diff --git a/toolkit/server/exectx/ucanctx.go b/toolkit/server/exectx/ucanctx.go index 1b4851a..e2a8999 100644 --- a/toolkit/server/exectx/ucanctx.go +++ b/toolkit/server/exectx/ucanctx.go @@ -16,7 +16,7 @@ import ( "github.com/ucan-wg/go-ucan/token/delegation" "github.com/ucan-wg/go-ucan/token/invocation" - "github.com/INFURA/go-ucan-toolkit/server/bearer" + "github.com/INFURA/go-ucan-toolkit/server/extargs" ) var _ delegation.Loader = UcanCtx{} @@ -32,8 +32,8 @@ type UcanCtx struct { meta *meta.Meta // all meta combined, with no overwriting // argument sources - http *bearer.HttpBearer - jsonrpc *bearer.JsonRpcBearer + http *extargs.HttpExtArgs + jsonrpc *extargs.JsonRpcExtArgs } func FromContainer(cont container.Reader) (*UcanCtx, error) { @@ -105,7 +105,7 @@ func (ctn UcanCtx) VerifyHttp(req *http.Request) error { if ctn.http == nil { panic("only use once per request context") } - ctn.http = bearer.NewHttpBearer(ctn.policies, ctn.inv.Arguments(), req) + ctn.http = extargs.NewHttpExtArgs(ctn.policies, ctn.inv.Arguments(), req) return ctn.http.Verify() } @@ -116,7 +116,7 @@ func (ctn UcanCtx) VerifyJsonRpc(req *jsonrpc.Request) error { if ctn.jsonrpc != nil { panic("only use once per request context") } - ctn.jsonrpc = bearer.NewJsonRpcBearer(ctn.policies, ctn.inv.Arguments(), req) + ctn.jsonrpc = extargs.NewJsonRpcExtArgs(ctn.policies, ctn.inv.Arguments(), req) return ctn.jsonrpc.Verify() } diff --git a/toolkit/server/bearer/Readme.md b/toolkit/server/extargs/Readme.md similarity index 87% rename from toolkit/server/bearer/Readme.md rename to toolkit/server/extargs/Readme.md index 9875e33..ecaedf7 100644 --- a/toolkit/server/bearer/Readme.md +++ b/toolkit/server/extargs/Readme.md @@ -1,6 +1,6 @@ ## Motivations -UCAN is normally a pure RPC construct, when the entirety of the request's parameters are part of the invocation, in the form of `args`. Those `args` are evaluated against the delegation's [policy](https://github.com/ucan-wg/delegation/tree/v1_ipld?tab=readme-ov-file#policy) to determine if the request is allowed or not, then the request handling happens purely based on those args and the `command`. In that setup, the service would have a single entry point. +UCAN is normally a pure RPC construct, when the entirety of the request's parameters is part of the invocation, in the form of `args`. Those `args` are evaluated against the delegation's [policy](https://github.com/ucan-wg/delegation/tree/v1_ipld?tab=readme-ov-file#policy) to determine if the request is allowed or not, then the request handling happens purely based on those args and the `command`. In that setup, the service would have a single entry point. Unfortunately, we live in a world of REST APIs, or JSON-RPC. Some adaptations or concessions need to be made. diff --git a/toolkit/server/bearer/http.go b/toolkit/server/extargs/http.go similarity index 79% rename from toolkit/server/bearer/http.go rename to toolkit/server/extargs/http.go index 70d0831..cb33498 100644 --- a/toolkit/server/bearer/http.go +++ b/toolkit/server/extargs/http.go @@ -1,4 +1,4 @@ -package bearer +package extargs import ( "bytes" @@ -21,7 +21,7 @@ import ( // - in the final args to be evaluated against the policies, holds the args derived from the HTTP request const HttpArgsKey = "http" -type HttpBearer struct { +type HttpExtArgs struct { pol policy.Policy originalArgs args.ReadOnly req *http.Request @@ -31,44 +31,44 @@ type HttpBearer struct { argsIpld ipld.Node } -func NewHttpBearer(pol policy.Policy, originalArgs args.ReadOnly, req *http.Request) *HttpBearer { - return &HttpBearer{pol: pol, originalArgs: originalArgs, req: req} +func NewHttpExtArgs(pol policy.Policy, originalArgs args.ReadOnly, req *http.Request) *HttpExtArgs { + return &HttpExtArgs{pol: pol, originalArgs: originalArgs, req: req} } -func (hc *HttpBearer) Verify() error { - if err := hc.makeArgs(); err != nil { +func (hea *HttpExtArgs) Verify() error { + if err := hea.makeArgs(); err != nil { return err } - if err := hc.verifyHash(); err != nil { + if err := hea.verifyHash(); err != nil { return err } - ok, leaf := hc.pol.PartialMatch(hc.argsIpld) + ok, leaf := hea.pol.PartialMatch(hea.argsIpld) if !ok { return fmt.Errorf("the following UCAN policy is not satisfied: %v", leaf.String()) } return nil } -func (hc *HttpBearer) Args() (*args.Args, error) { - if err := hc.makeArgs(); err != nil { +func (hea *HttpExtArgs) Args() (*args.Args, error) { + if err := hea.makeArgs(); err != nil { return nil, err } - return hc.args, nil + return hea.args, nil } -func (hc *HttpBearer) makeArgs() error { +func (hea *HttpExtArgs) makeArgs() error { var outerErr error - hc.once.Do(func() { + hea.once.Do(func() { var err error - hc.args, err = makeHttpArgs(hc.req) + hea.args, err = makeHttpArgs(hea.req) if err != nil { outerErr = err return } - hc.argsIpld, err = hc.args.ToIPLD() + hea.argsIpld, err = hea.args.ToIPLD() if err != nil { outerErr = err return @@ -77,8 +77,8 @@ func (hc *HttpBearer) makeArgs() error { return outerErr } -func (hc *HttpBearer) verifyHash() error { - n, err := hc.originalArgs.GetNode(HttpArgsKey) +func (hea *HttpExtArgs) verifyHash() error { + n, err := hea.originalArgs.GetNode(HttpArgsKey) if err != nil { // no hash found, nothing to verify return nil @@ -89,7 +89,7 @@ func (hc *HttpBearer) verifyHash() error { return fmt.Errorf("http args hash should be a string") } - data, err := ipld.Encode(hc.argsIpld, dagcbor.Encode) + data, err := ipld.Encode(hea.argsIpld, dagcbor.Encode) if err != nil { return fmt.Errorf("can't encode derived args in dag-cbor: %w", err) } diff --git a/toolkit/server/bearer/http_test.go b/toolkit/server/extargs/http_test.go similarity index 97% rename from toolkit/server/bearer/http_test.go rename to toolkit/server/extargs/http_test.go index 7849a26..401bd3a 100644 --- a/toolkit/server/bearer/http_test.go +++ b/toolkit/server/extargs/http_test.go @@ -1,4 +1,4 @@ -package bearer +package extargs import ( "net/http" @@ -107,7 +107,7 @@ func TestHttp(t *testing.T) { // we don't test the args hash here emptyArgs := args.New().ReadOnly() - ctx := NewHttpBearer(pol, emptyArgs, r) + ctx := NewHttpExtArgs(pol, emptyArgs, r) _, err := ctx.Args() require.NoError(t, err) @@ -173,7 +173,7 @@ func TestHttpHash(t *testing.T) { err := invArgs.Add(HttpArgsKey, tc.hash) require.NoError(t, err) - ctx := NewHttpBearer(pol, invArgs.ReadOnly(), req) + ctx := NewHttpExtArgs(pol, invArgs.ReadOnly(), req) if tc.expected { require.NoError(t, ctx.Verify()) diff --git a/toolkit/server/bearer/jsonrpc.go b/toolkit/server/extargs/jsonrpc.go similarity index 78% rename from toolkit/server/bearer/jsonrpc.go rename to toolkit/server/extargs/jsonrpc.go index 27bbb8f..418f844 100644 --- a/toolkit/server/bearer/jsonrpc.go +++ b/toolkit/server/extargs/jsonrpc.go @@ -1,4 +1,4 @@ -package bearer +package extargs import ( "bytes" @@ -23,7 +23,7 @@ import ( // - in the final args to be evaluated against the policies, holds the args derived from the JsonRpc request const JsonRpcArgsKey = "jsonrpc" -type JsonRpcBearer struct { +type JsonRpcExtArgs struct { pol policy.Policy originalArgs args.ReadOnly req *jsonrpc.Request @@ -33,44 +33,44 @@ type JsonRpcBearer struct { argsIpld ipld.Node } -func NewJsonRpcBearer(pol policy.Policy, originalArgs args.ReadOnly, req *jsonrpc.Request) *JsonRpcBearer { - return &JsonRpcBearer{pol: pol, originalArgs: originalArgs, req: req} +func NewJsonRpcExtArgs(pol policy.Policy, originalArgs args.ReadOnly, req *jsonrpc.Request) *JsonRpcExtArgs { + return &JsonRpcExtArgs{pol: pol, originalArgs: originalArgs, req: req} } -func (jrc *JsonRpcBearer) Verify() error { - if err := jrc.makeArgs(); err != nil { +func (jrea *JsonRpcExtArgs) Verify() error { + if err := jrea.makeArgs(); err != nil { return err } - if err := jrc.verifyHash(); err != nil { + if err := jrea.verifyHash(); err != nil { return err } - ok, leaf := jrc.pol.PartialMatch(jrc.argsIpld) + ok, leaf := jrea.pol.PartialMatch(jrea.argsIpld) if !ok { return fmt.Errorf("the following UCAN policy is not satisfied: %v", leaf.String()) } return nil } -func (jrc *JsonRpcBearer) Args() (*args.Args, error) { - if err := jrc.makeArgs(); err != nil { +func (jrea *JsonRpcExtArgs) Args() (*args.Args, error) { + if err := jrea.makeArgs(); err != nil { return nil, err } - return jrc.args, nil + return jrea.args, nil } -func (jrc *JsonRpcBearer) makeArgs() error { +func (jrea *JsonRpcExtArgs) makeArgs() error { var outerErr error - jrc.once.Do(func() { + jrea.once.Do(func() { var err error - jrc.args, err = makeJsonRpcArgs(jrc.req) + jrea.args, err = makeJsonRpcArgs(jrea.req) if err != nil { outerErr = err return } - jrc.argsIpld, err = jrc.args.ToIPLD() + jrea.argsIpld, err = jrea.args.ToIPLD() if err != nil { outerErr = err return @@ -79,8 +79,8 @@ func (jrc *JsonRpcBearer) makeArgs() error { return outerErr } -func (jrc *JsonRpcBearer) verifyHash() error { - n, err := jrc.originalArgs.GetNode(JsonRpcArgsKey) +func (jrea *JsonRpcExtArgs) verifyHash() error { + n, err := jrea.originalArgs.GetNode(JsonRpcArgsKey) if err != nil { // no hash found, nothing to verify return nil @@ -91,7 +91,7 @@ func (jrc *JsonRpcBearer) verifyHash() error { return fmt.Errorf("jsonrpc args hash should be a string") } - data, err := ipld.Encode(jrc.argsIpld, dagcbor.Encode) + data, err := ipld.Encode(jrea.argsIpld, dagcbor.Encode) if err != nil { return fmt.Errorf("can't encode derived args in dag-cbor: %w", err) } diff --git a/toolkit/server/bearer/jsonrpc_test.go b/toolkit/server/extargs/jsonrpc_test.go similarity index 97% rename from toolkit/server/bearer/jsonrpc_test.go rename to toolkit/server/extargs/jsonrpc_test.go index 41791d8..1346f1d 100644 --- a/toolkit/server/bearer/jsonrpc_test.go +++ b/toolkit/server/extargs/jsonrpc_test.go @@ -1,4 +1,4 @@ -package bearer +package extargs import ( "testing" @@ -97,7 +97,7 @@ func TestJsonRpc(t *testing.T) { // we don't test the args hash here emptyArgs := args.New().ReadOnly() - ctx := NewJsonRpcBearer(tc.pol, emptyArgs, tc.req) + ctx := NewJsonRpcExtArgs(tc.pol, emptyArgs, tc.req) _, err := ctx.Args() require.NoError(t, err) @@ -152,7 +152,7 @@ func TestJsonRpcHash(t *testing.T) { err := invArgs.Add(JsonRpcArgsKey, tc.hash) require.NoError(t, err) - ctx := NewJsonRpcBearer(pol, invArgs.ReadOnly(), req) + ctx := NewJsonRpcExtArgs(pol, invArgs.ReadOnly(), req) if tc.expected { require.NoError(t, ctx.Verify())