Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: ucan invocation handler #133

Merged
merged 20 commits into from
Dec 11, 2024
Merged

feat: ucan invocation handler #133

merged 20 commits into from
Dec 11, 2024

Conversation

fforbeck
Copy link
Member

@fforbeck fforbeck commented Dec 3, 2024
edited
Loading

Context

To enable the gateway to serve content from a specific space, the space owner must delegate the space/content/serve/* capability to the Gateway. This delegation ensures the Gateway has the authority to serve the content and log egress events accurately.

This PR introduces a new handler to process POST requests to the server's root path. The handler acts as a UCAN Invocation handler, processing access/delegate invocations and extracting relevant delegation proofs. If a delegation proof is valid, it is stored in Cloudflare KV, allowing other handlers to retrieve and verify the proof to determine whether content should be served and egress logged.

Note: It doesn't cover the token verification.

Main Changes

New Functionality

  • Added withUcanInvocationHandler.js to process access/delegate invocations:
    • Validates delegation proofs.
    • Stores valid proofs in a Cloudflare KV namespace dedicated to content serve delegations.
  • Feature Flag: FF_DELEGATIONS_STORAGE_ENABLED if enabled, the new withDelegationsStorage.js handler will be used to find delegations in KV, and the existing withDelegationsStubs.js will be disabled.

Related Issues

@fforbeck fforbeck changed the title feat: ucan invocation handler feat!: ucan invocation handler Dec 4, 2024
@fforbeck fforbeck force-pushed the feat/delegate-access-handler branch 3 times, most recently from 7a55163 to 3288275 Compare December 4, 2024 14:27
@fforbeck fforbeck force-pushed the feat/delegate-access-handler branch from 535e099 to 11e5f01 Compare December 5, 2024 13:54
@fforbeck fforbeck self-assigned this Dec 5, 2024
@fforbeck fforbeck requested review from alanshaw and Peeja December 5, 2024 13:57
@fforbeck fforbeck marked this pull request as ready for review December 5, 2024 13:57
alanshaw
alanshaw requested changes Dec 5, 2024
View reviewed changes
Copy link
Member

@alanshaw alanshaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: as a follow up you'll need to update reads and w3link to proxy POST /.

docs/ucan-handler.md Outdated Show resolved Hide resolved
docs/ucan-handler.md Outdated Show resolved Hide resolved
src/middleware/withUcanInvocationHandler.js Outdated Show resolved Hide resolved
docs/ucan-handler.md Outdated Show resolved Hide resolved
src/index.js Outdated Show resolved Hide resolved
src/server/utils.js Outdated Show resolved Hide resolved
test/unit/middleware/withAuthorizedSpace.spec.js Outdated Show resolved Hide resolved
src/middleware/withDelegationsStorage.js Outdated Show resolved Hide resolved
src/middleware/withDelegationsStorage.js Outdated Show resolved Hide resolved
src/middleware/withDelegationsStorage.types.ts Outdated Show resolved Hide resolved
@fforbeck fforbeck force-pushed the feat/delegate-access-handler branch from d1a1eec to 006da33 Compare December 5, 2024 16:18
@fforbeck fforbeck requested a review from alanshaw December 5, 2024 22:59
@fforbeck
Copy link
Member Author

fforbeck commented Dec 5, 2024

Note: as a follow up you'll need to update reads and w3link to proxy POST /.

Sounds good! The PR is ready for another review, @alanshaw .

alanshaw
alanshaw requested changes Dec 6, 2024
View reviewed changes
src/middleware/withDelegationsStorage.js Outdated Show resolved Hide resolved
src/middleware/withDelegationsStorage.js Outdated Show resolved Hide resolved
src/server/index.js Outdated Show resolved Hide resolved
@fforbeck fforbeck requested a review from alanshaw December 6, 2024 16:02
Peeja
Peeja previously requested changes Dec 6, 2024
View reviewed changes
src/index.js Show resolved Hide resolved
src/middleware/withAuthorizedSpace.js Outdated Show resolved Hide resolved
src/middleware/withAuthorizedSpace.types.ts Show resolved Hide resolved
src/middleware/withDelegationsStorage.js Outdated Show resolved Hide resolved
src/middleware/withDelegationsStorage.js Outdated Show resolved Hide resolved
src/middleware/withUcanInvocationHandler.js Show resolved Hide resolved
src/server/utils.js Outdated Show resolved Hide resolved
src/server/utils.js Outdated Show resolved Hide resolved
src/server/service.js Outdated Show resolved Hide resolved
src/server/service.js Outdated Show resolved Hide resolved
@fforbeck fforbeck force-pushed the feat/delegate-access-handler branch 2 times, most recently from 25b9df4 to 36a99a0 Compare December 9, 2024 15:24
@fforbeck fforbeck force-pushed the feat/delegate-access-handler branch from 36a99a0 to 38f0047 Compare December 9, 2024 15:37
Peeja
Peeja reviewed Dec 9, 2024
View reviewed changes
src/server/index.js Outdated Show resolved Hide resolved
@fforbeck fforbeck mentioned this pull request Dec 9, 2024
Closed
@fforbeck fforbeck force-pushed the feat/delegate-access-handler branch from 8ecc001 to d67fb4a Compare December 9, 2024 18:21
This was referenced Dec 9, 2024
Closed
Closed
Merged
@fforbeck fforbeck requested a review from Peeja December 10, 2024 14:14
@fforbeck fforbeck dismissed Peeja’s stale review December 10, 2024 14:15

Most of the critical changes were implemented. Waiting for final review.

@fforbeck
Copy link
Member Author

fforbeck commented Dec 10, 2024
edited
Loading

@Peeja, I will merge this without the token validation for now. Implementing the token will require additional work beyond the scope of Phase 1 of the Egress Billing project. For more details, see issue #213.

@fforbeck fforbeck force-pushed the feat/delegate-access-handler branch 2 times, most recently from 046b70e to 7e84090 Compare December 11, 2024 13:41
@fforbeck fforbeck changed the title feat!: ucan invocation handler feat: ucan invocation handler Dec 11, 2024
@fforbeck fforbeck force-pushed the feat/delegate-access-handler branch from 7e84090 to 1b44871 Compare December 11, 2024 13:48
@fforbeck fforbeck force-pushed the feat/delegate-access-handler branch from 1b44871 to b6aa238 Compare December 11, 2024 13:51
@fforbeck fforbeck merged commit b199bfa into main Dec 11, 2024
1 check passed
@fforbeck fforbeck deleted the feat/delegate-access-handler branch December 11, 2024 13:54
@github-actions github-actions bot mentioned this pull request Dec 11, 2024
Merged
Peeja
Peeja reviewed Dec 11, 2024
View reviewed changes
Copy link
Member

@Peeja Peeja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies for being slow to get back on this, it looks great!

fforbeck pushed a commit that referenced this pull request Dec 19, 2024
@github-actions
chore(main): release 2.22.0 (#129)
ea04dae 
🤖 I have created a release *beep* *boop*
---


##
[2.22.0](v2.21.0...v2.22.0)
(2024-12-19)


### Features

* egress client - ucanto integration
([#123](#123))
([22bed68](22bed68))
* enable egress tracking in production env
([#135](#135))
([ad43b62](ad43b62))
* **indexer:** probabilistic feature flag
([#136](#136))
([dca2b35](dca2b35))
* ucan invocation handler
([#133](#133))
([b199bfa](b199bfa))
* Use Indexing Service when feature flag is present
([#132](#132))
([fa3f480](fa3f480))


### Bug Fixes

* **config:** staging kv bidding
([#134](#134))
([7a523d5](7a523d5))
* **egress-client:** set nonce, expire and fix servedAt
([#130](#130))
([b135643](b135643))
* enable open telemetry for all envs
([#131](#131))
([c822465](c822465))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@fforbeck fforbeck mentioned this pull request Feb 12, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Peeja Peeja Peeja left review comments

@alanshaw alanshaw alanshaw approved these changes

Assignees

@fforbeck fforbeck

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fforbeck @Peeja @alanshaw