n?j(n,1,u):n=u}catch(e){j(n||(n=new w),2,e)}var a}(),n}(u,function(o){return function(o){var i=function(){var i;if(null==(i=n)||!i.ok){var c=r[o],u=c.ucan,a=function(e,r){if(null==e)return{};var t,n,o={},i=Object.keys(e);for(n=0;n<i.length;n++)r.indexOf(t=i[n])>=0||(o[t]=e[t]);return o}(c,b);return Promise.resolve(function(r,t){try{return Promise.resolve(e(r,t))}catch(e){return Promise.reject(e)}}(u,a)).then(function(e){n=e})}t=1}();if(i&&i.then)return i.then(function(){})}(u[o])},function(){return t})}(r);return Promise.resolve(o&&o.then?o.then(function(){return n}):n)}catch(e){return Promise.reject(e)}},u.verifyAgainstReqs=function(r,t,n,o){var i=this;return function(c){try{var u;return r&&t&&null!=o&&null!=(u=o.or)&&u.includes(c.method)?Promise.resolve(i.orVerifyLoop((n||[]).map(function(e){return{ucan:r,audience:t,requiredCapabilities:[e]}}))):Promise.resolve(e(r,{audience:t,requiredCapabilities:n}))}catch(e){return Promise.reject(e)}}},u.ucanAuth=function(e,c){var u=this;return function(a){try{var s,l=function(l){return s?l:Promise.resolve(u.bareAuth(a)).then(function(s){var l,f;function v(){var e;if(null!=(e=p)&&e.ok)return a;var o=function(){function e(){if(p.ok)return a;throw console.error("Ucan capabilities requirements not met: ",p,a.type,a.path),new Error("Missing proper capabilities for this action: "+a.type+": "+a.path+" - "+a.method)}var n=function(){var e;if(null==(e=p)||!e.ok){var n=!1,o=[];m.forEach(function(e,i){var c=(r(e,"capability.can.namespace")||"").split(":");c[1]&&(e=t(e,"capability.can.namespace",c[0]),n=!0),o.push(e)});var i=function(){if(n)return Promise.resolve(u.verifyAgainstReqs(y,P,m,c)).then(function(e){p=e})}();if(i&&i.then)return i.then(function(){})}}();return n&&n.then?n.then(e):e()},i=c||{creatorPass:!1},s=i.creatorPass,l=i.loginPass,f=function(){if(s&&("*"===s||s.includes(a.method))||null!=l&&l.length&&("*"===l[1]||l[1].includes(a.method)))return Promise.resolve(new g(a.path,a,{skipJoins:!0}).get(a.id)).then(function(e){var t,o;if(s)p.ok=(null==e||null==(t=e.createdBy)?void 0:t.login)===((null==(o=a.login)?void 0:o._id)||"***");else if(l){var i,c=n(l[0].map(function(t){return r(e,t)}));p.ok=c.filter(function(e){return!!e}).includes(null==(i=a.login)?void 0:i._id)}})}();return f&&f.then?f.then(o):o()}if(a=s,"*"===e)return a;if(null!=c&&c.adminPass&&a.params.admin_pass)return a;var h=a.app.get("authentication"),p={ok:!1,value:[]},d=o({secretKey:h.secret}).did(),m=(e||[]).map(function(e){var r={defaultScheme:u.configuration.defaultScheme,defaultHierPart:u.configuration.defaultHierPart};return{capability:Array.isArray(e)?i({with:{scheme:u.configuration.defaultScheme,hierPart:u.configuration.defaultHierPart},can:{namespace:e[0],segments:"string"==typeof e[1]?[e[1]]:e[1]}},r):i(e,r),rootIssuer:d}}),y=null==(l=a.params.core)?void 0:l.client_ucan,P=null==(f=a.params.core)?void 0:f.ucan_aud,b=function(){if(m.length)return Promise.resolve(u.verifyAgainstReqs(y,P,m,c)).then(function(e){p=e});p.ok=!0}();return b&&b.then?b.then(v):v()})},f=function(){if("$"===e)return Promise.resolve(u.noThrowAuth(a)).then(function(e){return s=1,e})}();return Promise.resolve(f&&f.then?f.then(l):l(f))}catch(e){return Promise.reject(e)}}},u.allUcanAuth=function(e,r){var t=this;return function(n){try{var o,i=null==(o=n.auth)?void 0:o.login;if(i&&(n.core?n.core.login=i:n.core={login:i}),"before"===n.type){var c=n.method;return Promise.resolve(e[c]||e.all?t.ucanAuth(e[c]||e.all,r)(n):n)}return Promise.resolve(n)}catch(e){return Promise.reject(e)}}},c}(),k=function(){return function(t){try{var n=t.data,i=n.add,h=void 0===i?[]:i,p=n.remove,d=void 0===p?[]:p;if(!(null!=h&&h.length||null!=d&&d.length))throw new Error("No new capabilities passed");var m=t.app.get("authentication").secret,y=o({secretKey:m}).did(),P=c([].concat(h,d));return Promise.resolve(e(t.params.login.ucan,{audience:t.params.core.ucan_aud,requiredCapabilities:P.map(function(e){return{capability:e,rootIssuer:y}})})).then(function(e){if(null==e||!e.ok)throw new Error("You don't have sufficient capabilities to grant those capabilities");var n=t.id,i=t.data.service||"logins",p=t.data.path||"ucan";return Promise.resolve(new g(i,t,{skipJoins:!0}).get(n)).then(function(e){var y=u(r(e,p)).payload,P=y.aud,b=y.att,j=y.prf,w=[].concat(b);return null!=d&&d.length&&(w=a(d,b)),null!=h&&h.length&&(w=c([].concat(b,h))),Promise.resolve(s(v({issuer:o({secretKey:m}),audience:P,proofs:j},t.data,{capabilities:w}))).then(function(e){var r=l(e);return Promise.resolve(f(r)).then(function(e){var o;if(!e)throw new Error("Invalid ucan generated when updating");return Promise.resolve(new g(i,t).patch(n,(o={},o[p]=r,o))).then(function(e){return t.result={raw:t.data,encoded:r,subject:e},t})})})})})}catch(e){return Promise.reject(e)}}};export{g as CoreCall,y as NotAuthError,x as UcanAuth,_ as anyAuth,P as genAuthService,O as noThrow,k as updateUcan};
+import{_get as e,validateUcan as t,ucanToken as r,parseUcan as n,encodeKeyPair as o,buildUcan as i,_set as c,verifyUcan as a,genCapability as u,_flatten as s,stackAbilities as l,reduceAbilities as p}from"symbol-ucan";import{authenticate as h}from"@feathersjs/authentication";function v(){return v=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var r=arguments[t];for(var n in r)Object.prototype.hasOwnProperty.call(r,n)&&(e[n]=r[n])}return e},v.apply(this,arguments)}function f(e,t){e.prototype=Object.create(t.prototype),e.prototype.constructor=e,m(e,t)}function d(e){return d=Object.setPrototypeOf?Object.getPrototypeOf.bind():function(e){return e.__proto__||Object.getPrototypeOf(e)},d(e)}function m(e,t){return m=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(e,t){return e.__proto__=t,e},m(e,t)}function y(e,t,r){return y=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){})),!0}catch(e){return!1}}()?Reflect.construct.bind():function(e,t,r){var n=[null];n.push.apply(n,t);var o=new(Function.bind.apply(e,n));return r&&m(o,r.prototype),o},y.apply(null,arguments)}function g(e){var t="function"==typeof Map?new Map:void 0;return g=function(e){if(null===e||-1===Function.toString.call(e).indexOf("[native code]"))return e;if("function"!=typeof e)throw new TypeError("Super expression must either be null or a function");if(void 0!==t){if(t.has(e))return t.get(e);t.set(e,r)}function r(){return y(e,arguments,d(this).constructor)}return r.prototype=Object.create(e.prototype,{constructor:{value:r,enumerable:!1,writable:!0,configurable:!0}}),m(r,e)},g(e)}var P=/*#__PURE__*/function(e){function t(t){return e.call(this,t)||this}return f(t,e),t}(/*#__PURE__*/g(Error)),_=function(c,a){/*#__PURE__*/return function(c){function u(e,t,r){var n;return void 0===t&&(t="authentication"),void 0===r&&(r={}),(n=c.call(this,e,t,r)||this).app=e,n}return f(u,c),u.prototype.create=function(c,u){try{var s,l=this,p=(null==a?void 0:a.NotAuthenticated)||P,h=l.app.get("authentication"),f=h.entity,d=h.service,m=h.ucan_path,y=void 0===m?"ucan":m,g=(null==(s=u)?void 0:s.authStrategies)||l.configuration.authStrategies;if(u||(u={}),!g.length)throw new p("No authentication strategies allowed for creating a JWT (`authStrategies`)");return Promise.resolve(l.authenticate.apply(l,[c,u].concat(g)).catch(function(e){throw new Error(e.message)})).then(function(a){if(a.accessToken)return a;var s=c.did||e(a,[f,"did"]),p=c.ucan||e(a,[f,"ucan"]);if(!s)throw new Error("No did audience provided");if(!p)throw new Error("No ucan provided to authentication call");return Promise.resolve(t(p).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};return e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),console.warn("Could not validate ucan",p,t.message),null})).then(function(e){function t(){var e=r(p);return v({accessToken:e},a,{authentication:v({},a.authentication,{payload:e})})}var c=function(){if(!e){var t=n(p),c=l.app.get("authentication"),s=o({secretKey:c.secret});return Promise.resolve(i({audience:t.payload.aud,issuer:s,capabilities:t.payload.att})).then(function(e){var t;return p=e,u.admin_pass=!0,Promise.resolve(l.app.service(d).patch(a[f]._id,(t={},t[y]=r(p),t),v({},u))).then(function(){})})}}();return c&&c.then?c.then(t):t()})})}catch(e){return Promise.reject(e)}},u}(c)},b=/*#__PURE__*/function(){function e(e,t,r){var n;this.context=void 0,this.service=void 0,this.core=void 0,this.service=e,this.context=t,this.core=v({},null==(n=t.params)?void 0:n.core,r)}var t=e.prototype;return t.get=function(e,t){void 0===t&&(t={});try{var r,n,o=this,i=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service).get(e,v({},t,((n={})[i]=o.core,n))))}catch(e){return Promise.reject(e)}},t.find=function(e){void 0===e&&(e={});try{var t,r,n=this,o=n.context.app.get("authentication").core_path;return Promise.resolve(null==(t=n.context.app)?void 0:t.service(n.service).find(v({},e,((r={})[o]=n.core,r))))}catch(e){return Promise.reject(e)}},t.create=function(e,t){void 0===t&&(t={});try{var r,n,o=this,i=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service).create(e,v({},t,((n={})[i]=o.core,n))))}catch(e){return Promise.reject(e)}},t.patch=function(e,t,r){void 0===r&&(r={});try{var n,o,i=this,c=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service).patch(e,t,v({},r,((o={})[c]=i.core,o))))}catch(e){return Promise.reject(e)}},t.update=function(e,t,r){void 0===r&&(r={});try{var n,o,i=this,c=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service).update(e,t,v({},r,((o={})[c]=i.core,o))))}catch(e){return Promise.reject(e)}},t.remove=function(e,t){void 0===t&&(t={});try{var r,n,o=this,i=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service).remove(e,v({},t,((n={})[i]=o.core,n))))}catch(e){return Promise.reject(e)}},t._get=function(e,t){void 0===t&&(t={});try{var r,n,o=this,i=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service)._get(e,v({},t,((n={})[i]=o.core,n))))}catch(e){return Promise.reject(e)}},t._find=function(e){void 0===e&&(e={});try{var t,r,n=this,o=n.context.app.get("authentication").core_path;return Promise.resolve(null==(t=n.context.app)?void 0:t.service(n.service)._find(v({},e,((r={})[o]=n.core,r))))}catch(e){return Promise.reject(e)}},t._create=function(e,t){void 0===t&&(t={});try{var r,n,o=this,i=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service)._create(e,v({},t,((n={})[i]=o.core,n))))}catch(e){return Promise.reject(e)}},t._patch=function(e,t,r){void 0===r&&(r={});try{var n,o,i=this,c=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service)._patch(e,t,v({},r,((o={})[c]=i.core,o))))}catch(e){return Promise.reject(e)}},t._update=function(e,t,r){void 0===r&&(r={});try{var n,o,i=this,c=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service)._update(e,t,v({},r,((o={})[c]=i.core,o))))}catch(e){return Promise.reject(e)}},t._remove=function(e,t){void 0===t&&(t={});try{var r,n,o=this,i=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service)._remove(e,v({},t,((n={})[i]=o.core,n))))}catch(e){return Promise.reject(e)}},e}(),w=["ucan"];function j(e,t,r){if(!e.s){if(r instanceof x){if(!r.s)return void(r.o=j.bind(null,e,t));1&t&&(t=r.s),r=r.v}if(r&&r.then)return void r.then(j.bind(null,e,t),j.bind(null,e,2));e.s=t,e.v=r;var n=e.o;n&&n(e)}}const x=/*#__PURE__*/function(){function e(){}return e.prototype.then=function(t,r){const n=new e,o=this.s;if(o){const e=1&o?t:r;if(e){try{j(n,1,e(this.v))}catch(e){j(n,2,e)}return n}return this}return this.o=function(e){try{const o=e.v;1&e.s?j(n,1,t?t(o):o):r?j(n,1,r(o)):j(n,2,o)}catch(e){j(n,2,e)}},n},e}();var O="*",k="$",E=function(t){try{var r=t.app.get("authentication"),n=e(t,["auth",r.entity]);return n&&(t=c(t,[r.core_path,r.entity],n)),Promise.resolve(h("jwt")(t).catch(function(e){return console.error("got error in no throw auth",e),t})).then(function(e){return t=e})}catch(e){return Promise.reject(e)}},S=function(t){try{var r=t.app.get("authentication"),n=e(t,["auth",r.entity]);return n&&(t=c(t,[r.core_path,r.entity],n)),Promise.resolve(h("jwt")(t))}catch(e){return Promise.reject(e)}},C=function(e){try{var t,r={ok:!1,value:[]},n=function(n,o,i){var c=[];for(var u in n)c.push(u);return function(e,t,r){var n,o,i=-1;return function c(a){try{for(;++i<e.length&&(!r||!r());)if((a=t(i))&&a.then){if(!((u=a)instanceof x&&1&u.s))return void a.then(c,o||(o=j.bind(null,n=new x,2)));a=a.v}n?j(n,1,a):n=a}catch(e){j(n||(n=new x),2,e)}var u}(),n}(c,function(n){return function(n){var o=function(){var o;if(null==(o=r)||!o.ok){var i=e[n],c=i.ucan,u=function(e,t){if(null==e)return{};var r,n,o={},i=Object.keys(e);for(n=0;n<i.length;n++)t.indexOf(r=i[n])>=0||(o[r]=e[r]);return o}(i,w);return Promise.resolve(function(e,t){try{return Promise.resolve(a(e,t))}catch(e){return Promise.reject(e)}}(c,u)).then(function(e){r=e})}t=1}();if(o&&o.then)return o.then(function(){})}(c[n])},function(){return t})}(e);return Promise.resolve(n&&n.then?n.then(function(){return r}):r)}catch(e){return Promise.reject(e)}},N=function(e,t,r,n){return function(o){try{var i;return e&&t&&null!=n&&null!=(i=n.or)&&i.includes(o.method)?Promise.resolve(C((r||[]).map(function(r){return{ucan:e,audience:t,requiredCapabilities:[r]}}))):Promise.resolve(a(e,{audience:t,requiredCapabilities:r}))}catch(e){return Promise.reject(e)}}},R=function(t,r){return function(n){try{var i,a=function(a){return i?a:Promise.resolve(S(n)).then(function(i){var a;if(n=i,"*"===t)return n;if(null!=r&&r.adminPass&&n.params.admin_pass)return n;var l=n.app.get("authentication"),p={ok:!1,value:[]},h=o({secretKey:l.secret}).did(),v=n.app.get("authentication"),f=(t||[]).map(function(e){var t={defaultScheme:v.defaultScheme,defaultHierPart:v.defaultHierPart};return{capability:Array.isArray(e)?u({with:{scheme:v.defaultScheme,hierPart:v.defaultHierPart},can:{namespace:e[0],segments:"string"==typeof e[1]?[e[1]]:e[1]}},t):u(e,t),rootIssuer:h}}),d=e(n.params,v.client_ucan),m=e(n.params,v.ucan_aud);if(f.length?p=N(d,m,f,r):p.ok=!0,null!=(a=p)&&a.ok)return n;var y=function(){var t;if(null==(t=p)||!t.ok){var o=!1,i=[];f.forEach(function(t,r){var n=(e(t,"capability.can.namespace")||"").split(":");n[1]&&(t=c(t,"capability.can.namespace",n[0]),o=!0),i.push(t)}),o&&(p=N(d,m,f,r))}if(p.ok)return n;throw console.error("Ucan capabilities requirements not met: ",p,n.type,n.path),new Error("Missing proper capabilities for this action: "+n.type+": "+n.path+" - "+n.method)},g=r||{creatorPass:!1},P=g.creatorPass,_=g.loginPass,w=function(){if(P&&("*"===P||P.includes(n.method))||null!=_&&_.length&&("*"===_[1]||_[1].includes(n.method)))return Promise.resolve(new b(n.path,n,{skipJoins:!0}).get(n.id)).then(function(t){var r,o;if(P)p.ok=(null==t||null==(r=t.createdBy)?void 0:r.login)===((null==(o=n.login)?void 0:o._id)||"***");else if(_){var i,c=s(_[0].map(function(r){return e(t,r)}));p.ok=c.filter(function(e){return!!e}).includes(null==(i=n.login)?void 0:i._id)}})}();return w&&w.then?w.then(y):y()})},l=function(){if("$"===t)return Promise.resolve(E(n)).then(function(e){return i=1,e})}();return Promise.resolve(l&&l.then?l.then(a):a(l))}catch(e){return Promise.reject(e)}}},q=function(e,t){return function(r){try{var n=r.app.get("authentication"),o=r.auth[n.entity];if(o&&(r=c(r,[n.core_path,n.entity],o)),"before"===r.type){var i=r.method;return Promise.resolve(e[i]||e.all?R(e[i]||e.all,t)(r):r)}return Promise.resolve(r)}catch(e){return Promise.reject(e)}}},I=function(){return function(c){try{var u=c.data,s=u.add,h=void 0===s?[]:s,f=u.remove,d=void 0===f?[]:f;if(!(null!=h&&h.length||null!=d&&d.length))throw new Error("No new capabilities passed");var m=c.app.get("authentication"),y=m.secret,g=m.ucan_aud,P=o({secretKey:y}).did(),_=l([].concat(h,d));return Promise.resolve(a(c.params.login.ucan,{audience:e(c.params,g),requiredCapabilities:_.map(function(e){return{capability:e,rootIssuer:P}})})).then(function(a){if(null==a||!a.ok)throw new Error("You don't have sufficient capabilities to grant those capabilities");var u=c.id,s=c.data.service||"logins",f=c.data.path||"ucan";return Promise.resolve(new b(s,c,{skipJoins:!0}).get(u)).then(function(a){var m=n(e(a,f)).payload,g=m.aud,P=m.att,_=m.prf,w=[].concat(P);return null!=d&&d.length&&(w=p(d,P)),null!=h&&h.length&&(w=l([].concat(P,h))),Promise.resolve(i(v({issuer:o({secretKey:y}),audience:g,proofs:_},c.data,{capabilities:w}))).then(function(e){var n=r(e);return Promise.resolve(t(n)).then(function(e){var t;if(!e)throw new Error("Invalid ucan generated when updating");return Promise.resolve(new b(s,c).patch(u,(t={},t[f]=n,t))).then(function(e){return c.result={raw:c.data,encoded:n,subject:e},c})})})})})}catch(e){return Promise.reject(e)}}};export{b as CoreCall,P as NotAuthError,q as allUcanAuth,O as anyAuth,S as bareAuth,_ as genAuthService,k as noThrow,E as noThrowAuth,C as orVerifyLoop,R as ucanAuth,I as updateUcan,N as verifyAgainstReqs};

package/lib/index.js

@@ -1 +1 @@
-import{verifyUcan as e,encodeKeyPair as t,genCapability as a,_flatten as r,_get as i,_set as n,stackAbilities as o,parseUcan as c,reduceAbilities as s,buildUcan as u,ucanToken as l,validateUcan as h}from"symbol-ucan";function p(){return p=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var a=arguments[t];for(var r in a)Object.prototype.hasOwnProperty.call(a,r)&&(e[r]=a[r])}return e},p.apply(this,arguments)}function v(e,t){if(null==e)return{};var a,r,i={},n=Object.keys(e);for(r=0;r<n.length;r++)t.indexOf(a=n[r])>=0||(i[a]=e[a]);return i}class d extends Error{constructor(e){super(e)}}const f=(e,t)=>{};class g{constructor(e,t,a){var r;this.context=void 0,this.service=void 0,this.core=void 0,this.service=e,this.context=t,this.core=p({},null==(r=t.params)?void 0:r.core,a)}async get(e,t={}){var a;return await(null==(a=this.context.app)?void 0:a.service(this.service).get(e,p({},t,{core:this.core})))}async find(e={}){var t;return await(null==(t=this.context.app)?void 0:t.service(this.service).find(p({},e,{core:this.core})))}async create(e,t={}){var a;return await(null==(a=this.context.app)?void 0:a.service(this.service).create(e,p({},t,{core:this.core})))}async patch(e,t,a={}){var r;return await(null==(r=this.context.app)?void 0:r.service(this.service).patch(e,t,p({},a,{core:this.core})))}async update(e,t,a={}){var r;return await(null==(r=this.context.app)?void 0:r.service(this.service).update(e,t,p({},a,{core:this.core})))}async remove(e,t={}){var a;null==(a=this.context.app)||a.service(this.service).remove(e,p({},t,{core:this.core}))}async _get(e,t={}){var a;return await(null==(a=this.context.app)?void 0:a.service(this.service)._get(e,p({},t,{core:this.core})))}async _find(e={}){var t;return await(null==(t=this.context.app)?void 0:t.service(this.service)._find(p({},e,{core:this.core})))}async _create(e,t={}){var a;return await(null==(a=this.context.app)?void 0:a.service(this.service)._create(e,p({},t,{core:this.core})))}async _patch(e,t,a={}){var r;return await(null==(r=this.context.app)?void 0:r.service(this.service)._patch(e,t,p({},a,{core:this.core})))}async _update(e,t,a={}){var r;return await(null==(r=this.context.app)?void 0:r.service(this.service)._update(e,t,p({},a,{core:this.core})))}async _remove(e,t={}){var a;null==(a=this.context.app)||a.service(this.service)._remove(e,p({},t,{core:this.core}))}}const y=["ucan"],w="*",m="$";class b{constructor(e,t){this.authenticate=void 0,this.configuration={entity:"user",service:"users",defaultScheme:"symbol.storage",defaultHierPart:"*"},this.authenticate=e,t&&(this.configuration=t)}async noThrowAuth(e){var t;const a=null==(t=e.auth)?void 0:t.login;return a&&(e.core?e.core.login=a:e.core={login:a}),await this.authenticate("jwt")(e).catch(t=>(console.error("got error in no throw auth",t),e)),e}async bareAuth(e){var t;const a=null==(t=e.auth)?void 0:t.login;return a&&(e.core?e.core.login=a:e.core={login:a}),this.authenticate("jwt")(e)}async orVerifyLoop(t){let a={ok:!1,value:[]};const r=async function(t,a){return await e(t,a)};for(const e in t){var i;if(null!=(i=a)&&i.ok)break;{const i=t[e],{ucan:n}=i,o=v(i,y);a=await r(n,o)}}return a}verifyAgainstReqs(t,a,r,i){var n=this;return async function(o){var c;return t&&a&&null!=i&&null!=(c=i.or)&&c.includes(o.method)?await n.orVerifyLoop((r||[]).map(e=>({ucan:t,audience:a,requiredCapabilities:[e]}))):await e(t,{audience:a,requiredCapabilities:r})}}ucanAuth(e,o){var c=this;return async function(s){var u,l,h;if("$"===e)return await c.noThrowAuth(s);if(s=await c.bareAuth(s),"*"===e)return s;if(null!=o&&o.adminPass&&s.params.admin_pass)return s;const{secret:p}=s.app.get("authentication");let v={ok:!1,value:[]};const d=t({secretKey:p}).did(),f=(e||[]).map(e=>{const t={defaultScheme:c.configuration.defaultScheme,defaultHierPart:c.configuration.defaultHierPart};return{capability:Array.isArray(e)?a({with:{scheme:c.configuration.defaultScheme,hierPart:c.configuration.defaultHierPart},can:{namespace:e[0],segments:"string"==typeof e[1]?[e[1]]:e[1]}},t):a(e,t),rootIssuer:d}}),y=null==(u=s.params.core)?void 0:u.client_ucan,w=null==(l=s.params.core)?void 0:l.ucan_aud;if(f.length?v=await c.verifyAgainstReqs(y,w,f,o):v.ok=!0,null!=(h=v)&&h.ok)return s;{var m;const{creatorPass:e,loginPass:t}=o||{creatorPass:!1};if(e&&("*"===e||e.includes(s.method))||null!=t&&t.length&&("*"===t[1]||t[1].includes(s.method))){const a=await new g(s.path,s,{skipJoins:!0}).get(s.id);var b,_;if(e)v.ok=(null==a||null==(b=a.createdBy)?void 0:b.login)===((null==(_=s.login)?void 0:_._id)||"***");else if(t){var x;const e=r(t[0].map(e=>i(a,e)));v.ok=e.filter(e=>!!e).includes(null==(x=s.login)?void 0:x._id)}}if(null==(m=v)||!m.ok){let e=!1;f.forEach((t,a)=>{const r=(i(t,"capability.can.namespace")||"").split(":");r[1]&&(t=n(t,"capability.can.namespace",r[0]),e=!0)}),e&&(v=await c.verifyAgainstReqs(y,w,f,o))}if(v.ok)return s;throw console.error("Ucan capabilities requirements not met: ",v,s.type,s.path),new Error("Missing proper capabilities for this action: "+s.type+": "+s.path+" - "+s.method)}}}allUcanAuth(e,t){var a=this;return async function(r){var i;const n=null==(i=r.auth)?void 0:i.login;if(n&&(r.core?r.core.login=n:r.core={login:n}),"before"===r.type){const{method:i}=r;return e[i]||e.all?a.ucanAuth(e[i]||e.all,t)(r):r}return r}}}const _=()=>async a=>{const{add:r=[],remove:n=[]}=a.data;if(!(null!=r&&r.length||null!=n&&n.length))throw new Error("No new capabilities passed");const{secret:v}=a.app.get("authentication"),d=t({secretKey:v}).did(),f=o([...r,...n]),y=await e(a.params.login.ucan,{audience:a.params.core.ucan_aud,requiredCapabilities:f.map(e=>({capability:e,rootIssuer:d}))});if(null==y||!y.ok)throw new Error("You don't have sufficient capabilities to grant those capabilities");const w=a.id,m=a.data.service||"logins",b=a.data.path||"ucan",_=await new g(m,a,{skipJoins:!0}).get(w),x=c(i(_,b)),{aud:k,att:A,prf:P}=x.payload;let j=[...A];null!=n&&n.length&&(j=s(n,A)),null!=r&&r.length&&(j=o([...A,...r]));const q=await u(p({issuer:t({secretKey:v}),audience:k,proofs:P},a.data,{capabilities:j})),E=l(q);if(!await h(E))throw new Error("Invalid ucan generated when updating");const O=await new g(m,a).patch(w,{[b]:E});return a.result={raw:a.data,encoded:E,subject:O},a};export{g as CoreCall,d as NotAuthError,b as UcanAuth,w as anyAuth,f as genAuthService,m as noThrow,_ as updateUcan};
+import{_get as t,validateUcan as e,parseUcan as a,encodeKeyPair as n,buildUcan as i,ucanToken as r,_set as c,verifyUcan as s,genCapability as o,_flatten as u,stackAbilities as h,reduceAbilities as p}from"symbol-ucan";import{authenticate as l}from"@feathersjs/authentication";function d(){return d=Object.assign?Object.assign.bind():function(t){for(var e=1;e<arguments.length;e++){var a=arguments[e];for(var n in a)Object.prototype.hasOwnProperty.call(a,n)&&(t[n]=a[n])}return t},d.apply(this,arguments)}function v(t,e){if(null==t)return{};var a,n,i={},r=Object.keys(t);for(n=0;n<r.length;n++)e.indexOf(a=r[n])>=0||(i[a]=t[a]);return i}class g extends Error{constructor(t){super(t)}}const f=(c,s)=>class extends c{constructor(t,e="authentication",a={}){super(t,e,a),this.app=t}async create(c,o){var u;const h=(null==s?void 0:s.NotAuthenticated)||g,{entity:p,service:l,ucan_path:v="ucan"}=this.app.get("authentication"),f=(null==(u=o)?void 0:u.authStrategies)||this.configuration.authStrategies;if(o||(o={}),!f.length)throw new h("No authentication strategies allowed for creating a JWT (`authStrategies`)");const y=await this.authenticate(c,o,...f).catch(t=>{throw new Error(t.message)});if(y.accessToken)return y;const w=c.did||t(y,[p,"did"]);let m=c.ucan||t(y,[p,"ucan"]);if(!w)throw new Error("No did audience provided");if(!m)throw new Error("No ucan provided to authentication call");if(!await e(m).catch(t=>{console.log("Could not validate ucan: ",t.message);const e={code:0,message:"Unknown Issue Validating Ucan"};return t.message.indexOf("Expired.")>-1&&(e.code=1,e.message="Expired Ucan"),console.warn("Could not validate ucan",m,e.message),null})){const t=a(m);let{secret:e}=this.app.get("authentication");const c=n({secretKey:e});m=await i({audience:t.payload.aud,issuer:c,capabilities:t.payload.att}),o.admin_pass=!0,await this.app.service(l).patch(y[p]._id,{[v]:r(m)},d({},o))}const _=r(m);return d({accessToken:_},y,{authentication:d({},y.authentication,{payload:_})})}};class y{constructor(t,e,a){var n;this.context=void 0,this.service=void 0,this.core=void 0,this.service=t,this.context=e,this.core=d({},null==(n=e.params)?void 0:n.core,a)}async get(t,e={}){var a;const{core_path:n}=this.context.app.get("authentication");return null==(a=this.context.app)?void 0:a.service(this.service).get(t,d({},e,{[n]:this.core}))}async find(t={}){var e;const{core_path:a}=this.context.app.get("authentication");return null==(e=this.context.app)?void 0:e.service(this.service).find(d({},t,{[a]:this.core}))}async create(t,e={}){var a;const{core_path:n}=this.context.app.get("authentication");return null==(a=this.context.app)?void 0:a.service(this.service).create(t,d({},e,{[n]:this.core}))}async patch(t,e,a={}){var n;const{core_path:i}=this.context.app.get("authentication");return null==(n=this.context.app)?void 0:n.service(this.service).patch(t,e,d({},a,{[i]:this.core}))}async update(t,e,a={}){var n;const{core_path:i}=this.context.app.get("authentication");return null==(n=this.context.app)?void 0:n.service(this.service).update(t,e,d({},a,{[i]:this.core}))}async remove(t,e={}){var a;const{core_path:n}=this.context.app.get("authentication");return null==(a=this.context.app)?void 0:a.service(this.service).remove(t,d({},e,{[n]:this.core}))}async _get(t,e={}){var a;const{core_path:n}=this.context.app.get("authentication");return null==(a=this.context.app)?void 0:a.service(this.service)._get(t,d({},e,{[n]:this.core}))}async _find(t={}){var e;const{core_path:a}=this.context.app.get("authentication");return null==(e=this.context.app)?void 0:e.service(this.service)._find(d({},t,{[a]:this.core}))}async _create(t,e={}){var a;const{core_path:n}=this.context.app.get("authentication");return null==(a=this.context.app)?void 0:a.service(this.service)._create(t,d({},e,{[n]:this.core}))}async _patch(t,e,a={}){var n;const{core_path:i}=this.context.app.get("authentication");return null==(n=this.context.app)?void 0:n.service(this.service)._patch(t,e,d({},a,{[i]:this.core}))}async _update(t,e,a={}){var n;const{core_path:i}=this.context.app.get("authentication");return null==(n=this.context.app)?void 0:n.service(this.service)._update(t,e,d({},a,{[i]:this.core}))}async _remove(t,e={}){var a;const{core_path:n}=this.context.app.get("authentication");return null==(a=this.context.app)?void 0:a.service(this.service)._remove(t,d({},e,{[n]:this.core}))}}const w=["ucan"],m="*",_="$",x=async e=>{const a=e.app.get("authentication"),n=t(e,["auth",a.entity]);return n&&(e=c(e,[a.core_path,a.entity],n)),e=await l("jwt")(e).catch(t=>(console.error("got error in no throw auth",t),e))},b=async e=>{const a=e.app.get("authentication"),n=t(e,["auth",a.entity]);return n&&(e=c(e,[a.core_path,a.entity],n)),l("jwt")(e)},k=async t=>{let e={ok:!1,value:[]};const a=async(t,e)=>await s(t,e);for(const i in t){var n;if(null!=(n=e)&&n.ok)break;{const n=t[i],{ucan:r}=n,c=v(n,w);e=await a(r,c)}}return e},E=(t,e,a,n)=>async i=>{var r;return t&&e&&null!=n&&null!=(r=n.or)&&r.includes(i.method)?await k((a||[]).map(a=>({ucan:t,audience:e,requiredCapabilities:[a]}))):await s(t,{audience:e,requiredCapabilities:a})},P=(e,a)=>async i=>{var r;if("$"===e)return await x(i);if(i=await b(i),"*"===e)return i;if(null!=a&&a.adminPass&&i.params.admin_pass)return i;const{secret:s}=i.app.get("authentication");let h={ok:!1,value:[]};const p=n({secretKey:s}).did(),l=i.app.get("authentication"),d=(e||[]).map(t=>{const e={defaultScheme:l.defaultScheme,defaultHierPart:l.defaultHierPart};return{capability:Array.isArray(t)?o({with:{scheme:l.defaultScheme,hierPart:l.defaultHierPart},can:{namespace:t[0],segments:"string"==typeof t[1]?[t[1]]:t[1]}},e):o(t,e),rootIssuer:p}}),v=t(i.params,l.client_ucan),g=t(i.params,l.ucan_aud);if(d.length?h=E(v,g,d,a):h.ok=!0,null!=(r=h)&&r.ok)return i;{var f;const{creatorPass:e,loginPass:n}=a||{creatorPass:!1};if(e&&("*"===e||e.includes(i.method))||null!=n&&n.length&&("*"===n[1]||n[1].includes(i.method))){const a=await new y(i.path,i,{skipJoins:!0}).get(i.id);var w,m;if(e)h.ok=(null==a||null==(w=a.createdBy)?void 0:w.login)===((null==(m=i.login)?void 0:m._id)||"***");else if(n){var _;const e=u(n[0].map(e=>t(a,e)));h.ok=e.filter(t=>!!t).includes(null==(_=i.login)?void 0:_._id)}}if(null==(f=h)||!f.ok){let e=!1;d.forEach((a,n)=>{const i=(t(a,"capability.can.namespace")||"").split(":");i[1]&&(a=c(a,"capability.can.namespace",i[0]),e=!0)}),e&&(h=E(v,g,d,a))}if(h.ok)return i;throw console.error("Ucan capabilities requirements not met: ",h,i.type,i.path),new Error("Missing proper capabilities for this action: "+i.type+": "+i.path+" - "+i.method)}},j=(t,e)=>async a=>{const n=a.app.get("authentication"),i=a.auth[n.entity];if(i&&(a=c(a,[n.core_path,n.entity],i)),"before"===a.type){const{method:n}=a;return t[n]||t.all?P(t[n]||t.all,e)(a):a}return a},O=()=>async c=>{const{add:o=[],remove:u=[]}=c.data;if(!(null!=o&&o.length||null!=u&&u.length))throw new Error("No new capabilities passed");const{secret:l,ucan_aud:v}=c.app.get("authentication"),g=n({secretKey:l}).did(),f=h([...o,...u]),w=await s(c.params.login.ucan,{audience:t(c.params,v),requiredCapabilities:f.map(t=>({capability:t,rootIssuer:g}))});if(null==w||!w.ok)throw new Error("You don't have sufficient capabilities to grant those capabilities");const m=c.id,_=c.data.service||"logins",x=c.data.path||"ucan",b=await new y(_,c,{skipJoins:!0}).get(m),k=a(t(b,x)),{aud:E,att:P,prf:j}=k.payload;let O=[...P];null!=u&&u.length&&(O=p(u,P)),null!=o&&o.length&&(O=h([...P,...o]));const S=await i(d({issuer:n({secretKey:l}),audience:E,proofs:j},c.data,{capabilities:O})),C=r(S);if(!await e(C))throw new Error("Invalid ucan generated when updating");const N=await new y(_,c).patch(m,{[x]:C});return c.result={raw:c.data,encoded:C,subject:N},c};export{y as CoreCall,g as NotAuthError,j as allUcanAuth,m as anyAuth,b as bareAuth,f as genAuthService,_ as noThrow,x as noThrowAuth,k as orVerifyLoop,P as ucanAuth,O as updateUcan,E as verifyAgainstReqs};

package/lib/index.umd.js

@@ -1 +1 @@
-!function(e,r){"object"==typeof exports&&"undefined"!=typeof module?r(exports,require("symbol-ucan")):"function"==typeof define&&define.amd?define(["exports","symbol-ucan"],r):r((e||self).feathersUcan={},e.symbolUcan)}(this,function(e,r){function t(){return t=Object.assign?Object.assign.bind():function(e){for(var r=1;r<arguments.length;r++){var t=arguments[r];for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(e[n]=t[n])}return e},t.apply(this,arguments)}function n(e){return n=Object.setPrototypeOf?Object.getPrototypeOf.bind():function(e){return e.__proto__||Object.getPrototypeOf(e)},n(e)}function o(e,r){return o=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(e,r){return e.__proto__=r,e},o(e,r)}function i(e,r,t){return i=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){})),!0}catch(e){return!1}}()?Reflect.construct.bind():function(e,r,t){var n=[null];n.push.apply(n,r);var i=new(Function.bind.apply(e,n));return t&&o(i,t.prototype),i},i.apply(null,arguments)}function c(e){var r="function"==typeof Map?new Map:void 0;return c=function(e){if(null===e||-1===Function.toString.call(e).indexOf("[native code]"))return e;if("function"!=typeof e)throw new TypeError("Super expression must either be null or a function");if(void 0!==r){if(r.has(e))return r.get(e);r.set(e,t)}function t(){return i(e,arguments,n(this).constructor)}return t.prototype=Object.create(e.prototype,{constructor:{value:t,enumerable:!1,writable:!0,configurable:!0}}),o(t,e)},c(e)}var u=/*#__PURE__*/function(e){var r,t;function n(r){return e.call(this,r)||this}return t=e,(r=n).prototype=Object.create(t.prototype),r.prototype.constructor=r,o(r,t),n}(/*#__PURE__*/c(Error)),a=/*#__PURE__*/function(){function e(e,r,n){var o;this.context=void 0,this.service=void 0,this.core=void 0,this.service=e,this.context=r,this.core=t({},null==(o=r.params)?void 0:o.core,n)}var r=e.prototype;return r.get=function(e,r){void 0===r&&(r={});try{var n,o=this;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service).get(e,t({},r,{core:o.core})))}catch(e){return Promise.reject(e)}},r.find=function(e){void 0===e&&(e={});try{var r,n=this;return Promise.resolve(null==(r=n.context.app)?void 0:r.service(n.service).find(t({},e,{core:n.core})))}catch(e){return Promise.reject(e)}},r.create=function(e,r){void 0===r&&(r={});try{var n,o=this;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service).create(e,t({},r,{core:o.core})))}catch(e){return Promise.reject(e)}},r.patch=function(e,r,n){void 0===n&&(n={});try{var o,i=this;return Promise.resolve(null==(o=i.context.app)?void 0:o.service(i.service).patch(e,r,t({},n,{core:i.core})))}catch(e){return Promise.reject(e)}},r.update=function(e,r,n){void 0===n&&(n={});try{var o,i=this;return Promise.resolve(null==(o=i.context.app)?void 0:o.service(i.service).update(e,r,t({},n,{core:i.core})))}catch(e){return Promise.reject(e)}},r.remove=function(e,r){void 0===r&&(r={});try{var n,o=this;return null==(n=o.context.app)||n.service(o.service).remove(e,t({},r,{core:o.core})),Promise.resolve()}catch(e){return Promise.reject(e)}},r._get=function(e,r){void 0===r&&(r={});try{var n,o=this;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service)._get(e,t({},r,{core:o.core})))}catch(e){return Promise.reject(e)}},r._find=function(e){void 0===e&&(e={});try{var r,n=this;return Promise.resolve(null==(r=n.context.app)?void 0:r.service(n.service)._find(t({},e,{core:n.core})))}catch(e){return Promise.reject(e)}},r._create=function(e,r){void 0===r&&(r={});try{var n,o=this;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service)._create(e,t({},r,{core:o.core})))}catch(e){return Promise.reject(e)}},r._patch=function(e,r,n){void 0===n&&(n={});try{var o,i=this;return Promise.resolve(null==(o=i.context.app)?void 0:o.service(i.service)._patch(e,r,t({},n,{core:i.core})))}catch(e){return Promise.reject(e)}},r._update=function(e,r,n){void 0===n&&(n={});try{var o,i=this;return Promise.resolve(null==(o=i.context.app)?void 0:o.service(i.service)._update(e,r,t({},n,{core:i.core})))}catch(e){return Promise.reject(e)}},r._remove=function(e,r){void 0===r&&(r={});try{var n,o=this;return null==(n=o.context.app)||n.service(o.service)._remove(e,t({},r,{core:o.core})),Promise.resolve()}catch(e){return Promise.reject(e)}},e}(),s=["ucan"];function l(e,r,t){if(!e.s){if(t instanceof f){if(!t.s)return void(t.o=l.bind(null,e,r));1&r&&(r=t.s),t=t.v}if(t&&t.then)return void t.then(l.bind(null,e,r),l.bind(null,e,2));e.s=r,e.v=t;var n=e.o;n&&n(e)}}const f=/*#__PURE__*/function(){function e(){}return e.prototype.then=function(r,t){const n=new e,o=this.s;if(o){const e=1&o?r:t;if(e){try{l(n,1,e(this.v))}catch(e){l(n,2,e)}return n}return this}return this.o=function(e){try{const o=e.v;1&e.s?l(n,1,r?r(o):o):t?l(n,1,t(o)):l(n,2,o)}catch(e){l(n,2,e)}},n},e}();var v=/*#__PURE__*/function(){function e(e,r){this.authenticate=void 0,this.configuration={entity:"user",service:"users",defaultScheme:"symbol.storage",defaultHierPart:"*"},this.authenticate=e,r&&(this.configuration=r)}var t=e.prototype;return t.noThrowAuth=function(e){try{var r,t=null==(r=e.auth)?void 0:r.login;return t&&(e.core?e.core.login=t:e.core={login:t}),Promise.resolve(this.authenticate("jwt")(e).catch(function(r){return console.error("got error in no throw auth",r),e})).then(function(){return e})}catch(e){return Promise.reject(e)}},t.bareAuth=function(e){try{var r,t=null==(r=e.auth)?void 0:r.login;return t&&(e.core?e.core.login=t:e.core={login:t}),Promise.resolve(this.authenticate("jwt")(e))}catch(e){return Promise.reject(e)}},t.orVerifyLoop=function(e){try{var t,n={ok:!1,value:[]},o=function(o,i,c){var u=[];for(var a in o)u.push(a);return function(e,r,t){var n,o,i=-1;return function c(u){try{for(;++i<e.length&&(!t||!t());)if((u=r(i))&&u.then){if(!((a=u)instanceof f&&1&a.s))return void u.then(c,o||(o=l.bind(null,n=new f,2)));u=u.v}n?l(n,1,u):n=u}catch(e){l(n||(n=new f),2,e)}var a}(),n}(u,function(o){return function(o){var i=function(){var i;if(null==(i=n)||!i.ok){var c=e[o],u=c.ucan,a=function(e,r){if(null==e)return{};var t,n,o={},i=Object.keys(e);for(n=0;n<i.length;n++)r.indexOf(t=i[n])>=0||(o[t]=e[t]);return o}(c,s);return Promise.resolve(function(e,t){try{return Promise.resolve(r.verifyUcan(e,t))}catch(e){return Promise.reject(e)}}(u,a)).then(function(e){n=e})}t=1}();if(i&&i.then)return i.then(function(){})}(u[o])},function(){return t})}(e);return Promise.resolve(o&&o.then?o.then(function(){return n}):n)}catch(e){return Promise.reject(e)}},t.verifyAgainstReqs=function(e,t,n,o){var i=this;return function(c){try{var u;return e&&t&&null!=o&&null!=(u=o.or)&&u.includes(c.method)?Promise.resolve(i.orVerifyLoop((n||[]).map(function(r){return{ucan:e,audience:t,requiredCapabilities:[r]}}))):Promise.resolve(r.verifyUcan(e,{audience:t,requiredCapabilities:n}))}catch(e){return Promise.reject(e)}}},t.ucanAuth=function(e,t){var n=this;return function(o){try{var i,c=function(c){return i?c:Promise.resolve(n.bareAuth(o)).then(function(i){var c,u;function s(){var e;if(null!=(e=f)&&e.ok)return o;var i=function(){function e(){if(f.ok)return o;throw console.error("Ucan capabilities requirements not met: ",f,o.type,o.path),new Error("Missing proper capabilities for this action: "+o.type+": "+o.path+" - "+o.method)}var i=function(){var e;if(null==(e=f)||!e.ok){var o=!1,i=[];h.forEach(function(e,t){var n=(r._get(e,"capability.can.namespace")||"").split(":");n[1]&&(e=r._set(e,"capability.can.namespace",n[0]),o=!0),i.push(e)});var c=function(){if(o)return Promise.resolve(n.verifyAgainstReqs(p,d,h,t)).then(function(e){f=e})}();if(c&&c.then)return c.then(function(){})}}();return i&&i.then?i.then(e):e()},c=t||{creatorPass:!1},u=c.creatorPass,s=c.loginPass,l=function(){if(u&&("*"===u||u.includes(o.method))||null!=s&&s.length&&("*"===s[1]||s[1].includes(o.method)))return Promise.resolve(new a(o.path,o,{skipJoins:!0}).get(o.id)).then(function(e){var t,n;if(u)f.ok=(null==e||null==(t=e.createdBy)?void 0:t.login)===((null==(n=o.login)?void 0:n._id)||"***");else if(s){var i,c=r._flatten(s[0].map(function(t){return r._get(e,t)}));f.ok=c.filter(function(e){return!!e}).includes(null==(i=o.login)?void 0:i._id)}})}();return l&&l.then?l.then(i):i()}if(o=i,"*"===e)return o;if(null!=t&&t.adminPass&&o.params.admin_pass)return o;var l=o.app.get("authentication"),f={ok:!1,value:[]},v=r.encodeKeyPair({secretKey:l.secret}).did(),h=(e||[]).map(function(e){var t={defaultScheme:n.configuration.defaultScheme,defaultHierPart:n.configuration.defaultHierPart};return{capability:Array.isArray(e)?r.genCapability({with:{scheme:n.configuration.defaultScheme,hierPart:n.configuration.defaultHierPart},can:{namespace:e[0],segments:"string"==typeof e[1]?[e[1]]:e[1]}},t):r.genCapability(e,t),rootIssuer:v}}),p=null==(c=o.params.core)?void 0:c.client_ucan,d=null==(u=o.params.core)?void 0:u.ucan_aud,m=function(){if(h.length)return Promise.resolve(n.verifyAgainstReqs(p,d,h,t)).then(function(e){f=e});f.ok=!0}();return m&&m.then?m.then(s):s()})},u=function(){if("$"===e)return Promise.resolve(n.noThrowAuth(o)).then(function(e){return i=1,e})}();return Promise.resolve(u&&u.then?u.then(c):c(u))}catch(e){return Promise.reject(e)}}},t.allUcanAuth=function(e,r){var t=this;return function(n){try{var o,i=null==(o=n.auth)?void 0:o.login;if(i&&(n.core?n.core.login=i:n.core={login:i}),"before"===n.type){var c=n.method;return Promise.resolve(e[c]||e.all?t.ucanAuth(e[c]||e.all,r)(n):n)}return Promise.resolve(n)}catch(e){return Promise.reject(e)}}},e}();e.CoreCall=a,e.NotAuthError=u,e.UcanAuth=v,e.anyAuth="*",e.genAuthService=function(e,r){},e.noThrow="$",e.updateUcan=function(){return function(e){try{var n=e.data,o=n.add,i=void 0===o?[]:o,c=n.remove,u=void 0===c?[]:c;if(!(null!=i&&i.length||null!=u&&u.length))throw new Error("No new capabilities passed");var s=e.app.get("authentication").secret,l=r.encodeKeyPair({secretKey:s}).did(),f=r.stackAbilities([].concat(i,u));return Promise.resolve(r.verifyUcan(e.params.login.ucan,{audience:e.params.core.ucan_aud,requiredCapabilities:f.map(function(e){return{capability:e,rootIssuer:l}})})).then(function(n){if(null==n||!n.ok)throw new Error("You don't have sufficient capabilities to grant those capabilities");var o=e.id,c=e.data.service||"logins",l=e.data.path||"ucan";return Promise.resolve(new a(c,e,{skipJoins:!0}).get(o)).then(function(n){var f=r.parseUcan(r._get(n,l)).payload,v=f.aud,h=f.att,p=f.prf,d=[].concat(h);return null!=u&&u.length&&(d=r.reduceAbilities(u,h)),null!=i&&i.length&&(d=r.stackAbilities([].concat(h,i))),Promise.resolve(r.buildUcan(t({issuer:r.encodeKeyPair({secretKey:s}),audience:v,proofs:p},e.data,{capabilities:d}))).then(function(t){var n=r.ucanToken(t);return Promise.resolve(r.validateUcan(n)).then(function(r){var t;if(!r)throw new Error("Invalid ucan generated when updating");return Promise.resolve(new a(c,e).patch(o,(t={},t[l]=n,t))).then(function(r){return e.result={raw:e.data,encoded:n,subject:r},e})})})})})}catch(e){return Promise.reject(e)}}}});
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports,require("symbol-ucan"),require("@feathersjs/authentication")):"function"==typeof define&&define.amd?define(["exports","symbol-ucan","@feathersjs/authentication"],t):t((e||self).feathersUcan={},e.symbolUcan,e.authentication)}(this,function(e,t,r){function n(){return n=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var r=arguments[t];for(var n in r)Object.prototype.hasOwnProperty.call(r,n)&&(e[n]=r[n])}return e},n.apply(this,arguments)}function i(e,t){e.prototype=Object.create(t.prototype),e.prototype.constructor=e,a(e,t)}function o(e){return o=Object.setPrototypeOf?Object.getPrototypeOf.bind():function(e){return e.__proto__||Object.getPrototypeOf(e)},o(e)}function a(e,t){return a=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(e,t){return e.__proto__=t,e},a(e,t)}function c(e,t,r){return c=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){})),!0}catch(e){return!1}}()?Reflect.construct.bind():function(e,t,r){var n=[null];n.push.apply(n,t);var i=new(Function.bind.apply(e,n));return r&&a(i,r.prototype),i},c.apply(null,arguments)}function u(e){var t="function"==typeof Map?new Map:void 0;return u=function(e){if(null===e||-1===Function.toString.call(e).indexOf("[native code]"))return e;if("function"!=typeof e)throw new TypeError("Super expression must either be null or a function");if(void 0!==t){if(t.has(e))return t.get(e);t.set(e,r)}function r(){return c(e,arguments,o(this).constructor)}return r.prototype=Object.create(e.prototype,{constructor:{value:r,enumerable:!1,writable:!0,configurable:!0}}),a(r,e)},u(e)}var s=/*#__PURE__*/function(e){function t(t){return e.call(this,t)||this}return i(t,e),t}(/*#__PURE__*/u(Error)),l=/*#__PURE__*/function(){function e(e,t,r){var i;this.context=void 0,this.service=void 0,this.core=void 0,this.service=e,this.context=t,this.core=n({},null==(i=t.params)?void 0:i.core,r)}var t=e.prototype;return t.get=function(e,t){void 0===t&&(t={});try{var r,i,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service).get(e,n({},t,((i={})[a]=o.core,i))))}catch(e){return Promise.reject(e)}},t.find=function(e){void 0===e&&(e={});try{var t,r,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(t=i.context.app)?void 0:t.service(i.service).find(n({},e,((r={})[o]=i.core,r))))}catch(e){return Promise.reject(e)}},t.create=function(e,t){void 0===t&&(t={});try{var r,i,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service).create(e,n({},t,((i={})[a]=o.core,i))))}catch(e){return Promise.reject(e)}},t.patch=function(e,t,r){void 0===r&&(r={});try{var i,o,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(i=a.context.app)?void 0:i.service(a.service).patch(e,t,n({},r,((o={})[c]=a.core,o))))}catch(e){return Promise.reject(e)}},t.update=function(e,t,r){void 0===r&&(r={});try{var i,o,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(i=a.context.app)?void 0:i.service(a.service).update(e,t,n({},r,((o={})[c]=a.core,o))))}catch(e){return Promise.reject(e)}},t.remove=function(e,t){void 0===t&&(t={});try{var r,i,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service).remove(e,n({},t,((i={})[a]=o.core,i))))}catch(e){return Promise.reject(e)}},t._get=function(e,t){void 0===t&&(t={});try{var r,i,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service)._get(e,n({},t,((i={})[a]=o.core,i))))}catch(e){return Promise.reject(e)}},t._find=function(e){void 0===e&&(e={});try{var t,r,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(t=i.context.app)?void 0:t.service(i.service)._find(n({},e,((r={})[o]=i.core,r))))}catch(e){return Promise.reject(e)}},t._create=function(e,t){void 0===t&&(t={});try{var r,i,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service)._create(e,n({},t,((i={})[a]=o.core,i))))}catch(e){return Promise.reject(e)}},t._patch=function(e,t,r){void 0===r&&(r={});try{var i,o,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(i=a.context.app)?void 0:i.service(a.service)._patch(e,t,n({},r,((o={})[c]=a.core,o))))}catch(e){return Promise.reject(e)}},t._update=function(e,t,r){void 0===r&&(r={});try{var i,o,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(i=a.context.app)?void 0:i.service(a.service)._update(e,t,n({},r,((o={})[c]=a.core,o))))}catch(e){return Promise.reject(e)}},t._remove=function(e,t){void 0===t&&(t={});try{var r,i,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service)._remove(e,n({},t,((i={})[a]=o.core,i))))}catch(e){return Promise.reject(e)}},e}(),p=["ucan"];function h(e,t,r){if(!e.s){if(r instanceof f){if(!r.s)return void(r.o=h.bind(null,e,t));1&t&&(t=r.s),r=r.v}if(r&&r.then)return void r.then(h.bind(null,e,t),h.bind(null,e,2));e.s=t,e.v=r;var n=e.o;n&&n(e)}}const f=/*#__PURE__*/function(){function e(){}return e.prototype.then=function(t,r){const n=new e,i=this.s;if(i){const e=1&i?t:r;if(e){try{h(n,1,e(this.v))}catch(e){h(n,2,e)}return n}return this}return this.o=function(e){try{const i=e.v;1&e.s?h(n,1,t?t(i):i):r?h(n,1,r(i)):h(n,2,i)}catch(e){h(n,2,e)}},n},e}();var v=function(e){try{var n=e.app.get("authentication"),i=t._get(e,["auth",n.entity]);return i&&(e=t._set(e,[n.core_path,n.entity],i)),Promise.resolve(r.authenticate("jwt")(e).catch(function(t){return console.error("got error in no throw auth",t),e})).then(function(t){return e=t})}catch(e){return Promise.reject(e)}},d=function(e){try{var n=e.app.get("authentication"),i=t._get(e,["auth",n.entity]);return i&&(e=t._set(e,[n.core_path,n.entity],i)),Promise.resolve(r.authenticate("jwt")(e))}catch(e){return Promise.reject(e)}},m=function(e){try{var r,n={ok:!1,value:[]},i=function(i,o,a){var c=[];for(var u in i)c.push(u);return function(e,t,r){var n,i,o=-1;return function a(c){try{for(;++o<e.length&&(!r||!r());)if((c=t(o))&&c.then){if(!((u=c)instanceof f&&1&u.s))return void c.then(a,i||(i=h.bind(null,n=new f,2)));c=c.v}n?h(n,1,c):n=c}catch(e){h(n||(n=new f),2,e)}var u}(),n}(c,function(i){return function(i){var o=function(){var o;if(null==(o=n)||!o.ok){var a=e[i],c=a.ucan,u=function(e,t){if(null==e)return{};var r,n,i={},o=Object.keys(e);for(n=0;n<o.length;n++)t.indexOf(r=o[n])>=0||(i[r]=e[r]);return i}(a,p);return Promise.resolve(function(e,r){try{return Promise.resolve(t.verifyUcan(e,r))}catch(e){return Promise.reject(e)}}(c,u)).then(function(e){n=e})}r=1}();if(o&&o.then)return o.then(function(){})}(c[i])},function(){return r})}(e);return Promise.resolve(i&&i.then?i.then(function(){return n}):n)}catch(e){return Promise.reject(e)}},y=function(e,r,n,i){return function(o){try{var a;return e&&r&&null!=i&&null!=(a=i.or)&&a.includes(o.method)?Promise.resolve(m((n||[]).map(function(t){return{ucan:e,audience:r,requiredCapabilities:[t]}}))):Promise.resolve(t.verifyUcan(e,{audience:r,requiredCapabilities:n}))}catch(e){return Promise.reject(e)}}},g=function(e,r){return function(n){try{var i,o=function(o){return i?o:Promise.resolve(d(n)).then(function(i){var o;if(n=i,"*"===e)return n;if(null!=r&&r.adminPass&&n.params.admin_pass)return n;var a=n.app.get("authentication"),c={ok:!1,value:[]},u=t.encodeKeyPair({secretKey:a.secret}).did(),s=n.app.get("authentication"),p=(e||[]).map(function(e){var r={defaultScheme:s.defaultScheme,defaultHierPart:s.defaultHierPart};return{capability:Array.isArray(e)?t.genCapability({with:{scheme:s.defaultScheme,hierPart:s.defaultHierPart},can:{namespace:e[0],segments:"string"==typeof e[1]?[e[1]]:e[1]}},r):t.genCapability(e,r),rootIssuer:u}}),h=t._get(n.params,s.client_ucan),f=t._get(n.params,s.ucan_aud);if(p.length?c=y(h,f,p,r):c.ok=!0,null!=(o=c)&&o.ok)return n;var v=function(){var e;if(null==(e=c)||!e.ok){var i=!1,o=[];p.forEach(function(e,r){var n=(t._get(e,"capability.can.namespace")||"").split(":");n[1]&&(e=t._set(e,"capability.can.namespace",n[0]),i=!0),o.push(e)}),i&&(c=y(h,f,p,r))}if(c.ok)return n;throw console.error("Ucan capabilities requirements not met: ",c,n.type,n.path),new Error("Missing proper capabilities for this action: "+n.type+": "+n.path+" - "+n.method)},d=r||{creatorPass:!1},m=d.creatorPass,g=d.loginPass,P=function(){if(m&&("*"===m||m.includes(n.method))||null!=g&&g.length&&("*"===g[1]||g[1].includes(n.method)))return Promise.resolve(new l(n.path,n,{skipJoins:!0}).get(n.id)).then(function(e){var r,i;if(m)c.ok=(null==e||null==(r=e.createdBy)?void 0:r.login)===((null==(i=n.login)?void 0:i._id)||"***");else if(g){var o,a=t._flatten(g[0].map(function(r){return t._get(e,r)}));c.ok=a.filter(function(e){return!!e}).includes(null==(o=n.login)?void 0:o._id)}})}();return P&&P.then?P.then(v):v()})},a=function(){if("$"===e)return Promise.resolve(v(n)).then(function(e){return i=1,e})}();return Promise.resolve(a&&a.then?a.then(o):o(a))}catch(e){return Promise.reject(e)}}};e.CoreCall=l,e.NotAuthError=s,e.allUcanAuth=function(e,r){return function(n){try{var i=n.app.get("authentication"),o=n.auth[i.entity];if(o&&(n=t._set(n,[i.core_path,i.entity],o)),"before"===n.type){var a=n.method;return Promise.resolve(e[a]||e.all?g(e[a]||e.all,r)(n):n)}return Promise.resolve(n)}catch(e){return Promise.reject(e)}}},e.anyAuth="*",e.bareAuth=d,e.genAuthService=function(e,r){/*#__PURE__*/return function(e){function o(t,r,n){var i;return void 0===r&&(r="authentication"),void 0===n&&(n={}),(i=e.call(this,t,r,n)||this).app=t,i}return i(o,e),o.prototype.create=function(e,i){try{var o,a=this,c=(null==r?void 0:r.NotAuthenticated)||s,u=a.app.get("authentication"),l=u.entity,p=u.service,h=u.ucan_path,f=void 0===h?"ucan":h,v=(null==(o=i)?void 0:o.authStrategies)||a.configuration.authStrategies;if(i||(i={}),!v.length)throw new c("No authentication strategies allowed for creating a JWT (`authStrategies`)");return Promise.resolve(a.authenticate.apply(a,[e,i].concat(v)).catch(function(e){throw new Error(e.message)})).then(function(r){if(r.accessToken)return r;var o=e.did||t._get(r,[l,"did"]),c=e.ucan||t._get(r,[l,"ucan"]);if(!o)throw new Error("No did audience provided");if(!c)throw new Error("No ucan provided to authentication call");return Promise.resolve(t.validateUcan(c).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};return e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),console.warn("Could not validate ucan",c,t.message),null})).then(function(e){function o(){var e=t.ucanToken(c);return n({accessToken:e},r,{authentication:n({},r.authentication,{payload:e})})}var u=function(){if(!e){var o=t.parseUcan(c),u=a.app.get("authentication"),s=t.encodeKeyPair({secretKey:u.secret});return Promise.resolve(t.buildUcan({audience:o.payload.aud,issuer:s,capabilities:o.payload.att})).then(function(e){var o;return c=e,i.admin_pass=!0,Promise.resolve(a.app.service(p).patch(r[l]._id,(o={},o[f]=t.ucanToken(c),o),n({},i))).then(function(){})})}}();return u&&u.then?u.then(o):o()})})}catch(e){return Promise.reject(e)}},o}(e)},e.noThrow="$",e.noThrowAuth=v,e.orVerifyLoop=m,e.ucanAuth=g,e.updateUcan=function(){return function(e){try{var r=e.data,i=r.add,o=void 0===i?[]:i,a=r.remove,c=void 0===a?[]:a;if(!(null!=o&&o.length||null!=c&&c.length))throw new Error("No new capabilities passed");var u=e.app.get("authentication"),s=u.secret,p=u.ucan_aud,h=t.encodeKeyPair({secretKey:s}).did(),f=t.stackAbilities([].concat(o,c));return Promise.resolve(t.verifyUcan(e.params.login.ucan,{audience:t._get(e.params,p),requiredCapabilities:f.map(function(e){return{capability:e,rootIssuer:h}})})).then(function(r){if(null==r||!r.ok)throw new Error("You don't have sufficient capabilities to grant those capabilities");var i=e.id,a=e.data.service||"logins",u=e.data.path||"ucan";return Promise.resolve(new l(a,e,{skipJoins:!0}).get(i)).then(function(r){var p=t.parseUcan(t._get(r,u)).payload,h=p.aud,f=p.att,v=p.prf,d=[].concat(f);return null!=c&&c.length&&(d=t.reduceAbilities(c,f)),null!=o&&o.length&&(d=t.stackAbilities([].concat(f,o))),Promise.resolve(t.buildUcan(n({issuer:t.encodeKeyPair({secretKey:s}),audience:h,proofs:v},e.data,{capabilities:d}))).then(function(r){var n=t.ucanToken(r);return Promise.resolve(t.validateUcan(n)).then(function(t){var r;if(!t)throw new Error("Invalid ucan generated when updating");return Promise.resolve(new l(a,e).patch(i,(r={},r[u]=n,r))).then(function(t){return e.result={raw:e.data,encoded:n,subject:t},e})})})})})}catch(e){return Promise.reject(e)}}},e.verifyAgainstReqs=y});

package/lib/types/index.d.ts

@@ -1,6 +1,9 @@
 export type AnyObj = {
     [key: string]: any;
 };
+export type HookContext<S = any> = {
+    [key: string]: any;
+} & S;
 export interface AuthenticationRequest {
     strategy?: string;
     [key: string]: any;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "feathers-ucan",
-  "version": "0.0.0",
+  "version": "0.0.2",
   "description": "Ucan extension of feathers jwt auth",
   "source": "src/index.ts",
   "unpkg": "lib/index.umd.js",
@@ -40,7 +40,7 @@
     "typescript": "^4.5.4"
   },
   "dependencies": {
-    "@feathersjs/feathers": "^5.0.11",
+    "@feathersjs/authentication": "^5.0.11",
     "@ucans/ucans": "^0.12.0",
     "radash": "^11.0.0",
     "symbol-ucan": "^0.0.0"