Merge branch 'main' into flothjl/action-rule-validation

* main:
  #439 - Return `authorization` in queries and reads (#523)
  #439 - Turned `authorization` property from a JWS into a container object (#518)
  npm audit fix get-func-name (#521)

README.md

@@ -48,7 +48,7 @@ Here's to a thrilling Hacktoberfest voyage with us! 🎉
 # Decentralized Web Node (DWN) SDK <!-- omit in toc -->
 
 Code Coverage
-![Statements](https://img.shields.io/badge/statements-97.78%25-brightgreen.svg?style=flat) ![Branches](https://img.shields.io/badge/branches-95.06%25-brightgreen.svg?style=flat) ![Functions](https://img.shields.io/badge/functions-94.28%25-brightgreen.svg?style=flat) ![Lines](https://img.shields.io/badge/lines-97.78%25-brightgreen.svg?style=flat)
+![Statements](https://img.shields.io/badge/statements-97.78%25-brightgreen.svg?style=flat) ![Branches](https://img.shields.io/badge/branches-95.05%25-brightgreen.svg?style=flat) ![Functions](https://img.shields.io/badge/functions-94.26%25-brightgreen.svg?style=flat) ![Lines](https://img.shields.io/badge/lines-97.78%25-brightgreen.svg?style=flat)
 
 - [Introduction](#introduction)
 - [Installation](#installation)

build/compile-validators.js

@@ -17,6 +17,7 @@ import Ajv from 'ajv';
 import mkdirp from 'mkdirp';
 import standaloneCode from 'ajv/dist/standalone/index.js';
 
+import Authorization from '../json-schemas/authorization.json' assert { type: 'json' };
 import BaseAuthorizationPayload from '../json-schemas/authorization-payloads/base-authorization-payload.json' assert { type: 'json' };
 import Definitions from '../json-schemas/definitions.json' assert { type: 'json' };
 import EventsGet from '../json-schemas/events/events-get.json' assert { type: 'json' };
@@ -40,11 +41,12 @@ import RecordsFilter from '../json-schemas/interface-methods/records-filter.json
 import RecordsQuery from '../json-schemas/interface-methods/records-query.json' assert { type: 'json' };
 import RecordsRead from '../json-schemas/interface-methods/records-read.json' assert { type: 'json' };
 import RecordsWrite from '../json-schemas/interface-methods/records-write.json' assert { type: 'json' };
-import RecordsWriteAuthorizationPayload from '../json-schemas/authorization-payloads/records-write-authorization-payload.json' assert { type: 'json' };
+import RecordsWriteAuthorSignaturePayload from '../json-schemas/authorization-payloads/records-write-authorization-payload.json' assert { type: 'json' };
 import RecordsWriteUnidentified from '../json-schemas/interface-methods/records-write-unidentified.json' assert { type: 'json' };
 import SnapshotsCreate from '../json-schemas/interface-methods/snapshots-create.json' assert { type: 'json' };
 
 const schemas = {
+  Authorization,
   RecordsDelete,
   RecordsQuery,
   RecordsWrite,
@@ -70,7 +72,7 @@ const schemas = {
   PublicJwk,
   SnapshotsCreate,
   BaseAuthorizationPayload,
-  RecordsWriteAuthorizationPayload
+  RecordsWriteAuthorSignaturePayload
 };
 
 const ajv = new Ajv({ code: { source: true, esm: true } });

json-schemas/authorization.json

@@ -0,0 +1,11 @@
+{
+  "$id": "https://identity.foundation/dwn/json-schemas/authorization.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "type": "object",
+  "additionalProperties": false,
+  "properties": {
+    "author": {
+      "$ref": "https://identity.foundation/dwn/json-schemas/general-jws.json"
+    }
+  }
+}

json-schemas/events/events-get.json

@@ -9,7 +9,7 @@
   ],
   "properties": {
     "authorization": {
-      "$ref": "https://identity.foundation/dwn/json-schemas/general-jws.json"
+      "$ref": "https://identity.foundation/dwn/json-schemas/authorization.json"
     },
     "descriptor": {
       "type": "object",

json-schemas/hooks/hooks-write.json

@@ -9,7 +9,7 @@
   ],
   "properties": {
     "authorization": {
-      "$ref": "https://identity.foundation/dwn/json-schemas/general-jws.json"
+      "$ref": "https://identity.foundation/dwn/json-schemas/authorization.json"
     },
     "descriptor": {
       "type": "object",

json-schemas/interface-methods/messages-get.json

@@ -9,7 +9,7 @@
   ],
   "properties": {
     "authorization": {
-      "$ref": "https://identity.foundation/dwn/json-schemas/general-jws.json"
+      "$ref": "https://identity.foundation/dwn/json-schemas/authorization.json"
     },
     "descriptor": {
       "type": "object",

json-schemas/interface-methods/permissions-grant.json

@@ -9,7 +9,7 @@
   "additionalProperties": false,
   "properties": {
     "authorization": {
-      "$ref": "https://identity.foundation/dwn/json-schemas/general-jws.json"
+      "$ref": "https://identity.foundation/dwn/json-schemas/authorization.json"
     },
     "delegationChain": {
       "description": "the parent grant",
@@ -71,4 +71,4 @@
       }
     }
   }
-}
+}

json-schemas/interface-methods/permissions-request.json

@@ -9,7 +9,7 @@
   ],
   "properties": {
     "authorization": {
-      "$ref": "https://identity.foundation/dwn/json-schemas/general-jws.json"
+      "$ref": "https://identity.foundation/dwn/json-schemas/authorization.json"
     },
     "descriptor": {
       "type": "object",

json-schemas/interface-methods/permissions-revoke.json

@@ -9,7 +9,7 @@
   "additionalProperties": false,
   "properties": {
     "authorization": {
-      "$ref": "https://identity.foundation/dwn/json-schemas/general-jws.json"
+      "$ref": "https://identity.foundation/dwn/json-schemas/authorization.json"
     },
     "descriptor": {
       "type": "object",

json-schemas/interface-methods/protocols-configure.json

@@ -9,7 +9,7 @@
   ],
   "properties": {
     "authorization": {
-      "$ref": "https://identity.foundation/dwn/json-schemas/general-jws.json"
+      "$ref": "https://identity.foundation/dwn/json-schemas/authorization.json"
     },
     "descriptor": {
       "type": "object",

json-schemas/interface-methods/protocols-query.json

@@ -8,7 +8,7 @@
   ],
   "properties": {
     "authorization": {
-      "$ref": "https://identity.foundation/dwn/json-schemas/general-jws.json"
+      "$ref": "https://identity.foundation/dwn/json-schemas/authorization.json"
     },
     "descriptor": {
       "type": "object",

json-schemas/interface-methods/records-delete.json

@@ -9,7 +9,7 @@
   ],
   "properties": {
     "authorization": {
-      "$ref": "https://identity.foundation/dwn/json-schemas/general-jws.json"
+      "$ref": "https://identity.foundation/dwn/json-schemas/authorization.json"
     },
     "descriptor": {
       "type": "object",

json-schemas/interface-methods/records-query.json

@@ -8,7 +8,7 @@
   ],
   "properties": {
     "authorization": {
-      "$ref": "https://identity.foundation/dwn/json-schemas/general-jws.json"
+      "$ref": "https://identity.foundation/dwn/json-schemas/authorization.json"
     },
     "descriptor": {
       "type": "object",
@@ -44,7 +44,7 @@
           "properties": {
             "limit": {
               "type": "number",
-              "minimum": 1 
+              "minimum": 1
             },
             "messageCid": {
               "type": "string"
@@ -63,4 +63,4 @@
       }
     }
   }
-}
+}

json-schemas/interface-methods/records-read.json

@@ -8,7 +8,7 @@
   ],
   "properties": {
     "authorization": {
-      "$ref": "https://identity.foundation/dwn/json-schemas/general-jws.json"
+      "$ref": "https://identity.foundation/dwn/json-schemas/authorization.json"
     },
     "descriptor": {
       "type": "object",

json-schemas/interface-methods/records-write-unidentified.json

@@ -17,7 +17,7 @@
       "$ref": "https://identity.foundation/dwn/json-schemas/general-jws.json"
     },
     "authorization": {
-      "$ref": "https://identity.foundation/dwn/json-schemas/general-jws.json"
+      "$ref": "https://identity.foundation/dwn/json-schemas/authorization.json"
     },
     "encryption": {
       "type": "object",
@@ -268,4 +268,4 @@
       ]
     }
   ]
-}
+}

json-schemas/interface-methods/snapshots-create.json

@@ -9,7 +9,7 @@
   ],
   "properties": {
     "authorization": {
-      "$ref": "https://identity.foundation/dwn/json-schemas/general-jws.json"
+      "$ref": "https://identity.foundation/dwn/json-schemas/authorization.json"
     },
     "descriptor": {
       "type": "object",

src/core/auth.ts

@@ -1,8 +1,7 @@
 import type { CID } from 'multiformats';
 import type { DidResolver } from '../did/did-resolver.js';
-import type { GeneralJws } from '../types/jws-types.js';
-import type { GenericMessage } from '../types/message-types.js';
 import type { Message } from './message.js';
+import type { AuthorizationModel, GenericMessage } from '../types/message-types.js';
 
 import { Cid } from '../utils/cid.js';
 import { GeneralJwsVerifier } from '../jose/jws/general/verifier.js';
@@ -38,12 +37,12 @@ export async function validateAuthorizationIntegrity(
     throw new DwnError(DwnErrorCode.AuthorizationMissing, 'Property `authorization` is missing.');
   }
 
-  if (message.authorization.signatures.length !== 1) {
+  if (message.authorization.author.signatures.length !== 1) {
     throw new Error('expected no more than 1 signature for authorization');
   }
 
   // validate payload integrity
-  const payloadJson = Jws.decodePlainObjectPayload(message.authorization);
+  const payloadJson = Jws.decodePlainObjectPayload(message.authorization.author);
 
   validateJsonSchema(jsonSchemaKey, payloadJson);
 
@@ -62,12 +61,12 @@ export async function validateAuthorizationIntegrity(
  * Validates the signature(s) of the given JWS.
  * @throws {Error} if fails authentication
  */
-export async function authenticate(jws: GeneralJws | undefined, didResolver: DidResolver): Promise<void> {
-  if (jws === undefined) {
+export async function authenticate(authorizationModel: AuthorizationModel | undefined, didResolver: DidResolver): Promise<void> {
+  if (authorizationModel === undefined) {
     throw new DwnError(DwnErrorCode.AuthenticateJwsMissing, 'Missing JWS.');
   }
 
-  const verifier = new GeneralJwsVerifier(jws);
+  const verifier = new GeneralJwsVerifier(authorizationModel.author);
   await verifier.verify(didResolver);
 }
 

src/core/message.ts

@@ -1,6 +1,5 @@
-import type { GeneralJws } from '../types/jws-types.js';
 import type { Signer } from '../types/signer.js';
-import type { BaseAuthorizationPayload, Descriptor, GenericMessage } from '../types/message-types.js';
+import type { AuthorizationModel, BaseAuthorizationPayload, Descriptor, GenericMessage } from '../types/message-types.js';
 
 import { Cid } from '../utils/cid.js';
 import { GeneralJwsBuilder } from '../jose/jws/general/builder.js';
@@ -41,7 +40,7 @@ export abstract class Message<M extends GenericMessage> {
     this.message = message;
 
     if (message.authorization !== undefined) {
-      this.authorizationPayload = Jws.decodePlainObjectPayload(message.authorization);
+      this.authorizationPayload = Jws.decodePlainObjectPayload(message.authorization.author);
       this.author = Message.getAuthor(message as GenericMessage);
     }
   }
@@ -74,7 +73,7 @@ export abstract class Message<M extends GenericMessage> {
       return undefined;
     }
 
-    const author = Jws.getSignerDid(message.authorization.signatures[0]);
+    const author = Jws.getSignerDid(message.authorization.author.signatures[0]);
     return author;
   }
 
@@ -132,25 +131,27 @@ export abstract class Message<M extends GenericMessage> {
   }
 
   /**
-   * Signs over the CID of provided `descriptor`. The output is used as an `authorization` property.
-   * @param signatureInput - the signature material to use (e.g. key and header data)
+   * Creates the `authorization` as the author to be used in a DWN message.
+   * @param signer Signer as the author
    * @returns General JWS signature used as an `authorization` property.
    */
-  public static async signAsAuthorization(
+  public static async signAuthorizationAsAuthor(
     descriptor: Descriptor,
-    signatureInput: Signer,
+    signer: Signer,
     additionalPayloadProperties?: { permissionsGrantId?: string, protocolRole?: string }
-  ): Promise<GeneralJws> {
+  ): Promise<AuthorizationModel> {
     const descriptorCid = await Cid.computeCid(descriptor);
 
     const authPayload: BaseAuthorizationPayload = { descriptorCid, ...additionalPayloadProperties };
     removeUndefinedProperties(authPayload);
     const authPayloadStr = JSON.stringify(authPayload);
     const authPayloadBytes = new TextEncoder().encode(authPayloadStr);
 
-    const builder = await GeneralJwsBuilder.create(authPayloadBytes, [signatureInput]);
+    const builder = await GeneralJwsBuilder.create(authPayloadBytes, [signer]);
+    const authorJws = builder.getJws();
 
-    return builder.getJws();
+    const authorization = { author: authorJws };
+    return authorization;
   }
 
   /**

src/handlers/records-query.ts

@@ -2,7 +2,7 @@ import type { MethodHandler } from '../types/method-handler.js';
 import type { RecordsWriteMessageWithOptionalEncodedData } from '../store/storage-controller.js';
 import type { DataStore, DidResolver, MessageStore } from '../index.js';
 import type { Filter, GenericMessage, MessageSort } from '../types/message-types.js';
-import type { RecordsQueryMessage, RecordsQueryReply, RecordsQueryReplyEntry } from '../types/records-types.js';
+import type { RecordsQueryMessage, RecordsQueryReply } from '../types/records-types.js';
 
 import { authenticate } from '../core/auth.js';
 import { messageReplyFromError } from '../core/message-reply.js';
@@ -53,28 +53,13 @@ export class RecordsQueryHandler implements MethodHandler {
       }
     }
 
-    const entries = RecordsQueryHandler.removeAuthorization(recordsWrites);
-
     return {
-      status: { code: 200, detail: 'OK' },
-      entries,
+      status  : { code: 200, detail: 'OK' },
+      entries : recordsWrites,
       paginationMessageCid
     };
   }
 
-  /**
-   * Removes `authorization` property from each and every `RecordsWrite` message given and returns the result as a different array.
-   */
-  private static removeAuthorization(recordsWriteMessages: RecordsWriteMessageWithOptionalEncodedData[]): RecordsQueryReplyEntry[] {
-    const recordsQueryReplyEntries: RecordsQueryReplyEntry[] = [];
-    for (const record of recordsWriteMessages) {
-      const { authorization: _, ...objectWithRemainingProperties } = record; // a trick to stripping away `authorization`
-      recordsQueryReplyEntries.push(objectWithRemainingProperties);
-    }
-
-    return recordsQueryReplyEntries;
-  }
-
   /**
    * Convert an incoming DateSort to a sort type accepted by MessageStore
    * Defaults to 'dateCreated' in Descending order if no sort is supplied.

src/handlers/records-read.ts

@@ -79,11 +79,10 @@ export class RecordsReadHandler implements MethodHandler {
       data = result.dataStream;
     }
 
-    const { authorization: _, ...recordsWriteWithoutAuthorization } = newestRecordsWrite; // a trick to stripping away `authorization`
-    const messageReply: RecordsReadReply ={
+    const messageReply: RecordsReadReply = {
       status : { code: 200, detail: 'OK' },
       record : {
-        ...recordsWriteWithoutAuthorization,
+        ...newestRecordsWrite,
         data,
       }
     };

src/interfaces/events-get.ts

@@ -31,7 +31,7 @@ export class EventsGet extends Message<EventsGetMessage> {
       descriptor.watermark = options.watermark;
     }
 
-    const authorization = await Message.signAsAuthorization(descriptor, options.authorizationSigner);
+    const authorization = await Message.signAuthorizationAsAuthor(descriptor, options.authorizationSigner);
     const message = { descriptor, authorization };
 
     Message.validateJsonSchema(message);

src/interfaces/hooks-write.ts

@@ -43,7 +43,7 @@ export class HooksWrite extends Message<HooksWriteMessage> {
     // Error: `undefined` is not supported by the IPLD Data Model and cannot be encoded
     removeUndefinedProperties(descriptor);
 
-    const authorization = await Message.signAsAuthorization(descriptor, options.authorizationSigner);
+    const authorization = await Message.signAuthorizationAsAuthor(descriptor, options.authorizationSigner);
     const message = { descriptor, authorization };
 
     Message.validateJsonSchema(message);

src/interfaces/messages-get.ts

@@ -30,7 +30,7 @@ export class MessagesGet extends Message<MessagesGetMessage> {
       messageTimestamp : options?.messageTimestamp ?? getCurrentTimeInHighPrecision(),
     };
 
-    const authorization = await Message.signAsAuthorization(descriptor, options.authorizationSigner);
+    const authorization = await Message.signAuthorizationAsAuthor(descriptor, options.authorizationSigner);
     const message = { descriptor, authorization };
 
     Message.validateJsonSchema(message);

src/interfaces/permissions-grant.ts

@@ -60,7 +60,7 @@ export class PermissionsGrant extends Message<PermissionsGrantMessage> {
     // Error: `undefined` is not supported by the IPLD Data Model and cannot be encoded
     removeUndefinedProperties(descriptor);
 
-    const authorization = await Message.signAsAuthorization(descriptor, options.authorizationSigner);
+    const authorization = await Message.signAuthorizationAsAuthor(descriptor, options.authorizationSigner);
     const message: PermissionsGrantMessage = { descriptor, authorization };
 
     Message.validateJsonSchema(message);