@arbidocs/client 0.3.19 → 0.3.21

package/dist/index.cjs

@@ -17,7 +17,6 @@ function createInitialState() {
     userEmail: null,
     userExtId: null,
     selectedWorkspaceId: null,
-    cachedWorkspaceHeaders: {},
     isSsoMode: false,
     isAuth0Authenticated: false,
     auth0AccessToken: null
@@ -48,25 +47,6 @@ function createSessionManager() {
       state = { ...state, selectedWorkspaceId: id };
       notify();
     },
-    setCachedWorkspaceHeader(workspaceId, header) {
-      state = {
-        ...state,
-        cachedWorkspaceHeaders: {
-          ...state.cachedWorkspaceHeaders,
-          [workspaceId]: header
-        }
-      };
-      notify();
-    },
-    clearWorkspaceHeaders() {
-      state = { ...state, cachedWorkspaceHeaders: {} };
-      notify();
-    },
-    getWorkspaceKeyHeader() {
-      const { selectedWorkspaceId, cachedWorkspaceHeaders } = state;
-      if (!selectedWorkspaceId) return null;
-      return cachedWorkspaceHeaders[selectedWorkspaceId] ?? null;
-    },
     setSsoState(opts) {
       state = {
         ...state,
@@ -93,11 +73,6 @@ function createTokenProvider(session) {
     getAccessToken: () => session.getState().accessToken
   };
 }
-function createWorkspaceKeyProvider(session) {
-  return {
-    getWorkspaceKeyHeader: () => session.getWorkspaceKeyHeader()
-  };
-}
 function createAuthStateProvider(session) {
   return {
     getUserEmail: () => session.getState().userEmail,
@@ -110,9 +85,7 @@ function createAuthStateProvider(session) {
       };
     },
     getSelectedWorkspaceId: () => session.getState().selectedWorkspaceId,
-    setAccessToken: (token) => session.setAccessToken(token),
-    clearWorkspaceHeaders: () => session.clearWorkspaceHeaders(),
-    setCachedWorkspaceHeader: (workspaceId, header) => session.setCachedWorkspaceHeader(workspaceId, header)
+    setAccessToken: (token) => session.setAccessToken(token)
   };
 }
 var sodiumReady = null;
@@ -185,10 +158,9 @@ function signMessage(message, privateKey) {
   const signature = sodium__default.default.crypto_sign_detached(messageBytes, privateKey);
   return base64Encode(signature);
 }
-async function createWorkspaceKeyHeader(workspaceKey, serverSessionPublicKey) {
+async function sealKeyForSession(workspaceKey, serverSessionPublicKey) {
   await initSodium();
-  const encryptedKey = sealedBoxEncrypt(workspaceKey, serverSessionPublicKey);
-  return encryptedKey;
+  return sealedBoxEncrypt(workspaceKey, serverSessionPublicKey);
 }
 function sealedBoxDecrypt(encryptedBase64, userEncryptionPrivateKey) {
   const encrypted = base64ToBytes(encryptedBase64);
@@ -211,6 +183,10 @@ function deriveEncryptionKeypairFromSigning(signingKeyPair) {
     secretKey: encryptionPrivateKey
   };
 }
+function generateRandomSigningKeypair() {
+  const kp = sodium__default.default.crypto_sign_keypair();
+  return { publicKey: kp.publicKey, secretKey: kp.privateKey };
+}
 async function computeSharedSecret(theirPublicKeyBase64, myPrivateKey) {
   await initSodium();
   const theirPublicKey = base64ToBytes(theirPublicKeyBase64);
@@ -363,27 +339,6 @@ function createBearerAuthMiddleware(config) {
   };
 }
 
-// src/middleware/workspace-key.ts
-function needsWorkspaceKey(url, urlConfig) {
-  if (urlConfig.excludePatterns.some((pattern) => url.includes(pattern))) {
-    return false;
-  }
-  return urlConfig.includePatterns.some((pattern) => url.includes(pattern));
-}
-function createWorkspaceKeyMiddleware(config) {
-  return {
-    async onRequest({ request }) {
-      if (needsWorkspaceKey(request.url, config.urlConfig)) {
-        const workspaceHeader = config.workspaceKeyProvider.getWorkspaceKeyHeader();
-        if (workspaceHeader) {
-          request.headers.set("Workspace-Key", workspaceHeader);
-        }
-      }
-      return request;
-    }
-  };
-}
-
 // src/middleware/auto-relogin.ts
 function createAutoReloginMiddleware(config) {
   return {
@@ -515,9 +470,8 @@ function createReloginHandler(deps) {
           userExtId: loginResult.userExtId,
           serverSessionKey: loginResult.sessionKey
         });
-        let activeToken = loginResult.accessToken;
+        const activeToken = loginResult.accessToken;
         deps.authState.setAccessToken(activeToken);
-        deps.authState.clearWorkspaceHeaders();
         const selectedWorkspaceId = deps.authState.getSelectedWorkspaceId();
         if (selectedWorkspaceId) {
           try {
@@ -530,22 +484,17 @@ function createReloginHandler(deps) {
                 wrappedKey,
                 encryptionKeyPair.secretKey
               );
-              const encryptedWorkspaceKey = await deps.crypto.createWorkspaceKeyHeader(
+              const encryptedWorkspaceKey = await deps.crypto.sealKeyForSession(
                 workspaceKey,
                 loginResult.sessionKey
               );
-              deps.authState.setCachedWorkspaceHeader(selectedWorkspaceId, encryptedWorkspaceKey);
               if (deps.workspaceOpenProvider) {
-                const workspaceJwt = await deps.workspaceOpenProvider.openWorkspace(
+                await deps.workspaceOpenProvider.openWorkspace(
                   loginResult.accessToken,
                   selectedWorkspaceId,
                   encryptedWorkspaceKey
                 );
-                if (workspaceJwt) {
-                  activeToken = workspaceJwt;
-                  deps.authState.setAccessToken(activeToken);
-                  console.info("[API] Workspace-scoped JWT obtained after re-login");
-                }
+                console.info("[API] Workspace re-opened after re-login");
               }
             }
           } catch (error) {
@@ -925,6 +874,7 @@ async function performLogin(request, signingPrivateKey, deps) {
   return {
     accessToken: data.access_token,
     userExtId: data.user.external_id ?? void 0,
+    parentExtId: data.user.parent_ext_id ?? null,
     signingPrivateKey,
     serverSessionKey
   };
@@ -961,21 +911,6 @@ async function changePassword(params, deps) {
 
 // src/client.ts
 var API_PREFIX = "/v1";
-var DEFAULT_WORKSPACE_KEY_URL_CONFIG = {
-  excludePatterns: [
-    `${API_PREFIX}/user/`,
-    `${API_PREFIX}/health/`,
-    `${API_PREFIX}/configs/`,
-    `${API_PREFIX}/workspace/create`
-  ],
-  includePatterns: [
-    `${API_PREFIX}/workspace/wrk-`,
-    `${API_PREFIX}/document/`,
-    `${API_PREFIX}/conversation/`,
-    `${API_PREFIX}/assistant/`,
-    `${API_PREFIX}/tag/`
-  ]
-};
 var RETRYABLE_CODES = /* @__PURE__ */ new Set([
   "ECONNREFUSED",
   "ECONNRESET",
@@ -1014,7 +949,6 @@ function createArbiClient(options) {
   const {
     baseUrl,
     deploymentDomain,
-    workspaceKeyUrlConfig = DEFAULT_WORKSPACE_KEY_URL_CONFIG,
     reloginExcludePatterns = [`${API_PREFIX}/user/login`],
     credentials = "include",
     ssoTokenProvider = null,
@@ -1023,14 +957,13 @@ function createArbiClient(options) {
   const retryFetch = createRetryFetch();
   const session = createSessionManager();
   const tokenProvider = createTokenProvider(session);
-  const workspaceKeyProvider = createWorkspaceKeyProvider(session);
   const authState = createAuthStateProvider(session);
   const cryptoProvider = {
     ensureReady: initSodium,
     signMessage,
     deriveEncryptionKeypair: deriveEncryptionKeypairFromSigning,
     sealedBoxDecrypt,
-    createWorkspaceKeyHeader,
+    sealKeyForSession,
     fromBase64: base64ToBytes
   };
   const loginProvider = {
@@ -1093,12 +1026,6 @@ function createArbiClient(options) {
     fetch: retryFetch
   });
   fetchClient.use(createBearerAuthMiddleware({ tokenProvider }));
-  fetchClient.use(
-    createWorkspaceKeyMiddleware({
-      workspaceKeyProvider,
-      urlConfig: workspaceKeyUrlConfig
-    })
-  );
   fetchClient.use(
     createAutoReloginMiddleware({
       reloginHandler,
@@ -1127,8 +1054,9 @@ function createArbiClient(options) {
       signMessage,
       sealedBoxDecrypt,
       sealedBoxEncrypt,
-      createWorkspaceKeyHeader,
+      sealKeyForSession,
       deriveEncryptionKeypairFromSigning,
+      generateRandomSigningKeypair,
       derivePublicKey,
       base64ToBytes,
       bytesToBase64,
@@ -1187,8 +1115,6 @@ exports.createAutoReloginMiddleware = createAutoReloginMiddleware;
 exports.createBearerAuthMiddleware = createBearerAuthMiddleware;
 exports.createReloginHandler = createReloginHandler;
 exports.createSessionManager = createSessionManager;
-exports.createWorkspaceKeyHeader = createWorkspaceKeyHeader;
-exports.createWorkspaceKeyMiddleware = createWorkspaceKeyMiddleware;
 exports.decryptMessage = decryptMessage;
 exports.decryptMessageWithSharedSecret = decryptMessageWithSharedSecret;
 exports.deriveEncryptionKeypairFromSigning = deriveEncryptionKeypairFromSigning;
@@ -1199,6 +1125,7 @@ exports.generateKeyPairs = generateKeyPairs;
 exports.generateLoginCredentials = generateLoginCredentials;
 exports.generateLoginCredentialsFromKey = generateLoginCredentialsFromKey;
 exports.generatePasswordChangeCredentials = generatePasswordChangeCredentials;
+exports.generateRandomSigningKeypair = generateRandomSigningKeypair;
 exports.generateRecoveryPasswordChangeCredentials = generateRecoveryPasswordChangeCredentials;
 exports.generateRegistrationCredentials = generateRegistrationCredentials;
 exports.generateUserKeypairs = generateUserKeypairs;
@@ -1207,9 +1134,9 @@ exports.hasSession = hasSession;
 exports.initSodium = initSodium;
 exports.initializeDatabase = initializeDatabase;
 exports.isMessageType = isMessageType;
-exports.needsWorkspaceKey = needsWorkspaceKey;
 exports.parseServerMessage = parseServerMessage;
 exports.saveSession = saveSession;
+exports.sealKeyForSession = sealKeyForSession;
 exports.sealedBoxDecrypt = sealedBoxDecrypt;
 exports.sealedBoxEncrypt = sealedBoxEncrypt;
 exports.signMessage = signMessage;