Merge pull request #60 from ucan-wg/wip
feat(invocation): add token validation prior to execution
This commit is contained in:
Michael Muré
@@ -6,11 +6,13 @@ package args
|
||||
import (
|
||||
"fmt"
|
||||
"sort"
|
||||
"strings"
|
||||
|
||||
"github.com/ipld/go-ipld-prime"
|
||||
"github.com/ipld/go-ipld-prime/datamodel"
|
||||
"github.com/ipld/go-ipld-prime/fluent/qp"
|
||||
"github.com/ipld/go-ipld-prime/node/basicnode"
|
||||
"github.com/ipld/go-ipld-prime/printer"
|
||||
|
||||
"github.com/ucan-wg/go-ucan/pkg/policy/literal"
|
||||
)
|
||||
@@ -70,6 +72,7 @@ func (a *Args) Include(other *Args) {
|
||||
// ToIPLD wraps an instance of an Args with an ipld.Node.
|
||||
func (a *Args) ToIPLD() (ipld.Node, error) {
|
||||
sort.Strings(a.Keys)
|
||||
|
||||
return qp.BuildMap(basicnode.Prototype.Any, int64(len(a.Keys)), func(ma datamodel.MapAssembler) {
|
||||
for _, key := range a.Keys {
|
||||
qp.MapEntry(ma, key, qp.Node(a.Values[key]))
|
||||
@@ -92,3 +95,43 @@ func (a *Args) Equals(other *Args) bool {
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
func (a *Args) String() string {
|
||||
sort.Strings(a.Keys)
|
||||
|
||||
buf := strings.Builder{}
|
||||
buf.WriteString("{")
|
||||
|
||||
for _, key := range a.Keys {
|
||||
buf.WriteString("\n\t")
|
||||
buf.WriteString(key)
|
||||
buf.WriteString(": ")
|
||||
buf.WriteString(strings.ReplaceAll(printer.Sprint(a.Values[key]), "\n", "\n\t"))
|
||||
buf.WriteString(",")
|
||||
}
|
||||
|
||||
if len(a.Keys) > 0 {
|
||||
buf.WriteString("\n")
|
||||
}
|
||||
buf.WriteString("}")
|
||||
|
||||
return buf.String()
|
||||
}
|
||||
|
||||
// ReadOnly returns a read-only version of Args.
|
||||
func (a *Args) ReadOnly() ReadOnly {
|
||||
return ReadOnly{args: a}
|
||||
}
|
||||
|
||||
// Clone makes a deep copy.
|
||||
func (a *Args) Clone() *Args {
|
||||
res := &Args{
|
||||
Keys: make([]string, len(a.Keys)),
|
||||
Values: make(map[string]ipld.Node, len(a.Values)),
|
||||
}
|
||||
copy(res.Keys, a.Keys)
|
||||
for k, v := range a.Values {
|
||||
res.Values[k] = v
|
||||
}
|
||||
return res
|
||||
}
|
||||
|
||||
23
pkg/args/readonly.go
Normal file
23
pkg/args/readonly.go
Normal file
@@ -0,0 +1,23 @@
|
||||
package args
|
||||
|
||||
import "github.com/ipld/go-ipld-prime"
|
||||
|
||||
type ReadOnly struct {
|
||||
args *Args
|
||||
}
|
||||
|
||||
func (r ReadOnly) ToIPLD() (ipld.Node, error) {
|
||||
return r.args.ToIPLD()
|
||||
}
|
||||
|
||||
func (r ReadOnly) Equals(other *Args) bool {
|
||||
return r.args.Equals(other)
|
||||
}
|
||||
|
||||
func (r ReadOnly) String() string {
|
||||
return r.args.String()
|
||||
}
|
||||
|
||||
func (r ReadOnly) WriteableClone() *Args {
|
||||
return r.args.Clone()
|
||||
}
|
||||
@@ -2,6 +2,7 @@ package container
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"iter"
|
||||
@@ -34,13 +35,16 @@ func (ctn Reader) GetToken(cid cid.Cid) (token.Token, error) {
|
||||
// GetDelegation is the same as GetToken but only return a delegation.Token, with the right type.
|
||||
func (ctn Reader) GetDelegation(cid cid.Cid) (*delegation.Token, error) {
|
||||
tkn, err := ctn.GetToken(cid)
|
||||
if errors.Is(err, ErrNotFound) {
|
||||
return nil, delegation.ErrDelegationNotFound
|
||||
}
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if tkn, ok := tkn.(*delegation.Token); ok {
|
||||
return tkn, nil
|
||||
}
|
||||
return nil, fmt.Errorf("not a delegation token")
|
||||
return nil, delegation.ErrDelegationNotFound
|
||||
}
|
||||
|
||||
// GetAllDelegations returns all the delegation.Token in the container.
|
||||
|
||||
@@ -12,9 +12,7 @@ import (
|
||||
"github.com/ucan-wg/go-ucan/pkg/policy/literal"
|
||||
)
|
||||
|
||||
var ErrUnsupported = errors.New("failure adding unsupported type to meta")
|
||||
|
||||
var ErrNotFound = errors.New("key-value not found in meta")
|
||||
var ErrNotFound = errors.New("key not found in meta")
|
||||
|
||||
var ErrNotEncryptable = errors.New("value of this type cannot be encrypted")
|
||||
|
||||
@@ -193,18 +191,19 @@ func (m *Meta) String() string {
|
||||
buf := strings.Builder{}
|
||||
buf.WriteString("{")
|
||||
|
||||
var i int
|
||||
for key, node := range m.Values {
|
||||
if i > 0 {
|
||||
buf.WriteString(", ")
|
||||
}
|
||||
i++
|
||||
buf.WriteString("\n\t")
|
||||
buf.WriteString(key)
|
||||
buf.WriteString(":")
|
||||
buf.WriteString(printer.Sprint(node))
|
||||
buf.WriteString(": ")
|
||||
buf.WriteString(strings.ReplaceAll(printer.Sprint(node), "\n", "\n\t"))
|
||||
buf.WriteString(",")
|
||||
}
|
||||
|
||||
if len(m.Values) > 0 {
|
||||
buf.WriteString("\n")
|
||||
}
|
||||
buf.WriteString("}")
|
||||
|
||||
return buf.String()
|
||||
}
|
||||
|
||||
|
||||
@@ -37,6 +37,37 @@ func ExamplePolicy() {
|
||||
// ]
|
||||
}
|
||||
|
||||
func ExamplePolicy_accumulate() {
|
||||
var statements []policy.Constructor
|
||||
|
||||
statements = append(statements, policy.Equal(".status", literal.String("draft")))
|
||||
|
||||
statements = append(statements, policy.All(".reviewer",
|
||||
policy.Like(".email", "*@example.com"),
|
||||
))
|
||||
|
||||
statements = append(statements, policy.Any(".tags", policy.Or(
|
||||
policy.Equal(".", literal.String("news")),
|
||||
policy.Equal(".", literal.String("press")),
|
||||
)))
|
||||
|
||||
pol := policy.MustConstruct(statements...)
|
||||
|
||||
fmt.Println(pol)
|
||||
|
||||
// Output:
|
||||
// [
|
||||
// ["==", ".status", "draft"],
|
||||
// ["all", ".reviewer",
|
||||
// ["like", ".email", "*@example.com"]],
|
||||
// ["any", ".tags",
|
||||
// ["or", [
|
||||
// ["==", ".", "news"],
|
||||
// ["==", ".", "press"]]]
|
||||
// ]
|
||||
// ]
|
||||
}
|
||||
|
||||
func TestConstruct(t *testing.T) {
|
||||
pol, err := policy.Construct(
|
||||
policy.Equal(".status", literal.String("draft")),
|
||||
|
||||
Reference in New Issue
Block a user