Struct holochain::core::ribosome::ZomeCallInvocation
source · pub struct ZomeCallInvocation {
pub cell_id: CellId,
pub zome: Zome,
pub cap_secret: Option<CapSecret>,
pub fn_name: FunctionName,
pub payload: ExternIO,
pub provenance: AgentPubKey,
pub signature: Signature,
pub nonce: Nonce256Bits,
pub expires_at: Timestamp,
}
Expand description
A top-level call into a zome function, i.e. coming from outside the Cell from an external Interface
Fields§
§cell_id: CellId
The Id of the Cell
in which this Zome-call would be invoked
zome: Zome
The Zome containing the function that would be invoked
cap_secret: Option<CapSecret>
The capability request authorization.
This can be None
and still succeed in the case where the function
in the zome being called has been given an Unrestricted status
via a CapGrant
. Otherwise, it will be necessary to provide a CapSecret
for every call.
fn_name: FunctionName
The name of the Zome function to call
payload: ExternIO
The serialized data to pass as an argument to the Zome call
provenance: AgentPubKey
The provenance of the call. Provenance means the ‘source’
so this expects the AgentPubKey
of the agent calling the Zome function
signature: Signature
The signature of the call from the provenance of the call. Everything except the signature itself is signed.
nonce: Nonce256Bits
The nonce of the call. Must be unique and monotonic. If a higher nonce has been seen then older zome calls will be discarded.
expires_at: Timestamp
This call MUST NOT be respected after this time, in the opinion of the callee.
Implementations§
source§impl ZomeCallInvocation
impl ZomeCallInvocation
sourcepub async fn verify_signature(&self) -> RibosomeResult<ZomeCallAuthorization>
pub async fn verify_signature(&self) -> RibosomeResult<ZomeCallAuthorization>
Examples found in repository?
386 387 388 389 390 391 392 393 394 395 396 397
pub async fn is_authorized<'a>(
&self,
host_access: &ZomeCallHostAccess,
) -> RibosomeResult<ZomeCallAuthorization> {
Ok(match self.verify_signature().await? {
ZomeCallAuthorization::Authorized => match self.verify_nonce(host_access).await? {
ZomeCallAuthorization::Authorized => self.verify_grant(host_access).await?,
unauthorized => unauthorized,
},
unauthorized => unauthorized,
})
}
sourcepub async fn verify_grant(
&self,
host_access: &ZomeCallHostAccess
) -> RibosomeResult<ZomeCallAuthorization>
pub async fn verify_grant(
&self,
host_access: &ZomeCallHostAccess
) -> RibosomeResult<ZomeCallAuthorization>
to decide if a zome call grant is authorized:
- we need to find a live (committed and not deleted) cap grant that matches the secret
- if the live cap grant is for the current author the call is ALWAYS authorized ELSE
- the live cap grant needs to include the invocation’s provenance AND zome/function name
Examples found in repository?
386 387 388 389 390 391 392 393 394 395 396 397
pub async fn is_authorized<'a>(
&self,
host_access: &ZomeCallHostAccess,
) -> RibosomeResult<ZomeCallAuthorization> {
Ok(match self.verify_signature().await? {
ZomeCallAuthorization::Authorized => match self.verify_nonce(host_access).await? {
ZomeCallAuthorization::Authorized => self.verify_grant(host_access).await?,
unauthorized => unauthorized,
},
unauthorized => unauthorized,
})
}
sourcepub async fn verify_nonce(
&self,
host_access: &ZomeCallHostAccess
) -> RibosomeResult<ZomeCallAuthorization>
pub async fn verify_nonce(
&self,
host_access: &ZomeCallHostAccess
) -> RibosomeResult<ZomeCallAuthorization>
Examples found in repository?
386 387 388 389 390 391 392 393 394 395 396 397
pub async fn is_authorized<'a>(
&self,
host_access: &ZomeCallHostAccess,
) -> RibosomeResult<ZomeCallAuthorization> {
Ok(match self.verify_signature().await? {
ZomeCallAuthorization::Authorized => match self.verify_nonce(host_access).await? {
ZomeCallAuthorization::Authorized => self.verify_grant(host_access).await?,
unauthorized => unauthorized,
},
unauthorized => unauthorized,
})
}
to verify if the zome call is authorized:
- the signature must be valid
- the nonce must not have already been seen
- the grant must be valid the checks MUST be done in this order as witnessing the nonce is a write and so we MUST NOT write nonces until after we verify the signature.
Examples found in repository?
198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225
pub async fn call_zome_function_authorized<R>(
ribosome: R,
host_access: ZomeCallHostAccess,
invocation: ZomeCallInvocation,
) -> WorkflowResult<(R, RibosomeResult<ZomeCallResponse>)>
where
R: RibosomeT + 'static,
{
match invocation.is_authorized(&host_access).await? {
ZomeCallAuthorization::Authorized => {
tokio::task::spawn_blocking(|| {
let r = ribosome.call_zome_function(host_access, invocation);
Ok((ribosome, r))
})
.await?
}
not_authorized_reason => Ok((
ribosome,
Ok(ZomeCallResponse::Unauthorized(
not_authorized_reason,
invocation.cell_id.clone(),
invocation.zome.zome_name().clone(),
invocation.fn_name.clone(),
invocation.provenance.clone(),
)),
)),
}
}
source§impl ZomeCallInvocation
impl ZomeCallInvocation
sourcepub async fn try_from_interface_call(
conductor_api: CellConductorHandle,
call: ZomeCall
) -> RibosomeResult<Self>
pub async fn try_from_interface_call(
conductor_api: CellConductorHandle,
call: ZomeCall
) -> RibosomeResult<Self>
Examples found in repository?
826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887
pub async fn call_zome(
&self,
call: ZomeCall,
workspace_lock: Option<SourceChainWorkspace>,
) -> CellResult<ZomeCallResult> {
// Only check if init has run if this call is not coming from
// an already running init call.
if workspace_lock
.as_ref()
.map_or(true, |w| !w.called_from_init())
{
// Check if init has run if not run it
self.check_or_run_zome_init().await?;
}
let keystore = self.conductor_api.keystore().clone();
let conductor_handle = self.conductor_handle.clone();
let signal_tx = self.signal_broadcaster();
let ribosome = self.get_ribosome()?;
let invocation =
ZomeCallInvocation::try_from_interface_call(self.conductor_api.clone(), call).await?;
let dna_def = ribosome.dna_def().as_content().clone();
// If there is no existing zome call then this is the root zome call
let is_root_zome_call = workspace_lock.is_none();
let workspace_lock = match workspace_lock {
Some(l) => l,
None => {
SourceChainWorkspace::new(
self.authored_db().clone(),
self.dht_db().clone(),
self.space.dht_query_cache.clone(),
self.cache().clone(),
keystore.clone(),
self.id.agent_pubkey().clone(),
Arc::new(dna_def),
)
.await?
}
};
let args = CallZomeWorkflowArgs {
cell_id: self.id.clone(),
ribosome,
invocation,
signal_tx,
conductor_handle,
is_root_zome_call,
};
Ok(call_zome_workflow(
workspace_lock,
self.holochain_p2p_cell.clone(),
keystore,
args,
self.queue_triggers.publish_dht_ops.clone(),
self.queue_triggers.integrate_dht_ops.clone(),
)
.await
.map_err(Box::new)?)
}
Trait Implementations§
source§impl Clone for ZomeCallInvocation
impl Clone for ZomeCallInvocation
source§fn clone(&self) -> ZomeCallInvocation
fn clone(&self) -> ZomeCallInvocation
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl Debug for ZomeCallInvocation
impl Debug for ZomeCallInvocation
source§impl<'de> Deserialize<'de> for ZomeCallInvocation
impl<'de> Deserialize<'de> for ZomeCallInvocation
source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
source§impl From<ZomeCallInvocation> for ZomeCall
impl From<ZomeCallInvocation> for ZomeCall
source§fn from(inv: ZomeCallInvocation) -> Self
fn from(inv: ZomeCallInvocation) -> Self
source§impl Invocation for ZomeCallInvocation
impl Invocation for ZomeCallInvocation
source§fn zomes(&self) -> ZomesToInvoke
fn zomes(&self) -> ZomesToInvoke
source§fn fn_components(&self) -> FnComponents ⓘ
fn fn_components(&self) -> FnComponents ⓘ
CallbackResult::is_definitive
in zome_types.
All of the individual callback results are then folded into a single overall result value
as a From implementation on the invocation results structs (e.g. zome results vs. ribosome
results).source§fn host_input(self) -> Result<ExternIO, SerializedBytesError>
fn host_input(self) -> Result<ExternIO, SerializedBytesError>
fn auth(&self) -> InvocationAuth
Auto Trait Implementations§
impl !RefUnwindSafe for ZomeCallInvocation
impl Send for ZomeCallInvocation
impl Sync for ZomeCallInvocation
impl Unpin for ZomeCallInvocation
impl !UnwindSafe for ZomeCallInvocation
Blanket Implementations§
§impl<T> Any for Twhere
T: Any + ?Sized,
impl<T> Any for Twhere
T: Any + ?Sized,
§fn type_id_compat(&self) -> TypeId
fn type_id_compat(&self) -> TypeId
§impl<T> ArchivePointee for T
impl<T> ArchivePointee for T
§type ArchivedMetadata = ()
type ArchivedMetadata = ()
§fn pointer_metadata(
_: &<T as ArchivePointee>::ArchivedMetadata
) -> <T as Pointee>::Metadata
fn pointer_metadata(
_: &<T as ArchivePointee>::ArchivedMetadata
) -> <T as Pointee>::Metadata
§impl<F, W, T, D> Deserialize<With<T, W>, D> for Fwhere
W: DeserializeWith<F, T, D>,
D: Fallible + ?Sized,
F: ?Sized,
impl<F, W, T, D> Deserialize<With<T, W>, D> for Fwhere
W: DeserializeWith<F, T, D>,
D: Fallible + ?Sized,
F: ?Sized,
§fn deserialize(
&self,
deserializer: &mut D
) -> Result<With<T, W>, <D as Fallible>::Error>
fn deserialize(
&self,
deserializer: &mut D
) -> Result<With<T, W>, <D as Fallible>::Error>
§impl<T> FutureExt for T
impl<T> FutureExt for T
§fn with_context(self, otel_cx: Context) -> WithContext<Self> ⓘ
fn with_context(self, otel_cx: Context) -> WithContext<Self> ⓘ
§fn with_current_context(self) -> WithContext<Self> ⓘ
fn with_current_context(self) -> WithContext<Self> ⓘ
source§impl<T> Instrument for T
impl<T> Instrument for T
source§fn instrument(self, span: Span) -> Instrumented<Self> ⓘ
fn instrument(self, span: Span) -> Instrumented<Self> ⓘ
source§fn in_current_span(self) -> Instrumented<Self> ⓘ
fn in_current_span(self) -> Instrumented<Self> ⓘ
source§impl<T> Instrument for T
impl<T> Instrument for T
source§fn instrument(self, span: Span) -> Instrumented<Self> ⓘ
fn instrument(self, span: Span) -> Instrumented<Self> ⓘ
source§fn in_current_span(self) -> Instrumented<Self> ⓘ
fn in_current_span(self) -> Instrumented<Self> ⓘ
§impl<T> Pointable for T
impl<T> Pointable for T
§impl<SS, SP> SupersetOf<SS> for SPwhere
SS: SubsetOf<SP>,
impl<SS, SP> SupersetOf<SS> for SPwhere
SS: SubsetOf<SP>,
§fn to_subset(&self) -> Option<SS>
fn to_subset(&self) -> Option<SS>
self
from the equivalent element of its
superset. Read more§fn is_in_subset(&self) -> bool
fn is_in_subset(&self) -> bool
self
is actually part of its subset T
(and can be converted to it).§fn to_subset_unchecked(&self) -> SS
fn to_subset_unchecked(&self) -> SS
self.to_subset
but without any property checks. Always succeeds.§fn from_subset(element: &SS) -> SP
fn from_subset(element: &SS) -> SP
self
to the equivalent element of its superset.