@dxos/client-services 0.4.10-main.572d54f → 0.4.10-main.60c7894

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. package/dist/lib/browser/{chunk-EHOUJRFC.mjs → chunk-I6CHB7LS.mjs} +169 -105
  2. package/dist/lib/browser/chunk-I6CHB7LS.mjs.map +7 -0
  3. package/dist/lib/browser/index.mjs +3 -1
  4. package/dist/lib/browser/index.mjs.map +1 -1
  5. package/dist/lib/browser/meta.json +1 -1
  6. package/dist/lib/browser/packlets/testing/index.mjs +3 -2
  7. package/dist/lib/browser/packlets/testing/index.mjs.map +3 -3
  8. package/dist/lib/node/{chunk-VN2F3LFL.cjs → chunk-XEHKQ2TZ.cjs} +172 -107
  9. package/dist/lib/node/chunk-XEHKQ2TZ.cjs.map +7 -0
  10. package/dist/lib/node/index.cjs +43 -41
  11. package/dist/lib/node/index.cjs.map +1 -1
  12. package/dist/lib/node/meta.json +1 -1
  13. package/dist/lib/node/packlets/testing/index.cjs +8 -7
  14. package/dist/lib/node/packlets/testing/index.cjs.map +3 -3
  15. package/dist/types/src/packlets/indexing/util.d.ts +2 -1
  16. package/dist/types/src/packlets/indexing/util.d.ts.map +1 -1
  17. package/dist/types/src/packlets/invitations/invitation-extension.d.ts +1 -0
  18. package/dist/types/src/packlets/invitations/invitation-extension.d.ts.map +1 -1
  19. package/dist/types/src/packlets/invitations/invitations-handler.d.ts +4 -1
  20. package/dist/types/src/packlets/invitations/invitations-handler.d.ts.map +1 -1
  21. package/dist/types/src/packlets/services/service-context.d.ts.map +1 -1
  22. package/dist/types/src/packlets/services/service-host.d.ts +2 -2
  23. package/dist/types/src/packlets/testing/test-builder.d.ts +3 -4
  24. package/dist/types/src/packlets/testing/test-builder.d.ts.map +1 -1
  25. package/dist/types/src/version.d.ts +1 -1
  26. package/package.json +34 -34
  27. package/src/packlets/indexing/util.ts +2 -2
  28. package/src/packlets/invitations/invitation-extension.ts +28 -1
  29. package/src/packlets/invitations/invitations-handler.ts +71 -23
  30. package/src/packlets/services/service-context.ts +3 -3
  31. package/src/packlets/services/service-host.ts +4 -4
  32. package/src/packlets/testing/test-builder.ts +4 -4
  33. package/src/version.ts +1 -1
  34. package/dist/lib/browser/chunk-EHOUJRFC.mjs.map +0 -7
  35. package/dist/lib/node/chunk-VN2F3LFL.cjs.map +0 -7
package/dist/lib/browser/{chunk-EHOUJRFC.mjs → chunk-I6CHB7LS.mjs} RENAMED
@@ -1282,6 +1282,7 @@ import { PushStream, scheduleTask as scheduleTask2, TimeoutError, Trigger as Tri
1282
1282
  import { AuthenticatingInvitation, AUTHENTICATION_CODE_LENGTH, CancellableInvitation, INVITATION_TIMEOUT } from "@dxos/client-protocol";
1283
1283
  import { Context as Context5 } from "@dxos/context";
1284
1284
  import { generatePasscode } from "@dxos/credentials";
1285
+ import { createKeyPair, sign } from "@dxos/crypto";
1285
1286
  import { invariant as invariant6 } from "@dxos/invariant";
1286
1287
  import { PublicKey as PublicKey6 } from "@dxos/keys";
1287
1288
  import { log as log5 } from "@dxos/log";
@@ -1293,6 +1294,7 @@ import { AuthenticationResponse as AuthenticationResponse2 } from "@dxos/protoco
1293
1294
  // packages/sdk/client-services/src/packlets/invitations/invitation-extension.ts
1294
1295
  import { Trigger as Trigger2 } from "@dxos/async";
1295
1296
  import { cancelWithContext, Context as Context4 } from "@dxos/context";
1297
+ import { randomBytes, verify } from "@dxos/crypto";
1296
1298
  import { invariant as invariant5 } from "@dxos/invariant";
1297
1299
  import { PublicKey as PublicKey5 } from "@dxos/keys";
1298
1300
  import { log as log4 } from "@dxos/log";
@@ -1316,6 +1318,7 @@ var InvitationHostExtension = class extends RpcExtension {
1316
1318
  this._callbacks = _callbacks;
1317
1319
  this._ctx = new Context4();
1318
1320
  this._remoteOptionsTrigger = new Trigger2();
1321
+ this._challenge = void 0;
1319
1322
  this.invitation = void 0;
1320
1323
  this.guestProfile = void 0;
1321
1324
  this.authenticationPassed = false;
@@ -1330,7 +1333,7 @@ var InvitationHostExtension = class extends RpcExtension {
1330
1333
  options: async (options) => {
1331
1334
  invariant5(!this._remoteOptions, "Remote options already set.", {
1332
1335
  F: __dxlog_file6,
1333
- L: 87,
1336
+ L: 90,
1334
1337
  S: this,
1335
1338
  A: [
1336
1339
  "!this._remoteOptions",
@@ -1347,7 +1350,7 @@ var InvitationHostExtension = class extends RpcExtension {
1347
1350
  id: traceId
1348
1351
  }), {
1349
1352
  F: __dxlog_file6,
1350
- L: 96,
1353
+ L: 99,
1351
1354
  S: this,
1352
1355
  C: (f, a) => f(...a)
1353
1356
  });
@@ -1357,7 +1360,7 @@ var InvitationHostExtension = class extends RpcExtension {
1357
1360
  invitationId
1358
1361
  }, {
1359
1362
  F: __dxlog_file6,
1360
- L: 100,
1363
+ L: 103,
1361
1364
  S: this,
1362
1365
  C: (f, a) => f(...a)
1363
1366
  });
@@ -1371,7 +1374,7 @@ var InvitationHostExtension = class extends RpcExtension {
1371
1374
  guestProfile: profile
1372
1375
  }, {
1373
1376
  F: __dxlog_file6,
1374
- L: 109,
1377
+ L: 112,
1375
1378
  S: this,
1376
1379
  C: (f, a) => f(...a)
1377
1380
  });
@@ -1380,25 +1383,27 @@ var InvitationHostExtension = class extends RpcExtension {
1380
1383
  ...this.invitation,
1381
1384
  state: Invitation2.State.READY_FOR_AUTHENTICATION
1382
1385
  });
1386
+ this._challenge = this.invitation.authMethod === Invitation2.AuthMethod.KNOWN_PUBLIC_KEY ? randomBytes(32) : void 0;
1383
1387
  log4.trace("dxos.sdk.invitation-handler.host.introduce", trace3.end({
1384
1388
  id: traceId
1385
1389
  }), {
1386
1390
  F: __dxlog_file6,
1387
- L: 116,
1391
+ L: 122,
1388
1392
  S: this,
1389
1393
  C: (f, a) => f(...a)
1390
1394
  });
1391
1395
  return {
1392
- authMethod: this.invitation.authMethod
1396
+ authMethod: this.invitation.authMethod,
1397
+ challenge: this._challenge
1393
1398
  };
1394
1399
  },
1395
- authenticate: async ({ authCode: code }) => {
1400
+ authenticate: async ({ authCode: code, signedChallenge }) => {
1396
1401
  const traceId = PublicKey5.random().toHex();
1397
1402
  log4.trace("dxos.sdk.invitation-handler.host.authenticate", trace3.begin({
1398
1403
  id: traceId
1399
1404
  }), {
1400
1405
  F: __dxlog_file6,
1401
- L: 124,
1406
+ L: 131,
1402
1407
  S: this,
1403
1408
  C: (f, a) => f(...a)
1404
1409
  });
@@ -1406,14 +1411,14 @@ var InvitationHostExtension = class extends RpcExtension {
1406
1411
  authCode: code
1407
1412
  }, {
1408
1413
  F: __dxlog_file6,
1409
- L: 125,
1414
+ L: 132,
1410
1415
  S: this,
1411
1416
  C: (f, a) => f(...a)
1412
1417
  });
1413
1418
  let status = AuthenticationResponse.Status.OK;
1414
1419
  invariant5(this.invitation, "Invitation is not set.", {
1415
1420
  F: __dxlog_file6,
1416
- L: 128,
1421
+ L: 135,
1417
1422
  S: this,
1418
1423
  A: [
1419
1424
  "this.invitation",
@@ -1424,7 +1429,7 @@ var InvitationHostExtension = class extends RpcExtension {
1424
1429
  case Invitation2.AuthMethod.NONE: {
1425
1430
  log4("authentication not required", void 0, {
1426
1431
  F: __dxlog_file6,
1427
- L: 131,
1432
+ L: 138,
1428
1433
  S: this,
1429
1434
  C: (f, a) => f(...a)
1430
1435
  });
@@ -1444,12 +1449,25 @@ var InvitationHostExtension = class extends RpcExtension {
1444
1449
  }
1445
1450
  break;
1446
1451
  }
1452
+ case Invitation2.AuthMethod.KNOWN_PUBLIC_KEY: {
1453
+ if (!this.invitation.guestKeypair) {
1454
+ status = AuthenticationResponse.Status.INTERNAL_ERROR;
1455
+ break;
1456
+ }
1457
+ const isSignatureValid = this._challenge && verify(this._challenge, Buffer.from(signedChallenge ?? []), this.invitation.guestKeypair.publicKey.asBuffer());
1458
+ if (isSignatureValid) {
1459
+ this.authenticationPassed = true;
1460
+ } else {
1461
+ status = AuthenticationResponse.Status.INVALID_SIGNATURE;
1462
+ }
1463
+ break;
1464
+ }
1447
1465
  default: {
1448
1466
  log4.error("invalid authentication method", {
1449
1467
  authMethod: this.invitation.authMethod
1450
1468
  }, {
1451
1469
  F: __dxlog_file6,
1452
- L: 149,
1470
+ L: 176,
1453
1471
  S: this,
1454
1472
  C: (f, a) => f(...a)
1455
1473
  });
@@ -1464,7 +1482,7 @@ var InvitationHostExtension = class extends RpcExtension {
1464
1482
  }
1465
1483
  }), {
1466
1484
  F: __dxlog_file6,
1467
- L: 155,
1485
+ L: 182,
1468
1486
  S: this,
1469
1487
  C: (f, a) => f(...a)
1470
1488
  });
@@ -1478,14 +1496,14 @@ var InvitationHostExtension = class extends RpcExtension {
1478
1496
  id: traceId
1479
1497
  }), {
1480
1498
  F: __dxlog_file6,
1481
- L: 161,
1499
+ L: 188,
1482
1500
  S: this,
1483
1501
  C: (f, a) => f(...a)
1484
1502
  });
1485
1503
  try {
1486
1504
  invariant5(this.invitation, "Invitation is not set.", {
1487
1505
  F: __dxlog_file6,
1488
- L: 164,
1506
+ L: 191,
1489
1507
  S: this,
1490
1508
  A: [
1491
1509
  "this.invitation",
@@ -1500,7 +1518,7 @@ var InvitationHostExtension = class extends RpcExtension {
1500
1518
  id: traceId
1501
1519
  }), {
1502
1520
  F: __dxlog_file6,
1503
- L: 172,
1521
+ L: 199,
1504
1522
  S: this,
1505
1523
  C: (f, a) => f(...a)
1506
1524
  });
@@ -1557,7 +1575,7 @@ var InvitationGuestExtension = class extends RpcExtension {
1557
1575
  options: async (options) => {
1558
1576
  invariant5(!this._remoteOptions, "Remote options already set.", {
1559
1577
  F: __dxlog_file6,
1560
- L: 239,
1578
+ L: 266,
1561
1579
  S: this,
1562
1580
  A: [
1563
1581
  "!this._remoteOptions",
@@ -1584,7 +1602,7 @@ var InvitationGuestExtension = class extends RpcExtension {
1584
1602
  try {
1585
1603
  log4("begin options", void 0, {
1586
1604
  F: __dxlog_file6,
1587
- L: 260,
1605
+ L: 287,
1588
1606
  S: this,
1589
1607
  C: (f, a) => f(...a)
1590
1608
  });
@@ -1596,7 +1614,7 @@ var InvitationGuestExtension = class extends RpcExtension {
1596
1614
  }));
1597
1615
  log4("end options", void 0, {
1598
1616
  F: __dxlog_file6,
1599
- L: 263,
1617
+ L: 290,
1600
1618
  S: this,
1601
1619
  C: (f, a) => f(...a)
1602
1620
  });
@@ -1610,7 +1628,7 @@ var InvitationGuestExtension = class extends RpcExtension {
1610
1628
  } catch (err) {
1611
1629
  log4("openError", err, {
1612
1630
  F: __dxlog_file6,
1613
- L: 273,
1631
+ L: 300,
1614
1632
  S: this,
1615
1633
  C: (f, a) => f(...a)
1616
1634
  });
@@ -1620,7 +1638,7 @@ var InvitationGuestExtension = class extends RpcExtension {
1620
1638
  async onClose() {
1621
1639
  log4("onClose", void 0, {
1622
1640
  F: __dxlog_file6,
1623
- L: 279,
1641
+ L: 306,
1624
1642
  S: this,
1625
1643
  C: (f, a) => f(...a)
1626
1644
  });
@@ -1639,11 +1657,11 @@ var InvitationsHandler = class {
1639
1657
  this._networkManager = _networkManager;
1640
1658
  }
1641
1659
  createInvitation(protocol, options) {
1642
- const { invitationId = PublicKey6.random().toHex(), type = Invitation3.Type.INTERACTIVE, authMethod = Invitation3.AuthMethod.SHARED_SECRET, state = Invitation3.State.INIT, timeout = INVITATION_TIMEOUT, swarmKey = PublicKey6.random(), persistent = true, created = /* @__PURE__ */ new Date(), lifetime = 86400, multiUse = false } = options ?? {};
1660
+ const { invitationId = PublicKey6.random().toHex(), type = Invitation3.Type.INTERACTIVE, authMethod = Invitation3.AuthMethod.SHARED_SECRET, state = Invitation3.State.INIT, timeout = INVITATION_TIMEOUT, swarmKey = PublicKey6.random(), persistent = options?.authMethod !== Invitation3.AuthMethod.KNOWN_PUBLIC_KEY, created = /* @__PURE__ */ new Date(), guestKeypair = void 0, lifetime = 86400, multiUse = false } = options ?? {};
1643
1661
  const authCode = options?.authCode ?? (authMethod === Invitation3.AuthMethod.SHARED_SECRET ? generatePasscode(AUTHENTICATION_CODE_LENGTH) : void 0);
1644
1662
  invariant6(protocol, void 0, {
1645
1663
  F: __dxlog_file7,
1646
- L: 85,
1664
+ L: 87,
1647
1665
  S: this,
1648
1666
  A: [
1649
1667
  "protocol",
@@ -1658,7 +1676,8 @@ var InvitationsHandler = class {
1658
1676
  swarmKey,
1659
1677
  authCode,
1660
1678
  timeout,
1661
- persistent: persistent && type !== Invitation3.Type.OFFLINE,
1679
+ persistent: persistent && type !== Invitation3.Type.DELEGATED,
1680
+ guestKeypair: guestKeypair ?? (authMethod === Invitation3.AuthMethod.KNOWN_PUBLIC_KEY ? createAdmissionKeypair() : void 0),
1662
1681
  created,
1663
1682
  lifetime,
1664
1683
  multiUse,
@@ -1676,7 +1695,7 @@ var InvitationsHandler = class {
1676
1695
  ...protocol.toJSON()
1677
1696
  }, {
1678
1697
  F: __dxlog_file7,
1679
- L: 111,
1698
+ L: 115,
1680
1699
  S: this,
1681
1700
  C: (f, a) => f(...a)
1682
1701
  });
@@ -1701,7 +1720,7 @@ var InvitationsHandler = class {
1701
1720
  const deviceKey = admissionRequest.device?.deviceKey ?? admissionRequest.space?.deviceKey;
1702
1721
  invariant6(deviceKey, void 0, {
1703
1722
  F: __dxlog_file7,
1704
- L: 132,
1723
+ L: 136,
1705
1724
  S: this,
1706
1725
  A: [
1707
1726
  "deviceKey",
@@ -1724,7 +1743,7 @@ var InvitationsHandler = class {
1724
1743
  id: traceId
1725
1744
  }), {
1726
1745
  F: __dxlog_file7,
1727
- L: 150,
1746
+ L: 154,
1728
1747
  S: this,
1729
1748
  C: (f, a) => f(...a)
1730
1749
  });
@@ -1732,7 +1751,7 @@ var InvitationsHandler = class {
1732
1751
  ...protocol.toJSON()
1733
1752
  }, {
1734
1753
  F: __dxlog_file7,
1735
- L: 151,
1754
+ L: 155,
1736
1755
  S: this,
1737
1756
  C: (f, a) => f(...a)
1738
1757
  });
@@ -1748,7 +1767,7 @@ var InvitationsHandler = class {
1748
1767
  ...protocol.toJSON()
1749
1768
  }, {
1750
1769
  F: __dxlog_file7,
1751
- L: 154,
1770
+ L: 158,
1752
1771
  S: this,
1753
1772
  C: (f, a) => f(...a)
1754
1773
  });
@@ -1760,7 +1779,7 @@ var InvitationsHandler = class {
1760
1779
  id: traceId
1761
1780
  }), {
1762
1781
  F: __dxlog_file7,
1763
- L: 156,
1782
+ L: 160,
1764
1783
  S: this,
1765
1784
  C: (f, a) => f(...a)
1766
1785
  });
@@ -1770,7 +1789,7 @@ var InvitationsHandler = class {
1770
1789
  ...protocol.toJSON()
1771
1790
  }, {
1772
1791
  F: __dxlog_file7,
1773
- L: 159,
1792
+ L: 163,
1774
1793
  S: this,
1775
1794
  C: (f, a) => f(...a)
1776
1795
  });
@@ -1781,7 +1800,7 @@ var InvitationsHandler = class {
1781
1800
  } else {
1782
1801
  log5.error("failed", err, {
1783
1802
  F: __dxlog_file7,
1784
- L: 162,
1803
+ L: 166,
1785
1804
  S: this,
1786
1805
  C: (f, a) => f(...a)
1787
1806
  });
@@ -1792,7 +1811,7 @@ var InvitationsHandler = class {
1792
1811
  error: err
1793
1812
  }), {
1794
1813
  F: __dxlog_file7,
1795
- L: 165,
1814
+ L: 169,
1796
1815
  S: this,
1797
1816
  C: (f, a) => f(...a)
1798
1817
  });
@@ -1813,7 +1832,7 @@ var InvitationsHandler = class {
1813
1832
  ...protocol.toJSON()
1814
1833
  }, {
1815
1834
  F: __dxlog_file7,
1816
- L: 180,
1835
+ L: 184,
1817
1836
  S: this,
1818
1837
  C: (f, a) => f(...a)
1819
1838
  });
@@ -1824,7 +1843,7 @@ var InvitationsHandler = class {
1824
1843
  } else {
1825
1844
  log5.error("failed", err, {
1826
1845
  F: __dxlog_file7,
1827
- L: 183,
1846
+ L: 187,
1828
1847
  S: this,
1829
1848
  C: (f, a) => f(...a)
1830
1849
  });
@@ -1838,7 +1857,7 @@ var InvitationsHandler = class {
1838
1857
  if (invitation.created.getTime() + invitation.lifetime * 1e3 < Date.now()) {
1839
1858
  log5.warn("invitation has already expired", void 0, {
1840
1859
  F: __dxlog_file7,
1841
- L: 194,
1860
+ L: 198,
1842
1861
  S: this,
1843
1862
  C: (f, a) => f(...a)
1844
1863
  });
@@ -1889,7 +1908,7 @@ var InvitationsHandler = class {
1889
1908
  const { timeout = INVITATION_TIMEOUT } = invitation;
1890
1909
  invariant6(protocol, void 0, {
1891
1910
  F: __dxlog_file7,
1892
- L: 248,
1911
+ L: 252,
1893
1912
  S: this,
1894
1913
  A: [
1895
1914
  "protocol",
@@ -1899,7 +1918,7 @@ var InvitationsHandler = class {
1899
1918
  if (deviceProfile) {
1900
1919
  invariant6(invitation.kind === Invitation3.Kind.DEVICE, "deviceProfile provided for non-device invitation", {
1901
1920
  F: __dxlog_file7,
1902
- L: 252,
1921
+ L: 256,
1903
1922
  S: this,
1904
1923
  A: [
1905
1924
  "invitation.kind === Invitation.Kind.DEVICE",
@@ -1914,7 +1933,7 @@ var InvitationsHandler = class {
1914
1933
  const setState = (newData) => {
1915
1934
  invariant6(newData.state !== void 0, void 0, {
1916
1935
  F: __dxlog_file7,
1917
- L: 263,
1936
+ L: 267,
1918
1937
  S: this,
1919
1938
  A: [
1920
1939
  "newData.state !== undefined",
@@ -1934,7 +1953,7 @@ var InvitationsHandler = class {
1934
1953
  ...protocol.toJSON()
1935
1954
  }, {
1936
1955
  F: __dxlog_file7,
1937
- L: 271,
1956
+ L: 275,
1938
1957
  S: this,
1939
1958
  C: (f, a) => f(...a)
1940
1959
  });
@@ -1944,7 +1963,7 @@ var InvitationsHandler = class {
1944
1963
  } else {
1945
1964
  log5.warn("auth failed", err, {
1946
1965
  F: __dxlog_file7,
1947
- L: 274,
1966
+ L: 278,
1948
1967
  S: this,
1949
1968
  C: (f, a) => f(...a)
1950
1969
  });
@@ -1958,7 +1977,7 @@ var InvitationsHandler = class {
1958
1977
  ...protocol.toJSON()
1959
1978
  }, {
1960
1979
  F: __dxlog_file7,
1961
- L: 282,
1980
+ L: 286,
1962
1981
  S: this,
1963
1982
  C: (f, a) => f(...a)
1964
1983
  });
@@ -1973,7 +1992,7 @@ var InvitationsHandler = class {
1973
1992
  currentState
1974
1993
  }, {
1975
1994
  F: __dxlog_file7,
1976
- L: 292,
1995
+ L: 296,
1977
1996
  S: this,
1978
1997
  C: (f, a) => f(...a)
1979
1998
  });
@@ -1988,7 +2007,7 @@ var InvitationsHandler = class {
1988
2007
  id: traceId
1989
2008
  }), {
1990
2009
  F: __dxlog_file7,
1991
- L: 301,
2010
+ L: 305,
1992
2011
  S: this,
1993
2012
  C: (f, a) => f(...a)
1994
2013
  });
@@ -2000,7 +2019,7 @@ var InvitationsHandler = class {
2000
2019
  ...protocol.toJSON()
2001
2020
  }, {
2002
2021
  F: __dxlog_file7,
2003
- L: 309,
2022
+ L: 313,
2004
2023
  S: this,
2005
2024
  C: (f, a) => f(...a)
2006
2025
  });
@@ -2011,7 +2030,7 @@ var InvitationsHandler = class {
2011
2030
  ...protocol.toJSON()
2012
2031
  }, {
2013
2032
  F: __dxlog_file7,
2014
- L: 313,
2033
+ L: 317,
2015
2034
  S: this,
2016
2035
  C: (f, a) => f(...a)
2017
2036
  });
@@ -2021,62 +2040,28 @@ var InvitationsHandler = class {
2021
2040
  response: introductionResponse
2022
2041
  }, {
2023
2042
  F: __dxlog_file7,
2024
- L: 317,
2043
+ L: 321,
2025
2044
  S: this,
2026
2045
  C: (f, a) => f(...a)
2027
2046
  });
2028
2047
  invitation.authMethod = introductionResponse.authMethod;
2029
2048
  if (isAuthenticationRequired(invitation)) {
2030
- for (let attempt = 1; attempt <= MAX_OTP_ATTEMPTS; attempt++) {
2031
- log5("guest waiting for authentication code...", void 0, {
2032
- F: __dxlog_file7,
2033
- L: 323,
2034
- S: this,
2035
- C: (f, a) => f(...a)
2036
- });
2037
- setState({
2038
- state: Invitation3.State.READY_FOR_AUTHENTICATION
2039
- });
2040
- const authCode = await authenticated.wait({
2041
- timeout
2042
- });
2043
- log5("sending authentication request", void 0, {
2044
- F: __dxlog_file7,
2045
- L: 327,
2046
- S: this,
2047
- C: (f, a) => f(...a)
2048
- });
2049
- setState({
2050
- state: Invitation3.State.AUTHENTICATING
2051
- });
2052
- const response = await extension.rpc.InvitationHostService.authenticate({
2053
- authCode
2054
- });
2055
- if (response.status === void 0 || response.status === AuthenticationResponse2.Status.OK) {
2049
+ switch (invitation.authMethod) {
2050
+ case Invitation3.AuthMethod.SHARED_SECRET:
2051
+ await this._handleGuestOtpAuth(extension, setState, authenticated, {
2052
+ timeout
2053
+ });
2054
+ break;
2055
+ case Invitation3.AuthMethod.KNOWN_PUBLIC_KEY:
2056
+ await this._handleGuestKpkAuth(extension, setState, invitation, introductionResponse);
2056
2057
  break;
2057
- }
2058
- if (response.status === AuthenticationResponse2.Status.INVALID_OTP) {
2059
- if (attempt === MAX_OTP_ATTEMPTS) {
2060
- throw new Error(`Maximum retry attempts: ${MAX_OTP_ATTEMPTS}`);
2061
- } else {
2062
- log5("retrying invalid code", {
2063
- attempt
2064
- }, {
2065
- F: __dxlog_file7,
2066
- L: 338,
2067
- S: this,
2068
- C: (f, a) => f(...a)
2069
- });
2070
- authenticated.reset();
2071
- }
2072
- }
2073
2058
  }
2074
2059
  }
2075
2060
  log5("request admission", {
2076
2061
  ...protocol.toJSON()
2077
2062
  }, {
2078
2063
  F: __dxlog_file7,
2079
- L: 346,
2064
+ L: 337,
2080
2065
  S: this,
2081
2066
  C: (f, a) => f(...a)
2082
2067
  });
@@ -2088,7 +2073,7 @@ var InvitationsHandler = class {
2088
2073
  ...protocol.toJSON()
2089
2074
  }, {
2090
2075
  F: __dxlog_file7,
2091
- L: 357,
2076
+ L: 348,
2092
2077
  S: this,
2093
2078
  C: (f, a) => f(...a)
2094
2079
  });
@@ -2101,7 +2086,7 @@ var InvitationsHandler = class {
2101
2086
  id: traceId
2102
2087
  }), {
2103
2088
  F: __dxlog_file7,
2104
- L: 359,
2089
+ L: 350,
2105
2090
  S: this,
2106
2091
  C: (f, a) => f(...a)
2107
2092
  });
@@ -2111,7 +2096,7 @@ var InvitationsHandler = class {
2111
2096
  ...protocol.toJSON()
2112
2097
  }, {
2113
2098
  F: __dxlog_file7,
2114
- L: 362,
2099
+ L: 353,
2115
2100
  S: this,
2116
2101
  C: (f, a) => f(...a)
2117
2102
  });
@@ -2121,7 +2106,7 @@ var InvitationsHandler = class {
2121
2106
  } else {
2122
2107
  log5("auth failed", err, {
2123
2108
  F: __dxlog_file7,
2124
- L: 365,
2109
+ L: 356,
2125
2110
  S: this,
2126
2111
  C: (f, a) => f(...a)
2127
2112
  });
@@ -2132,7 +2117,7 @@ var InvitationsHandler = class {
2132
2117
  error: err
2133
2118
  }), {
2134
2119
  F: __dxlog_file7,
2135
- L: 368,
2120
+ L: 359,
2136
2121
  S: this,
2137
2122
  C: (f, a) => f(...a)
2138
2123
  });
@@ -2150,7 +2135,7 @@ var InvitationsHandler = class {
2150
2135
  ...protocol.toJSON()
2151
2136
  }, {
2152
2137
  F: __dxlog_file7,
2153
- L: 379,
2138
+ L: 370,
2154
2139
  S: this,
2155
2140
  C: (f, a) => f(...a)
2156
2141
  });
@@ -2160,7 +2145,7 @@ var InvitationsHandler = class {
2160
2145
  } else {
2161
2146
  log5("auth failed", err, {
2162
2147
  F: __dxlog_file7,
2163
- L: 382,
2148
+ L: 373,
2164
2149
  S: this,
2165
2150
  C: (f, a) => f(...a)
2166
2151
  });
@@ -2177,7 +2162,7 @@ var InvitationsHandler = class {
2177
2162
  } else {
2178
2163
  invariant6(invitation.swarmKey, void 0, {
2179
2164
  F: __dxlog_file7,
2180
- L: 396,
2165
+ L: 387,
2181
2166
  S: this,
2182
2167
  A: [
2183
2168
  "invitation.swarmKey",
@@ -2215,6 +2200,81 @@ var InvitationsHandler = class {
2215
2200
  });
2216
2201
  return observable;
2217
2202
  }
2203
+ async _handleGuestOtpAuth(extension, setState, authenticated, options) {
2204
+ for (let attempt = 1; attempt <= MAX_OTP_ATTEMPTS; attempt++) {
2205
+ log5("guest waiting for authentication code...", void 0, {
2206
+ F: __dxlog_file7,
2207
+ L: 427,
2208
+ S: this,
2209
+ C: (f, a) => f(...a)
2210
+ });
2211
+ setState({
2212
+ state: Invitation3.State.READY_FOR_AUTHENTICATION
2213
+ });
2214
+ const authCode = await authenticated.wait(options);
2215
+ log5("sending authentication request", void 0, {
2216
+ F: __dxlog_file7,
2217
+ L: 431,
2218
+ S: this,
2219
+ C: (f, a) => f(...a)
2220
+ });
2221
+ setState({
2222
+ state: Invitation3.State.AUTHENTICATING
2223
+ });
2224
+ const response = await extension.rpc.InvitationHostService.authenticate({
2225
+ authCode
2226
+ });
2227
+ if (response.status === void 0 || response.status === AuthenticationResponse2.Status.OK) {
2228
+ break;
2229
+ }
2230
+ if (response.status === AuthenticationResponse2.Status.INVALID_OTP) {
2231
+ if (attempt === MAX_OTP_ATTEMPTS) {
2232
+ throw new Error(`Maximum retry attempts: ${MAX_OTP_ATTEMPTS}`);
2233
+ } else {
2234
+ log5("retrying invalid code", {
2235
+ attempt
2236
+ }, {
2237
+ F: __dxlog_file7,
2238
+ L: 442,
2239
+ S: this,
2240
+ C: (f, a) => f(...a)
2241
+ });
2242
+ authenticated.reset();
2243
+ }
2244
+ }
2245
+ }
2246
+ }
2247
+ async _handleGuestKpkAuth(extension, setState, invitation, introductionResponse) {
2248
+ if (invitation.guestKeypair?.privateKey == null) {
2249
+ throw new Error("keypair missing in the invitation");
2250
+ }
2251
+ if (introductionResponse.challenge == null) {
2252
+ throw new Error("challenge missing in the introduction");
2253
+ }
2254
+ log5("sending authentication request", void 0, {
2255
+ F: __dxlog_file7,
2256
+ L: 461,
2257
+ S: this,
2258
+ C: (f, a) => f(...a)
2259
+ });
2260
+ setState({
2261
+ state: Invitation3.State.AUTHENTICATING
2262
+ });
2263
+ const signature = sign(Buffer.from(introductionResponse.challenge), invitation.guestKeypair.privateKey);
2264
+ const response = await extension.rpc.InvitationHostService.authenticate({
2265
+ signedChallenge: signature
2266
+ });
2267
+ if (response.status !== AuthenticationResponse2.Status.OK) {
2268
+ throw new Error(`Authentication failed with code: ${response.status}`);
2269
+ }
2270
+ }
2271
+ };
2272
+ var createAdmissionKeypair = () => {
2273
+ const keypair = createKeyPair();
2274
+ return {
2275
+ publicKey: PublicKey6.from(keypair.publicKey),
2276
+ privateKey: keypair.secretKey
2277
+ };
2218
2278
  };
2219
2279
 
2220
2280
  // packages/sdk/client-services/src/packlets/invitations/invitations-service.ts
@@ -4240,7 +4300,7 @@ import { getCredentialAssertion as getCredentialAssertion3 } from "@dxos/credent
4240
4300
  import { failUndefined as failUndefined2 } from "@dxos/debug";
4241
4301
  import { AutomergeHost, MetadataStore, SnapshotStore, SpaceManager, valueEncoding } from "@dxos/echo-pipeline";
4242
4302
  import { FeedFactory, FeedStore } from "@dxos/feed-store";
4243
- import { IndexMetadataStore, IndexStore, Indexer } from "@dxos/indexing";
4303
+ import { IndexMetadataStore, IndexStore, Indexer, createStorageCallbacks } from "@dxos/indexing";
4244
4304
  import { invariant as invariant13 } from "@dxos/invariant";
4245
4305
  import { Keyring } from "@dxos/keyring";
4246
4306
  import { PublicKey as PublicKey10 } from "@dxos/keys";
@@ -4381,11 +4441,14 @@ var ServiceContext = class extends Resource {
4381
4441
  this.automergeHost = new AutomergeHost({
4382
4442
  directory: storage.createDirectory("automerge"),
4383
4443
  db: level.sublevel("automerge"),
4384
- metadata: this.indexMetadata
4444
+ storageCallbacks: createStorageCallbacks({
4445
+ host: () => this.automergeHost,
4446
+ metadata: this.indexMetadata
4447
+ })
4385
4448
  });
4386
4449
  this.indexer = new Indexer({
4387
4450
  indexStore: new IndexStore({
4388
- directory: storage.createDirectory("index-store")
4451
+ db: level.sublevel("index-store")
4389
4452
  }),
4390
4453
  metadataStore: this.indexMetadata,
4391
4454
  loadDocuments: createSelectedDocumentsIterator(this.automergeHost),
@@ -4635,7 +4698,7 @@ import { SpaceMember as SpaceMember3 } from "@dxos/protocols/proto/dxos/client/s
4635
4698
  import { TRACE_PROCESSOR } from "@dxos/tracing";
4636
4699
 
4637
4700
  // packages/sdk/client-services/src/version.ts
4638
- var DXOS_VERSION = "0.4.10-main.572d54f";
4701
+ var DXOS_VERSION = "0.4.10-main.60c7894";
4639
4702
 
4640
4703
  // packages/sdk/client-services/src/packlets/services/platform.ts
4641
4704
  import { Platform } from "@dxos/protocols/proto/dxos/client/services";
@@ -4880,7 +4943,7 @@ import { Event as Event9, synchronized as synchronized3 } from "@dxos/async";
4880
4943
  import { clientServiceBundle, defaultKey, Properties } from "@dxos/client-protocol";
4881
4944
  import { Context as Context11 } from "@dxos/context";
4882
4945
  import { DataServiceImpl, encodeReference } from "@dxos/echo-pipeline";
4883
- import * as E from "@dxos/echo-schema";
4946
+ import { getTypeReference } from "@dxos/echo-schema";
4884
4947
  import { IndexServiceImpl } from "@dxos/indexing";
4885
4948
  import { invariant as invariant16 } from "@dxos/invariant";
4886
4949
  import { PublicKey as PublicKey13 } from "@dxos/keys";
@@ -5773,7 +5836,7 @@ var ClientServicesHost = class {
5773
5836
  await document.whenReady();
5774
5837
  const properties = {
5775
5838
  system: {
5776
- type: encodeReference(E.getTypeReference(Properties))
5839
+ type: encodeReference(getTypeReference(Properties))
5777
5840
  },
5778
5841
  data: {
5779
5842
  [defaultKey]: identity.identityKey.toHex()
@@ -5868,6 +5931,7 @@ export {
5868
5931
  IdentityServiceImpl,
5869
5932
  DeviceInvitationProtocol,
5870
5933
  InvitationsHandler,
5934
+ createAdmissionKeypair,
5871
5935
  InvitationsServiceImpl,
5872
5936
  SpaceInvitationProtocol,
5873
5937
  ClientRpcServer,
@@ -5887,4 +5951,4 @@ export {
5887
5951
  ClientServicesHost,
5888
5952
  ClientServicesProviderResource
5889
5953
  };
5890
- //# sourceMappingURL=chunk-EHOUJRFC.mjs.map
5954
+ //# sourceMappingURL=chunk-I6CHB7LS.mjs.map