@cipherstash/protect-ffi 0.23.0 → 0.25.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/wasm/package.json +3 -0
- package/dist/wasm/protect_ffi.d.ts +84 -0
- package/dist/wasm/protect_ffi.js +9 -0
- package/dist/wasm/protect_ffi_bg.js +1051 -0
- package/dist/wasm/protect_ffi_bg.wasm +0 -0
- package/dist/wasm/protect_ffi_bg.wasm.d.ts +40 -0
- package/dist/wasm/protect_ffi_inline.js +16 -0
- package/lib/index.cjs +1 -1
- package/lib/index.d.cts +17 -11
- package/package.json +36 -16
package/lib/index.cjs
CHANGED
|
@@ -126,7 +126,7 @@ function newClient(opts) {
|
|
|
126
126
|
return wrapAsync(() => native.newClient({
|
|
127
127
|
encryptConfig: (0, normalizeEncryptConfig_js_1.normalizeEncryptConfig)(opts.encryptConfig),
|
|
128
128
|
clientOpts: (0, credentials_js_1.withEnvCredentials)(opts.clientOpts),
|
|
129
|
-
}));
|
|
129
|
+
}, opts.strategy));
|
|
130
130
|
}
|
|
131
131
|
function encrypt(client, opts) {
|
|
132
132
|
return wrapAsync(() => native.encrypt(client, opts));
|
package/lib/index.d.cts
CHANGED
|
@@ -6,7 +6,7 @@ export type Client = {
|
|
|
6
6
|
readonly [sym]: unknown;
|
|
7
7
|
};
|
|
8
8
|
declare module './load.cjs' {
|
|
9
|
-
function newClient(opts: NativeNewClientOptions): Promise<Client>;
|
|
9
|
+
function newClient(opts: NativeNewClientOptions, strategy?: AuthStrategy): Promise<Client>;
|
|
10
10
|
function encrypt(client: Client, opts: EncryptOptions): Promise<Encrypted>;
|
|
11
11
|
function decrypt(client: Client, opts: DecryptOptions): Promise<JsPlaintext>;
|
|
12
12
|
function isEncrypted(encrypted: unknown): boolean;
|
|
@@ -60,10 +60,6 @@ export type BulkDecryptPayload = {
|
|
|
60
60
|
ciphertext: Encrypted;
|
|
61
61
|
lockContext?: Context;
|
|
62
62
|
};
|
|
63
|
-
export type CtsToken = {
|
|
64
|
-
accessToken: string;
|
|
65
|
-
expiry: number;
|
|
66
|
-
};
|
|
67
63
|
export type Context = {
|
|
68
64
|
identityClaim: string[];
|
|
69
65
|
};
|
|
@@ -254,6 +250,22 @@ export type TokenFilter = {
|
|
|
254
250
|
export type NewClientOptions = {
|
|
255
251
|
encryptConfig: EncryptConfig;
|
|
256
252
|
clientOpts?: ClientOpts;
|
|
253
|
+
/**
|
|
254
|
+
* Caller-supplied auth strategy. When provided, `getToken()` is invoked on
|
|
255
|
+
* every ZeroKMS request and `clientOpts.creds` is ignored for auth (the
|
|
256
|
+
* client key is still required). Without this, the native side builds an
|
|
257
|
+
* AutoStrategy from env / profile / `clientOpts.creds`.
|
|
258
|
+
*/
|
|
259
|
+
strategy?: AuthStrategy;
|
|
260
|
+
};
|
|
261
|
+
/**
|
|
262
|
+
* Auth strategy shape compatible with `@cipherstash/auth` strategies (e.g.
|
|
263
|
+
* `AccessKeyStrategy`). Only `getToken` is required.
|
|
264
|
+
*/
|
|
265
|
+
export type AuthStrategy = {
|
|
266
|
+
getToken: () => Promise<{
|
|
267
|
+
token: string;
|
|
268
|
+
}>;
|
|
257
269
|
};
|
|
258
270
|
/** Options passed to the native `newClient` after vocabulary normalization. */
|
|
259
271
|
type NativeNewClientOptions = {
|
|
@@ -281,23 +293,19 @@ export type EncryptOptions = {
|
|
|
281
293
|
column: string;
|
|
282
294
|
table: string;
|
|
283
295
|
lockContext?: Context;
|
|
284
|
-
serviceToken?: CtsToken;
|
|
285
296
|
unverifiedContext?: Record<string, unknown>;
|
|
286
297
|
};
|
|
287
298
|
export type EncryptBulkOptions = {
|
|
288
299
|
plaintexts: EncryptPayload[];
|
|
289
|
-
serviceToken?: CtsToken;
|
|
290
300
|
unverifiedContext?: Record<string, unknown>;
|
|
291
301
|
};
|
|
292
302
|
export type DecryptOptions = {
|
|
293
303
|
ciphertext: Encrypted;
|
|
294
304
|
lockContext?: Context;
|
|
295
|
-
serviceToken?: CtsToken;
|
|
296
305
|
unverifiedContext?: Record<string, unknown>;
|
|
297
306
|
};
|
|
298
307
|
export type DecryptBulkOptions = {
|
|
299
308
|
ciphertexts: BulkDecryptPayload[];
|
|
300
|
-
serviceToken?: CtsToken;
|
|
301
309
|
unverifiedContext?: Record<string, unknown>;
|
|
302
310
|
};
|
|
303
311
|
export type IndexTypeName = 'ste_vec' | 'match' | 'ore' | 'unique';
|
|
@@ -309,7 +317,6 @@ export type EncryptQueryOptions = {
|
|
|
309
317
|
indexType: IndexTypeName;
|
|
310
318
|
queryOp?: QueryOpName;
|
|
311
319
|
lockContext?: Context;
|
|
312
|
-
serviceToken?: CtsToken;
|
|
313
320
|
unverifiedContext?: Record<string, unknown>;
|
|
314
321
|
};
|
|
315
322
|
export type QueryPayload = {
|
|
@@ -322,6 +329,5 @@ export type QueryPayload = {
|
|
|
322
329
|
};
|
|
323
330
|
export type EncryptQueryBulkOptions = {
|
|
324
331
|
queries: QueryPayload[];
|
|
325
|
-
serviceToken?: CtsToken;
|
|
326
332
|
unverifiedContext?: Record<string, unknown>;
|
|
327
333
|
};
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cipherstash/protect-ffi",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.25.0",
|
|
4
4
|
"description": "",
|
|
5
5
|
"main": "./lib/index.cjs",
|
|
6
6
|
"scripts": {
|
|
@@ -26,25 +26,45 @@
|
|
|
26
26
|
"prepack": "tsc &&neon update",
|
|
27
27
|
"version": "neon bump --binaries platforms && git add .",
|
|
28
28
|
"release": "gh workflow run release.yml -f dryrun=false -f version=patch",
|
|
29
|
-
"dryrun": "gh workflow run publish.yml -f dryrun=true"
|
|
29
|
+
"dryrun": "gh workflow run publish.yml -f dryrun=true",
|
|
30
|
+
"build:wasm": "wasm-pack build crates/protect-ffi --target bundler --out-dir ../../dist/wasm --no-pack",
|
|
31
|
+
"postbuild:wasm": "node scripts/inline-wasm.mjs"
|
|
30
32
|
},
|
|
31
33
|
"author": "",
|
|
32
34
|
"license": "ISC",
|
|
33
35
|
"exports": {
|
|
34
36
|
".": {
|
|
35
|
-
"
|
|
36
|
-
"
|
|
37
|
-
|
|
37
|
+
"node": {
|
|
38
|
+
"import": {
|
|
39
|
+
"types": "./lib/index.d.mts",
|
|
40
|
+
"default": "./lib/index.mjs"
|
|
41
|
+
},
|
|
42
|
+
"require": {
|
|
43
|
+
"types": "./lib/index.d.cts",
|
|
44
|
+
"default": "./lib/index.cjs"
|
|
45
|
+
}
|
|
38
46
|
},
|
|
39
|
-
"
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
47
|
+
"default": "./dist/wasm/protect_ffi.js"
|
|
48
|
+
},
|
|
49
|
+
"./wasm": {
|
|
50
|
+
"types": "./dist/wasm/protect_ffi.d.ts",
|
|
51
|
+
"default": "./dist/wasm/protect_ffi.js"
|
|
52
|
+
},
|
|
53
|
+
"./wasm-inline": {
|
|
54
|
+
"types": "./dist/wasm/protect_ffi.d.ts",
|
|
55
|
+
"default": "./dist/wasm/protect_ffi_inline.js"
|
|
43
56
|
}
|
|
44
57
|
},
|
|
45
58
|
"types": "./lib/index.d.cts",
|
|
46
59
|
"files": [
|
|
47
|
-
"lib/**/*.?({c,m}){t,j}s"
|
|
60
|
+
"lib/**/*.?({c,m}){t,j}s",
|
|
61
|
+
"dist/wasm/package.json",
|
|
62
|
+
"dist/wasm/protect_ffi.js",
|
|
63
|
+
"dist/wasm/protect_ffi_bg.js",
|
|
64
|
+
"dist/wasm/protect_ffi_bg.wasm",
|
|
65
|
+
"dist/wasm/protect_ffi.d.ts",
|
|
66
|
+
"dist/wasm/protect_ffi_bg.wasm.d.ts",
|
|
67
|
+
"dist/wasm/protect_ffi_inline.js"
|
|
48
68
|
],
|
|
49
69
|
"neon": {
|
|
50
70
|
"type": "library",
|
|
@@ -75,11 +95,11 @@
|
|
|
75
95
|
"vite": "^8.0.5"
|
|
76
96
|
},
|
|
77
97
|
"optionalDependencies": {
|
|
78
|
-
"@cipherstash/protect-ffi-darwin-x64": "0.
|
|
79
|
-
"@cipherstash/protect-ffi-darwin-arm64": "0.
|
|
80
|
-
"@cipherstash/protect-ffi-win32-x64-msvc": "0.
|
|
81
|
-
"@cipherstash/protect-ffi-linux-x64-gnu": "0.
|
|
82
|
-
"@cipherstash/protect-ffi-linux-arm64-gnu": "0.
|
|
83
|
-
"@cipherstash/protect-ffi-linux-x64-musl": "0.
|
|
98
|
+
"@cipherstash/protect-ffi-darwin-x64": "0.25.0",
|
|
99
|
+
"@cipherstash/protect-ffi-darwin-arm64": "0.25.0",
|
|
100
|
+
"@cipherstash/protect-ffi-win32-x64-msvc": "0.25.0",
|
|
101
|
+
"@cipherstash/protect-ffi-linux-x64-gnu": "0.25.0",
|
|
102
|
+
"@cipherstash/protect-ffi-linux-arm64-gnu": "0.25.0",
|
|
103
|
+
"@cipherstash/protect-ffi-linux-x64-musl": "0.25.0"
|
|
84
104
|
}
|
|
85
105
|
}
|