feat: external alternative origins

src/declarations/satellite/satellite.did.d.ts

@@ -28,6 +28,7 @@ export interface AuthenticationConfig {
 }
 export interface AuthenticationConfigInternetIdentity {
 	derivation_origin: [] | [string];
+	external_alternative_origins: [] | [Array<string>];
 }
 export type CollectionType = { Db: null } | { Storage: null };
 export interface CommitBatch {
@@ -158,7 +159,6 @@ export interface RateConfig {
 export interface Rule {
 	max_capacity: [] | [number];
 	memory: [] | [Memory];
-	max_changes_per_user: [] | [number];
 	updated_at: bigint;
 	max_size: [] | [bigint];
 	read: Permission;
@@ -167,6 +167,7 @@ export interface Rule {
 	mutable_permissions: [] | [boolean];
 	rate_config: [] | [RateConfig];
 	write: Permission;
+	max_changes_per_user: [] | [number];
 }
 export interface SetController {
 	metadata: Array<[string, string]>;
@@ -185,13 +186,13 @@ export interface SetDoc {
 export interface SetRule {
 	max_capacity: [] | [number];
 	memory: [] | [Memory];
-	max_changes_per_user: [] | [number];
 	max_size: [] | [bigint];
 	read: Permission;
 	version: [] | [bigint];
 	mutable_permissions: [] | [boolean];
 	rate_config: [] | [RateConfig];
 	write: Permission;
+	max_changes_per_user: [] | [number];
 }
 export interface SetUserUsage {
 	changes_count: number;

src/declarations/satellite/satellite.factory.certified.did.js

@@ -76,7 +76,8 @@ export const idlFactory = ({ IDL }) => {
 		version: IDL.Opt(IDL.Nat64)
 	});
 	const AuthenticationConfigInternetIdentity = IDL.Record({
-		derivation_origin: IDL.Opt(IDL.Text)
+		derivation_origin: IDL.Opt(IDL.Text),
+		external_alternative_origins: IDL.Opt(IDL.Vec(IDL.Text))
 	});
 	const AuthenticationConfig = IDL.Record({
 		internet_identity: IDL.Opt(AuthenticationConfigInternetIdentity)
@@ -136,15 +137,15 @@ export const idlFactory = ({ IDL }) => {
 	const Rule = IDL.Record({
 		max_capacity: IDL.Opt(IDL.Nat32),
 		memory: IDL.Opt(Memory),
-		max_changes_per_user: IDL.Opt(IDL.Nat32),
 		updated_at: IDL.Nat64,
 		max_size: IDL.Opt(IDL.Nat),
 		read: Permission,
 		created_at: IDL.Nat64,
 		version: IDL.Opt(IDL.Nat64),
 		mutable_permissions: IDL.Opt(IDL.Bool),
 		rate_config: IDL.Opt(RateConfig),
-		write: Permission
+		write: Permission,
+		max_changes_per_user: IDL.Opt(IDL.Nat32)
 	});
 	const UserUsage = IDL.Record({
 		updated_at: IDL.Nat64,
@@ -231,13 +232,13 @@ export const idlFactory = ({ IDL }) => {
 	const SetRule = IDL.Record({
 		max_capacity: IDL.Opt(IDL.Nat32),
 		memory: IDL.Opt(Memory),
-		max_changes_per_user: IDL.Opt(IDL.Nat32),
 		max_size: IDL.Opt(IDL.Nat),
 		read: Permission,
 		version: IDL.Opt(IDL.Nat64),
 		mutable_permissions: IDL.Opt(IDL.Bool),
 		rate_config: IDL.Opt(RateConfig),
-		write: Permission
+		write: Permission,
+		max_changes_per_user: IDL.Opt(IDL.Nat32)
 	});
 	const SetUserUsage = IDL.Record({ changes_count: IDL.Nat32 });
 	const UploadChunk = IDL.Record({

src/declarations/satellite/satellite.factory.did.js

@@ -76,7 +76,8 @@ export const idlFactory = ({ IDL }) => {
 		version: IDL.Opt(IDL.Nat64)
 	});
 	const AuthenticationConfigInternetIdentity = IDL.Record({
-		derivation_origin: IDL.Opt(IDL.Text)
+		derivation_origin: IDL.Opt(IDL.Text),
+		external_alternative_origins: IDL.Opt(IDL.Vec(IDL.Text))
 	});
 	const AuthenticationConfig = IDL.Record({
 		internet_identity: IDL.Opt(AuthenticationConfigInternetIdentity)
@@ -136,15 +137,15 @@ export const idlFactory = ({ IDL }) => {
 	const Rule = IDL.Record({
 		max_capacity: IDL.Opt(IDL.Nat32),
 		memory: IDL.Opt(Memory),
-		max_changes_per_user: IDL.Opt(IDL.Nat32),
 		updated_at: IDL.Nat64,
 		max_size: IDL.Opt(IDL.Nat),
 		read: Permission,
 		created_at: IDL.Nat64,
 		version: IDL.Opt(IDL.Nat64),
 		mutable_permissions: IDL.Opt(IDL.Bool),
 		rate_config: IDL.Opt(RateConfig),
-		write: Permission
+		write: Permission,
+		max_changes_per_user: IDL.Opt(IDL.Nat32)
 	});
 	const UserUsage = IDL.Record({
 		updated_at: IDL.Nat64,
@@ -231,13 +232,13 @@ export const idlFactory = ({ IDL }) => {
 	const SetRule = IDL.Record({
 		max_capacity: IDL.Opt(IDL.Nat32),
 		memory: IDL.Opt(Memory),
-		max_changes_per_user: IDL.Opt(IDL.Nat32),
 		max_size: IDL.Opt(IDL.Nat),
 		read: Permission,
 		version: IDL.Opt(IDL.Nat64),
 		mutable_permissions: IDL.Opt(IDL.Bool),
 		rate_config: IDL.Opt(RateConfig),
-		write: Permission
+		write: Permission,
+		max_changes_per_user: IDL.Opt(IDL.Nat32)
 	});
 	const SetUserUsage = IDL.Record({ changes_count: IDL.Nat32 });
 	const UploadChunk = IDL.Record({

src/declarations/satellite/satellite.factory.did.mjs

@@ -76,7 +76,8 @@ export const idlFactory = ({ IDL }) => {
 		version: IDL.Opt(IDL.Nat64)
 	});
 	const AuthenticationConfigInternetIdentity = IDL.Record({
-		derivation_origin: IDL.Opt(IDL.Text)
+		derivation_origin: IDL.Opt(IDL.Text),
+		external_alternative_origins: IDL.Opt(IDL.Vec(IDL.Text))
 	});
 	const AuthenticationConfig = IDL.Record({
 		internet_identity: IDL.Opt(AuthenticationConfigInternetIdentity)
@@ -136,15 +137,15 @@ export const idlFactory = ({ IDL }) => {
 	const Rule = IDL.Record({
 		max_capacity: IDL.Opt(IDL.Nat32),
 		memory: IDL.Opt(Memory),
-		max_changes_per_user: IDL.Opt(IDL.Nat32),
 		updated_at: IDL.Nat64,
 		max_size: IDL.Opt(IDL.Nat),
 		read: Permission,
 		created_at: IDL.Nat64,
 		version: IDL.Opt(IDL.Nat64),
 		mutable_permissions: IDL.Opt(IDL.Bool),
 		rate_config: IDL.Opt(RateConfig),
-		write: Permission
+		write: Permission,
+		max_changes_per_user: IDL.Opt(IDL.Nat32)
 	});
 	const UserUsage = IDL.Record({
 		updated_at: IDL.Nat64,
@@ -231,13 +232,13 @@ export const idlFactory = ({ IDL }) => {
 	const SetRule = IDL.Record({
 		max_capacity: IDL.Opt(IDL.Nat32),
 		memory: IDL.Opt(Memory),
-		max_changes_per_user: IDL.Opt(IDL.Nat32),
 		max_size: IDL.Opt(IDL.Nat),
 		read: Permission,
 		version: IDL.Opt(IDL.Nat64),
 		mutable_permissions: IDL.Opt(IDL.Bool),
 		rate_config: IDL.Opt(RateConfig),
-		write: Permission
+		write: Permission,
+		max_changes_per_user: IDL.Opt(IDL.Nat32)
 	});
 	const SetUserUsage = IDL.Record({ changes_count: IDL.Nat32 });
 	const UploadChunk = IDL.Record({

src/frontend/src/lib/utils/auth.config.utils.ts

@@ -1,5 +1,5 @@
 import type { AuthenticationConfig } from '$declarations/satellite/satellite.did';
-import { fromNullable, isNullish, nonNullish } from '@dfinity/utils';
+import { fromNullable, isNullish, nonNullish, toNullable } from '@dfinity/utils';
 
 export const buildSetAuthenticationConfig = ({
 	config,
@@ -12,7 +12,8 @@ export const buildSetAuthenticationConfig = ({
 		? {
 				internet_identity: [
 					{
-						derivation_origin: [domainName]
+						derivation_origin: [domainName],
+						external_alternative_origins: toNullable()
 					}
 				]
 			}
@@ -22,7 +23,8 @@ export const buildSetAuthenticationConfig = ({
 					internet_identity: [
 						{
 							...fromNullable(config.internet_identity),
-							derivation_origin: [domainName]
+							derivation_origin: [domainName],
+							external_alternative_origins: toNullable()
 						}
 					]
 				})
@@ -36,7 +38,8 @@ export const buildDeleteAuthenticationConfig = (
 		internet_identity: [
 			{
 				...fromNullable(config.internet_identity),
-				derivation_origin: []
+				derivation_origin: [],
+				external_alternative_origins: []
 			}
 		]
 	})

src/libs/satellite/satellite.did

@@ -24,6 +24,7 @@ type AuthenticationConfig = record {
 };
 type AuthenticationConfigInternetIdentity = record {
   derivation_origin : opt text;
+  external_alternative_origins : opt vec text;
 };
 type CollectionType = variant { Db; Storage };
 type CommitBatch = record {
@@ -122,7 +123,6 @@ type RateConfig = record { max_tokens : nat64; time_per_token_ns : nat64 };
 type Rule = record {
   max_capacity : opt nat32;
   memory : opt Memory;
-  max_changes_per_user : opt nat32;
   updated_at : nat64;
   max_size : opt nat;
   read : Permission;
@@ -131,6 +131,7 @@ type Rule = record {
   mutable_permissions : opt bool;
   rate_config : opt RateConfig;
   write : Permission;
+  max_changes_per_user : opt nat32;
 };
 type SetController = record {
   metadata : vec record { text; text };
@@ -149,13 +150,13 @@ type SetDoc = record {
 type SetRule = record {
   max_capacity : opt nat32;
   memory : opt Memory;
-  max_changes_per_user : opt nat32;
   max_size : opt nat;
   read : Permission;
   version : opt nat64;
   mutable_permissions : opt bool;
   rate_config : opt RateConfig;
   write : Permission;
+  max_changes_per_user : opt nat32;
 };
 type SetUserUsage = record { changes_count : nat32 };
 type StorageConfig = record {

src/libs/satellite/src/auth/alternative_origins.rs

@@ -17,17 +17,22 @@ struct AlternativeOrigins {
 }
 
 pub fn update_alternative_origins(config: &AuthenticationConfig) -> Result<(), String> {
-    config
-        .internet_identity
-        .as_ref()
-        .and_then(|config| config.derivation_origin.as_ref())
-        .map_or_else(
-            || delete_alternative_origins_asset(&StorageState),
-            set_alternative_origins,
-        )
+    if let Some(internet_identity) = &config.internet_identity {
+        if let Some(derivation_origin) = &internet_identity.derivation_origin {
+            return set_alternative_origins(
+                derivation_origin,
+                &internet_identity.external_alternative_origins,
+            );
+        }
+    }
+
+    delete_alternative_origins_asset(&StorageState)
 }
 
-fn set_alternative_origins(derivation_origin: &DomainName) -> Result<(), String> {
+fn set_alternative_origins(
+    derivation_origin: &DomainName,
+    external_alternative_origins: &Option<Vec<DomainName>>,
+) -> Result<(), String> {
     let mut custom_domains: Vec<DomainName> = get_custom_domains_store()
         .keys()
         .filter(|domain| *domain != derivation_origin)
@@ -40,6 +45,21 @@ fn set_alternative_origins(derivation_origin: &DomainName) -> Result<(), String>
         custom_domains.push(canister_url);
     }
 
+    let external_domains: Vec<DomainName> =
+        external_alternative_origins
+            .as_ref()
+            .map_or_else(Vec::new, |alternative_origins| {
+                alternative_origins
+                    .iter()
+                    .filter(|domain| {
+                        *domain != derivation_origin && !custom_domains.contains(domain)
+                    })
+                    .cloned()
+                    .collect()
+            });
+
+    custom_domains.extend(external_domains);
+
     if custom_domains.is_empty() {
         return delete_alternative_origins_asset(&StorageState);
     }

src/libs/satellite/src/auth/types.rs

@@ -22,5 +22,6 @@ pub mod config {
     #[derive(Default, CandidType, Serialize, Deserialize, Clone)]
     pub struct AuthenticationConfigInternetIdentity {
         pub derivation_origin: Option<DomainName>,
+        pub external_alternative_origins: Option<Vec<DomainName>>,
     }
 }

src/libs/shared/src/version.rs

@@ -19,6 +19,6 @@ where
             } else {
                 version + 1
             }
-        },
+        }
     }
 }

src/satellite/satellite.did

@@ -26,6 +26,7 @@ type AuthenticationConfig = record {
 };
 type AuthenticationConfigInternetIdentity = record {
   derivation_origin : opt text;
+  external_alternative_origins : opt vec text;
 };
 type CollectionType = variant { Db; Storage };
 type CommitBatch = record {
@@ -124,7 +125,6 @@ type RateConfig = record { max_tokens : nat64; time_per_token_ns : nat64 };
 type Rule = record {
   max_capacity : opt nat32;
   memory : opt Memory;
-  max_changes_per_user : opt nat32;
   updated_at : nat64;
   max_size : opt nat;
   read : Permission;
@@ -133,6 +133,7 @@ type Rule = record {
   mutable_permissions : opt bool;
   rate_config : opt RateConfig;
   write : Permission;
+  max_changes_per_user : opt nat32;
 };
 type SetController = record {
   metadata : vec record { text; text };
@@ -151,13 +152,13 @@ type SetDoc = record {
 type SetRule = record {
   max_capacity : opt nat32;
   memory : opt Memory;
-  max_changes_per_user : opt nat32;
   max_size : opt nat;
   read : Permission;
   version : opt nat64;
   mutable_permissions : opt bool;
   rate_config : opt RateConfig;
   write : Permission;
+  max_changes_per_user : opt nat32;
 };
 type SetUserUsage = record { changes_count : nat32 };
 type StorageConfig = record {