feat: service authorized blob index retrieval

Author: alanshaw

go.mod

@@ -30,7 +30,7 @@ require (
 	github.com/multiformats/go-multihash v0.2.3
 	github.com/redis/go-redis/extra/redisotel/v9 v9.10.0
 	github.com/redis/go-redis/v9 v9.10.0
-	github.com/storacha/go-libstoracha v0.3.1
+	github.com/storacha/go-libstoracha v0.3.2
 	github.com/storacha/go-ucanto v0.6.5
 	github.com/stretchr/testify v1.10.0
 	github.com/testcontainers/testcontainers-go v0.39.0

go.sum

@@ -676,8 +676,8 @@ github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t6
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
-github.com/storacha/go-libstoracha v0.3.1 h1:cjXEVfEJHdBLBcs2cbk94Gf5xoL/eMxWtY6o6RxnY/0=
-github.com/storacha/go-libstoracha v0.3.1/go.mod h1:UF4t2uPwq7vhqqoRWVPnsTsvnWghd8uTJ5WW6QekjVA=
+github.com/storacha/go-libstoracha v0.3.2 h1:GH/6Q+lJ/HmjI3/T+3ECqOdblLTYLPtZWqLB5AG6Dus=
+github.com/storacha/go-libstoracha v0.3.2/go.mod h1:UF4t2uPwq7vhqqoRWVPnsTsvnWghd8uTJ5WW6QekjVA=
 github.com/storacha/go-ucanto v0.6.5 h1:mxy1UkJDqszAGe6SkoT0N2SG9YJ62YX7fzU1Pg9lxnA=
 github.com/storacha/go-ucanto v0.6.5/go.mod h1:O35Ze4x18EWtz3ftRXXd/mTZ+b8OQVjYYrnadJ/xNjg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=

pkg/service/blobindexlookup/cachinglookup_test.go

@@ -180,7 +180,7 @@ type mockBlobIndexLookup struct {
 	err   error
 }
 
-func (m *mockBlobIndexLookup) Find(ctx context.Context, contextID types.EncodedContextID, provider model.ProviderResult, spec types.RetrievalRequest) (blobindex.ShardedDagIndexView, error) {
+func (m *mockBlobIndexLookup) Find(ctx context.Context, contextID types.EncodedContextID, provider model.ProviderResult, req types.RetrievalRequest) (blobindex.ShardedDagIndexView, error) {
 	return m.index, m.err
 }
 

pkg/service/blobindexlookup/mock_BlobIndexLookup.go

@@ -12,6 +12,7 @@ import (
 	"github.com/storacha/go-libstoracha/blobindex"
 	rclient "github.com/storacha/go-ucanto/client/retrieval"
 	"github.com/storacha/go-ucanto/core/dag/blockstore"
+	"github.com/storacha/go-ucanto/core/delegation"
 	"github.com/storacha/go-ucanto/core/invocation"
 	"github.com/storacha/go-ucanto/core/receipt"
 	"github.com/storacha/go-ucanto/core/result"
@@ -30,11 +31,11 @@ func NewBlobIndexLookup(httpClient *http.Client) BlobIndexLookup {
 }
 
 // Find fetches the blob index from the given fetchURL
-func (s *simpleLookup) Find(ctx context.Context, _ types.EncodedContextID, result model.ProviderResult, spec types.RetrievalRequest) (blobindex.ShardedDagIndexView, error) {
+func (s *simpleLookup) Find(ctx context.Context, _ types.EncodedContextID, result model.ProviderResult, request types.RetrievalRequest) (blobindex.ShardedDagIndexView, error) {
 	// If retrieval authroization details were provided, make a UCAN authorized
 	// retrieval request.
-	if spec.Auth != nil {
-		body, err := doAuthorizedRetrieval(ctx, spec, s.httpClient)
+	if request.Auth != nil {
+		body, err := doAuthorizedRetrieval(ctx, s.httpClient, request)
 		if err != nil {
 			return nil, fmt.Errorf("executing authorized retrieval: %w", err)
 		}
@@ -43,52 +44,52 @@ func (s *simpleLookup) Find(ctx context.Context, _ types.EncodedContextID, resul
 	}
 
 	// attempt to fetch the index from provided url
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, spec.URL.String(), nil)
+	httpReq, err := http.NewRequestWithContext(ctx, http.MethodGet, request.URL.String(), nil)
 	if err != nil {
 		return nil, fmt.Errorf("constructing request: %w", err)
 	}
-	rng := spec.Range
+	rng := request.Range
 	if rng != nil {
 		rangeHeader := fmt.Sprintf("bytes=%d-", rng.Offset)
 		if rng.Length != nil {
 			rangeHeader += strconv.FormatUint(rng.Offset+*rng.Length-1, 10)
 		}
-		req.Header.Set("Range", rangeHeader)
+		httpReq.Header.Set("Range", rangeHeader)
 	}
-	resp, err := s.httpClient.Do(req)
+	resp, err := s.httpClient.Do(httpReq)
 	if err != nil {
 		return nil, fmt.Errorf("failed to fetch index: %w", err)
 	}
 	if resp.StatusCode < 200 || resp.StatusCode > 299 {
 		body, _ := io.ReadAll(resp.Body)
-		return nil, fmt.Errorf("failure response fetching index. status: %s, message: %s, url: %s", resp.Status, string(body), spec.URL.String())
+		return nil, fmt.Errorf("failure response fetching index. status: %s, message: %s, url: %s", resp.Status, string(body), request.URL.String())
 	}
 	defer resp.Body.Close()
 	return blobindex.Extract(resp.Body)
 }
 
-func doAuthorizedRetrieval(ctx context.Context, spec types.RetrievalRequest, httpClient *http.Client) (io.ReadCloser, error) {
+func doAuthorizedRetrieval(ctx context.Context, httpClient *http.Client, request types.RetrievalRequest) (io.ReadCloser, error) {
 	headers := http.Header{}
-	if spec.Range != nil {
-		if spec.Range.Length != nil {
-			headers.Set("Range", fmt.Sprintf("bytes=%d-%d", spec.Range.Offset, spec.Range.Offset+*spec.Range.Length-1))
+	if request.Range != nil {
+		if request.Range.Length != nil {
+			headers.Set("Range", fmt.Sprintf("bytes=%d-%d", request.Range.Offset, request.Range.Offset+*request.Range.Length-1))
 		} else {
-			headers.Set("Range", fmt.Sprintf("bytes=%d-", spec.Range.Offset))
+			headers.Set("Range", fmt.Sprintf("bytes=%d-", request.Range.Offset))
 		}
 	}
 
 	conn, err := rclient.NewConnection(
-		spec.Auth.Audience,
-		spec.URL,
+		request.Auth.Audience,
+		request.URL,
 		rclient.WithClient(httpClient),
 		rclient.WithHeaders(headers),
 	)
 	if err != nil {
 		return nil, err
 	}
 
-	iss, aud, cap := spec.Auth.Issuer, spec.Auth.Audience, spec.Auth.Capability
-	inv, err := invocation.Invoke(iss, aud, cap)
+	iss, aud, cap := request.Auth.Issuer, request.Auth.Audience, request.Auth.Capability
+	inv, err := invocation.Invoke(iss, aud, cap, delegation.WithProof(request.Auth.Proofs...))
 	if err != nil {
 		return nil, err
 	}