tag/v1.1.0/toolkit/client/clientissuer.go

package client

import (
	"context"
	"fmt"
	"iter"

	"code.sonr.org/go/did-it"
	"code.sonr.org/go/did-it/crypto"
	"github.com/ipfs/go-cid"

	"code.sonr.org/go/ucan/pkg/command"
	"code.sonr.org/go/ucan/token/delegation"
)

// DlgIssuingLogic is a function that decides what powers are given to a client.
// - issuer: the DID of our issuer
// - audience: the DID of the client, also the issuer of the invocation token
// - cmd: the command to execute
// - subject: the DID of the resource to operate on, also the subject (or audience if defined) of the invocation token
// Note: you can read it as "(audience) wants to do (cmd) on (subject)".
// Note: you can decide to match the input parameters exactly or issue a broader power, as long as it allows the
// expected action. If you don't want to give that power, return an error instead.
type DlgIssuingLogic func(iss did.DID, aud did.DID, cmd command.Command, subject did.DID) (*delegation.Token, error)

var _ DelegationRequester = &WithIssuer{}

type WithIssuer struct {
	*Client
	logic DlgIssuingLogic
}

func NewWithIssuer(privKey crypto.PrivateKeySigningBytes, d did.DID, requester DelegationRequester, logic DlgIssuingLogic) (*WithIssuer, error) {
	client, err := NewClient(privKey, d, requester)
	if err != nil {
		return nil, err
	}
	return &WithIssuer{Client: client, logic: logic}, nil
}

// RequestDelegation retrieve chain of delegation for the given parameters.
// - audience: the DID of the client, also the issuer of the invocation token
// - cmd: the command to execute
// - subject: the DID of the resource to operate on, also the subject (or audience if defined) of the invocation token
// Note: you can read it as "(audience) does (cmd) on (subject)".
// Note: the returned delegation(s) don't have to match exactly the parameters, as long as they allow them.
func (c *WithIssuer) RequestDelegation(ctx context.Context, audience did.DID, cmd command.Command, subject did.DID) (iter.Seq2[*delegation.Bundle, error], error) {
	var proof []cid.Cid

	// is there already a valid proof chain?
	if proof = c.pool.FindProof(audience, cmd, subject); len(proof) > 0 {
		return c.pool.GetBundles(proof), nil
	}

	// do we have the power to delegate this?
	if proof = c.pool.FindProof(c.did, cmd, subject); len(proof) == 0 {
		// we need to request a new proof
		proofBundles, err := c.requester.RequestDelegation(ctx, c.did, cmd, subject)
		if err != nil {
			return nil, err
		}

		// cache the new proofs
		for bundle, err := range proofBundles {
			if err != nil {
				return nil, err
			}
			proof = append(proof, bundle.Cid)
			c.pool.AddBundle(bundle)
		}
	}

	// run the custom logic to get what we actually issue
	dlg, err := c.logic(c.did, audience, cmd, subject)
	if err != nil {
		return nil, err
	}
	if dlg.IsRoot() {
		return nil, fmt.Errorf("issuing logic should return a non-root delegation")
	}

	// sign and cache the new token
	dlgBytes, dlgCid, err := dlg.ToSealed(c.privKey)
	if err != nil {
		return nil, err
	}
	bundle := &delegation.Bundle{
		Cid:     dlgCid,
		Decoded: dlg,
		Sealed:  dlgBytes,
	}

	// output the relevant delegations
	return func(yield func(*delegation.Bundle, error) bool) {
		if !yield(bundle, nil) {
			return
		}
		for b, err := range c.pool.GetBundles(proof) {
			if !yield(b, err) {
				return
			}
		}
	}, nil
}
example: add sub-delegation 2025-02-06 14:19:30 +01:00			`package client`
add a "core" implementation of an issuer 2024-12-10 14:52:39 +01:00
			`import (`
			`"context"`
add server/issuer/client examples, and lots of sanding 2025-02-03 16:17:30 +01:00			`"fmt"`
add a "core" implementation of an issuer 2024-12-10 14:52:39 +01:00			`"iter"`

refactor(client): migrate from MetaMask/go-did-it to code.sonr.org/go/did-it 2026-01-08 15:45:49 -05:00			`"code.sonr.org/go/did-it"`
			`"code.sonr.org/go/did-it/crypto"`
add a "core" implementation of an issuer 2024-12-10 14:52:39 +01:00			`"github.com/ipfs/go-cid"`
adjust the toolkit to the new location 2025-08-05 12:11:20 +02:00
refactor(client): migrate from MetaMask/go-did-it to code.sonr.org/go/did-it 2026-01-08 15:45:49 -05:00			`"code.sonr.org/go/ucan/pkg/command"`
			`"code.sonr.org/go/ucan/token/delegation"`
add a "core" implementation of an issuer 2024-12-10 14:52:39 +01:00			`)`

add server/issuer/client examples, and lots of sanding 2025-02-03 16:17:30 +01:00			`// DlgIssuingLogic is a function that decides what powers are given to a client.`
			`// - issuer: the DID of our issuer`
			`// - audience: the DID of the client, also the issuer of the invocation token`
			`// - cmd: the command to execute`
			`// - subject: the DID of the resource to operate on, also the subject (or audience if defined) of the invocation token`
			`// Note: you can read it as "(audience) wants to do (cmd) on (subject)".`
			`// Note: you can decide to match the input parameters exactly or issue a broader power, as long as it allows the`
			`// expected action. If you don't want to give that power, return an error instead.`
			`type DlgIssuingLogic func(iss did.DID, aud did.DID, cmd command.Command, subject did.DID) (*delegation.Token, error)`

example: add sub-delegation 2025-02-06 14:19:30 +01:00			`var _ DelegationRequester = &WithIssuer{}`
add a "core" implementation of an issuer 2024-12-10 14:52:39 +01:00
example: add sub-delegation 2025-02-06 14:19:30 +01:00			`type WithIssuer struct {`
			`*Client`
			`logic DlgIssuingLogic`
add a "core" implementation of an issuer 2024-12-10 14:52:39 +01:00			`}`

adjust the toolkit to the new location 2025-08-05 12:11:20 +02:00			`func NewWithIssuer(privKey crypto.PrivateKeySigningBytes, d did.DID, requester DelegationRequester, logic DlgIssuingLogic) (*WithIssuer, error) {`
			`client, err := NewClient(privKey, d, requester)`
add a "core" implementation of an issuer 2024-12-10 14:52:39 +01:00			`if err != nil {`
			`return nil, err`
			`}`
example: add sub-delegation 2025-02-06 14:19:30 +01:00			`return &WithIssuer{Client: client, logic: logic}, nil`
add a "core" implementation of an issuer 2024-12-10 14:52:39 +01:00			`}`

			`// RequestDelegation retrieve chain of delegation for the given parameters.`
			`// - audience: the DID of the client, also the issuer of the invocation token`
			`// - cmd: the command to execute`
			`// - subject: the DID of the resource to operate on, also the subject (or audience if defined) of the invocation token`
			`// Note: you can read it as "(audience) does (cmd) on (subject)".`
			`// Note: the returned delegation(s) don't have to match exactly the parameters, as long as they allow them.`
example: add sub-delegation 2025-02-06 14:19:30 +01:00			`func (c WithIssuer) RequestDelegation(ctx context.Context, audience did.DID, cmd command.Command, subject did.DID) (iter.Seq2[delegation.Bundle, error], error) {`
add a "core" implementation of an issuer 2024-12-10 14:52:39 +01:00			`var proof []cid.Cid`

			`// is there already a valid proof chain?`
example: add sub-delegation 2025-02-06 14:19:30 +01:00			`if proof = c.pool.FindProof(audience, cmd, subject); len(proof) > 0 {`
			`return c.pool.GetBundles(proof), nil`
add a "core" implementation of an issuer 2024-12-10 14:52:39 +01:00			`}`

			`// do we have the power to delegate this?`
example: add sub-delegation 2025-02-06 14:19:30 +01:00			`if proof = c.pool.FindProof(c.did, cmd, subject); len(proof) == 0 {`
add a "core" implementation of an issuer 2024-12-10 14:52:39 +01:00			`// we need to request a new proof`
example: add sub-delegation 2025-02-06 14:19:30 +01:00			`proofBundles, err := c.requester.RequestDelegation(ctx, c.did, cmd, subject)`
add a "core" implementation of an issuer 2024-12-10 14:52:39 +01:00			`if err != nil {`
			`return nil, err`
			`}`

			`// cache the new proofs`
			`for bundle, err := range proofBundles {`
			`if err != nil {`
			`return nil, err`
			`}`
			`proof = append(proof, bundle.Cid)`
example: add sub-delegation 2025-02-06 14:19:30 +01:00			`c.pool.AddBundle(bundle)`
add a "core" implementation of an issuer 2024-12-10 14:52:39 +01:00			`}`
			`}`

			`// run the custom logic to get what we actually issue`
example: add sub-delegation 2025-02-06 14:19:30 +01:00			`dlg, err := c.logic(c.did, audience, cmd, subject)`
add a "core" implementation of an issuer 2024-12-10 14:52:39 +01:00			`if err != nil {`
			`return nil, err`
			`}`
add server/issuer/client examples, and lots of sanding 2025-02-03 16:17:30 +01:00			`if dlg.IsRoot() {`
			`return nil, fmt.Errorf("issuing logic should return a non-root delegation")`
			`}`
add a "core" implementation of an issuer 2024-12-10 14:52:39 +01:00
			`// sign and cache the new token`
example: add sub-delegation 2025-02-06 14:19:30 +01:00			`dlgBytes, dlgCid, err := dlg.ToSealed(c.privKey)`
add a "core" implementation of an issuer 2024-12-10 14:52:39 +01:00			`if err != nil {`
			`return nil, err`
			`}`
			`bundle := &delegation.Bundle{`
			`Cid: dlgCid,`
			`Decoded: dlg,`
			`Sealed: dlgBytes,`
			`}`

			`// output the relevant delegations`
			`return func(yield func(*delegation.Bundle, error) bool) {`
			`if !yield(bundle, nil) {`
			`return`
			`}`
example: add sub-delegation 2025-02-06 14:19:30 +01:00			`for b, err := range c.pool.GetBundles(proof) {`
add a "core" implementation of an issuer 2024-12-10 14:52:39 +01:00			`if !yield(b, err) {`
			`return`
			`}`
			`}`
			`}, nil`
			`}`