@cipherstash/protect-ffi 0.17.0 → 0.18.0-9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/index.cjs +2 -1
  2. package/lib/index.d.cts +102 -38
  3. package/package.json +6 -6
package/lib/index.cjs CHANGED
@@ -1,11 +1,12 @@
1
1
  "use strict";
2
2
  // This module is the CJS entry point for the library.
3
3
  Object.defineProperty(exports, "__esModule", { value: true });
4
- exports.decryptBulkFallible = exports.decryptBulk = exports.decrypt = exports.encryptBulk = exports.encrypt = exports.newClient = void 0;
4
+ exports.decryptBulkFallible = exports.decryptBulk = exports.decrypt = exports.isEncrypted = exports.encryptBulk = exports.encrypt = exports.newClient = void 0;
5
5
  var load_cjs_1 = require("./load.cjs");
6
6
  Object.defineProperty(exports, "newClient", { enumerable: true, get: function () { return load_cjs_1.newClient; } });
7
7
  Object.defineProperty(exports, "encrypt", { enumerable: true, get: function () { return load_cjs_1.encrypt; } });
8
8
  Object.defineProperty(exports, "encryptBulk", { enumerable: true, get: function () { return load_cjs_1.encryptBulk; } });
9
+ Object.defineProperty(exports, "isEncrypted", { enumerable: true, get: function () { return load_cjs_1.isEncrypted; } });
9
10
  Object.defineProperty(exports, "decrypt", { enumerable: true, get: function () { return load_cjs_1.decrypt; } });
10
11
  Object.defineProperty(exports, "decryptBulk", { enumerable: true, get: function () { return load_cjs_1.decryptBulk; } });
11
12
  Object.defineProperty(exports, "decryptBulkFallible", { enumerable: true, get: function () { return load_cjs_1.decryptBulkFallible; } });
package/lib/index.d.cts CHANGED
@@ -1,50 +1,87 @@
1
- export { newClient, encrypt, encryptBulk, decrypt, decryptBulk, decryptBulkFallible, } from './load.cjs';
1
+ export { newClient, encrypt, encryptBulk, isEncrypted, decrypt, decryptBulk, decryptBulkFallible, } from './load.cjs';
2
2
  declare const sym: unique symbol;
3
3
  export type Client = {
4
4
  readonly [sym]: unknown;
5
5
  };
6
6
  declare module './load.cjs' {
7
7
  function newClient(opts: NewClientOptions): Promise<Client>;
8
- function encrypt(client: Client, opts: EncryptOptions): Promise<Encrypted>;
9
- function decrypt(client: Client, opts: DecryptOptions): Promise<JsPlaintext>;
10
- function encryptBulk(client: Client, opts: EncryptBulkOptions): Promise<Encrypted[]>;
11
- function decryptBulk(client: Client, opts: DecryptBulkOptions): Promise<JsPlaintext[]>;
12
- function decryptBulkFallible(client: Client, opts: DecryptBulkOptions): Promise<DecryptResult[]>;
8
+ function encrypt<T extends EncryptConfig>(client: Client, opts: EncryptOptions<T>): Promise<AnyEncrypted<T>>;
9
+ function decrypt<T extends EncryptConfig>(client: Client, opts: DecryptOptions<T>): Promise<JsPlaintext>;
10
+ function isEncrypted<T extends EncryptConfig>(encrypted: AnyEncrypted<T>): boolean;
11
+ function encryptQuery<T extends EncryptConfig, Q extends EncryptedQueryTerm>(client: Client, opts: QueryOptions<T>): Promise<Q>;
12
+ function encryptBulk<T extends EncryptConfig>(client: Client, opts: EncryptBulkOptions<T>): Promise<AnyEncrypted<T>[]>;
13
+ function decryptBulk<T extends EncryptConfig>(client: Client, opts: DecryptBulkOptions<T>): Promise<JsPlaintext[]>;
14
+ function decryptBulkFallible<T extends EncryptConfig>(client: Client, opts: DecryptBulkOptions<T>): Promise<DecryptResult[]>;
13
15
  }
14
16
  export type DecryptResult = {
15
17
  data: string;
16
18
  } | {
17
19
  error: string;
18
20
  };
19
- export type EncryptPayload = {
21
+ export type EncryptPayload<T extends EncryptConfig> = {
20
22
  plaintext: JsPlaintext;
21
- column: string;
22
- table: string;
23
- lockContext?: Context;
24
- };
25
- export type BulkDecryptPayload = {
26
- ciphertext: Encrypted;
27
- lockContext?: Context;
23
+ lockContext?: Context[];
24
+ } & Identifier<T>;
25
+ export type BulkDecryptPayload<T extends EncryptConfig> = {
26
+ ciphertext: AnyEncrypted<T>;
27
+ lockContext?: Context[];
28
28
  };
29
29
  export type CtsToken = {
30
30
  accessToken: string;
31
31
  expiry: number;
32
32
  };
33
33
  export type Context = {
34
- identityClaim: string[];
35
- };
36
- export type Encrypted = {
37
- k: string;
38
- c: string;
39
- ob: string[] | null;
40
- bf: number[] | null;
41
- hm: string | null;
42
- i: {
43
- c: string;
44
- t: string;
45
- };
34
+ identityClaim: string;
35
+ } | {
36
+ tag: string;
37
+ };
38
+ export type Versioned = {
46
39
  v: number;
47
40
  };
41
+ export type Base85Ciphertext = string;
42
+ export type BloomFilter = number[];
43
+ export type HMAC = string;
44
+ export type EncodedBlockOREArray = string[];
45
+ export type EncodedFixedLengthORE = string;
46
+ export type EncodedVariableLengthORE = string;
47
+ export type JSONPathSelector = string;
48
+ export type EncryptedCell<T extends EncryptConfig> = Versioned & {
49
+ k: 'ct';
50
+ c: Base85Ciphertext;
51
+ ob: EncodedBlockOREArray | null;
52
+ bf: BloomFilter | null;
53
+ hm: HMAC | null;
54
+ i: Identifier<T>;
55
+ };
56
+ export type EncryptedSV<T extends EncryptConfig> = Versioned & {
57
+ k: 'sv';
58
+ sv: SteVecEncryptedEntry[];
59
+ i: Identifier<T>;
60
+ };
61
+ export type EncryptedSVE = {
62
+ k: 'sve';
63
+ sve: SteVecEncryptedEntry;
64
+ };
65
+ export type AnyEncrypted<T extends EncryptConfig> = EncryptedCell<T> | EncryptedSV<T> | EncryptedSVE;
66
+ export type SteVecEncryptedEntry = {
67
+ c: Base85Ciphertext;
68
+ parent_is_array: boolean;
69
+ } & SteVecTerm & {
70
+ s: JSONPathSelector;
71
+ };
72
+ export type SteVecQuery = {
73
+ svq: SteQueryVecEntry[];
74
+ };
75
+ export type SteQueryVecEntry = {
76
+ s: JSONPathSelector;
77
+ } & SteVecTerm;
78
+ export type SteVecTerm = {
79
+ hm: HMAC;
80
+ } | {
81
+ ocf: EncodedFixedLengthORE;
82
+ } | {
83
+ ocv: EncodedVariableLengthORE;
84
+ };
48
85
  export type EncryptConfig = {
49
86
  v: number;
50
87
  tables: Record<string, Record<string, Column>>;
@@ -101,29 +138,56 @@ export type ClientOpts = {
101
138
  accessKey?: string;
102
139
  clientId?: string;
103
140
  clientKey?: string;
141
+ keyset?: IdentifiedBy;
104
142
  };
143
+ export type IdentifiedBy = string;
105
144
  export type JsPlaintext = string | number | Record<string, unknown> | JsPlaintext[];
106
- export type EncryptOptions = {
145
+ export type EncryptOptions<T extends EncryptConfig> = {
107
146
  plaintext: JsPlaintext;
108
- column: string;
109
- table: string;
110
- lockContext?: Context;
147
+ lockContext?: Context[];
111
148
  serviceToken?: CtsToken;
112
149
  unverifiedContext?: Record<string, unknown>;
113
- };
114
- export type EncryptBulkOptions = {
115
- plaintexts: EncryptPayload[];
150
+ } & Identifier<T>;
151
+ export type EncryptBulkOptions<T extends EncryptConfig> = {
152
+ plaintexts: EncryptPayload<T>[];
116
153
  serviceToken?: CtsToken;
117
154
  unverifiedContext?: Record<string, unknown>;
118
155
  };
119
- export type DecryptOptions = {
120
- ciphertext: Encrypted;
121
- lockContext?: Context;
156
+ export type DecryptOptions<T extends EncryptConfig> = {
157
+ ciphertext: AnyEncrypted<T>;
158
+ lockContext?: Context[];
122
159
  serviceToken?: CtsToken;
123
160
  unverifiedContext?: Record<string, unknown>;
124
161
  };
125
- export type DecryptBulkOptions = {
126
- ciphertexts: BulkDecryptPayload[];
162
+ export type DecryptBulkOptions<T extends EncryptConfig> = {
163
+ ciphertexts: BulkDecryptPayload<T>[];
127
164
  serviceToken?: CtsToken;
128
165
  unverifiedContext?: Record<string, unknown>;
129
166
  };
167
+ export type QueryOptions<T extends EncryptConfig> = {
168
+ plaintext: JsPlaintext;
169
+ operator: QueryOperator;
170
+ } & Identifier<T>;
171
+ export type NumericOperator = '>' | '>=' | '<' | '<=' | '=';
172
+ export type StringOperator = '~~' | '~~*' | '=';
173
+ export type JsonbOperator = '@>' | '<@' | '->';
174
+ export type QueryOperator = NumericOperator | StringOperator | JsonbOperator;
175
+ export type EncryptedQueryTerm = {};
176
+ export interface RangeQuery extends EncryptedQueryTerm {
177
+ ob: EncodedBlockOREArray;
178
+ }
179
+ export interface MatchQuery extends EncryptedQueryTerm {
180
+ bf: BloomFilter;
181
+ }
182
+ export interface ExactQuery extends EncryptedQueryTerm {
183
+ hm: HMAC;
184
+ }
185
+ export interface JsonSelect extends EncryptedQueryTerm {
186
+ s: JSONPathSelector;
187
+ }
188
+ export interface JsonContainsQuery extends EncryptedQueryTerm {
189
+ sv: SteQueryVecEntry[];
190
+ }
191
+ export interface JsonIsContainedByQuery extends EncryptedQueryTerm {
192
+ sv: SteQueryVecEntry[];
193
+ }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@cipherstash/protect-ffi",
3
- "version": "0.17.0",
3
+ "version": "0.18.0-9",
4
4
  "description": "",
5
5
  "main": "./lib/index.cjs",
6
6
  "scripts": {
@@ -60,10 +60,10 @@
60
60
  "@neon-rs/load": "^0.1.82"
61
61
  },
62
62
  "optionalDependencies": {
63
- "@cipherstash/protect-ffi-win32-x64-msvc": "0.17.0",
64
- "@cipherstash/protect-ffi-darwin-x64": "0.17.0",
65
- "@cipherstash/protect-ffi-darwin-arm64": "0.17.0",
66
- "@cipherstash/protect-ffi-linux-x64-gnu": "0.17.0",
67
- "@cipherstash/protect-ffi-linux-arm64-gnu": "0.17.0"
63
+ "@cipherstash/protect-ffi-win32-x64-msvc": "0.18.0-9",
64
+ "@cipherstash/protect-ffi-darwin-x64": "0.18.0-9",
65
+ "@cipherstash/protect-ffi-darwin-arm64": "0.18.0-9",
66
+ "@cipherstash/protect-ffi-linux-x64-gnu": "0.18.0-9",
67
+ "@cipherstash/protect-ffi-linux-arm64-gnu": "0.18.0-9"
68
68
  }
69
69
  }