SturdyRef gatekeeper
This commit is contained in:
parent
1c7e68f461
commit
26582f2799
|
@ -340,7 +340,10 @@ export interface RelayActorOptions extends RelayOptions {
|
||||||
nextLocalOid?: Oid;
|
nextLocalOid?: Oid;
|
||||||
}
|
}
|
||||||
|
|
||||||
export function spawnRelay(t: Turn, options: RelayActorOptions): Promise<Ref | null> {
|
export function spawnRelay(t: Turn, options: RelayActorOptions & {initialOid: Oid}): Promise<Ref>;
|
||||||
|
export function spawnRelay(t: Turn, options: Omit<RelayActorOptions, 'initialOid'>): Promise<null>;
|
||||||
|
export function spawnRelay(t: Turn, options: RelayActorOptions): Promise<Ref | null>
|
||||||
|
{
|
||||||
return new Promise(resolve => {
|
return new Promise(resolve => {
|
||||||
t.spawn(t => {
|
t.spawn(t => {
|
||||||
const relay = new Relay(t, options);
|
const relay = new Relay(t, options);
|
||||||
|
|
|
@ -1,9 +1,13 @@
|
||||||
import { Actor, Ref, Turn } from "./actor.js";
|
import { Actor, Assertion, Ref, Turn } from "./actor.js";
|
||||||
import { Relay, spawnRelay } from "./relay.js";
|
import { Relay, spawnRelay } from "./relay.js";
|
||||||
|
import { sturdyDecode } from "./sturdy.js";
|
||||||
|
import { Observe } from "./dataspace.js";
|
||||||
|
|
||||||
import * as net from 'net';
|
import * as net from 'net';
|
||||||
|
import { Bytes } from "preserves";
|
||||||
|
|
||||||
const [ moduleName ] = process.argv.slice(2);
|
const [ moduleName, hexCap ] = process.argv.slice(2);
|
||||||
|
const cap = sturdyDecode(Bytes.fromHex(hexCap ?? ''));
|
||||||
|
|
||||||
const socket = net.createConnection({ port: 5999, host: 'localhost' }, () => {
|
const socket = net.createConnection({ port: 5999, host: 'localhost' }, () => {
|
||||||
Turn.for(new Actor(), t => {
|
Turn.for(new Actor(), t => {
|
||||||
|
@ -23,9 +27,13 @@ const socket = net.createConnection({ port: 5999, host: 'localhost' }, () => {
|
||||||
},
|
},
|
||||||
initialOid: 0,
|
initialOid: 0,
|
||||||
// debug: true,
|
// debug: true,
|
||||||
}).then(ds => import(moduleName).then(m => t.freshen(t => {
|
}).then(gatekeeper => import(moduleName).then(m => t.freshen(t => {
|
||||||
t.assert(shutdownRef, true);
|
t.assert(shutdownRef, true);
|
||||||
m.default(t, ds);
|
t.assert(gatekeeper, Observe(cap as Assertion, t.ref({
|
||||||
|
assert(t, ds) {
|
||||||
|
m.default(t, ds);
|
||||||
|
}
|
||||||
|
})));
|
||||||
})));
|
})));
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
|
@ -1,8 +1,28 @@
|
||||||
import { Actor, Turn } from './actor.js';
|
import { Actor, Handle, Turn } from './actor.js';
|
||||||
import { Dataspace } from './dataspace.js';
|
import { Dataspace, Observe } from './dataspace.js';
|
||||||
import { Relay, spawnRelay } from './relay.js';
|
import { Relay, spawnRelay } from './relay.js';
|
||||||
import * as net from 'net';
|
import * as net from 'net';
|
||||||
|
|
||||||
|
import { Caveat, mint, Or, Rewrite, sturdyEncode, SturdyRef, validate, _Or, _Rewrite } from './sturdy.js';
|
||||||
|
import { KEY_LENGTH } from './cryptography.js';
|
||||||
|
import { attenuate, Attenuation } from './rewrite.js';
|
||||||
|
import { Bytes, IdentityMap } from 'preserves';
|
||||||
|
|
||||||
|
const secretKey = new Bytes(KEY_LENGTH);
|
||||||
|
mint('syndicate', secretKey).then(v => {
|
||||||
|
console.log(v.asPreservesText());
|
||||||
|
console.log(sturdyEncode(v).toHex());
|
||||||
|
});
|
||||||
|
|
||||||
|
function internalize(caveatChain: Caveat[][]): Attenuation {
|
||||||
|
const a: Attenuation = [];
|
||||||
|
caveatChain.slice().reverse().forEach(cs => a.push(... cs.map(c => {
|
||||||
|
const alts = c.label === _Rewrite ? [c] : Or<Rewrite>()._.alternatives(c);
|
||||||
|
return alts.map(r => ({ pattern: Rewrite._.pattern(r), template: Rewrite._.template(r) }));
|
||||||
|
})));
|
||||||
|
return a;
|
||||||
|
}
|
||||||
|
|
||||||
Turn.for(new Actor(), t => {
|
Turn.for(new Actor(), t => {
|
||||||
const ds = t.ref(new Dataspace());
|
const ds = t.ref(new Dataspace());
|
||||||
|
|
||||||
|
@ -18,7 +38,28 @@ Turn.for(new Actor(), t => {
|
||||||
socket.on('data', data => r.accept(data));
|
socket.on('data', data => r.accept(data));
|
||||||
t.actor.atExit(() => socket.destroy());
|
t.actor.atExit(() => socket.destroy());
|
||||||
},
|
},
|
||||||
initialRef: ds,
|
initialRef: t.ref({
|
||||||
|
handleMap: new IdentityMap<Handle, Handle>(),
|
||||||
|
async assert(t, a, h) {
|
||||||
|
if (!Observe.isClassOf(a)) return;
|
||||||
|
const r = Observe._.label(a);
|
||||||
|
if (!SturdyRef.isClassOf(r)) return;
|
||||||
|
if (!await validate(r, secretKey)) {
|
||||||
|
console.warn(`Invalid SturdyRef: ${r.asPreservesText()}`);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
const attenuated_ds = attenuate(
|
||||||
|
ds,
|
||||||
|
... internalize(SturdyRef._.caveatChain(r)));
|
||||||
|
t.freshen(t => this.handleMap.set(
|
||||||
|
h,
|
||||||
|
t.assert(Observe._.observer(a), attenuated_ds)));
|
||||||
|
},
|
||||||
|
retract(t, h) {
|
||||||
|
t.retract(this.handleMap.get(h));
|
||||||
|
this.handleMap.delete(h);
|
||||||
|
}
|
||||||
|
}),
|
||||||
// debug: true,
|
// debug: true,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,10 +7,10 @@
|
||||||
// California: Internet Society, 2014.
|
// California: Internet Society, 2014.
|
||||||
|
|
||||||
import { mac } from './cryptography.js';
|
import { mac } from './cryptography.js';
|
||||||
import { Bytes, encode, is, Record, Value } from 'preserves';
|
import { Bytes, decode, encode, is, Record, Value } from 'preserves';
|
||||||
import type { Pattern, Template } from './rewrite.js';
|
import type { Pattern, Template } from './rewrite.js';
|
||||||
|
|
||||||
export type EmbeddedRef = { ref: SturdyRef };
|
export type EmbeddedRef = never;
|
||||||
export type SturdyValue = Value<EmbeddedRef>;
|
export type SturdyValue = Value<EmbeddedRef>;
|
||||||
|
|
||||||
export const _SturdyRef = Symbol.for('sturdyref');
|
export const _SturdyRef = Symbol.for('sturdyref');
|
||||||
|
@ -44,7 +44,14 @@ export function sturdyEncode(v: SturdyValue): Bytes {
|
||||||
return encode<EmbeddedRef>(v, {
|
return encode<EmbeddedRef>(v, {
|
||||||
canonical: true,
|
canonical: true,
|
||||||
includeAnnotations: false,
|
includeAnnotations: false,
|
||||||
encodePointer(v) { return v },
|
encodePointer() { throw new Error("EmbeddedRef not permitted in SturdyRef"); },
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
export function sturdyDecode(bs: Bytes): SturdyValue {
|
||||||
|
return decode<EmbeddedRef>(bs, {
|
||||||
|
includeAnnotations: false,
|
||||||
|
decodePointer() { throw new Error("EmbeddedRef not permitted in SturdyRef"); },
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue