go/ucan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

client: follow go-ucan changes, improvements, example

Browse Source
This commit is contained in:
Michael Muré
2024-12-10 14:50:29 +01:00
committed by Michael Muré
parent 1187674a24
commit 2eeaaccc6d
6 changed files with 134 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
toolkit/client/proof.go
View File

@@ -11,21 +11,22 @@ import (
)
// FindProof find in the pool the best (shortest, smallest in bytes) chain of delegation(s) matching the given invocation parameters.
// - cmd: the command to execute
// - issuer: the DID of the client, also the issuer of the invocation token
// - audience: the DID of the resource to operate on, also the subject (or audience if defined) of the invocation token
// - cmd: the command to execute
// - subject: the DID of the resource to operate on, also the subject (or audience if defined) of the invocation token
// Note: you can read it as "(issuer) wants to do (cmd) on (subject)".
// Note: the returned delegation(s) don't have to match exactly the parameters, as long as they allow them.
// Note: the implemented algorithm won't perform well with a large number of delegations.
func FindProof(dlgs func() iter.Seq[*delegation.Bundle], cmd command.Command, iss did.DID, aud did.DID) []cid.Cid {
func FindProof(dlgs func() iter.Seq[*delegation.Bundle], issuer did.DID, cmd command.Command, subject did.DID) []cid.Cid {
// TODO: maybe that should be part of delegation.Token directly?
dlgMatch := func(dlg *delegation.Token, cmd command.Command, aud, iss did.DID) bool {
// The Subject of each delegation must equal the invocation's Audience field. - 4f
if dlg.Subject() != aud {
dlgMatch := func(dlg *delegation.Token, issuer did.DID, cmd command.Command, subject did.DID) bool {
// The Subject of each delegation must equal the invocation's Subject (or Audience if defined). - 4f
if dlg.Subject() != subject {
return false
}
// The first proof must be issued to the Invoker (audience DID). - 4c
// The Issuer of each delegation must be the Audience in the next one. - 4d
if dlg.Audience() != iss {
if dlg.Audience() != issuer {
return false
}
// The command of each delegation must "allow" the one before it. - 4g
@@ -43,7 +44,7 @@ func FindProof(dlgs func() iter.Seq[*delegation.Bundle], cmd command.Command, is
var candidateLeaf []*delegation.Bundle
for bundle := range dlgs() {
if dlgMatch(bundle.Decoded, cmd, iss, aud) {
if dlgMatch(bundle.Decoded, issuer, cmd, subject) {
continue
}
candidateLeaf = append(candidateLeaf, bundle)
@@ -79,7 +80,7 @@ func FindProof(dlgs func() iter.Seq[*delegation.Bundle], cmd command.Command, is
// find parent delegation for our current delegation
for candidate := range dlgs() {
if !dlgMatch(candidate.Decoded, at.Decoded.Command(), aud, at.Decoded.Issuer()) {
if !dlgMatch(candidate.Decoded, at.Decoded.Issuer(), at.Decoded.Command(), subject) {
continue
}