feat(station)!: refactor asset related data models

.github/workflows/validation.yaml

@@ -91,6 +91,8 @@ jobs:
   validate-node:
     name: 'validate-node:required'
     runs-on: ubuntu-latest
+    # disable until the frontend is ready
+    if: false
     steps:
       - name: 'Checkout'
         uses: actions/checkout@v4

apps/wallet/src/generated/control-panel/control_panel.did

@@ -248,9 +248,9 @@ type CanDeployStationResult = variant {
 // The canister modules required for the control panel.
 type UploadCanisterModulesInput = record {
   // The upgrader wasm module to use for the station canister.
-  upgrader_wasm_module : blob;
+  upgrader_wasm_module : opt blob;
   // The station wasm module to use.
-  station_wasm_module : blob;
+  station_wasm_module : opt blob;
 };
 
 // The result of uploading canister modules.

apps/wallet/src/generated/control-panel/control_panel.did.d.ts

@@ -178,8 +178,8 @@ export interface UpdateWaitingListInput {
 export type UpdateWaitingListResult = { 'Ok' : null } |
   { 'Err' : ApiError };
 export interface UploadCanisterModulesInput {
-  'station_wasm_module' : Uint8Array | number[],
-  'upgrader_wasm_module' : Uint8Array | number[],
+  'station_wasm_module' : [] | [Uint8Array | number[]],
+  'upgrader_wasm_module' : [] | [Uint8Array | number[]],
 }
 export type UploadUploadCanisterModulesInputResult = { 'Ok' : null } |
   { 'Err' : ApiError };

apps/wallet/src/generated/control-panel/control_panel.did.js

@@ -246,8 +246,8 @@ export const idlFactory = ({ IDL }) => {
     'Err' : ApiError,
   });
   const UploadCanisterModulesInput = IDL.Record({
-    'station_wasm_module' : IDL.Vec(IDL.Nat8),
-    'upgrader_wasm_module' : IDL.Vec(IDL.Nat8),
+    'station_wasm_module' : IDL.Opt(IDL.Vec(IDL.Nat8)),
+    'upgrader_wasm_module' : IDL.Opt(IDL.Vec(IDL.Nat8)),
   });
   const UploadUploadCanisterModulesInputResult = IDL.Variant({
     'Ok' : IDL.Null,

apps/wallet/src/generated/internet-identity/internet_identity.did

@@ -209,6 +209,33 @@ type RateLimitConfig = record {
     max_tokens: nat64;
 };
 
+// Captcha configuration
+// Default:
+// - max_unsolved_captchas: 500
+// - captcha_trigger: Static, CaptchaEnabled
+type CaptchaConfig = record {
+    // Maximum number of unsolved captchas.
+    max_unsolved_captchas : nat64;
+    // Configuration for when captcha protection should kick in.
+    captcha_trigger: variant {
+      // Based on the rate of registrations compared to some reference time frame and allowing some leeway.
+      Dynamic: record {
+        // Percentage of increased registration rate observed in the current rate sampling interval (compared to
+        // reference rate) at which II will enable captcha for new registrations.
+        threshold_pct: nat16;
+        // Length of the interval in seconds used to sample the current rate of registrations.
+        current_rate_sampling_interval_s: nat64;
+        // Length of the interval in seconds used to sample the reference rate of registrations.
+        reference_rate_sampling_interval_s: nat64;
+      };
+      // Statically enable / disable captcha
+      Static: variant {
+        CaptchaEnabled;
+        CaptchaDisabled;
+      }
+    };
+};
+
 // Init arguments of II which can be supplied on install and upgrade.
 // Setting a value to null keeps the previous value.
 type InternetIdentityInit = record {
@@ -228,9 +255,8 @@ type InternetIdentityInit = record {
     canister_creation_cycles_cost : opt nat64;
     // Rate limit for the `register` call.
     register_rate_limit : opt RateLimitConfig;
-    // Maximum number of inflight captchas.
-    // Default: 500
-    max_inflight_captchas: opt nat64;
+    // Configuration of the captcha in the registration flow.
+    captcha_config: opt CaptchaConfig;
 };
 
 type ChallengeKey = text;
@@ -507,7 +533,9 @@ type SignedIdAlias = record {
 };
 
 service : (opt InternetIdentityInit) -> {
-    init_salt: () -> ();
+    // Legacy identity management API
+    // ==============================
+
     create_challenge : () -> (Challenge);
     register : (DeviceData, ChallengeResult, opt principal) -> (RegisterResponse);
     add : (UserNumber, DeviceData) -> ();
@@ -522,27 +550,14 @@ service : (opt InternetIdentityInit) -> {
     get_anchor_credentials : (UserNumber) -> (AnchorCredentials) query;
     get_anchor_info : (UserNumber) -> (IdentityAnchorInfo);
     get_principal : (UserNumber, FrontendHostname) -> (principal) query;
-    stats : () -> (InternetIdentityStats) query;
 
     enter_device_registration_mode : (UserNumber) -> (Timestamp);
     exit_device_registration_mode : (UserNumber) -> ();
     add_tentative_device : (UserNumber, DeviceData) -> (AddTentativeDeviceResponse);
     verify_tentative_device : (UserNumber, verification_code: text) -> (VerifyTentativeDeviceResponse);
 
-    prepare_delegation : (UserNumber, FrontendHostname, SessionKey, maxTimeToLive : opt nat64) -> (UserKey, Timestamp);
-    get_delegation: (UserNumber, FrontendHostname, SessionKey, Timestamp) -> (GetDelegationResponse) query;
-
-    http_request: (request: HttpRequest) -> (HttpResponse) query;
-    http_request_update: (request: HttpRequest) -> (HttpResponse);
-
-    deploy_archive: (wasm: blob) -> (DeployArchiveResult);
-    // Returns a batch of entries _sorted by sequence number_ to be archived.
-    // This is an update call because the archive information _must_ be certified.
-    // Only callable by this IIs archive canister.
-    fetch_entries: () -> (vec BufferedArchiveEntry);
-    acknowledge_entries: (sequence_number: nat64) -> ();
-
-    // V2 API
+    // V2 Identity Management API
+    // ==========================
     // WARNING: The following methods are experimental and may change in the future.
 
     // Creates a new captcha. The solution needs to be submitted using the
@@ -611,8 +626,32 @@ service : (opt InternetIdentityInit) -> {
     // Requires authentication.
     authn_method_confirm: (IdentityNumber, confirmation_code: text) -> (variant {Ok; Err: AuthnMethodConfirmationError;});
 
+    // Authentication protocol
+    // =======================
+    prepare_delegation : (UserNumber, FrontendHostname, SessionKey, maxTimeToLive : opt nat64) -> (UserKey, Timestamp);
+    get_delegation: (UserNumber, FrontendHostname, SessionKey, Timestamp) -> (GetDelegationResponse) query;
+
     // Attribute Sharing MVP API
+    // =========================
     // The methods below are used to generate ID-alias credentials during attribute sharing flow.
     prepare_id_alias : (PrepareIdAliasRequest) -> (variant {Ok: PreparedIdAlias; Err: PrepareIdAliasError;});
     get_id_alias : (GetIdAliasRequest) -> (variant {Ok: IdAliasCredentials; Err: GetIdAliasError;}) query;
+
+    // HTTP Gateway protocol
+    // =====================
+    http_request: (request: HttpRequest) -> (HttpResponse) query;
+    http_request_update: (request: HttpRequest) -> (HttpResponse);
+
+    // Internal Methods
+    // ================
+    init_salt: () -> ();
+    stats : () -> (InternetIdentityStats) query;
+    config : () -> (InternetIdentityInit) query;
+
+    deploy_archive: (wasm: blob) -> (DeployArchiveResult);
+    // Returns a batch of entries _sorted by sequence number_ to be archived.
+    // This is an update call because the archive information _must_ be certified.
+    // Only callable by this IIs archive canister.
+    fetch_entries: () -> (vec BufferedArchiveEntry);
+    acknowledge_entries: (sequence_number: nat64) -> ();
 }

apps/wallet/src/generated/internet-identity/internet_identity.did.d.ts

@@ -71,6 +71,17 @@ export interface BufferedArchiveEntry {
   'anchor_number' : UserNumber,
   'timestamp' : Timestamp,
 }
+export interface CaptchaConfig {
+  'max_unsolved_captchas' : bigint,
+  'captcha_trigger' : {
+      'Dynamic' : {
+        'reference_rate_sampling_interval_s' : bigint,
+        'threshold_pct' : number,
+        'current_rate_sampling_interval_s' : bigint,
+      }
+    } |
+    { 'Static' : { 'CaptchaDisabled' : null } | { 'CaptchaEnabled' : null } },
+}
 export type CaptchaResult = ChallengeResult;
 export interface Challenge {
   'png_base64' : string,
@@ -178,9 +189,9 @@ export type IdentityRegisterError = { 'BadCaptcha' : null } |
   { 'InvalidMetadata' : string };
 export interface InternetIdentityInit {
   'assigned_user_number_range' : [] | [[bigint, bigint]],
-  'max_inflight_captchas' : [] | [bigint],
   'archive_config' : [] | [ArchiveConfig],
   'canister_creation_cycles_cost' : [] | [bigint],
+  'captcha_config' : [] | [CaptchaConfig],
   'register_rate_limit' : [] | [RateLimitConfig],
 }
 export interface InternetIdentityStats {
@@ -323,6 +334,7 @@ export interface _SERVICE {
       { 'Err' : AuthnMethodSecuritySettingsReplaceError }
   >,
   'captcha_create' : ActorMethod<[], { 'Ok' : Challenge } | { 'Err' : null }>,
+  'config' : ActorMethod<[], InternetIdentityInit>,
   'create_challenge' : ActorMethod<[], Challenge>,
   'deploy_archive' : ActorMethod<[Uint8Array | number[]], DeployArchiveResult>,
   'enter_device_registration_mode' : ActorMethod<[UserNumber], Timestamp>,

apps/wallet/src/generated/internet-identity/internet_identity.did.js

@@ -7,15 +7,29 @@ export const idlFactory = ({ IDL }) => {
     'module_hash' : IDL.Vec(IDL.Nat8),
     'entries_fetch_limit' : IDL.Nat16,
   });
+  const CaptchaConfig = IDL.Record({
+    'max_unsolved_captchas' : IDL.Nat64,
+    'captcha_trigger' : IDL.Variant({
+      'Dynamic' : IDL.Record({
+        'reference_rate_sampling_interval_s' : IDL.Nat64,
+        'threshold_pct' : IDL.Nat16,
+        'current_rate_sampling_interval_s' : IDL.Nat64,
+      }),
+      'Static' : IDL.Variant({
+        'CaptchaDisabled' : IDL.Null,
+        'CaptchaEnabled' : IDL.Null,
+      }),
+    }),
+  });
   const RateLimitConfig = IDL.Record({
     'max_tokens' : IDL.Nat64,
     'time_per_token_ns' : IDL.Nat64,
   });
   const InternetIdentityInit = IDL.Record({
     'assigned_user_number_range' : IDL.Opt(IDL.Tuple(IDL.Nat64, IDL.Nat64)),
-    'max_inflight_captchas' : IDL.Opt(IDL.Nat64),
     'archive_config' : IDL.Opt(ArchiveConfig),
     'canister_creation_cycles_cost' : IDL.Opt(IDL.Nat64),
+    'captcha_config' : IDL.Opt(CaptchaConfig),
     'register_rate_limit' : IDL.Opt(RateLimitConfig),
   });
   const UserNumber = IDL.Nat64;
@@ -402,6 +416,7 @@ export const idlFactory = ({ IDL }) => {
         [IDL.Variant({ 'Ok' : Challenge, 'Err' : IDL.Null })],
         [],
       ),
+    'config' : IDL.Func([], [InternetIdentityInit], ['query']),
     'create_challenge' : IDL.Func([], [Challenge], []),
     'deploy_archive' : IDL.Func([IDL.Vec(IDL.Nat8)], [DeployArchiveResult], []),
     'enter_device_registration_mode' : IDL.Func([UserNumber], [Timestamp], []),
@@ -490,15 +505,29 @@ export const init = ({ IDL }) => {
     'module_hash' : IDL.Vec(IDL.Nat8),
     'entries_fetch_limit' : IDL.Nat16,
   });
+  const CaptchaConfig = IDL.Record({
+    'max_unsolved_captchas' : IDL.Nat64,
+    'captcha_trigger' : IDL.Variant({
+      'Dynamic' : IDL.Record({
+        'reference_rate_sampling_interval_s' : IDL.Nat64,
+        'threshold_pct' : IDL.Nat16,
+        'current_rate_sampling_interval_s' : IDL.Nat64,
+      }),
+      'Static' : IDL.Variant({
+        'CaptchaDisabled' : IDL.Null,
+        'CaptchaEnabled' : IDL.Null,
+      }),
+    }),
+  });
   const RateLimitConfig = IDL.Record({
     'max_tokens' : IDL.Nat64,
     'time_per_token_ns' : IDL.Nat64,
   });
   const InternetIdentityInit = IDL.Record({
     'assigned_user_number_range' : IDL.Opt(IDL.Tuple(IDL.Nat64, IDL.Nat64)),
-    'max_inflight_captchas' : IDL.Opt(IDL.Nat64),
     'archive_config' : IDL.Opt(ArchiveConfig),
     'canister_creation_cycles_cost' : IDL.Opt(IDL.Nat64),
+    'captcha_config' : IDL.Opt(CaptchaConfig),
     'register_rate_limit' : IDL.Opt(RateLimitConfig),
   });
   return [IDL.Opt(InternetIdentityInit)];