ucanto + w3up - access/delegate / Benjamin Goering

Benjamin Goering

Workspace

Public

Edited

Nov 16, 2023

Fork of ucanto + w3up - access/delegate

w3upClient = await import('https://cdn.skypack.dev/@web3-storage/w3up-client@11.0.1?min');

ucanto = await import('https://cdn.skypack.dev/@ucanto/core@5.0.0?min');

client = await import('https://cdn.skypack.dev/@ucanto/client@5.0.0?min');

transport = await import('https://cdn.skypack.dev/@ucanto/transport@5.0.0?min')

principal = await import('https://cdn.skypack.dev/@ucanto/principal@5.0.2?min')

params = Object.fromEntries(new URLSearchParams(html`<a href>`.search).entries())

web3storage = client.connect({

id: {

did: () => 'did:web:web3.storage'

encoder: transport.CAR,

decoder: transport.CBOR,

channel: transport.HTTP.open({

url: new URL('https://access.web3.storage/'),

})

// https://github.com/web3-storage/specs/blob/main/w3-session.md#authorization-request-example

invokeAccessAuthorizeToAuthenticateAsAccount = await ucanto.invoke({

issuer: deviceA,

audience: web3storage.id,

capability: {

with: deviceA.did(),

can: 'access/authorize',

nb: {

iss: accountDID,

att: [

{can:"store/*"},

{can: "provider/add"},

}

})

authenticationResult = await invokeAccessAuthorizeToAuthenticateAsAccount.execute(web3storage)

authenticationResult.message

function assertNotError(result) {

if ('error' in result) {

throw new Error(`unexpected error result: ${result.message}`)

}

assertNotError(authenticationResult)

claimAsDeviceA = clickedConfirmEmail, await ucanto.invoke({

issuer: deviceA,

audience: web3storage.id,

capability: {

with: deviceA.did(),

can: `access/claim`,

}

})

claimAsDeviceAResult = await claimAsDeviceA.execute(web3storage)

async function bytesToDelegation(bytes) {

const { roots, blocks } = await transport.CAR.codec.decode(bytes)

if (roots.length !== 1) throw new Error(`unexpected number of roots: ${roots.length}`)

return ucanto.Delegation.create({ root: roots[0], blocks })

}

claimAsDeviceADelegations = await Promise.all(Object.values(claimAsDeviceAResult.delegations).map(bytesToDelegation))

spaceA = await principal.ed25519.generate()

viewof storageProvider = Inputs.radio([web3storageProvider, nftStorageProvider], {label: "Storage Provider"})

// add provider: https://github.com/web3-storage/specs/blob/main/w3-provider.md#add-paid-provider

addStorageProvider = claimAsDeviceADelegations, storageProvider && await ucanto.invoke({

issuer: deviceA,

audience: web3storage.id,

capability: {

can: 'provider/add',

with: accountDID,

nb: {

provider: storageProvider,

consumer: spaceA.did(),

}

proofs: claimAsDeviceADelegations

})

addStorageProviderResult = addStorageProvider && await addStorageProvider.execute(web3storage)

addStorageProviderResult

addStorageProviderResult && assertNotError(addStorageProviderResult)

* storage provider added

function authorizeAccessDelegateWithSpace (issuer, audience, space) {

return ucanto.delegate({

issuer,

audience,

capabilities: [

{

can: 'access/delegate',

with: spaceA.did(),

]

})

}

createSpaceASaysDeviceACanAccessDelegateWithSpaceA = () => authorizeAccessDelegateWithSpace(spaceA, deviceA, spaceA)

spaceASaysAccountACanAccessSpaceA = await ucanto.delegate({

issuer: spaceA,

audience: { did: () => accountDID },

capabilities: [

{

can: 'store/add',

with: spaceA.did(),

{

can: 'space/info',

with: spaceA.did(),

expiration: Infinity,

})

spaceASaysAccountACanAccessSpaceA.cid.toString()

delegateAccessSpaceAToAccount = addStorageProviderResult, await ucanto.invoke({

issuer: deviceA,

audience: web3storage.id,

capability: {

can: 'access/delegate',

with: spaceA.did(),

nb: {

delegations: {

[spaceASaysAccountACanAccessSpaceA.cid.toString()]: spaceASaysAccountACanAccessSpaceA.cid

}

proofs: [

await createSpaceASaysDeviceACanAccessDelegateWithSpaceA(),

// must be embedded here because it's referenced by cid in .nb.delegations

spaceASaysAccountACanAccessSpaceA,

]

})

delegateAccessSpaceAToAccountResult = await delegateAccessSpaceAToAccount.execute(web3storage)

delegateAccessSpaceAToAccountResult.message

deviceB = await principal.ed25519.generate()

deviceBDid = deviceB.did()

requestAuthorizeFromAccountToDeviceBRequest = await ucanto.invoke({

issuer: deviceB,

audience: web3storage.id,

capability: {

can: 'access/authorize',

with: deviceB.did(),

nb: {

iss: accountDID,

att: [

{can:"space/info"},

{can:"access/claim"},

{can: "provider/add"},

}

}).delegate()

requestAuthorizeFromAccountToDeviceBResult = {

if (!clickedConfirmEmail) {

return false

}

const [requestAuthorizeFromAccountToDeviceBResult] = await web3storage.execute(requestAuthorizeFromAccountToDeviceBRequest)

return requestAuthorizeFromAccountToDeviceBResult

}

claimAsDeviceBRequest = clickedConfirmEmailDeviceB, await ucanto.invoke({

issuer: deviceB,

audience: web3storage.id,

capability: {

can: 'access/claim',

with: deviceB.did(),

}

}).delegate()

claimAsDeviceBResponse = {

const [result] = await web3storage.execute(claimAsDeviceBRequest)

return result

}

{

if (claimAsDeviceBResponse.error) {

return claimAsDeviceBResponse.message

}

deviceBAccountProofs = await Promise.all(Object.values(claimAsDeviceBResponse.delegations).map(d => bytesToDelegation(d)))

claimWithAccountAsDeviceB = await ucanto.invoke({

issuer: deviceB,

audience: web3storage.id,

capability: {

can: 'access/claim',

with: accountDID,

proofs: [

...deviceBAccountProofs,

]

}).delegate()

claimWithAccountAsDeviceBResult = {

const [result] = await web3storage.execute(claimWithAccountAsDeviceB)

return result

}

accountDelegationsAsDeviceBAll = await decodeClaimResult(claimWithAccountAsDeviceBResult)

accountDelegationsAsDeviceB = accountDelegationsAsDeviceBAll.filter(d => ! isDelegationExpired(d))

providerAddAsDeviceBRequest = await ucanto.invoke({

issuer: deviceB,

audience: web3storage.id,

capability: {

with: accountDID,

can: 'provider/add',

nb: {

consumer: spaceA.did(),

provider: web3storage.id.did(),

}

proofs: [

...deviceBAccountProofs,

]

}).delegate()

providerAddAsDeviceBResult = {

const [result] = await web3storage.execute(providerAddAsDeviceBRequest)

return result

}

resultErrorMessage(providerAddAsDeviceBResult)

spaceInfoAsDeviceB = await ucanto.invoke({

issuer: deviceB,

audience: web3storage.id,

capability: {

can: 'space/info',

with: spaceA.did(),

proofs: [

...accountDelegationsAsDeviceB,

...deviceBAccountProofs,

]

}).delegate()

spaceInfoAsDeviceBResult = {

const [result] = await web3storage.execute(spaceInfoAsDeviceB)

return result

}

resultErrorMessage(spaceInfoAsDeviceBResult)

function isDelegationExpired(d) {

return d.expiration < Date.now()

}

function resultErrorMessage(result) {

if (result.error) {

return result.message

}

await web3stroage.execute(

await ucanto.invoke({

issuer: deviceB,

audience: web3storage.id,

capability: {

can: 'store/add',

with: spaceA.did(),

nb: {

}

}).delegate()

)

One platform to build and deploy the best data apps

Experiment and prototype by building visualizations in live JavaScript notebooks. Collaborate with your team and decide which concepts to build out.

Use Observable Framework to build data apps locally. Use data loaders to build in any language or library, including Python, SQL, and R.

Seamlessly deploy to Observable. Test before you ship, use automatic deploy-on-commit, and ensure your projects are always up-to-date.

Learn more