@agentunion/fastaun-browser 0.4.3 → 0.4.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +203 -178
- package/_packed_docs/CHANGELOG.md +203 -178
- package/_packed_docs/INDEX.md +17 -17
- package/_packed_docs/KITE_DOCS_GUIDE.md +11 -11
- package/_packed_docs/agent.md/SCHEMA.md +49 -49
- package/_packed_docs/agent.md/examples/signed-openclaw-lobster.md +22 -22
- package/_packed_docs/agent.md//350/277/234/347/250/213agent.md/347/274/223/345/255/230/344/270/216etag/351/200/217/344/274/240/346/226/271/346/241/210.md +327 -327
- package/_packed_docs/cli/AUN-CLI/350/256/276/350/256/241/346/226/207/346/241/243.md +686 -686
- package/_packed_docs/design/2026-05-22-aun-rpc-trace-enhancement.md +542 -542
- package/_packed_docs/design/E2EE_V2/347/256/200/345/214/226/344/270/2721DH/345/212/240Per-AID_Wrap/346/226/271/346/241/210.md +124 -124
- package/_packed_docs/design//350/267/250/350/257/255/350/250/200/345/256/271/345/231/250E2E/346/265/213/350/257/225/346/226/271/346/241/210.md +665 -665
- package/_packed_docs/protocol/01-/350/272/253/344/273/275/344/270/216/345/207/255/350/257/201/345/215/217/350/256/256-auth.md +2 -2
- package/_packed_docs/protocol/14-/344/272/244/344/272/222/346/234/272/345/210/266-/345/223/215/345/272/224/346/250/241/345/274/217/344/270/216/350/207/252/344/270/273/346/250/241/345/274/217.md +170 -170
- package/_packed_docs/protocol/15-/347/246/273/347/272/277/346/216/250/351/200/201/351/200/232/347/237/245/345/215/217/350/256/256.md +419 -419
- package/_packed_docs/protocol/README.md +1 -1
- package/_packed_docs/protocol/aun-docs-guide.md +1 -1
- package/_packed_docs/protocol//351/231/204/345/275/225A-/346/234/257/350/257/255/350/241/250.md +15 -15
- package/_packed_docs/protocol//351/231/204/345/275/225B-/346/211/251/345/261/225/346/200/247/346/214/207/345/215/227.md +4 -4
- package/_packed_docs/protocol//351/231/204/345/275/225J-/345/256/242/346/210/267/347/253/257/346/216/245/345/205/245/347/244/272/344/276/213.md +98 -98
- package/_packed_docs/protocol//351/231/204/345/275/225M-JWT/350/256/244/350/257/201/345/256/236/347/216/260/346/214/207/345/215/227.md +46 -46
- package/_packed_docs/protocol//351/231/204/345/275/225N-/345/210/206/345/270/203/345/274/217Trace/345/215/217/350/256/256.md +257 -257
- package/_packed_docs/sdk/01-/345/277/253/351/200/237/345/274/200/345/247/213.md +1 -1
- package/_packed_docs/sdk/05-E2EE/345/212/240/345/257/206/351/200/232/344/277/241.md +1 -1
- package/_packed_docs/sdk/06-API/346/211/213/345/206/214.md +1 -0
- package/_packed_docs/sdk/09-payload-reference.md +13 -13
- package/_packed_docs/sdk/E2EE_V2/346/266/210/346/201/257/351/200/232/344/277/241/346/227/266/345/272/217/345/233/276.md +171 -171
- package/dist/aid-store.d.ts +1 -0
- package/dist/aid-store.d.ts.map +1 -1
- package/dist/aid-store.js +26 -9
- package/dist/aid-store.js.map +1 -1
- package/dist/aid.d.ts +2 -1
- package/dist/aid.d.ts.map +1 -1
- package/dist/aid.js +7 -6
- package/dist/aid.js.map +1 -1
- package/dist/auth.d.ts +8 -13
- package/dist/auth.d.ts.map +1 -1
- package/dist/auth.js +38 -127
- package/dist/auth.js.map +1 -1
- package/dist/bundle.js +872 -350
- package/dist/client.d.ts +12 -5
- package/dist/client.d.ts.map +1 -1
- package/dist/client.js +296 -213
- package/dist/client.js.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -0
- package/dist/index.js.map +1 -1
- package/dist/keystore/index.d.ts +45 -22
- package/dist/keystore/index.d.ts.map +1 -1
- package/dist/keystore/index.js +6 -1
- package/dist/keystore/index.js.map +1 -1
- package/dist/keystore/indexeddb.d.ts +11 -1
- package/dist/keystore/indexeddb.d.ts.map +1 -1
- package/dist/keystore/indexeddb.js +167 -18
- package/dist/keystore/indexeddb.js.map +1 -1
- package/dist/register-flow.d.ts +34 -0
- package/dist/register-flow.d.ts.map +1 -0
- package/dist/register-flow.js +355 -0
- package/dist/register-flow.js.map +1 -0
- package/dist/v2/session/keystore.d.ts +5 -0
- package/dist/v2/session/keystore.d.ts.map +1 -1
- package/dist/v2/session/keystore.js +29 -0
- package/dist/v2/session/keystore.js.map +1 -1
- package/dist/version.d.ts +1 -1
- package/dist/version.js +1 -1
- package/package.json +1 -1
- package/_packed_docs/0.4.0_/345/267/256/345/274/202/346/240/270/345/256/236/345/206/263/347/255/226/350/256/260/345/275/225.md +0 -302
- package/_packed_docs/AUN_SDK_0.4.0_/350/256/276/350/256/241/345/257/271/346/257/224/345/210/206/346/236/220.md +0 -194
- package/_packed_docs/AUN_SDK_/351/207/215/346/236/204/345/256/236/346/226/275/350/256/241/345/210/222.md +0 -596
- package/_packed_docs/AUN_SDK_/351/207/215/346/236/204/350/256/276/350/256/241/346/226/271/346/241/210_v3.md +0 -1697
- package/_packed_docs/python-sdk-v2-only-changelog.md +0 -189
package/dist/aid.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aid.d.ts","sourceRoot":"","sources":["../src/aid.ts"],"names":[],"mappings":"AAYA,OAAO,EAAuB,KAAK,MAAM,EAAE,MAAM,aAAa,CAAC;AAE/D,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,UAAU,GAAG,SAAS,GAAG,UAAU,CAAC;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,qBAAa,GAAG;IACd,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,EAAE,IAAI,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,IAAI,CAAC;IAC5B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC;IAC5B,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,
|
|
1
|
+
{"version":3,"file":"aid.d.ts","sourceRoot":"","sources":["../src/aid.ts"],"names":[],"mappings":"AAYA,OAAO,EAAuB,KAAK,MAAM,EAAE,MAAM,aAAa,CAAC;AAE/D,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,UAAU,GAAG,SAAS,GAAG,UAAU,CAAC;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,qBAAa,GAAG;IACd,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,EAAE,IAAI,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,IAAI,CAAC;IAC5B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC;IAC5B,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,wDAAwD;IACxD,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAU;IACrC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAU;IAC3C,OAAO,CAAC,gBAAgB,CAAM;IAE9B,OAAO;WAoBM,MAAM,CAAC,MAAM,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,SAAS,EAAE,OAAO,CAAC;QAAC,eAAe,EAAE,OAAO,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,OAAO,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC,GAAG,CAAC;IAM9Q,IAAI,eAAe,IAAI,MAAM,CAE5B;IAED,WAAW,IAAI,OAAO;IAItB,iBAAiB,IAAI,OAAO;IAItB,IAAI,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAAE,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAU1E,MAAM,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAAE,KAAK,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IAU5F,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAWjE,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;CAkBpE"}
|
package/dist/aid.js
CHANGED
|
@@ -15,7 +15,8 @@ export class AID {
|
|
|
15
15
|
verifySsl;
|
|
16
16
|
rootCaPath;
|
|
17
17
|
debug;
|
|
18
|
-
|
|
18
|
+
/** AIDStore 加载时注入的明文私钥 PEM,供 AUNClient 直接使用(无需 seed)。*/
|
|
19
|
+
privateKeyPem;
|
|
19
20
|
_certValid;
|
|
20
21
|
_privateKeyValid;
|
|
21
22
|
_certFingerprint = '';
|
|
@@ -34,7 +35,7 @@ export class AID {
|
|
|
34
35
|
this.certIssuer = meta.issuer;
|
|
35
36
|
this.certNotBefore = meta.notBefore;
|
|
36
37
|
this.certNotAfter = meta.notAfter;
|
|
37
|
-
this.
|
|
38
|
+
this.privateKeyPem = params.privateKeyPem ?? '';
|
|
38
39
|
this._certValid = params.certValid;
|
|
39
40
|
this._privateKeyValid = params.privateKeyValid;
|
|
40
41
|
}
|
|
@@ -53,11 +54,11 @@ export class AID {
|
|
|
53
54
|
return this._privateKeyValid;
|
|
54
55
|
}
|
|
55
56
|
async sign(payload) {
|
|
56
|
-
if (!this._privateKeyValid || !this.
|
|
57
|
+
if (!this._privateKeyValid || !this.privateKeyPem)
|
|
57
58
|
return resultErr(codes.PRIVATE_KEY_NOT_VALID, 'private key is not valid');
|
|
58
59
|
try {
|
|
59
60
|
const data = typeof payload === 'string' ? new TextEncoder().encode(payload) : payload;
|
|
60
|
-
return resultOk({ signature: await signBytes(this.
|
|
61
|
+
return resultOk({ signature: await signBytes(this.privateKeyPem, data) });
|
|
61
62
|
}
|
|
62
63
|
catch (exc) {
|
|
63
64
|
return resultErr(codes.SIGNATURE_OPERATION_ERROR, String(exc), exc);
|
|
@@ -75,11 +76,11 @@ export class AID {
|
|
|
75
76
|
}
|
|
76
77
|
}
|
|
77
78
|
async signAgentMd(content) {
|
|
78
|
-
if (!this._privateKeyValid || !this.
|
|
79
|
+
if (!this._privateKeyValid || !this.privateKeyPem)
|
|
79
80
|
return resultErr(codes.PRIVATE_KEY_NOT_VALID, 'private key is not valid');
|
|
80
81
|
try {
|
|
81
82
|
const payload = normalizeAgentMdPayload(content);
|
|
82
|
-
const signature = await signBytes(this.
|
|
83
|
+
const signature = await signBytes(this.privateKeyPem, new TextEncoder().encode(payload));
|
|
83
84
|
return resultOk({ signed: payload + buildAgentMdSignatureBlock(this.certFingerprint, Date.now() / 1000, signature) });
|
|
84
85
|
}
|
|
85
86
|
catch (exc) {
|
package/dist/aid.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aid.js","sourceRoot":"","sources":["../src/aid.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EACL,0BAA0B,EAC1B,eAAe,EACf,iBAAiB,EACjB,uBAAuB,EACvB,yBAAyB,EACzB,iBAAiB,EACjB,eAAe,EACf,SAAS,EACT,uBAAuB,GACxB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAe,MAAM,aAAa,CAAC;AAW/D,MAAM,OAAO,GAAG;IACL,GAAG,CAAS;IACZ,OAAO,CAAS;IAChB,OAAO,CAAS;IAChB,SAAS,CAAS;IAClB,WAAW,CAAS;IACpB,aAAa,CAAO;IACpB,YAAY,CAAO;IACnB,UAAU,CAAS;IACnB,QAAQ,CAAS;IACjB,MAAM,CAAS;IACf,SAAS,CAAU;IACnB,UAAU,CAAgB;IAC1B,KAAK,CAAU;
|
|
1
|
+
{"version":3,"file":"aid.js","sourceRoot":"","sources":["../src/aid.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EACL,0BAA0B,EAC1B,eAAe,EACf,iBAAiB,EACjB,uBAAuB,EACvB,yBAAyB,EACzB,iBAAiB,EACjB,eAAe,EACf,SAAS,EACT,uBAAuB,GACxB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAe,MAAM,aAAa,CAAC;AAW/D,MAAM,OAAO,GAAG;IACL,GAAG,CAAS;IACZ,OAAO,CAAS;IAChB,OAAO,CAAS;IAChB,SAAS,CAAS;IAClB,WAAW,CAAS;IACpB,aAAa,CAAO;IACpB,YAAY,CAAO;IACnB,UAAU,CAAS;IACnB,QAAQ,CAAS;IACjB,MAAM,CAAS;IACf,SAAS,CAAU;IACnB,UAAU,CAAgB;IAC1B,KAAK,CAAU;IACxB,wDAAwD;IAC/C,aAAa,CAAS;IACd,UAAU,CAAU;IACpB,gBAAgB,CAAU;IACnC,gBAAgB,GAAG,EAAE,CAAC;IAE9B,YAAoB,MAA2O;QAC7P,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;QACtB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;QACtC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,SAAS,CAAC;QACzC,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC;QAC1C,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC;QAC5C,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,KAAK,CAAC;QACnC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,SAAS,GAAG,eAAe,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACjD,MAAM,IAAI,GAAG,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC/C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC;QAChC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC;QAC9B,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC;QACpC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC;QAClC,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,aAAa,IAAI,EAAE,CAAC;QAChD,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,SAAS,CAAC;QACnC,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,eAAe,CAAC;IACjD,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAA2O;QAC7P,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QAC5B,GAAG,CAAC,gBAAgB,GAAG,MAAM,eAAe,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC7D,OAAO,GAAG,CAAC;IACb,CAAC;IAED,IAAI,eAAe;QACjB,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAED,WAAW;QACT,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,iBAAiB;QACf,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAA4B;QACrC,IAAI,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,IAAI,CAAC,aAAa;YAAE,OAAO,SAAS,CAAC,KAAK,CAAC,qBAAqB,EAAE,0BAA0B,CAAC,CAAC;QAC7H,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;YACvF,OAAO,QAAQ,CAAC,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QAC5E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,SAAS,CAAC,KAAK,CAAC,yBAAyB,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAA4B,EAAE,SAAiB;QAC1D,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,OAAO,SAAS,CAAC,KAAK,CAAC,cAAc,EAAE,0BAA0B,CAAC,CAAC;QACzF,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;YACvF,OAAO,QAAQ,CAAC,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QAC3F,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,SAAS,CAAC,KAAK,CAAC,4BAA4B,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAe;QAC/B,IAAI,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,IAAI,CAAC,aAAa;YAAE,OAAO,SAAS,CAAC,KAAK,CAAC,qBAAqB,EAAE,0BAA0B,CAAC,CAAC;QAC7H,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;YACjD,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;YACzF,OAAO,QAAQ,CAAC,EAAE,MAAM,EAAE,OAAO,GAAG,0BAA0B,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,SAAS,CAAC,EAAE,CAAC,CAAC;QACxH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,SAAS,CAAC,KAAK,CAAC,yBAAyB,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,OAAe;QACjC,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,OAAO,SAAS,CAAC,KAAK,CAAC,cAAc,EAAE,0BAA0B,CAAC,CAAC;QACzF,IAAI,CAAC;YACH,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,yBAAyB,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;YACzF,IAAI,CAAC,MAAM;gBAAE,OAAO,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;YAChI,MAAM,UAAU,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;YAC9C,IAAI,UAAU,IAAI,UAAU,KAAK,IAAI,CAAC,GAAG;gBAAE,OAAO,QAAQ,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC;YACpI,IAAI,MAAM,CAAC,gBAAgB,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE,EAAE,CAAC;gBACjF,OAAO,QAAQ,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,kCAAkC,EAAE,CAAC,CAAC;YAC7G,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,uBAAuB,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,SAAS,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;YAC/G,OAAO,QAAQ,CAAC,KAAK;gBACnB,CAAC,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,EAAE,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE;gBAChI,CAAC,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,EAAE,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC,CAAC;QAC9K,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,SAAS,CAAC,KAAK,CAAC,4BAA4B,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;CACF"}
|
package/dist/auth.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { TokenStore } from './keystore/index.js';
|
|
2
2
|
import type { ModuleLogger } from './logger.js';
|
|
3
3
|
import { CryptoProvider } from './crypto.js';
|
|
4
4
|
import { type IdentityRecord, type JsonObject, type RpcMessage, type RpcParams, type RpcResult } from './types.js';
|
|
@@ -23,13 +23,14 @@ export declare class AuthFlow {
|
|
|
23
23
|
private _log;
|
|
24
24
|
setLogger(log: ModuleLogger): void;
|
|
25
25
|
private static readonly _INSTANCE_STATE_FIELDS;
|
|
26
|
-
private
|
|
26
|
+
private _tokenStore;
|
|
27
27
|
private _crypto;
|
|
28
28
|
private _aid;
|
|
29
29
|
private _deviceId;
|
|
30
30
|
private _slotId;
|
|
31
31
|
private _rootCaPem;
|
|
32
32
|
private _verifySsl;
|
|
33
|
+
private _memIdentity;
|
|
33
34
|
private _rootCerts;
|
|
34
35
|
private _gatewayChainCache;
|
|
35
36
|
private _gatewayCrlCache;
|
|
@@ -38,7 +39,7 @@ export declare class AuthFlow {
|
|
|
38
39
|
private _chainCacheTtl;
|
|
39
40
|
private _gatewayCaVerified;
|
|
40
41
|
constructor(opts: {
|
|
41
|
-
|
|
42
|
+
tokenStore: TokenStore;
|
|
42
43
|
crypto: CryptoProvider;
|
|
43
44
|
aid?: string | null;
|
|
44
45
|
deviceId?: string;
|
|
@@ -47,6 +48,8 @@ export declare class AuthFlow {
|
|
|
47
48
|
verifySsl?: boolean;
|
|
48
49
|
chainCacheTtl?: number;
|
|
49
50
|
});
|
|
51
|
+
/** 注入内存私钥,禁止 AuthFlow 内部再走 tokenStore 解密 */
|
|
52
|
+
setIdentity(identity: IdentityRecord | null): void;
|
|
50
53
|
/** 加载本地身份信息 */
|
|
51
54
|
loadIdentity(aid?: string): Promise<IdentityRecord>;
|
|
52
55
|
/** 加载身份,不存在时返回 null */
|
|
@@ -59,17 +62,10 @@ export declare class AuthFlow {
|
|
|
59
62
|
deviceId: string;
|
|
60
63
|
slotId?: string;
|
|
61
64
|
}): void;
|
|
62
|
-
/**
|
|
63
|
-
* 严格注册新 AID(对齐 TS registerAid / Go RegisterAID)。
|
|
64
|
-
*
|
|
65
|
-
* 注册与认证彻底分离:此方法绝不被 SDK 内部自动调用,
|
|
66
|
-
* 必须由应用层显式调用。
|
|
67
|
-
*/
|
|
68
|
-
registerAid(gatewayUrl: string, aid: string): Promise<JsonObject>;
|
|
69
65
|
/**
|
|
70
66
|
* 认证已有 AID — login1/login2 双阶段流程。
|
|
71
67
|
*
|
|
72
|
-
* 优先复用
|
|
68
|
+
* 优先复用 tokenStore 里的 cached access_token(未过期且有 refresh_token),
|
|
73
69
|
* 避免每次 authenticate 都走两阶段重登的网络往返。与 Python SDK 行为对齐。
|
|
74
70
|
*/
|
|
75
71
|
authenticate(gatewayUrl: string, aid?: string): Promise<JsonObject>;
|
|
@@ -114,7 +110,6 @@ export declare class AuthFlow {
|
|
|
114
110
|
private _fetchText;
|
|
115
111
|
/** fetch GET 返回 JSON */
|
|
116
112
|
private _fetchJson;
|
|
117
|
-
private _createAid;
|
|
118
113
|
/**
|
|
119
114
|
* 从服务端下载指定 AID 的证书(公开 API)。
|
|
120
115
|
*
|
|
@@ -169,7 +164,7 @@ export declare class AuthFlow {
|
|
|
169
164
|
/** 获取缓存的有效 access_token */
|
|
170
165
|
private _getCachedAccessToken;
|
|
171
166
|
private static readonly _AID_NAME_RE;
|
|
172
|
-
|
|
167
|
+
static _validateAidName(aid: string): void;
|
|
173
168
|
/** 确保本地有密钥对(没有则生成) */
|
|
174
169
|
/** 加载身份,不存在或半成品时抛出异常 */
|
|
175
170
|
private _loadIdentityOrRaise;
|
package/dist/auth.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,cAAc,EAAkE,MAAM,aAAa,CAAC;AAQ7G,OAAO,EAEL,KAAK,cAAc,EACnB,KAAK,UAAU,EAEf,KAAK,UAAU,EACf,KAAK,SAAS,EACd,KAAK,SAAS,EACf,MAAM,YAAY,CAAC;AAwFpB,UAAU,WAAY,SAAQ,UAAU;IACtC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,KAAK,CAAC,EAAE,UAAU,CAAC;CACpB;AAED,UAAU,aAAa;IACrB,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;CAC7D;AAqTD;;;;;;;;GAQG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,IAAI,CAA0B;IACtC,SAAS,CAAC,GAAG,EAAE,YAAY,GAAG,IAAI;IAElC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAKnC;IAEX,OAAO,CAAC,WAAW,CAAa;IAChC,OAAO,CAAC,OAAO,CAAiB;IAChC,OAAO,CAAC,IAAI,CAAgB;IAC5B,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,UAAU,CAAgB;IAClC,OAAO,CAAC,UAAU,CAAU;IAC5B,OAAO,CAAC,YAAY,CAA+B;IAGnD,OAAO,CAAC,UAAU,CAA6B;IAC/C,OAAO,CAAC,kBAAkB,CAAoC;IAC9D,OAAO,CAAC,gBAAgB,CAAkF;IAC1G,OAAO,CAAC,iBAAiB,CAAkF;IAC3G,OAAO,CAAC,mBAAmB,CAAkC;IAC7D,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,kBAAkB,CAAmC;gBAEjD,IAAI,EAAE;QAChB,UAAU,EAAE,UAAU,CAAC;QACvB,MAAM,EAAE,cAAc,CAAC;QACvB,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB;IAaD,4CAA4C;IAC5C,WAAW,CAAC,QAAQ,EAAE,cAAc,GAAG,IAAI,GAAG,IAAI;IAKlD,eAAe;IACT,YAAY,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAuBzD,uBAAuB;IACjB,kBAAkB,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IAQtE,2CAA2C;IACrC,kBAAkB,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IAItE,2BAA2B;IAC3B,oBAAoB,CAAC,QAAQ,EAAE,cAAc,GAAG,MAAM,GAAG,IAAI;IAM7D,kBAAkB,CAAC,IAAI,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI;IAKrE;;;;;OAKG;IACG,YAAY,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAsEzE;;OAEG;IACG,mBAAmB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IA6BnE;;OAEG;IACG,mBAAmB,CACvB,SAAS,EAAE,aAAa,EACxB,SAAS,EAAE,UAAU,GAAG,IAAI,EAC5B,WAAW,EAAE,MAAM,EACnB,IAAI,CAAC,EAAE;QACL,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,YAAY,CAAC,EAAE,UAAU,GAAG,IAAI,CAAC;QACjC,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACrC,GACA,OAAO,CAAC,UAAU,CAAC;IA2BtB;;OAEG;IACG,cAAc,CAClB,SAAS,EAAE,aAAa,EACxB,SAAS,EAAE,UAAU,GAAG,IAAI,EAC5B,UAAU,EAAE,MAAM,EAClB,WAAW,CAAC,EAAE,MAAM,GAAG;QACrB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,YAAY,CAAC,EAAE,UAAU,GAAG,IAAI,CAAC;QACjC,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACrC,GACA,OAAO,CAAC,WAAW,CAAC;IA0IvB;;OAEG;IACG,mBAAmB,CACvB,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,cAAc,GACvB,OAAO,CAAC,cAAc,CAAC;IAkB1B;;OAEG;IACG,qBAAqB,CACzB,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC;IAkChB,sDAAsD;YACxC,SAAS;IA+EvB,qBAAqB;YACP,UAAU;IAexB,wBAAwB;YACV,UAAU;IAoBxB;;;;;;;;;;;;;;OAcG;IACG,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAI5E,oCAAoC;YACtB,uBAAuB;IAWrC,4CAA4C;IAC5C,OAAO,CAAC,8BAA8B;IAmBtC,oBAAoB;YACN,uBAAuB;YAyBvB,MAAM;IAiCpB,sBAAsB;YACR,mBAAmB;IAajC,yCAAyC;YAC3B,kBAAkB;YAqElB,qBAAqB;YAiDrB,oBAAoB;IAqElC,2BAA2B;YACb,mBAAmB;IAUjC,8BAA8B;YAChB,oBAAoB;YAQpB,yBAAyB;IA2BvC,2BAA2B;YACb,0BAA0B;IAcxC,gCAAgC;YAClB,gBAAgB;YA2ChB,mBAAmB;IAcjC,sBAAsB;YACR,sBAAsB;IAqBpC,oCAAoC;YACtB,uBAAuB;IAyCrC,8BAA8B;IAC9B,kBAAkB,IAAI,MAAM;IAQ5B,iCAAiC;IACjC,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAQpC,OAAO,CAAC,iBAAiB;IAmCzB,OAAO,CAAC,eAAe;IAqBvB,gCAAgC;YAClB,gBAAgB;IA4E9B,2BAA2B;IAC3B,OAAO,CAAC,qBAAqB;IAa7B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAiC;IAErE,MAAM,CAAC,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAY1C,sBAAsB;IAItB,wBAAwB;YACV,oBAAoB;YA0BpB,kBAAkB;YAOlB,gBAAgB;IAgC9B,kCAAkC;IAClC,kBAAkB,IAAI,IAAI;CAe3B"}
|
package/dist/auth.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
// 负责 AID 注册、login1/login2 双阶段认证、证书链验证、token 管理。
|
|
3
3
|
// 浏览器环境使用原生 WebSocket + fetch + SubtleCrypto。
|
|
4
4
|
import { base64ToUint8, uint8ToBase64, pemToArrayBuffer, toBufferSource } from './crypto.js';
|
|
5
|
-
import { AuthError,
|
|
5
|
+
import { AuthError, StateError, ValidationError, mapRemoteError } from './errors.js';
|
|
6
6
|
import { ROOT_CA_PEM } from './certs/root.js';
|
|
7
7
|
import { VERSION as AUN_SDK_VERSION } from './version.js';
|
|
8
8
|
const _noopLog = { error: () => { }, warn: () => { }, info: () => { }, debug: () => { } };
|
|
@@ -345,13 +345,14 @@ export class AuthFlow {
|
|
|
345
345
|
'kite_token',
|
|
346
346
|
'access_token_expires_at',
|
|
347
347
|
];
|
|
348
|
-
|
|
348
|
+
_tokenStore;
|
|
349
349
|
_crypto;
|
|
350
350
|
_aid;
|
|
351
351
|
_deviceId;
|
|
352
352
|
_slotId;
|
|
353
353
|
_rootCaPem;
|
|
354
354
|
_verifySsl;
|
|
355
|
+
_memIdentity = null;
|
|
355
356
|
// 缓存
|
|
356
357
|
_rootCerts = null;
|
|
357
358
|
_gatewayChainCache = new Map();
|
|
@@ -361,7 +362,7 @@ export class AuthFlow {
|
|
|
361
362
|
_chainCacheTtl;
|
|
362
363
|
_gatewayCaVerified = new Map();
|
|
363
364
|
constructor(opts) {
|
|
364
|
-
this.
|
|
365
|
+
this._tokenStore = opts.tokenStore;
|
|
365
366
|
this._crypto = opts.crypto;
|
|
366
367
|
this._aid = opts.aid ?? null;
|
|
367
368
|
this._deviceId = String(opts.deviceId ?? '').trim();
|
|
@@ -371,13 +372,19 @@ export class AuthFlow {
|
|
|
371
372
|
this._chainCacheTtl = opts.chainCacheTtl ?? 86400;
|
|
372
373
|
}
|
|
373
374
|
// ── 公开 API ──────────────────────────────────────
|
|
375
|
+
/** 注入内存私钥,禁止 AuthFlow 内部再走 tokenStore 解密 */
|
|
376
|
+
setIdentity(identity) {
|
|
377
|
+
this._memIdentity = identity;
|
|
378
|
+
if (identity?.aid)
|
|
379
|
+
this._aid = String(identity.aid);
|
|
380
|
+
}
|
|
374
381
|
/** 加载本地身份信息 */
|
|
375
382
|
async loadIdentity(aid) {
|
|
376
383
|
const tStart = Date.now();
|
|
377
384
|
this._log.debug(`loadIdentity enter: aid=${aid ?? '<current>'}`);
|
|
378
385
|
try {
|
|
379
386
|
const identity = await this._loadIdentityOrRaise(aid);
|
|
380
|
-
const cert = await this.
|
|
387
|
+
const cert = await this._tokenStore.loadCert(identity.aid);
|
|
381
388
|
if (cert)
|
|
382
389
|
identity.cert = cert;
|
|
383
390
|
const instanceState = await this._loadInstanceState(identity.aid);
|
|
@@ -420,99 +427,10 @@ export class AuthFlow {
|
|
|
420
427
|
this._deviceId = String(opts.deviceId ?? '').trim();
|
|
421
428
|
this._slotId = String(opts.slotId ?? '').trim();
|
|
422
429
|
}
|
|
423
|
-
/**
|
|
424
|
-
* 严格注册新 AID(对齐 TS registerAid / Go RegisterAID)。
|
|
425
|
-
*
|
|
426
|
-
* 注册与认证彻底分离:此方法绝不被 SDK 内部自动调用,
|
|
427
|
-
* 必须由应用层显式调用。
|
|
428
|
-
*/
|
|
429
|
-
async registerAid(gatewayUrl, aid) {
|
|
430
|
-
const tStart = Date.now();
|
|
431
|
-
this._log.debug(`registerAid enter: aid=${aid} gateway=${gatewayUrl}`);
|
|
432
|
-
AuthFlow._validateAidName(aid);
|
|
433
|
-
try {
|
|
434
|
-
// Step 1: 本地已有 keypair → 查服务端做幂等/恢复
|
|
435
|
-
const existing = await this._keystore.loadIdentity(aid);
|
|
436
|
-
if (existing && existing.private_key_pem && existing.public_key_der_b64) {
|
|
437
|
-
this._log.debug(`registerAid: local keypair exists, checking server: aid=${aid}`);
|
|
438
|
-
const localPubB64 = String(existing.public_key_der_b64);
|
|
439
|
-
const serverCertPem = await this._downloadRegisteredCert(gatewayUrl, aid);
|
|
440
|
-
if (serverCertPem) {
|
|
441
|
-
// 服务端已注册 → 比对公钥
|
|
442
|
-
const serverCert = parseCertDer(serverCertPem);
|
|
443
|
-
const serverPubB64 = uint8ToBase64(serverCert.spkiBytes);
|
|
444
|
-
if (serverPubB64 !== localPubB64) {
|
|
445
|
-
throw new IdentityConflictError(`AID '${aid}' is registered by another party on server (public key mismatch). ` +
|
|
446
|
-
`Choose a different name.`);
|
|
447
|
-
}
|
|
448
|
-
// 公钥匹配 → 幂等返回;如本地缺 cert,把服务端 cert 写入
|
|
449
|
-
this._log.info(`registerAid: idempotent return for already-registered AID: aid=${aid}`);
|
|
450
|
-
if (!existing.cert) {
|
|
451
|
-
existing.cert = serverCertPem;
|
|
452
|
-
await this._persistIdentity(existing);
|
|
453
|
-
}
|
|
454
|
-
this._aid = aid;
|
|
455
|
-
return { aid, cert: serverCertPem };
|
|
456
|
-
}
|
|
457
|
-
else {
|
|
458
|
-
// 服务端无记录 → 用现有 keypair 发起注册
|
|
459
|
-
this._log.debug(`registerAid: server has no record, registering with existing keypair: aid=${aid}`);
|
|
460
|
-
const created = await this._createAid(gatewayUrl, existing);
|
|
461
|
-
const certPem = String(created.cert ?? '');
|
|
462
|
-
if (!certPem) {
|
|
463
|
-
throw new AuthError(`registerAid: server response missing cert for ${aid}`);
|
|
464
|
-
}
|
|
465
|
-
existing.cert = certPem;
|
|
466
|
-
// 校验 cert 公钥
|
|
467
|
-
const returnedCert = parseCertDer(certPem);
|
|
468
|
-
const certPubB64 = uint8ToBase64(returnedCert.spkiBytes);
|
|
469
|
-
if (certPubB64 !== localPubB64) {
|
|
470
|
-
throw new AuthError(`registerAid: server returned certificate with mismatched public key for ${aid}`);
|
|
471
|
-
}
|
|
472
|
-
await this._persistIdentity(existing);
|
|
473
|
-
this._aid = aid;
|
|
474
|
-
this._log.debug(`registerAid exit (recovered): elapsed=${Date.now() - tStart}ms aid=${aid}`);
|
|
475
|
-
return { aid, cert: certPem };
|
|
476
|
-
}
|
|
477
|
-
}
|
|
478
|
-
// Step 2: 先查服务端确认未注册
|
|
479
|
-
const serverCertPem = await this._downloadRegisteredCert(gatewayUrl, aid);
|
|
480
|
-
if (serverCertPem) {
|
|
481
|
-
throw new IdentityConflictError(`AID '${aid}' is already registered on server. ` +
|
|
482
|
-
`Choose a different name, or if you own the keypair use a recovery flow.`);
|
|
483
|
-
}
|
|
484
|
-
// Step 3: 生成 keypair
|
|
485
|
-
const identity = await this._crypto.generateIdentity();
|
|
486
|
-
identity.aid = aid;
|
|
487
|
-
// Step 4: RPC 注册(服务端方法名仍为 auth.create_aid)
|
|
488
|
-
const created = await this._createAid(gatewayUrl, identity);
|
|
489
|
-
const certPem = String(created.cert ?? '');
|
|
490
|
-
if (!certPem) {
|
|
491
|
-
throw new AuthError(`registerAid: server response missing cert for ${aid}`);
|
|
492
|
-
}
|
|
493
|
-
identity.cert = certPem;
|
|
494
|
-
// Step 5: 校验 cert 公钥 == 本地公钥
|
|
495
|
-
const returnedCert = parseCertDer(certPem);
|
|
496
|
-
const certPubB64 = uint8ToBase64(returnedCert.spkiBytes);
|
|
497
|
-
const localPubB64 = String(identity.public_key_der_b64);
|
|
498
|
-
if (certPubB64 !== localPubB64) {
|
|
499
|
-
throw new AuthError(`registerAid: server returned certificate with mismatched public key for ${aid}`);
|
|
500
|
-
}
|
|
501
|
-
// Step 6: 持久化
|
|
502
|
-
await this._persistIdentity(identity);
|
|
503
|
-
this._aid = aid;
|
|
504
|
-
this._log.debug(`registerAid exit: elapsed=${Date.now() - tStart}ms aid=${aid}`);
|
|
505
|
-
return { aid: identity.aid, cert: identity.cert };
|
|
506
|
-
}
|
|
507
|
-
catch (err) {
|
|
508
|
-
this._log.debug(`registerAid exit (error): elapsed=${Date.now() - tStart}ms aid=${aid} err=${err instanceof Error ? err.message : String(err)}`);
|
|
509
|
-
throw err;
|
|
510
|
-
}
|
|
511
|
-
}
|
|
512
430
|
/**
|
|
513
431
|
* 认证已有 AID — login1/login2 双阶段流程。
|
|
514
432
|
*
|
|
515
|
-
* 优先复用
|
|
433
|
+
* 优先复用 tokenStore 里的 cached access_token(未过期且有 refresh_token),
|
|
516
434
|
* 避免每次 authenticate 都走两阶段重登的网络往返。与 Python SDK 行为对齐。
|
|
517
435
|
*/
|
|
518
436
|
async authenticate(gatewayUrl, aid) {
|
|
@@ -522,9 +440,8 @@ export class AuthFlow {
|
|
|
522
440
|
const identity = await this._loadIdentityOrRaise(aid);
|
|
523
441
|
// 优先复用 cached access_token(未过期且有 refresh_token)
|
|
524
442
|
// 避免每次调 authenticate 都走两阶段重登
|
|
525
|
-
//
|
|
526
|
-
//
|
|
527
|
-
// 这里需要主动 _loadInstanceState 拿到 token,否则永远走 _login。
|
|
443
|
+
// _loadIdentityOrRaise 只使用注入的内存私钥;token 拆到 instance_state,
|
|
444
|
+
// 这里需要主动 _loadInstanceState 才能复用 cached token。
|
|
528
445
|
const instanceState = await this._loadInstanceState(identity.aid);
|
|
529
446
|
const identityWithState = instanceState
|
|
530
447
|
? { ...identity, ...instanceState }
|
|
@@ -961,15 +878,6 @@ export class AuthFlow {
|
|
|
961
878
|
clearTimeout(timeoutId);
|
|
962
879
|
}
|
|
963
880
|
}
|
|
964
|
-
// ── 内部方法:AID 创建 ───────────────────────────
|
|
965
|
-
async _createAid(gatewayUrl, identity) {
|
|
966
|
-
const response = await this._shortRpc(gatewayUrl, 'auth.create_aid', {
|
|
967
|
-
aid: identity.aid,
|
|
968
|
-
public_key: identity.public_key_der_b64,
|
|
969
|
-
curve: identity.curve ?? 'P-256',
|
|
970
|
-
});
|
|
971
|
-
return { cert: response.cert };
|
|
972
|
-
}
|
|
973
881
|
/**
|
|
974
882
|
* 从服务端下载指定 AID 的证书(公开 API)。
|
|
975
883
|
*
|
|
@@ -1549,51 +1457,54 @@ export class AuthFlow {
|
|
|
1549
1457
|
/** 加载身份,不存在或半成品时抛出异常 */
|
|
1550
1458
|
async _loadIdentityOrRaise(aid) {
|
|
1551
1459
|
const requestedAid = aid ?? this._aid;
|
|
1552
|
-
|
|
1553
|
-
|
|
1554
|
-
|
|
1555
|
-
|
|
1460
|
+
// 优先路径:使用注入的内存 identity(私钥已由 AIDStore 解密并传入)
|
|
1461
|
+
if (this._memIdentity) {
|
|
1462
|
+
const mem = this._memIdentity;
|
|
1463
|
+
if (requestedAid && String(mem.aid ?? '') !== requestedAid) {
|
|
1464
|
+
throw new StateError(`identity mismatch: requested ${requestedAid}, loaded ${mem.aid}`);
|
|
1556
1465
|
}
|
|
1557
|
-
|
|
1558
|
-
|
|
1559
|
-
throw new StateError(`local identity for aid ${requestedAid} is incomplete (missing keypair); ` +
|
|
1560
|
-
`call auth.registerAid() first`);
|
|
1466
|
+
if (!mem.private_key_pem || !mem.public_key_der_b64) {
|
|
1467
|
+
throw new StateError(`injected identity for aid ${mem.aid} is incomplete (missing keypair)`);
|
|
1561
1468
|
}
|
|
1562
|
-
|
|
1563
|
-
|
|
1564
|
-
|
|
1565
|
-
return existing;
|
|
1469
|
+
if (requestedAid)
|
|
1470
|
+
this._aid = requestedAid;
|
|
1471
|
+
return { ...mem };
|
|
1566
1472
|
}
|
|
1567
|
-
|
|
1473
|
+
if (requestedAid) {
|
|
1474
|
+
throw new StateError(`no injected identity for aid ${requestedAid}; call AUNClient.loadIdentity(aid) first`);
|
|
1475
|
+
}
|
|
1476
|
+
throw new StateError('no local identity found, call AUNClient.loadIdentity(aid) first');
|
|
1568
1477
|
}
|
|
1569
1478
|
// (_ensureIdentity 已移除:注册和登录彻底分离)
|
|
1570
1479
|
async _loadInstanceState(aid) {
|
|
1571
|
-
if (typeof this.
|
|
1480
|
+
if (typeof this._tokenStore.loadInstanceState !== 'function') {
|
|
1572
1481
|
return null;
|
|
1573
1482
|
}
|
|
1574
|
-
return (await this.
|
|
1483
|
+
return (await this._tokenStore.loadInstanceState(aid, this._deviceId, this._slotId));
|
|
1575
1484
|
}
|
|
1576
1485
|
async _persistIdentity(identity) {
|
|
1577
1486
|
const aid = String(identity.aid ?? '');
|
|
1578
1487
|
if (!aid) {
|
|
1579
1488
|
throw new StateError('identity missing aid');
|
|
1580
1489
|
}
|
|
1581
|
-
const persisted = { ...identity };
|
|
1582
1490
|
const instanceState = {};
|
|
1583
1491
|
const instanceStateRecord = instanceState;
|
|
1584
|
-
const persistedRecord =
|
|
1492
|
+
const persistedRecord = { ...identity };
|
|
1585
1493
|
for (const key of AuthFlow._INSTANCE_STATE_FIELDS) {
|
|
1586
|
-
if (key in
|
|
1494
|
+
if (key in persistedRecord) {
|
|
1587
1495
|
instanceStateRecord[key] = persistedRecord[key];
|
|
1588
1496
|
delete persistedRecord[key];
|
|
1589
1497
|
}
|
|
1590
1498
|
}
|
|
1591
|
-
|
|
1499
|
+
const certPem = String(persistedRecord.cert ?? '');
|
|
1500
|
+
if (certPem) {
|
|
1501
|
+
await this._tokenStore.saveCert(aid, certPem);
|
|
1502
|
+
}
|
|
1592
1503
|
// 实例级字段已拆分到 instance_state,无需从共享 metadata 清理
|
|
1593
|
-
if (Object.keys(instanceState).length === 0 || typeof this.
|
|
1504
|
+
if (Object.keys(instanceState).length === 0 || typeof this._tokenStore.updateInstanceState !== 'function') {
|
|
1594
1505
|
return;
|
|
1595
1506
|
}
|
|
1596
|
-
await this.
|
|
1507
|
+
await this._tokenStore.updateInstanceState(aid, this._deviceId, this._slotId, (current) => {
|
|
1597
1508
|
Object.assign(current, instanceState);
|
|
1598
1509
|
return current;
|
|
1599
1510
|
});
|