@digitalbazaar/zcap - npm Package Compare versions

Comparing version 9.0.0 to 9.0.1

lib/CapabilityDelegation.js

 /*!
- * Copyright (c) 2018-2022 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2018-2024 Digital Bazaar, Inc. All rights reserved.
  */
+import * as utils from './utils.js';
 import {CapabilityProofPurpose} from './CapabilityProofPurpose.js';
-import * as utils from './utils.js';
 
@@ -7,0 +7,0 @@ /**

lib/CapabilityInvocation.js

 /*!
- * Copyright (c) 2018-2022 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2018-2024 Digital Bazaar, Inc. All rights reserved.
  */
+import * as utils from './utils.js';
 import {CapabilityDelegation} from './CapabilityDelegation.js';
 import {CapabilityProofPurpose} from './CapabilityProofPurpose.js';
-import * as utils from './utils.js';
 
@@ -311,2 +311,21 @@ /**
 
+    // if capability is delegated, verify that it has not expired
+    if(capability.parentCapability) {
+      // verify expiration dates
+      // expires date has been previously validated, so just parse it
+      const currentCapabilityExpirationTime = Date.parse(capability.expires);
+
+      // use `utils.compareTime` to allow for allow for clock drift because
+      // we are comparing against `currentDate`
+      const {date, maxClockSkew} = this;
+      const currentDate = (date && new Date(date)) || new Date();
+      if(utils.compareTime({
+        t1: currentDate.getTime(),
+        t2: currentCapabilityExpirationTime,
+        maxClockSkew
+      }) > 0) {
+        throw new Error('The invoked capability has expired.');
+      }
+    }
+
     // run base level validation checks
@@ -313,0 +332,0 @@ const result = await this._runBaseProofValidation({proof, validateOptions});

lib/CapabilityProofPurpose.js

 /*!
- * Copyright (c) 2018-2022 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2018-2024 Digital Bazaar, Inc. All rights reserved.
  */
+import * as utils from './utils.js';
 import jsigs from 'jsonld-signatures';
-import * as utils from './utils.js';
 const {ControllerProofPurpose} = jsigs.purposes;
@@ -320,3 +320,3 @@
    *
-   * @returns {object} {verified, error}.
+   * @returns {object} An object with `{verified, error}`.
    */
@@ -450,3 +450,3 @@ async _verifyCapabilityChain({
             t1: currentDate.getTime(),
-            t2: currentCapabilityExpirationTime,
+            t2: parentExpirationTime,
             maxClockSkew
@@ -453,0 +453,0 @@ }) > 0) {

lib/utils.js

 /*!
- * Copyright (c) 2018-2022 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2018-2024 Digital Bazaar, Inc. All rights reserved.
  */
@@ -319,3 +319,3 @@ import {
  *
- * @returns {Promise<object>} {dereferencedChain}.
+ * @returns {Promise<object>} Resolves to `{dereferencedChain}`.
  */
@@ -526,4 +526,3 @@ export async function dereferenceCapabilityChain({
     if(capability.expires !== undefined) {
-      throw new Error(
-        'Root capability must not have an "expires" field.');
+      throw new Error('Root capability must not have an "expires" field.');
     }
@@ -530,0 +529,0 @@ } else {

package.json

 {
   "name": "@digitalbazaar/zcap",
-  "version": "9.0.0",
+  "version": "9.0.1",
   "description": "Authorization Capabilities reference implementation.",
@@ -31,9 +31,9 @@ "homepage": "https://github.com/digitalbazaar/zcap",
     "@digitalbazaar/ed25519-verification-key-2020": "^4.0.0",
-    "c8": "^7.11.3",
+    "c8": "^9.1.0",
     "chai": "^4.3.6",
     "cross-env": "^7.0.3",
     "eslint": "^8.17.0",
-    "eslint-config-digitalbazaar": "^3.0.0",
-    "eslint-plugin-jsdoc": "^39.3.2",
-    "eslint-plugin-unicorn": "^42.0.0",
+    "eslint-config-digitalbazaar": "^5.0.1",
+    "eslint-plugin-jsdoc": "^48.2.2",
+    "eslint-plugin-unicorn": "^51.0.1",
     "karma": "^6.3.20",
@@ -43,3 +43,3 @@ "karma-chrome-launcher": "^3.1.1",
     "karma-mocha-reporter": "^2.2.5",
-    "karma-sourcemap-loader": "^0.3.8",
+    "karma-sourcemap-loader": "^0.4.0",
     "karma-webpack": "^5.0.0",
@@ -68,3 +68,3 @@ "mocha": "^10.0.0",
   "engines": {
-    "node": ">=14"
+    "node": ">=18"
   },
@@ -71,0 +71,0 @@ "keywords": [

README.md

@@ -5,3 +5,2 @@ # zcap _(@digitalbazaar/zcap)_
 [![Coverage status](https://img.shields.io/codecov/c/github/digitalbazaar/zcap)](https://codecov.io/gh/digitalbazaar/zcap)
-[![Dependency Status](https://img.shields.io/david/digitalbazaar/zcap.svg)](https://david-dm.org/digitalbazaar/zcap)
 [![NPM Version](https://img.shields.io/npm/v/@digitalbazaar/zcap.svg)](https://npm.im/@digitalbazaar/zcap)
@@ -8,0 +7,0 @@

No alert changes

Improved metrics

Total package byte prevSize

78927

increased by0.81%

Lines of code

1716

increased by0.94%

Worsened metrics

Number of lines in readme file

67

decreased by-1.47%

No dependency changes