npm - @abraca/dabra - Versions diffs - 2.20.0 → 2.22.0 - Mend

@abraca/dabra 2.20.0 → 2.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/abracadabra-provider.cjs +45 -13
package/dist/abracadabra-provider.cjs.map +1 -1
package/dist/abracadabra-provider.esm.js +45 -13
package/dist/abracadabra-provider.esm.js.map +1 -1
package/dist/index.d.ts +14 -4
package/package.json +2 -2
package/src/AbracadabraBaseProvider.ts +11 -2
package/src/AbracadabraClient.ts +35 -3
package/src/AbracadabraProvider.ts +7 -1
package/src/BackgroundSyncManager.ts +6 -4
package/src/DocKeyManager.ts +7 -2
package/src/OfflineStore.ts +6 -3
package/src/TokenManager.ts +9 -1

package/dist/abracadabra-provider.cjs CHANGED Viewed

@@ -2801,8 +2801,8 @@ var AbracadabraBaseProvider = class extends EventEmitter {
 		this.configuration.websocketProvider.on("destroy", this.configuration.onDestroy);
 		this.configuration.websocketProvider.on("destroy", this.forwardDestroy);
 		this.configuration.websocketProvider.on("rateLimited", this.forwardRateLimited);
-		this.configuration.websocketProvider.attach(this);
 		this._isAttached = true;
+		this.configuration.websocketProvider.attach(this);
 	}
 	permissionDeniedHandler(reason) {
 		this.emit("authenticationFailed", { reason });
@@ -2854,9 +2854,12 @@ function txPromise$2(store, request) {
 var OfflineStore = class {
 	/**
 	* @param docId       The document UUID.
-	* @param serverOrigin  Hostname of the server (e.g. "abra.cou.sh").
-	*                    When provided the IndexedDB database is namespaced
-	*                    per-server, preventing cross-server data contamination.
+	* @param serverOrigin  Host of the server, including a non-default port
+	*                    (e.g. "abra.cou.sh", "localhost:3001"). When provided
+	*                    the IndexedDB database is namespaced per-server,
+	*                    preventing cross-server data contamination — the port
+	*                    matters because two same-host servers sharing the
+	*                    default root_doc_id would otherwise collide.
 	*/
 	constructor(docId, serverOrigin) {
 		this.db = null;
@@ -3094,7 +3097,7 @@ var AbracadabraProvider = class AbracadabraProvider extends AbracadabraBaseProvi
 	static deriveServerOrigin(config, client) {
 		try {
 			const url = config.url ?? config.websocketProvider?.url ?? client?.wsUrl;
-			if (url) return new URL(url).hostname;
+			if (url) return new URL(url).host;
 		} catch {}
 	}
 	/**
@@ -10512,6 +10515,20 @@ var IdentityDocProvider = class extends EventEmitter {
 function fromBase64$3(b64) {
 	return Uint8Array.from(atob(b64), (c) => c.charCodeAt(0));
 }
+/**
+* Decode a base64url-encoded string (e.g. a JWT header/payload segment) to
+* UTF-8 text. `atob` only accepts standard base64, so we translate the
+* url-safe alphabet (`-`/`_`) and re-pad before decoding — otherwise a
+* perfectly valid token whose payload happens to contain `-` or `_` throws
+* and gets misclassified as invalid/expired.
+*/
+function decodeBase64UrlToString(b64url) {
+	let b64 = b64url.replace(/-/g, "+").replace(/_/g, "/");
+	const pad = b64.length % 4;
+	if (pad) b64 += "=".repeat(4 - pad);
+	const bytes = Uint8Array.from(atob(b64), (c) => c.charCodeAt(0));
+	return new TextDecoder().decode(bytes);
+}
 var AbracadabraClient = class {
 	constructor(config) {
 		this.rootListInflight = /* @__PURE__ */ new Map();
@@ -10539,7 +10556,7 @@ var AbracadabraClient = class {
 		if (!this._token) return false;
 		try {
 			const [, payload] = this._token.split(".");
-			const { exp } = JSON.parse(atob(payload));
+			const { exp } = JSON.parse(decodeBase64UrlToString(payload));
 			return typeof exp === "number" && exp * 1e3 > Date.now();
 		} catch {
 			return false;
@@ -10629,9 +10646,17 @@ var AbracadabraClient = class {
 	async renameKey(keyId, deviceName) {
 		await this.request("PATCH", `/auth/keys/${encodeURIComponent(keyId)}`, { body: { deviceName } });
 	}
-	/** Revoke a public key by its ID. */
+	/**
+	* Revoke a public key by its ID. The server treats this as a panic
+	* action: every outstanding JWT for the account is invalidated (a stolen
+	* device's token must die immediately, and tokens carry no per-key
+	* claim), and a fresh token for THIS session is returned and adopted
+	* automatically — so the device performing the revocation stays
+	* authenticated while every other device silently re-auths.
+	*/
 	async revokeKey(keyId) {
-		await this.request("DELETE", `/auth/keys/${encodeURIComponent(keyId)}`);
+		const res = await this.request("DELETE", `/auth/keys/${encodeURIComponent(keyId)}`);
+		if (res && typeof res === "object" && typeof res.token === "string") this.token = res.token;
 	}
 	/** Create a single-use device invite code for pairing a new device to this account. */
 	async createDeviceInvite(opts) {
@@ -11761,7 +11786,11 @@ var TokenManager = class extends EventEmitter {
 		try {
 			const [, payload] = jwt.split(".");
 			if (!payload) return null;
-			const { exp } = JSON.parse(atob(payload));
+			let b64 = payload.replace(/-/g, "+").replace(/_/g, "/");
+			const pad = b64.length % 4;
+			if (pad) b64 += "=".repeat(4 - pad);
+			const json = new TextDecoder().decode(Uint8Array.from(atob(b64), (c) => c.charCodeAt(0)));
+			const { exp } = JSON.parse(json);
 			return typeof exp === "number" ? exp : null;
 		} catch {
 			return null;
@@ -15241,7 +15270,10 @@ var FileBlobStore = class FileBlobStore extends EventEmitter {
 */
 const HKDF_INFO = new TextEncoder().encode("abracadabra-dockey-v1");
 function fromBase64$2(b64) {
-	return Uint8Array.from(atob(b64), (c) => c.charCodeAt(0));
+	let normalized = b64.replace(/-/g, "+").replace(/_/g, "/");
+	const pad = normalized.length % 4;
+	if (pad) normalized += "=".repeat(4 - pad);
+	return Uint8Array.from(atob(normalized), (c) => c.charCodeAt(0));
 }
 var DocKeyManager = class DocKeyManager {
 	constructor() {
@@ -15298,7 +15330,7 @@ var DocKeyManager = class DocKeyManager {
 				if (me.publicKey) {
 					const primaryKey = (await client.listUserKeys(me.id))[0];
 					if (primaryKey?.x25519Key) {
-						const x25519Pub = fromBase64$2(primaryKey.x25519Key.replace(/-/g, "+").replace(/_/g, "/"));
+						const x25519Pub = fromBase64$2(primaryKey.x25519Key);
 						const rewrapped = await this.wrapKeyForRecipient(docKey, x25519Pub, docId);
 						const b64 = (() => {
 							let s = "";
@@ -16146,7 +16178,7 @@ var BackgroundSyncManager = class extends EventEmitter {
 		};
 		let serverOrigin = "default";
 		try {
-			serverOrigin = new URL(client.baseUrl ?? "").hostname;
+			serverOrigin = new URL(client.baseUrl ?? "").host;
 		} catch {}
 		this.persistence = new BackgroundSyncPersistence(serverOrigin);
 		this.semaphore = new Semaphore(this.opts.concurrency);
@@ -16293,7 +16325,7 @@ var BackgroundSyncManager = class extends EventEmitter {
 		for (const docId of treeMap.keys()) docIds.add(docId);
 		let serverOrigin;
 		try {
-			serverOrigin = new URL(this.client.baseUrl ?? "").hostname;
+			serverOrigin = new URL(this.client.baseUrl ?? "").host;
 		} catch {}
 		const clearPromises = Array.from(docIds).map(async (docId) => {
 			try {