IPFS metadata storage

[wildmolasses]

This PR resolves #67

Important note: This PR uses a trick to accomplish the metaPtr resolution. Instead of resolving the metaPtr directly, it splits the URL, takes the CID, and resolves that with our fleek ipfs connection instance. Even if a metaPtr specified the cloudflare gateway, it would still use fleek to resolve. If a metaPtr did not have a CID in the last position of the URL, the fetch would completely fail.

The metadata fetching isn't robust. If the fetch fails, the metadata status will be 'error' and it will not reattempt a fetch.

There are no UI states yet corresponding to the metadata fetch status states of "pending", "resolved", "error"

[apbendi]

Great start @wildmolasses! Before making any changes to the frontend, be sure to rebase to main

[thelostone-mc]

left a couple of comments

[thelostone-mc]

^ would it be worth adding comments to the functions on

• what it does
• what are the arguments

It would be useful if we decide to add in auto doc generation

[mds1]

Agreed, more comments would be useful!

Re docgen, personally I have not been using NatSpec everywhere, so we'll need some comments cleanup before we do docgen, but you're right that is probably best practice going forward

[thelostone-mc]

Just double checking -> it looks like a grant can have multiple metadata but we want only the which as status as pending ?
not super clear on what we are doing here

[wildmolasses]

i'll try to add some comments!

[thelostone-mc]

I'd recommend moving this to utils package

[mds1]

I think we should hold off on this for now per #114.

Though it also feels like this function is simple enough that it can be removed which might even be more readable (e.g. people know what Boolean() or !! does, but would have to look up what isDefined does

[wildmolasses]

i'm using it for form validation; would Boolean() work just as well? I like how "isDefined" makes things a little more explicit but could defer to you guys!

[mds1]

Should we define a local Form type, since I imagine we'll be adding more fields later too?

[wildmolasses]

If it's only used once I don't think it's necessary, but would defer to you guys

[mds1]

Just curious why you use a .then instead of

Suggested change

	const metaPtr = await ipfs
	.createGrant({ name, description })
	.then((cid) => ipfs.createMetaPtr({ cid: cid.toString() }));
	const cid = await ipfs.createGrant({ name, description })
	const metaPtr = await ipfs.createMetaPtr({ cid: cid.toString() }));

[wildmolasses]

my general rule is that if something is used once there's no reason to declare it, i.e. since we don't use cid elsewhere there's no reason to declare it. i break this sometimes for readability's sake, but then clauses are pretty readable to me. Thoughts?

[apbendi]

Overall looking and working great, @wildmolasses. Nice job getting this going.

My only comment is on the way we're processing the metaPtr URI. Instead of hacking off the CID from the end— and assuming it's there in the first place— I think we should just have a whitelisted set of endpoints from which the app will fetch content from. This should be separate from the concern of whether the endpoint is an IPFS gateway or not.

In other words, we should have a hardcoded list of valid endpoints, which can include just https://ipfs-api.dev.fleek.cool for now (or also https://cloudflare-ipfs.com if we want) and when the metaPtr has a url at one of those endpoints, we should fetch the contents. If it doesn't, it shouldn't fetch, and should probably have an error message like "Unsupported source for grant metadata" or something like that.

Curious to hear what others think of this approach cc @thelostone-mc @mds1 @gdixon

[wildmolasses]

Overall looking and working great, @wildmolasses. Nice job getting this going.

My only comment is on the way we're processing the metaPtr URI. Instead of hacking off the CID from the end— and assuming it's there in the first place— I think we should just have a whitelisted set of endpoints from which the app will fetch content from. This should be separate from the concern of whether the endpoint is an IPFS gateway or not.

In other words, we should have a hardcoded list of valid endpoints, which can include just https://ipfs-api.dev.fleek.cool for now (or also https://cloudflare-ipfs.com if we want) and when the metaPtr has a url at one of those endpoints, we should fetch the contents. If it doesn't, it shouldn't fetch, and should probably have an error message like "Unsupported source for grant metadata" or something like that.

Curious to hear what others think of this approach cc @thelostone-mc @mds1 @gdixon

In principle I know that's correct, however different endpoints have different auth models -- well, really, fleek is the one where we need an api key in order to fetch. So if we're going to use the fleek endpoint as our metaPtr, do we want to write conditional logic where if the metaPtr is fleek (which is currently the case for any grant created by this app) then use an api key, and otherwise proceed without auth token? it starts to feel a little weird, but maybe this is acceptable.

[apbendi]

In principle I know that's correct, however different endpoints have different auth models -- well, really, fleek is the one where we need an api key in order to fetch. So if we're going to use the fleek endpoint as our metaPtr, do we want to write conditional logic where if the metaPtr is fleek (which is currently the case for any grant created by this app) then use an api key, and otherwise proceed without auth token? it starts to feel a little weird, but maybe this is acceptable.

Per our discussion offline, I think the right approach here is to use keep metaptr fetching dumb, so an http endpoint that requires an API key should not be used. For the immediate term, we can use a whitelisted cloudflare (or another open IPFS gateway) as the metaPtr URL, therefore allowing us to fetch without any authentication.