@abraca/dabra 1.3.0 → 1.3.1

package/dist/index.d.ts

@@ -340,6 +340,28 @@ declare class AbracadabraClient {
       publicKey: string;
     };
   }>;
+  /** Request a device session token after successful crypto auth. Requires valid JWT. */
+  requestDeviceSession(opts: {
+    publicKey: string;
+    deviceName?: string;
+  }): Promise<{
+    sessionId: string;
+    sessionToken: string;
+    expiresAt: number;
+  }>;
+  /** Exchange a device session token for a fresh JWT. No biometric/passkey needed. */
+  refreshWithDeviceSession(sessionToken: string): Promise<string>;
+  /** List active device sessions for the authenticated user. */
+  listDeviceSessions(): Promise<Array<{
+    id: string;
+    keyId: string;
+    deviceName?: string;
+    issuedAt: number;
+    expiresAt: number;
+    lastUsedAt?: number;
+  }>>;
+  /** Revoke a device session by ID. */
+  revokeDeviceSession(sessionId: string): Promise<void>;
   /**
    * Fetch a short-lived anonymous pairing token for WebRTC signaling.
    * No authentication required. The token only grants access to `__pairing_*` rooms.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@abraca/dabra",
-  "version": "1.3.0",
+  "version": "1.3.1",
   "description": "abracadabra provider",
   "keywords": [
     "abracadabra",

package/src/AbracadabraClient.ts

@@ -227,6 +227,43 @@ export class AbracadabraClient {
 		});
 	}
 
+	// ── Device Sessions ────────────────────────────────────────────────────
+
+	/** Request a device session token after successful crypto auth. Requires valid JWT. */
+	async requestDeviceSession(opts: {
+		publicKey: string;
+		deviceName?: string;
+	}): Promise<{ sessionId: string; sessionToken: string; expiresAt: number }> {
+		return this.request("POST", "/auth/device-session", {
+			body: { publicKey: opts.publicKey, deviceName: opts.deviceName },
+		});
+	}
+
+	/** Exchange a device session token for a fresh JWT. No biometric/passkey needed. */
+	async refreshWithDeviceSession(sessionToken: string): Promise<string> {
+		const res = await this.request<{ token: string }>("POST", "/auth/refresh", {
+			body: { sessionToken },
+			auth: false,
+		});
+		this.token = res.token;
+		return res.token;
+	}
+
+	/** List active device sessions for the authenticated user. */
+	async listDeviceSessions(): Promise<
+		Array<{ id: string; keyId: string; deviceName?: string; issuedAt: number; expiresAt: number; lastUsedAt?: number }>
+	> {
+		const res = await this.request<{
+			sessions: Array<{ id: string; keyId: string; deviceName?: string; issuedAt: number; expiresAt: number; lastUsedAt?: number }>;
+		}>("GET", "/auth/device-session");
+		return res.sessions;
+	}
+
+	/** Revoke a device session by ID. */
+	async revokeDeviceSession(sessionId: string): Promise<void> {
+		await this.request("DELETE", `/auth/device-session/${encodeURIComponent(sessionId)}`);
+	}
+
 	// ── Pairing ─────────────────────────────────────────────────────────────
 
 	/**

package/src/webrtc/AbracadabraWebRTC.ts

@@ -288,6 +288,9 @@ export class AbracadabraWebRTC extends EventEmitter {
 			this.signaling = null;
 		}
 
+		this._resolvedE2ee = null;
+		this._resolveE2eePromise = null;
+
 		this.removeAllListeners();
 	}
 
@@ -493,55 +496,74 @@ export class AbracadabraWebRTC extends EventEmitter {
 	}
 
 	private attachDataHandlers(peerId: string, pc: PeerConnection): void {
-		// Set up E2EE if configured.
-		if (this.config.e2ee) {
-			// Resolve E2EE identity (may be lazy — e.g. passkey-derived X25519 key).
-			this.resolveE2ee().then((identity) => {
-				if (!identity) {
-					this.startDataSync(peerId, pc);
-					return;
-				}
-				const e2ee = new E2EEChannel(identity, this.config.docId);
-				this.e2eeChannels.set(peerId, e2ee);
-				pc.router.setEncryptor(e2ee);
-
-				// Listen for key-exchange messages on the router.
-				pc.router.on("channelMessage", async ({ name, data }: { name: string; data: any }) => {
-					if (name === KEY_EXCHANGE_CHANNEL) {
-						try {
-							const buf = data instanceof ArrayBuffer ? new Uint8Array(data) : data;
-							await e2ee.handleKeyExchange(buf);
-						} catch (err) {
-							this.emit("e2eeFailed", { peerId, error: err });
-						}
-					}
-				});
+		if (!this.config.e2ee) {
+			this.startDataSync(peerId, pc);
+			return;
+		}
 
-				// When key-exchange channel opens, send our public key.
-				pc.router.on("channelOpen", ({ name, channel }: { name: string; channel: RTCDataChannel }) => {
-					if (name === KEY_EXCHANGE_CHANNEL) {
-						channel.send(e2ee.getKeyExchangeMessage());
-					}
-				});
+		// E2EE identity may resolve asynchronously (e.g. lazy passkey-derived key).
+		// Register handlers synchronously so no messages are lost during resolution.
+		let e2ee: E2EEChannel | null = null;
+		const pendingMessages: Uint8Array[] = [];
+		let pendingKeyExchangeChannel: RTCDataChannel | null = null;
+
+		pc.router.on("channelMessage", async ({ name, data }: { name: string; data: any }) => {
+			if (name !== KEY_EXCHANGE_CHANNEL) return;
+			const buf = data instanceof ArrayBuffer ? new Uint8Array(data) : data;
+			if (!e2ee) {
+				pendingMessages.push(buf);
+				return;
+			}
+			try {
+				await e2ee.handleKeyExchange(buf);
+			} catch (err) {
+				this.emit("e2eeFailed", { peerId, error: err });
+			}
+		});
 
-				e2ee.on("established", () => {
-					this.emit("e2eeEstablished", { peerId });
-					// Now that E2EE is ready, start Y.js sync (deferred).
-					this.startDataSync(peerId, pc);
-				});
+		pc.router.on("channelOpen", ({ name, channel }: { name: string; channel: RTCDataChannel }) => {
+			if (name !== KEY_EXCHANGE_CHANNEL) return;
+			if (!e2ee) {
+				pendingKeyExchangeChannel = channel;
+				return;
+			}
+			channel.send(e2ee.getKeyExchangeMessage());
+		});
+
+		this.resolveE2ee().then(async (identity) => {
+			if (!identity) {
+				this.startDataSync(peerId, pc);
+				return;
+			}
+			e2ee = new E2EEChannel(identity, this.config.docId);
+			this.e2eeChannels.set(peerId, e2ee);
+			pc.router.setEncryptor(e2ee);
 
-				e2ee.on("error", (err: Error) => {
+			// Drain buffered key-exchange channel open
+			if (pendingKeyExchangeChannel) {
+				pendingKeyExchangeChannel.send(e2ee.getKeyExchangeMessage());
+			}
+			// Drain buffered messages
+			for (const msg of pendingMessages) {
+				try {
+					await e2ee.handleKeyExchange(msg);
+				} catch (err) {
 					this.emit("e2eeFailed", { peerId, error: err });
-				});
-			}).catch((err) => {
-				this.emit("e2eeFailed", { peerId, error: err });
-				// Fall back to unencrypted sync on E2EE resolution failure.
+				}
+			}
+
+			e2ee.on("established", () => {
+				this.emit("e2eeEstablished", { peerId });
 				this.startDataSync(peerId, pc);
 			});
-		} else {
-			// No E2EE — start data sync immediately.
+
+			e2ee.on("error", (err: Error) => {
+				this.emit("e2eeFailed", { peerId, error: err });
+			});
+		}).catch((err) => {
+			this.emit("e2eeFailed", { peerId, error: err });
 			this.startDataSync(peerId, pc);
-		}
+		});
 	}
 
 	private startDataSync(peerId: string, pc: PeerConnection): void {