@web3-storage/capabilities
Advanced tools
@web3-storage/capabilities - npm Package Compare versions
Comparing version 3.0.0 to 3.1.0
@@ -46,6 +46,25 @@ export { top } from "./top.js"; | ||
| /** | ||
| * Issued by trusted authority (usually the one handling invocation that contains this proof) | ||
| * to the account (aud) to update invocation local state of the document. | ||
| * Capability is delegated by us to the user allowing them to complete the | ||
| * authorization flow. It allows us to ensure that user clicks the link and | ||
| * we don't have some rogue agent trying to impersonate user clicking the link | ||
| * in order to get access to their account. | ||
| */ | ||
| export const confirm: Types.TheCapabilityParser<Types.CapabilityMatch<"access/confirm", `did:${string}:${string}` & `did:${string}` & Types.Phantom<{ | ||
| protocol: "did:"; | ||
| }>, Schema.InferStruct<{ | ||
| iss: Schema.Schema<`did:mailto:${string}` & `did:${string}` & Types.Phantom<{ | ||
| protocol: "did:"; | ||
| }>, any>; | ||
| aud: Schema.Schema<`did:${string}:${string}` & `did:${string}` & Types.Phantom<{ | ||
| protocol: "did:"; | ||
| }>, any>; | ||
| att: Schema.Schema<Schema.InferStruct<{ | ||
| can: Schema.StringSchema<string, unknown>; | ||
| }>[], unknown>; | ||
| }>>>; | ||
| /** | ||
| * Issued by trusted authority (usually the one handling invocation) that attest | ||
| * that specific UCAN delegation has been considered authentic. | ||
| * | ||
| * @see https://github.com/web3-storage/specs/blob/main/w3-account.md#update | ||
| * @see https://github.com/web3-storage/specs/blob/main/w3-session.md#authorization-session | ||
| * | ||
@@ -56,7 +75,11 @@ * @example | ||
| iss: "did:web:web3.storage", | ||
| aud: "did:mailto:alice@web.mail", | ||
| aud: "did:key:z6Mkk89bC3JrVqKie71YEcc5M1SMVxuCgNx6zLZ8SYJsxALi", | ||
| att: [{ | ||
| with: "did:web:web3.storage", | ||
| can: "./update", | ||
| nb: { key: "did:key:zAgent" } | ||
| "with": "did:web:web3.storage", | ||
| "can": "ucan/attest", | ||
| "nb": { | ||
| "proof": { | ||
| "/": "bafyreifer23oxeyamllbmrfkkyvcqpujevuediffrpvrxmgn736f4fffui" | ||
| } | ||
| } | ||
| }], | ||
@@ -68,6 +91,4 @@ exp: null | ||
| */ | ||
| export const session: Types.TheCapabilityParser<Types.CapabilityMatch<"./update", Types.URI<"did:">, Schema.InferStruct<{ | ||
| key: Schema.Schema<`did:key:${string}` & `did:${string}` & Types.Phantom<{ | ||
| protocol: "did:"; | ||
| }>, any>; | ||
| export const session: Types.TheCapabilityParser<Types.CapabilityMatch<"ucan/attest", Types.URI<"did:">, Schema.InferStruct<{ | ||
| proof: typeof Link; | ||
| }>>>; | ||
@@ -96,2 +117,3 @@ export const claim: Types.TheCapabilityParser<Types.CapabilityMatch<"access/claim", (`did:mailto:${string}` & `did:${string}` & Types.Phantom<{ | ||
| import { Schema } from "@ucanto/validator/src/lib.js"; | ||
| import { Link } from "@ucanto/validator/src/schema.js"; | ||
| //# sourceMappingURL=access.d.ts.map |
| /** @type {import('./types.js').AbilitiesArray} */ | ||
| export const abilitiesAsStrings: import('./types.js').AbilitiesArray; | ||
| import * as Access from "./access.js"; | ||
| import * as Provider from "./provider.js"; | ||
| import * as Space from "./space.js"; | ||
@@ -10,3 +11,3 @@ import * as Top from "./top.js"; | ||
| import * as Utils from "./utils.js"; | ||
| export { Access, Space, Top, Store, Upload, Voucher, Utils }; | ||
| export { Access, Provider, Space, Top, Store, Upload, Voucher, Utils }; | ||
| //# sourceMappingURL=index.d.ts.map |
@@ -5,2 +5,3 @@ import type { TupleToUnion } from 'type-fest'; | ||
| import { space, info, recover, recoverValidation } from './space.js'; | ||
| import * as provider from './provider.js'; | ||
| import { top } from './top.js'; | ||
@@ -37,2 +38,7 @@ import { add, list, remove, store } from './store.js'; | ||
| export type AccessSession = InferInvokedCapability<typeof AccessCaps.session>; | ||
| export type AccessConfirm = InferInvokedCapability<typeof AccessCaps.confirm>; | ||
| export type ProviderAdd = InferInvokedCapability<typeof provider.add>; | ||
| export interface ProviderAddSuccess { | ||
| } | ||
| export type ProviderAddFailure = Ucanto.Failure; | ||
| export type Space = InferInvokedCapability<typeof space>; | ||
@@ -56,2 +62,3 @@ export type SpaceInfo = InferInvokedCapability<typeof info>; | ||
| Top['can'], | ||
| ProviderAdd['can'], | ||
| Space['can'], | ||
@@ -58,0 +65,0 @@ SpaceInfo['can'], |
| { | ||
| "name": "@web3-storage/capabilities", | ||
| "version": "3.0.0", | ||
| "version": "3.1.0", | ||
| "description": "Capabilities provided by web3.storage", | ||
@@ -22,2 +22,5 @@ "homepage": "https://github.com/web3-storage/w3protocol/tree/main/packages/capabilities", | ||
| "*": { | ||
| "provider": [ | ||
| "dist/src/provider" | ||
| ], | ||
| "space": [ | ||
@@ -24,0 +27,0 @@ "dist/src/space" |
@@ -11,3 +11,3 @@ /** | ||
| */ | ||
| import { capability, URI, DID, Schema, Failure } from '@ucanto/validator' | ||
| import { capability, URI, DID, Link, Schema, Failure } from '@ucanto/validator' | ||
| import * as Types from '@ucanto/interface' | ||
@@ -78,6 +78,31 @@ import { equalWith, fail, equal } from './utils.js' | ||
| /** | ||
| * Issued by trusted authority (usually the one handling invocation that contains this proof) | ||
| * to the account (aud) to update invocation local state of the document. | ||
| * Capability is delegated by us to the user allowing them to complete the | ||
| * authorization flow. It allows us to ensure that user clicks the link and | ||
| * we don't have some rogue agent trying to impersonate user clicking the link | ||
| * in order to get access to their account. | ||
| */ | ||
| export const confirm = capability({ | ||
| can: 'access/confirm', | ||
| with: DID, | ||
| nb: Schema.struct({ | ||
| iss: Account, | ||
| aud: Schema.did(), | ||
| att: CapabilityRequest.array(), | ||
| }), | ||
| derives: (claim, proof) => { | ||
| return ( | ||
| fail(equalWith(claim, proof)) || | ||
| fail(equal(claim.nb.iss, proof.nb.iss, 'iss')) || | ||
| fail(equal(claim.nb.aud, proof.nb.aud, 'aud')) || | ||
| fail(subsetCapabilities(claim.nb.att, proof.nb.att)) || | ||
| true | ||
| ) | ||
| }, | ||
| }) | ||
| /** | ||
| * Issued by trusted authority (usually the one handling invocation) that attest | ||
| * that specific UCAN delegation has been considered authentic. | ||
| * | ||
| * @see https://github.com/web3-storage/specs/blob/main/w3-account.md#update | ||
| * @see https://github.com/web3-storage/specs/blob/main/w3-session.md#authorization-session | ||
| * | ||
@@ -88,7 +113,11 @@ * @example | ||
| iss: "did:web:web3.storage", | ||
| aud: "did:mailto:alice@web.mail", | ||
| aud: "did:key:z6Mkk89bC3JrVqKie71YEcc5M1SMVxuCgNx6zLZ8SYJsxALi", | ||
| att: [{ | ||
| with: "did:web:web3.storage", | ||
| can: "./update", | ||
| nb: { key: "did:key:zAgent" } | ||
| "with": "did:web:web3.storage", | ||
| "can": "ucan/attest", | ||
| "nb": { | ||
| "proof": { | ||
| "/": "bafyreifer23oxeyamllbmrfkkyvcqpujevuediffrpvrxmgn736f4fffui" | ||
| } | ||
| } | ||
| }], | ||
@@ -101,8 +130,8 @@ exp: null | ||
| export const session = capability({ | ||
| can: './update', | ||
| can: 'ucan/attest', | ||
| // Should be web3.storage DID | ||
| with: URI.match({ protocol: 'did:' }), | ||
| nb: Schema.struct({ | ||
| // Agent DID so it can sign UCANs as did:mailto if it matches this delegation `aud` | ||
| key: DID.match({ method: 'key' }), | ||
| // UCAN delegation that is being attested. | ||
| proof: Link, | ||
| }), | ||
@@ -109,0 +138,0 @@ }) |
@@ -0,1 +1,2 @@ | ||
| import * as Provider from './provider.js' | ||
| import * as Space from './space.js' | ||
@@ -9,3 +10,3 @@ import * as Top from './top.js' | ||
| export { Access, Space, Top, Store, Upload, Voucher, Utils } | ||
| export { Access, Provider, Space, Top, Store, Upload, Voucher, Utils } | ||
@@ -15,2 +16,3 @@ /** @type {import('./types.js').AbilitiesArray} */ | ||
| Top.top.can, | ||
| Provider.add.can, | ||
| Space.space.can, | ||
@@ -17,0 +19,0 @@ Space.info.can, |
@@ -5,2 +5,3 @@ import type { TupleToUnion } from 'type-fest' | ||
| import { space, info, recover, recoverValidation } from './space.js' | ||
| import * as provider from './provider.js' | ||
| import { top } from './top.js' | ||
@@ -44,3 +45,10 @@ import { add, list, remove, store } from './store.js' | ||
| export type AccessSession = InferInvokedCapability<typeof AccessCaps.session> | ||
| export type AccessConfirm = InferInvokedCapability<typeof AccessCaps.confirm> | ||
| // Provider | ||
| export type ProviderAdd = InferInvokedCapability<typeof provider.add> | ||
| // eslint-disable-next-line @typescript-eslint/no-empty-interface | ||
| export interface ProviderAddSuccess {} | ||
| export type ProviderAddFailure = Ucanto.Failure | ||
| // Space | ||
@@ -74,2 +82,3 @@ export type Space = InferInvokedCapability<typeof space> | ||
| Top['can'], | ||
| ProviderAdd['can'], | ||
| Space['can'], | ||
@@ -76,0 +85,0 @@ SpaceInfo['can'], |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by7.96%
68661
- Number of package files
- increased by10.34%
32
- Lines of code
- increased by8.87%
1449