-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: account recover with email #149
Merged
Merged
Changes from all commits
Commits
Show all changes
7 commits
Select commit
Hold shift + click to select a range
c60cb00
feat: recover account with service delegation
hugomrdias 5c8c576
chore: rename access to access-client
hugomrdias 0175220
Update package.json
hugomrdias 607d52d
chore: locks
hugomrdias f44fb77
chore: types
hugomrdias c619664
chore: upload-client path to client
hugomrdias 03596d0
chore: type errors
hugomrdias File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
{ | ||
"packages/wallet": "1.0.0", | ||
"packages/access": "5.0.2", | ||
"packages/access-client": "5.0.2", | ||
"packages/access-api": "3.0.0", | ||
"packages/upload-client": "1.0.0" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
{ | ||
"name": "ucan-protocol", | ||
"name": "w3protocol", | ||
"version": "0.0.0", | ||
"private": true, | ||
"workspaces": [ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,7 +4,11 @@ import * as Account from '@web3-storage/access/capabilities/account' | |
import { voucherClaimProvider } from './voucher-claim.js' | ||
import { voucherRedeemProvider } from './voucher-redeem.js' | ||
import * as DID from '@ipld/dag-ucan/did' | ||
import { delegationToString } from '@web3-storage/access/encoding' | ||
import { | ||
delegationToString, | ||
stringToDelegation, | ||
} from '@web3-storage/access/encoding' | ||
import { any } from '@web3-storage/access/capabilities/any' | ||
|
||
/** | ||
* @param {import('../bindings').RouteContext} ctx | ||
|
@@ -18,13 +22,50 @@ export function service(ctx) { | |
}, | ||
|
||
account: { | ||
info: Server.provide(Account.info, async ({ capability }) => { | ||
info: Server.provide(Account.info, async ({ capability, invocation }) => { | ||
const results = await ctx.kvs.accounts.get(capability.with) | ||
if (!results) { | ||
throw new Failure('Account not found...') | ||
return new Failure('Account not found.') | ||
} | ||
return results | ||
}), | ||
recover: Server.provide( | ||
Account.recover, | ||
async ({ capability, invocation }) => { | ||
if (capability.with !== ctx.signer.did()) { | ||
return new Failure( | ||
`Resource ${ | ||
capability.with | ||
} does not service did ${ctx.signer.did()}` | ||
) | ||
} | ||
|
||
const encoded = await ctx.kvs.accounts.getDelegations( | ||
capability.nb.identity | ||
) | ||
if (!encoded) { | ||
return new Failure( | ||
`No delegations found for ${capability.nb.identity}` | ||
) | ||
} | ||
|
||
const results = [] | ||
for (const e of encoded) { | ||
const proof = await stringToDelegation(e) | ||
const del = await any.delegate({ | ||
audience: invocation.issuer, | ||
issuer: ctx.signer, | ||
with: proof.capabilities[0].with, | ||
expiration: Infinity, | ||
proofs: [proof], | ||
}) | ||
|
||
results.push(await delegationToString(del)) | ||
} | ||
|
||
return results | ||
} | ||
), | ||
|
||
'recover-validation': Server.provide( | ||
Account.recoverValidation, | ||
|
@@ -33,9 +74,9 @@ export function service(ctx) { | |
// if yes send email with account/login | ||
// if not error "no accounts for email X" | ||
|
||
const email = capability.nb.email | ||
if (!(await ctx.kvs.accounts.hasAccounts(email))) { | ||
throw new Failure( | ||
const email = capability.nb.identity | ||
if (!(await ctx.kvs.accounts.hasDelegations(email))) { | ||
return new Failure( | ||
`No accounts found for email: ${email.replace('mailto:', '')}.` | ||
) | ||
} | ||
|
@@ -46,21 +87,29 @@ export function service(ctx) { | |
audience: DID.parse(capability.with), | ||
with: ctx.signer.did(), | ||
lifetimeInSeconds: 60 * 10, | ||
nb: { | ||
identity: email, | ||
}, | ||
proofs: [ | ||
await Account.recover.delegate({ | ||
audience: ctx.signer, | ||
issuer: ctx.signer, | ||
lifetimeInSeconds: 60 * 1000, | ||
expiration: Infinity, | ||
with: ctx.signer.did(), | ||
nb: { | ||
identity: 'mailto:*', | ||
}, | ||
}), | ||
], | ||
}) | ||
.delegate() | ||
|
||
const encoded = await delegationToString(inv) | ||
const url = `${ctx.url.protocol}//${ctx.url.host}/validate-email?ucan=${encoded}&mode=recover` | ||
|
||
// For testing | ||
if (ctx.config.ENV === 'test') { | ||
return encoded | ||
return url | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Only return in test? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. yes just for tests so we can process the delegation without dealing with emails. |
||
} | ||
} | ||
), | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It feels counter-intuitive to return an error...why can we not throw these?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are known errors that should be returned to the user but not sent to sentry.
Ucanto supports multiple invocations in the same request thats why the responses are always arrays, so some invocations can succeed and some can error thats why we dont throw here.
In ucanto a known error like "account not found" is a valid response, the server types also include those. Any other exception error like "fail to parse json" that we want to send to sentry we should throw from the code.