feat: external alternative origins (#1200)

peterpeterparker · web-flow · commit 84552429a0fb · 2025-02-07T08:52:35.000+01:00
* feat: external alternative origins

* feat: generate did

* feat: adapt for did

* feat: test external urls
diff --git a/src/declarations/satellite/satellite.did.d.ts b/src/declarations/satellite/satellite.did.d.ts
@@ -28,6 +28,7 @@ export interface AuthenticationConfig {
 }
 export interface AuthenticationConfigInternetIdentity {
 	derivation_origin: [] | [string];
+	external_alternative_origins: [] | [Array<string>];
 }
 export type CollectionType = { Db: null } | { Storage: null };
 export interface CommitBatch {
@@ -158,7 +159,6 @@ export interface RateConfig {
 export interface Rule {
 	max_capacity: [] | [number];
 	memory: [] | [Memory];
-	max_changes_per_user: [] | [number];
 	updated_at: bigint;
 	max_size: [] | [bigint];
 	read: Permission;
@@ -167,6 +167,7 @@ export interface Rule {
 	mutable_permissions: [] | [boolean];
 	rate_config: [] | [RateConfig];
 	write: Permission;
+	max_changes_per_user: [] | [number];
 }
 export interface SetController {
 	metadata: Array<[string, string]>;
@@ -185,13 +186,13 @@ export interface SetDoc {
 export interface SetRule {
 	max_capacity: [] | [number];
 	memory: [] | [Memory];
-	max_changes_per_user: [] | [number];
 	max_size: [] | [bigint];
 	read: Permission;
 	version: [] | [bigint];
 	mutable_permissions: [] | [boolean];
 	rate_config: [] | [RateConfig];
 	write: Permission;
+	max_changes_per_user: [] | [number];
 }
 export interface SetUserUsage {
 	changes_count: number;
diff --git a/src/declarations/satellite/satellite.factory.certified.did.js b/src/declarations/satellite/satellite.factory.certified.did.js
@@ -76,7 +76,8 @@ export const idlFactory = ({ IDL }) => {
 		version: IDL.Opt(IDL.Nat64)
 	});
 	const AuthenticationConfigInternetIdentity = IDL.Record({
-		derivation_origin: IDL.Opt(IDL.Text)
+		derivation_origin: IDL.Opt(IDL.Text),
+		external_alternative_origins: IDL.Opt(IDL.Vec(IDL.Text))
 	});
 	const AuthenticationConfig = IDL.Record({
 		internet_identity: IDL.Opt(AuthenticationConfigInternetIdentity)
@@ -136,15 +137,15 @@ export const idlFactory = ({ IDL }) => {
 	const Rule = IDL.Record({
 		max_capacity: IDL.Opt(IDL.Nat32),
 		memory: IDL.Opt(Memory),
-		max_changes_per_user: IDL.Opt(IDL.Nat32),
 		updated_at: IDL.Nat64,
 		max_size: IDL.Opt(IDL.Nat),
 		read: Permission,
 		created_at: IDL.Nat64,
 		version: IDL.Opt(IDL.Nat64),
 		mutable_permissions: IDL.Opt(IDL.Bool),
 		rate_config: IDL.Opt(RateConfig),
-		write: Permission
+		write: Permission,
+		max_changes_per_user: IDL.Opt(IDL.Nat32)
 	});
 	const UserUsage = IDL.Record({
 		updated_at: IDL.Nat64,
@@ -231,13 +232,13 @@ export const idlFactory = ({ IDL }) => {
 	const SetRule = IDL.Record({
 		max_capacity: IDL.Opt(IDL.Nat32),
 		memory: IDL.Opt(Memory),
-		max_changes_per_user: IDL.Opt(IDL.Nat32),
 		max_size: IDL.Opt(IDL.Nat),
 		read: Permission,
 		version: IDL.Opt(IDL.Nat64),
 		mutable_permissions: IDL.Opt(IDL.Bool),
 		rate_config: IDL.Opt(RateConfig),
-		write: Permission
+		write: Permission,
+		max_changes_per_user: IDL.Opt(IDL.Nat32)
 	});
 	const SetUserUsage = IDL.Record({ changes_count: IDL.Nat32 });
 	const UploadChunk = IDL.Record({
diff --git a/src/declarations/satellite/satellite.factory.did.js b/src/declarations/satellite/satellite.factory.did.js
@@ -76,7 +76,8 @@ export const idlFactory = ({ IDL }) => {
 		version: IDL.Opt(IDL.Nat64)
 	});
 	const AuthenticationConfigInternetIdentity = IDL.Record({
-		derivation_origin: IDL.Opt(IDL.Text)
+		derivation_origin: IDL.Opt(IDL.Text),
+		external_alternative_origins: IDL.Opt(IDL.Vec(IDL.Text))
 	});
 	const AuthenticationConfig = IDL.Record({
 		internet_identity: IDL.Opt(AuthenticationConfigInternetIdentity)
@@ -136,15 +137,15 @@ export const idlFactory = ({ IDL }) => {
 	const Rule = IDL.Record({
 		max_capacity: IDL.Opt(IDL.Nat32),
 		memory: IDL.Opt(Memory),
-		max_changes_per_user: IDL.Opt(IDL.Nat32),
 		updated_at: IDL.Nat64,
 		max_size: IDL.Opt(IDL.Nat),
 		read: Permission,
 		created_at: IDL.Nat64,
 		version: IDL.Opt(IDL.Nat64),
 		mutable_permissions: IDL.Opt(IDL.Bool),
 		rate_config: IDL.Opt(RateConfig),
-		write: Permission
+		write: Permission,
+		max_changes_per_user: IDL.Opt(IDL.Nat32)
 	});
 	const UserUsage = IDL.Record({
 		updated_at: IDL.Nat64,
@@ -231,13 +232,13 @@ export const idlFactory = ({ IDL }) => {
 	const SetRule = IDL.Record({
 		max_capacity: IDL.Opt(IDL.Nat32),
 		memory: IDL.Opt(Memory),
-		max_changes_per_user: IDL.Opt(IDL.Nat32),
 		max_size: IDL.Opt(IDL.Nat),
 		read: Permission,
 		version: IDL.Opt(IDL.Nat64),
 		mutable_permissions: IDL.Opt(IDL.Bool),
 		rate_config: IDL.Opt(RateConfig),
-		write: Permission
+		write: Permission,
+		max_changes_per_user: IDL.Opt(IDL.Nat32)
 	});
 	const SetUserUsage = IDL.Record({ changes_count: IDL.Nat32 });
 	const UploadChunk = IDL.Record({
diff --git a/src/declarations/satellite/satellite.factory.did.mjs b/src/declarations/satellite/satellite.factory.did.mjs
@@ -76,7 +76,8 @@ export const idlFactory = ({ IDL }) => {
 		version: IDL.Opt(IDL.Nat64)
 	});
 	const AuthenticationConfigInternetIdentity = IDL.Record({
-		derivation_origin: IDL.Opt(IDL.Text)
+		derivation_origin: IDL.Opt(IDL.Text),
+		external_alternative_origins: IDL.Opt(IDL.Vec(IDL.Text))
 	});
 	const AuthenticationConfig = IDL.Record({
 		internet_identity: IDL.Opt(AuthenticationConfigInternetIdentity)
@@ -136,15 +137,15 @@ export const idlFactory = ({ IDL }) => {
 	const Rule = IDL.Record({
 		max_capacity: IDL.Opt(IDL.Nat32),
 		memory: IDL.Opt(Memory),
-		max_changes_per_user: IDL.Opt(IDL.Nat32),
 		updated_at: IDL.Nat64,
 		max_size: IDL.Opt(IDL.Nat),
 		read: Permission,
 		created_at: IDL.Nat64,
 		version: IDL.Opt(IDL.Nat64),
 		mutable_permissions: IDL.Opt(IDL.Bool),
 		rate_config: IDL.Opt(RateConfig),
-		write: Permission
+		write: Permission,
+		max_changes_per_user: IDL.Opt(IDL.Nat32)
 	});
 	const UserUsage = IDL.Record({
 		updated_at: IDL.Nat64,
@@ -231,13 +232,13 @@ export const idlFactory = ({ IDL }) => {
 	const SetRule = IDL.Record({
 		max_capacity: IDL.Opt(IDL.Nat32),
 		memory: IDL.Opt(Memory),
-		max_changes_per_user: IDL.Opt(IDL.Nat32),
 		max_size: IDL.Opt(IDL.Nat),
 		read: Permission,
 		version: IDL.Opt(IDL.Nat64),
 		mutable_permissions: IDL.Opt(IDL.Bool),
 		rate_config: IDL.Opt(RateConfig),
-		write: Permission
+		write: Permission,
+		max_changes_per_user: IDL.Opt(IDL.Nat32)
 	});
 	const SetUserUsage = IDL.Record({ changes_count: IDL.Nat32 });
 	const UploadChunk = IDL.Record({
diff --git a/src/frontend/src/lib/utils/auth.config.utils.ts b/src/frontend/src/lib/utils/auth.config.utils.ts
@@ -1,5 +1,5 @@
 import type { AuthenticationConfig } from '$declarations/satellite/satellite.did';
-import { fromNullable, isNullish, nonNullish } from '@dfinity/utils';
+import { fromNullable, isNullish, nonNullish, toNullable } from '@dfinity/utils';
 
 export const buildSetAuthenticationConfig = ({
 	config,
@@ -12,7 +12,8 @@ export const buildSetAuthenticationConfig = ({
 		? {
 				internet_identity: [
 					{
-						derivation_origin: [domainName]
+						derivation_origin: [domainName],
+						external_alternative_origins: toNullable()
 					}
 				]
 			}
@@ -22,7 +23,8 @@ export const buildSetAuthenticationConfig = ({
 					internet_identity: [
 						{
 							...fromNullable(config.internet_identity),
-							derivation_origin: [domainName]
+							derivation_origin: [domainName],
+							external_alternative_origins: toNullable()
 						}
 					]
 				})
@@ -36,7 +38,8 @@ export const buildDeleteAuthenticationConfig = (
 		internet_identity: [
 			{
 				...fromNullable(config.internet_identity),
-				derivation_origin: []
+				derivation_origin: [],
+				external_alternative_origins: []
 			}
 		]
 	})
diff --git a/src/libs/satellite/satellite.did b/src/libs/satellite/satellite.did
@@ -24,6 +24,7 @@ type AuthenticationConfig = record {
 };
 type AuthenticationConfigInternetIdentity = record {
   derivation_origin : opt text;
+  external_alternative_origins : opt vec text;
 };
 type CollectionType = variant { Db; Storage };
 type CommitBatch = record {
@@ -122,7 +123,6 @@ type RateConfig = record { max_tokens : nat64; time_per_token_ns : nat64 };
 type Rule = record {
   max_capacity : opt nat32;
   memory : opt Memory;
-  max_changes_per_user : opt nat32;
   updated_at : nat64;
   max_size : opt nat;
   read : Permission;
@@ -131,6 +131,7 @@ type Rule = record {
   mutable_permissions : opt bool;
   rate_config : opt RateConfig;
   write : Permission;
+  max_changes_per_user : opt nat32;
 };
 type SetController = record {
   metadata : vec record { text; text };
@@ -149,13 +150,13 @@ type SetDoc = record {
 type SetRule = record {
   max_capacity : opt nat32;
   memory : opt Memory;
-  max_changes_per_user : opt nat32;
   max_size : opt nat;
   read : Permission;
   version : opt nat64;
   mutable_permissions : opt bool;
   rate_config : opt RateConfig;
   write : Permission;
+  max_changes_per_user : opt nat32;
 };
 type SetUserUsage = record { changes_count : nat32 };
 type StorageConfig = record {
diff --git a/src/libs/satellite/src/auth/alternative_origins.rs b/src/libs/satellite/src/auth/alternative_origins.rs
@@ -17,17 +17,22 @@ struct AlternativeOrigins {
 }
 
 pub fn update_alternative_origins(config: &AuthenticationConfig) -> Result<(), String> {
-    config
-        .internet_identity
-        .as_ref()
-        .and_then(|config| config.derivation_origin.as_ref())
-        .map_or_else(
-            || delete_alternative_origins_asset(&StorageState),
-            set_alternative_origins,
-        )
+    if let Some(internet_identity) = &config.internet_identity {
+        if let Some(derivation_origin) = &internet_identity.derivation_origin {
+            return set_alternative_origins(
+                derivation_origin,
+                &internet_identity.external_alternative_origins,
+            );
+        }
+    }
+
+    delete_alternative_origins_asset(&StorageState)
 }
 
-fn set_alternative_origins(derivation_origin: &DomainName) -> Result<(), String> {
+fn set_alternative_origins(
+    derivation_origin: &DomainName,
+    external_alternative_origins: &Option<Vec<DomainName>>,
+) -> Result<(), String> {
     let mut custom_domains: Vec<DomainName> = get_custom_domains_store()
         .keys()
         .filter(|domain| *domain != derivation_origin)
@@ -40,6 +45,21 @@ fn set_alternative_origins(derivation_origin: &DomainName) -> Result<(), String>
         custom_domains.push(canister_url);
     }
 
+    let external_domains: Vec<DomainName> =
+        external_alternative_origins
+            .as_ref()
+            .map_or_else(Vec::new, |alternative_origins| {
+                alternative_origins
+                    .iter()
+                    .filter(|domain| {
+                        *domain != derivation_origin && !custom_domains.contains(domain)
+                    })
+                    .cloned()
+                    .collect()
+            });
+
+    custom_domains.extend(external_domains);
+
     if custom_domains.is_empty() {
         return delete_alternative_origins_asset(&StorageState);
     }
diff --git a/src/libs/satellite/src/auth/types.rs b/src/libs/satellite/src/auth/types.rs
@@ -22,5 +22,6 @@ pub mod config {
     #[derive(Default, CandidType, Serialize, Deserialize, Clone)]
     pub struct AuthenticationConfigInternetIdentity {
         pub derivation_origin: Option<DomainName>,
+        pub external_alternative_origins: Option<Vec<DomainName>>,
     }
 }
diff --git a/src/libs/shared/src/version.rs b/src/libs/shared/src/version.rs
@@ -19,6 +19,6 @@ where
             } else {
                 version + 1
             }
-        },
+        }
     }
 }
diff --git a/src/satellite/satellite.did b/src/satellite/satellite.did
@@ -26,6 +26,7 @@ type AuthenticationConfig = record {
 };
 type AuthenticationConfigInternetIdentity = record {
   derivation_origin : opt text;
+  external_alternative_origins : opt vec text;
 };
 type CollectionType = variant { Db; Storage };
 type CommitBatch = record {
@@ -124,7 +125,6 @@ type RateConfig = record { max_tokens : nat64; time_per_token_ns : nat64 };
 type Rule = record {
   max_capacity : opt nat32;
   memory : opt Memory;
-  max_changes_per_user : opt nat32;
   updated_at : nat64;
   max_size : opt nat;
   read : Permission;
@@ -133,6 +133,7 @@ type Rule = record {
   mutable_permissions : opt bool;
   rate_config : opt RateConfig;
   write : Permission;
+  max_changes_per_user : opt nat32;
 };
 type SetController = record {
   metadata : vec record { text; text };
@@ -151,13 +152,13 @@ type SetDoc = record {
 type SetRule = record {
   max_capacity : opt nat32;
   memory : opt Memory;
-  max_changes_per_user : opt nat32;
   max_size : opt nat;
   read : Permission;
   version : opt nat64;
   mutable_permissions : opt bool;
   rate_config : opt RateConfig;
   write : Permission;
+  max_changes_per_user : opt nat32;
 };
 type SetUserUsage = record { changes_count : nat32 };
 type StorageConfig = record {
diff --git a/src/tests/satellite.auth.spec.ts b/src/tests/satellite.auth.spec.ts

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`import type { AuthenticationConfig } from '$declarations/satellite/satellite.did';`
`2`		`-import { fromNullable, isNullish, nonNullish } from '@dfinity/utils';`
	`2`	`+import { fromNullable, isNullish, nonNullish, toNullable } from '@dfinity/utils';`
`3`	`3`
`4`	`4`	`export const buildSetAuthenticationConfig = ({`
`5`	`5`	`config,`
`@@ -12,7 +12,8 @@ export const buildSetAuthenticationConfig = ({`
`12`	`12`	`? {`
`13`	`13`	`internet_identity: [`
`14`	`14`	`{`
`15`		`- derivation_origin: [domainName]`
	`15`	`+ derivation_origin: [domainName],`
	`16`	`+ external_alternative_origins: toNullable()`
`16`	`17`	`}`
`17`	`18`	`]`
`18`	`19`	`}`
`@@ -22,7 +23,8 @@ export const buildSetAuthenticationConfig = ({`
`22`	`23`	`internet_identity: [`
`23`	`24`	`{`
`24`	`25`	`...fromNullable(config.internet_identity),`
`25`		`- derivation_origin: [domainName]`
	`26`	`+ derivation_origin: [domainName],`
	`27`	`+ external_alternative_origins: toNullable()`
`26`	`28`	`}`
`27`	`29`	`]`
`28`	`30`	`})`
`@@ -36,7 +38,8 @@ export const buildDeleteAuthenticationConfig = (`
`36`	`38`	`internet_identity: [`
`37`	`39`	`{`
`38`	`40`	`...fromNullable(config.internet_identity),`
`39`		`- derivation_origin: []`
	`41`	`+ derivation_origin: [],`
	`42`	`+ external_alternative_origins: []`
`40`	`43`	`}`
`41`	`44`	`]`
`42`	`45`	`})`
Original file line number	Diff line number	Diff line change
`@@ -22,5 +22,6 @@ pub mod config {`
`22`	`22`	`#[derive(Default, CandidType, Serialize, Deserialize, Clone)]`
`23`	`23`	`pub struct AuthenticationConfigInternetIdentity {`
`24`	`24`	`pub derivation_origin: Option<DomainName>,`
	`25`	`+ pub external_alternative_origins: Option<Vec<DomainName>>,`
`25`	`26`	`}`
`26`	`27`	`}`
Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,6 @@ where`
`19`	`19`	`} else {`
`20`	`20`	`version + 1`
`21`	`21`	`}`
`22`		`- },`
	`22`	`+ }`
`23`	`23`	`}`
`24`	`24`	`}`