fix: 0.9

package.json

@@ -16,9 +16,9 @@
  "devDependencies": {
  "lint-staged": "^13.0.3",
  "prettier": "2.7.1",
- "simple-git-hooks": "^2.8.0",
+ "simple-git-hooks": "^2.8.1",
  "typescript": "^4.8.4",
- "wrangler": "^2.1.11"
+ "wrangler": "^2.1.12"
  },
  "simple-git-hooks": {
  "pre-commit": "npx lint-staged"
@@ -34,14 +34,6 @@
  "singleQuote": true
  },
  "engines": {
- "node": ">=14"
- },
- "pnpm": {
- "overrides": {
- "npx-import": "1.1.3"
- },
- "patchedDependencies": {
- "npx-import@1.1.3": "patches/npx-import@1.1.3.patch"
- }
+ "node": ">=16"
  }
 }

packages/access-api/package.json

@@ -17,14 +17,14 @@
  "author": "Hugo Dias <hugomrdias@gmail.com> (hugodias.me)",
  "license": "(Apache-2.0 OR MIT)",
  "dependencies": {
- "@ipld/dag-ucan": "3.0.0-beta",
- "@ucanto/client": "^1.0.1",
- "@ucanto/core": "^1.0.1",
- "@ucanto/interface": "^1.0.0",
- "@ucanto/principal": "^1.0.1",
- "@ucanto/server": "^1.0.2",
- "@ucanto/transport": "^1.0.1",
- "@ucanto/validator": "^1.0.2",
+ "@ipld/dag-ucan": "4.0.0-beta",
+ "@ucanto/client": "^2.0.0",
+ "@ucanto/core": "^2.0.0",
+ "@ucanto/interface": "^2.0.0",
+ "@ucanto/principal": "^2.0.0",
+ "@ucanto/server": "^2.0.0",
+ "@ucanto/transport": "^2.0.0",
+ "@ucanto/validator": "^2.0.0",
  "@web3-storage/access": "workspace:^",
  "@web3-storage/worker-utils": "0.4.3-dev",
  "multiformats": "^9.8.1",
@@ -39,7 +39,7 @@
  "@sentry/webpack-plugin": "^1.19.1",
  "@types/assert": "^1.5.6",
  "@types/git-rev-sync": "^2.0.0",
- "@types/node": "^18.8.5",
+ "@types/node": "^18.11.0",
  "assert": "^2.0.0",
  "ava": "^4.3.3",
  "better-sqlite3": "7.6.2",
@@ -49,13 +49,13 @@
  "esbuild": "^0.15.10",
  "execa": "^6.1.0",
  "git-rev-sync": "^3.0.1",
- "hd-scripts": "^3.0.1",
+ "hd-scripts": "^3.0.2",
  "miniflare": "^2.10.0",
  "process": "^0.11.10",
  "readable-stream": "^4.1.0",
  "sade": "^1.7.4",
  "typescript": "4.8.4",
- "wrangler": "^2.1.11"
+ "wrangler": "^2.1.12"
  },
  "eslintConfig": {
  "extends": [

packages/access-api/src/service/identity-register.js

@@ -9,7 +9,7 @@ export function identityRegisterProvider(ctx) {
  Identity.register,
  async ({ capability, context, invocation }) => {
  await ctx.kvs.accounts.register(
- capability.caveats.as,
+ capability.nb.as,
  capability.with,
  invocation.cid
  )
@@ -24,7 +24,7 @@ export function identityRegisterProvider(ctx) {
  to: 'david@dag.house,jchris@dag.house',
  subject: 'New w3account Created',
  textBody: `New account registered for ${
- capability.caveats.as
+ capability.nb.as
  } with email ${capability.with.replace('mailto:', '')}`,
  })
  }

packages/access-api/src/service/identity-validate.js

@@ -1,6 +1,6 @@
 import { UCAN } from '@ucanto/core'
 import * as Server from '@ucanto/server'
-import { Principal } from '@ucanto/principal'
+import { Verifier } from '@ucanto/principal/ed25519'
 import * as Identity from '@web3-storage/access/capabilities/identity'
 
 /**
@@ -12,10 +12,10 @@ export function identityValidateProvider(ctx) {
  async ({ capability, context, invocation }) => {
  const delegation = await Identity.register
  .invoke({
- audience: Principal.parse(invocation.issuer.did()),
+ audience: Verifier.parse(invocation.issuer.did()),
  issuer: ctx.keypair,
- with: capability.caveats.as,
- caveats: {
+ with: capability.nb.as,
+ nb: {
  as: capability.with,
  },
  lifetimeInSeconds: 300,
@@ -34,7 +34,7 @@ export function identityValidateProvider(ctx) {
  }
 
  await ctx.email.sendValidation({
- to: capability.caveats.as.replace('mailto:', ''),
+ to: capability.nb.as.replace('mailto:', ''),
  url,
  })
  }

packages/access-api/src/service/index.js

@@ -1,9 +1,11 @@
 import * as Server from '@ucanto/server'
 import * as Identity from '@web3-storage/access/capabilities/identity'
+import * as Account from '@web3-storage/access/capabilities/account'
 import { identityRegisterProvider } from './identity-register.js'
 import { identityValidateProvider } from './identity-validate.js'
 import { voucherClaimProvider } from './voucher-claim.js'
 import { voucherRedeemProvider } from './voucher-redeem.js'
+import { Failure } from '@ucanto/server'
 
 /**
  * @param {import('../bindings').RouteContext} ctx
@@ -23,6 +25,35 @@ export function service(ctx) {
  claim: voucherClaimProvider(ctx),
  redeem: voucherRedeemProvider(ctx),
  },
+
+ account: {
+ // @ts-expect-error - types from query dont match handler output
+ info: Server.provide(Account.info, async ({ capability }) => {
+ const { results } = await ctx.db.fetchOne({
+ tableName: 'accounts',
+ fields: '*',
+ where: {
+ conditions: 'did =?1',
+ params: [capability.with],
+ },
+ })
+
+ if (!results) {
+ throw new Failure('Account not found...')
+ }
+ return {
+ did: results.did,
+ agent: results.agent,
+ email: results.email,
+ product: results.product,
+ updated_at: results.update_at,
+ inserted_at: results.inserted_at,
+ }
+ }),
+ // all: Server.provide(Account.all, async ({ capability }) => {
+ // return capability
+ // }),
+ },
  // @ts-ignore
  testing: {
  pass() {

packages/access-api/src/service/voucher-claim.js

@@ -1,5 +1,4 @@
 import * as Server from '@ucanto/server'
-import { Principal } from '@ucanto/principal'
 import * as Voucher from '@web3-storage/access/capabilities/voucher'
 import { delegationToString } from '@web3-storage/access/encoding'
 
@@ -14,26 +13,24 @@ export function voucherClaimProvider(ctx) {
  issuer: ctx.keypair,
  lifetimeInSeconds: 60 * 1000,
  with: ctx.keypair.did(),
- caveats: {
+ nb: {
  product: 'product:*',
  identity: 'mailto:*',
- // TODO remove this
- account: ctx.keypair.did(),
+ account: 'did:*',
  },
  })
  .delegate()
 
  const inv = await Voucher.redeem
  .invoke({
  issuer: ctx.keypair,
- // TODO: we should not need this parse
- audience: Principal.parse(invocation.issuer.did()),
+ audience: invocation.issuer,
  with: ctx.keypair.did(),
  lifetimeInSeconds: 60 * 10, // 10 mins
- caveats: {
+ nb: {
  account: capability.with,
- identity: capability.caveats.identity,
- product: capability.caveats.product,
+ identity: capability.nb.identity,
+ product: capability.nb.product,
  },
  proofs: [proof],
  })
@@ -49,7 +46,7 @@ export function voucherClaimProvider(ctx) {
  ctx.url.host
  }/validate-email?ucan=${encoded}&did=${invocation.issuer.did()}`
  await ctx.email.sendValidation({
- to: capability.caveats.identity.replace('mailto:', ''),
+ to: capability.nb.identity.replace('mailto:', ''),
  url,
  })
  })

packages/access-api/src/service/voucher-redeem.js

@@ -9,9 +9,9 @@ export function voucherRedeemProvider(ctx) {
  await ctx.db.insert({
  tableName: 'accounts',
  data: {
- did: capability.caveats.account,
- product: capability.caveats.product,
- email: capability.caveats.identity.replace('mailto:', ''),
+ did: capability.nb.account,
+ product: capability.nb.product,
+ email: capability.nb.identity.replace('mailto:', ''),
  agent: invocation.issuer.did(),
  },
  })
@@ -26,8 +26,8 @@ export function voucherRedeemProvider(ctx) {
  to: 'david@dag.house,jchris@dag.house',
  subject: 'New w3account Created',
  textBody: `New account v1 registered for ${
- capability.caveats.account
- } with email ${capability.caveats.identity.replace('mailto:', '')}`,
+ capability.nb.account
+ } with email ${capability.nb.identity.replace('mailto:', '')}`,
  })
  }
  })

packages/access-api/src/ucanto/client-codec.js

@@ -5,17 +5,19 @@ import { UTF8 } from '@ucanto/transport'
 /** @type {import('./types.js').ClientCodec} */
 export const clientCodec = {
  async encode(invocations, options) {
- /** @type {Record<string, string>} */
- const headers = {}
+ const headers = new Headers()
  const chain = await Delegation.delegate(invocations[0])
 
  // TODO iterate over proofs and send them too
  // for (const ucan of chain.iterate()) {
  // //
  // }
- headers.authorization = `bearer ${UCAN.format(chain.data)}`
 
- return { headers, body: new Uint8Array() }
+ headers.set('authorization', `bearer ${UCAN.format(chain.data)}`)
+ return {
+ headers: Object.fromEntries(headers.entries()),
+ body: new Uint8Array(),
+ }
  },
 
  decode({ headers, body }) {

packages/access-api/src/ucanto/server-codec.js

@@ -25,7 +25,7 @@ function multiValueHeader(headers, name) {
 }
 
 /**
- * @param {Record<string, string>} headers
+ * @param {Record<string, string> | Headers} headers
  */
 async function parseHeaders(headers) {
  const h = new Headers(headers)
@@ -130,7 +130,7 @@ export const serverCodec = {
  */
  encode(result) {
  return {
- headers: HEADERS,
+ headers: Object.fromEntries(new Headers(HEADERS).entries()),
  body: UTF8.encode(JSON.stringify(result)),
  }
  },

packages/access-api/src/utils/context.js

@@ -1,4 +1,4 @@
-import { SigningPrincipal } from '@ucanto/principal'
+import { Signer } from '@ucanto/principal/ed25519'
 import { Logging } from '@web3-storage/worker-utils/logging'
 import Toucan from 'toucan-js'
 import pkg from '../../package.json'
@@ -42,7 +42,7 @@ export function getContext(request, env, ctx) {
  env: config.ENV,
  })
 
- const keypair = SigningPrincipal.parse(config.PRIVATE_KEY)
+ const keypair = Signer.parse(config.PRIVATE_KEY)
  const url = new URL(request.url)
  return {
  log,

packages/access-api/test/helpers/context.js

@@ -1,5 +1,5 @@
-import { SigningPrincipal } from '@ucanto/principal'
-import { connection as w3connection } from '@web3-storage/access/connection'
+import { Signer } from '@ucanto/principal/ed25519'
+import { buildConnection } from '@web3-storage/access'
 import anyTest from 'ava'
 import dotenv from 'dotenv'
 import { Miniflare } from 'miniflare'
@@ -27,26 +27,27 @@ export const bindings = {
  W3ACCESS_METRICS: createAnalyticsEngine(),
 }
 
-export const serviceAuthority = SigningPrincipal.parse(bindings.PRIVATE_KEY)
+export const serviceAuthority = Signer.parse(bindings.PRIVATE_KEY)
 
 export async function context() {
- const principal = await SigningPrincipal.generate()
+ const principal = await Signer.generate()
  const mf = new Miniflare({
  packagePath: true,
  wranglerConfigPath: true,
  sourceMap: true,
  modules: true,
  bindings,
  })
-
+ const { connection } = await buildConnection(
+ principal,
+ // @ts-ignore
+ mf.dispatchFetch.bind(mf),
+ new URL('http://localhost:8787')
+ )
  return {
  mf,
- conn: w3connection({
- id: principal,
- url: new URL('http://localhost:8787'),
- fetch: mf.dispatchFetch.bind(mf),
- }),
- service: SigningPrincipal.parse(bindings.PRIVATE_KEY),
+ conn: connection,
+ service: Signer.parse(bindings.PRIVATE_KEY),
  issuer: principal,
  }
 }