@abraca/dabra 1.0.24 → 1.0.25

package/dist/abracadabra-provider.esm.js

@@ -9935,17 +9935,20 @@ var AbracadabraWebRTC = class AbracadabraWebRTC extends EventEmitter {
 		const pc = this.peerConnections.get(peerId);
 		if (!pc) return;
 		const channelName = "custom";
-		let channel = pc.router.getChannel(channelName);
-		if (!channel || channel.readyState !== "open") {
-			channel = pc.router.createChannel(channelName, { ordered: true });
-			channel.onopen = () => {
-				const data = new TextEncoder().encode(payload);
-				pc.router.send(channelName, data).catch(() => {});
-			};
+		const channel = pc.router.getChannel(channelName);
+		if (channel && channel.readyState === "open") {
+			const data = new TextEncoder().encode(payload);
+			pc.router.send(channelName, data).catch(() => {});
 			return;
 		}
-		const data = new TextEncoder().encode(payload);
-		pc.router.send(channelName, data);
+		const onOpen = ({ name }) => {
+			if (name === channelName) {
+				pc.router.off("channelOpen", onOpen);
+				const data = new TextEncoder().encode(payload);
+				pc.router.send(channelName, data).catch(() => {});
+			}
+		};
+		pc.router.on("channelOpen", onOpen);
 	}
 	/**
 	* Send a custom string message to all connected peers.
@@ -10101,6 +10104,7 @@ var AbracadabraWebRTC = class AbracadabraWebRTC extends EventEmitter {
 			enableAwareness: this.config.enableAwarenessSync,
 			enableFileTransfer: this.config.enableFileTransfer
 		});
+		pc.router.createChannel("custom", { ordered: true });
 		try {
 			const sdp = await pc.createOffer();
 			this.signaling?.sendOffer(peerId, sdp);
@@ -10897,6 +10901,9 @@ var IdentityDocProvider = class extends EventEmitter {
 	get pluginsMap() {
 		return this.document.getMap("plugins");
 	}
+	get devicesMap() {
+		return this.document.getMap("devices");
+	}
 	get preferencesMap() {
 		return this.document.getMap("preferences");
 	}
@@ -11024,6 +11031,97 @@ var IdentityDocProvider = class extends EventEmitter {
 	setPreference(key, value) {
 		this.preferencesMap.set(key, value);
 	}
+	getDevice(publicKey) {
+		const entry = this.devicesMap.get(publicKey);
+		if (!entry) return void 0;
+		const servers = /* @__PURE__ */ new Map();
+		const serversYMap = entry.get("servers");
+		if (serversYMap) serversYMap.forEach((sEntry, url) => {
+			servers.set(url, {
+				registered: sEntry.get("registered") ?? false,
+				registeredAt: sEntry.get("registeredAt") ?? null,
+				keyId: sEntry.get("keyId") ?? null,
+				lastVerifiedAt: sEntry.get("lastVerifiedAt") ?? null,
+				error: sEntry.get("error") ?? null
+			});
+		});
+		return {
+			deviceName: entry.get("deviceName") ?? "Unknown",
+			tier: entry.get("tier") ?? "paired",
+			x25519Key: entry.get("x25519Key") ?? null,
+			addedAt: entry.get("addedAt") ?? 0,
+			revokedAt: entry.get("revokedAt") ?? null,
+			revokedBy: entry.get("revokedBy") ?? null,
+			servers
+		};
+	}
+	getDevices() {
+		const result = /* @__PURE__ */ new Map();
+		this.devicesMap.forEach((_entry, pubKey) => {
+			const device = this.getDevice(pubKey);
+			if (device) result.set(pubKey, device);
+		});
+		return result;
+	}
+	addDevice(publicKey, opts) {
+		this.document.transact(() => {
+			let entry = this.devicesMap.get(publicKey);
+			if (!entry) {
+				entry = new Y.Map();
+				this.devicesMap.set(publicKey, entry);
+			}
+			entry.set("deviceName", opts.deviceName);
+			entry.set("tier", opts.tier);
+			if (opts.x25519Key) entry.set("x25519Key", opts.x25519Key);
+			entry.set("addedAt", Date.now());
+			entry.set("revokedAt", null);
+			entry.set("revokedBy", null);
+			if (opts.serverUrl) {
+				let servers = entry.get("servers");
+				if (!servers) {
+					servers = new Y.Map();
+					entry.set("servers", servers);
+				}
+				const sEntry = new Y.Map();
+				sEntry.set("registered", true);
+				sEntry.set("registeredAt", Date.now());
+				sEntry.set("keyId", opts.keyId ?? null);
+				sEntry.set("lastVerifiedAt", Date.now());
+				sEntry.set("error", null);
+				servers.set(opts.serverUrl, sEntry);
+			}
+		});
+	}
+	revokeDevice(publicKey, revokedBy) {
+		const entry = this.devicesMap.get(publicKey);
+		if (!entry) return;
+		this.document.transact(() => {
+			entry.set("revokedAt", Date.now());
+			entry.set("revokedBy", revokedBy);
+		});
+	}
+	setDeviceServerStatus(devicePubKey, serverUrl, status) {
+		const entry = this.devicesMap.get(devicePubKey);
+		if (!entry) return;
+		this.document.transact(() => {
+			let servers = entry.get("servers");
+			if (!servers) {
+				servers = new Y.Map();
+				entry.set("servers", servers);
+			}
+			let sEntry = servers.get(serverUrl);
+			if (!sEntry) {
+				sEntry = new Y.Map();
+				sEntry.set("registered", false);
+				sEntry.set("registeredAt", null);
+				sEntry.set("keyId", null);
+				sEntry.set("lastVerifiedAt", null);
+				sEntry.set("error", null);
+				servers.set(serverUrl, sEntry);
+			}
+			for (const [key, value] of Object.entries(status)) if (value !== void 0) sEntry.set(key, value);
+		});
+	}
 	/**
 	* Observe deep changes on a specific top-level map.
 	* Returns an unsubscribe function.
@@ -11089,5 +11187,153 @@ var IdentityDocProvider = class extends EventEmitter {
 };
 
 //#endregion
-export { AbracadabraBaseProvider, AbracadabraClient, AbracadabraProvider, AbracadabraWS, AbracadabraWebRTC, AuthMessageType, AwarenessError, BackgroundSyncManager, BackgroundSyncPersistence, BroadcastChannelSync, CHANNEL_NAMES, ConnectionTimeout, CryptoIdentityKeystore, DEFAULT_FILE_CHUNK_SIZE, DEFAULT_ICE_SERVERS, DataChannelRouter, DevicePairingChannel, DocKeyManager, DocumentCache, E2EAbracadabraProvider, E2EEChannel, E2EOfflineStore, EncryptedYMap, EncryptedYText, FileBlobStore, FileTransferChannel, FileTransferHandle, Forbidden, HocuspocusProvider, HocuspocusProviderWebsocket, IdentityDocProvider, KEY_EXCHANGE_CHANNEL, ManualSignaling, MessageTooBig, MessageType, OfflineStore, PeerConnection, ResetConnection, SearchIndex, SignalingSocket, SubdocMessage, Unauthorized, WebSocketStatus, WsReadyStates, YjsDataChannel, attachUpdatedAtObserver, awarenessStatesToArray, decryptField, deriveIdentityDocId, encryptField, makeEncryptedYMap, makeEncryptedYText, readAuthMessage, writeAuthenticated, writeAuthentication, writePermissionDenied, writeTokenSyncRequest };
+//#region packages/provider/src/DeviceRegistrationService.ts
+/**
+* Handles cross-server device key registration and revocation propagation.
+*
+* All methods operate on the identity Y.Doc's `devicesMap` and authenticate
+* independently on each server using the master key's `signChallenge`.
+*/
+var DeviceRegistrationService = class {
+	/**
+	* Fan out a device key to all servers in `serversMap` where it isn't registered.
+	*
+	* Must be called from a master device that can sign challenges with the
+	* account-level private key.
+	*/
+	static async fanOutDeviceKey(opts) {
+		const { devicePubKey, x25519Key, deviceName, identityDoc, masterPubKey, signChallenge, skipServerUrl } = opts;
+		const servers = identityDoc.getServers();
+		const results = [];
+		if (!identityDoc.getDevice(devicePubKey)) identityDoc.addDevice(devicePubKey, {
+			deviceName: deviceName ?? "Unknown",
+			tier: "paired",
+			x25519Key
+		});
+		for (const [serverUrl] of servers) {
+			if (skipServerUrl && serverUrl === skipServerUrl) continue;
+			if ((identityDoc.getDevice(devicePubKey)?.servers.get(serverUrl))?.registered) continue;
+			try {
+				const client = new AbracadabraClient({ url: serverUrl });
+				await client.loginWithKey(masterPubKey, signChallenge);
+				await client.addKey({
+					publicKey: devicePubKey,
+					x25519Key,
+					deviceName
+				});
+				const match = (await client.listKeys()).find((k) => k.publicKey === devicePubKey && !k.revoked);
+				identityDoc.setDeviceServerStatus(devicePubKey, serverUrl, {
+					registered: true,
+					registeredAt: Date.now(),
+					keyId: match?.id ?? null,
+					lastVerifiedAt: Date.now(),
+					error: null
+				});
+				results.push({
+					serverUrl,
+					success: true
+				});
+			} catch (e) {
+				identityDoc.setDeviceServerStatus(devicePubKey, serverUrl, { error: e?.message ?? "Registration failed" });
+				results.push({
+					serverUrl,
+					success: false,
+					error: e?.message ?? "Registration failed"
+				});
+			}
+		}
+		return results;
+	}
+	/**
+	* Propagate pending revocations from the identity Y.Doc to all servers.
+	*
+	* Scans `devicesMap` for entries with `revokedAt` set and revokes them
+	* on every server where they're still registered. Must be called from
+	* a master device.
+	*/
+	static async propagateRevocations(opts) {
+		const { identityDoc, masterPubKey, signChallenge } = opts;
+		const devices = identityDoc.getDevices();
+		const results = [];
+		for (const [devicePubKey, device] of devices) {
+			if (!device.revokedAt) continue;
+			for (const [serverUrl, serverStatus] of device.servers) {
+				if (!serverStatus.registered || !serverStatus.keyId) continue;
+				try {
+					const client = new AbracadabraClient({ url: serverUrl });
+					await client.loginWithKey(masterPubKey, signChallenge);
+					await client.revokeKey(serverStatus.keyId);
+					identityDoc.setDeviceServerStatus(devicePubKey, serverUrl, {
+						registered: false,
+						error: null
+					});
+					results.push({
+						serverUrl,
+						success: true
+					});
+				} catch (e) {
+					results.push({
+						serverUrl,
+						success: false,
+						error: e?.message ?? "Revocation failed"
+					});
+				}
+			}
+		}
+		return results;
+	}
+	/**
+	* Reconcile the identity Y.Doc's `devicesMap` with a server's actual
+	* device key list. Call this on every server connection.
+	*
+	* - Updates registration status in Y.Doc to match server reality
+	* - Imports unknown server keys as legacy entries
+	* - Executes pending revocations if the caller is a master device
+	*/
+	static async reconcile(opts) {
+		const { identityDoc, serverUrl, client, isMaster } = opts;
+		let serverKeys;
+		try {
+			serverKeys = await client.listKeys();
+		} catch {
+			return;
+		}
+		const devicesMap = identityDoc.devicesMap;
+		devicesMap.forEach((yEntry, devicePub) => {
+			const serverEntry = yEntry.get("servers")?.get(serverUrl);
+			const serverKey = serverKeys.find((k) => k.publicKey === devicePub);
+			const revokedAt = yEntry.get("revokedAt");
+			if (serverEntry?.get("registered") && !serverKey) identityDoc.setDeviceServerStatus(devicePub, serverUrl, {
+				registered: false,
+				keyId: null
+			});
+			if (serverKey && !serverKey.revoked) {
+				if (!serverEntry?.get("registered")) identityDoc.setDeviceServerStatus(devicePub, serverUrl, {
+					registered: true,
+					keyId: serverKey.id,
+					lastVerifiedAt: Date.now()
+				});
+				else identityDoc.setDeviceServerStatus(devicePub, serverUrl, {
+					lastVerifiedAt: Date.now(),
+					keyId: serverKey.id
+				});
+				if (revokedAt && isMaster) client.revokeKey(serverKey.id).then(() => {
+					identityDoc.setDeviceServerStatus(devicePub, serverUrl, { registered: false });
+				}).catch(() => {});
+			}
+		});
+		for (const key of serverKeys) {
+			if (key.revoked) continue;
+			if (!devicesMap.has(key.publicKey)) identityDoc.addDevice(key.publicKey, {
+				deviceName: key.deviceName ?? "Unknown",
+				tier: "paired",
+				serverUrl,
+				keyId: key.id
+			});
+		}
+	}
+};
+
+//#endregion
+export { AbracadabraBaseProvider, AbracadabraClient, AbracadabraProvider, AbracadabraWS, AbracadabraWebRTC, AuthMessageType, AwarenessError, BackgroundSyncManager, BackgroundSyncPersistence, BroadcastChannelSync, CHANNEL_NAMES, ConnectionTimeout, CryptoIdentityKeystore, DEFAULT_FILE_CHUNK_SIZE, DEFAULT_ICE_SERVERS, DataChannelRouter, DevicePairingChannel, DeviceRegistrationService, DocKeyManager, DocumentCache, E2EAbracadabraProvider, E2EEChannel, E2EOfflineStore, EncryptedYMap, EncryptedYText, FileBlobStore, FileTransferChannel, FileTransferHandle, Forbidden, HocuspocusProvider, HocuspocusProviderWebsocket, IdentityDocProvider, KEY_EXCHANGE_CHANNEL, ManualSignaling, MessageTooBig, MessageType, OfflineStore, PeerConnection, ResetConnection, SearchIndex, SignalingSocket, SubdocMessage, Unauthorized, WebSocketStatus, WsReadyStates, YjsDataChannel, attachUpdatedAtObserver, awarenessStatesToArray, decryptField, deriveIdentityDocId, encryptField, makeEncryptedYMap, makeEncryptedYText, readAuthMessage, writeAuthenticated, writeAuthentication, writePermissionDenied, writeTokenSyncRequest };
 //# sourceMappingURL=abracadabra-provider.esm.js.map