@web3-storage/capabilities
Advanced tools
@web3-storage/capabilities - npm Package Compare versions
Comparing version 2.2.0 to 2.3.0
@@ -5,3 +5,3 @@ export { top }; | ||
| */ | ||
| export const As: import("@ucanto/validator/src/schema.js").Schema<`did:mailto:${string}` & `did:${string}` & Types.Phantom<{ | ||
| export const As: Schema.Schema<`did:mailto:${string}` & `did:${string}` & Types.Phantom<{ | ||
| protocol: "did:"; | ||
@@ -26,3 +26,5 @@ }>, any>; | ||
| can: "access/authorize"; | ||
| with: Types.URI<"did:">; | ||
| with: `did:key:${string}` & `did:${string}` & Types.Phantom<{ | ||
| protocol: "did:"; | ||
| }>; | ||
| nb: Types.InferCaveats<{ | ||
@@ -34,3 +36,3 @@ /** | ||
| */ | ||
| as: import("@ucanto/validator/src/schema.js").Schema<`did:mailto:${string}` & `did:${string}` & Types.Phantom<{ | ||
| as: Schema.Schema<`did:mailto:${string}` & `did:${string}` & Types.Phantom<{ | ||
| protocol: "did:"; | ||
@@ -66,8 +68,48 @@ }>, any>; | ||
| export const session: Types.TheCapabilityParser<Types.CapabilityMatch<"./update", Types.URI<"did:">, { | ||
| key: import("@ucanto/validator/src/schema.js").Schema<`did:key:${string}` & `did:${string}` & Types.Phantom<{ | ||
| key: Schema.Schema<`did:key:${string}` & `did:${string}` & Types.Phantom<{ | ||
| protocol: "did:"; | ||
| }>, any>; | ||
| }>>; | ||
| export const claim: Types.TheCapabilityParser<Types.DerivedMatch<{ | ||
| can: "access/claim"; | ||
| with: (`did:mailto:${string}` & `did:${string}` & Types.Phantom<{ | ||
| protocol: "did:"; | ||
| }>) | (`did:key:${string}` & `did:${string}` & Types.Phantom<{ | ||
| protocol: "did:"; | ||
| }>); | ||
| nb?: Types.InferCaveats<{}> | undefined; | ||
| }, Types.CapabilityMatch<"*", Types.URI<"did:">, {}> | Types.DerivedMatch<{ | ||
| can: "access/*"; | ||
| with: Types.URI<"did:">; | ||
| nb?: Types.InferCaveats<{}> | undefined; | ||
| }, Types.CapabilityMatch<"*", Types.URI<"did:">, {}>>>>; | ||
| export const delegate: Types.TheCapabilityParser<Types.DerivedMatch<{ | ||
| can: "access/delegate"; | ||
| with: `did:key:${string}` & `did:${string}` & Types.Phantom<{ | ||
| protocol: "did:"; | ||
| }>; | ||
| nb: Types.InferCaveats<{ | ||
| /** | ||
| * @type {Schema.Schema<AccessDelegateDelegations>} | ||
| */ | ||
| delegations: Schema.Schema<AccessDelegateDelegations>; | ||
| }>; | ||
| }, Types.CapabilityMatch<"*", Types.URI<"did:">, {}> | Types.DerivedMatch<{ | ||
| can: "access/*"; | ||
| with: Types.URI<"did:">; | ||
| nb?: Types.InferCaveats<{}> | undefined; | ||
| }, Types.CapabilityMatch<"*", Types.URI<"did:">, {}>>>>; | ||
| export type AccessDelegateDelegations = Schema.Dictionary<string, Types.Link<unknown, number, number, 0 | 1>>; | ||
| /** | ||
| * Parsed Capability for access/delegate | ||
| */ | ||
| export type ParsedAccessDelegate = { | ||
| can: string; | ||
| nb: { | ||
| delegations?: Schema.Dictionary<string, Types.Link<unknown, number, number, 0 | 1>> | undefined; | ||
| }; | ||
| }; | ||
| import { top } from "./top.js"; | ||
| import * as Types from "@ucanto/interface"; | ||
| import { Schema } from "@ucanto/validator/src/lib.js"; | ||
| //# sourceMappingURL=access.d.ts.map |
| /** @type {import('./types.js').AbilitiesArray} */ | ||
| export const abilitiesAsStrings: import('./types.js').AbilitiesArray; | ||
| import * as Access from "./access.js"; | ||
| import * as Space from "./space.js"; | ||
@@ -9,3 +10,3 @@ import * as Top from "./top.js"; | ||
| import * as Utils from "./utils.js"; | ||
| export { Space, Top, Store, Upload, Voucher, Utils }; | ||
| export { Access, Space, Top, Store, Upload, Voucher, Utils }; | ||
| //# sourceMappingURL=index.d.ts.map |
@@ -49,2 +49,3 @@ export { top } from "./top.js"; | ||
| }>) | undefined, unknown>; | ||
| pre: Store.Schema.Schema<boolean | undefined, unknown>; | ||
| }>; | ||
@@ -84,2 +85,3 @@ }, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{ | ||
| }>) | undefined, unknown>; | ||
| pre: Store.Schema.Schema<boolean | undefined, unknown>; | ||
| }>; | ||
@@ -86,0 +88,0 @@ }, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{ |
@@ -88,2 +88,6 @@ /** | ||
| }>) | undefined, unknown>; | ||
| /** | ||
| * If true, return page of results preceding cursor. Defaults to false. | ||
| */ | ||
| pre: Schema.Schema<boolean | undefined, unknown>; | ||
| }>; | ||
@@ -155,2 +159,6 @@ }, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{ | ||
| }>) | undefined, unknown>; | ||
| /** | ||
| * If true, return page of results preceding cursor. Defaults to false. | ||
| */ | ||
| pre: Schema.Schema<boolean | undefined, unknown>; | ||
| }>; | ||
@@ -157,0 +165,0 @@ }, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{ |
@@ -86,2 +86,6 @@ /** | ||
| }>) | undefined, unknown>; | ||
| /** | ||
| * If true, return page of results preceding cursor. Defaults to false. | ||
| */ | ||
| pre: Schema.Schema<boolean | undefined, unknown>; | ||
| }>; | ||
@@ -138,2 +142,6 @@ }, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{ | ||
| }>) | undefined, unknown>; | ||
| /** | ||
| * If true, return page of results preceding cursor. Defaults to false. | ||
| */ | ||
| pre: Schema.Schema<boolean | undefined, unknown>; | ||
| }>; | ||
@@ -140,0 +148,0 @@ }, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{ |
| { | ||
| "name": "@web3-storage/capabilities", | ||
| "version": "2.2.0", | ||
| "version": "2.3.0", | ||
| "description": "Capabilities provided by web3.storage", | ||
@@ -82,3 +82,11 @@ "homepage": "https://github.com/web3-storage/w3protocol/tree/main/packages/capabilities", | ||
| "unicorn/prefer-export-from": "off", | ||
| "unicorn/no-array-reduce": "off" | ||
| "unicorn/no-array-reduce": "off", | ||
| "jsdoc/no-undefined-types": [ | ||
| "error", | ||
| { | ||
| "definedTypes": [ | ||
| "Iterable" | ||
| ] | ||
| } | ||
| ] | ||
| }, | ||
@@ -85,0 +93,0 @@ "env": { |
@@ -11,3 +11,3 @@ /** | ||
| */ | ||
| import { capability, URI, DID } from '@ucanto/validator' | ||
| import { capability, URI, DID, Schema, Failure } from '@ucanto/validator' | ||
| // @ts-ignore | ||
@@ -35,3 +35,2 @@ // eslint-disable-next-line no-unused-vars | ||
| with: URI.match({ protocol: 'did:' }), | ||
| derives: equalWith, | ||
| }), | ||
@@ -51,3 +50,3 @@ derives: equalWith, | ||
| can: 'access/authorize', | ||
| with: URI.match({ protocol: 'did:' }), | ||
| with: DID.match({ method: 'key' }), | ||
| nb: { | ||
@@ -106,1 +105,107 @@ /** | ||
| }) | ||
| export const claim = base.derive({ | ||
| to: capability({ | ||
| can: 'access/claim', | ||
| with: DID.match({ method: 'key' }).or(DID.match({ method: 'mailto' })), | ||
| derives: equalWith, | ||
| }), | ||
| derives: equalWith, | ||
| }) | ||
| // https://github.com/web3-storage/specs/blob/main/w3-access.md#accessdelegate | ||
| export const delegate = base.derive({ | ||
| to: capability({ | ||
| can: 'access/delegate', | ||
| /** | ||
| * Field MUST be a space DID with a storage provider. Delegation will be stored just like any other DAG stored using store/add capability. | ||
| * | ||
| * @see https://github.com/web3-storage/specs/blob/main/w3-access.md#delegate-with | ||
| */ | ||
| with: DID.match({ method: 'key' }), | ||
| nb: { | ||
| // keys SHOULD be CIDs, but we won't require it in the schema | ||
| /** | ||
| * @type {Schema.Schema<AccessDelegateDelegations>} | ||
| */ | ||
| delegations: Schema.dictionary({ | ||
| value: Schema.Link.match(), | ||
| }), | ||
| }, | ||
| derives: (claim, proof) => { | ||
| return ( | ||
| fail(equalWith(claim, proof)) || | ||
| fail(subsetsNbDelegations(claim, proof)) || | ||
| true | ||
| ) | ||
| }, | ||
| }), | ||
| derives: (claim, proof) => { | ||
| // no need to check claim.nb.delegations is subset of proof | ||
| // because the proofs types here never include constraints on the nb.delegations set | ||
| return fail(equalWith(claim, proof)) || true | ||
| }, | ||
| }) | ||
| /** | ||
| * @typedef {Schema.Dictionary<string, Types.Link<unknown, number, number, 0 | 1>>} AccessDelegateDelegations | ||
| */ | ||
| /** | ||
| * Parsed Capability for access/delegate | ||
| * | ||
| * @typedef {object} ParsedAccessDelegate | ||
| * @property {string} can | ||
| * @property {object} nb | ||
| * @property {AccessDelegateDelegations} [nb.delegations] | ||
| */ | ||
| /** | ||
| * returns whether the claimed ucan is proves by the proof ucan. | ||
| * both are access/delegate, or at least have same semantics for `nb.delegations`, which is a set of delegations. | ||
| * checks that the claimed delegation set is equal to or less than the proven delegation set. | ||
| * usable with {import('@ucanto/interface').Derives}. | ||
| * | ||
| * @param {ParsedAccessDelegate} claim | ||
| * @param {ParsedAccessDelegate} proof | ||
| */ | ||
| function subsetsNbDelegations(claim, proof) { | ||
| const missingProofs = setDifference( | ||
| delegatedCids(claim), | ||
| new Set(delegatedCids(proof)) | ||
| ) | ||
| if (missingProofs.size > 0) { | ||
| return new Failure( | ||
| `unauthorized nb.delegations ${[...missingProofs].join(', ')}` | ||
| ) | ||
| } | ||
| return true | ||
| } | ||
| /** | ||
| * iterate delegated UCAN CIDs from an access/delegate capability.nb.delegations value. | ||
| * | ||
| * @param {ParsedAccessDelegate} delegate | ||
| * @returns {Iterable<string>} | ||
| */ | ||
| function* delegatedCids(delegate) { | ||
| for (const d of Object.values(delegate.nb.delegations || {})) { | ||
| yield d.toString() | ||
| } | ||
| } | ||
| /** | ||
| * @template S | ||
| * @param {Iterable<S>} minuend - set to subtract from | ||
| * @param {Set<S>} subtrahend - subtracted from minuend | ||
| */ | ||
| function setDifference(minuend, subtrahend) { | ||
| /** @type {Set<S>} */ | ||
| const difference = new Set() | ||
| for (const e of minuend) { | ||
| if (!subtrahend.has(e)) { | ||
| difference.add(e) | ||
| } | ||
| } | ||
| return difference | ||
| } |
@@ -9,3 +9,3 @@ import * as Space from './space.js' | ||
| export { Space, Top, Store, Upload, Voucher, Utils } | ||
| export { Access, Space, Top, Store, Upload, Voucher, Utils } | ||
@@ -12,0 +12,0 @@ /** @type {import('./types.js').AbilitiesArray} */ |
@@ -153,2 +153,6 @@ /** | ||
| size: Schema.integer().optional(), | ||
| /** | ||
| * If true, return page of results preceding cursor. Defaults to false. | ||
| */ | ||
| pre: Schema.boolean().optional(), | ||
| }, | ||
@@ -155,0 +159,0 @@ derives: (claimed, delegated) => { |
@@ -153,2 +153,6 @@ /** | ||
| size: Schema.integer().optional(), | ||
| /** | ||
| * If true, return page of results preceding cursor. Defaults to false. | ||
| */ | ||
| pre: Schema.boolean().optional(), | ||
| }, | ||
@@ -155,0 +159,0 @@ }), |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by8.19%
80123
- Lines of code
- increased by10.8%
1713