@agentunion/fastaun-browser 0.2.20 → 0.3.1

package/dist/v2/session/keystore.js

@@ -0,0 +1,244 @@
+/**
+ * AUN E2EE V2: 设备密钥存储（IndexedDB 持久化）
+ *
+ * 与 Python `aun_core.v2.keystore.V2KeyStore` 行为对齐：
+ * - 每个 `(device_id)` 持有一对 IK 与若干 SPK（按 spk_id 索引）
+ * - SPK 按 created_at 排序，支持 `loadCurrentSPK` / `listRecentSPKIds(n)`
+ *
+ * 浏览器目标：所有 IO 是 async（IndexedDB 事务）。
+ */
+export const V2_DB_NAME = 'aun_v2';
+export const V2_DB_VERSION = 1;
+export const V2_STORE_NAME = 'v2_device_keys';
+export const V2_INDEX_BY_DEVICE_TYPE_CREATED = 'by_device_type_created';
+/**
+ * V2 设备密钥持久化存储。复合主键 [device_id, key_type, key_id]。
+ *
+ * 使用 IndexedDB；在浏览器内置 indexedDB 不可用时（如 jsdom）请提前安装
+ * `fake-indexeddb/auto` 作为 polyfill（见 `tests/setup.ts`）。
+ */
+export class V2KeyStore {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    /** 打开/创建 V2 keystore 数据库。 */
+    static async open(dbName = V2_DB_NAME) {
+        return new Promise((resolve, reject) => {
+            const req = indexedDB.open(dbName, V2_DB_VERSION);
+            req.onupgradeneeded = () => {
+                const db = req.result;
+                if (!db.objectStoreNames.contains(V2_STORE_NAME)) {
+                    const store = db.createObjectStore(V2_STORE_NAME, {
+                        keyPath: ['device_id', 'key_type', 'key_id'],
+                    });
+                    store.createIndex(V2_INDEX_BY_DEVICE_TYPE_CREATED, ['device_id', 'key_type', 'created_at']);
+                }
+            };
+            req.onsuccess = () => resolve(new V2KeyStore(req.result));
+            req.onerror = () => reject(req.error);
+            req.onblocked = () => reject(new Error('V2KeyStore.open: blocked'));
+        });
+    }
+    /** 关闭数据库连接（测试或释放资源时使用）。 */
+    close() {
+        this.db.close();
+    }
+    store(mode) {
+        return this.db.transaction(V2_STORE_NAME, mode).objectStore(V2_STORE_NAME);
+    }
+    // ---------- SPK ----------
+    async saveSPK(deviceId, spkId, priv, pubDer) {
+        const record = {
+            device_id: deviceId,
+            key_type: 'spk',
+            key_id: spkId,
+            private_key: priv,
+            public_key: pubDer,
+            created_at: Date.now(),
+        };
+        return new Promise((resolve, reject) => {
+            const req = this.store('readwrite').put(record);
+            req.onsuccess = () => resolve();
+            req.onerror = () => reject(req.error);
+        });
+    }
+    async loadSPK(deviceId, spkId) {
+        return new Promise((resolve, reject) => {
+            const req = this.store('readonly').get([deviceId, 'spk', spkId]);
+            req.onsuccess = () => {
+                const r = req.result;
+                // 用 new Uint8Array(...) 拷贝，规避 fake-indexeddb / 跨 realm 实例对象
+                resolve(r ? new Uint8Array(r.private_key) : null);
+            };
+            req.onerror = () => reject(req.error);
+        });
+    }
+    /** 取最新 SPK（按 created_at DESC LIMIT 1）。 */
+    async loadCurrentSPK(deviceId) {
+        return new Promise((resolve, reject) => {
+            const idx = this.store('readonly').index(V2_INDEX_BY_DEVICE_TYPE_CREATED);
+            const range = IDBKeyRange.bound([deviceId, 'spk', -Infinity], [deviceId, 'spk', Infinity]);
+            const req = idx.openCursor(range, 'prev');
+            req.onsuccess = () => {
+                const cursor = req.result;
+                if (!cursor) {
+                    resolve(null);
+                    return;
+                }
+                const r = cursor.value;
+                resolve({
+                    spkId: r.key_id,
+                    priv: new Uint8Array(r.private_key),
+                    pubDer: new Uint8Array(r.public_key),
+                });
+            };
+            req.onerror = () => reject(req.error);
+        });
+    }
+    async deleteSPK(deviceId, spkId) {
+        return new Promise((resolve, reject) => {
+            const req = this.store('readwrite').delete([deviceId, 'spk', spkId]);
+            req.onsuccess = () => resolve();
+            req.onerror = () => reject(req.error);
+        });
+    }
+    /** 返回最近 N 代 SPK 的 spk_id（按 created_at DESC）。 */
+    async listRecentSPKIds(deviceId, n) {
+        if (n <= 0)
+            return [];
+        return new Promise((resolve, reject) => {
+            const idx = this.store('readonly').index(V2_INDEX_BY_DEVICE_TYPE_CREATED);
+            const range = IDBKeyRange.bound([deviceId, 'spk', -Infinity], [deviceId, 'spk', Infinity]);
+            const req = idx.openCursor(range, 'prev');
+            const out = [];
+            req.onsuccess = () => {
+                const cursor = req.result;
+                if (cursor && out.length < n) {
+                    out.push(cursor.value.key_id);
+                    cursor.continue();
+                }
+                else {
+                    resolve(out);
+                }
+            };
+            req.onerror = () => reject(req.error);
+        });
+    }
+    async listExpiredSPKIds(deviceId, maxAgeMs) {
+        const cutoff = Date.now() - maxAgeMs;
+        return new Promise((resolve, reject) => {
+            const idx = this.store('readonly').index(V2_INDEX_BY_DEVICE_TYPE_CREATED);
+            const range = IDBKeyRange.bound([deviceId, 'spk', -Infinity], [deviceId, 'spk', cutoff], false, true);
+            const req = idx.openCursor(range);
+            const out = [];
+            req.onsuccess = () => {
+                const cursor = req.result;
+                if (cursor) {
+                    out.push(cursor.value.key_id);
+                    cursor.continue();
+                }
+                else {
+                    resolve(out);
+                }
+            };
+            req.onerror = () => reject(req.error);
+        });
+    }
+    // ---------- Group SPK ----------
+    static _groupSpkKeyId(groupId, spkId) {
+        return `${groupId}\0${spkId}`;
+    }
+    async saveGroupSPK(deviceId, groupId, spkId, priv, pubDer) {
+        const record = {
+            device_id: deviceId,
+            key_type: 'group_spk',
+            key_id: V2KeyStore._groupSpkKeyId(groupId, spkId),
+            private_key: priv,
+            public_key: pubDer,
+            created_at: Date.now(),
+        };
+        return new Promise((resolve, reject) => {
+            const req = this.store('readwrite').put(record);
+            req.onsuccess = () => resolve();
+            req.onerror = () => reject(req.error);
+        });
+    }
+    async loadGroupSPK(deviceId, groupId, spkId) {
+        const keyId = V2KeyStore._groupSpkKeyId(groupId, spkId);
+        return new Promise((resolve, reject) => {
+            const req = this.store('readonly').get([deviceId, 'group_spk', keyId]);
+            req.onsuccess = () => {
+                const r = req.result;
+                resolve(r ? new Uint8Array(r.private_key) : null);
+            };
+            req.onerror = () => reject(req.error);
+        });
+    }
+    /** 取指定群最新 group SPK（按 created_at DESC，key_id 前缀匹配）。 */
+    async loadCurrentGroupSPK(deviceId, groupId) {
+        const prefix = `${groupId}\0`;
+        return new Promise((resolve, reject) => {
+            const idx = this.store('readonly').index(V2_INDEX_BY_DEVICE_TYPE_CREATED);
+            const range = IDBKeyRange.bound([deviceId, 'group_spk', -Infinity], [deviceId, 'group_spk', Infinity]);
+            const req = idx.openCursor(range, 'prev');
+            req.onsuccess = () => {
+                const cursor = req.result;
+                if (!cursor) {
+                    resolve(null);
+                    return;
+                }
+                const r = cursor.value;
+                if (r.key_id.startsWith(prefix)) {
+                    const spkId = r.key_id.slice(prefix.length);
+                    resolve({
+                        spkId,
+                        priv: new Uint8Array(r.private_key),
+                        pubDer: new Uint8Array(r.public_key),
+                    });
+                }
+                else {
+                    // 继续遍历，找到匹配前缀的记录
+                    cursor.continue();
+                }
+            };
+            req.onerror = () => reject(req.error);
+        });
+    }
+    // ---------- IK ----------
+    async saveIK(deviceId, priv, pubDer) {
+        const record = {
+            device_id: deviceId,
+            key_type: 'ik',
+            key_id: '',
+            private_key: priv,
+            public_key: pubDer,
+            created_at: Date.now(),
+        };
+        return new Promise((resolve, reject) => {
+            const req = this.store('readwrite').put(record);
+            req.onsuccess = () => resolve();
+            req.onerror = () => reject(req.error);
+        });
+    }
+    async loadIK(deviceId) {
+        return new Promise((resolve, reject) => {
+            const req = this.store('readonly').get([deviceId, 'ik', '']);
+            req.onsuccess = () => {
+                const r = req.result;
+                resolve(r ? { priv: new Uint8Array(r.private_key), pubDer: new Uint8Array(r.public_key) } : null);
+            };
+            req.onerror = () => reject(req.error);
+        });
+    }
+    // ---------- 测试用 ----------
+    /** 测试用：清空 store。 */
+    async _clear() {
+        return new Promise((resolve, reject) => {
+            const req = this.store('readwrite').clear();
+            req.onsuccess = () => resolve();
+            req.onerror = () => reject(req.error);
+        });
+    }
+}
+//# sourceMappingURL=keystore.js.map

package/dist/v2/session/keystore.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keystore.js","sourceRoot":"","sources":["../../../src/v2/session/keystore.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,CAAC,MAAM,UAAU,GAAG,QAAQ,CAAC;AACnC,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC;AAC/B,MAAM,CAAC,MAAM,aAAa,GAAG,gBAAgB,CAAC;AAC9C,MAAM,CAAC,MAAM,+BAA+B,GAAG,wBAAwB,CAAC;AAaxE;;;;;GAKG;AACH,MAAM,OAAO,UAAU;IACQ;IAA7B,YAA6B,EAAe;QAAf,OAAE,GAAF,EAAE,CAAa;IAAG,CAAC;IAEhD,6BAA6B;IAC7B,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAiB,UAAU;QAC3C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;YAClD,GAAG,CAAC,eAAe,GAAG,GAAG,EAAE;gBACzB,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;gBACtB,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;oBACjD,MAAM,KAAK,GAAG,EAAE,CAAC,iBAAiB,CAAC,aAAa,EAAE;wBAChD,OAAO,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,QAAQ,CAAC;qBAC7C,CAAC,CAAC;oBACH,KAAK,CAAC,WAAW,CACf,+BAA+B,EAC/B,CAAC,WAAW,EAAE,UAAU,EAAE,YAAY,CAAC,CACxC,CAAC;gBACJ,CAAC;YACH,CAAC,CAAC;YACF,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;YAC1D,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACtC,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,2BAA2B;IAC3B,KAAK;QACH,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,IAAwB;QACpC,OAAO,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;IAC7E,CAAC;IAED,4BAA4B;IAE5B,KAAK,CAAC,OAAO,CACX,QAAgB,EAChB,KAAa,EACb,IAAgB,EAChB,MAAkB;QAElB,MAAM,MAAM,GAAgB;YAC1B,SAAS,EAAE,QAAQ;YACnB,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,IAAI;YACjB,UAAU,EAAE,MAAM;YAClB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;SACvB,CAAC;QACF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAChD,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;YAChC,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAgB,EAAE,KAAa;QAC3C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;YACjE,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE;gBACnB,MAAM,CAAC,GAAG,GAAG,CAAC,MAAiC,CAAC;gBAChD,4DAA4D;gBAC5D,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACpD,CAAC,CAAC;YACF,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,cAAc,CAClB,QAAgB;QAEhB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC1E,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAC7B,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,QAAQ,CAAC,EAC5B,CAAC,QAAQ,EAAE,KAAK,EAAE,QAAQ,CAAC,CAC5B,CAAC;YACF,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAC1C,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE;gBACnB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;gBAC1B,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,OAAO,CAAC,IAAI,CAAC,CAAC;oBACd,OAAO;gBACT,CAAC;gBACD,MAAM,CAAC,GAAG,MAAM,CAAC,KAAoB,CAAC;gBACtC,OAAO,CAAC;oBACN,KAAK,EAAE,CAAC,CAAC,MAAM;oBACf,IAAI,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC;oBACnC,MAAM,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC;iBACrC,CAAC,CAAC;YACL,CAAC,CAAC;YACF,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,QAAgB,EAAE,KAAa;QAC7C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;YACrE,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;YAChC,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,gDAAgD;IAChD,KAAK,CAAC,gBAAgB,CAAC,QAAgB,EAAE,CAAS;QAChD,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO,EAAE,CAAC;QACtB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC1E,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAC7B,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,QAAQ,CAAC,EAC5B,CAAC,QAAQ,EAAE,KAAK,EAAE,QAAQ,CAAC,CAC5B,CAAC;YACF,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAC1C,MAAM,GAAG,GAAa,EAAE,CAAC;YACzB,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE;gBACnB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;gBAC1B,IAAI,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC7B,GAAG,CAAC,IAAI,CAAE,MAAM,CAAC,KAAqB,CAAC,MAAM,CAAC,CAAC;oBAC/C,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACpB,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,CAAC;gBACf,CAAC;YACH,CAAC,CAAC;YACF,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,QAAgB,EAAE,QAAgB;QACxD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;QACrC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC1E,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAC7B,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,QAAQ,CAAC,EAC5B,CAAC,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,EACzB,KAAK,EAAE,IAAI,CACZ,CAAC;YACF,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YAClC,MAAM,GAAG,GAAa,EAAE,CAAC;YACzB,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE;gBACnB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;gBAC1B,IAAI,MAAM,EAAE,CAAC;oBACX,GAAG,CAAC,IAAI,CAAE,MAAM,CAAC,KAAqB,CAAC,MAAM,CAAC,CAAC;oBAC/C,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACpB,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,CAAC;gBACf,CAAC;YACH,CAAC,CAAC;YACF,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,kCAAkC;IAE1B,MAAM,CAAC,cAAc,CAAC,OAAe,EAAE,KAAa;QAC1D,OAAO,GAAG,OAAO,KAAK,KAAK,EAAE,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,QAAgB,EAChB,OAAe,EACf,KAAa,EACb,IAAgB,EAChB,MAAkB;QAElB,MAAM,MAAM,GAAgB;YAC1B,SAAS,EAAE,QAAQ;YACnB,QAAQ,EAAE,WAAW;YACrB,MAAM,EAAE,UAAU,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC;YACjD,WAAW,EAAE,IAAI;YACjB,UAAU,EAAE,MAAM;YAClB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;SACvB,CAAC;QACF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAChD,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;YAChC,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,QAAgB,EAChB,OAAe,EACf,KAAa;QAEb,MAAM,KAAK,GAAG,UAAU,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACxD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;YACvE,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE;gBACnB,MAAM,CAAC,GAAG,GAAG,CAAC,MAAiC,CAAC;gBAChD,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACpD,CAAC,CAAC;YACF,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,uDAAuD;IACvD,KAAK,CAAC,mBAAmB,CACvB,QAAgB,EAChB,OAAe;QAEf,MAAM,MAAM,GAAG,GAAG,OAAO,IAAI,CAAC;QAC9B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC1E,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAC7B,CAAC,QAAQ,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,EAClC,CAAC,QAAQ,EAAE,WAAW,EAAE,QAAQ,CAAC,CAClC,CAAC;YACF,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAC1C,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE;gBACnB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;gBAC1B,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,OAAO,CAAC,IAAI,CAAC,CAAC;oBACd,OAAO;gBACT,CAAC;gBACD,MAAM,CAAC,GAAG,MAAM,CAAC,KAAoB,CAAC;gBACtC,IAAI,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;oBAChC,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;oBAC5C,OAAO,CAAC;wBACN,KAAK;wBACL,IAAI,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC;wBACnC,MAAM,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC;qBACrC,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,iBAAiB;oBACjB,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACpB,CAAC;YACH,CAAC,CAAC;YACF,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,2BAA2B;IAE3B,KAAK,CAAC,MAAM,CAAC,QAAgB,EAAE,IAAgB,EAAE,MAAkB;QACjE,MAAM,MAAM,GAAgB;YAC1B,SAAS,EAAE,QAAQ;YACnB,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,EAAE;YACV,WAAW,EAAE,IAAI;YACjB,UAAU,EAAE,MAAM;YAClB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;SACvB,CAAC;QACF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAChD,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;YAChC,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,MAAM,CACV,QAAgB;QAEhB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;YAC7D,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE;gBACnB,MAAM,CAAC,GAAG,GAAG,CAAC,MAAiC,CAAC;gBAChD,OAAO,CACL,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CACzF,CAAC;YACJ,CAAC,CAAC;YACF,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,4BAA4B;IAE5B,oBAAoB;IACpB,KAAK,CAAC,MAAM;QACV,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,KAAK,EAAE,CAAC;YAC5C,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;YAChC,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/v2/session/session.d.ts

@@ -0,0 +1,121 @@
+/**
+ * AUN E2EE V2 Session Manager（浏览器版，全 async）。
+ *
+ * 与 Python `aun_core.v2.session.V2Session` 行为对齐：
+ * - IK = AID 长期密钥（多设备共享 AID 身份），由构造函数注入，不独立生成
+ * - SPK 设备级 P-256 密钥对，IK 签名背书
+ * - SPK 销毁三重条件：
+ *     contig_seq >= 该 SPK 引用的最大 seq
+ *  && now - last_seen >= 7 小时
+ *  && 不在最近 7 代保留窗口内
+ * - 对端 IK 公钥缓存 TTL 1 小时
+ * - SPK 注册：`callFn("message.v2.put_peer_pk", ...)`
+ *
+ * 浏览器目标：所有 store 调用均 `await`，签名走 noble（确定性 ECDSA）。
+ */
+import { V2KeyStore } from './keystore';
+/** 对端 IK 公钥缓存 TTL（毫秒）。 */
+export declare const PEER_KEY_CACHE_TTL_MS: number;
+/** SPK 销毁安全窗口（毫秒）。 */
+export declare const DESTROY_DELAY_MS: number;
+/** SPK 销毁时保留的最近代数。 */
+export declare const RECENT_GENERATIONS = 7;
+/** SPK 180 天硬上限。 */
+export declare const HARD_LIMIT_MS: number;
+/** 服务端 RPC 调用函数签名（与 Python `call_fn` 等价）。 */
+export type CallFn = (method: string, params: Record<string, unknown>) => Promise<Record<string, unknown> | unknown>;
+/** 加密所需的发送方身份。 */
+export interface SenderIdentity {
+    aid: string;
+    deviceId: string;
+    ikPriv: Uint8Array;
+    ikPubDer: Uint8Array;
+}
+/** 解密所需的私钥。 */
+export interface DecryptKeys {
+    ikPriv: Uint8Array;
+    spkPriv?: Uint8Array;
+}
+export declare class V2Session {
+    private readonly _store;
+    private readonly _deviceId;
+    private readonly _aid;
+    private readonly _ikPriv;
+    private readonly _ikPubDer;
+    private _spkId;
+    private _spkPriv?;
+    private _spkPubDer?;
+    private _registered;
+    private _lastUploadedSPKId;
+    private _lastUploadedGroupSPKIds;
+    private _peerIKCache;
+    private _verifiedSPKs;
+    private _oldSPKMaxSeq;
+    private _nowFn;
+    constructor(store: V2KeyStore, deviceId: string, aid: string, ikPriv: Uint8Array, ikPubDer: Uint8Array);
+    /** 测试用：注入虚拟时钟。 */
+    _setNowFn(fn: () => number): void;
+    get deviceId(): string;
+    get aid(): string;
+    get currentSpkId(): string;
+    get currentIkPubDer(): Uint8Array;
+    /** 暴露 store 以便测试（与 Python 同等私有约定）。 */
+    get _storeForTest(): V2KeyStore;
+    /** 加载或生成当前 SPK；IK 由构造函数注入，无需加载。 */
+    ensureKeys(): Promise<void>;
+    private _generateNewSPK;
+    /** SPK 由 AID 私钥（IK）签名背书并上报到 message.v2.put_peer_pk。 */
+    private _registerSPK;
+    /** 注册本设备 SPK 到服务端。IK = AID 长期密钥，无需注册。幂等。 */
+    ensureRegistered(callFn: CallFn): Promise<void>;
+    /** 返回加密所需的 sender 结构。 */
+    getSenderIdentity(): Promise<SenderIdentity>;
+    /**
+     * 返回解密所需的私钥。
+     * - spkId 空：1DH（仅 IK）
+     * - spkId == 当前 SPK：当前 spkPriv
+     * - 否则：从 store 加载旧 SPK 私钥（可能 undefined = 已销毁）
+     */
+    getDecryptKeys(spkId: string | null | undefined): Promise<DecryptKeys>;
+    /** 判断 spkId 是否命中当前活跃 SPK。 */
+    isCurrentSPK(spkId: string | null | undefined): boolean;
+    /** 跟踪每个旧 SPK 引用的最大 seq（用于销毁判定）。 */
+    trackOldSPKMaxSeq(spkId: string, seq: number): void;
+    /**
+     * contig_seq 已覆盖、超过 7 天安全窗口、且不在最近 7 代保留窗口内时销毁。
+     *
+     * 销毁条件（全部满足才销毁）：
+     * - contig_seq >= 该 SPK 引用的最大 seq
+     * - 自最后一次见到该 spk_id 引用 >= 7 天
+     * - 不在最近 7 代 SPK 保留窗口内
+     */
+    maybeDestroyOldSPKs(contigSeq: number): Promise<string[]>;
+    /** 轮换 SPK：生成新 SPK 并上报到服务端。旧 SPK 保留本地用于解密。 */
+    rotateSPK(callFn: CallFn): Promise<void>;
+    /** 判断 spkId 是否为本进程最后一次成功上传的 P2P SPK。 */
+    isLastUploadedSPK(spkId: string | null | undefined): boolean;
+    /** 判断 spkId 是否为本进程在该群最后一次成功上传的 group SPK。 */
+    isLastUploadedGroupSPK(groupId: string, spkId: string | null | undefined): boolean;
+    /** 确保指定群有独立 group SPK，返回 { spkId, priv, pubDer }。 */
+    ensureGroupSPK(groupId: string): Promise<{
+        spkId: string;
+        priv: Uint8Array;
+        pubDer: Uint8Array;
+    }>;
+    /** 注册指定群的 group SPK。group 服务负责成员鉴权。 */
+    ensureGroupRegistered(groupId: string, callFn: CallFn): Promise<void>;
+    /** 轮换指定群的 group SPK，保留旧私钥用于缓存窗口内的历史 wrap 解密。 */
+    rotateGroupSPK(groupId: string, callFn: CallFn): Promise<{
+        spkId: string;
+        priv: Uint8Array;
+        pubDer: Uint8Array;
+    }>;
+    /** 群消息解密优先查 group SPK；找不到时 fallback 旧 P2P SPK 兼容历史消息。 */
+    getGroupDecryptKeys(groupId: string, spkId: string | null | undefined): Promise<DecryptKeys>;
+    private _publishGroupSPK;
+    cachePeerIK(peerAid: string, deviceId: string, ikPubDer: Uint8Array): void;
+    getPeerIK(peerAid: string, deviceId: string): Uint8Array | null;
+    isPeerSPKVerified(peerAid: string, deviceId: string, spkId: string): boolean;
+    markPeerSPKVerified(peerAid: string, deviceId: string, spkId: string): void;
+}
+//# sourceMappingURL=session.d.ts.map

package/dist/v2/session/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../src/v2/session/session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAExC,0BAA0B;AAC1B,eAAO,MAAM,qBAAqB,QAAiB,CAAC;AACpD,sBAAsB;AACtB,eAAO,MAAM,gBAAgB,QAA0B,CAAC;AACxD,sBAAsB;AACtB,eAAO,MAAM,kBAAkB,IAAI,CAAC;AACpC,oBAAoB;AACpB,eAAO,MAAM,aAAa,QAA4B,CAAC;AAEvD,6CAA6C;AAC7C,MAAM,MAAM,MAAM,GAAG,CACnB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC;AAEhD,kBAAkB;AAClB,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,UAAU,CAAC;IACnB,QAAQ,EAAE,UAAU,CAAC;CACtB;AAED,eAAe;AACf,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,CAAC,EAAE,UAAU,CAAC;CACtB;AA4BD,qBAAa,SAAS;IACpB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAa;IACpC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;IAC9B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAa;IACrC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAa;IAEvC,OAAO,CAAC,MAAM,CAAM;IACpB,OAAO,CAAC,QAAQ,CAAC,CAAa;IAC9B,OAAO,CAAC,UAAU,CAAC,CAAa;IAChC,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,kBAAkB,CAAM;IAChC,OAAO,CAAC,wBAAwB,CAA6B;IAE7D,OAAO,CAAC,YAAY,CAA+D;IACnF,OAAO,CAAC,aAAa,CAAqB;IAC1C,OAAO,CAAC,aAAa,CAA0D;IAC/E,OAAO,CAAC,MAAM,CAAkC;gBAG9C,KAAK,EAAE,UAAU,EACjB,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,UAAU,EAClB,QAAQ,EAAE,UAAU;IAYtB,kBAAkB;IAClB,SAAS,CAAC,EAAE,EAAE,MAAM,MAAM,GAAG,IAAI;IAIjC,IAAI,QAAQ,IAAI,MAAM,CAErB;IAED,IAAI,GAAG,IAAI,MAAM,CAEhB;IAED,IAAI,YAAY,IAAI,MAAM,CAEzB;IAED,IAAI,eAAe,IAAI,UAAU,CAEhC;IAED,sCAAsC;IACtC,IAAI,aAAa,IAAI,UAAU,CAE9B;IAED,mCAAmC;IAC7B,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;YAYnB,eAAe;IAU7B,uDAAuD;YACzC,YAAY;IAmB1B,4CAA4C;IACtC,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQrD,yBAAyB;IACnB,iBAAiB,IAAI,OAAO,CAAC,cAAc,CAAC;IAUlD;;;;;OAKG;IACG,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC;IAS5E,6BAA6B;IAC7B,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO;IAIvD,mCAAmC;IACnC,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,IAAI;IASnD;;;;;;;OAOG;IACG,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IA2C/D,6CAA6C;IACvC,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAM9C,wCAAwC;IACxC,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO;IAI5D,6CAA6C;IAC7C,sBAAsB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO;IAQlF,qDAAqD;IAC/C,cAAc,CAClB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,UAAU,CAAC;QAAC,MAAM,EAAE,UAAU,CAAA;KAAE,CAAC;IAYnE,uCAAuC;IACjC,qBAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAO3E,gDAAgD;IAC1C,cAAc,CAClB,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,UAAU,CAAC;QAAC,MAAM,EAAE,UAAU,CAAA;KAAE,CAAC;IAWnE,yDAAyD;IACnD,mBAAmB,CACvB,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC/B,OAAO,CAAC,WAAW,CAAC;YAUT,gBAAgB;IAyB9B,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,GAAG,IAAI;IAO1E,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI;IAW/D,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO;IAI5E,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;CAG5E"}