@bsv/sdk 1.3.28 → 1.3.30

package/src/auth/SessionManager.ts

@@ -1,55 +1,112 @@
 import { PeerSession } from './types.js'
 
 /**
- * Manages sessions for peers, allowing sessions to be added, retrieved, updated, and removed
- * by relevant identifiers (sessionNonce and peerIdentityKey).
+ * Manages sessions for peers, allowing multiple concurrent sessions
+ * per identity key. Primary lookup is always by `sessionNonce`.
  */
 export class SessionManager {
-  private readonly identifierToSession: Map<string, PeerSession>
+  /**
+   * Maps sessionNonce -> PeerSession
+   */
+  private readonly sessionNonceToSession: Map<string, PeerSession>
+
+  /**
+   * Maps identityKey -> Set of sessionNonces
+   */
+  private readonly identityKeyToNonces: Map<string, Set<string>>
 
   constructor () {
-    this.identifierToSession = new Map<string, PeerSession>()
+    this.sessionNonceToSession = new Map<string, PeerSession>()
+    this.identityKeyToNonces = new Map<string, Set<string>>()
   }
 
   /**
-   * Adds a session to the manager, associating it with relevant identifiers for retrieval.
+   * Adds a session to the manager, associating it with its sessionNonce,
+   * and also with its peerIdentityKey (if any).
+   *
+   * This does NOT overwrite existing sessions for the same peerIdentityKey,
+   * allowing multiple concurrent sessions for the same peer.
    *
    * @param {PeerSession} session - The peer session to add.
    */
   addSession (session: PeerSession): void {
-    if ((session.sessionNonce === null || session.sessionNonce === undefined || session.sessionNonce === '') &&
-      (session.peerIdentityKey === null || session.peerIdentityKey === undefined || session.peerIdentityKey === '')) {
+    if (typeof session.sessionNonce !== 'string') {
       throw new Error(
-        'Invalid session: at least one of sessionNonce or peerIdentityKey is required.'
+        'Invalid session: sessionNonce is required to add a session.'
       )
     }
 
-    if (session.sessionNonce !== null && session.sessionNonce !== undefined && session.sessionNonce !== '') {
-      this.identifierToSession.set(session.sessionNonce, session)
-    }
-    if (session.peerIdentityKey !== null && session.peerIdentityKey !== undefined && session.peerIdentityKey !== '') {
-      this.identifierToSession.set(session.peerIdentityKey, session)
+    // Use the sessionNonce as the primary key
+    this.sessionNonceToSession.set(session.sessionNonce, session)
+
+    // Also track it by identity key if present
+    if (typeof session.peerIdentityKey === 'string') {
+      let nonces = this.identityKeyToNonces.get(session.peerIdentityKey)
+      if (nonces == null) {
+        nonces = new Set<string>()
+        this.identityKeyToNonces.set(session.peerIdentityKey, nonces)
+      }
+      nonces.add(session.sessionNonce)
     }
   }
 
   /**
-   * Updates a session in the manager, ensuring that all identifiers are correctly associated.
+   * Updates a session in the manager (primarily by re-adding it),
+   * ensuring we record the latest data (e.g., isAuthenticated, lastUpdate, etc.).
    *
    * @param {PeerSession} session - The peer session to update.
    */
   updateSession (session: PeerSession): void {
+    // Remove the old references (if any) and re-add
     this.removeSession(session)
     this.addSession(session)
   }
 
   /**
-   * Retrieves a session based on a given identifier.
+   * Retrieves a session based on a given identifier, which can be:
+   *  - A sessionNonce, or
+   *  - A peerIdentityKey.
+   *
+   * If it is a `sessionNonce`, returns that exact session.
+   * If it is a `peerIdentityKey`, returns the "best" (e.g. most recently updated,
+   * authenticated) session associated with that peer, if any.
    *
    * @param {string} identifier - The identifier for the session (sessionNonce or peerIdentityKey).
    * @returns {PeerSession | undefined} - The matching peer session, or undefined if not found.
    */
   getSession (identifier: string): PeerSession | undefined {
-    return this.identifierToSession.get(identifier)
+    // Check if this identifier is directly a sessionNonce
+    const direct = this.sessionNonceToSession.get(identifier)
+    if (direct != null) {
+      return direct
+    }
+
+    // Otherwise, interpret the identifier as an identity key
+    const nonces = this.identityKeyToNonces.get(identifier)
+    if ((nonces == null) || nonces.size === 0) {
+      return undefined
+    }
+
+    // Pick the "best" session. One sensible approach:
+    // - Choose an authenticated session if available
+    // - Among them, pick the most recently updated
+    let best: PeerSession | undefined
+    for (const nonce of nonces) {
+      const s = this.sessionNonceToSession.get(nonce)
+      if (s == null) continue
+      // We can prefer authenticated sessions
+      if (best == null) {
+        best = s
+      } else {
+        // If we want the "most recently updated" AND isAuthenticated
+        if ((s.lastUpdate ?? 0) > (best.lastUpdate ?? 0)) {
+          best = s
+        }
+      }
+    }
+    // Optionally, you could also filter out isAuthenticated===false if you only want
+    // an authenticated session. But for our usage, let's return the latest any session.
+    return best
   }
 
   /**
@@ -58,21 +115,31 @@ export class SessionManager {
    * @param {PeerSession} session - The peer session to remove.
    */
   removeSession (session: PeerSession): void {
-    if (session.sessionNonce !== null && session.sessionNonce !== undefined && session.sessionNonce !== '') {
-      this.identifierToSession.delete(session.sessionNonce)
+    if (typeof session.sessionNonce === 'string') {
+      this.sessionNonceToSession.delete(session.sessionNonce)
     }
-    if (session.peerIdentityKey !== null && session.peerIdentityKey !== undefined && session.peerIdentityKey !== '') {
-      this.identifierToSession.delete(session.peerIdentityKey)
+    if (typeof session.peerIdentityKey === 'string') {
+      const nonces = this.identityKeyToNonces.get(session.peerIdentityKey)
+      if (nonces != null) {
+        nonces.delete(session.sessionNonce ?? '')
+        if (nonces.size === 0) {
+          this.identityKeyToNonces.delete(session.peerIdentityKey)
+        }
+      }
     }
   }
 
   /**
-   * Checks if a session exists based on a given identifier.
+   * Checks if a session exists for a given identifier (either sessionNonce or identityKey).
    *
    * @param {string} identifier - The identifier to check.
    * @returns {boolean} - True if the session exists, false otherwise.
    */
   hasSession (identifier: string): boolean {
-    return this.identifierToSession.has(identifier)
+    const direct = this.sessionNonceToSession.has(identifier)
+    if (direct) return true
+    // if not directly a nonce, interpret as identityKey
+    const nonces = this.identityKeyToNonces.get(identifier)
+    return !(nonces == null) && nonces.size > 0
   }
 }

package/src/auth/__tests/Peer.test.ts

@@ -232,6 +232,72 @@ describe('Peer class mutual authentication and certificate exchange', () => {
     expect(certificatesReceivedByBob).toEqual([])
   }, 15000)
 
+  it('Alice talks to Bob across two devices, Bob can respond across both sessions', async () => {
+    const transportA1 = new LocalTransport()
+    const transportA2 = new LocalTransport()
+    const transportB = new LocalTransport()
+    transportA1.connect(transportB)
+    const aliceKey = PrivateKey.fromRandom()
+    const walletA1 = new CompletedProtoWallet(aliceKey)
+    const walletA2 = new CompletedProtoWallet(aliceKey)
+    const walletB = new CompletedProtoWallet(PrivateKey.fromRandom())
+    const aliceFirstDevice = new Peer(
+      walletA1,
+      transportA1
+    )
+    const aliceOtherDevice = new Peer(
+      walletA2,
+      transportA2
+    )
+    const bob = new Peer(
+      walletB,
+      transportB
+    )
+    const alice1MessageHandler = jest.fn()
+    const alice2MessageHandler = jest.fn()
+    const bobMessageHandler = jest.fn()
+
+    const bobReceivedGeneralMessage = new Promise<void>((resolve) => {
+      bob.listenForGeneralMessages((senderPublicKey, payload) => {
+        (async () => {
+          console.log('Bob 1 received message:', Utils.toUTF8(payload))
+          await bob.toPeer(Utils.toArray('Hello Alice!'), senderPublicKey)
+          resolve()
+          bobMessageHandler(senderPublicKey, payload)
+        })().catch(e => console.log(e))
+      })
+    })
+    let aliceReceivedGeneralMessageOnFirstDevice = new Promise<void>((resolve) => {
+      aliceFirstDevice.listenForGeneralMessages((senderPublicKey, payload) => {
+        (async () => {
+          console.log('Alice 1 received message:', Utils.toUTF8(payload))
+          resolve()
+          alice1MessageHandler(senderPublicKey, payload)
+        })().catch(e => console.log(e))
+      })
+    })
+    const aliceReceivedGeneralMessageOnOtherDevice = new Promise<void>((resolve) => {
+      aliceOtherDevice.listenForGeneralMessages((senderPublicKey, payload) => {
+        (async () => {
+          console.log('Alice 2 received message:', Utils.toUTF8(payload))
+          resolve()
+          alice2MessageHandler(senderPublicKey, payload)
+        })().catch(e => console.log(e))
+      })
+    })
+
+    await aliceFirstDevice.toPeer(Utils.toArray('Hello Bob!'))
+    await bobReceivedGeneralMessage
+    await aliceReceivedGeneralMessageOnFirstDevice
+    transportA2.connect(transportB)
+    await aliceOtherDevice.toPeer(Utils.toArray('Hello Bob from my other device!'))
+    await aliceReceivedGeneralMessageOnOtherDevice
+    transportA1.connect(transportB)
+    await aliceFirstDevice.toPeer(Utils.toArray('Back on my first device now, Bob! Can you still hear me?'))
+    await new Promise(resolve => setTimeout(resolve, 2000))
+    expect(alice1MessageHandler.mock.calls.length).toEqual(2)
+  }, 30000)
+
   it('Bob requests certificates from Alice, Alice does not request any from Bob', async () => {
     const alicePubKey = (await walletA.getPublicKey({ identityKey: true }))
       .publicKey

package/src/auth/__tests/SessionManager.test.ts

@@ -10,7 +10,8 @@ describe('SessionManager', () => {
     validSession = {
       isAuthenticated: false,
       sessionNonce: 'testSessionNonce',
-      peerIdentityKey: 'testPeerIdentityKey'
+      peerIdentityKey: 'testPeerIdentityKey',
+      lastUpdate: 1
     }
   })
 
@@ -39,7 +40,7 @@ describe('SessionManager', () => {
       }
 
       expect(() => sessionManager.addSession(invalidSession)).toThrow(
-        'Invalid session: at least one of sessionNonce or peerIdentityKey is required.'
+        'Invalid session: sessionNonce is required to add a session.'
       )
     })
 

package/src/auth/clients/AuthFetch.ts

@@ -64,7 +64,7 @@ export class AuthFetch {
       }
       config.retryCounter--
     }
-    const response = await new Promise<Response>(async (resolve, reject) => {
+    const response = await new Promise<Response>((async (resolve, reject) => {
       try {
         // Apply defaults
         const { method = 'GET', headers = {}, body } = config
@@ -75,7 +75,7 @@ export class AuthFetch {
 
         // Create a new transport for this base url if needed
         let peerToUse: AuthPeer
-        if (!this.peers[baseURL]) {
+        if (typeof this.peers[baseURL] === 'undefined') {
           // Create a peer for the request
           const newTransport = new SimplifiedFetchTransport(baseURL)
           peerToUse = {
@@ -96,6 +96,7 @@ export class AuthFetch {
             } catch (error) {
               reject(error)
             }
+            return
           }
           peerToUse = this.peers[baseURL]
         }
@@ -119,59 +120,68 @@ export class AuthFetch {
           const responseReader = new Utils.Reader(payload)
           // Deserialize first 32 bytes of payload
           const responseNonceAsBase64 = Utils.toBase64(responseReader.read(32))
-          if (responseNonceAsBase64 === requestNonceAsBase64) {
-            peerToUse.peer.stopListeningForGeneralMessages(listenerId)
-
-            // Save the identity key for the peer for future requests, since we have it here.
-            this.peers[baseURL].identityKey = senderPublicKey
-            this.peers[baseURL].supportsMutualAuth = true
-
-            // Status code
-            const statusCode = responseReader.readVarIntNum()
-
-            // Headers
-            const responseHeaders = {}
-            const nHeaders = responseReader.readVarIntNum()
-            if (nHeaders > 0) {
-              for (let i = 0; i < nHeaders; i++) {
-                const nHeaderKeyBytes = responseReader.readVarIntNum()
-                const headerKeyBytes = responseReader.read(nHeaderKeyBytes)
-                const headerKey = Utils.toUTF8(headerKeyBytes)
-                const nHeaderValueBytes = responseReader.readVarIntNum()
-                const headerValueBytes = responseReader.read(nHeaderValueBytes)
-                const headerValue = Utils.toUTF8(headerValueBytes)
-                responseHeaders[headerKey] = headerValue
-              }
+          if (responseNonceAsBase64 !== requestNonceAsBase64) {
+            return
+          }
+          peerToUse.peer.stopListeningForGeneralMessages(listenerId)
+
+          // Save the identity key for the peer for future requests, since we have it here.
+          this.peers[baseURL].identityKey = senderPublicKey
+          this.peers[baseURL].supportsMutualAuth = true
+
+          // Status code
+          const statusCode = responseReader.readVarIntNum()
+
+          // Headers
+          const responseHeaders = {}
+          const nHeaders = responseReader.readVarIntNum()
+          if (nHeaders > 0) {
+            for (let i = 0; i < nHeaders; i++) {
+              const nHeaderKeyBytes = responseReader.readVarIntNum()
+              const headerKeyBytes = responseReader.read(nHeaderKeyBytes)
+              const headerKey = Utils.toUTF8(headerKeyBytes)
+              const nHeaderValueBytes = responseReader.readVarIntNum()
+              const headerValueBytes = responseReader.read(nHeaderValueBytes)
+              const headerValue = Utils.toUTF8(headerValueBytes)
+              responseHeaders[headerKey] = headerValue
             }
+          }
 
-            // Add back the server identity key header
-            responseHeaders['x-bsv-auth-identity-key'] = senderPublicKey
+          // Add back the server identity key header
+          responseHeaders['x-bsv-auth-identity-key'] = senderPublicKey
 
-            // Body
-            let responseBody
-            const responseBodyBytes = responseReader.readVarIntNum()
-            if (responseBodyBytes > 0) {
-              responseBody = responseReader.read(responseBodyBytes)
-            }
+          // Body
+          let responseBody
+          const responseBodyBytes = responseReader.readVarIntNum()
+          if (responseBodyBytes > 0) {
+            responseBody = responseReader.read(responseBodyBytes)
+          }
 
-            // Create the Response object
-            const responseValue = new Response(
-              responseBody ? new Uint8Array(responseBody) : null, {
+          // Create the Response object
+          const responseValue = new Response(
+            responseBody ? new Uint8Array(responseBody) : null,
+            {
               status: statusCode,
               statusText: `${statusCode}`,
               headers: new Headers(responseHeaders)
-            })
+            }
+          )
 
-            // Resolve or reject the correct request with the response data
-            this.callbacks[requestNonceAsBase64].resolve(responseValue)
+          // Resolve or reject the correct request with the response data
+          this.callbacks[requestNonceAsBase64].resolve(responseValue)
 
-            // Clean up
-            delete this.callbacks[requestNonceAsBase64]
-          }
+          // Clean up
+          delete this.callbacks[requestNonceAsBase64]
         })
 
         // Send the request, now that all listeners are set up
         await peerToUse.peer.toPeer(writer.toArray(), peerToUse.identityKey).catch(async error => {
+          if (error.message.includes('Session not found for nonce')) {
+            delete this.peers[baseURL]
+            config.retryCounter ??= 3
+            const response = await this.fetch(url, config)
+            resolve(response)
+          }
           if (error.message.includes('HTTP server failed to authenticate')) {
             try {
               const response = await this.handleFetchAndValidate(url, config, peerToUse)
@@ -186,7 +196,7 @@ export class AuthFetch {
       } catch (e) {
         reject(e)
       }
-    })
+    }) as Function)
 
     // Check if server requires payment to access the requested route
     if (response.status === 402) {

package/src/auth/types.ts

@@ -38,4 +38,5 @@ export interface PeerSession {
   sessionNonce?: string
   peerNonce?: string
   peerIdentityKey?: string
+  lastUpdate: number
 }