@dxos/client-services 0.4.10-main.3e35a2f → 0.4.10-main.403e461

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. package/dist/lib/browser/{chunk-S3G2RM7S.mjs → chunk-R4Y666JX.mjs} +163 -102
  2. package/dist/lib/browser/chunk-R4Y666JX.mjs.map +7 -0
  3. package/dist/lib/browser/index.mjs +3 -1
  4. package/dist/lib/browser/index.mjs.map +1 -1
  5. package/dist/lib/browser/meta.json +1 -1
  6. package/dist/lib/browser/packlets/testing/index.mjs +1 -1
  7. package/dist/lib/node/{chunk-3T6D6GIB.cjs → chunk-KGGJXJON.cjs} +167 -105
  8. package/dist/lib/node/chunk-KGGJXJON.cjs.map +7 -0
  9. package/dist/lib/node/index.cjs +43 -41
  10. package/dist/lib/node/index.cjs.map +1 -1
  11. package/dist/lib/node/meta.json +1 -1
  12. package/dist/lib/node/packlets/testing/index.cjs +6 -6
  13. package/dist/types/src/packlets/invitations/invitation-extension.d.ts +1 -0
  14. package/dist/types/src/packlets/invitations/invitation-extension.d.ts.map +1 -1
  15. package/dist/types/src/packlets/invitations/invitations-handler.d.ts +4 -1
  16. package/dist/types/src/packlets/invitations/invitations-handler.d.ts.map +1 -1
  17. package/dist/types/src/version.d.ts +1 -1
  18. package/package.json +34 -34
  19. package/src/packlets/invitations/invitation-extension.ts +28 -1
  20. package/src/packlets/invitations/invitations-handler.ts +71 -23
  21. package/src/packlets/services/service-host.ts +2 -2
  22. package/src/version.ts +1 -1
  23. package/dist/lib/browser/chunk-S3G2RM7S.mjs.map +0 -7
  24. package/dist/lib/node/chunk-3T6D6GIB.cjs.map +0 -7
package/dist/lib/node/{chunk-3T6D6GIB.cjs → chunk-KGGJXJON.cjs} RENAMED
@@ -26,8 +26,8 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
26
26
  mod
27
27
  ));
28
28
  var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
29
- var chunk_3T6D6GIB_exports = {};
30
- __export(chunk_3T6D6GIB_exports, {
29
+ var chunk_KGGJXJON_exports = {};
30
+ __export(chunk_KGGJXJON_exports, {
31
31
  ClientRpcServer: () => ClientRpcServer,
32
32
  ClientServicesHost: () => ClientServicesHost,
33
33
  ClientServicesProviderResource: () => ClientServicesProviderResource,
@@ -48,6 +48,7 @@ __export(chunk_3T6D6GIB_exports, {
48
48
  SpaceInvitationProtocol: () => SpaceInvitationProtocol,
49
49
  SpacesServiceImpl: () => SpacesServiceImpl,
50
50
  TrustedKeySetAuthVerifier: () => TrustedKeySetAuthVerifier,
51
+ createAdmissionKeypair: () => createAdmissionKeypair,
51
52
  createAuthProvider: () => createAuthProvider,
52
53
  createCollectDiagnosticsBroadcastHandler: () => createCollectDiagnosticsBroadcastHandler,
53
54
  createCollectDiagnosticsBroadcastSender: () => createCollectDiagnosticsBroadcastSender,
@@ -64,7 +65,7 @@ __export(chunk_3T6D6GIB_exports, {
64
65
  subscribeToSpaces: () => subscribeToSpaces,
65
66
  subscribeToSwarmInfo: () => subscribeToSwarmInfo
66
67
  });
67
- module.exports = __toCommonJS(chunk_3T6D6GIB_exports);
68
+ module.exports = __toCommonJS(chunk_KGGJXJON_exports);
68
69
  var import_async = require("@dxos/async");
69
70
  var import_codec_protobuf = require("@dxos/codec-protobuf");
70
71
  var import_feed_store = require("@dxos/feed-store");
@@ -119,6 +120,7 @@ var import_async7 = require("@dxos/async");
119
120
  var import_client_protocol2 = require("@dxos/client-protocol");
120
121
  var import_context4 = require("@dxos/context");
121
122
  var import_credentials7 = require("@dxos/credentials");
123
+ var import_crypto = require("@dxos/crypto");
122
124
  var import_invariant5 = require("@dxos/invariant");
123
125
  var import_keys5 = require("@dxos/keys");
124
126
  var import_log4 = require("@dxos/log");
@@ -128,6 +130,7 @@ var import_services3 = require("@dxos/protocols/proto/dxos/client/services");
128
130
  var import_invitations = require("@dxos/protocols/proto/dxos/halo/invitations");
129
131
  var import_async8 = require("@dxos/async");
130
132
  var import_context5 = require("@dxos/context");
133
+ var import_crypto2 = require("@dxos/crypto");
131
134
  var import_invariant6 = require("@dxos/invariant");
132
135
  var import_keys6 = require("@dxos/keys");
133
136
  var import_log5 = require("@dxos/log");
@@ -233,7 +236,7 @@ var import_async16 = require("@dxos/async");
233
236
  var import_client_protocol4 = require("@dxos/client-protocol");
234
237
  var import_context11 = require("@dxos/context");
235
238
  var import_echo_pipeline5 = require("@dxos/echo-pipeline");
236
- var E = __toESM(require("@dxos/echo-schema"));
239
+ var import_echo_schema = require("@dxos/echo-schema");
237
240
  var import_indexing2 = require("@dxos/indexing");
238
241
  var import_invariant15 = require("@dxos/invariant");
239
242
  var import_keys11 = require("@dxos/keys");
@@ -1485,6 +1488,7 @@ var InvitationHostExtension = class extends import_teleport.RpcExtension {
1485
1488
  this._callbacks = _callbacks;
1486
1489
  this._ctx = new import_context5.Context();
1487
1490
  this._remoteOptionsTrigger = new import_async8.Trigger();
1491
+ this._challenge = void 0;
1488
1492
  this.invitation = void 0;
1489
1493
  this.guestProfile = void 0;
1490
1494
  this.authenticationPassed = false;
@@ -1499,7 +1503,7 @@ var InvitationHostExtension = class extends import_teleport.RpcExtension {
1499
1503
  options: async (options) => {
1500
1504
  (0, import_invariant6.invariant)(!this._remoteOptions, "Remote options already set.", {
1501
1505
  F: __dxlog_file6,
1502
- L: 87,
1506
+ L: 90,
1503
1507
  S: this,
1504
1508
  A: [
1505
1509
  "!this._remoteOptions",
@@ -1516,7 +1520,7 @@ var InvitationHostExtension = class extends import_teleport.RpcExtension {
1516
1520
  id: traceId
1517
1521
  }), {
1518
1522
  F: __dxlog_file6,
1519
- L: 96,
1523
+ L: 99,
1520
1524
  S: this,
1521
1525
  C: (f, a) => f(...a)
1522
1526
  });
@@ -1526,7 +1530,7 @@ var InvitationHostExtension = class extends import_teleport.RpcExtension {
1526
1530
  invitationId
1527
1531
  }, {
1528
1532
  F: __dxlog_file6,
1529
- L: 100,
1533
+ L: 103,
1530
1534
  S: this,
1531
1535
  C: (f, a) => f(...a)
1532
1536
  });
@@ -1540,7 +1544,7 @@ var InvitationHostExtension = class extends import_teleport.RpcExtension {
1540
1544
  guestProfile: profile
1541
1545
  }, {
1542
1546
  F: __dxlog_file6,
1543
- L: 109,
1547
+ L: 112,
1544
1548
  S: this,
1545
1549
  C: (f, a) => f(...a)
1546
1550
  });
@@ -1549,25 +1553,27 @@ var InvitationHostExtension = class extends import_teleport.RpcExtension {
1549
1553
  ...this.invitation,
1550
1554
  state: import_services4.Invitation.State.READY_FOR_AUTHENTICATION
1551
1555
  });
1556
+ this._challenge = this.invitation.authMethod === import_services4.Invitation.AuthMethod.KNOWN_PUBLIC_KEY ? (0, import_crypto2.randomBytes)(32) : void 0;
1552
1557
  import_log5.log.trace("dxos.sdk.invitation-handler.host.introduce", import_protocols5.trace.end({
1553
1558
  id: traceId
1554
1559
  }), {
1555
1560
  F: __dxlog_file6,
1556
- L: 116,
1561
+ L: 122,
1557
1562
  S: this,
1558
1563
  C: (f, a) => f(...a)
1559
1564
  });
1560
1565
  return {
1561
- authMethod: this.invitation.authMethod
1566
+ authMethod: this.invitation.authMethod,
1567
+ challenge: this._challenge
1562
1568
  };
1563
1569
  },
1564
- authenticate: async ({ authCode: code }) => {
1570
+ authenticate: async ({ authCode: code, signedChallenge }) => {
1565
1571
  const traceId = import_keys6.PublicKey.random().toHex();
1566
1572
  import_log5.log.trace("dxos.sdk.invitation-handler.host.authenticate", import_protocols5.trace.begin({
1567
1573
  id: traceId
1568
1574
  }), {
1569
1575
  F: __dxlog_file6,
1570
- L: 124,
1576
+ L: 131,
1571
1577
  S: this,
1572
1578
  C: (f, a) => f(...a)
1573
1579
  });
@@ -1575,14 +1581,14 @@ var InvitationHostExtension = class extends import_teleport.RpcExtension {
1575
1581
  authCode: code
1576
1582
  }, {
1577
1583
  F: __dxlog_file6,
1578
- L: 125,
1584
+ L: 132,
1579
1585
  S: this,
1580
1586
  C: (f, a) => f(...a)
1581
1587
  });
1582
1588
  let status = import_invitations2.AuthenticationResponse.Status.OK;
1583
1589
  (0, import_invariant6.invariant)(this.invitation, "Invitation is not set.", {
1584
1590
  F: __dxlog_file6,
1585
- L: 128,
1591
+ L: 135,
1586
1592
  S: this,
1587
1593
  A: [
1588
1594
  "this.invitation",
@@ -1593,7 +1599,7 @@ var InvitationHostExtension = class extends import_teleport.RpcExtension {
1593
1599
  case import_services4.Invitation.AuthMethod.NONE: {
1594
1600
  (0, import_log5.log)("authentication not required", void 0, {
1595
1601
  F: __dxlog_file6,
1596
- L: 131,
1602
+ L: 138,
1597
1603
  S: this,
1598
1604
  C: (f, a) => f(...a)
1599
1605
  });
@@ -1613,12 +1619,25 @@ var InvitationHostExtension = class extends import_teleport.RpcExtension {
1613
1619
  }
1614
1620
  break;
1615
1621
  }
1622
+ case import_services4.Invitation.AuthMethod.KNOWN_PUBLIC_KEY: {
1623
+ if (!this.invitation.guestKeypair) {
1624
+ status = import_invitations2.AuthenticationResponse.Status.INTERNAL_ERROR;
1625
+ break;
1626
+ }
1627
+ const isSignatureValid = this._challenge && (0, import_crypto2.verify)(this._challenge, Buffer.from(signedChallenge ?? []), this.invitation.guestKeypair.publicKey.asBuffer());
1628
+ if (isSignatureValid) {
1629
+ this.authenticationPassed = true;
1630
+ } else {
1631
+ status = import_invitations2.AuthenticationResponse.Status.INVALID_SIGNATURE;
1632
+ }
1633
+ break;
1634
+ }
1616
1635
  default: {
1617
1636
  import_log5.log.error("invalid authentication method", {
1618
1637
  authMethod: this.invitation.authMethod
1619
1638
  }, {
1620
1639
  F: __dxlog_file6,
1621
- L: 149,
1640
+ L: 176,
1622
1641
  S: this,
1623
1642
  C: (f, a) => f(...a)
1624
1643
  });
@@ -1633,7 +1652,7 @@ var InvitationHostExtension = class extends import_teleport.RpcExtension {
1633
1652
  }
1634
1653
  }), {
1635
1654
  F: __dxlog_file6,
1636
- L: 155,
1655
+ L: 182,
1637
1656
  S: this,
1638
1657
  C: (f, a) => f(...a)
1639
1658
  });
@@ -1647,14 +1666,14 @@ var InvitationHostExtension = class extends import_teleport.RpcExtension {
1647
1666
  id: traceId
1648
1667
  }), {
1649
1668
  F: __dxlog_file6,
1650
- L: 161,
1669
+ L: 188,
1651
1670
  S: this,
1652
1671
  C: (f, a) => f(...a)
1653
1672
  });
1654
1673
  try {
1655
1674
  (0, import_invariant6.invariant)(this.invitation, "Invitation is not set.", {
1656
1675
  F: __dxlog_file6,
1657
- L: 164,
1676
+ L: 191,
1658
1677
  S: this,
1659
1678
  A: [
1660
1679
  "this.invitation",
@@ -1669,7 +1688,7 @@ var InvitationHostExtension = class extends import_teleport.RpcExtension {
1669
1688
  id: traceId
1670
1689
  }), {
1671
1690
  F: __dxlog_file6,
1672
- L: 172,
1691
+ L: 199,
1673
1692
  S: this,
1674
1693
  C: (f, a) => f(...a)
1675
1694
  });
@@ -1726,7 +1745,7 @@ var InvitationGuestExtension = class extends import_teleport.RpcExtension {
1726
1745
  options: async (options) => {
1727
1746
  (0, import_invariant6.invariant)(!this._remoteOptions, "Remote options already set.", {
1728
1747
  F: __dxlog_file6,
1729
- L: 239,
1748
+ L: 266,
1730
1749
  S: this,
1731
1750
  A: [
1732
1751
  "!this._remoteOptions",
@@ -1753,7 +1772,7 @@ var InvitationGuestExtension = class extends import_teleport.RpcExtension {
1753
1772
  try {
1754
1773
  (0, import_log5.log)("begin options", void 0, {
1755
1774
  F: __dxlog_file6,
1756
- L: 260,
1775
+ L: 287,
1757
1776
  S: this,
1758
1777
  C: (f, a) => f(...a)
1759
1778
  });
@@ -1765,7 +1784,7 @@ var InvitationGuestExtension = class extends import_teleport.RpcExtension {
1765
1784
  }));
1766
1785
  (0, import_log5.log)("end options", void 0, {
1767
1786
  F: __dxlog_file6,
1768
- L: 263,
1787
+ L: 290,
1769
1788
  S: this,
1770
1789
  C: (f, a) => f(...a)
1771
1790
  });
@@ -1779,7 +1798,7 @@ var InvitationGuestExtension = class extends import_teleport.RpcExtension {
1779
1798
  } catch (err) {
1780
1799
  (0, import_log5.log)("openError", err, {
1781
1800
  F: __dxlog_file6,
1782
- L: 273,
1801
+ L: 300,
1783
1802
  S: this,
1784
1803
  C: (f, a) => f(...a)
1785
1804
  });
@@ -1789,7 +1808,7 @@ var InvitationGuestExtension = class extends import_teleport.RpcExtension {
1789
1808
  async onClose() {
1790
1809
  (0, import_log5.log)("onClose", void 0, {
1791
1810
  F: __dxlog_file6,
1792
- L: 279,
1811
+ L: 306,
1793
1812
  S: this,
1794
1813
  C: (f, a) => f(...a)
1795
1814
  });
@@ -1806,11 +1825,11 @@ var InvitationsHandler = class {
1806
1825
  this._networkManager = _networkManager;
1807
1826
  }
1808
1827
  createInvitation(protocol, options) {
1809
- const { invitationId = import_keys5.PublicKey.random().toHex(), type = import_services3.Invitation.Type.INTERACTIVE, authMethod = import_services3.Invitation.AuthMethod.SHARED_SECRET, state = import_services3.Invitation.State.INIT, timeout = import_client_protocol2.INVITATION_TIMEOUT, swarmKey = import_keys5.PublicKey.random(), persistent = true, created = /* @__PURE__ */ new Date(), lifetime = 86400, multiUse = false } = options ?? {};
1828
+ const { invitationId = import_keys5.PublicKey.random().toHex(), type = import_services3.Invitation.Type.INTERACTIVE, authMethod = import_services3.Invitation.AuthMethod.SHARED_SECRET, state = import_services3.Invitation.State.INIT, timeout = import_client_protocol2.INVITATION_TIMEOUT, swarmKey = import_keys5.PublicKey.random(), persistent = options?.authMethod !== import_services3.Invitation.AuthMethod.KNOWN_PUBLIC_KEY, created = /* @__PURE__ */ new Date(), guestKeypair = void 0, lifetime = 86400, multiUse = false } = options ?? {};
1810
1829
  const authCode = options?.authCode ?? (authMethod === import_services3.Invitation.AuthMethod.SHARED_SECRET ? (0, import_credentials7.generatePasscode)(import_client_protocol2.AUTHENTICATION_CODE_LENGTH) : void 0);
1811
1830
  (0, import_invariant5.invariant)(protocol, void 0, {
1812
1831
  F: __dxlog_file7,
1813
- L: 85,
1832
+ L: 87,
1814
1833
  S: this,
1815
1834
  A: [
1816
1835
  "protocol",
@@ -1825,7 +1844,8 @@ var InvitationsHandler = class {
1825
1844
  swarmKey,
1826
1845
  authCode,
1827
1846
  timeout,
1828
- persistent: persistent && type !== import_services3.Invitation.Type.OFFLINE,
1847
+ persistent: persistent && type !== import_services3.Invitation.Type.DELEGATED,
1848
+ guestKeypair: guestKeypair ?? (authMethod === import_services3.Invitation.AuthMethod.KNOWN_PUBLIC_KEY ? createAdmissionKeypair() : void 0),
1829
1849
  created,
1830
1850
  lifetime,
1831
1851
  multiUse,
@@ -1843,7 +1863,7 @@ var InvitationsHandler = class {
1843
1863
  ...protocol.toJSON()
1844
1864
  }, {
1845
1865
  F: __dxlog_file7,
1846
- L: 111,
1866
+ L: 115,
1847
1867
  S: this,
1848
1868
  C: (f, a) => f(...a)
1849
1869
  });
@@ -1868,7 +1888,7 @@ var InvitationsHandler = class {
1868
1888
  const deviceKey = admissionRequest.device?.deviceKey ?? admissionRequest.space?.deviceKey;
1869
1889
  (0, import_invariant5.invariant)(deviceKey, void 0, {
1870
1890
  F: __dxlog_file7,
1871
- L: 132,
1891
+ L: 136,
1872
1892
  S: this,
1873
1893
  A: [
1874
1894
  "deviceKey",
@@ -1891,7 +1911,7 @@ var InvitationsHandler = class {
1891
1911
  id: traceId
1892
1912
  }), {
1893
1913
  F: __dxlog_file7,
1894
- L: 150,
1914
+ L: 154,
1895
1915
  S: this,
1896
1916
  C: (f, a) => f(...a)
1897
1917
  });
@@ -1899,7 +1919,7 @@ var InvitationsHandler = class {
1899
1919
  ...protocol.toJSON()
1900
1920
  }, {
1901
1921
  F: __dxlog_file7,
1902
- L: 151,
1922
+ L: 155,
1903
1923
  S: this,
1904
1924
  C: (f, a) => f(...a)
1905
1925
  });
@@ -1915,7 +1935,7 @@ var InvitationsHandler = class {
1915
1935
  ...protocol.toJSON()
1916
1936
  }, {
1917
1937
  F: __dxlog_file7,
1918
- L: 154,
1938
+ L: 158,
1919
1939
  S: this,
1920
1940
  C: (f, a) => f(...a)
1921
1941
  });
@@ -1927,7 +1947,7 @@ var InvitationsHandler = class {
1927
1947
  id: traceId
1928
1948
  }), {
1929
1949
  F: __dxlog_file7,
1930
- L: 156,
1950
+ L: 160,
1931
1951
  S: this,
1932
1952
  C: (f, a) => f(...a)
1933
1953
  });
@@ -1937,7 +1957,7 @@ var InvitationsHandler = class {
1937
1957
  ...protocol.toJSON()
1938
1958
  }, {
1939
1959
  F: __dxlog_file7,
1940
- L: 159,
1960
+ L: 163,
1941
1961
  S: this,
1942
1962
  C: (f, a) => f(...a)
1943
1963
  });
@@ -1948,7 +1968,7 @@ var InvitationsHandler = class {
1948
1968
  } else {
1949
1969
  import_log4.log.error("failed", err, {
1950
1970
  F: __dxlog_file7,
1951
- L: 162,
1971
+ L: 166,
1952
1972
  S: this,
1953
1973
  C: (f, a) => f(...a)
1954
1974
  });
@@ -1959,7 +1979,7 @@ var InvitationsHandler = class {
1959
1979
  error: err
1960
1980
  }), {
1961
1981
  F: __dxlog_file7,
1962
- L: 165,
1982
+ L: 169,
1963
1983
  S: this,
1964
1984
  C: (f, a) => f(...a)
1965
1985
  });
@@ -1980,7 +2000,7 @@ var InvitationsHandler = class {
1980
2000
  ...protocol.toJSON()
1981
2001
  }, {
1982
2002
  F: __dxlog_file7,
1983
- L: 180,
2003
+ L: 184,
1984
2004
  S: this,
1985
2005
  C: (f, a) => f(...a)
1986
2006
  });
@@ -1991,7 +2011,7 @@ var InvitationsHandler = class {
1991
2011
  } else {
1992
2012
  import_log4.log.error("failed", err, {
1993
2013
  F: __dxlog_file7,
1994
- L: 183,
2014
+ L: 187,
1995
2015
  S: this,
1996
2016
  C: (f, a) => f(...a)
1997
2017
  });
@@ -2005,7 +2025,7 @@ var InvitationsHandler = class {
2005
2025
  if (invitation.created.getTime() + invitation.lifetime * 1e3 < Date.now()) {
2006
2026
  import_log4.log.warn("invitation has already expired", void 0, {
2007
2027
  F: __dxlog_file7,
2008
- L: 194,
2028
+ L: 198,
2009
2029
  S: this,
2010
2030
  C: (f, a) => f(...a)
2011
2031
  });
@@ -2056,7 +2076,7 @@ var InvitationsHandler = class {
2056
2076
  const { timeout = import_client_protocol2.INVITATION_TIMEOUT } = invitation;
2057
2077
  (0, import_invariant5.invariant)(protocol, void 0, {
2058
2078
  F: __dxlog_file7,
2059
- L: 248,
2079
+ L: 252,
2060
2080
  S: this,
2061
2081
  A: [
2062
2082
  "protocol",
@@ -2066,7 +2086,7 @@ var InvitationsHandler = class {
2066
2086
  if (deviceProfile) {
2067
2087
  (0, import_invariant5.invariant)(invitation.kind === import_services3.Invitation.Kind.DEVICE, "deviceProfile provided for non-device invitation", {
2068
2088
  F: __dxlog_file7,
2069
- L: 252,
2089
+ L: 256,
2070
2090
  S: this,
2071
2091
  A: [
2072
2092
  "invitation.kind === Invitation.Kind.DEVICE",
@@ -2081,7 +2101,7 @@ var InvitationsHandler = class {
2081
2101
  const setState = (newData) => {
2082
2102
  (0, import_invariant5.invariant)(newData.state !== void 0, void 0, {
2083
2103
  F: __dxlog_file7,
2084
- L: 263,
2104
+ L: 267,
2085
2105
  S: this,
2086
2106
  A: [
2087
2107
  "newData.state !== undefined",
@@ -2101,7 +2121,7 @@ var InvitationsHandler = class {
2101
2121
  ...protocol.toJSON()
2102
2122
  }, {
2103
2123
  F: __dxlog_file7,
2104
- L: 271,
2124
+ L: 275,
2105
2125
  S: this,
2106
2126
  C: (f, a) => f(...a)
2107
2127
  });
@@ -2111,7 +2131,7 @@ var InvitationsHandler = class {
2111
2131
  } else {
2112
2132
  import_log4.log.warn("auth failed", err, {
2113
2133
  F: __dxlog_file7,
2114
- L: 274,
2134
+ L: 278,
2115
2135
  S: this,
2116
2136
  C: (f, a) => f(...a)
2117
2137
  });
@@ -2125,7 +2145,7 @@ var InvitationsHandler = class {
2125
2145
  ...protocol.toJSON()
2126
2146
  }, {
2127
2147
  F: __dxlog_file7,
2128
- L: 282,
2148
+ L: 286,
2129
2149
  S: this,
2130
2150
  C: (f, a) => f(...a)
2131
2151
  });
@@ -2140,7 +2160,7 @@ var InvitationsHandler = class {
2140
2160
  currentState
2141
2161
  }, {
2142
2162
  F: __dxlog_file7,
2143
- L: 292,
2163
+ L: 296,
2144
2164
  S: this,
2145
2165
  C: (f, a) => f(...a)
2146
2166
  });
@@ -2155,7 +2175,7 @@ var InvitationsHandler = class {
2155
2175
  id: traceId
2156
2176
  }), {
2157
2177
  F: __dxlog_file7,
2158
- L: 301,
2178
+ L: 305,
2159
2179
  S: this,
2160
2180
  C: (f, a) => f(...a)
2161
2181
  });
@@ -2167,7 +2187,7 @@ var InvitationsHandler = class {
2167
2187
  ...protocol.toJSON()
2168
2188
  }, {
2169
2189
  F: __dxlog_file7,
2170
- L: 309,
2190
+ L: 313,
2171
2191
  S: this,
2172
2192
  C: (f, a) => f(...a)
2173
2193
  });
@@ -2178,7 +2198,7 @@ var InvitationsHandler = class {
2178
2198
  ...protocol.toJSON()
2179
2199
  }, {
2180
2200
  F: __dxlog_file7,
2181
- L: 313,
2201
+ L: 317,
2182
2202
  S: this,
2183
2203
  C: (f, a) => f(...a)
2184
2204
  });
@@ -2188,62 +2208,28 @@ var InvitationsHandler = class {
2188
2208
  response: introductionResponse
2189
2209
  }, {
2190
2210
  F: __dxlog_file7,
2191
- L: 317,
2211
+ L: 321,
2192
2212
  S: this,
2193
2213
  C: (f, a) => f(...a)
2194
2214
  });
2195
2215
  invitation.authMethod = introductionResponse.authMethod;
2196
2216
  if (isAuthenticationRequired(invitation)) {
2197
- for (let attempt = 1; attempt <= MAX_OTP_ATTEMPTS; attempt++) {
2198
- (0, import_log4.log)("guest waiting for authentication code...", void 0, {
2199
- F: __dxlog_file7,
2200
- L: 323,
2201
- S: this,
2202
- C: (f, a) => f(...a)
2203
- });
2204
- setState({
2205
- state: import_services3.Invitation.State.READY_FOR_AUTHENTICATION
2206
- });
2207
- const authCode = await authenticated.wait({
2208
- timeout
2209
- });
2210
- (0, import_log4.log)("sending authentication request", void 0, {
2211
- F: __dxlog_file7,
2212
- L: 327,
2213
- S: this,
2214
- C: (f, a) => f(...a)
2215
- });
2216
- setState({
2217
- state: import_services3.Invitation.State.AUTHENTICATING
2218
- });
2219
- const response = await extension.rpc.InvitationHostService.authenticate({
2220
- authCode
2221
- });
2222
- if (response.status === void 0 || response.status === import_invitations.AuthenticationResponse.Status.OK) {
2217
+ switch (invitation.authMethod) {
2218
+ case import_services3.Invitation.AuthMethod.SHARED_SECRET:
2219
+ await this._handleGuestOtpAuth(extension, setState, authenticated, {
2220
+ timeout
2221
+ });
2222
+ break;
2223
+ case import_services3.Invitation.AuthMethod.KNOWN_PUBLIC_KEY:
2224
+ await this._handleGuestKpkAuth(extension, setState, invitation, introductionResponse);
2223
2225
  break;
2224
- }
2225
- if (response.status === import_invitations.AuthenticationResponse.Status.INVALID_OTP) {
2226
- if (attempt === MAX_OTP_ATTEMPTS) {
2227
- throw new Error(`Maximum retry attempts: ${MAX_OTP_ATTEMPTS}`);
2228
- } else {
2229
- (0, import_log4.log)("retrying invalid code", {
2230
- attempt
2231
- }, {
2232
- F: __dxlog_file7,
2233
- L: 338,
2234
- S: this,
2235
- C: (f, a) => f(...a)
2236
- });
2237
- authenticated.reset();
2238
- }
2239
- }
2240
2226
  }
2241
2227
  }
2242
2228
  (0, import_log4.log)("request admission", {
2243
2229
  ...protocol.toJSON()
2244
2230
  }, {
2245
2231
  F: __dxlog_file7,
2246
- L: 346,
2232
+ L: 337,
2247
2233
  S: this,
2248
2234
  C: (f, a) => f(...a)
2249
2235
  });
@@ -2255,7 +2241,7 @@ var InvitationsHandler = class {
2255
2241
  ...protocol.toJSON()
2256
2242
  }, {
2257
2243
  F: __dxlog_file7,
2258
- L: 357,
2244
+ L: 348,
2259
2245
  S: this,
2260
2246
  C: (f, a) => f(...a)
2261
2247
  });
@@ -2268,7 +2254,7 @@ var InvitationsHandler = class {
2268
2254
  id: traceId
2269
2255
  }), {
2270
2256
  F: __dxlog_file7,
2271
- L: 359,
2257
+ L: 350,
2272
2258
  S: this,
2273
2259
  C: (f, a) => f(...a)
2274
2260
  });
@@ -2278,7 +2264,7 @@ var InvitationsHandler = class {
2278
2264
  ...protocol.toJSON()
2279
2265
  }, {
2280
2266
  F: __dxlog_file7,
2281
- L: 362,
2267
+ L: 353,
2282
2268
  S: this,
2283
2269
  C: (f, a) => f(...a)
2284
2270
  });
@@ -2288,7 +2274,7 @@ var InvitationsHandler = class {
2288
2274
  } else {
2289
2275
  (0, import_log4.log)("auth failed", err, {
2290
2276
  F: __dxlog_file7,
2291
- L: 365,
2277
+ L: 356,
2292
2278
  S: this,
2293
2279
  C: (f, a) => f(...a)
2294
2280
  });
@@ -2299,7 +2285,7 @@ var InvitationsHandler = class {
2299
2285
  error: err
2300
2286
  }), {
2301
2287
  F: __dxlog_file7,
2302
- L: 368,
2288
+ L: 359,
2303
2289
  S: this,
2304
2290
  C: (f, a) => f(...a)
2305
2291
  });
@@ -2317,7 +2303,7 @@ var InvitationsHandler = class {
2317
2303
  ...protocol.toJSON()
2318
2304
  }, {
2319
2305
  F: __dxlog_file7,
2320
- L: 379,
2306
+ L: 370,
2321
2307
  S: this,
2322
2308
  C: (f, a) => f(...a)
2323
2309
  });
@@ -2327,7 +2313,7 @@ var InvitationsHandler = class {
2327
2313
  } else {
2328
2314
  (0, import_log4.log)("auth failed", err, {
2329
2315
  F: __dxlog_file7,
2330
- L: 382,
2316
+ L: 373,
2331
2317
  S: this,
2332
2318
  C: (f, a) => f(...a)
2333
2319
  });
@@ -2344,7 +2330,7 @@ var InvitationsHandler = class {
2344
2330
  } else {
2345
2331
  (0, import_invariant5.invariant)(invitation.swarmKey, void 0, {
2346
2332
  F: __dxlog_file7,
2347
- L: 396,
2333
+ L: 387,
2348
2334
  S: this,
2349
2335
  A: [
2350
2336
  "invitation.swarmKey",
@@ -2382,6 +2368,81 @@ var InvitationsHandler = class {
2382
2368
  });
2383
2369
  return observable;
2384
2370
  }
2371
+ async _handleGuestOtpAuth(extension, setState, authenticated, options) {
2372
+ for (let attempt = 1; attempt <= MAX_OTP_ATTEMPTS; attempt++) {
2373
+ (0, import_log4.log)("guest waiting for authentication code...", void 0, {
2374
+ F: __dxlog_file7,
2375
+ L: 427,
2376
+ S: this,
2377
+ C: (f, a) => f(...a)
2378
+ });
2379
+ setState({
2380
+ state: import_services3.Invitation.State.READY_FOR_AUTHENTICATION
2381
+ });
2382
+ const authCode = await authenticated.wait(options);
2383
+ (0, import_log4.log)("sending authentication request", void 0, {
2384
+ F: __dxlog_file7,
2385
+ L: 431,
2386
+ S: this,
2387
+ C: (f, a) => f(...a)
2388
+ });
2389
+ setState({
2390
+ state: import_services3.Invitation.State.AUTHENTICATING
2391
+ });
2392
+ const response = await extension.rpc.InvitationHostService.authenticate({
2393
+ authCode
2394
+ });
2395
+ if (response.status === void 0 || response.status === import_invitations.AuthenticationResponse.Status.OK) {
2396
+ break;
2397
+ }
2398
+ if (response.status === import_invitations.AuthenticationResponse.Status.INVALID_OTP) {
2399
+ if (attempt === MAX_OTP_ATTEMPTS) {
2400
+ throw new Error(`Maximum retry attempts: ${MAX_OTP_ATTEMPTS}`);
2401
+ } else {
2402
+ (0, import_log4.log)("retrying invalid code", {
2403
+ attempt
2404
+ }, {
2405
+ F: __dxlog_file7,
2406
+ L: 442,
2407
+ S: this,
2408
+ C: (f, a) => f(...a)
2409
+ });
2410
+ authenticated.reset();
2411
+ }
2412
+ }
2413
+ }
2414
+ }
2415
+ async _handleGuestKpkAuth(extension, setState, invitation, introductionResponse) {
2416
+ if (invitation.guestKeypair?.privateKey == null) {
2417
+ throw new Error("keypair missing in the invitation");
2418
+ }
2419
+ if (introductionResponse.challenge == null) {
2420
+ throw new Error("challenge missing in the introduction");
2421
+ }
2422
+ (0, import_log4.log)("sending authentication request", void 0, {
2423
+ F: __dxlog_file7,
2424
+ L: 461,
2425
+ S: this,
2426
+ C: (f, a) => f(...a)
2427
+ });
2428
+ setState({
2429
+ state: import_services3.Invitation.State.AUTHENTICATING
2430
+ });
2431
+ const signature = (0, import_crypto.sign)(Buffer.from(introductionResponse.challenge), invitation.guestKeypair.privateKey);
2432
+ const response = await extension.rpc.InvitationHostService.authenticate({
2433
+ signedChallenge: signature
2434
+ });
2435
+ if (response.status !== import_invitations.AuthenticationResponse.Status.OK) {
2436
+ throw new Error(`Authentication failed with code: ${response.status}`);
2437
+ }
2438
+ }
2439
+ };
2440
+ var createAdmissionKeypair = () => {
2441
+ const keypair = (0, import_crypto.createKeyPair)();
2442
+ return {
2443
+ publicKey: import_keys5.PublicKey.from(keypair.publicKey),
2444
+ privateKey: keypair.secretKey
2445
+ };
2385
2446
  };
2386
2447
  var __dxlog_file8 = "/home/runner/work/dxos/dxos/packages/sdk/client-services/src/packlets/invitations/invitations-service.ts";
2387
2448
  var InvitationsServiceImpl = class {
@@ -4675,7 +4736,7 @@ var ServiceRegistry = class {
4675
4736
  delete this._handlers[name];
4676
4737
  }
4677
4738
  };
4678
- var DXOS_VERSION = "0.4.10-main.3e35a2f";
4739
+ var DXOS_VERSION = "0.4.10-main.403e461";
4679
4740
  var getPlatform = () => {
4680
4741
  if (process.browser) {
4681
4742
  if (typeof window !== "undefined") {
@@ -5593,7 +5654,7 @@ var ClientServicesHost = class {
5593
5654
  await document.whenReady();
5594
5655
  const properties = {
5595
5656
  system: {
5596
- type: (0, import_echo_pipeline5.encodeReference)(E.getTypeReference(import_client_protocol4.Properties))
5657
+ type: (0, import_echo_pipeline5.encodeReference)((0, import_echo_schema.getTypeReference)(import_client_protocol4.Properties))
5597
5658
  },
5598
5659
  data: {
5599
5660
  [import_client_protocol4.defaultKey]: identity.identityKey.toHex()
@@ -5684,6 +5745,7 @@ var findConfigs = () => {
5684
5745
  SpaceInvitationProtocol,
5685
5746
  SpacesServiceImpl,
5686
5747
  TrustedKeySetAuthVerifier,
5748
+ createAdmissionKeypair,
5687
5749
  createAuthProvider,
5688
5750
  createCollectDiagnosticsBroadcastHandler,
5689
5751
  createCollectDiagnosticsBroadcastSender,
@@ -5700,4 +5762,4 @@ var findConfigs = () => {
5700
5762
  subscribeToSpaces,
5701
5763
  subscribeToSwarmInfo
5702
5764
  });
5703
- //# sourceMappingURL=chunk-3T6D6GIB.cjs.map
5765
+ //# sourceMappingURL=chunk-KGGJXJON.cjs.map