diff --git a/packages/access-api/package.json b/packages/access-api/package.json index 34053dc01..f3602a7ad 100644 --- a/packages/access-api/package.json +++ b/packages/access-api/package.json @@ -18,12 +18,12 @@ "license": "(Apache-2.0 OR MIT)", "dependencies": { "@ipld/dag-ucan": "^3.2.0", - "@ucanto/core": "^5.1.0", - "@ucanto/interface": "^6.0.0", + "@ucanto/core": "^5.2.0", + "@ucanto/interface": "^6.2.0", "@ucanto/principal": "^5.1.0", - "@ucanto/server": "^6.0.0", + "@ucanto/server": "^6.1.0", "@ucanto/transport": "^5.1.0", - "@ucanto/validator": "^6.0.0", + "@ucanto/validator": "^6.1.0", "@web3-storage/access": "workspace:^", "@web3-storage/capabilities": "workspace:^", "@web3-storage/worker-utils": "0.4.3-dev", diff --git a/packages/access-api/src/routes/validate-email.js b/packages/access-api/src/routes/validate-email.js index ea3d8b199..44a523858 100644 --- a/packages/access-api/src/routes/validate-email.js +++ b/packages/access-api/src/routes/validate-email.js @@ -152,7 +152,7 @@ async function authorize(req, env) { if (confirmation.error) { throw new Error(`unable to validate access session: ${confirmation}`, { - cause: confirmation.error, + cause: confirmation, }) } @@ -168,12 +168,12 @@ async function authorize(req, env) { } ) const confirmResult = await confirm(request, { - id: env.signer.verifier, + id: env.signer, principal: Verifier, }) if (confirmResult.error) { throw new Error('error confirming', { - cause: confirmResult.error, + cause: confirmResult, }) } const { account, agent } = accessConfirm.parse(request) @@ -193,6 +193,8 @@ async function authorize(req, env) { ) ) } catch (error) { + // eslint-disable-next-line no-console + console.warn('error in validate-email', error) const err = /** @type {Error} */ (error) env.log.error(err) return new HtmlResponse( diff --git a/packages/access-api/src/service/access-authorize.js b/packages/access-api/src/service/access-authorize.js index b88265852..8ce7807c0 100644 --- a/packages/access-api/src/service/access-authorize.js +++ b/packages/access-api/src/service/access-authorize.js @@ -1,7 +1,6 @@ import * as Server from '@ucanto/server' import * as Access from '@web3-storage/capabilities/access' import * as Mailto from '../utils/did-mailto.js' -import * as DID from '@ipld/dag-ucan/did' import { delegationToString } from '@web3-storage/access/encoding' /** @@ -25,7 +24,7 @@ export function accessAuthorizeProvider(ctx) { const confirmation = await Access.confirm .invoke({ issuer: ctx.signer, - audience: DID.parse(capability.nb.iss), + audience: ctx.signer, // Because with is set to our DID no other actor will be able to issue // this delegation without our private key. with: ctx.signer.did(), diff --git a/packages/access-api/test/access-authorize.test.js b/packages/access-api/test/access-authorize.test.js index 50d3820cc..111858ded 100644 --- a/packages/access-api/test/access-authorize.test.js +++ b/packages/access-api/test/access-authorize.test.js @@ -73,7 +73,7 @@ describe('access/authorize', function () { ) const delegation = stringToDelegation(encoded) t.deepEqual(delegation.issuer.did(), service.did()) - t.deepEqual(delegation.audience.did(), accountDID) + t.deepEqual(delegation.audience.did(), service.did()) t.deepEqual(delegation.capabilities, [ { with: conn.id.did(), @@ -122,8 +122,9 @@ describe('access/authorize', function () { const url = new URL(email.url) const rsp = await mf.dispatchFetch(url, { method: 'POST' }) - const html = await rsp.text() + assert.deepEqual(rsp.status, 200) + const html = await rsp.text() assert(html.includes('Email Validated')) assert(html.includes(toEmail(accountDID))) assert(html.includes(issuer.did())) diff --git a/packages/access-api/test/store-list.js b/packages/access-api/test/store-list.js index 83bb01fe8..d133e2fd5 100644 --- a/packages/access-api/test/store-list.js +++ b/packages/access-api/test/store-list.js @@ -69,85 +69,4 @@ describe('proxy store/list invocations to upload-api', function () { assert.ok(!result?.error, 'should not be an error') }) } - - it('errors when a bad delegation is given as proof', async () => { - const mockUpstream = createMockUploadApiServer({ - // eslint-disable-next-line unicorn/no-await-expression-member - id: await ed25519.generate(), - }) - const mockUpstreamHttp = nodeHttp.createServer( - ucantoServerNodeListener(mockUpstream) - ) - await new Promise((resolve, reject) => - // eslint-disable-next-line unicorn/no-useless-undefined - mockUpstreamHttp.listen(0, () => resolve(undefined)) - ) - // now mockUpstreamHttp is listening on a port. If something goes wrong, we will close the server to have it stop litening - after(() => { - mockUpstreamHttp.close() - }) - const mockUpstreamUrl = serverLocalUrl(mockUpstreamHttp.address()) - const [alice, bob, mallory] = await Promise.all( - Array.from({ length: 3 }).map(() => ed25519.Signer.generate()) - ) - const { service: serviceSigner, conn } = await context({ - env: { - UPLOAD_API_URL: mockUpstreamUrl.toString(), - }, - }) - const service = process.env.DID - ? serviceSigner.withDID(ucanto.DID.parse(process.env.DID).did()) - : serviceSigner - const spaceCreation = await createSpace( - alice, - service, - conn, - 'space-info@dag.house' - ) - /** - * @type {Array<{ - * invocation: import('@ucanto/interface').IssuedInvocationView - * resultAssertion: (r: import('@ucanto/interface').Result) => void - * }>} */ - const cases = [ - { - invocation: Store.list.invoke({ - issuer: mallory, - audience: service, - proofs: [ - // this shouldn't work because the audience is bob, - // but its a proof an an invocation issued by mallory - await Store.list.delegate({ - issuer: alice, - audience: bob, - with: spaceCreation.space.did(), - }), - ], - with: spaceCreation.space.did(), - nb: {}, - }), - resultAssertion(result) { - assert.ok(result.error, 'result is an error') - assert.ok('name' in result, 'result has a name') - assert.equal(result.name, 'InvalidAudience') - assert.ok( - 'stack' in result && typeof result.stack === 'string', - 'result has stack string' - ) - }, - }, - ] - for (const { invocation, resultAssertion } of cases) { - const result = await invocation.execute( - /** @type {import('@ucanto/interface').ConnectionView} */ (conn) - ) - try { - resultAssertion(result) - } catch (error) { - // eslint-disable-next-line no-console - console.warn('result failed assertion', result) - throw error - } - } - }) }) diff --git a/packages/access-api/test/ucan.test.js b/packages/access-api/test/ucan.test.js index c8cfc69ee..9a492974c 100644 --- a/packages/access-api/test/ucan.test.js +++ b/packages/access-api/test/ucan.test.js @@ -75,26 +75,6 @@ describe('ucan', function () { ]) }) - test('should fail with bad service audience', async function () { - const { mf, issuer } = ctx - - const audience = await Signer.generate() - const ucan = await UCAN.issue({ - issuer, - audience, - // @ts-ignore - capabilities: [], - }) - const res = await mf.dispatchFetch('http://localhost:8787/raw', { - method: 'POST', - headers: { - Authorization: `Bearer ${UCAN.format(ucan)}`, - }, - }) - const rsp = await res.json() - t.deepEqual(rsp[0].name, 'InvalidAudience') - }) - test('should fail with with more than 1 cap', async function () { const { mf, service, issuer } = ctx diff --git a/packages/access-api/test/validate-email.test.js b/packages/access-api/test/validate-email.test.js index fd1eaeda7..0d98c2a02 100644 --- a/packages/access-api/test/validate-email.test.js +++ b/packages/access-api/test/validate-email.test.js @@ -14,7 +14,7 @@ describe('validate-email', () => { const extraBytes = getRandomValues(new Uint8Array(10 * 1024)) const ucan = await Delegation.delegate({ issuer: service, - audience: agent, + audience: service, capabilities: [ Access.confirm.create({ with: service.did(), diff --git a/packages/access-client/package.json b/packages/access-client/package.json index 883b6ebd7..2af62118e 100644 --- a/packages/access-client/package.json +++ b/packages/access-client/package.json @@ -62,11 +62,11 @@ "@ipld/dag-cbor": "^9.0.0", "@ipld/dag-ucan": "^3.2.0", "@ucanto/client": "^5.1.0", - "@ucanto/core": "^5.1.0", - "@ucanto/interface": "^6.0.0", + "@ucanto/core": "^5.2.0", + "@ucanto/interface": "^6.2.0", "@ucanto/principal": "^5.1.0", "@ucanto/transport": "^5.1.0", - "@ucanto/validator": "^6.0.0", + "@ucanto/validator": "^6.1.0", "@web3-storage/capabilities": "workspace:^", "bigint-mod-arith": "^3.1.2", "conf": "10.2.0", @@ -91,7 +91,7 @@ "@types/node": "^18.11.18", "@types/varint": "^6.0.1", "@types/ws": "^8.5.4", - "@ucanto/server": "^6.0.0", + "@ucanto/server": "^6.1.0", "assert": "^2.0.0", "delay": "^5.0.0", "hd-scripts": "^4.0.0", diff --git a/packages/capabilities/package.json b/packages/capabilities/package.json index ce4a5d5e5..7692eec6c 100644 --- a/packages/capabilities/package.json +++ b/packages/capabilities/package.json @@ -64,11 +64,11 @@ "dist/src/**/*.d.ts.map" ], "dependencies": { - "@ucanto/core": "^5.1.0", - "@ucanto/interface": "^6.0.0", + "@ucanto/core": "^5.2.0", + "@ucanto/interface": "^6.2.0", "@ucanto/principal": "^5.1.0", "@ucanto/transport": "^5.1.0", - "@ucanto/validator": "^6.0.0" + "@ucanto/validator": "^6.1.0" }, "devDependencies": { "@types/assert": "^1.5.6", diff --git a/packages/upload-api/package.json b/packages/upload-api/package.json index 1f086bef3..48112fac4 100644 --- a/packages/upload-api/package.json +++ b/packages/upload-api/package.json @@ -59,11 +59,11 @@ }, "dependencies": { "@ucanto/client": "^5.1.0", - "@ucanto/interface": "^6.0.0", + "@ucanto/interface": "^6.2.0", "@ucanto/principal": "^5.1.0", - "@ucanto/server": "^6.0.0", + "@ucanto/server": "^6.1.0", "@ucanto/transport": "^5.1.0", - "@web3-storage/capabilities": "^3.0.0", + "@web3-storage/capabilities": "workspace:^", "multiformats": "^11.0.1", "p-retry": "^5.1.2" }, @@ -71,10 +71,10 @@ "@ipld/car": "^5.0.1", "@types/mocha": "^10.0.1", "@ucanto/core": "^5.1.0", - "@web3-storage/sigv4": "^1.0.2", "@web-std/blob": "^3.0.4", - "mocha": "^10.2.0", - "hd-scripts": "^4.1.0" + "@web3-storage/sigv4": "^1.0.2", + "hd-scripts": "^4.1.0", + "mocha": "^10.2.0" }, "eslintConfig": { "extends": [ diff --git a/packages/upload-client/package.json b/packages/upload-client/package.json index 44a5ee183..9f1c2c4e0 100644 --- a/packages/upload-client/package.json +++ b/packages/upload-client/package.json @@ -67,7 +67,7 @@ "@ipld/dag-ucan": "^3.2.0", "@ipld/unixfs": "^2.0.1", "@ucanto/client": "^5.1.0", - "@ucanto/interface": "^6.0.0", + "@ucanto/interface": "^6.2.0", "@ucanto/transport": "^5.1.0", "@web3-storage/capabilities": "workspace:^", "multiformats": "^11.0.1", @@ -78,7 +78,7 @@ "@types/assert": "^1.5.6", "@types/mocha": "^10.0.1", "@ucanto/principal": "^5.1.0", - "@ucanto/server": "^6.0.0", + "@ucanto/server": "^6.1.0", "assert": "^2.0.0", "blockstore-core": "^3.0.0", "c8": "^7.12.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 053c62024..fb701471f 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -42,12 +42,12 @@ importers: '@types/node': ^18.11.18 '@types/qrcode': ^1.5.0 '@ucanto/client': ^5.1.0 - '@ucanto/core': ^5.1.0 - '@ucanto/interface': ^6.0.0 + '@ucanto/core': ^5.2.0 + '@ucanto/interface': ^6.2.0 '@ucanto/principal': ^5.1.0 - '@ucanto/server': ^6.0.0 + '@ucanto/server': ^6.1.0 '@ucanto/transport': ^5.1.0 - '@ucanto/validator': ^6.0.0 + '@ucanto/validator': ^6.1.0 '@web3-storage/access': workspace:^ '@web3-storage/capabilities': workspace:^ '@web3-storage/worker-utils': 0.4.3-dev @@ -77,12 +77,12 @@ importers: wrangler: ^2.8.0 dependencies: '@ipld/dag-ucan': 3.2.0 - '@ucanto/core': 5.1.0 - '@ucanto/interface': 6.0.0 + '@ucanto/core': 5.2.0 + '@ucanto/interface': 6.2.0 '@ucanto/principal': 5.1.0 - '@ucanto/server': 6.0.0 + '@ucanto/server': 6.1.0 '@ucanto/transport': 5.1.0 - '@ucanto/validator': 6.0.0 + '@ucanto/validator': 6.1.0 '@web3-storage/access': link:../access-client '@web3-storage/capabilities': link:../capabilities '@web3-storage/worker-utils': 0.4.3-dev @@ -134,12 +134,12 @@ importers: '@types/varint': ^6.0.1 '@types/ws': ^8.5.4 '@ucanto/client': ^5.1.0 - '@ucanto/core': ^5.1.0 - '@ucanto/interface': ^6.0.0 + '@ucanto/core': ^5.2.0 + '@ucanto/interface': ^6.2.0 '@ucanto/principal': ^5.1.0 - '@ucanto/server': ^6.0.0 + '@ucanto/server': ^6.1.0 '@ucanto/transport': ^5.1.0 - '@ucanto/validator': ^6.0.0 + '@ucanto/validator': ^6.1.0 '@web3-storage/capabilities': workspace:^ assert: ^2.0.0 bigint-mod-arith: ^3.1.2 @@ -171,11 +171,11 @@ importers: '@ipld/dag-cbor': 9.0.0 '@ipld/dag-ucan': 3.2.0 '@ucanto/client': 5.1.0 - '@ucanto/core': 5.1.0 - '@ucanto/interface': 6.0.0 + '@ucanto/core': 5.2.0 + '@ucanto/interface': 6.2.0 '@ucanto/principal': 5.1.0 '@ucanto/transport': 5.1.0 - '@ucanto/validator': 6.0.0 + '@ucanto/validator': 6.1.0 '@web3-storage/capabilities': link:../capabilities bigint-mod-arith: 3.1.2 conf: 10.2.0 @@ -199,7 +199,7 @@ importers: '@types/node': 18.11.18 '@types/varint': 6.0.1 '@types/ws': 8.5.4 - '@ucanto/server': 6.0.0 + '@ucanto/server': 6.1.0 assert: 2.0.0 delay: 5.0.0 hd-scripts: 4.0.0 @@ -259,11 +259,11 @@ importers: '@types/assert': ^1.5.6 '@types/mocha': ^10.0.0 '@types/node': ^18.11.18 - '@ucanto/core': ^5.1.0 - '@ucanto/interface': ^6.0.0 + '@ucanto/core': ^5.2.0 + '@ucanto/interface': ^6.2.0 '@ucanto/principal': ^5.1.0 '@ucanto/transport': ^5.1.0 - '@ucanto/validator': ^6.0.0 + '@ucanto/validator': ^6.1.0 assert: ^2.0.0 hd-scripts: ^4.0.0 mocha: ^10.2.0 @@ -272,11 +272,11 @@ importers: typescript: 4.9.5 watch: ^1.0.2 dependencies: - '@ucanto/core': 5.1.0 - '@ucanto/interface': 6.0.0 + '@ucanto/core': 5.2.0 + '@ucanto/interface': 6.2.0 '@ucanto/principal': 5.1.0 '@ucanto/transport': 5.1.0 - '@ucanto/validator': 6.0.0 + '@ucanto/validator': 6.1.0 devDependencies: '@types/assert': 1.5.6 '@types/mocha': 10.0.1 @@ -295,12 +295,12 @@ importers: '@types/mocha': ^10.0.1 '@ucanto/client': ^5.1.0 '@ucanto/core': ^5.1.0 - '@ucanto/interface': ^6.0.0 + '@ucanto/interface': ^6.2.0 '@ucanto/principal': ^5.1.0 - '@ucanto/server': ^6.0.0 + '@ucanto/server': ^6.1.0 '@ucanto/transport': ^5.1.0 '@web-std/blob': ^3.0.4 - '@web3-storage/capabilities': ^3.0.0 + '@web3-storage/capabilities': workspace:^ '@web3-storage/sigv4': ^1.0.2 hd-scripts: ^4.1.0 mocha: ^10.2.0 @@ -308,9 +308,9 @@ importers: p-retry: ^5.1.2 dependencies: '@ucanto/client': 5.1.0 - '@ucanto/interface': 6.0.0 + '@ucanto/interface': 6.2.0 '@ucanto/principal': 5.1.0 - '@ucanto/server': 6.0.0 + '@ucanto/server': 6.1.0 '@ucanto/transport': 5.1.0 '@web3-storage/capabilities': link:../capabilities multiformats: 11.0.1 @@ -332,9 +332,9 @@ importers: '@types/assert': ^1.5.6 '@types/mocha': ^10.0.1 '@ucanto/client': ^5.1.0 - '@ucanto/interface': ^6.0.0 + '@ucanto/interface': ^6.2.0 '@ucanto/principal': ^5.1.0 - '@ucanto/server': ^6.0.0 + '@ucanto/server': ^6.1.0 '@ucanto/transport': ^5.1.0 '@web3-storage/capabilities': workspace:^ assert: ^2.0.0 @@ -355,7 +355,7 @@ importers: '@ipld/dag-ucan': 3.2.0 '@ipld/unixfs': 2.0.1 '@ucanto/client': 5.1.0 - '@ucanto/interface': 6.0.0 + '@ucanto/interface': 6.2.0 '@ucanto/transport': 5.1.0 '@web3-storage/capabilities': link:../capabilities multiformats: 11.0.1 @@ -365,7 +365,7 @@ importers: '@types/assert': 1.5.6 '@types/mocha': 10.0.1 '@ucanto/principal': 5.1.0 - '@ucanto/server': 6.0.0 + '@ucanto/server': 6.1.0 assert: 2.0.0 blockstore-core: 3.0.0 c8: 7.12.0 @@ -3560,7 +3560,7 @@ packages: /@ucanto/client/5.1.0: resolution: {integrity: sha512-Rr2q3ARDmiaaVnvNkPNsIhS+1ORyCqQhGRSqf8ugfJVmvbvjLFA6EYxjknUdg5tqt0aVnYTNuZ/GwIxaqMzliA==} dependencies: - '@ucanto/interface': 6.0.0 + '@ucanto/interface': 6.2.0 multiformats: 11.0.1 /@ucanto/core/5.1.0: @@ -3569,11 +3569,21 @@ packages: '@ipld/car': 5.1.0 '@ipld/dag-cbor': 9.0.0 '@ipld/dag-ucan': 3.2.0 - '@ucanto/interface': 6.0.0 + '@ucanto/interface': 6.2.0 multiformats: 11.0.1 + dev: true - /@ucanto/interface/6.0.0: - resolution: {integrity: sha512-OOZQDLKxqhuvmSRAXcHDQrlBBDs52ZiI5GsGJJW8VT/TPOPmfAkwc1HgmU/eMF4bO+a1JfG4i43+4KUoCcQnbA==} + /@ucanto/core/5.2.0: + resolution: {integrity: sha512-Eblo2LfJyojRKmBk5/w25u1hhSCs6K3zUH/zNknwTrJg7CJYxw0hgsGcXrlkQf1TnSRzJVFEduK1ZzYCV55/Uw==} + dependencies: + '@ipld/car': 5.1.0 + '@ipld/dag-cbor': 9.0.0 + '@ipld/dag-ucan': 3.2.0 + '@ucanto/interface': 6.2.0 + multiformats: 11.0.1 + + /@ucanto/interface/6.2.0: + resolution: {integrity: sha512-b37bjTxNWQE+O4f18fvb7/woe41Dvb4AfdbevPLmaJj1fZogssH9fVgWlZdVg8ZsJQhMxRyHDuH40QAvuKRR1w==} dependencies: '@ipld/dag-ucan': 3.2.0 multiformats: 11.0.1 @@ -3583,34 +3593,34 @@ packages: dependencies: '@ipld/dag-ucan': 3.2.0 '@noble/ed25519': 1.7.3 - '@ucanto/interface': 6.0.0 + '@ucanto/interface': 6.2.0 multiformats: 11.0.1 one-webcrypto: 1.0.3 - /@ucanto/server/6.0.0: - resolution: {integrity: sha512-xwZa3S8bclGn3JxuxUIQ+TOZKeAhbSDJEk7B3ZgHUu0bYBBFEyRbAVD177ZpAnTuvj8Et68g1tRzNIStQPMvSA==} + /@ucanto/server/6.1.0: + resolution: {integrity: sha512-IRvYbv1iEAjgm8Rc4hqUPm2NGSU+R+X+wyHp3hUI/YdGji+bajghV4gU9klkDkgm0aqVuI1fDFyODWZb5UROtw==} dependencies: - '@ucanto/core': 5.1.0 - '@ucanto/interface': 6.0.0 - '@ucanto/validator': 6.0.0 + '@ucanto/core': 5.2.0 + '@ucanto/interface': 6.2.0 + '@ucanto/validator': 6.1.0 /@ucanto/transport/5.1.0: resolution: {integrity: sha512-Um/ba0DmTM1icZW08pxg7hyV1BYXGMyWEeVAnrM3W/WnrYd+JTEFoaPrbPce//Dkmrfk8uGjuIIgjpPT1eAfUA==} dependencies: '@ipld/car': 5.1.0 '@ipld/dag-cbor': 9.0.0 - '@ucanto/core': 5.1.0 - '@ucanto/interface': 6.0.0 + '@ucanto/core': 5.2.0 + '@ucanto/interface': 6.2.0 multiformats: 11.0.1 dev: false - /@ucanto/validator/6.0.0: - resolution: {integrity: sha512-3cWy8F7G1DFGeHXHWegcvQ0sz+t8hvmAOD919a57n87qDauoYDB90s3p9c71esfOwarBDr2f8/oEFwtToAjy3A==} + /@ucanto/validator/6.1.0: + resolution: {integrity: sha512-vZ40paByLgosllG+YfuI4eD7m3KyYG1ebEa9jZEkLDYjWh7WWBtYvBn40pziIiLfBCzum2zU1uP1SMOf63EqqQ==} dependencies: '@ipld/car': 5.1.0 '@ipld/dag-cbor': 9.0.0 - '@ucanto/core': 5.1.0 - '@ucanto/interface': 6.0.0 + '@ucanto/core': 5.2.0 + '@ucanto/interface': 6.2.0 multiformats: 11.0.1 /@vue/compiler-core/3.2.45: