@dxos/client-services 0.4.10-main.4c8c73c → 0.4.10-main.4d48ccf

package/src/packlets/invitations/invitations-manager.ts

@@ -2,20 +2,27 @@
 // Copyright 2024 DXOS.org
 //
 
-import { Event } from '@dxos/async';
-import type { AuthenticatingInvitation, CancellableInvitation } from '@dxos/client-protocol';
-import { type Context } from '@dxos/context';
+import { Event, PushStream } from '@dxos/async';
+import {
+  type AuthenticatingInvitation,
+  AUTHENTICATION_CODE_LENGTH,
+  CancellableInvitation,
+  INVITATION_TIMEOUT,
+} from '@dxos/client-protocol';
+import { Context } from '@dxos/context';
+import { generatePasscode } from '@dxos/credentials';
 import { hasInvitationExpired, type MetadataStore } from '@dxos/echo-pipeline';
 import { invariant } from '@dxos/invariant';
+import { PublicKey } from '@dxos/keys';
 import { log } from '@dxos/log';
 import {
   type AcceptInvitationRequest,
-  type Invitation,
   type AuthenticationRequest,
+  Invitation,
 } from '@dxos/protocols/proto/dxos/client/services';
 
 import type { InvitationProtocol } from './invitation-protocol';
-import type { InvitationsHandler } from './invitations-handler';
+import { createAdmissionKeypair, type InvitationsHandler } from './invitations-handler';
 
 /**
  * Entry point for creating and accepting invitations, keeps track of existing invitation set and
@@ -36,36 +43,44 @@ export class InvitationsManager {
 
   constructor(
     private readonly _invitationsHandler: InvitationsHandler,
-    private readonly _getHandler: (invitation: Invitation) => InvitationProtocol,
+    private readonly _getHandler: (invitation: Partial<Invitation> & Pick<Invitation, 'kind'>) => InvitationProtocol,
     private readonly _metadataStore: MetadataStore,
   ) {}
 
-  createInvitation(options: Invitation): CancellableInvitation {
-    const existingInvitation = this._createInvitations.get(options.invitationId);
-    if (existingInvitation) {
-      return existingInvitation;
+  async createInvitation(options: Partial<Invitation> & Pick<Invitation, 'kind'>): Promise<CancellableInvitation> {
+    if (options.invitationId) {
+      const existingInvitation = this._createInvitations.get(options.invitationId);
+      if (existingInvitation) {
+        return existingInvitation;
+      }
     }
 
     const handler = this._getHandler(options);
-    const invitation = this._invitationsHandler.createInvitation(handler, options);
-    this._createInvitations.set(invitation.get().invitationId, invitation);
-    this.invitationCreated.emit(invitation.get());
-
-    const saveInvitationTask = invitation.get().persistent
-      ? this._safePersistInBackground(invitation)
-      : Promise.resolve();
+    const invitation = this._createInvitation(handler, options);
+    const { ctx, stream, observableInvitation } = this._createObservableInvitation(handler, invitation);
 
+    this._createInvitations.set(invitation.invitationId, observableInvitation);
+    this.invitationCreated.emit(invitation);
     // onComplete is called on cancel, expiration, or redemption of a single-use invitation
-    this._onInvitationComplete(invitation, async () => {
-      this._createInvitations.delete(invitation.get().invitationId);
-      this.removedCreated.emit(invitation.get());
-      if (invitation.get().persistent) {
-        await saveInvitationTask;
-        await this._safeDeleteInvitation(invitation.get());
+    this._onInvitationComplete(observableInvitation, async () => {
+      this._createInvitations.delete(observableInvitation.get().invitationId);
+      this.removedCreated.emit(observableInvitation.get());
+      if (observableInvitation.get().persistent) {
+        await this._safeDeleteInvitation(observableInvitation.get());
       }
     });
 
-    return invitation;
+    try {
+      await this._persistIfRequired(handler, stream, invitation);
+    } catch (err) {
+      log.catch(err);
+      await observableInvitation.cancel();
+      return observableInvitation;
+    }
+
+    this._invitationsHandler.handleInvitationFlow(ctx, stream, handler, observableInvitation.get());
+
+    return observableInvitation;
   }
 
   async loadPersistentInvitations(): Promise<{ invitations: Invitation[] }> {
@@ -78,12 +93,13 @@ export class InvitationsManager {
       // get saved persistent invitations, filter and remove from storage those that have expired.
       const freshInvitations = persistentInvitations.filter((invitation) => !hasInvitationExpired(invitation));
 
-      const cInvitations = freshInvitations.map((persistentInvitation) => {
+      const loadTasks = freshInvitations.map((persistentInvitation) => {
         invariant(!this._createInvitations.get(persistentInvitation.invitationId), 'invitation already exists');
-        return this.createInvitation({ ...persistentInvitation, persistent: false }).get();
+        return this.createInvitation({ ...persistentInvitation, persistent: false });
       });
+      const cInvitations = await Promise.all(loadTasks);
 
-      return { invitations: cInvitations };
+      return { invitations: cInvitations.map((invitation) => invitation.get()) };
     } catch (err) {
       log.catch(err);
       return { invitations: [] };
@@ -163,20 +179,78 @@ export class InvitationsManager {
     }
   }
 
-  private _safePersistInBackground(invitation: CancellableInvitation): Promise<void> {
-    return new Promise((resolve) => {
-      setTimeout(async () => {
-        try {
-          await this._metadataStore.addInvitation(invitation.get());
-          this.saved.emit(invitation.get());
-        } catch (err: any) {
-          log.catch(err);
-          await invitation.cancel();
-        } finally {
-          resolve();
-        }
-      });
+  private _createInvitation(protocol: InvitationProtocol, options?: Partial<Invitation>): Invitation {
+    const {
+      invitationId = PublicKey.random().toHex(),
+      type = Invitation.Type.INTERACTIVE,
+      authMethod = Invitation.AuthMethod.SHARED_SECRET,
+      state = Invitation.State.INIT,
+      timeout = INVITATION_TIMEOUT,
+      swarmKey = PublicKey.random(),
+      persistent = options?.authMethod !== Invitation.AuthMethod.KNOWN_PUBLIC_KEY, // default no not storing keypairs
+      created = new Date(),
+      guestKeypair = undefined,
+      lifetime = 86400, // 1 day,
+      multiUse = false,
+    } = options ?? {};
+    const authCode =
+      options?.authCode ??
+      (authMethod === Invitation.AuthMethod.SHARED_SECRET ? generatePasscode(AUTHENTICATION_CODE_LENGTH) : undefined);
+
+    return {
+      invitationId,
+      type,
+      authMethod,
+      state,
+      swarmKey,
+      authCode,
+      timeout,
+      persistent: persistent && type !== Invitation.Type.DELEGATED, // delegated invitations are persisted in control feed
+      guestKeypair:
+        guestKeypair ?? (authMethod === Invitation.AuthMethod.KNOWN_PUBLIC_KEY ? createAdmissionKeypair() : undefined),
+      created,
+      lifetime,
+      multiUse,
+      delegationCredentialId: options?.delegationCredentialId,
+      ...protocol.getInvitationContext(),
+    } satisfies Invitation;
+  }
+
+  private _createObservableInvitation(handler: InvitationProtocol, invitation: Invitation) {
+    const stream = new PushStream<Invitation>();
+    const ctx = new Context({
+      onError: (err) => {
+        stream.error(err);
+        void ctx.dispose();
+      },
     });
+    ctx.onDispose(() => {
+      log('complete', { ...handler.toJSON() });
+      stream.complete();
+    });
+    const observableInvitation = new CancellableInvitation({
+      initialInvitation: invitation,
+      subscriber: stream.observable,
+      onCancel: async () => {
+        stream.next({ ...invitation, state: Invitation.State.CANCELLED });
+        await ctx.dispose();
+      },
+    });
+    return { ctx, stream, observableInvitation };
+  }
+
+  private async _persistIfRequired(
+    handler: InvitationProtocol,
+    changeStream: PushStream<Invitation>,
+    invitation: Invitation,
+  ): Promise<void> {
+    if (invitation.type === Invitation.Type.DELEGATED && invitation.delegationCredentialId == null) {
+      const delegationCredentialId = await handler.delegate(invitation);
+      changeStream.next({ ...invitation, delegationCredentialId });
+    } else if (invitation.persistent) {
+      await this._metadataStore.addInvitation(invitation);
+      this.saved.emit(invitation);
+    }
   }
 
   private async _safeDeleteInvitation(invitation: Invitation): Promise<void> {

package/src/packlets/invitations/invitations-service.ts

@@ -27,9 +27,11 @@ export class InvitationsServiceImpl implements InvitationsService {
   }
 
   createInvitation(options: Invitation): Stream<Invitation> {
-    const invitation = this._invitationsManager.createInvitation(options);
     return new Stream<Invitation>(({ next, close }) => {
-      invitation.subscribe(next, close, close);
+      void this._invitationsManager
+        .createInvitation(options)
+        .then((invitation) => invitation.subscribe(next, close, close))
+        .catch(close);
     });
   }
 

package/src/packlets/invitations/space-invitation-protocol.ts

@@ -2,7 +2,11 @@
 // Copyright 2023 DXOS.org
 //
 
-import { createAdmissionCredentials, getCredentialAssertion } from '@dxos/credentials';
+import {
+  createAdmissionCredentials,
+  createDelegatedSpaceInvitationCredential,
+  getCredentialAssertion,
+} from '@dxos/credentials';
 import { writeMessages } from '@dxos/feed-store';
 import { invariant } from '@dxos/invariant';
 import { type Keyring } from '@dxos/keyring';
@@ -11,7 +15,7 @@ import { log } from '@dxos/log';
 import { AlreadyJoinedError } from '@dxos/protocols';
 import { Invitation } from '@dxos/protocols/proto/dxos/client/services';
 import { type FeedMessage } from '@dxos/protocols/proto/dxos/echo/feed';
-import { type ProfileDocument } from '@dxos/protocols/proto/dxos/halo/credentials';
+import { SpaceMember, type ProfileDocument } from '@dxos/protocols/proto/dxos/halo/credentials';
 import {
   type AdmissionRequest,
   type AdmissionResponse,
@@ -43,7 +47,11 @@ export class SpaceInvitationProtocol implements InvitationProtocol {
     };
   }
 
-  async admit(request: AdmissionRequest, guestProfile?: ProfileDocument | undefined): Promise<AdmissionResponse> {
+  async admit(
+    invitation: Invitation,
+    request: AdmissionRequest,
+    guestProfile?: ProfileDocument | undefined,
+  ): Promise<AdmissionResponse> {
     invariant(this._spaceKey);
     const space = await this._spaceManager.spaces.get(this._spaceKey);
     invariant(space);
@@ -59,6 +67,7 @@ export class SpaceInvitationProtocol implements InvitationProtocol {
       space.key,
       space.inner.genesisFeedKey,
       guestProfile,
+      invitation.delegationCredentialId,
     );
 
     // TODO(dmaretskyi): Refactor.
@@ -76,6 +85,39 @@ export class SpaceInvitationProtocol implements InvitationProtocol {
     };
   }
 
+  async delegate(invitation: Invitation): Promise<PublicKey> {
+    invariant(this._spaceKey);
+    const space = await this._spaceManager.spaces.get(this._spaceKey);
+    invariant(space);
+    if (invitation.authMethod === Invitation.AuthMethod.KNOWN_PUBLIC_KEY) {
+      invariant(invitation.guestKeypair?.publicKey);
+    }
+
+    log('writing delegate space invitation', { host: this._signingContext.deviceKey, id: invitation.invitationId });
+    const credential = await createDelegatedSpaceInvitationCredential(
+      this._signingContext.credentialSigner,
+      space.key,
+      {
+        invitationId: invitation.invitationId,
+        authMethod: invitation.authMethod,
+        swarmKey: invitation.swarmKey,
+        role: SpaceMember.Role.ADMIN,
+        expiresOn: invitation.lifetime
+          ? new Date((invitation.created?.getTime() ?? Date.now()) + invitation.lifetime)
+          : undefined,
+        multiUse: invitation.multiUse ?? false,
+        guestKey:
+          invitation.authMethod === Invitation.AuthMethod.KNOWN_PUBLIC_KEY
+            ? invitation.guestKeypair!.publicKey
+            : undefined,
+      },
+    );
+
+    invariant(credential.credential);
+    await writeMessages(space.inner.controlPipeline.writer, [credential]);
+    return credential.credential.credential.id!;
+  }
+
   checkInvitation(invitation: Partial<Invitation>) {
     if (invitation.spaceKey && this._spaceManager.spaces.has(invitation.spaceKey)) {
       return new AlreadyJoinedError('Already joined space.');

package/src/packlets/services/automerge-host.test.ts

@@ -5,9 +5,9 @@
 import { expect } from 'chai';
 
 import { asyncTimeout, sleep } from '@dxos/async';
+import { AutomergeContext } from '@dxos/echo-db';
 import { AutomergeHost, DataServiceImpl } from '@dxos/echo-pipeline';
 import { createTestLevel } from '@dxos/echo-pipeline/testing';
-import { AutomergeContext } from '@dxos/echo-schema';
 import { afterTest, describe, test } from '@dxos/test';
 
 describe('AutomergeHost', () => {

package/src/packlets/services/service-context.ts

@@ -32,7 +32,7 @@ import {
   type IdentityManagerRuntimeParams,
   type JoinIdentityParams,
 } from '../identity';
-import { createDocumentsIterator, createSelectedDocumentsIterator } from '../indexing';
+import { createSelectedDocumentsIterator } from '../indexing';
 import {
   DeviceInvitationProtocol,
   InvitationsHandler,
@@ -131,10 +131,10 @@ export class ServiceContext extends Resource {
     });
 
     this.indexer = new Indexer({
+      db: this.level,
       indexStore: new IndexStore({ db: level.sublevel('index-storage') }),
       metadataStore: this.indexMetadata,
       loadDocuments: createSelectedDocumentsIterator(this.automergeHost),
-      getAllDocuments: createDocumentsIterator(this.automergeHost),
     });
 
     this.invitations = new InvitationsHandler(this.networkManager);
@@ -256,6 +256,7 @@ export class ServiceContext extends Resource {
       signingContext,
       this.feedStore,
       this.automergeHost,
+      this.invitationsManager,
       this._runtimeParams as DataSpaceManagerRuntimeParams,
     );
     await this.dataSpaceManager.open();

package/src/packlets/spaces/data-space-manager.ts

@@ -4,7 +4,7 @@
 
 import { Event, synchronized, trackLeaks } from '@dxos/async';
 import { Context, cancelWithContext } from '@dxos/context';
-import { getCredentialAssertion, type CredentialSigner } from '@dxos/credentials';
+import { getCredentialAssertion, type CredentialSigner, type DelegateInvitationCredential } from '@dxos/credentials';
 import { type AutomergeHost, type MetadataStore, type Space, type SpaceManager } from '@dxos/echo-pipeline';
 import { type FeedStore } from '@dxos/feed-store';
 import { invariant } from '@dxos/invariant';
@@ -12,10 +12,11 @@ import { type Keyring } from '@dxos/keyring';
 import { PublicKey } from '@dxos/keys';
 import { log } from '@dxos/log';
 import { trace } from '@dxos/protocols';
-import { SpaceState } from '@dxos/protocols/proto/dxos/client/services';
+import { Invitation, SpaceState } from '@dxos/protocols/proto/dxos/client/services';
 import { type FeedMessage } from '@dxos/protocols/proto/dxos/echo/feed';
 import { type SpaceMetadata } from '@dxos/protocols/proto/dxos/echo/metadata';
 import { type Credential, type ProfileDocument } from '@dxos/protocols/proto/dxos/halo/credentials';
+import { type DelegateSpaceInvitation } from '@dxos/protocols/proto/dxos/halo/invitations';
 import { Gossip, Presence } from '@dxos/teleport-extension-gossip';
 import { type Timeframe } from '@dxos/timeframe';
 import { ComplexMap, deferFunction, forEachAsync } from '@dxos/util';
@@ -23,6 +24,7 @@ import { ComplexMap, deferFunction, forEachAsync } from '@dxos/util';
 import { DataSpace } from './data-space';
 import { spaceGenesis } from './genesis';
 import { createAuthProvider } from '../identity';
+import { type InvitationsManager } from '../invitations';
 
 const PRESENCE_ANNOUNCE_INTERVAL = 10_000;
 const PRESENCE_OFFLINE_TIMEOUT = 20_000;
@@ -78,6 +80,7 @@ export class DataSpaceManager {
     private readonly _signingContext: SigningContext,
     private readonly _feedStore: FeedStore<FeedMessage>,
     private readonly _automergeHost: AutomergeHost,
+    private readonly _invitationsManager: InvitationsManager,
     params?: DataSpaceManagerRuntimeParams,
   ) {
     const {
@@ -247,6 +250,9 @@ export class DataSpaceManager {
         log.warn('auth failure');
       },
       memberKey: this._signingContext.identityKey,
+      onDelegatedInvitationStatusChange: (invitation, isActive) => {
+        return this._handleInvitationStatusChange(dataSpace, invitation, isActive);
+      },
     });
     controlFeed && (await space.setControlFeed(controlFeed));
     dataFeed && (await space.setDataFeed(dataFeed));
@@ -267,6 +273,7 @@ export class DataSpaceManager {
         afterReady: async () => {
           log('after space ready', { space: space.key, open: this._isOpen });
           if (this._isOpen) {
+            await this._createDelegatedInvitations(dataSpace, [...space.spaceState.invitations.entries()]);
             this.updated.emit();
           }
         },
@@ -289,4 +296,43 @@ export class DataSpaceManager {
     this._spaces.set(metadata.key, dataSpace);
     return dataSpace;
   }
+
+  private async _handleInvitationStatusChange(
+    dataSpace: DataSpace | undefined,
+    delegatedInvitation: DelegateInvitationCredential,
+    isActive: boolean,
+  ): Promise<void> {
+    if (dataSpace?.state !== SpaceState.READY) {
+      return;
+    }
+    if (isActive) {
+      await this._createDelegatedInvitations(dataSpace, [
+        [delegatedInvitation.credentialId, delegatedInvitation.invitation],
+      ]);
+    } else {
+      await this._invitationsManager.cancelInvitation(delegatedInvitation.invitation);
+    }
+  }
+
+  private async _createDelegatedInvitations(
+    space: DataSpace,
+    invitations: Array<[PublicKey, DelegateSpaceInvitation]>,
+  ): Promise<void> {
+    const tasks = invitations.map(([credentialId, invitation]) => {
+      return this._invitationsManager.createInvitation({
+        type: Invitation.Type.DELEGATED,
+        kind: Invitation.Kind.SPACE,
+        spaceKey: space.key,
+        authMethod: invitation.authMethod,
+        invitationId: invitation.invitationId,
+        swarmKey: invitation.swarmKey,
+        guestKeypair: invitation.guestKey ? { publicKey: invitation.guestKey } : undefined,
+        lifetime: invitation.expiresOn ? invitation.expiresOn.getTime() - Date.now() : undefined,
+        multiUse: invitation.multiUse,
+        delegationCredentialId: credentialId,
+        persistent: false,
+      });
+    });
+    await Promise.all(tasks);
+  }
 }

package/src/packlets/spaces/data-space.ts

@@ -6,7 +6,6 @@ import { Event, asyncTimeout, scheduleTask, sleep, synchronized, trackLeaks } fr
 import { AUTH_TIMEOUT } from '@dxos/client-protocol';
 import { cancelWithContext, Context, ContextDisposedError } from '@dxos/context';
 import { timed, warnAfterTimeout } from '@dxos/debug';
-import { TYPE_PROPERTIES } from '@dxos/echo-db';
 import {
   type MetadataStore,
   type Space,
@@ -15,6 +14,7 @@ import {
   type SpaceDoc,
 } from '@dxos/echo-pipeline';
 import { AutomergeDocumentLoaderImpl } from '@dxos/echo-pipeline';
+import { TYPE_PROPERTIES } from '@dxos/echo-schema';
 import { type FeedStore } from '@dxos/feed-store';
 import { failedInvariant, invariant } from '@dxos/invariant';
 import { type Keyring } from '@dxos/keyring';