From 6c7ef1ee98f167ec5c5c8f4bc14212b7d8e75905 Mon Sep 17 00:00:00 2001
From: Bnonni <bnonni@formfree.com>
Date: Tue, 30 Apr 2024 10:07:53 -0400
Subject: [PATCH] fetch and merge upsteam changes

---
 src/core/dwn-error.ts                 |  2 ++
 src/core/protocol-authorization.ts    | 28 +++++++++++++++++++++++++++
 src/interfaces/protocols-configure.ts |  2 +-
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/src/core/dwn-error.ts b/src/core/dwn-error.ts
index 5cab8075f..c01ade875 100644
--- a/src/core/dwn-error.ts
+++ b/src/core/dwn-error.ts
@@ -55,6 +55,7 @@ export enum DwnErrorCode {
   PrivateKeySignerUnsupportedCurve = 'PrivateKeySignerUnsupportedCurve',
   ProtocolAuthorizationActionNotAllowed = 'ProtocolAuthorizationActionNotAllowed',
   ProtocolAuthorizationActionRulesNotFound = 'ProtocolAuthorizationActionRulesNotFound',
+  ProtocolAuthorizationExpiryReached = 'ProtocolAuthorizationExpiryReached',
   ProtocolAuthorizationIncorrectDataFormat = 'ProtocolAuthorizationIncorrectDataFormat',
   ProtocolAuthorizationIncorrectContextId = 'ProtocolAuthorizationIncorrectContextId',
   ProtocolAuthorizationIncorrectProtocolPath = 'ProtocolAuthorizationIncorrectProtocolPath',
@@ -75,6 +76,7 @@ export enum DwnErrorCode {
   ProtocolAuthorizationTagsInvalidSchema = 'ProtocolAuthorizationTagsInvalidSchema',
   ProtocolsConfigureDuplicateActorInRuleSet = 'ProtocolsConfigureDuplicateActorInRuleSet',
   ProtocolsConfigureDuplicateRoleInRuleSet = 'ProtocolsConfigureDuplicateRoleInRuleSet',
+  ProtocolsConfigureInvalidExpiry = 'ProtocolsConfigureInvalidExpiry',
   ProtocolsConfigureInvalidSize = 'ProtocolsConfigureInvalidSize',
   ProtocolsConfigureInvalidActionMissingOf = 'ProtocolsConfigureInvalidActionMissingOf',
   ProtocolsConfigureInvalidActionOfNotAllowed = 'ProtocolsConfigureInvalidActionOfNotAllowed',
diff --git a/src/core/protocol-authorization.ts b/src/core/protocol-authorization.ts
index 8d4c3a554..e2aa6b732 100644
--- a/src/core/protocol-authorization.ts
+++ b/src/core/protocol-authorization.ts
@@ -161,6 +161,9 @@ export class ProtocolAuthorization {
       ancestorMessageChain,
       messageStore,
     );
+
+    // Verify expiry
+    ProtocolAuthorization.verifyExpiry(incomingMessage, ruleSet)
   }
 
   public static async authorizeQueryOrSubscribe(
@@ -726,6 +729,31 @@ export class ProtocolAuthorization {
     }
   }
 
+  /**
+   * Verifies that reads adhere to the $expiry constraint if provided
+   * @throws {Error} if expiry date is passed.
+   */
+  private static verifyExpiry(
+    incomingMessage: RecordsRead,
+    ruleSet: ProtocolRuleSet
+  ): void {
+    const ruleExpiry = ruleSet.$expiry;
+    if (!ruleExpiry) {
+      return;
+    }
+
+    const dateCreated = incomingMessage.message.descriptor.filter?.dateCreated;
+    if (!dateCreated) {
+      return;
+    }
+
+    const dateExpiry = dateCreated + ruleExpiry;
+    if (Date.now() > dateExpiry) {
+      throw new DwnError(DwnErrorCode.ProtocolAuthorizationExpiryReached, `dateExpiry ${dateExpiry} has passed`);
+    }
+
+  }
+
   /**
    * If the given RecordsWrite is not a role record, this method does nothing and succeeds immediately.
    *
diff --git a/src/interfaces/protocols-configure.ts b/src/interfaces/protocols-configure.ts
index 61fa569df..8af234da2 100644
--- a/src/interfaces/protocols-configure.ts
+++ b/src/interfaces/protocols-configure.ts
@@ -132,7 +132,7 @@ export class ProtocolsConfigure extends AbstractMessage<ProtocolsConfigureMessag
   ): void {
     const { ruleSet, ruleSetProtocolPath, recordTypes, roles } = input;
 
-    // Validate $actions in the rule set
+    // Validate $size in the rule set
     if (ruleSet.$size !== undefined) {
       const { min = 0, max } = ruleSet.$size;