feat: access-api handles provider/add invocations

packages/access-api/migrations/0006_add_storage_provider_consumer_schema.sql

@@ -0,0 +1,22 @@
+-- Migration number: 0006 	 2023-03-02T16:40:04.407Z
+
+/*
+goal: add a table to keep track of the storage provider for a space.
+to enable https://github.com/web3-storage/w3protocol/issues/459
+*/
+
+CREATE TABLE
+    -- provision: the action of providing or supplying something for use
+    -- use case: representing the registration of a storage provider to a space
+    IF NOT EXISTS provisions (
+        -- cid of invocation that created this provision
+        cid TEXT NOT NULL PRIMARY KEY,
+        -- DID of the actor that is consuming the provider. e.g. a space DID
+        consumer TEXT NOT NULL,
+        -- DID of the provider e.g. a storage provider
+        provider TEXT NOT NULL,
+        -- DID of the actor that authorized this provision
+        sponsor TEXT NOT NULL,
+        inserted_at TEXT NOT NULL DEFAULT (strftime ('%Y-%m-%dT%H:%M:%fZ', 'now')),
+        updated_at TEXT NOT NULL DEFAULT (strftime ('%Y-%m-%dT%H:%M:%fZ', 'now'))
+    );

packages/access-api/package.json

@@ -29,6 +29,7 @@
     "@web3-storage/worker-utils": "0.4.3-dev",
     "kysely": "^0.23.4",
     "kysely-d1": "^0.1.0",
+    "multiformats": "^11.0.1",
     "p-retry": "^5.1.2",
     "preact": "^10.11.3",
     "preact-render-to-string": "^5.2.6",

packages/access-api/src/bindings.d.ts

@@ -11,6 +11,7 @@ import { loadConfig } from './config.js'
 import { ConnectionView, Signer as EdSigner } from '@ucanto/principal/ed25519'
 import { Accounts } from './models/accounts.js'
 import { DelegationsStorage as Delegations } from './types/delegations.js'
+import { ProvisionsStorage } from './types/provisions.js'
 
 export {}
 
@@ -63,10 +64,11 @@ export interface RouteContext {
   url: URL
   email: Email
   models: {
-    spaces: Spaces
-    validations: Validations
     accounts: Accounts
     delegations: Delegations
+    spaces: Spaces
+    provisions: ProvisionsStorage
+    validations: Validations
   }
   uploadApi: ConnectionView
 }

packages/access-api/src/models/provisions.js

@@ -0,0 +1,114 @@
+/* eslint-disable no-void */
+
+/**
+ * @typedef {import("../types/provisions").ProvisionsStorage} Provisions
+ */
+
+/**
+ * @param {Array<import("../types/provisions").Provision>} storage
+ * @returns {Provisions}
+ */
+export function createProvisions(storage = []) {
+  /** @type {Provisions['hasStorageProvider']} */
+  const hasStorageProvider = async (consumerId) => {
+    const hasRowWithSpace = storage.some(({ space }) => space === consumerId)
+    return hasRowWithSpace
+  }
+  /** @type {Provisions['putMany']} */
+  const putMany = async (...items) => {
+    storage.push(...items)
+  }
+  /** @type {Provisions['count']} */
+  const count = async () => {
+    return BigInt(storage.length)
+  }
+  return {
+    count,
+    putMany,
+    hasStorageProvider,
+  }
+}
+
+/**
+ * @typedef ProvsionsRow
+ * @property {string} cid
+ * @property {string} consumer
+ * @property {string} provider
+ * @property {string} sponsor - did of actor who authorized for this provision
+ */
+
+/**
+ * @typedef {import("../types/database").Database<{ provisions: ProvsionsRow }>} ProvisionsDatabase
+ */
+
+/**
+ * Provisions backed by a kyseli database (e.g. sqlite or cloudflare d1)
+ */
+export class DbProvisions {
+  /** @type {ProvisionsDatabase} */
+  #db
+
+  /**
+   * @param {ProvisionsDatabase} db
+   */
+  constructor(db) {
+    this.#db = db
+    this.tableNames = {
+      provisions: /** @type {const} */ ('provisions'),
+    }
+    void (/** @type {Provisions} */ (this))
+  }
+
+  /** @type {Provisions['count']} */
+  async count(...items) {
+    const { size } = await this.#db
+      .selectFrom(this.tableNames.provisions)
+      .select((e) => e.fn.count('provider').as('size'))
+      .executeTakeFirstOrThrow()
+    return BigInt(size)
+  }
+
+  /** @type {Provisions['putMany']} */
+  async putMany(...items) {
+    if (items.length === 0) {
+      return
+    }
+    /** @type {ProvsionsRow[]} */
+    const rows = items.map((item) => {
+      return {
+        cid: item.invocation.cid.toString(),
+        consumer: item.space,
+        provider: item.provider,
+        sponsor: item.account,
+      }
+    })
+    await this.#db
+      .insertInto(this.tableNames.provisions)
+      .values(rows)
+      .executeTakeFirstOrThrow()
+  }
+
+  /** @type {Provisions['hasStorageProvider']} */
+  async hasStorageProvider(consumerDid) {
+    const { provisions } = this.tableNames
+    const { size } = await this.#db
+      .selectFrom(provisions)
+      .select((e) => e.fn.count('provider').as('size'))
+      .where(`${provisions}.consumer`, '=', consumerDid)
+      .executeTakeFirstOrThrow()
+    return size > 0
+  }
+
+  /**
+   * @param {import("@ucanto/interface").DID<'key'>} consumer
+   */
+  async findForConsumer(consumer) {
+    const { provisions } = this.tableNames
+    const rows = await this.#db
+      .selectFrom(provisions)
+      .selectAll()
+      .where(`${provisions}.consumer`, '=', consumer.toString())
+      .execute()
+    return rows
+  }
+}

packages/access-api/src/service/index.js

@@ -1,4 +1,5 @@
 import * as ucanto from '@ucanto/core'
+import * as Ucanto from '@ucanto/interface'
 import * as Server from '@ucanto/server'
 import { Failure } from '@ucanto/server'
 import * as Space from '@web3-storage/capabilities/space'
@@ -13,6 +14,7 @@ import * as uploadApi from './upload-api-proxy.js'
 import { accessAuthorizeProvider } from './access-authorize.js'
 import { accessDelegateProvider } from './access-delegate.js'
 import { accessClaimProvider } from './access-claim.js'
+import { providerAddProvider } from './provider-add.js'
 
 /**
  * @param {import('../bindings').RouteContext} ctx
@@ -22,6 +24,12 @@ import { accessClaimProvider } from './access-claim.js'
  * }
  */
 export function service(ctx) {
+  /**
+   * @param {Ucanto.DID<'key'>} uri
+   */
+  const hasStorageProvider = async (uri) => {
+    return Boolean(await ctx.models.spaces.get(uri))
+  }
   return {
     store: uploadApi.createStoreProxy(ctx),
     upload: uploadApi.createUploadProxy(ctx),
@@ -45,12 +53,21 @@ export function service(ctx) {
         }
         return accessDelegateProvider({
           delegations: ctx.models.delegations,
-          hasStorageProvider: async (uri) => {
-            return Boolean(await ctx.models.spaces.get(uri))
-          },
+          hasStorageProvider,
         })(...args)
       },
     },
+
+    provider: {
+      add: (...args) => {
+        // disable until hardened in test/staging
+        if (ctx.config.ENV === 'production') {
+          throw new Error(`provider/add invocation handling is not enabled`)
+        }
+        return providerAddProvider(ctx)(...args)
+      },
+    },
+
     voucher: {
       claim: voucherClaimProvider(ctx),
       redeem: voucherRedeemProvider(ctx),
@@ -181,6 +198,18 @@ export function service(ctx) {
       fail() {
         throw new Error('test fail')
       },
+      /**
+       * @param {Ucanto.Invocation<Ucanto.Capability<'testing/space-storage', Ucanto.DID<'key'>, Ucanto.Failure>>} invocation
+       */
+      'space-storage': async (invocation) => {
+        const spaceId = invocation.capabilities[0].with
+        const hasStorageProvider =
+          await ctx.models.provisions.hasStorageProvider(spaceId)
+        return {
+          hasStorageProvider,
+          foo: 'ben',
+        }
+      },
     },
   }
 }

packages/access-api/src/service/provider-add.js

@@ -0,0 +1,59 @@
+import * as Ucanto from '@ucanto/interface'
+import * as Server from '@ucanto/server'
+import { Provider } from '@web3-storage/capabilities'
+import * as validator from '@ucanto/validator'
+
+/**
+ * @typedef {import('@web3-storage/capabilities/types').ProviderAdd} ProviderAdd
+ * @typedef {import('@web3-storage/capabilities/types').ProviderAddSuccess} ProviderAddSuccess
+ * @typedef {import('@web3-storage/capabilities/types').ProviderAddFailure} ProviderAddFailure
+ */
+
+/**
+ * @callback ProviderAddHandler
+ * @param {Ucanto.Invocation<import('@web3-storage/capabilities/types').ProviderAdd>} invocation
+ * @returns {Promise<Ucanto.Result<ProviderAddSuccess, ProviderAddFailure>>}
+ */
+
+/**
+ * @param {object} options
+ * @param {import('../types/provisions').ProvisionsStorage} options.provisions
+ * @returns {ProviderAddHandler}
+ */
+export function createProviderAddHandler(options) {
+  /** @type {ProviderAddHandler} */
+  return async (invocation) => {
+    const [providerAddCap] = invocation.capabilities
+    const {
+      nb: { consumer, provider },
+      with: accountDID,
+    } = providerAddCap
+    if (!validator.DID.match({ method: 'mailto' }).is(accountDID)) {
+      return {
+        error: true,
+        name: 'Unauthorized',
+        message: 'Issuer must be a mailto DID',
+      }
+    }
+    await options.provisions.putMany({
+      invocation,
+      space: consumer,
+      provider,
+      account: accountDID,
+    })
+    return {}
+  }
+}
+
+/**
+ * @param {object} ctx
+ * @param {Pick<import('../bindings').RouteContext['models'], 'provisions'>} ctx.models
+ */
+export function providerAddProvider(ctx) {
+  return Server.provide(Provider.add, async ({ invocation }) => {
+    const handler = createProviderAddHandler({
+      provisions: ctx.models.provisions,
+    })
+    return handler(/** @type {Ucanto.Invocation<ProviderAdd>} */ (invocation))
+  })
+}

packages/access-api/src/types/provisions.ts

@@ -0,0 +1,32 @@
+import * as Ucanto from '@ucanto/interface'
+import { ProviderAdd } from '@web3-storage/capabilities/src/types'
+
+export type AlphaStorageProvider = 'did:web:web3.storage:providers:w3up-alpha'
+
+/**
+ * action which results in provisionment of a space consuming a storage provider
+ */
+export interface Provision {
+  invocation: Ucanto.Invocation<ProviderAdd>
+  space: Ucanto.DID<'key'>
+  account: Ucanto.DID<'mailto'>
+  provider: AlphaStorageProvider
+}
+
+/**
+ * stores instances of a storage provider being consumed by a consumer
+ */
+export interface ProvisionsStorage {
+  hasStorageProvider: (consumer: Ucanto.DID<'key'>) => Promise<boolean>
+  /**
+   * write several items into storage
+   *
+   * @param items - provisions to store
+   */
+  putMany: (...items: Provision[]) => Promise<void>
+
+  /**
+   * get number of stored items
+   */
+  count: () => Promise<bigint>
+}

packages/access-api/src/utils/context.js

@@ -14,6 +14,7 @@ import {
   delegationsTableBytesToArrayBuffer,
 } from '../models/delegations.js'
 import { createD1Database } from './d1.js'
+import { DbProvisions } from '../models/provisions.js'
 
 /**
  * Obtains a route context object.
@@ -77,6 +78,7 @@ export function getContext(request, env, ctx) {
       spaces: new Spaces(config.DB),
       validations: new Validations(config.VALIDATIONS),
       accounts: new Accounts(config.DB),
+      provisions: new DbProvisions(createD1Database(config.DB)),
     },
     email,
     uploadApi: createUploadApiConnection({

packages/access-api/src/utils/email.js

@@ -1,5 +1,11 @@
 export const debug = () => new DebugEmail()
 
+/**
+ * @typedef ValidationEmailSend
+ * @property {string} to
+ * @property {string} url
+ */
+
 /**
  * @param {{token:string, sender?:string}} opts
  */
@@ -23,7 +29,7 @@ export class Email {
   /**
    * Send validation email with ucan to register
    *
-   * @param {{ to: string; url: string }} opts
+   * @param {ValidationEmailSend} opts
    */
   async sendValidation(opts) {
     const rsp = await fetch('https://api.postmarkapp.com/email/withTemplate', {
@@ -90,7 +96,7 @@ export class DebugEmail {
   /**
    * Send validation email with ucan to register
    *
-   * @param {{ to: string; url: string }} opts
+   * @param {ValidationEmailSend} opts
    */
   async sendValidation(opts) {
     try {