sonr/crypto/ucan/exports.go

package ucan

import (
	"fmt"

	"github.com/onsonr/sonr/crypto/ucan/attns/capability"
	"github.com/onsonr/sonr/crypto/ucan/attns/policytype"
	"github.com/onsonr/sonr/crypto/ucan/attns/resourcetype"
)

var EmptyAttenuation = Attenuation{
	Cap: Capability(nil),
	Rsc: Resource(nil),
}

const (
	// Owner
	CapOwner    = capability.CAPOWNER
	CapOperator = capability.CAPOPERATOR
	CapObserver = capability.CAPOBSERVER

	// Auth
	CapAuthenticate = capability.CAPAUTHENTICATE
	CapAuthorize    = capability.CAPAUTHORIZE
	CapDelegate     = capability.CAPDELEGATE
	CapInvoke       = capability.CAPINVOKE
	CapExecute      = capability.CAPEXECUTE
	CapPropose      = capability.CAPPROPOSE
	CapSign         = capability.CAPSIGN
	CapSetPolicy    = capability.CAPSETPOLICY
	CapSetThreshold = capability.CAPSETTHRESHOLD
	CapRecover      = capability.CAPRECOVER
	CapSocial       = capability.CAPSOCIAL
	CapResolver     = capability.CAPRESOLVER
	CapProducer     = capability.CAPPRODUCER

	// Resources
	ResAccount     = resourcetype.RESACCOUNT
	ResTransaction = resourcetype.RESTRANSACTION
	ResPolicy      = resourcetype.RESPOLICY
	ResRecovery    = resourcetype.RESRECOVERY
	ResVault       = resourcetype.RESVAULT
	ResIPFS        = resourcetype.RESIPFS
	ResIPNS        = resourcetype.RESIPNS
	ResKeyShare    = resourcetype.RESKEYSHARE

	// PolicyTypes
	PolicyThreshold = policytype.POLICYTHRESHOLD
	PolicyTimelock  = policytype.POLICYTIMELOCK
	PolicyWhitelist = policytype.POLICYWHITELIST
	PolicyKeyShare  = policytype.POLICYKEYGEN
)

// NewVaultResource creates a new resource identifier
func NewResource(resType resourcetype.ResourceType, path string) Resource {
	return NewStringLengthResource(string(resType), path)
}

// Permissions represents the type of attenuation
type Permissions string

const (
	// AccountPermissions represents the smart account attenuation
	AccountPermissions = Permissions("account")

	// ServicePermissions represents the service attenuation
	ServicePermissions = Permissions("service")

	// VaultPermissions represents the vault attenuation
	VaultPermissions = Permissions("vault")
)

// Cap returns the capability for the given AttenuationPreset
func (a Permissions) NewCap(c capability.Capability) Capability {
	return a.GetCapabilities().Cap(c.String())
}

// NestedCapabilities returns the nested capabilities for the given AttenuationPreset
func (a Permissions) GetCapabilities() NestedCapabilities {
	var caps []string
	switch a {
	case AccountPermissions:
		caps = SmartAccountCapabilities()
	case VaultPermissions:
		caps = VaultCapabilities()
	}
	return NewNestedCapabilities(caps...)
}

// Equals returns true if the given AttenuationPreset is equal to the receiver
func (a Permissions) Equals(b Permissions) bool {
	return a == b
}

// String returns the string representation of the AttenuationPreset
func (a Permissions) String() string {
	return string(a)
}

// GetConstructor returns the AttenuationConstructorFunc for a Permission
func (a Permissions) GetConstructor() AttenuationConstructorFunc {
	return NewAttenuationFromPreset(a)
}

// NewAttenuationFromPreset creates an AttenuationConstructorFunc for the given preset
func NewAttenuationFromPreset(preset Permissions) AttenuationConstructorFunc {
	return func(v map[string]interface{}) (Attenuation, error) {
		// Extract capability and resource from map
		capStr, ok := v["cap"].(string)
		if !ok {
			return EmptyAttenuation, fmt.Errorf("missing or invalid capability in attenuation data")
		}

		resType, ok := v["type"].(string)
		if !ok {
			return EmptyAttenuation, fmt.Errorf("missing or invalid resource type in attenuation data")
		}

		path, ok := v["path"].(string)
		if !ok {
			path = "/" // Default path if not specified
		}

		// Create capability from preset
		cap := preset.NewCap(capability.Capability(capStr))
		if cap == nil {
			return EmptyAttenuation, fmt.Errorf("invalid capability %s for preset %s", capStr, preset)
		}

		// Create resource
		resource := NewResource(resourcetype.ResourceType(resType), path)

		return Attenuation{
			Cap: cap,
			Rsc: resource,
		}, nil
	}
}

// GetPresetConstructor returns the appropriate AttenuationConstructorFunc for a given type
func GetPresetConstructor(attType string) (AttenuationConstructorFunc, error) {
	preset := Permissions(attType)
	switch preset {
	case AccountPermissions, ServicePermissions, VaultPermissions:
		return NewAttenuationFromPreset(preset), nil
	default:
		return nil, fmt.Errorf("unknown attenuation preset: %s", attType)
	}
}

// ParseAttenuationData parses raw attenuation data into a structured format
func ParseAttenuationData(data map[string]interface{}) (Permissions, map[string]interface{}, error) {
	typeRaw, ok := data["preset"]
	if !ok {
		return "", nil, fmt.Errorf("missing preset type in attenuation data")
	}

	presetType, ok := typeRaw.(string)
	if !ok {
		return "", nil, fmt.Errorf("invalid preset type format")
	}

	return Permissions(presetType), data, nil
}
feature/1115 execute ucan token (#1177) - deps: remove tigerbeetle-go dependency - refactor: remove unused landing page components and models - feat: add pin and publish vault handlers - refactor: move payment and credential services to webui browser package - refactor: remove unused credentials management components - feat: add landing page components and middleware for credentials and payments - refactor: remove unused imports in vault config - refactor: remove unused bank, DID, and DWN gRPC clients - refactor: rename client files and improve code structure - feat: add session middleware helpers and landing page components - feat: add user profile registration flow - feat: Implement WebAuthn registration flow - feat: add error view for users without WebAuthn devices - chore: update htmx to include extensions - refactor: rename pin handler to claim handler and update routes - chore: update import paths after moving UI components and styles - fix: address potential server errors by handling and logging them properly - refactor: move vault config to gateway package and update related dependencies - style: simplify form styling and remove unnecessary components - feat: improve UI design for registration flow - feat: implement passkey-based authentication - refactor: migrate registration forms to use reusable form components - refactor: remove tailwindcss setup and use CDN instead - style: update submit button style to use outline variant - refactor: refactor server and IPFS client, remove MPC encryption - refactor: Abstract keyshare functionality and improve message encoding - refactor: improve keyset JSON marshaling and error handling - feat: add support for digital signatures using MPC keys - fix: Refactor MarshalJSON to use standard json.Marshal for Message serialization - fix: Encode messages before storing in keyshare structs - style: update form input styles for improved user experience - refactor: improve code structure in registration handlers - refactor: consolidate signer middleware and IPFS interaction - refactor: rename MPC signing and refresh protocol functions - refactor: update hway configuration loading mechanism - feat: integrate database support for sessions and users - refactor: remove devnet infrastructure and simplify build process - docs(guides): add Sonr DID module guide - feat: integrate progress bar into registration form - refactor: migrate WebAuthn dependencies to protocol package - feat: enhance user registration with passkey integration and improved form styling - refactor: move gateway view handlers to internal pages package - refactor: Move address package to MPC module - feat: integrate turnstile for registration - style: remove unnecessary size attribute from buttons - refactor: rename cookie package to session/cookie - refactor: remove unnecessary types.Session dependency - refactor: rename pkg/core to pkg/chain - refactor: simplify deployment process by removing testnet-specific Taskfile and devbox configuration - feat: add error redirect functionality and improve routes - feat: implement custom error handling for gateway - chore: update version number to 0.0.7 in template - feat: add IPFS client implementation - feat: Implement full IPFS client interface with comprehensive methods - refactor: improve IPFS client path handling - refactor: Move UCAN middleware to controller package - feat: add UCAN middleware to motr - refactor: update libp2p dependency - docs: add UCAN specification document - refactor: move UCAN controller logic to common package - refactor: rename exports.go to common.go - feat: add UCAN token support - refactor: migrate UCAN token parsing to dedicated package - refactor: improve CometBFT and app config initialization - refactor: improve deployment scripts and documentation - feat: integrate IPFS and producer middleware - refactor: rename agent directory to aider - fix: correct libp2p import path - refactor: remove redundant dependency - cleanup: remove unnecessary test files - refactor: move attention types to crypto/ucan package - feat: expand capabilities and resource types for UCANs - refactor: rename sonr.go to codec.go and update related imports - feat: add IPFS-based token store - feat: Implement IPFS-based token store with caching and UCAN integration - feat: Add dynamic attenuation constructor for UCAN presets - fix: Handle missing or invalid attenuation data with EmptyAttenuation - fix: Update UCAN attenuation tests with correct capability types - feat: integrate UCAN-based authorization into the producer middleware - refactor: remove unused dependency on go-ucan - refactor: Move address handling logic to DID module - feat: Add support for compressed and uncompressed Secp256k1 public keys in didkey - test: Add test for generating DID key from MPC keyshares - feat: Add methods for extracting compressed and uncompressed public keys in share types - feat: Add BaseKeyshare struct with public key conversion methods - refactor: Use compressed and uncompressed public keys in keyshare, fix public key usage in tests and verification - feat: add support for key generation policy type - fix: correct typo in VaultPermissions constant - refactor: move JWT related code to ucan package - refactor: move UCAN JWT and source code to spec package 2024-12-05 20:36:58 -05:00			`package ucan`

			`import (`
			`"fmt"`

			`"github.com/onsonr/sonr/crypto/ucan/attns/capability"`
			`"github.com/onsonr/sonr/crypto/ucan/attns/policytype"`
			`"github.com/onsonr/sonr/crypto/ucan/attns/resourcetype"`
			`)`

			`var EmptyAttenuation = Attenuation{`
			`Cap: Capability(nil),`
			`Rsc: Resource(nil),`
			`}`

			`const (`
			`// Owner`
			`CapOwner = capability.CAPOWNER`
			`CapOperator = capability.CAPOPERATOR`
			`CapObserver = capability.CAPOBSERVER`

			`// Auth`
			`CapAuthenticate = capability.CAPAUTHENTICATE`
			`CapAuthorize = capability.CAPAUTHORIZE`
			`CapDelegate = capability.CAPDELEGATE`
			`CapInvoke = capability.CAPINVOKE`
			`CapExecute = capability.CAPEXECUTE`
			`CapPropose = capability.CAPPROPOSE`
			`CapSign = capability.CAPSIGN`
			`CapSetPolicy = capability.CAPSETPOLICY`
			`CapSetThreshold = capability.CAPSETTHRESHOLD`
			`CapRecover = capability.CAPRECOVER`
			`CapSocial = capability.CAPSOCIAL`
			`CapResolver = capability.CAPRESOLVER`
			`CapProducer = capability.CAPPRODUCER`

			`// Resources`
			`ResAccount = resourcetype.RESACCOUNT`
			`ResTransaction = resourcetype.RESTRANSACTION`
			`ResPolicy = resourcetype.RESPOLICY`
			`ResRecovery = resourcetype.RESRECOVERY`
			`ResVault = resourcetype.RESVAULT`
			`ResIPFS = resourcetype.RESIPFS`
			`ResIPNS = resourcetype.RESIPNS`
			`ResKeyShare = resourcetype.RESKEYSHARE`

			`// PolicyTypes`
			`PolicyThreshold = policytype.POLICYTHRESHOLD`
			`PolicyTimelock = policytype.POLICYTIMELOCK`
			`PolicyWhitelist = policytype.POLICYWHITELIST`
			`PolicyKeyShare = policytype.POLICYKEYGEN`
			`)`

			`// NewVaultResource creates a new resource identifier`
			`func NewResource(resType resourcetype.ResourceType, path string) Resource {`
			`return NewStringLengthResource(string(resType), path)`
			`}`

			`// Permissions represents the type of attenuation`
			`type Permissions string`

			`const (`
			`// AccountPermissions represents the smart account attenuation`
			`AccountPermissions = Permissions("account")`

			`// ServicePermissions represents the service attenuation`
			`ServicePermissions = Permissions("service")`

			`// VaultPermissions represents the vault attenuation`
			`VaultPermissions = Permissions("vault")`
			`)`

			`// Cap returns the capability for the given AttenuationPreset`
			`func (a Permissions) NewCap(c capability.Capability) Capability {`
			`return a.GetCapabilities().Cap(c.String())`
			`}`

			`// NestedCapabilities returns the nested capabilities for the given AttenuationPreset`
			`func (a Permissions) GetCapabilities() NestedCapabilities {`
			`var caps []string`
			`switch a {`
			`case AccountPermissions:`
			`caps = SmartAccountCapabilities()`
			`case VaultPermissions:`
			`caps = VaultCapabilities()`
			`}`
			`return NewNestedCapabilities(caps...)`
			`}`

			`// Equals returns true if the given AttenuationPreset is equal to the receiver`
			`func (a Permissions) Equals(b Permissions) bool {`
			`return a == b`
			`}`

			`// String returns the string representation of the AttenuationPreset`
			`func (a Permissions) String() string {`
			`return string(a)`
			`}`

			`// GetConstructor returns the AttenuationConstructorFunc for a Permission`
			`func (a Permissions) GetConstructor() AttenuationConstructorFunc {`
			`return NewAttenuationFromPreset(a)`
			`}`

			`// NewAttenuationFromPreset creates an AttenuationConstructorFunc for the given preset`
			`func NewAttenuationFromPreset(preset Permissions) AttenuationConstructorFunc {`
			`return func(v map[string]interface{}) (Attenuation, error) {`
			`// Extract capability and resource from map`
			`capStr, ok := v["cap"].(string)`
			`if !ok {`
			`return EmptyAttenuation, fmt.Errorf("missing or invalid capability in attenuation data")`
			`}`

			`resType, ok := v["type"].(string)`
			`if !ok {`
			`return EmptyAttenuation, fmt.Errorf("missing or invalid resource type in attenuation data")`
			`}`

			`path, ok := v["path"].(string)`
			`if !ok {`
			`path = "/" // Default path if not specified`
			`}`

			`// Create capability from preset`
			`cap := preset.NewCap(capability.Capability(capStr))`
			`if cap == nil {`
			`return EmptyAttenuation, fmt.Errorf("invalid capability %s for preset %s", capStr, preset)`
			`}`

			`// Create resource`
			`resource := NewResource(resourcetype.ResourceType(resType), path)`

			`return Attenuation{`
			`Cap: cap,`
			`Rsc: resource,`
			`}, nil`
			`}`
			`}`

			`// GetPresetConstructor returns the appropriate AttenuationConstructorFunc for a given type`
			`func GetPresetConstructor(attType string) (AttenuationConstructorFunc, error) {`
			`preset := Permissions(attType)`
			`switch preset {`
			`case AccountPermissions, ServicePermissions, VaultPermissions:`
			`return NewAttenuationFromPreset(preset), nil`
			`default:`
			`return nil, fmt.Errorf("unknown attenuation preset: %s", attType)`
			`}`
			`}`

			`// ParseAttenuationData parses raw attenuation data into a structured format`
			`func ParseAttenuationData(data map[string]interface{}) (Permissions, map[string]interface{}, error) {`
			`typeRaw, ok := data["preset"]`
			`if !ok {`
			`return "", nil, fmt.Errorf("missing preset type in attenuation data")`
			`}`

			`presetType, ok := typeRaw.(string)`
			`if !ok {`
			`return "", nil, fmt.Errorf("invalid preset type format")`
			`}`

			`return Permissions(presetType), data, nil`
			`}`