@abraca/dabra 1.0.20 → 1.0.21

package/dist/abracadabra-provider.esm.js

@@ -3198,10 +3198,30 @@ var AbracadabraClient = class {
 	async listKeys() {
 		return (await this.request("GET", "/auth/keys")).keys;
 	}
+	/** Rename a registered device key. */
+	async renameKey(keyId, deviceName) {
+		await this.request("PATCH", `/auth/keys/${encodeURIComponent(keyId)}`, { body: { deviceName } });
+	}
 	/** Revoke a public key by its ID. */
 	async revokeKey(keyId) {
 		await this.request("DELETE", `/auth/keys/${encodeURIComponent(keyId)}`);
 	}
+	/** Create a single-use device invite code for pairing a new device to this account. */
+	async createDeviceInvite(opts) {
+		return this.request("POST", "/auth/device-invite", { body: opts?.expiresIn != null ? { expiresIn: opts.expiresIn } : {} });
+	}
+	/** Redeem a device invite code to register a new device key. Returns a JWT token. */
+	async redeemDeviceInvite(opts) {
+		return this.request("POST", "/auth/device-redeem", {
+			body: {
+				code: opts.code,
+				publicKey: opts.publicKey,
+				x25519Key: opts.x25519Key,
+				deviceName: opts.deviceName
+			},
+			auth: false
+		});
+	}
 	/** Get encryption info for a document. */
 	async getDocEncryption(docId) {
 		return this.request("GET", `/docs/${encodeURIComponent(docId)}/encryption`);
@@ -9897,19 +9917,23 @@ var AbracadabraWebRTC = class AbracadabraWebRTC extends EventEmitter {
 	}
 	/**
 	* Send a custom string message to a specific peer via a data channel.
+	* When E2EE is active, the message is encrypted through the router.
 	*/
 	sendCustomMessage(peerId, payload) {
 		const pc = this.peerConnections.get(peerId);
 		if (!pc) return;
-		let channel = pc.router.getChannel("custom");
+		const channelName = "custom";
+		let channel = pc.router.getChannel(channelName);
 		if (!channel || channel.readyState !== "open") {
-			channel = pc.router.createChannel("custom", { ordered: true });
+			channel = pc.router.createChannel(channelName, { ordered: true });
 			channel.onopen = () => {
-				channel.send(payload);
+				const data = new TextEncoder().encode(payload);
+				pc.router.send(channelName, data);
 			};
 			return;
 		}
-		channel.send(payload);
+		const data = new TextEncoder().encode(payload);
+		pc.router.send(channelName, data);
 	}
 	/**
 	* Send a custom string message to all connected peers.
@@ -10256,6 +10280,270 @@ var ManualSignaling = class extends EventEmitter {
 	}
 };
 
+//#endregion
+//#region packages/provider/src/webrtc/DevicePairingChannel.ts
+/**
+* DevicePairingChannel
+*
+* Enables cross-device identity pairing over an E2EE WebRTC data channel.
+* Device A (approver) creates a pairing session with a short code. Device B
+* (requester) joins with the code. After E2EE is established, Device B sends
+* its public key and Device A registers it via `addKey()`.
+*
+* Reuses the existing WebRTC stack: SignalingSocket, PeerConnection,
+* DataChannelRouter, and E2EEChannel (X25519 ECDH + AES-256-GCM).
+*/
+/** Ambiguity-free charset (no 0/O/1/I). */
+const CODE_CHARSET = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789";
+const CODE_LENGTH = 6;
+const PAIRING_TIMEOUT_MS = 300 * 1e3;
+function generatePairingCode() {
+	const bytes = crypto.getRandomValues(new Uint8Array(CODE_LENGTH));
+	return Array.from(bytes).map((b) => CODE_CHARSET[b % 32]).join("");
+}
+function codeToRoomId(code) {
+	const hash = sha256(new TextEncoder().encode(code.toUpperCase()));
+	return `__pairing_${Array.from(hash.slice(0, 8)).map((b) => b.toString(16).padStart(2, "0")).join("")}`;
+}
+var DevicePairingChannel = class DevicePairingChannel extends EventEmitter {
+	constructor(role, pairingCode, config) {
+		super();
+		this.config = config;
+		this.webrtc = null;
+		this.timeoutHandle = null;
+		this._destroyed = false;
+		this._pendingRequest = null;
+		this._connectedPeerId = null;
+		this.role = role;
+		this.pairingCode = pairingCode;
+	}
+	/**
+	* Create an approver session (Device A). Returns the channel and a
+	* 6-character pairing code to share with Device B.
+	*/
+	static createApprover(config) {
+		const code = generatePairingCode();
+		const channel = new DevicePairingChannel("approver", code, config);
+		channel.start();
+		return {
+			channel,
+			pairingCode: code
+		};
+	}
+	/**
+	* Create a requester session (Device B). Joins with a pairing code
+	* obtained from Device A.
+	*/
+	static createRequester(config, pairingCode) {
+		const channel = new DevicePairingChannel("requester", pairingCode.toUpperCase().replace(/[^A-Z2-9]/g, ""), config);
+		channel.start();
+		return channel;
+	}
+	/**
+	* Approve the pending pairing request. Calls `client.addKey()` to
+	* register Device B's public key, then notifies Device B.
+	*/
+	async approve(client) {
+		if (this.role !== "approver") return {
+			success: false,
+			error: "Only the approver can approve"
+		};
+		if (!this._pendingRequest) return {
+			success: false,
+			error: "No pending pairing request"
+		};
+		if (!this._connectedPeerId) return {
+			success: false,
+			error: "Peer not connected"
+		};
+		const req = this._pendingRequest;
+		try {
+			await client.addKey({
+				publicKey: req.publicKey,
+				deviceName: req.deviceName,
+				x25519Key: req.x25519Key
+			});
+			this.sendMessage({ type: "pair-approved" });
+			this._pendingRequest = null;
+			this.emit("pairingComplete", { success: true });
+			return { success: true };
+		} catch (err) {
+			const error = err?.message ?? "Failed to register device key";
+			this.sendMessage({
+				type: "pair-rejected",
+				reason: error
+			});
+			this._pendingRequest = null;
+			const result = {
+				success: false,
+				error
+			};
+			this.emit("pairingComplete", result);
+			return result;
+		}
+	}
+	/**
+	* Approve via server-side device invite. Creates a single-use invite code
+	* and sends it to Device B over the E2EE channel. Device B redeems it
+	* independently via HTTP — Device A can go offline after this.
+	*/
+	async approveWithInvite(client) {
+		if (this.role !== "approver") return {
+			success: false,
+			error: "Only the approver can approve"
+		};
+		if (!this._pendingRequest) return {
+			success: false,
+			error: "No pending pairing request"
+		};
+		if (!this._connectedPeerId) return {
+			success: false,
+			error: "Peer not connected"
+		};
+		try {
+			const { code } = await client.createDeviceInvite();
+			this.sendMessage({
+				type: "pair-invite-code",
+				code
+			});
+			this._pendingRequest = null;
+			this.emit("pairingComplete", { success: true });
+			return { success: true };
+		} catch (err) {
+			const error = err?.message ?? "Failed to create device invite";
+			this.sendMessage({
+				type: "pair-rejected",
+				reason: error
+			});
+			this._pendingRequest = null;
+			const result = {
+				success: false,
+				error
+			};
+			this.emit("pairingComplete", result);
+			return result;
+		}
+	}
+	/**
+	* Reject the pending pairing request.
+	*/
+	reject(reason = "Rejected by user") {
+		if (this.role !== "approver" || !this._pendingRequest) return;
+		this.sendMessage({
+			type: "pair-rejected",
+			reason
+		});
+		this._pendingRequest = null;
+		this.emit("pairingComplete", {
+			success: false,
+			error: reason
+		});
+	}
+	/**
+	* Send a pairing request to Device A. Call this after the "connected"
+	* event fires.
+	*/
+	requestPairing(request) {
+		if (this.role !== "requester") return;
+		this.sendMessage({
+			type: "pair-request",
+			publicKey: request.publicKey,
+			x25519Key: request.x25519Key,
+			deviceName: request.deviceName
+		});
+	}
+	get isDestroyed() {
+		return this._destroyed;
+	}
+	destroy() {
+		if (this._destroyed) return;
+		this._destroyed = true;
+		if (this.timeoutHandle) {
+			clearTimeout(this.timeoutHandle);
+			this.timeoutHandle = null;
+		}
+		if (this.webrtc) {
+			this.webrtc.destroy();
+			this.webrtc = null;
+		}
+		this.removeAllListeners();
+	}
+	start() {
+		this.webrtc = new AbracadabraWebRTC({
+			docId: codeToRoomId(this.pairingCode),
+			url: this.config.serverUrl,
+			token: this.config.token,
+			iceServers: this.config.iceServers,
+			e2ee: this.config.e2ee,
+			enableDocSync: false,
+			enableAwarenessSync: false,
+			enableFileTransfer: false,
+			autoConnect: false,
+			WebSocketPolyfill: this.config.WebSocketPolyfill
+		});
+		this.webrtc.on("e2eeEstablished", ({ peerId }) => {
+			this._connectedPeerId = peerId;
+			this.emit("connected");
+		});
+		this.webrtc.on("customMessage", ({ peerId, payload }) => {
+			this.handleMessage(peerId, payload);
+		});
+		this.webrtc.on("peerLeft", () => {
+			if (!this._destroyed) this.emit("error", /* @__PURE__ */ new Error("Peer disconnected"));
+		});
+		this.webrtc.on("signalingError", (err) => {
+			this.emit("error", /* @__PURE__ */ new Error(`Signaling: ${err.message}`));
+		});
+		this.timeoutHandle = setTimeout(() => {
+			if (!this._destroyed) {
+				this.emit("error", /* @__PURE__ */ new Error("Pairing timed out"));
+				this.destroy();
+			}
+		}, PAIRING_TIMEOUT_MS);
+		this.webrtc.connect();
+	}
+	sendMessage(msg) {
+		if (!this.webrtc || !this._connectedPeerId) return;
+		this.webrtc.sendCustomMessage(this._connectedPeerId, JSON.stringify(msg));
+	}
+	handleMessage(peerId, payload) {
+		let msg;
+		try {
+			msg = JSON.parse(payload);
+		} catch {
+			return;
+		}
+		switch (msg.type) {
+			case "pair-request":
+				if (this.role !== "approver") return;
+				this._pendingRequest = {
+					publicKey: msg.publicKey,
+					x25519Key: msg.x25519Key,
+					deviceName: msg.deviceName
+				};
+				this.emit("pairingRequest", this._pendingRequest);
+				break;
+			case "pair-approved":
+				if (this.role !== "requester") return;
+				this.emit("approved");
+				this.emit("pairingComplete", { success: true });
+				break;
+			case "pair-rejected":
+				if (this.role !== "requester") return;
+				this.emit("rejected", msg.reason);
+				this.emit("pairingComplete", {
+					success: false,
+					error: msg.reason
+				});
+				break;
+			case "pair-invite-code":
+				if (this.role !== "requester") return;
+				this.emit("inviteCode", msg.code);
+				break;
+		}
+	}
+};
+
 //#endregion
 //#region packages/provider/src/sync/BroadcastChannelSync.ts
 /**
@@ -10408,5 +10696,5 @@ var BroadcastChannelSync = class BroadcastChannelSync extends EventEmitter {
 };
 
 //#endregion
-export { AbracadabraBaseProvider, AbracadabraClient, AbracadabraProvider, AbracadabraWS, AbracadabraWebRTC, AuthMessageType, AwarenessError, BackgroundSyncManager, BackgroundSyncPersistence, BroadcastChannelSync, CHANNEL_NAMES, ConnectionTimeout, CryptoIdentityKeystore, DEFAULT_FILE_CHUNK_SIZE, DEFAULT_ICE_SERVERS, DataChannelRouter, DocKeyManager, DocumentCache, E2EAbracadabraProvider, E2EEChannel, E2EOfflineStore, EncryptedYMap, EncryptedYText, FileBlobStore, FileTransferChannel, FileTransferHandle, Forbidden, HocuspocusProvider, HocuspocusProviderWebsocket, KEY_EXCHANGE_CHANNEL, ManualSignaling, MessageTooBig, MessageType, OfflineStore, PeerConnection, ResetConnection, SearchIndex, SignalingSocket, SubdocMessage, Unauthorized, WebSocketStatus, WsReadyStates, YjsDataChannel, attachUpdatedAtObserver, awarenessStatesToArray, decryptField, encryptField, makeEncryptedYMap, makeEncryptedYText, readAuthMessage, writeAuthenticated, writeAuthentication, writePermissionDenied, writeTokenSyncRequest };
+export { AbracadabraBaseProvider, AbracadabraClient, AbracadabraProvider, AbracadabraWS, AbracadabraWebRTC, AuthMessageType, AwarenessError, BackgroundSyncManager, BackgroundSyncPersistence, BroadcastChannelSync, CHANNEL_NAMES, ConnectionTimeout, CryptoIdentityKeystore, DEFAULT_FILE_CHUNK_SIZE, DEFAULT_ICE_SERVERS, DataChannelRouter, DevicePairingChannel, DocKeyManager, DocumentCache, E2EAbracadabraProvider, E2EEChannel, E2EOfflineStore, EncryptedYMap, EncryptedYText, FileBlobStore, FileTransferChannel, FileTransferHandle, Forbidden, HocuspocusProvider, HocuspocusProviderWebsocket, KEY_EXCHANGE_CHANNEL, ManualSignaling, MessageTooBig, MessageType, OfflineStore, PeerConnection, ResetConnection, SearchIndex, SignalingSocket, SubdocMessage, Unauthorized, WebSocketStatus, WsReadyStates, YjsDataChannel, attachUpdatedAtObserver, awarenessStatesToArray, decryptField, encryptField, makeEncryptedYMap, makeEncryptedYText, readAuthMessage, writeAuthenticated, writeAuthentication, writePermissionDenied, writeTokenSyncRequest };
 //# sourceMappingURL=abracadabra-provider.esm.js.map