Public
Edited
Nov 17, 2023
3 forks
ucanto = await import('https://cdn.skypack.dev/@ucanto/core@5.0.0?min');
client = await import('https://cdn.skypack.dev/@ucanto/client@5.0.0?min');
transport = await import('https://cdn.skypack.dev/@ucanto/transport@5.0.0?min')
principal = await import('https://cdn.skypack.dev/@ucanto/principal@5.0.2?min')
params = Object.fromEntries(new URLSearchParams(html`<a href>`.search).entries())
web3storage = client.connect({
id: {
did: () => 'did:web:web3.storage'
},
encoder: transport.CAR,
decoder: transport.CBOR,
channel: transport.HTTP.open({
url: new URL('https://access.web3.storage/'),
})
})
// https://github.com/web3-storage/specs/blob/main/w3-session.md#authorization-request-example
invokeAccessAuthorizeToAuthenticateAsAccount = await ucanto.invoke({
issuer: deviceA,
audience: web3storage.id,
capability: {
with: deviceA.did(),
can: 'access/authorize',
nb: {
iss: accountDID,
att: [
{can:"store/*"},
{can: "provider/add"},
],
}
}
})
authenticationResult = await invokeAccessAuthorizeToAuthenticateAsAccount.execute(web3storage)
authenticationResult.message
function assertNotError(result) {
if ('error' in result) {
throw new Error(`unexpected error result: ${result.message}`)
}
}
assertNotError(authenticationResult)
claimAsDeviceA = clickedConfirmEmail, await ucanto.invoke({
issuer: deviceA,
audience: web3storage.id,
capability: {
with: deviceA.did(),
can: `access/claim`,
}
})
claimAsDeviceAResult = await claimAsDeviceA.execute(web3storage)
async function bytesToDelegation(bytes) {
const { roots, blocks } = await transport.CAR.codec.decode(bytes)
if (roots.length !== 1) throw new Error(`unexpected number of roots: ${roots.length}`)
return ucanto.Delegation.create({ root: roots[0], blocks })
}
claimAsDeviceADelegations = await Promise.all(Object.values(claimAsDeviceAResult.delegations).map(bytesToDelegation))
spaceA = await principal.ed25519.generate()
viewof storageProvider = Inputs.radio([web3storageProvider, nftStorageProvider], {label: "Storage Provider"})
// add provider: https://github.com/web3-storage/specs/blob/main/w3-provider.md#add-paid-provider
addStorageProvider = claimAsDeviceADelegations, storageProvider && await ucanto.invoke({
issuer: deviceA,
audience: web3storage.id,
capability: {
can: 'provider/add',
with: accountDID,
nb: {
provider: storageProvider,
consumer: spaceA.did(),
}
},
proofs: claimAsDeviceADelegations
})
addStorageProviderResult = addStorageProvider && await addStorageProvider.execute(web3storage)
addStorageProviderResult
addStorageProviderResult && assertNotError(addStorageProviderResult)
storage provider added
function authorizeAccessDelegateWithSpace (issuer, audience, space) {
return ucanto.delegate({
issuer,
audience,
capabilities: [
{
can: 'access/delegate',
with: spaceA.did(),
},
]
})
}
createSpaceASaysDeviceACanAccessDelegateWithSpaceA = () => authorizeAccessDelegateWithSpace(spaceA, deviceA, spaceA)
spaceASaysAccountACanAccessSpaceA = await ucanto.delegate({
issuer: spaceA,
audience: { did: () => accountDID },
capabilities: [
{
can: 'store/add',
with: spaceA.did(),
},
{
can: 'space/info',
with: spaceA.did(),
},
],
expiration: Infinity,
})
spaceASaysAccountACanAccessSpaceA.cid.toString()
delegateAccessSpaceAToAccount = addStorageProviderResult, await ucanto.invoke({
issuer: deviceA,
audience: web3storage.id,
capability: {
can: 'access/delegate',
with: spaceA.did(),
nb: {
delegations: {
[spaceASaysAccountACanAccessSpaceA.cid.toString()]: spaceASaysAccountACanAccessSpaceA.cid
}
}
},
proofs: [
await createSpaceASaysDeviceACanAccessDelegateWithSpaceA(),
// must be embedded here because it's referenced by cid in .nb.delegations
spaceASaysAccountACanAccessSpaceA,
]
})
delegateAccessSpaceAToAccountResult = await delegateAccessSpaceAToAccount.execute(web3storage)
delegateAccessSpaceAToAccountResult.message
deviceB = await principal.ed25519.generate()
deviceBDid = deviceB.did()
requestAuthorizeFromAccountToDeviceBRequest = await ucanto.invoke({
issuer: deviceB,
audience: web3storage.id,
capability: {
can: 'access/authorize',
with: deviceB.did(),
nb: {
iss: accountDID,
att: [
{can:"space/info"},
{can:"access/claim"},
{can: "provider/add"},
],
}
}
}).delegate()
requestAuthorizeFromAccountToDeviceBResult = {
if (!clickedConfirmEmail) {
return false
}
const [requestAuthorizeFromAccountToDeviceBResult] = await web3storage.execute(requestAuthorizeFromAccountToDeviceBRequest)
return requestAuthorizeFromAccountToDeviceBResult
}
claimAsDeviceBRequest = clickedConfirmEmailDeviceB, await ucanto.invoke({
issuer: deviceB,
audience: web3storage.id,
capability: {
can: 'access/claim',
with: deviceB.did(),
}
}).delegate()
claimAsDeviceBResponse = {
const [result] = await web3storage.execute(claimAsDeviceBRequest)
return result
}
{
if (claimAsDeviceBResponse.error) {
return claimAsDeviceBResponse.message
}
}
deviceBAccountProofs = await Promise.all(Object.values(claimAsDeviceBResponse.delegations).map(d => bytesToDelegation(d)))
claimWithAccountAsDeviceB = await ucanto.invoke({
issuer: deviceB,
audience: web3storage.id,
capability: {
can: 'access/claim',
with: accountDID,
},
proofs: [
...deviceBAccountProofs,
]
}).delegate()
claimWithAccountAsDeviceBResult = {
const [result] = await web3storage.execute(claimWithAccountAsDeviceB)
return result
}
accountDelegationsAsDeviceBAll = (!claimWithAccountAsDeviceBResult?.error) ? await decodeClaimResult(claimWithAccountAsDeviceBResult) : []
accountDelegationsAsDeviceB = accountDelegationsAsDeviceBAll?.filter(d => ! isDelegationExpired(d))
spaceInfoAsDeviceB = accountDelegationsAsDeviceB && await ucanto.invoke({
issuer: deviceB,
audience: web3storage.id,
capability: {
can: 'space/info',
with: spaceA.did(),
},
proofs: [
...accountDelegationsAsDeviceB,
...deviceBAccountProofs,
]
}).delegate()
spaceInfoAsDeviceBResult = {
const [result] = await web3storage.execute(spaceInfoAsDeviceB)
return result
}
resultErrorMessage(spaceInfoAsDeviceBResult)
function isDelegationExpired(d) {
return d.expiration < Date.now()
}
function resultErrorMessage(result) {
if (result.error) {
return result.message
}
}
Purpose-built for displays of data
Observable is your go-to platform for exploring data and creating expressive data visualizations. Use reactive JavaScript notebooks for prototyping and a collaborative canvas for visual data exploration and dashboard creation.
