fix: 0.9 (#78)

package.json

@@ -16,9 +16,9 @@
   "devDependencies": {
     "lint-staged": "^13.0.3",
     "prettier": "2.7.1",
-    "simple-git-hooks": "^2.8.0",
+    "simple-git-hooks": "^2.8.1",
     "typescript": "^4.8.4",
-    "wrangler": "^2.1.11"
+    "wrangler": "^2.1.12"
   },
   "simple-git-hooks": {
     "pre-commit": "npx lint-staged"
@@ -34,14 +34,6 @@
     "singleQuote": true
   },
   "engines": {
-    "node": ">=14"
-  },
-  "pnpm": {
-    "overrides": {
-      "npx-import": "1.1.3"
-    },
-    "patchedDependencies": {
-      "npx-import@1.1.3": "patches/npx-import@1.1.3.patch"
-    }
+    "node": ">=16"
   }
 }

packages/access-api/package.json

@@ -17,14 +17,14 @@
   "author": "Hugo Dias <hugomrdias@gmail.com> (hugodias.me)",
   "license": "(Apache-2.0 OR MIT)",
   "dependencies": {
-    "@ipld/dag-ucan": "3.0.0-beta",
-    "@ucanto/client": "^1.0.1",
-    "@ucanto/core": "^1.0.1",
-    "@ucanto/interface": "^1.0.0",
-    "@ucanto/principal": "^1.0.1",
-    "@ucanto/server": "^1.0.2",
-    "@ucanto/transport": "^1.0.1",
-    "@ucanto/validator": "^1.0.2",
+    "@ipld/dag-ucan": "4.0.0-beta",
+    "@ucanto/client": "^2.0.0",
+    "@ucanto/core": "^2.0.0",
+    "@ucanto/interface": "^2.0.0",
+    "@ucanto/principal": "^2.0.0",
+    "@ucanto/server": "^2.0.0",
+    "@ucanto/transport": "^2.0.0",
+    "@ucanto/validator": "^2.0.0",
     "@web3-storage/access": "workspace:^",
     "@web3-storage/worker-utils": "0.4.3-dev",
     "multiformats": "^9.8.1",
@@ -39,7 +39,7 @@
     "@sentry/webpack-plugin": "^1.19.1",
     "@types/assert": "^1.5.6",
     "@types/git-rev-sync": "^2.0.0",
-    "@types/node": "^18.8.5",
+    "@types/node": "^18.11.0",
     "assert": "^2.0.0",
     "ava": "^4.3.3",
     "better-sqlite3": "7.6.2",
@@ -49,13 +49,13 @@
     "esbuild": "^0.15.10",
     "execa": "^6.1.0",
     "git-rev-sync": "^3.0.1",
-    "hd-scripts": "^3.0.1",
+    "hd-scripts": "^3.0.2",
     "miniflare": "^2.10.0",
     "process": "^0.11.10",
     "readable-stream": "^4.1.0",
     "sade": "^1.7.4",
     "typescript": "4.8.4",
-    "wrangler": "^2.1.11"
+    "wrangler": "^2.1.12"
   },
   "eslintConfig": {
     "extends": [

packages/access-api/src/service/identity-register.js

@@ -9,7 +9,7 @@ export function identityRegisterProvider(ctx) {
     Identity.register,
     async ({ capability, context, invocation }) => {
       await ctx.kvs.accounts.register(
-        capability.caveats.as,
+        capability.nb.as,
         capability.with,
         invocation.cid
       )
@@ -24,7 +24,7 @@ export function identityRegisterProvider(ctx) {
           to: 'david@dag.house,jchris@dag.house',
           subject: 'New w3account Created',
           textBody: `New account registered for ${
-            capability.caveats.as
+            capability.nb.as
           } with email ${capability.with.replace('mailto:', '')}`,
         })
       }

packages/access-api/src/service/identity-validate.js

@@ -1,6 +1,6 @@
 import { UCAN } from '@ucanto/core'
 import * as Server from '@ucanto/server'
-import { Principal } from '@ucanto/principal'
+import { Verifier } from '@ucanto/principal/ed25519'
 import * as Identity from '@web3-storage/access/capabilities/identity'
 
 /**
@@ -12,10 +12,10 @@ export function identityValidateProvider(ctx) {
     async ({ capability, context, invocation }) => {
       const delegation = await Identity.register
         .invoke({
-          audience: Principal.parse(invocation.issuer.did()),
+          audience: Verifier.parse(invocation.issuer.did()),
           issuer: ctx.keypair,
-          with: capability.caveats.as,
-          caveats: {
+          with: capability.nb.as,
+          nb: {
             as: capability.with,
           },
           lifetimeInSeconds: 300,
@@ -34,7 +34,7 @@ export function identityValidateProvider(ctx) {
       }
 
       await ctx.email.sendValidation({
-        to: capability.caveats.as.replace('mailto:', ''),
+        to: capability.nb.as.replace('mailto:', ''),
         url,
       })
     }

packages/access-api/src/service/index.js

@@ -1,9 +1,11 @@
 import * as Server from '@ucanto/server'
 import * as Identity from '@web3-storage/access/capabilities/identity'
+import * as Account from '@web3-storage/access/capabilities/account'
 import { identityRegisterProvider } from './identity-register.js'
 import { identityValidateProvider } from './identity-validate.js'
 import { voucherClaimProvider } from './voucher-claim.js'
 import { voucherRedeemProvider } from './voucher-redeem.js'
+import { Failure } from '@ucanto/server'
 
 /**
  * @param {import('../bindings').RouteContext} ctx
@@ -23,6 +25,35 @@ export function service(ctx) {
       claim: voucherClaimProvider(ctx),
       redeem: voucherRedeemProvider(ctx),
     },
+
+    account: {
+      // @ts-expect-error - types from query dont match handler output
+      info: Server.provide(Account.info, async ({ capability }) => {
+        const { results } = await ctx.db.fetchOne({
+          tableName: 'accounts',
+          fields: '*',
+          where: {
+            conditions: 'did =?1',
+            params: [capability.with],
+          },
+        })
+
+        if (!results) {
+          throw new Failure('Account not found...')
+        }
+        return {
+          did: results.did,
+          agent: results.agent,
+          email: results.email,
+          product: results.product,
+          updated_at: results.update_at,
+          inserted_at: results.inserted_at,
+        }
+      }),
+      // all: Server.provide(Account.all, async ({ capability }) => {
+      //   return capability
+      // }),
+    },
     // @ts-ignore
     testing: {
       pass() {

packages/access-api/src/service/voucher-claim.js

@@ -1,5 +1,4 @@
 import * as Server from '@ucanto/server'
-import { Principal } from '@ucanto/principal'
 import * as Voucher from '@web3-storage/access/capabilities/voucher'
 import { delegationToString } from '@web3-storage/access/encoding'
 
@@ -14,26 +13,24 @@ export function voucherClaimProvider(ctx) {
         issuer: ctx.keypair,
         lifetimeInSeconds: 60 * 1000,
         with: ctx.keypair.did(),
-        caveats: {
+        nb: {
           product: 'product:*',
           identity: 'mailto:*',
-          // TODO remove this
-          account: ctx.keypair.did(),
+          account: 'did:*',
         },
       })
       .delegate()
 
     const inv = await Voucher.redeem
       .invoke({
         issuer: ctx.keypair,
-        // TODO: we should not need this parse
-        audience: Principal.parse(invocation.issuer.did()),
+        audience: invocation.issuer,
         with: ctx.keypair.did(),
         lifetimeInSeconds: 60 * 10, // 10 mins
-        caveats: {
+        nb: {
           account: capability.with,
-          identity: capability.caveats.identity,
-          product: capability.caveats.product,
+          identity: capability.nb.identity,
+          product: capability.nb.product,
         },
         proofs: [proof],
       })
@@ -49,7 +46,7 @@ export function voucherClaimProvider(ctx) {
       ctx.url.host
     }/validate-email?ucan=${encoded}&did=${invocation.issuer.did()}`
     await ctx.email.sendValidation({
-      to: capability.caveats.identity.replace('mailto:', ''),
+      to: capability.nb.identity.replace('mailto:', ''),
       url,
     })
   })

packages/access-api/src/service/voucher-redeem.js

@@ -9,9 +9,9 @@ export function voucherRedeemProvider(ctx) {
     await ctx.db.insert({
       tableName: 'accounts',
       data: {
-        did: capability.caveats.account,
-        product: capability.caveats.product,
-        email: capability.caveats.identity.replace('mailto:', ''),
+        did: capability.nb.account,
+        product: capability.nb.product,
+        email: capability.nb.identity.replace('mailto:', ''),
         agent: invocation.issuer.did(),
       },
     })
@@ -26,8 +26,8 @@ export function voucherRedeemProvider(ctx) {
         to: 'david@dag.house,jchris@dag.house',
         subject: 'New w3account Created',
         textBody: `New account v1 registered for ${
-          capability.caveats.account
-        } with email ${capability.caveats.identity.replace('mailto:', '')}`,
+          capability.nb.account
+        } with email ${capability.nb.identity.replace('mailto:', '')}`,
       })
     }
   })

packages/access-api/src/ucanto/client-codec.js

@@ -5,17 +5,19 @@ import { UTF8 } from '@ucanto/transport'
 /** @type {import('./types.js').ClientCodec} */
 export const clientCodec = {
   async encode(invocations, options) {
-    /** @type {Record<string, string>} */
-    const headers = {}
+    const headers = new Headers()
     const chain = await Delegation.delegate(invocations[0])
 
     // TODO iterate over proofs and send them too
     // for (const ucan of chain.iterate()) {
     //   //
     // }
-    headers.authorization = `bearer ${UCAN.format(chain.data)}`
 
-    return { headers, body: new Uint8Array() }
+    headers.set('authorization', `bearer ${UCAN.format(chain.data)}`)
+    return {
+      headers: Object.fromEntries(headers.entries()),
+      body: new Uint8Array(),
+    }
   },
 
   decode({ headers, body }) {

packages/access-api/src/ucanto/server-codec.js

@@ -25,7 +25,7 @@ function multiValueHeader(headers, name) {
 }
 
 /**
- * @param {Record<string, string>} headers
+ * @param {Record<string, string> | Headers} headers
  */
 async function parseHeaders(headers) {
   const h = new Headers(headers)
@@ -130,7 +130,7 @@ export const serverCodec = {
    */
   encode(result) {
     return {
-      headers: HEADERS,
+      headers: Object.fromEntries(new Headers(HEADERS).entries()),
       body: UTF8.encode(JSON.stringify(result)),
     }
   },

packages/access-api/src/utils/context.js

@@ -1,4 +1,4 @@
-import { SigningPrincipal } from '@ucanto/principal'
+import { Signer } from '@ucanto/principal/ed25519'
 import { Logging } from '@web3-storage/worker-utils/logging'
 import Toucan from 'toucan-js'
 import pkg from '../../package.json'
@@ -42,7 +42,7 @@ export function getContext(request, env, ctx) {
     env: config.ENV,
   })
 
-  const keypair = SigningPrincipal.parse(config.PRIVATE_KEY)
+  const keypair = Signer.parse(config.PRIVATE_KEY)
   const url = new URL(request.url)
   return {
     log,

packages/access-api/test/helpers/context.js

@@ -1,5 +1,5 @@
-import { SigningPrincipal } from '@ucanto/principal'
-import { connection as w3connection } from '@web3-storage/access/connection'
+import { Signer } from '@ucanto/principal/ed25519'
+import { buildConnection } from '@web3-storage/access'
 import anyTest from 'ava'
 import dotenv from 'dotenv'
 import { Miniflare } from 'miniflare'
@@ -27,26 +27,27 @@ export const bindings = {
   W3ACCESS_METRICS: createAnalyticsEngine(),
 }
 
-export const serviceAuthority = SigningPrincipal.parse(bindings.PRIVATE_KEY)
+export const serviceAuthority = Signer.parse(bindings.PRIVATE_KEY)
 
 export async function context() {
-  const principal = await SigningPrincipal.generate()
+  const principal = await Signer.generate()
   const mf = new Miniflare({
     packagePath: true,
     wranglerConfigPath: true,
     sourceMap: true,
     modules: true,
     bindings,
   })
-
+  const { connection } = await buildConnection(
+    principal,
+    // @ts-ignore
+    mf.dispatchFetch.bind(mf),
+    new URL('http://localhost:8787')
+  )
   return {
     mf,
-    conn: w3connection({
-      id: principal,
-      url: new URL('http://localhost:8787'),
-      fetch: mf.dispatchFetch.bind(mf),
-    }),
-    service: SigningPrincipal.parse(bindings.PRIVATE_KEY),
+    conn: connection,
+    service: Signer.parse(bindings.PRIVATE_KEY),
     issuer: principal,
   }
 }