node-solid-server Add hasPaid(agent) function to ACL check

Mar 03 '21 13:03 michielbdejong

Linked to https://github.com/solid/acl-check/pull/38

Mar 03 '21 13:03 michielbdejong

Now seeing:

solid:ACL accessDenied: modeURIorReasons: ["User Unauthorized","Paying Would Help"] +0ms

in the logs so that's good progress so far.

Mar 03 '21 15:03 michielbdejong

I'm thinking the ACL checks are getting too complicated if we add this the way I originally thought we could.

So instead:

run the ACL check as normal, but keep track of whether any of the authorisations that did not apply would have applied if either the user would (authenticate and) pay (i.e. was the hasPaid(agent) callback called at least once).
if so and access was denied (401 or 403) then re-run the ACL check as if the agent had (authenticated and) paid. Careful not to cause any side-effects there.
if so, respond with 402 instead of 401 / 403.
if not (e.g. paying would give read access but the attempt is to control), then still give the 401/403 we would originally.

Mar 08 '21 10:03 michielbdejong

Got an approximation now where if hasPaid was checked and it was empty, and the response otherwise is a 401 or a 403, then it becomes a 402. This is too often, because it could be that you pay to get more access, but then that access will still not be enough to do what you were trying to do. But it's a reasonable first approximation.

I can now look at the integration of koa-ilp first, and the resolve this small inaccuracy last.

Mar 08 '21 12:03 michielbdejong

Hm, seems that https://github.com/interledgerjs/ilp-fetch supports both psk2 and stream (ILP/STREAM being the newer one) but https://github.com/interledgerjs/koa-ilp/blob/master/index.js only does psk2

Mar 08 '21 14:03 michielbdejong

https://interledger.org/rfcs/0025-pre-shared-key-2/ even explicitly says PSK2 is deprecated. So that's no good, then. Will see if I can find some code that creates a Pay header with stream.

Mar 08 '21 14:03 michielbdejong

Not sure how to add the Pay header into the response. https://github.com/solid/node-solid-server/blob/v5.6.2/lib/handlers/allow.js#L73 seems to be where the response status is passed on from the acl check, but not sure if we could add additional headers through that too

Mar 08 '21 14:03 michielbdejong

https://expressjs.com/en/guide/error-handling.html seems relevant.

Mar 08 '21 14:03 michielbdejong

~~Failing test from monetization-tests:~~ ~~● Read-Paying › Gives a 402 with accessTo Read access on non-container resource~~

This was because I hadn't npm-linked to the corresponding PR on acl-check. All good. Now we just need to add a call to a 'hasPaid' oracle.

Aug 31 '21 14:08 michielbdejong

It's now making the call to the oracle and checking if the response body equals 'ok'. The monetization-tests seem to be making some calls with a null agent, which I don't understand. Should also maybe return the payment details from the oracle?

Sep 02 '21 10:09 michielbdejong

This PR goes together with https://github.com/solid/acl-check/pull/38 and https://github.com/solid/monetization-tests/blob/main/run-against-nss.sh

Sep 02 '21 11:09 michielbdejong

node-solid-server node-solid-server copied to clipboard

Add hasPaid(agent) function to ACL check

node-solid-server
node-solid-server copied to clipboard