@arbidocs/client 0.3.19 → 0.3.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +17 -90
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +687 -199
- package/dist/index.d.ts +687 -199
- package/dist/index.js +16 -88
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -10,7 +10,6 @@ function createInitialState() {
|
|
|
10
10
|
userEmail: null,
|
|
11
11
|
userExtId: null,
|
|
12
12
|
selectedWorkspaceId: null,
|
|
13
|
-
cachedWorkspaceHeaders: {},
|
|
14
13
|
isSsoMode: false,
|
|
15
14
|
isAuth0Authenticated: false,
|
|
16
15
|
auth0AccessToken: null
|
|
@@ -41,25 +40,6 @@ function createSessionManager() {
|
|
|
41
40
|
state = { ...state, selectedWorkspaceId: id };
|
|
42
41
|
notify();
|
|
43
42
|
},
|
|
44
|
-
setCachedWorkspaceHeader(workspaceId, header) {
|
|
45
|
-
state = {
|
|
46
|
-
...state,
|
|
47
|
-
cachedWorkspaceHeaders: {
|
|
48
|
-
...state.cachedWorkspaceHeaders,
|
|
49
|
-
[workspaceId]: header
|
|
50
|
-
}
|
|
51
|
-
};
|
|
52
|
-
notify();
|
|
53
|
-
},
|
|
54
|
-
clearWorkspaceHeaders() {
|
|
55
|
-
state = { ...state, cachedWorkspaceHeaders: {} };
|
|
56
|
-
notify();
|
|
57
|
-
},
|
|
58
|
-
getWorkspaceKeyHeader() {
|
|
59
|
-
const { selectedWorkspaceId, cachedWorkspaceHeaders } = state;
|
|
60
|
-
if (!selectedWorkspaceId) return null;
|
|
61
|
-
return cachedWorkspaceHeaders[selectedWorkspaceId] ?? null;
|
|
62
|
-
},
|
|
63
43
|
setSsoState(opts) {
|
|
64
44
|
state = {
|
|
65
45
|
...state,
|
|
@@ -86,11 +66,6 @@ function createTokenProvider(session) {
|
|
|
86
66
|
getAccessToken: () => session.getState().accessToken
|
|
87
67
|
};
|
|
88
68
|
}
|
|
89
|
-
function createWorkspaceKeyProvider(session) {
|
|
90
|
-
return {
|
|
91
|
-
getWorkspaceKeyHeader: () => session.getWorkspaceKeyHeader()
|
|
92
|
-
};
|
|
93
|
-
}
|
|
94
69
|
function createAuthStateProvider(session) {
|
|
95
70
|
return {
|
|
96
71
|
getUserEmail: () => session.getState().userEmail,
|
|
@@ -103,9 +78,7 @@ function createAuthStateProvider(session) {
|
|
|
103
78
|
};
|
|
104
79
|
},
|
|
105
80
|
getSelectedWorkspaceId: () => session.getState().selectedWorkspaceId,
|
|
106
|
-
setAccessToken: (token) => session.setAccessToken(token)
|
|
107
|
-
clearWorkspaceHeaders: () => session.clearWorkspaceHeaders(),
|
|
108
|
-
setCachedWorkspaceHeader: (workspaceId, header) => session.setCachedWorkspaceHeader(workspaceId, header)
|
|
81
|
+
setAccessToken: (token) => session.setAccessToken(token)
|
|
109
82
|
};
|
|
110
83
|
}
|
|
111
84
|
var sodiumReady = null;
|
|
@@ -178,10 +151,9 @@ function signMessage(message, privateKey) {
|
|
|
178
151
|
const signature = sodium.crypto_sign_detached(messageBytes, privateKey);
|
|
179
152
|
return base64Encode(signature);
|
|
180
153
|
}
|
|
181
|
-
async function
|
|
154
|
+
async function sealKeyForSession(workspaceKey, serverSessionPublicKey) {
|
|
182
155
|
await initSodium();
|
|
183
|
-
|
|
184
|
-
return encryptedKey;
|
|
156
|
+
return sealedBoxEncrypt(workspaceKey, serverSessionPublicKey);
|
|
185
157
|
}
|
|
186
158
|
function sealedBoxDecrypt(encryptedBase64, userEncryptionPrivateKey) {
|
|
187
159
|
const encrypted = base64ToBytes(encryptedBase64);
|
|
@@ -204,6 +176,10 @@ function deriveEncryptionKeypairFromSigning(signingKeyPair) {
|
|
|
204
176
|
secretKey: encryptionPrivateKey
|
|
205
177
|
};
|
|
206
178
|
}
|
|
179
|
+
function generateRandomSigningKeypair() {
|
|
180
|
+
const kp = sodium.crypto_sign_keypair();
|
|
181
|
+
return { publicKey: kp.publicKey, secretKey: kp.privateKey };
|
|
182
|
+
}
|
|
207
183
|
async function computeSharedSecret(theirPublicKeyBase64, myPrivateKey) {
|
|
208
184
|
await initSodium();
|
|
209
185
|
const theirPublicKey = base64ToBytes(theirPublicKeyBase64);
|
|
@@ -356,27 +332,6 @@ function createBearerAuthMiddleware(config) {
|
|
|
356
332
|
};
|
|
357
333
|
}
|
|
358
334
|
|
|
359
|
-
// src/middleware/workspace-key.ts
|
|
360
|
-
function needsWorkspaceKey(url, urlConfig) {
|
|
361
|
-
if (urlConfig.excludePatterns.some((pattern) => url.includes(pattern))) {
|
|
362
|
-
return false;
|
|
363
|
-
}
|
|
364
|
-
return urlConfig.includePatterns.some((pattern) => url.includes(pattern));
|
|
365
|
-
}
|
|
366
|
-
function createWorkspaceKeyMiddleware(config) {
|
|
367
|
-
return {
|
|
368
|
-
async onRequest({ request }) {
|
|
369
|
-
if (needsWorkspaceKey(request.url, config.urlConfig)) {
|
|
370
|
-
const workspaceHeader = config.workspaceKeyProvider.getWorkspaceKeyHeader();
|
|
371
|
-
if (workspaceHeader) {
|
|
372
|
-
request.headers.set("Workspace-Key", workspaceHeader);
|
|
373
|
-
}
|
|
374
|
-
}
|
|
375
|
-
return request;
|
|
376
|
-
}
|
|
377
|
-
};
|
|
378
|
-
}
|
|
379
|
-
|
|
380
335
|
// src/middleware/auto-relogin.ts
|
|
381
336
|
function createAutoReloginMiddleware(config) {
|
|
382
337
|
return {
|
|
@@ -508,9 +463,8 @@ function createReloginHandler(deps) {
|
|
|
508
463
|
userExtId: loginResult.userExtId,
|
|
509
464
|
serverSessionKey: loginResult.sessionKey
|
|
510
465
|
});
|
|
511
|
-
|
|
466
|
+
const activeToken = loginResult.accessToken;
|
|
512
467
|
deps.authState.setAccessToken(activeToken);
|
|
513
|
-
deps.authState.clearWorkspaceHeaders();
|
|
514
468
|
const selectedWorkspaceId = deps.authState.getSelectedWorkspaceId();
|
|
515
469
|
if (selectedWorkspaceId) {
|
|
516
470
|
try {
|
|
@@ -523,22 +477,17 @@ function createReloginHandler(deps) {
|
|
|
523
477
|
wrappedKey,
|
|
524
478
|
encryptionKeyPair.secretKey
|
|
525
479
|
);
|
|
526
|
-
const encryptedWorkspaceKey = await deps.crypto.
|
|
480
|
+
const encryptedWorkspaceKey = await deps.crypto.sealKeyForSession(
|
|
527
481
|
workspaceKey,
|
|
528
482
|
loginResult.sessionKey
|
|
529
483
|
);
|
|
530
|
-
deps.authState.setCachedWorkspaceHeader(selectedWorkspaceId, encryptedWorkspaceKey);
|
|
531
484
|
if (deps.workspaceOpenProvider) {
|
|
532
|
-
|
|
485
|
+
await deps.workspaceOpenProvider.openWorkspace(
|
|
533
486
|
loginResult.accessToken,
|
|
534
487
|
selectedWorkspaceId,
|
|
535
488
|
encryptedWorkspaceKey
|
|
536
489
|
);
|
|
537
|
-
|
|
538
|
-
activeToken = workspaceJwt;
|
|
539
|
-
deps.authState.setAccessToken(activeToken);
|
|
540
|
-
console.info("[API] Workspace-scoped JWT obtained after re-login");
|
|
541
|
-
}
|
|
490
|
+
console.info("[API] Workspace re-opened after re-login");
|
|
542
491
|
}
|
|
543
492
|
}
|
|
544
493
|
} catch (error) {
|
|
@@ -918,6 +867,7 @@ async function performLogin(request, signingPrivateKey, deps) {
|
|
|
918
867
|
return {
|
|
919
868
|
accessToken: data.access_token,
|
|
920
869
|
userExtId: data.user.external_id ?? void 0,
|
|
870
|
+
parentExtId: data.user.parent_ext_id ?? null,
|
|
921
871
|
signingPrivateKey,
|
|
922
872
|
serverSessionKey
|
|
923
873
|
};
|
|
@@ -954,21 +904,6 @@ async function changePassword(params, deps) {
|
|
|
954
904
|
|
|
955
905
|
// src/client.ts
|
|
956
906
|
var API_PREFIX = "/v1";
|
|
957
|
-
var DEFAULT_WORKSPACE_KEY_URL_CONFIG = {
|
|
958
|
-
excludePatterns: [
|
|
959
|
-
`${API_PREFIX}/user/`,
|
|
960
|
-
`${API_PREFIX}/health/`,
|
|
961
|
-
`${API_PREFIX}/configs/`,
|
|
962
|
-
`${API_PREFIX}/workspace/create`
|
|
963
|
-
],
|
|
964
|
-
includePatterns: [
|
|
965
|
-
`${API_PREFIX}/workspace/wrk-`,
|
|
966
|
-
`${API_PREFIX}/document/`,
|
|
967
|
-
`${API_PREFIX}/conversation/`,
|
|
968
|
-
`${API_PREFIX}/assistant/`,
|
|
969
|
-
`${API_PREFIX}/tag/`
|
|
970
|
-
]
|
|
971
|
-
};
|
|
972
907
|
var RETRYABLE_CODES = /* @__PURE__ */ new Set([
|
|
973
908
|
"ECONNREFUSED",
|
|
974
909
|
"ECONNRESET",
|
|
@@ -1007,7 +942,6 @@ function createArbiClient(options) {
|
|
|
1007
942
|
const {
|
|
1008
943
|
baseUrl,
|
|
1009
944
|
deploymentDomain,
|
|
1010
|
-
workspaceKeyUrlConfig = DEFAULT_WORKSPACE_KEY_URL_CONFIG,
|
|
1011
945
|
reloginExcludePatterns = [`${API_PREFIX}/user/login`],
|
|
1012
946
|
credentials = "include",
|
|
1013
947
|
ssoTokenProvider = null,
|
|
@@ -1016,14 +950,13 @@ function createArbiClient(options) {
|
|
|
1016
950
|
const retryFetch = createRetryFetch();
|
|
1017
951
|
const session = createSessionManager();
|
|
1018
952
|
const tokenProvider = createTokenProvider(session);
|
|
1019
|
-
const workspaceKeyProvider = createWorkspaceKeyProvider(session);
|
|
1020
953
|
const authState = createAuthStateProvider(session);
|
|
1021
954
|
const cryptoProvider = {
|
|
1022
955
|
ensureReady: initSodium,
|
|
1023
956
|
signMessage,
|
|
1024
957
|
deriveEncryptionKeypair: deriveEncryptionKeypairFromSigning,
|
|
1025
958
|
sealedBoxDecrypt,
|
|
1026
|
-
|
|
959
|
+
sealKeyForSession,
|
|
1027
960
|
fromBase64: base64ToBytes
|
|
1028
961
|
};
|
|
1029
962
|
const loginProvider = {
|
|
@@ -1086,12 +1019,6 @@ function createArbiClient(options) {
|
|
|
1086
1019
|
fetch: retryFetch
|
|
1087
1020
|
});
|
|
1088
1021
|
fetchClient.use(createBearerAuthMiddleware({ tokenProvider }));
|
|
1089
|
-
fetchClient.use(
|
|
1090
|
-
createWorkspaceKeyMiddleware({
|
|
1091
|
-
workspaceKeyProvider,
|
|
1092
|
-
urlConfig: workspaceKeyUrlConfig
|
|
1093
|
-
})
|
|
1094
|
-
);
|
|
1095
1022
|
fetchClient.use(
|
|
1096
1023
|
createAutoReloginMiddleware({
|
|
1097
1024
|
reloginHandler,
|
|
@@ -1120,8 +1047,9 @@ function createArbiClient(options) {
|
|
|
1120
1047
|
signMessage,
|
|
1121
1048
|
sealedBoxDecrypt,
|
|
1122
1049
|
sealedBoxEncrypt,
|
|
1123
|
-
|
|
1050
|
+
sealKeyForSession,
|
|
1124
1051
|
deriveEncryptionKeypairFromSigning,
|
|
1052
|
+
generateRandomSigningKeypair,
|
|
1125
1053
|
derivePublicKey,
|
|
1126
1054
|
base64ToBytes,
|
|
1127
1055
|
bytesToBase64,
|
|
@@ -1165,6 +1093,6 @@ function isMessageType(msg, type) {
|
|
|
1165
1093
|
return msg.type === type;
|
|
1166
1094
|
}
|
|
1167
1095
|
|
|
1168
|
-
export { API_PREFIX, base64Decode, base64Encode, base64ToBytes, buildWebSocketUrl, bytesToBase64, clearAllData, clearSession, computeSharedSecret, createArbiClient, createAuthMessage, createAutoReloginMiddleware, createBearerAuthMiddleware, createReloginHandler, createSessionManager,
|
|
1096
|
+
export { API_PREFIX, base64Decode, base64Encode, base64ToBytes, buildWebSocketUrl, bytesToBase64, clearAllData, clearSession, computeSharedSecret, createArbiClient, createAuthMessage, createAutoReloginMiddleware, createBearerAuthMiddleware, createReloginHandler, createSessionManager, decryptMessage, decryptMessageWithSharedSecret, deriveEncryptionKeypairFromSigning, derivePublicKey, encryptMessage, encryptMessageWithSharedSecret, generateKeyPairs, generateLoginCredentials, generateLoginCredentialsFromKey, generatePasswordChangeCredentials, generateRandomSigningKeypair, generateRecoveryPasswordChangeCredentials, generateRegistrationCredentials, generateUserKeypairs, getSession, hasSession, initSodium, initializeDatabase, isMessageType, parseServerMessage, saveSession, sealKeyForSession, sealedBoxDecrypt, sealedBoxEncrypt, signMessage, updateSigningPrivateKey };
|
|
1169
1097
|
//# sourceMappingURL=index.js.map
|
|
1170
1098
|
//# sourceMappingURL=index.js.map
|