Add ability to create signed links

[elv-zenia]

Following a signed link allows access to target objects that are protected/private.

Add a setting in Asset Manager that creates auth for a link. When a link has a signature, re-use it instead of re-signing it so that any changes made by someone with lower privileges won't cause the links to be signed by them.

Limit this setting to associated assets, i.e. titles, clips, etc.

Add functionality to authenticate a link in client-js, which will involve adding the following payload (signed):

{
    ".": {
      "authorization": "aslsjc38XkrJ7vFtywQw3dRDfkCnhhf1sPqr99TN6br5yeG5nehxJGPskvNCxNBTzbCUKfYKdkhCB7jacQrEvmZcPY1vjFpqmseDn6VS6Fh1bXN2Z2DD4yk9L5y6GDth8Rs9UqDa3SWu6cLtjJPrvPHoDLBu9LatKVkNv7y7LgTKJsLWnxnyGwyGAa62XnkXyaURhP36anYWf51oYKaNY8rc5qdqkiKhLuK1WjwXXwp7Wk1971KnVvtFSc3oB7r8V5dkvC5YukpsnG5W5oMxjugLQ1ajuCduCEfC2UMiW3HsWAo1XTSt7Xnzek69poLoMWJTBxaEFGD1xp3Ebq2gAQR1HUPsVaEiETrW18qTQiKKgh989pi39SntJuqSdvpHpRLtaG3kefiGJHEWjwGDAexQN4guzor8S4mk1PeHRn3dK7N8uj3AEa5ytzkM1QWHdvhxQeb63HFGZKT7M11aiJ"
    },
    "/": "/qfab/hq__6x7xg1KLwqJqeBir5pAtrngbnwL9s41fDAovNENVJMPswBNMyu32Cov7f7zJmUBFVo8jCUngGs/meta/public"
  }

The decoded signed link as JSON:

{
  "adr": "1+H3EeqpiD2sSHEKWqzCQZNuNLU=",
  "spc": "ispc2gfzuWxi2krZv2SqkNz3f6UpMbJe",
  "lib": "ilib3RiwiP7UJJiHxFLbkL46BoVfKWrB",
  "qid": "iq__111",
  "sub": "0xd7e1f711eaa9883dAc48710a5aacC241936E34B5",
  "gra": "read",
  "iat": 1605022379000,
  "exp": 1605025979000,
  "ctx": {
    "elv": {
      "lnk": "./meta/public/asset_metadata/sources/default",
      "src": "iq__4HpGt3behmNdT9QCbLT5QVty4BD1",
      "cat": [
        "partner1",
        "clip"
      ]
    }
  }
}

Additional resources:

• Original design proposal
• Add support for signed links
• Add CLI commands for signed links

[elv-serban]

Testing 2022-12-07 - signed link icon doesn't change after signing (it changes to a lock but only after the list is refreshed)

The token has two problems:

• sub needs to be multiformat (and it is a hex string)
• exp needs to be "" (no expiration)

Correct example:

    {
      "txh": "0x0000000000000000000000000000000000000000000000000000000000000000",
      "adr": "0x4c6051083295c6efc14dbc7452d86e4bd9f566bd",
      "spc": "ispc2RUoRe9eR2v33HARQUVSp1rYXzw1",
      "lib": "ilib3N6aQ3MpkMS9T64U35REBunv3Zez",
      "qid": "iq__2b4M4cLeLjcbAjBd1EXXkm6BmCST",
      "sub": "iusr24iToADZabCVM9ibodF4qWwU52Kv",
      "gra": "read",
      "iat": "2021-01-13T23:19:32.053Z",
      "exp": "",
      "ctx": {
        "elv": {
          "lnk": "./rep/playout",
          "src": "iq__3GD1gnhSEc6rSKmWiZXhtfHBPcff"
        }
      }
    }

Example generated by the app, showing the two problems:

    {
      "txh": "0x0000000000000000000000000000000000000000000000000000000000000000",
      "adr": "0xe705e5b91d55c604439ece3a623be8591eee8001",
      "spc": "ispc3ANoVSzNA3P6t7abLR69ho5YPPZU",
      "lib": "ilib4VkoL3vt75eWwvjHqqyyzxwExWV9",
      "qid": "iq__3XUktu232eSiXGQZNDCxVQfkj7wi",
      "sub": "0xe705e5b91d55c604439ece3a623be8591eee8001",
      "gra": "read",
      "iat": "2022-12-08T00:13:46.703Z",
      "exp": "2022-12-08T01:13:46.703Z",
      "ctx": {
        "elv": {
          "lnk": "./meta/public/asset_metadata",
          "src": "iq__3M51eddxPUdUnrLANnRVcYGSFaaD"
        }
      }
    }

[elv-michelle]

Note, I would like to see the link details in the UX, as in right click on the signed link icon to reveal a menu / option displaying the link details, e.g.

Something like:

Signor = 0x4c6051083295c6efc14dbc7452d86e4bd9f566bd Path: ilib3N6aQ3MpkMS9T64U35REBunv3Zez / iq3GD1gnhSEc6rSKmWiZXhtfHBPcff / Link: "./rep/playout", Source Object: "iq3GD1gnhSEc6rSKmWiZXhtfHBPcff"

Would be built from the metadata: { "txh": "0x0000000000000000000000000000000000000000000000000000000000000000", "adr": "0x4c6051083295c6efc14dbc7452d86e4bd9f566bd", "spc": "ispc2RUoRe9eR2v33HARQUVSp1rYXzw1", "lib": "ilib3N6aQ3MpkMS9T64U35REBunv3Zez", "qid": "iq2b4M4cLeLjcbAjBd1EXXkm6BmCST", "sub": "iusr24iToADZabCVM9ibodF4qWwU52Kv", "gra": "read", "iat": "2021-01-13T23:19:32.053Z", "exp": "", "ctx": { "elv": { "lnk": "./rep/playout", "src": "iq3GD1gnhSEc6rSKmWiZXhtfHBPcff" } } }

[elv-zenia]

@elv-arun Ready to verify.

[elv-gerald]

I am running into a decoding issue. I set up a top level object that uses a signed link pointing to a second mezzanine object using the frowser. Here is a blurb of what was added.

 "titles": {
        "0": {
          "aws-mez": {
            ".": {
              "authorization": "aslsjc8bLmsQ3tfT6nmUBssnjnUiF8pvduzwPNMUb42BtjGWFxJ9QoZdUFq5QEwpwyRgvEzRb2PcEwPGmKSioFaJtvSGytAW3yB3oDUWAK3h1pGANAuVSjAvYspWS6M9N2KyaCrH1evrAeFp44GfCV3nyhni6voewi3otZ3rXewSGzgU3tDfRBTo3iufqxv7SHEmMyDDfssrpshYHEQPwGiiVzvKBAxcZdwQ324Mp9t6r4ZcnRPrhbY89cspBp8mDpCa7kvTDAJx9UaHHGBwHdj4kgwFTgSPcwVSf1RtepzRn1uRv4EajLbmn9RX4acQybdtERFW1f4mLrUuCrL6h8eDp2vSAgUwM2BeP9uXwTUj3yMKmbxqjvJj7GBQwkPKc6gSSJiLjQjijGw7WrTR6CVP71xckuUPsTV3cDxGkaxJ9nYA5q3PLXAgE36ErEPmXihxYbeEHnKSAUFTPnaYAXrtz",
              "auto_update": {
                "tag": "latest"
              },
              "container": "hq__KudSGPscuC7igm83cbwamCrEfek7fxt1ZZEm3V9mkQ2tFeJc8eF6s8jtPjz9GVbaG32zby6aio"
            },
            "/": "/qfab/hq__E8Ejhwu8HZZkR2DBni7Np4cXom1SvM8jUbdkr47om5gWh352jQhb9NwNV83pT3wi55F3sfGzTc/meta/public/asset_metadata"
          }
        }
      }

Using a second user I gave access to the parent object which houses the singed link. When I make a request that will utilize the signed link I am getting a decoding error. Here is an example

❯ curl -s https://host-76-74-28-234.contentfabric.io/q/iq__MEM1XvM1M2qR3X1u2FcR8Sjz4zf/meta/public/asset_metadata/titles/0/aws-mez/title\?authorization\=atxsjc3TBP7RHQ9Dx18n6oLy4GzQ5ahTbQcmot1M2EZjKFmR4ctYAyiTbZfzF5YT4Qb5TBQthFgi49JNU5RnsmNasf1Mtgz7bycHt8kn4kDjWrdd5UDDPudHjidEZsqyuUKehGQJvtTzA4gL2G7rb6V9bkc2SSqPpe3hrt92RcL39ChQJ7Mjhqqjw2u9tf2YxSXVW6S6Z6nqHJ6Hre4EkddgSRtBfacGu76s3zUYZzBfwkwLHpHaR4x5fYJknDmsFozMwQUtiPwnGFbyRGFVt1uHTb6wESdmQKhxpfas2R2Lmvn9h2r2M7HZHHCRZSjcctSMzTWqn6hZHA33LfYiiyhWbpeAJgv5ZuC1vXQ6pMSFb3LqkkiGjVL8ezLgxAAGsDpLBFAF8dEkZfVcLWaL6N17ok1Bc7caZKKh441R98M9fvHZjHS3XLwDHBd3sgSnxudPKj1cpzvtpwNgWC8G4nfpz9M9KvjkaeMyXbfojyptauHRSyMDivRCLdeKCkovCDwwA7XBCJT95EtgXYZw7S74m6FdtnoBARPqhEk9189TA7uHYTXdDg4mVmtY9YyxXfaJ3pX86TnGRotY6suvasveqVHuZhXgr | jq .
{
  "errors": [
    {
      "op": "QMeta",
      "kind": "invalid",
      "options": {
        "resolve": null,
        "resolve_ignore_errors": false,
        "resolve_include_source": false,
        "link_depth": 1
      },
      "cause": {
        "op": "link_resolver.resolve",
        "kind": "invalid",
        "qihot": "iq__MEM1XvM1M2qR3X1u2FcR8Sjz4zf",
        "resolve": true,
        "max_link_depth": 1,
        "current_qid": "",
        "current_qhot": "iq__MEM1XvM1M2qR3X1u2FcR8Sjz4zf",
        "link_depth": 0,
        "cause": {
          "op": "traverseLocal",
          "kind": "invalid",
          "path": "/public/asset_metadata/titles/0/aws-mez/title",
          "cause": {
            "op": "resolveTransform",
            "kind": "invalid",
            "full_path": "/public/asset_metadata/titles/0/aws-mez/title",
            "path": "/public/asset_metadata/titles/0/aws-mez",
            "cause": {
              "op": "traverseLink",
              "kind": "invalid",
              "link": {
                ".": {
                  "authorization": "aslsjc8bLmsQ3tfT6nmUBssnjnUiF8pvduzwPNMUb42BtjGWFxJ9QoZdUFq5QEwpwyRgvEzRb2PcEwPGmKSioFaJtvSGytAW3yB3oDUWAK3h1pGANAuVSjAvYspWS6M9N2KyaCrH1evrAeFp44GfCV3nyhni6voewi3otZ3rXewSGzgU3tDfRBTo3iufqxv7SHEmMyDDfssrpshYHEQPwGiiVzvKBAxcZdwQ324Mp9t6r4ZcnRPrhbY89cspBp8mDpCa7kvTDAJx9UaHHGBwHdj4kgwFTgSPcwVSf1RtepzRn1uRv4EajLbmn9RX4acQybdtERFW1f4mLrUuCrL6h8eDp2vSAgUwM2BeP9uXwTUj3yMKmbxqjvJj7GBQwkPKc6gSSJiLjQjijGw7WrTR6CVP71xckuUPsTV3cDxGkaxJ9nYA5q3PLXAgE36ErEPmXihxYbeEHnKSAUFTPnaYAXrtz",
                  "auto_update": {
                    "tag": "latest"
                  }
                },
                "/": "/qfab/hq__E8Ejhwu8HZZkR2DBni7Np4cXom1SvM8jUbdkr47om5gWh352jQhb9NwNV83pT3wi55F3sfGzTc/meta/public/asset_metadata"
              },
              "path": "/public/asset_metadata/titles/0/aws-mez",
              "full_path": "/public/asset_metadata/titles/0/aws-mez/title",
              "remaining_path": "/title",
              "current_qid": "iq__MEM1XvM1M2qR3X1u2FcR8Sjz4zf",
              "current_qhot": "hq__KudSGPscuC7igm83cbwamCrEfek7fxt1ZZEm3V9mkQ2tFeJc8eF6s8jtPjz9GVbaG32zby6aio",
              "link_depth": 0,
              "cause": {
                "op": "signed link",
                "kind": "invalid",
                "cause": {
                  "op": "space for signed link",
                  "kind": "invalid",
                  "cause": {
                    "op": "VerifySignedLink",
                    "kind": "invalid",
                    "cause": {
                      "op": "decode auth token",
                      "kind": "invalid",
                      "token_string": "aslsjc8bLmsQ3tfT6nmUBssnjnUiF8pvduzwPNMUb42BtjGWFxJ9QoZdUFq5QEwpwyRgvEzRb2PcEwPGmKSioFaJtvSGytAW3yB3oDUWAK3h1pGANAuVSjAvYspWS6M9N2KyaCrH1evrAeFp44GfCV3nyhni6voewi3otZ3rXewSGzgU3tDfRBTo3iufqxv7SHEmMyDDfssrpshYHEQPwGiiVzvKBAxcZdwQ324Mp9t6r4ZcnRPrhbY89cspBp8mDpCa7kvTDAJx9UaHHGBwHdj4kgwFTgSPcwVSf1RtepzRn1uRv4EajLbmn9RX4acQybdtERFW1f4mLrUuCrL6h8eDp2vSAgUwM2BeP9uXwTUj3yMKmbxqjvJj7GBQwkPKc6gSSJiLjQjijGw7WrTR6CVP71xckuUPsTV3cDxGkaxJ9nYA5q3PLXAgE36ErEPmXihxYbeEHnKSAUFTPnaYAXrtz",
                      "cause": {
                        "op": "decode auth token",
                        "kind": "invalid",
                        "cause": {
                          "op": "decode bytes",
                          "kind": "invalid",
                          "cause": "json: cannot unmarshal string into Go struct field serData.exp of type int64"
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        }
      },
      "stacktrace": [
        "github.com/eluv-io/common-go/format/eat/token.go:981                               (*Token).decodeBytes()",
        "github.com/eluv-io/common-go/format/eat/token.go:933                               (*Token).decodeTokenAndSigBytes()",
        "github.com/eluv-io/common-go/format/eat/token.go:935                               (*Token).decodeTokenAndSigBytes()",
        "github.com/eluv-io/common-go/format/eat/token.go:918                               (*Token).decodeString()",
        "github.com/eluv-io/common-go/format/eat/token.go:232                               (*Token).Decode()",
        ...

[elv-gerald]

It looks like the token generated by the asset manager is incorrect/malformed.

Marc shared a signed link token that his tools generated and I am able to decode with elv. Using the the signed link token generated by the asset manager does not decode for me

asset manager decode

❯ elv tools decode aslsjc8bLmsQ3tfT6nmUBssnjnUiF8pvduzwPNMUb42BtjGWFxJ9QoZdUFq5QEwpwyRgvEzRb2PcEwPGmKSioFaJtvSGytAW3yB3oDUWAK3h1pGANAuVSjAvYspWS6M9N2KyaCrH1evrAeFp44GfCV3nyhni6voewi3otZ3rXewSGzgU3tDfRBTo3iufqxv7SHEmMyDDfssrpshYHEQPwGiiVzvKBAxcZdwQ324Mp9t6r4ZcnRPrhbY89cspBp8mDpCa7kvTDAJx9UaHHGBwHdj4kgwFTgSPcwVSf1RtepzRn1uRv4EajLbmn9RX4acQybdtERFW1f4mLrUuCrL6h8eDp2vSAgUwM2BeP9uXwTUj3yMKmbxqjvJj7GBQwkPKc6gSSJiLjQjijGw7WrTR6CVP71xckuUPsTV3cDxGkaxJ9nYA5q3PLXAgE36ErEPmXihxYbeEHnKSAUFTPnaYAXrtz
==> aslsjc8bLmsQ3tfT6nmUBssnjnUiF8pvduzwPNMUb42BtjGWFxJ9QoZdUFq5QEwpwyRgvEzRb2PcEwPGmKSioFaJtvSGytAW3yB3oDUWAK3h1pGANAuVSjAvYspWS6M9N2KyaCrH1evrAeFp44GfCV3nyhni6voewi3otZ3rXewSGzgU3tDfRBTo3iufqxv7SHEmMyDDfssrpshYHEQPwGiiVzvKBAxcZdwQ324Mp9t6r4ZcnRPrhbY89cspBp8mDpCa7kvTDAJx9UaHHGBwHdj4kgwFTgSPcwVSf1RtepzRn1uRv4EajLbmn9RX4acQybdtERFW1f4mLrUuCrL6h8eDp2vSAgUwM2BeP9uXwTUj3yMKmbxqjvJj7GBQwkPKc6gSSJiLjQjijGw7WrTR6CVP71xckuUPsTV3cDxGkaxJ9nYA5q3PLXAgE36ErEPmXihxYbeEHnKSAUFTPnaYAXrtz:
    op [decode auth token] kind [invalid] token_string [aslsjc8bLmsQ3tfT6nmUBssnjnUiF8pvduzwPNMUb42BtjGWFxJ9QoZdUFq5QEwpwyRgvEzRb2PcEwPGmKSioFaJtvSGytAW3yB3oDUWAK3h1pGANAuVSjAvYspWS6M9N2KyaCrH1evrAeFp44GfCV3nyhni6voewi3otZ3rXewSGzgU3tDfRBTo3iufqxv7SHEmMyDDfssrpshYHEQPwGiiVzvKBAxcZdwQ324Mp9t6r4ZcnRPrhbY89cspBp8mDpCa7kvTDAJx9UaHHGBwHdj4kgwFTgSPcwVSf1RtepzRn1uRv4EajLbmn9RX4acQybdtERFW1f4mLrUuCrL6h8eDp2vSAgUwM2BeP9uXwTUj3yMKmbxqjvJj7GBQwkPKc6gSSJiLjQjijGw7WrTR6CVP71xckuUPsTV3cDxGkaxJ9nYA5q3PLXAgE36ErEPmXihxYbeEHnKSAUFTPnaYAXrtz] cause:
        op [decode auth token] kind [invalid] cause:
        op [decode bytes] kind [invalid] cause [json: cannot unmarshal string into Go struct field serData.exp of type int64]
        github.com/eluv-io/common-go/format/eat/token.go:981               (*Token).decodeBytes()
        github.com/eluv-io/common-go/format/eat/token.go:933               (*Token).decodeTokenAndSigBytes()
        github.com/eluv-io/common-go/format/eat/token.go:935               (*Token).decodeTokenAndSigBytes()
        github.com/eluv-io/common-go/format/eat/token.go:918               (*Token).decodeString()
        github.com/eluv-io/common-go/format/eat/token.go:232               (*Token).Decode()
        github.com/eluv-io/common-go/format/eat/token.go:234               (*Token).Decode()
        github.com/eluv-io/common-go/format/eat/token.go:128               parse()
        github.com/eluv-io/common-go/format/eat/token.go:117               Parse()
        github.com/qluvio/content-fabric/client/qfab_cli/cmd2/tools.go:142 runToolsDecode.func6()
        github.com/qluvio/content-fabric/client/qfab_cli/cmd2/tools.go:200 runToolsDecode()
        reflect/value.go:556                                               Value.call()
        reflect/value.go:339                                               Value.Call()
        github.com/eluv-io/ecobra-go/app/app.go:477                        (*App).callFn()
        github.com/eluv-io/ecobra-go/app/app.go:409                        (*App).runStub.func1()
        github.com/spf13/cobra@v1.5.0/command.go:872                       (*Command).execute()
        github.com/spf13/cobra@v1.5.0/command.go:990                       (*Command).ExecuteC()
        github.com/spf13/cobra@v1.5.0/command.go:918                       (*Command).Execute()
        github.com/qluvio/content-fabric/client/qfab_cli/cmd2/root.go:356  Execute()
        qfab_cli/qfab_cli.go:10                                            main()

marcs example token

❯ elv tools decode aslsjc7tMToPu3yqyBAEVFhkDmKFBMGbHbYi9a55c2Ubky3mXMQjVKSfgq5YV5kjMd1zm5c9ro6wMCb5rgbZkBrYMTZuARY99wRFKdFQKfD3ETVjpqJXSpmtqXn1RkCi1WuPdi9kDkJ6SPS6RnKCs8VvqjGoCbwJNP1dowkyGzA9SDEhbRr1xHgKjPwkBohYHru9PXrCqd2fLQ8BtV1EsazkzQexz3YGQa1h8jcze5r9X1GT6pz1aPgJosBkNSFox8GzMUTVB8frVeKyE4kQrZuMhPoaRaUuLXTHsPqd2mCihvWvqCd47oDgGUhchdaW2PFc1sYsAK5DbovjJtzAR1ZngUEydLemVLRMSLAdQbdvgMGf5cDdLDiYrqD3j8W8ERJZwZKnrFee9HFwqK5gjkFzQf4dvPwb4dNcyTDyRmyrGp6ac27bFLx1adKpjqBjPmA5qVs4MSZxVfo7QieueJ1sx9m8YES
==> aslsjc7tMToPu3yqyBAEVFhkDmKFBMGbHbYi9a55c2Ubky3mXMQjVKSfgq5YV5kjMd1zm5c9ro6wMCb5rgbZkBrYMTZuARY99wRFKdFQKfD3ETVjpqJXSpmtqXn1RkCi1WuPdi9kDkJ6SPS6RnKCs8VvqjGoCbwJNP1dowkyGzA9SDEhbRr1xHgKjPwkBohYHru9PXrCqd2fLQ8BtV1EsazkzQexz3YGQa1h8jcze5r9X1GT6pz1aPgJosBkNSFox8GzMUTVB8frVeKyE4kQrZuMhPoaRaUuLXTHsPqd2mCihvWvqCd47oDgGUhchdaW2PFc1sYsAK5DbovjJtzAR1ZngUEydLemVLRMSLAdQbdvgMGf5cDdLDiYrqD3j8W8ERJZwZKnrFee9HFwqK5gjkFzQf4dvPwb4dNcyTDyRmyrGp6ac27bFLx1adKpjqBjPmA5qVs4MSZxVfo7QieueJ1sx9m8YES:
    aslsjc7tMToPu3yqyBAEVFhkDmKFBMGbHbYi9a55c2Ubky3mXMQjVKSfgq5YV5kjMd1zm5c9ro6wMCb5rgbZkBrYMTZuARY99wRFKdFQKfD3ETVjpqJXSpmtqXn1RkCi1WuPdi9kDkJ6SPS6RnKCs8VvqjGoCbwJNP1dowkyGzA9SDEhbRr1xHgKjPwkBohYHru9PXrCqd2fLQ8BtV1EsazkzQexz3YGQa1h8jcze5r9X1GT6pz1aPgJosBkNSFox8GzMUTVB8frVeKyE4kQrZuMhPoaRaUuLXTHsPqd2mCihvWvqCd47oDgGUhchdaW2PFc1sYsAK5DbovjJtzAR1ZngUEydLemVLRMSLAdQbdvgMGf5cDdLDiYrqD3j8W8ERJZwZKnrFee9HFwqK5gjkFzQf4dvPwb4dNcyTDyRmyrGp6ac27bFLx1adKpjqBjPmA5qVs4MSZxVfo7QieueJ1sx9m8YES
    {
      "txh": "0x0000000000000000000000000000000000000000000000000000000000000000",
      "adr": "0x4c6051083295c6efc14dbc7452d86e4bd9f566bd",
      "spc": "ispc2RUoRe9eR2v33HARQUVSp1rYXzw1",
      "lib": "ilib3N6aQ3MpkMS9T64U35REBunv3Zez",
      "qid": "iq__37tBEBoxG5EyL6BbRZNya5Ns7tyn",
      "sub": "iusr24iToADZabCVM9ibodF4qWwU52Kv",
      "gra": "read",
      "iat": "2023-01-31T00:37:33.985Z",
      "exp": "",
      "ctx": {
        "elv": {
          "lnk": "./meta/public/asset_metadata",
          "src": "iq__2jEYdbCpsK9n5J8826qAs9P2Gfvz"
        }
      }
    }
    TOKEN                  479b  PREFIX + BODY | aslsjc7tMToPu3yqyBAEVFhkDmKFBMGbHbYi9a55c2Ubky3mXMQjVKSfgq5YV5kjMd1zm5c9ro6wMCb5r...
    PREFIX                   6b  aslsjc | asl=signed-link s=ES256K jc=json-compressed
    BODY                   473b  base58(SIGNATURE + PAYLOAD)
    SIGNATURE + PAYLOAD    347b  347b * 138 / 100 + 1 = 479b (>= 473b)
    SIGNATURE               66b  ES256K_L1EtxW2eKiRu2Y8Xkj4qmxUzaiRb6yrs1QKjUobh45Hw8kuGHipV7DT2fVzzjrhhQD5uvGQodkpSNpgUQghQi2JJk
    PAYLOAD                281b  json-compressed
    json                   329b  {"adr":"TGBRCDKVxu/BTbx0UthuS9n1Zr0=","spc":"ispc2RUoRe9eR2v33HARQUVSp1rYXzw1","lib":"ilib3N6aQ3MpkMS9T64U35REBunv3Zez","qid":"iq__37tBEBoxG5EyL6BbRZNya5Ns7tyn","sub":"iusr24iToADZabCVM9ibodF4qWwU52Kv","gra":"read","iat":1675125453985,"ctx":{"elv":{"lnk":"./meta/public/asset_metadata","src":"iq__2jEYdbCpsK9n5J8826qAs9P2Gfvz"}}}

[elv-zenia]

Client change published; Core and Asset Manager deployed to demo. Ready for verification.

[elv-gerald]

I re added the title as a signed link but I noticed now the authorization token that is generated by the asset manager is not present in the metadata; the asls... token is gone. Is this expected? Here is a blurb of what I mean.

      "titles": {
        "0": {
          "aws-mez": {
            ".": {
              "auto_update": {
                "tag": "latest"
              },
              "container": "hq__FSzcQzUs74KDZP2c6KgEpgXtcHLgSh34cbSfuegHgR4i428fssFuAxcNXvDiVcoVSFefK4YMrs"
            },
            "/": "/qfab/hq__E8Ejhwu8HZZkR2DBni7Np4cXom1SvM8jUbdkr47om5gWh352jQhb9NwNV83pT3wi55F3sfGzTc/meta/public/asset_metadata"
          }
        }
      }
    },
    "description": "BBB Clear Seperate Master and Mez",
    "name": "BBB MEZ"
  },

This time when I try a curl that will exercise the signed link I get this error

❯ curl https://host-76-74-28-234.contentfabric.io/q/iq__MEM1XvM1M2qR3X1u2FcR8Sjz4zf/meta/public/asset_metadata/titles/0/aws-mez/title\?authorization\=atxsjc6Dm7g6SfjiYsb5oiYi7omV5zPaQwki9PYN7vbwR26zTj138PtsdnncAp5oeksAu13yUPAyiDwQVj1kMG4LyNKEHNM6x7sgK5CuBLN6rcfBMzxo5KLeSCzVHJzdN9FSfv33HH8KYBu4G9ar4ttnBCPS6ZjAaAiusCSpqgdtsqrRhvCfuDeFmZapCWsXYRhp3bQMZGtWRETAHmwcHs4Vo7RuHbmGtJKp3ykj2offSKVd4cn7bBqpXaFj8aWJDHq8CFEDMpgHGRxzMxLhGK9QbJndPTfU296SywbYPteqbuHE2rUr4TmbZnVZV9Hdj2CAKxtciAH743hnvYHGJtNc5kmKY5Sdd2HjymPTwpC7mLA5v7yGmc1YxB8P6nRTswBh4V5BeqM6gEQTAmPzJkLTby3CUMf3waJPpTBiEu8Ca1oLvFuw9LjQVFU7pG69pNVHY3g1D8dVjRT2Cy5Zr2uLYaEBxZznwEMUZGxiGafAKDeKdagGCL37X8NZyQeNQPhcCUcMqub1LvNwaNFrJo2iMqkJ1DMExbFsykS7gbpQZisbKdSBqfx3rUCp79RXqSGMTDDi7z1pChVE9P2mcJSATZoDPc | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  8671    0  8671    0     0  38449      0 --:--:-- --:--:-- --:--:-- 39593
{
  "errors": [
    {
      "op": "QMeta",
      "kind": "permission denied",
      "options": {
        "resolve": null,
        "resolve_ignore_errors": false,
        "resolve_include_source": false,
        "link_depth": 1
      },
      "cause": {
        "op": "link_resolver.resolve",
        "kind": "permission denied",
        "qihot": "iq__MEM1XvM1M2qR3X1u2FcR8Sjz4zf",
        "resolve": true,
        "max_link_depth": 1,
...

[elv-gerald]

OK I see the signed links are working now. Not sure if this is a bug but as I add or remove objects to the title listings the, order changes sometimes. Is this expected

[elv-zenia]

Does this happen before saving changes in asset manager? I would want to fix any jumping around that happens from just using Add Titles/trash icon. Also, since the user can change order, I think this is not the expected behavior.

[elv-gerald]

So it looks like the reordering happens after I sign a link. The item that gets the signature gets added to the end of the list. Here is a video

1. I have a signed link to object "gÉrald non ascii test MEZ"
2. I unsign the link to "gÉrald non ascii test MEZ", list stays the same
3. I sign he link to "gÉrald non ascii test MEZ", it gets added to the end of the titles list. In the video you can see I had to modify my curl for the request to work.

https://user-images.githubusercontent.com/79117605/228401920-68569f69-3204-4352-a277-e203513e597f.mov

[elv-zenia]

Fixed by https://github.com/eluv-io/elv-asset-manager/pull/10/commits/ccf484469a68f3acd7f82a7ac8512b5a0bcde109 and deployed to demo. @elv-gerald I fixed the reordering PLUS

• Disable the button when the user doesn't have edit permissions for the target object. Learned that this is a requirement
• Changed the icons to when signed = KEY; when not signed = CROSSED OUT KEY. The lock didn't really make sense for a link that allows more access

[elv-zenia]

Deployed to prod.