go/ucan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wip API exploration

Browse Source
This commit is contained in:
Michael Muré
2024-10-18 10:48:47 +02:00
parent 9057cbcba6
commit 89e4d5d419
4 changed files with 69 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
token/delegation/delegation.go
View File

@@ -153,6 +153,24 @@ func (t *Token) Expiration() *time.Time {
return t.expiration return t.expiration
} }
// IsValidNow verifies that the token can be used at the current time, based on expiration or "not before" fields.
// This does NOT do any other kind of verifications.
func (t *Token) IsValidNow() bool {
return t.IsValidAt(time.Now())
}
// IsValidNow verifies that the token can be used at the given time, based on expiration or "not before" fields.
// This does NOT do any other kind of verifications.
func (t *Token) IsValidAt(ti time.Time) bool {
if t.expiration == nil && ti.After(*t.expiration) {
return false
}
if t.notBefore != nil && ti.Before(*t.notBefore) {
return false
}
return true
}
func (t *Token) validate() error { func (t *Token) validate() error {
var errs error var errs error

15
token/interface.go
View File

@@ -2,11 +2,11 @@ package token
import ( import (
"io" "io"
"time"
"github.com/ipfs/go-cid" "github.com/ipfs/go-cid"
"github.com/ipld/go-ipld-prime/codec" "github.com/ipld/go-ipld-prime/codec"
"github.com/libp2p/go-libp2p/core/crypto" "github.com/libp2p/go-libp2p/core/crypto"
"github.com/ucan-wg/go-ucan/did" "github.com/ucan-wg/go-ucan/did"
"github.com/ucan-wg/go-ucan/pkg/meta" "github.com/ucan-wg/go-ucan/pkg/meta"
) )
@@ -18,6 +18,19 @@ type Token interface {
Issuer() did.DID Issuer() did.DID
// Meta returns the Token's metadata. // Meta returns the Token's metadata.
Meta() meta.ReadOnly Meta() meta.ReadOnly
// TODO: not sure we actually need that interface
// IsValidNow verifies that the token can be used at the current time, based on expiration or "not before" fields.
// This does NOT do any other kind of verifications.
IsValidNow() bool
// IsValidNow verifies that the token can be used at the given time, based on expiration or "not before" fields.
// This does NOT do any other kind of verifications.
IsValidAt(t time.Time) bool
// // Issuer returns the did.DID representing the Token's issuer.
// Issuer() did.DID
// // Meta returns the Token's metadata.
// Meta() *meta.Meta
} }
type Marshaller interface { type Marshaller interface {

3
token/internal/envelope/ipld.go
View File

@@ -187,8 +187,7 @@ func FromIPLD[T Tokener](node datamodel.Node) (T, error) {
return zero, errors.New("the VarsigHeader key type doesn't match the issuer's key type") return zero, errors.New("the VarsigHeader key type doesn't match the issuer's key type")
} }
// TODO: this re-encode the payload! Is there a less wasteful way? // TODO: can we use the already serialized CBOR data here, instead of encoding again the payload?
data, err := ipld.Encode(info.sigPayloadNode, dagcbor.Encode) data, err := ipld.Encode(info.sigPayloadNode, dagcbor.Encode)
if err != nil { if err != nil {
return zero, err return zero, err

39
token/invocation/invocation.go
View File

@@ -18,6 +18,7 @@ import (
"github.com/ucan-wg/go-ucan/pkg/args" "github.com/ucan-wg/go-ucan/pkg/args"
"github.com/ucan-wg/go-ucan/pkg/command" "github.com/ucan-wg/go-ucan/pkg/command"
"github.com/ucan-wg/go-ucan/pkg/meta" "github.com/ucan-wg/go-ucan/pkg/meta"
"github.com/ucan-wg/go-ucan/token/delegation"
"github.com/ucan-wg/go-ucan/token/internal/nonce" "github.com/ucan-wg/go-ucan/token/internal/nonce"
"github.com/ucan-wg/go-ucan/token/internal/parse" "github.com/ucan-wg/go-ucan/token/internal/parse"
) )
@@ -33,11 +34,12 @@ type Token struct {
// The Command // The Command
command command.Command command command.Command
// The Command's Arguments // The Command's arguments
arguments *args.Args arguments *args.Args
// Delegations that prove the chain of authority // CIDs of the delegation.Token that prove the chain of authority
// They need to form a strictly linear chain, and being ordered starting from the root Delegation (issued by the Subject),
// in a strict sequence where the aud of the previous Delegation matches the iss of the next Delegation.
proof []cid.Cid proof []cid.Cid
// Arbitrary Metadata // Arbitrary Metadata
meta *meta.Meta meta *meta.Meta
@@ -98,6 +100,22 @@ func New(iss, sub did.DID, cmd command.Command, prf []cid.Cid, opts ...Option) (
return &tkn, nil return &tkn, nil
} }
type DelegationLoader interface {
GetDelegation(cid cid.Cid) (*delegation.Token, error)
}
func (t *Token) ExecutionAllowed(loader DelegationLoader) bool {
return t.executionAllowed(loader, t.arguments)
}
func (t *Token) ExecutionAllowedWithArgsHook(loader DelegationLoader, hook func(*args.Args) *args.Args) bool {
return t.executionAllowed(loader, hook(t.arguments))
}
func (t *Token) executionAllowed(loader DelegationLoader, arguments *args.Args) bool {
panic("TODO")
}
// Issuer returns the did.DID representing the Token's issuer. // Issuer returns the did.DID representing the Token's issuer.
func (t *Token) Issuer() did.DID { func (t *Token) Issuer() did.DID {
return t.issuer return t.issuer
@@ -157,6 +175,21 @@ func (t *Token) Cause() *cid.Cid {
return t.cause return t.cause
} }
// IsValidNow verifies that the token can be used at the current time, based on expiration or "not before" fields.
// This does NOT do any other kind of verifications.
func (t *Token) IsValidNow() bool {
return t.IsValidAt(time.Now())
}
// IsValidNow verifies that the token can be used at the given time, based on expiration or "not before" fields.
// This does NOT do any other kind of verifications.
func (t *Token) IsValidAt(ti time.Time) bool {
if t.expiration == nil && ti.After(*t.expiration) {
return false
}
return true
}
func (t *Token) validate() error { func (t *Token) validate() error {
var errs error var errs error