fetch and merge upsteam changes

decentralized-identity · Apr 30, 2024 · 6c7ef1e · 6c7ef1e
1 parent 43fdbc9
commit 6c7ef1e
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 1 deletion.
diff --git a/src/core/dwn-error.ts b/src/core/dwn-error.ts
@@ -55,6 +55,7 @@ export enum DwnErrorCode {
   PrivateKeySignerUnsupportedCurve = 'PrivateKeySignerUnsupportedCurve',
   ProtocolAuthorizationActionNotAllowed = 'ProtocolAuthorizationActionNotAllowed',
   ProtocolAuthorizationActionRulesNotFound = 'ProtocolAuthorizationActionRulesNotFound',
+  ProtocolAuthorizationExpiryReached = 'ProtocolAuthorizationExpiryReached',
   ProtocolAuthorizationIncorrectDataFormat = 'ProtocolAuthorizationIncorrectDataFormat',
   ProtocolAuthorizationIncorrectContextId = 'ProtocolAuthorizationIncorrectContextId',
   ProtocolAuthorizationIncorrectProtocolPath = 'ProtocolAuthorizationIncorrectProtocolPath',
@@ -75,6 +76,7 @@ export enum DwnErrorCode {
   ProtocolAuthorizationTagsInvalidSchema = 'ProtocolAuthorizationTagsInvalidSchema',
   ProtocolsConfigureDuplicateActorInRuleSet = 'ProtocolsConfigureDuplicateActorInRuleSet',
   ProtocolsConfigureDuplicateRoleInRuleSet = 'ProtocolsConfigureDuplicateRoleInRuleSet',
+  ProtocolsConfigureInvalidExpiry = 'ProtocolsConfigureInvalidExpiry',
   ProtocolsConfigureInvalidSize = 'ProtocolsConfigureInvalidSize',
   ProtocolsConfigureInvalidActionMissingOf = 'ProtocolsConfigureInvalidActionMissingOf',
   ProtocolsConfigureInvalidActionOfNotAllowed = 'ProtocolsConfigureInvalidActionOfNotAllowed',

diff --git a/src/core/protocol-authorization.ts b/src/core/protocol-authorization.ts
@@ -161,6 +161,9 @@ export class ProtocolAuthorization {
       ancestorMessageChain,
       messageStore,
     );
+
+    // Verify expiry
+    ProtocolAuthorization.verifyExpiry(incomingMessage, ruleSet)
   }
 
   public static async authorizeQueryOrSubscribe(
@@ -726,6 +729,31 @@ export class ProtocolAuthorization {
     }
   }
 
+  /**
+   * Verifies that reads adhere to the $expiry constraint if provided
+   * @throws {Error} if expiry date is passed.
+   */
+  private static verifyExpiry(
+    incomingMessage: RecordsRead,
+    ruleSet: ProtocolRuleSet
+  ): void {
+    const ruleExpiry = ruleSet.$expiry;
+    if (!ruleExpiry) {
+      return;
+    }
+
+    const dateCreated = incomingMessage.message.descriptor.filter?.dateCreated;
+    if (!dateCreated) {
+      return;
+    }
+
+    const dateExpiry = dateCreated + ruleExpiry;
+    if (Date.now() > dateExpiry) {
+      throw new DwnError(DwnErrorCode.ProtocolAuthorizationExpiryReached, `dateExpiry ${dateExpiry} has passed`);
+    }
+
+  }
+
   /**
    * If the given RecordsWrite is not a role record, this method does nothing and succeeds immediately.
    *

diff --git a/src/interfaces/protocols-configure.ts b/src/interfaces/protocols-configure.ts
@@ -132,7 +132,7 @@ export class ProtocolsConfigure extends AbstractMessage<ProtocolsConfigureMessag
   ): void {
     const { ruleSet, ruleSetProtocolPath, recordTypes, roles } = input;
 
-    // Validate $actions in the rule set
+    // Validate $size in the rule set
     if (ruleSet.$size !== undefined) {
       const { min = 0, max } = ruleSet.$size;