feat: Initial work refactoring noosphere-gateway to be generic over the

spheres it manages.

Cargo.toml

@@ -20,6 +20,7 @@ anyhow = { version = "1" }
 async-recursion = { version = "1" }
 async-stream = { version = "0.3" }
 axum = { version = "^0.6.18" }
+base64 = { version = "^0.21" }
 bytes = { version = "^1" }
 cid = { version = "0.10" }
 deterministic-bloom = { version = "0.1.0" }
@@ -29,6 +30,7 @@ futures = { version = "0.3" }
 futures-util = { version = "0.3" }
 gloo-net = { version = "0.4" }
 gloo-timers = { version = "0.3", features = ["futures"] }
+headers = { version = "=0.3.8" } # Match version used by `axum`.
 ignore = { version = "0.4.20" }
 instant = { version = "0.1", features = ["wasm-bindgen"] }
 iroh-car = { version = "^0.3.0" }

rust/noosphere-cli/src/native/commands/serve.rs

@@ -3,7 +3,7 @@
 
 use crate::native::workspace::Workspace;
 use anyhow::Result;
-use noosphere_gateway::{start_gateway, GatewayScope};
+use noosphere_gateway::{start_gateway, SingleSphereContextManager};
 use std::net::{IpAddr, TcpListener};
 use url::Url;
 
@@ -20,21 +20,12 @@ pub async fn serve(
 
     let listener = TcpListener::bind((interface, port))?;
 
-    let counterpart = workspace.counterpart_identity().await?;
-
-    let identity = workspace.sphere_identity().await?;
-
-    let gateway_scope = GatewayScope {
-        identity,
-        counterpart,
-    };
-
     let sphere_context = workspace.sphere_context().await?;
+    let context_manager = SingleSphereContextManager::new(sphere_context).await?;
 
     start_gateway(
         listener,
-        gateway_scope,
-        sphere_context,
+        context_manager,
         ipfs_api,
         name_resolver_api,
         cors_origin,

rust/noosphere-cli/src/native/helpers/workspace.rs

@@ -14,11 +14,8 @@ use noosphere::{
     NoosphereContext, NoosphereContextConfiguration, NoosphereNetwork, NoosphereSecurity,
     NoosphereStorage, NoosphereStorageConfig, NoosphereStoragePath,
 };
-use noosphere_core::{
-    context::HasSphereContext,
-    data::{Did, Mnemonic},
-};
-use noosphere_gateway::{start_gateway, GatewayScope};
+use noosphere_core::data::{Did, Mnemonic};
+use noosphere_gateway::{start_gateway, SingleSphereContextManager};
 use noosphere_ns::{helpers::NameSystemNetwork, server::start_name_system_api_server};
 use tokio::{sync::Mutex, task::JoinHandle};
 use url::Url;
@@ -43,7 +40,7 @@ pub fn temporary_workspace() -> Result<(Workspace, (TempDir, TempDir))> {
 }
 async fn start_gateway_for_workspace(
     workspace: &Workspace,
-    client_sphere_identity: &Did,
+    _client_sphere_identity: &Did,
     ipfs_url: &Url,
     ns_url: &Url,
 ) -> Result<(Url, JoinHandle<()>)> {
@@ -56,25 +53,14 @@ async fn start_gateway_for_workspace(
     ))?;
 
     let gateway_sphere_context = workspace.sphere_context().await?;
-
-    let client_sphere_identity = client_sphere_identity.clone();
     let ns_url = ns_url.clone();
     let ipfs_url = ipfs_url.clone();
+    let context_manager = SingleSphereContextManager::new(gateway_sphere_context).await?;
 
     let join_handle = tokio::spawn(async move {
-        start_gateway(
-            gateway_listener,
-            GatewayScope {
-                identity: gateway_sphere_context.identity().await.unwrap(),
-                counterpart: client_sphere_identity,
-            },
-            gateway_sphere_context,
-            ipfs_url,
-            ns_url,
-            None,
-        )
-        .await
-        .unwrap()
+        start_gateway(gateway_listener, context_manager, ipfs_url, ns_url, None)
+            .await
+            .unwrap()
     });
 
     Ok((gateway_url, join_handle))
@@ -241,6 +227,7 @@ impl SpherePair {
         if self.gateway_task.is_some() {
             return Err(anyhow::anyhow!("Gateway already started."));
         }
+
         let (gateway_url, gateway_task) = start_gateway_for_workspace(
             &self.gateway.workspace,
             &self.client.identity,

rust/noosphere-core/Cargo.toml

@@ -45,7 +45,7 @@ serde = { workspace = true }
 serde_json = { workspace = true }
 serde_urlencoded = { workspace = true }
 byteorder = "^1.5"
-base64 = "0.21"
+base64 = { workspace = true }
 ed25519-zebra = "^3"
 rand = { workspace = true }
 once_cell = "^1"
@@ -57,7 +57,7 @@ reqwest = { workspace = true }
 strum = { workspace = true }
 strum_macros = { workspace = true }
 tokio-util = { workspace = true, features = ["io"] }
-
+headers = { workspace = true }
 noosphere-common = { version = "0.1.2", path = "../noosphere-common" }
 noosphere-storage = { version = "0.9.2", path = "../noosphere-storage" }
 noosphere-collections = { version = "0.6.6", path = "../noosphere-collections" }
@@ -74,7 +74,6 @@ noosphere-common = { version = "0.1.2", path = "../noosphere-common", features =
 [target.'cfg(not(target_arch = "wasm32"))'.dependencies]
 tokio = { workspace = true, features = ["full"] }
 tracing-subscriber = { workspace = true }
-axum = { workspace = true, features = ["headers", "macros"] }
 
 [target.'cfg(target_arch = "wasm32")'.dependencies]
 # NOTE: This is needed so that rand can be included in WASM builds

rust/noosphere-core/src/api/client.rs

@@ -4,7 +4,6 @@ use crate::{
     api::{route::RouteUrl, v0alpha1, v0alpha2},
     stream::{from_car_stream, memo_history_stream, put_block_stream, to_car_stream},
 };
-
 use anyhow::{anyhow, Result};
 use async_stream::try_stream;
 use bytes::Bytes;
@@ -85,10 +84,11 @@ where
 
         let client = reqwest::Client::new();
 
-        let mut url = api_base.clone();
-        url.set_path(&v0alpha1::Route::Did.to_string());
-
-        let did_response = client.get(url).send().await?;
+        let did_response = {
+            let mut url = api_base.clone();
+            url.set_path(&v0alpha1::Route::Did.to_string());
+            client.get(url).send().await?
+        };
 
         match did_response.status() {
             StatusCode::OK => (),

rust/noosphere-core/src/api/headers/mod.rs

@@ -0,0 +1,9 @@
+//! A collection of typed [headers::Header] implementations
+//! used in gateway APIs.
+
+#[cfg(doc)]
+use headers;
+
+mod ucan;
+
+pub use self::ucan::*;

rust/noosphere-core/src/api/headers/ucan.rs

@@ -0,0 +1,90 @@
+use crate::data::Jwt;
+use anyhow::anyhow;
+use cid::Cid;
+use headers::{self, Header, HeaderName, HeaderValue};
+use once_cell::sync::Lazy;
+use ucan::{chain::ProofChain, crypto::did::DidParser, store::UcanJwtStore};
+
+static UCAN_NAME: Lazy<HeaderName> = Lazy::new(|| HeaderName::from_static("ucan"));
+
+/// A typed header for the `ucan` header, a tuple of [Cid] and [Jwt].
+/// Can represent a request with multiple `ucan` headers.
+///
+/// The values are **not** validated during parsing beyond legitimate
+/// looking [Cid]s and [Jwt]s here. Use [Ucan::as_proof_chain] to
+/// validate and construct a [ProofChain].
+pub struct Ucan(Vec<(Cid, Jwt)>);
+
+impl Header for Ucan {
+    fn name() -> &'static HeaderName {
+        &UCAN_NAME
+    }
+
+    fn decode<'i, I>(values: &mut I) -> Result<Self, headers::Error>
+    where
+        I: Iterator<Item = &'i HeaderValue>,
+    {
+        let mut ucans = vec![];
+        for header in values.by_ref() {
+            let value = header.to_str().map_err(|_| headers::Error::invalid())?;
+            let mut parts: Vec<&str> = value.split_ascii_whitespace().take(2).collect();
+
+            let jwt: Jwt = parts
+                .pop()
+                .ok_or_else(headers::Error::invalid)?
+                .to_string()
+                .into();
+            let cid: Cid = parts
+                .pop()
+                .ok_or_else(headers::Error::invalid)?
+                .try_into()
+                .map_err(|_| headers::Error::invalid())?;
+
+            ucans.push((cid, jwt));
+        }
+
+        Ok(Ucan(ucans))
+    }
+
+    fn encode<E>(&self, values: &mut E)
+    where
+        E: Extend<HeaderValue>,
+    {
+        for (cid, jwt) in self.0.iter() {
+            let value = HeaderValue::from_str(&format!("{} {}", cid, jwt)).unwrap();
+            values.extend(std::iter::once(value));
+        }
+    }
+}
+
+impl Ucan {
+    /// Construct a [ProofChain] from the collected `ucan` header
+    /// values. This is where validation of the data occurs.
+    pub async fn as_proof_chain(
+        &self,
+        bearer: headers::authorization::Bearer,
+        mut db: impl UcanJwtStore,
+        did_parser: &mut DidParser,
+    ) -> anyhow::Result<ProofChain> {
+        for (cid, jwt) in self.0.iter() {
+            // TODO(#261): We need a worker process that purges garbage UCANs
+            let actual_cid = db.write_token(jwt.into()).await?;
+            if actual_cid != *cid {
+                return Err(anyhow!("Cid and Jwt do not match."));
+            }
+        }
+
+        let proof_chain =
+            ProofChain::try_from_token_string(bearer.token(), None, did_parser, &db).await?;
+
+        proof_chain.ucan().validate(None, did_parser).await?;
+
+        Ok(proof_chain)
+    }
+}
+
+impl From<Ucan> for Vec<(Cid, Jwt)> {
+    fn from(value: Ucan) -> Self {
+        value.0
+    }
+}

rust/noosphere-core/src/api/mod.rs

@@ -5,9 +5,9 @@ mod client;
 mod data;
 mod route;
 
-pub use client::*;
-pub use data::*;
-pub use route::*;
-
+pub mod headers;
 pub mod v0alpha1;
 pub mod v0alpha2;
+
+pub use client::*;
+pub use data::*;

rust/noosphere-core/src/data/mod.rs

@@ -14,12 +14,12 @@ mod sphere;
 mod strings;
 mod versioned_map;
 
+pub use self::headers::*;
 pub use address::*;
 pub use authority::*;
 pub use body_chunk::*;
 pub use bundle::*;
 pub use changelog::*;
-pub use headers::*;
 pub use link::*;
 pub use memo::*;
 pub use sphere::*;