Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authority API and URL & QR code device linking #566

Closed
wants to merge 1 commit into from

Conversation

icidasset
Copy link
Contributor

@icidasset icidasset commented Aug 25, 2023

Allows for authority transfer between multiple clients at the same time.

const volume = await program.account.volume()

// Provider
await program.authority.provide([
  odd.authority.account,
  odd.authority.fileSystem.rootAccess(volume.did)
])

// Requestor
await program.authority.request(
  odd.authority.account
)

await program.authority.request(
  odd.authority.fileSystem.rootAccess(volume.did)
)

Demo

Kapture.2023-09-01.at.17.03.09.mp4

⚠️ There's an issue with the websocket server causing connection issues. When you close the connection and reopen it, the messages aren't received by the other end.

How it works

  1. One or more clients call program.authority.provide() with authorisation queries. Queries are a way to select various UCANs and access keys. Above we have three queries: (1) query for the account capabilities (account component determines what these will be), (2 & 3) query for read & write access to the public & private roots of the file system
  2. You get a URL as the result from .provide(). This URL can be converted into a QR code.
  3. The URL is opened elsewhere.
  4. Whenever program.authority.request() is called, it checks for the query params associated with the authority component implementation. authority[challenge] and authority[publicKey] specifically.
  5. .request() detects the query params, establishes the channel via the channel component, making a websocket connection to the producer.
  6. The second part of the handshake is done, confirming various cryptographic values. Producer tells requestor that everything looks in order.
  7. Requestor sends over their query.
  8. Producer compares the query of the requestor with their own. The received query must be equal of contained by configured provision query (eg. if you share the path private/subdir/, the requestor cannot ask for acces to private/)
  9. Producer looks up the access keys and UCANs, then sends them over the channel encrypted.
  10. Requestor decrypts keys and UCANs.
  11. Authority transfer completed ✅

Additional notes

  • This does not ping the producer until they're online. Because that concept doesn't make sense here seeing that every session will have unique key-pair and thus unique URL/QR-code. If you've opened a link and closed the producer, the session becomes useless. Instead you open the producer again and use the new URL/QR-code.
  • You can provide and request at the same time.

Other changes

  • Adjusted Inventory to also work with access keys.
  • file system authority queries now require a DID parameter.
  • Fixes some file system issues (rs-wnfs has been updated too)
  • Moved all dependencies that are only used by components to peer dependencies (as to separate them from the sdk core)

Test Plan

  1. Register an account
  2. Load a file system (may also be done before registering)
  3. Make a change in the file system
  4. Provide authority (can be done earlier too)
  5. Request authority using the code above
  6. Success! Hopefully 🙈

"blockstore-level": "^1.1.3",
"ipfs-bitswap": "^19.0.0",
"libp2p": "^0.46.6",
"localforage": "^1.10.0"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of these are component dependencies and are not part of the SDK core.

@icidasset icidasset force-pushed the icidasset/authority branch from 7fac852 to c8a3fa0 Compare August 31, 2023 15:35
@icidasset icidasset force-pushed the icidasset/authority branch from c8a3fa0 to 2adb25e Compare August 31, 2023 16:12
@icidasset icidasset marked this pull request as ready for review September 1, 2023 14:46
@icidasset
Copy link
Contributor Author

Superseded by #572

@icidasset icidasset closed this Sep 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant