From 56067b2b16f7d92dfdc02b0b27e4cfc071ee53d1 Mon Sep 17 00:00:00 2001
From: Felipe Forbeck <felipe.forbeck@gmail.com>
Date: Mon, 9 Dec 2024 12:14:20 -0300
Subject: [PATCH] feat(content-serve): delegate with auth token caveat

---
 packages/capabilities/src/space.js |  3 +++
 packages/w3up-client/src/client.js | 19 ++++++++++++-------
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/packages/capabilities/src/space.js b/packages/capabilities/src/space.js
index 0f638d3d6..a41a4aa64 100644
--- a/packages/capabilities/src/space.js
+++ b/packages/capabilities/src/space.js
@@ -72,6 +72,9 @@ export const allocate = capability({
 export const contentServe = capability({
   can: 'space/content/serve/*',
   with: SpaceDID,
+  nb: Schema.struct({
+    authToken: Schema.string().optional(),
+  }),
   derives: equalWith,
 })
 
diff --git a/packages/w3up-client/src/client.js b/packages/w3up-client/src/client.js
index 096dcdbce..d0690608b 100644
--- a/packages/w3up-client/src/client.js
+++ b/packages/w3up-client/src/client.js
@@ -565,6 +565,7 @@ export class Client extends Base {
  * @param {object} [options] - Options for the content serve authorization invocation.
  * @param {`did:${string}:${string}`} [options.audience] - The Web DID of the audience (gateway or peer) to authorize.
  * @param {number} [options.expiration] - The time at which the delegation expires in seconds from unix epoch.
+ * @param {string} [options.authToken] - The auth token to use for the content serve authorization invocation.
  */
 export const authorizeContentServe = async (
   client,
@@ -582,14 +583,18 @@ export const authorizeContentServe = async (
       did: () => options.audience ?? connection.id.did(),
     }
 
-    // Grant the audience the ability to serve content from the space, it includes existing proofs automatically
-    const delegation = await client.createDelegation(
+    const delegation = await SpaceCapabilities.contentServe.delegate({
+      issuer: client.agent.issuer,
       audience,
-      [SpaceCapabilities.contentServe.can],
-      {
-        expiration: options.expiration ?? Infinity,
-      }
-    )
+      with: space.did(),
+      expiration: options.expiration ?? Infinity,
+      nb: {
+        authToken: options.authToken,
+      },
+      proofs: client.proofs([
+        { can: SpaceCapabilities.contentServe.can, with: space.did() },
+      ]),
+    })
 
     // Publish the delegation to the content serve service
     const accessProofs = client.proofs([