+1 -1

atproto/lexicon/catalog.go

reviewed

··· 65 65 } 66 66 // "A file can have at most one definition with one of the "primary" types. Primary types should always have the name main. It is possible for main to describe a non-primary type." 67 67 switch s := def.Inner.(type) { 68 68 - case SchemaRecord, SchemaQuery, SchemaProcedure, SchemaSubscription: 68 68 + case SchemaRecord, SchemaQuery, SchemaProcedure, SchemaSubscription, SchemaPermissionSet: 69 69 if frag != "main" { 70 70 return fmt.Errorf("record, query, procedure, and subscription types must be 'main', not: %s", frag) 71 71 }

+120

atproto/lexicon/language.go

reviewed

··· 36 36 return v.CheckSchema() 37 37 case SchemaSubscription: 38 38 return v.CheckSchema() 39 39 + case SchemaPermissionSet: 40 40 + return v.CheckSchema() 41 41 + case SchemaPermission: 42 42 + return v.CheckSchema() 39 43 case SchemaNull: 40 44 return v.CheckSchema() 41 45 case SchemaBoolean: ··· 178 182 return nil 179 183 case "subscription": 180 184 v := new(SchemaSubscription) 185 185 + if err = json.Unmarshal(b, v); err != nil { 186 186 + return err 187 187 + } 188 188 + s.Inner = *v 189 189 + return nil 190 190 + case "permission-set": 191 191 + v := new(SchemaPermissionSet) 192 192 + if err = json.Unmarshal(b, v); err != nil { 193 193 + return err 194 194 + } 195 195 + s.Inner = *v 196 196 + return nil 197 197 + case "permission": 198 198 + v := new(SchemaPermission) 181 199 if err = json.Unmarshal(b, v); err != nil { 182 200 return err 183 201 } ··· 371 389 return s.Parameters.CheckSchema() 372 390 } 373 391 392 392 + type SchemaPermissionSet struct { 393 393 + Type string `json:"type"` // "permission-set" 394 394 + Description *string `json:"description,omitempty"` 395 395 + Permissions []SchemaPermission `json:"permissions"` 396 396 + } 397 397 + 398 398 + func (s *SchemaPermissionSet) CheckSchema() error { 399 399 + for _, p := range s.Permissions { 400 400 + if err := p.CheckSchema(); err != nil { 401 401 + return err 402 402 + } 403 403 + } 404 404 + return nil 405 405 + } 406 406 + 407 407 + type SchemaPermission struct { 408 408 + Type string `json:"type"` // "permission" 409 409 + Description *string `json:"description,omitempty"` 410 410 + 411 411 + Resource string `json:"resource"` 412 412 + Accept []string `json:"accept,omitempty"` 413 413 + Collection []string `json:"collection,omitempty"` 414 414 + Action []string `json:"action,omitempty"` 415 415 + LXM []string `json:"lxm,omitempty"` 416 416 + Audience string `json:"aud,omitempty"` 417 417 + InheritAud bool `json:"inheritAud,omitempty"` 418 418 + } 419 419 + 420 420 + func (s *SchemaPermission) CheckSchema() error { 421 421 + if s.Type != "permission" { 422 422 + return fmt.Errorf("expected 'permission'") 423 423 + } 424 424 + switch s.Resource { 425 425 + case "blob": 426 426 + if len(s.Accept) == 0 { 427 427 + return fmt.Errorf("blob permission requires 'accept'") 428 428 + } 429 429 + for _, acc := range s.Accept { 430 430 + // TODO: more complete MIME pattern parsing 431 431 + parts := strings.SplitN(acc, "/", 3) 432 432 + if len(parts) != 2 || parts[0] == "*" || parts[0] == "" || parts[1] == "" { 433 433 + return fmt.Errorf("invalid blob 'accept' pattern: %s", acc) 434 434 + } 435 435 + } 436 436 + case "repo": 437 437 + if len(s.Collection) == 0 { 438 438 + return fmt.Errorf("repo permission requires 'collection'") 439 439 + } 440 440 + for _, coll := range s.Collection { 441 441 + if coll == "*" { 442 442 + continue 443 443 + } 444 444 + _, err := syntax.ParseNSID(coll) 445 445 + if err != nil { 446 446 + return fmt.Errorf("repo permission: %w", err) 447 447 + } 448 448 + } 449 449 + for _, act := range s.Action { 450 450 + if act != "create" && act != "update" && act != "delete" { 451 451 + return fmt.Errorf("unsupported repo action: %s", act) 452 452 + } 453 453 + } 454 454 + case "rpc": 455 455 + if len(s.LXM) == 0 { 456 456 + return fmt.Errorf("rpc permission requires 'lxm'") 457 457 + } 458 458 + for _, lxm := range s.LXM { 459 459 + if lxm == "*" { 460 460 + if s.Audience == "*" { 461 461 + // TODO: is this necessary here? 462 462 + return fmt.Errorf("can't have both 'lxm' and 'aud' be '*'") 463 463 + } 464 464 + continue 465 465 + } 466 466 + _, err := syntax.ParseNSID(lxm) 467 467 + if err != nil { 468 468 + return fmt.Errorf("rpc permission: %w", err) 469 469 + } 470 470 + } 471 471 + if (s.InheritAud == true && s.Audience != "") || (s.InheritAud == false && s.Audience == "") { 472 472 + return fmt.Errorf("rpc permission must have eith 'aud' or 'inheritAud' defined") 473 473 + } 474 474 + if s.Audience != "" { 475 475 + // TODO: helper for service refs 476 476 + parts := strings.SplitN(s.Audience, "#", 3) 477 477 + if len(parts) != 2 || parts[1] == "" { 478 478 + return fmt.Errorf("rpc 'aud' must be a service ref") 479 479 + } 480 480 + _, err := syntax.ParseDID(parts[0]) 481 481 + if err != nil { 482 482 + return fmt.Errorf("rpc 'aud' must be a service ref: %w", err) 483 483 + } 484 484 + } 485 485 + default: 486 486 + return fmt.Errorf("unsupported permission resource: %s", s.Resource) 487 487 + } 488 488 + return nil 489 489 + } 490 490 + 374 491 type SchemaBody struct { 375 492 Description *string `json:"description,omitempty"` 376 493 Encoding string `json:"encoding"` // required, mimetype ··· 803 920 } 804 921 805 922 func (s *SchemaParams) CheckSchema() error { 923 923 + if s.Type != "params" { 924 924 + return fmt.Errorf("expected 'params'") 925 925 + } 806 926 // TODO: check for set uniqueness of required 807 927 for _, k := range s.Required { 808 928 if _, ok := s.Properties[k]; !ok {

+58

atproto/lexicon/testdata/catalog/permission-set.json

reviewed

··· 1 1 + { 2 2 + "lexicon": 1, 3 3 + "id": "example.lexicon.permissionset", 4 4 + "description": "exercizes many lexicon features for the permission-set type", 5 5 + "defs": { 6 6 + "main": { 7 7 + "type": "permission-set", 8 8 + "permissions": [ 9 9 + { 10 10 + "type": "permission", 11 11 + "resource": "blob", 12 12 + "accept": [ 13 13 + "image/*" 14 14 + ] 15 15 + }, 16 16 + { 17 17 + "type": "permission", 18 18 + "resource": "repo", 19 19 + "collection": [ 20 20 + "com.example.calendar.event", 21 21 + "com.example.calendar.rsvp" 22 22 + ], 23 23 + "action": [ 24 24 + "delete", 25 25 + "create" 26 26 + ] 27 27 + }, 28 28 + { 29 29 + "type": "permission", 30 30 + "resource": "repo", 31 31 + "collection": [ 32 32 + "com.example.calendar.event", 33 33 + "app.bsky.feed.post" 34 34 + ], 35 35 + "action": [ 36 36 + "create", 37 37 + "update", 38 38 + "delete" 39 39 + ] 40 40 + }, 41 41 + { 42 42 + "type": "permission", 43 43 + "resource": "rpc", 44 44 + "aud": "did:web:example.com#foo", 45 45 + "lxm": ["com.example.calendar.listEvents"] 46 46 + }, 47 47 + { 48 48 + "type": "permission", 49 49 + "resource": "rpc", 50 50 + "inheritAud": true, 51 51 + "lxm": [ 52 52 + "com.example.calendar.listEvents" 53 53 + ] 54 54 + } 55 55 + ] 56 56 + } 57 57 + } 58 58 + }