@digitalbazaar/zcapld - npm Package Compare versions

Comparing version 3.1.1 to 4.0.0

CHANGELOG.md

 # @digitalbazaar/zcapld ChangeLog
 
+## 4.0.0 - 2021-04-26
+
+### Fixed
+- **BREAKING**: Use [`zcap-context@1.1.0`](https://github.com/digitalbazaar/zcap-context/blob/main/CHANGELOG.md)
+  and refactor `fetchInSecurityContext` API.
+- Use [`@digitalbazaar/security-context@1.0.0`](https://github.com/digitalbazaar/security-context/blob/main/CHANGELOG.md).
+
 ## 3.1.1 - 2021-04-15
@@ -4,0 +11,0 @@

lib/constants.js

@@ -6,6 +6,12 @@ /*!
 
+const {CONTEXT_URL: ZCAP_CONTEXT_URL} = require('zcap-context');
+const secCtx = require('@digitalbazaar/security-context');
+
+const {SECURITY_CONTEXT_V1_URL, SECURITY_CONTEXT_V2_URL} = secCtx;
+
 module.exports = {
   CAPABILITY_VOCAB_URL: 'https://w3id.org/security#',
-  SECURITY_CONTEXT_V1_URL: 'https://w3id.org/security/v1',
-  SECURITY_CONTEXT_V2_URL: 'https://w3id.org/security/v2',
+  SECURITY_CONTEXT_V1_URL,
+  SECURITY_CONTEXT_V2_URL,
+  ZCAP_CONTEXT_URL,
   // 6 is probably more reasonable for Kevin Bacon reasons? but picking a
@@ -12,0 +18,0 @@ // power of 10

lib/utils.js

@@ -7,3 +7,2 @@ /*!
 const constants = require('./constants');
-const isEqual = require('lodash.isequal');
 const jsigs = require('jsonld-signatures');
@@ -144,20 +143,35 @@ const jsonld = require('jsonld');
 }) => {
-  if(url && typeof url === 'object' &&
-    (url['@context'] === constants.SECURITY_CONTEXT_V2_URL ||
-      // skip compaction when using specific contexts, this is a temporary
-      // measure until a zcap context is created
-      isEqual(url['@context'], [
-        constants.SECURITY_CONTEXT_V2_URL,
-        'https://w3id.org/security/suites/ed25519-2020/v1'
-      ])
-    )
-  ) {
-    if(!isRoot) {
-      return url;
+  // fetch/assign zcap based on the given `url` which may be
+  // a string or an object
+  let zcap;
+  if(typeof url === 'string') {
+    ({document: zcap} = await documentLoader(url));
+  } else if(url && typeof url === 'object' && url.id) {
+    // root zcaps must always be dereferenced to avoid accepting
+    // untrusted, user-provided input (because they are not signed)
+    if(isRoot) {
+      ({document: zcap} = await documentLoader(url.id));
+    } else {
+      // use user-provided object, `url`, as `zcap`
+      zcap = url;
     }
-    // since URL is for a root capability, we must dereference it
+    // ensure `url` is now a string
     url = url.id;
   }
 
-  return jsonld.compact(url, constants.SECURITY_CONTEXT_V2_URL, {
+  // ensure zcap is an object at this point
+  if(!(zcap && typeof zcap === 'object')) {
+    throw new Error(`Could not fetch capability from url "${url}".`);
+  }
+
+  // determine if zcap must be compacted to security/v2 or if
+  // it is already in a context that is understood by this library
+  const ctx = zcap['@context'];
+  if(ctx === constants.SECURITY_CONTEXT_V2_URL ||
+    ctx === constants.ZCAP_CONTEXT_URL ||
+    (Array.isArray(ctx) && ctx[0] === constants.ZCAP_CONTEXT_URL)) {
+    return zcap;
+  }
+
+  return jsonld.compact(zcap, constants.SECURITY_CONTEXT_V2_URL, {
     documentLoader, expansionMap, compactToRelative: false
@@ -164,0 +178,0 @@ });

package.json

 {
   "name": "@digitalbazaar/zcapld",
-  "version": "3.1.1",
+  "version": "4.0.0",
   "description": "Linked Data Capabilities reference implementation.",
@@ -25,5 +25,6 @@ "homepage": "https://github.com/digitalbazaar/zcapld",
   "dependencies": {
+    "@digitalbazaar/security-context": "^1.0.0",
     "jsonld": "^5.2.0",
     "jsonld-signatures": "^9.0.2",
-    "lodash.isequal": "^4.5.0"
+    "zcap-context": "^1.1.0"
   },
@@ -30,0 +31,0 @@ "devDependencies": {

README.md

@@ -6,3 +6,3 @@ # zcapld _(@digitalbazaar/zcapld)_
 [![Dependency Status](https://img.shields.io/david/digitalbazaar/zcapld.svg)](https://david-dm.org/digitalbazaar/zcapld)
-[![NPM Version](https://img.shields.io/npm/v/digitalbazaar/zcapld.svg)](https://npm.im/digitalbazaar/zcapld)
+[![NPM Version](https://img.shields.io/npm/v/@digitalbazaar/zcapld.svg)](https://npm.im/@digitalbazaar/zcapld)
 
@@ -9,0 +9,0 @@ > Javascript reference implementation for

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

60585

increased by1.78%

Lines of code

1268

increased by1.28%

Worsened metrics

Dependency count

4

increased by33.33%

Dependency changes

• + Added@digitalbazaar/security-context@^1.0.0

• + Addedzcap-context@^1.1.0

• + Added@digitalbazaar/security-context@1.0.1(transitive)

• + Addedzcap-context@1.2.1(transitive)

• - Removedlodash.isequal@^4.5.0

• - Removedlodash.isequal@4.5.0(transitive)