npm - @agentunion/fastaun-browser - Versions diffs - 0.2.13 - Mend

@agentunion/fastaun-browser 0.2.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (82) hide show

package/README.md +604 -0
package/dist/auth.d.ts +150 -0
package/dist/auth.d.ts.map +1 -0
package/dist/auth.js +1388 -0
package/dist/auth.js.map +1 -0
package/dist/certs/root.d.ts +2 -0
package/dist/certs/root.d.ts.map +1 -0
package/dist/certs/root.js +16 -0
package/dist/certs/root.js.map +1 -0
package/dist/client.d.ts +341 -0
package/dist/client.d.ts.map +1 -0
package/dist/client.js +4061 -0
package/dist/client.js.map +1 -0
package/dist/config.d.ts +37 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +85 -0
package/dist/config.js.map +1 -0
package/dist/crypto.d.ts +41 -0
package/dist/crypto.d.ts.map +1 -0
package/dist/crypto.js +132 -0
package/dist/crypto.js.map +1 -0
package/dist/discovery.d.ts +20 -0
package/dist/discovery.d.ts.map +1 -0
package/dist/discovery.js +75 -0
package/dist/discovery.js.map +1 -0
package/dist/e2ee-group.d.ts +221 -0
package/dist/e2ee-group.d.ts.map +1 -0
package/dist/e2ee-group.js +1174 -0
package/dist/e2ee-group.js.map +1 -0
package/dist/e2ee.d.ts +187 -0
package/dist/e2ee.d.ts.map +1 -0
package/dist/e2ee.js +1067 -0
package/dist/e2ee.js.map +1 -0
package/dist/errors.d.ts +118 -0
package/dist/errors.d.ts.map +1 -0
package/dist/errors.js +250 -0
package/dist/errors.js.map +1 -0
package/dist/events.d.ts +33 -0
package/dist/events.d.ts.map +1 -0
package/dist/events.js +68 -0
package/dist/events.js.map +1 -0
package/dist/index.d.ts +22 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +32 -0
package/dist/index.js.map +1 -0
package/dist/keystore/index.d.ts +88 -0
package/dist/keystore/index.d.ts.map +1 -0
package/dist/keystore/index.js +3 -0
package/dist/keystore/index.js.map +1 -0
package/dist/keystore/indexeddb.d.ts +94 -0
package/dist/keystore/indexeddb.d.ts.map +1 -0
package/dist/keystore/indexeddb.js +1434 -0
package/dist/keystore/indexeddb.js.map +1 -0
package/dist/namespaces/auth.d.ts +52 -0
package/dist/namespaces/auth.d.ts.map +1 -0
package/dist/namespaces/auth.js +237 -0
package/dist/namespaces/auth.js.map +1 -0
package/dist/namespaces/custody.d.ts +48 -0
package/dist/namespaces/custody.d.ts.map +1 -0
package/dist/namespaces/custody.js +230 -0
package/dist/namespaces/custody.js.map +1 -0
package/dist/secret-store/index.d.ts +20 -0
package/dist/secret-store/index.d.ts.map +1 -0
package/dist/secret-store/index.js +12 -0
package/dist/secret-store/index.js.map +1 -0
package/dist/secret-store/indexeddb-store.d.ts +22 -0
package/dist/secret-store/indexeddb-store.d.ts.map +1 -0
package/dist/secret-store/indexeddb-store.js +133 -0
package/dist/secret-store/indexeddb-store.js.map +1 -0
package/dist/seq-tracker.d.ts +30 -0
package/dist/seq-tracker.d.ts.map +1 -0
package/dist/seq-tracker.js +219 -0
package/dist/seq-tracker.js.map +1 -0
package/dist/transport.d.ts +45 -0
package/dist/transport.d.ts.map +1 -0
package/dist/transport.js +251 -0
package/dist/transport.js.map +1 -0
package/dist/types.d.ts +171 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +10 -0
package/dist/types.js.map +1 -0
package/package.json +37 -0

package/dist/auth.d.ts ADDED Viewed

@@ -0,0 +1,150 @@
+import type { KeyStore } from './keystore/index.js';
+import { CryptoProvider } from './crypto.js';
+import { type IdentityRecord, type JsonObject, type RpcMessage, type RpcParams, type RpcResult } from './types.js';
+interface AuthContext extends JsonObject {
+    token?: string;
+    identity?: IdentityRecord;
+}
+interface TransportLike {
+    call(method: string, params: RpcParams): Promise<RpcResult>;
+}
+/**
+ * 认证流程管理器 — 负责 AID 注册、登录、token 管理。
+ *
+ * 完整实现：
+ *   - PKI 证书链验证（链验证 + CRL + OCSP + AID 绑定）
+ *   - login1/login2 双阶段认证
+ *   - token 刷新
+ *   - 证书自动续期
+ */
+export declare class AuthFlow {
+    private static readonly _INSTANCE_STATE_FIELDS;
+    private _keystore;
+    private _crypto;
+    private _aid;
+    private _deviceId;
+    private _slotId;
+    private _rootCaPem;
+    private _verifySsl;
+    private _rootCerts;
+    private _gatewayChainCache;
+    private _gatewayCrlCache;
+    private _gatewayOcspCache;
+    private _chainVerifiedCache;
+    private _chainCacheTtl;
+    private _gatewayCaVerified;
+    constructor(opts: {
+        keystore: KeyStore;
+        crypto: CryptoProvider;
+        aid?: string | null;
+        deviceId?: string;
+        slotId?: string;
+        rootCaPem?: string | null;
+        verifySsl?: boolean;
+        chainCacheTtl?: number;
+    });
+    /** 加载本地身份信息 */
+    loadIdentity(aid?: string): Promise<IdentityRecord>;
+    /** 加载身份，不存在时返回 null */
+    loadIdentityOrNull(aid?: string): Promise<IdentityRecord | null>;
+    /** 与 Node/TS SDK 对齐的别名：加载身份，不存在时返回 null */
+    loadIdentityOrNone(aid?: string): Promise<IdentityRecord | null>;
+    /** 获取 access_token 过期时间 */
+    getAccessTokenExpiry(identity: IdentityRecord): number | null;
+    setInstanceContext(opts: {
+        deviceId: string;
+        slotId?: string;
+    }): void;
+    /**
+     * 注册新 AID。
+     *
+     * 流程：
+     *   1. 确保本地密钥对存在
+     *   2. 短连接 RPC 调用 auth.create_aid
+     *   3. 保存返回的证书
+     */
+    createAid(gatewayUrl: string, aid: string): Promise<JsonObject>;
+    /**
+     * 认证已有 AID — login1/login2 双阶段流程。
+     */
+    authenticate(gatewayUrl: string, aid?: string): Promise<JsonObject>;
+    /**
+     * 确保已认证（如无身份则先注册再登录）。
+     */
+    ensureAuthenticated(gatewayUrl: string): Promise<AuthContext>;
+    /**
+     * 使用已有 token 初始化 WebSocket 会话。
+     */
+    initializeWithToken(transport: TransportLike, challenge: RpcMessage | null, accessToken: string, opts?: {
+        deviceId?: string;
+        slotId?: string;
+        deliveryMode?: JsonObject | null;
+    }): Promise<void>;
+    /**
+     * 连接会话 — 多策略认证：显式 token → 缓存 token → refresh → 重新登录。
+     */
+    connectSession(transport: TransportLike, challenge: RpcMessage | null, gatewayUrl: string, accessToken?: string | {
+        accessToken?: string;
+        deviceId?: string;
+        slotId?: string;
+        deliveryMode?: JsonObject | null;
+    }): Promise<AuthContext>;
+    /**
+     * 刷新 token。
+     */
+    refreshCachedTokens(gatewayUrl: string, identity: IdentityRecord): Promise<IdentityRecord>;
+    /**
+     * 统一的对端证书验证入口：时间有效性 + 链验证 + CRL + OCSP + AID 绑定。
+     */
+    verifyPeerCertificate(gatewayUrl: string, certPem: string, expectedAid: string): Promise<void>;
+    /** 打开原生 WebSocket，接收 challenge，发送 JSON-RPC，接收响应，关闭 */
+    private _shortRpc;
+    /** fetch GET 返回文本 */
+    private _fetchText;
+    /** fetch GET 返回 JSON */
+    private _fetchJson;
+    private _createAid;
+    /** 下载已注册证书恢复本地状态 */
+    private _recoverCertViaDownload;
+    private _login;
+    /** 刷新 access token */
+    private _refreshAccessToken;
+    /** 初始化 WebSocket 会话（auth.connect RPC） */
+    private _initializeSession;
+    private _verifyPhase1Response;
+    private _verifyAuthCertChain;
+    /** 加载 Gateway CA 链（带缓存） */
+    private _loadGatewayCaChain;
+    /** 从 Gateway PKI 端点下载 CA 链 */
+    private _fetchGatewayCaChain;
+    private _verifyAuthCertRevocation;
+    /** 加载 Gateway 吊销列表（带缓存） */
+    private _loadGatewayRevokedSerials;
+    /** 从 Gateway PKI 端点获取并验证 CRL */
+    private _fetchGatewayCrl;
+    private _verifyAuthCertOcsp;
+    /** 加载 OCSP 状态（带缓存） */
+    private _loadGatewayOcspStatus;
+    /** 从 Gateway PKI 端点获取并验证 OCSP 状态 */
+    private _fetchGatewayOcspStatus;
+    private _loadTrustedRoots;
+    private _rememberTokens;
+    /** 验证服务端返回的 new_cert，通过后正式接受 */
+    private _validateNewCert;
+    /** 获取缓存的有效 access_token */
+    private _getCachedAccessToken;
+    private static readonly _AID_NAME_RE;
+    private static _validateAidName;
+    /** 确保本地有密钥对（没有则生成） */
+    private _ensureLocalIdentity;
+    /** 加载身份，不存在时抛出异常 */
+    private _loadIdentityOrRaise;
+    /** 确保有身份（无则尝试生成） */
+    private _ensureIdentity;
+    private _loadInstanceState;
+    private _persistIdentity;
+    /** 清理过期的 gateway 缓存条目（供外部定时调用） */
+    cleanExpiredCaches(): void;
+}
+export {};
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAkE,MAAM,aAAa,CAAC;AAG7G,OAAO,EAEL,KAAK,cAAc,EACnB,KAAK,UAAU,EAEf,KAAK,UAAU,EACf,KAAK,SAAS,EACd,KAAK,SAAS,EACf,MAAM,YAAY,CAAC;AAwFpB,UAAU,WAAY,SAAQ,UAAU;IACtC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B;AAED,UAAU,aAAa;IACrB,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;CAC7D;AAqTD;;;;;;;;GAQG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAKnC;IAEX,OAAO,CAAC,SAAS,CAAW;IAC5B,OAAO,CAAC,OAAO,CAAiB;IAChC,OAAO,CAAC,IAAI,CAAgB;IAC5B,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,UAAU,CAAgB;IAClC,OAAO,CAAC,UAAU,CAAU;IAG5B,OAAO,CAAC,UAAU,CAA6B;IAC/C,OAAO,CAAC,kBAAkB,CAAoC;IAC9D,OAAO,CAAC,gBAAgB,CAAkF;IAC1G,OAAO,CAAC,iBAAiB,CAAkF;IAC3G,OAAO,CAAC,mBAAmB,CAAkC;IAC7D,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,kBAAkB,CAAmC;gBAEjD,IAAI,EAAE;QAChB,QAAQ,EAAE,QAAQ,CAAC;QACnB,MAAM,EAAE,cAAc,CAAC;QACvB,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB;IAaD,eAAe;IACT,YAAY,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IASzD,uBAAuB;IACjB,kBAAkB,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IAQtE,2CAA2C;IACrC,kBAAkB,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IAItE,2BAA2B;IAC3B,oBAAoB,CAAC,QAAQ,EAAE,cAAc,GAAG,MAAM,GAAG,IAAI;IAM7D,kBAAkB,CAAC,IAAI,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI;IAKrE;;;;;;;OAOG;IACG,SAAS,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAkCrE;;OAEG;IACG,YAAY,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IA4CzE;;OAEG;IACG,mBAAmB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAkBnE;;OAEG;IACG,mBAAmB,CACvB,SAAS,EAAE,aAAa,EACxB,SAAS,EAAE,UAAU,GAAG,IAAI,EAC5B,WAAW,EAAE,MAAM,EACnB,IAAI,CAAC,EAAE;QACL,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,YAAY,CAAC,EAAE,UAAU,GAAG,IAAI,CAAC;KAClC,GACA,OAAO,CAAC,IAAI,CAAC;IAehB;;OAEG;IACG,cAAc,CAClB,SAAS,EAAE,aAAa,EACxB,SAAS,EAAE,UAAU,GAAG,IAAI,EAC5B,UAAU,EAAE,MAAM,EAClB,WAAW,CAAC,EAAE,MAAM,GAAG;QACrB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,YAAY,CAAC,EAAE,UAAU,GAAG,IAAI,CAAC;KAClC,GACA,OAAO,CAAC,WAAW,CAAC;IAwGvB;;OAEG;IACG,mBAAmB,CACvB,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,cAAc,GACvB,OAAO,CAAC,cAAc,CAAC;IAU1B;;OAEG;IACG,qBAAqB,CACzB,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC;IA0BhB,sDAAsD;YACxC,SAAS;IA4EvB,qBAAqB;YACP,UAAU;IAexB,wBAAwB;YACV,UAAU;YAsBV,UAAU;IAYxB,oBAAoB;YACN,uBAAuB;YAyBvB,MAAM;IAiCpB,sBAAsB;YACR,mBAAmB;IAajC,yCAAyC;YAC3B,kBAAkB;YA4BlB,qBAAqB;YAiDrB,oBAAoB;IAqElC,2BAA2B;YACb,mBAAmB;IAUjC,8BAA8B;YAChB,oBAAoB;YAQpB,yBAAyB;IA2BvC,2BAA2B;YACb,0BAA0B;IAcxC,gCAAgC;YAClB,gBAAgB;YA2ChB,mBAAmB;IAcjC,sBAAsB;YACR,sBAAsB;IAqBpC,oCAAoC;YACtB,uBAAuB;IAyCrC,OAAO,CAAC,iBAAiB;IAmCzB,OAAO,CAAC,eAAe;IAmBvB,gCAAgC;YAClB,gBAAgB;IA4E9B,2BAA2B;IAC3B,OAAO,CAAC,qBAAqB;IAa7B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAiC;IAErE,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAY/B,sBAAsB;YACR,oBAAoB;IAalC,oBAAoB;YACN,oBAAoB;IAclC,oBAAoB;YACN,eAAe;YAcf,kBAAkB;YAOlB,gBAAgB;IAkC9B,kCAAkC;IAClC,kBAAkB,IAAI,IAAI;CAe3B"}