@dxos/client-services 0.7.5-main.9d2a38b → 0.7.5-main.e94eead
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/browser/{chunk-RFZHCLFI.mjs → chunk-5QA4IAAU.mjs} +262 -181
- package/dist/lib/browser/chunk-5QA4IAAU.mjs.map +7 -0
- package/dist/lib/browser/index.mjs +1 -1
- package/dist/lib/browser/meta.json +1 -1
- package/dist/lib/browser/testing/index.mjs +1 -1
- package/dist/lib/node/{chunk-WCTGAZLA.cjs → chunk-FQ5WZIGO.cjs} +255 -174
- package/dist/lib/node/chunk-FQ5WZIGO.cjs.map +7 -0
- package/dist/lib/node/index.cjs +47 -47
- package/dist/lib/node/meta.json +1 -1
- package/dist/lib/node/testing/index.cjs +8 -8
- package/dist/lib/node-esm/{chunk-RSOLUJE6.mjs → chunk-YAOQ7FPR.mjs} +262 -181
- package/dist/lib/node-esm/chunk-YAOQ7FPR.mjs.map +7 -0
- package/dist/lib/node-esm/index.mjs +1 -1
- package/dist/lib/node-esm/meta.json +1 -1
- package/dist/lib/node-esm/testing/index.mjs +1 -1
- package/dist/types/src/packlets/agents/edge-agent-manager.d.ts.map +1 -1
- package/dist/types/src/packlets/diagnostics/diagnostics-collector.d.ts.map +1 -1
- package/dist/types/src/packlets/diagnostics/diagnostics.d.ts.map +1 -1
- package/dist/types/src/packlets/identity/identity-manager.d.ts +0 -3
- package/dist/types/src/packlets/identity/identity-manager.d.ts.map +1 -1
- package/dist/types/src/packlets/identity/identity-recovery-manager.d.ts +12 -4
- package/dist/types/src/packlets/identity/identity-recovery-manager.d.ts.map +1 -1
- package/dist/types/src/packlets/identity/identity-service.d.ts +8 -3
- package/dist/types/src/packlets/identity/identity-service.d.ts.map +1 -1
- package/dist/types/src/packlets/identity/identity.d.ts +3 -1
- package/dist/types/src/packlets/identity/identity.d.ts.map +1 -1
- package/dist/types/src/packlets/invitations/invitations-handler.d.ts.map +1 -1
- package/dist/types/src/packlets/invitations/space-invitation-protocol.d.ts.map +1 -1
- package/dist/types/src/packlets/invitations/utils.d.ts +1 -0
- package/dist/types/src/packlets/invitations/utils.d.ts.map +1 -1
- package/dist/types/src/packlets/services/service-host.d.ts +1 -1
- package/dist/types/src/packlets/services/service-host.d.ts.map +1 -1
- package/dist/types/src/packlets/spaces/spaces-service.d.ts.map +1 -1
- package/dist/types/src/version.d.ts +1 -1
- package/package.json +39 -38
- package/src/packlets/agents/edge-agent-manager.ts +6 -0
- package/src/packlets/diagnostics/diagnostics-collector.ts +2 -2
- package/src/packlets/diagnostics/diagnostics.ts +17 -13
- package/src/packlets/identity/identity-manager.ts +3 -29
- package/src/packlets/identity/identity-recovery-manager.ts +95 -10
- package/src/packlets/identity/identity-service.ts +16 -3
- package/src/packlets/identity/identity.test.ts +2 -1
- package/src/packlets/identity/identity.ts +4 -1
- package/src/packlets/invitations/invitations-handler.ts +15 -6
- package/src/packlets/invitations/invitations-manager.ts +1 -1
- package/src/packlets/invitations/space-invitation-protocol.ts +2 -3
- package/src/packlets/invitations/utils.ts +7 -0
- package/src/packlets/spaces/data-space-manager.ts +3 -3
- package/src/packlets/spaces/data-space.ts +2 -2
- package/src/packlets/spaces/edge-feed-replicator.ts +8 -8
- package/src/packlets/spaces/spaces-service.ts +30 -20
- package/src/version.ts +1 -1
- package/dist/lib/browser/chunk-RFZHCLFI.mjs.map +0 -7
- package/dist/lib/node/chunk-WCTGAZLA.cjs.map +0 -7
- package/dist/lib/node-esm/chunk-RSOLUJE6.mjs.map +0 -7
|
@@ -390,14 +390,14 @@ var DevtoolsServiceImpl = class {
|
|
|
390
390
|
// packages/sdk/client-services/src/packlets/diagnostics/diagnostics.ts
|
|
391
391
|
import { asyncTimeout } from "@dxos/async";
|
|
392
392
|
import { getFirstStreamValue } from "@dxos/codec-protobuf";
|
|
393
|
-
import { credentialTypeFilter } from "@dxos/credentials";
|
|
393
|
+
import { createDidFromIdentityKey, credentialTypeFilter } from "@dxos/credentials";
|
|
394
394
|
import { invariant } from "@dxos/invariant";
|
|
395
395
|
import { STORAGE_VERSION } from "@dxos/protocols";
|
|
396
396
|
import { SpaceMember } from "@dxos/protocols/proto/dxos/client/services";
|
|
397
397
|
import { TRACE_PROCESSOR } from "@dxos/tracing";
|
|
398
398
|
|
|
399
399
|
// packages/sdk/client-services/src/version.ts
|
|
400
|
-
var DXOS_VERSION = "0.7.5-main.
|
|
400
|
+
var DXOS_VERSION = "0.7.5-main.e94eead";
|
|
401
401
|
|
|
402
402
|
// packages/sdk/client-services/src/packlets/services/platform.ts
|
|
403
403
|
import { Platform } from "@dxos/protocols/proto/dxos/client/services";
|
|
@@ -466,6 +466,7 @@ var createDiagnostics = async (clientServices, serviceContext, config) => {
|
|
|
466
466
|
const identity = serviceContext.identityManager.identity;
|
|
467
467
|
if (identity) {
|
|
468
468
|
diagnostics.identity = {
|
|
469
|
+
did: identity.did,
|
|
469
470
|
identityKey: identity.identityKey,
|
|
470
471
|
spaceKey: identity.space.key,
|
|
471
472
|
profile: identity.profileDocument
|
|
@@ -504,16 +505,17 @@ var getSpaceStats = async (space) => {
|
|
|
504
505
|
...credential.subject.assertion,
|
|
505
506
|
id: credential.id
|
|
506
507
|
})),
|
|
507
|
-
members: Array.from(space.inner.spaceState.members.values()).map((member) => ({
|
|
508
|
+
members: await Promise.all(Array.from(space.inner.spaceState.members.values()).map(async (member) => ({
|
|
508
509
|
role: member.role,
|
|
509
510
|
identity: {
|
|
511
|
+
did: await createDidFromIdentityKey(member.key),
|
|
510
512
|
identityKey: member.key,
|
|
511
513
|
profile: {
|
|
512
514
|
displayName: member.assertion.profile?.displayName
|
|
513
515
|
}
|
|
514
516
|
},
|
|
515
517
|
presence: space.presence.getPeersOnline().filter(({ identityKey }) => identityKey.equals(member.key)).length > 0 ? SpaceMember.PresenceState.ONLINE : SpaceMember.PresenceState.OFFLINE
|
|
516
|
-
})),
|
|
518
|
+
}))),
|
|
517
519
|
pipeline: {
|
|
518
520
|
// TODO(burdon): Pick properties from credentials if needed.
|
|
519
521
|
currentEpoch: space.automergeSpaceState.lastEpoch,
|
|
@@ -569,7 +571,7 @@ import { ClientServicesProviderResource } from "@dxos/client-protocol";
|
|
|
569
571
|
import { ConfigResource } from "@dxos/config";
|
|
570
572
|
import { GetDiagnosticsRequest } from "@dxos/protocols/proto/dxos/client/services";
|
|
571
573
|
import { TRACE_PROCESSOR as TRACE_PROCESSOR2 } from "@dxos/tracing";
|
|
572
|
-
import { jsonKeyReplacer,
|
|
574
|
+
import { jsonKeyReplacer, isNonNullable } from "@dxos/util";
|
|
573
575
|
var GET_DIAGNOSTICS_RPC_TIMEOUT = 1e4;
|
|
574
576
|
var DiagnosticsCollector = class {
|
|
575
577
|
static {
|
|
@@ -602,7 +604,7 @@ var findSystemServiceProvider = () => {
|
|
|
602
604
|
};
|
|
603
605
|
var findConfigs = () => {
|
|
604
606
|
const configs = TRACE_PROCESSOR2.findResourcesByAnnotation(ConfigResource);
|
|
605
|
-
return configs.map((r) => r.instance.deref()).filter(
|
|
607
|
+
return configs.map((r) => r.instance.deref()).filter(isNonNullable);
|
|
606
608
|
};
|
|
607
609
|
|
|
608
610
|
// packages/sdk/client-services/src/packlets/identity/authenticator.ts
|
|
@@ -913,7 +915,7 @@ var EdgeFeedReplicator = class extends Resource {
|
|
|
913
915
|
this._remoteLength.clear();
|
|
914
916
|
}
|
|
915
917
|
async addFeed(feed) {
|
|
916
|
-
log3
|
|
918
|
+
log3("addFeed", {
|
|
917
919
|
key: feed.key,
|
|
918
920
|
connected: this._connected,
|
|
919
921
|
hasConnectionCtx: !!this._connectionCtx
|
|
@@ -950,7 +952,7 @@ var EdgeFeedReplicator = class extends Resource {
|
|
|
950
952
|
}
|
|
951
953
|
async _sendMessage(message) {
|
|
952
954
|
if (!this._connectionCtx) {
|
|
953
|
-
log3
|
|
955
|
+
log3("message dropped because connection was disposed", void 0, {
|
|
954
956
|
F: __dxlog_file5,
|
|
955
957
|
L: 146,
|
|
956
958
|
S: this,
|
|
@@ -959,7 +961,7 @@ var EdgeFeedReplicator = class extends Resource {
|
|
|
959
961
|
return;
|
|
960
962
|
}
|
|
961
963
|
if (message.type === "data") {
|
|
962
|
-
log3
|
|
964
|
+
log3("sending blocks", {
|
|
963
965
|
feedKey: message.feedKey,
|
|
964
966
|
blocks: message.blocks.map((b) => b.index)
|
|
965
967
|
}, {
|
|
@@ -1034,7 +1036,7 @@ var EdgeFeedReplicator = class extends Resource {
|
|
|
1034
1036
|
feedKey
|
|
1035
1037
|
};
|
|
1036
1038
|
if (message.length > feed.length) {
|
|
1037
|
-
log3
|
|
1039
|
+
log3("requesting missing blocks", logMeta, {
|
|
1038
1040
|
F: __dxlog_file5,
|
|
1039
1041
|
L: 194,
|
|
1040
1042
|
S: this,
|
|
@@ -1049,7 +1051,7 @@ var EdgeFeedReplicator = class extends Resource {
|
|
|
1049
1051
|
}
|
|
1050
1052
|
});
|
|
1051
1053
|
} else if (message.length < feed.length) {
|
|
1052
|
-
log3
|
|
1054
|
+
log3("pushing blocks to remote", logMeta, {
|
|
1053
1055
|
F: __dxlog_file5,
|
|
1054
1056
|
L: 202,
|
|
1055
1057
|
S: this,
|
|
@@ -1065,7 +1067,7 @@ var EdgeFeedReplicator = class extends Resource {
|
|
|
1065
1067
|
}
|
|
1066
1068
|
}
|
|
1067
1069
|
case "data": {
|
|
1068
|
-
log3
|
|
1070
|
+
log3("received data", {
|
|
1069
1071
|
feed: message.feedKey,
|
|
1070
1072
|
blocks: message.blocks.map((b) => b.index)
|
|
1071
1073
|
}, {
|
|
@@ -1104,7 +1106,7 @@ var EdgeFeedReplicator = class extends Resource {
|
|
|
1104
1106
|
});
|
|
1105
1107
|
}
|
|
1106
1108
|
async _pushBlocks(feed, from, to) {
|
|
1107
|
-
log3
|
|
1109
|
+
log3("pushing blocks", {
|
|
1108
1110
|
feed: feed.key.toHex(),
|
|
1109
1111
|
from,
|
|
1110
1112
|
to
|
|
@@ -1143,7 +1145,7 @@ var EdgeFeedReplicator = class extends Resource {
|
|
|
1143
1145
|
this._remoteLength.set(feed.key, to);
|
|
1144
1146
|
}
|
|
1145
1147
|
async _integrateBlocks(feed, blocks) {
|
|
1146
|
-
log3
|
|
1148
|
+
log3("integrating blocks", {
|
|
1147
1149
|
feed: feed.key.toHex(),
|
|
1148
1150
|
blocks: blocks.length
|
|
1149
1151
|
}, {
|
|
@@ -2450,7 +2452,7 @@ var DataSpaceManager = class extends Resource4 {
|
|
|
2450
2452
|
});
|
|
2451
2453
|
dataSpace.postOpen.append(async () => {
|
|
2452
2454
|
const setting = dataSpace.getEdgeReplicationSetting();
|
|
2453
|
-
if (setting === EdgeReplicationSetting.ENABLED) {
|
|
2455
|
+
if (!setting || setting === EdgeReplicationSetting.ENABLED) {
|
|
2454
2456
|
await this._echoEdgeReplicator?.connectToSpace(dataSpace.id);
|
|
2455
2457
|
} else if (this._echoEdgeReplicator) {
|
|
2456
2458
|
log6("not connecting EchoEdgeReplicator because of EdgeReplicationSetting", {
|
|
@@ -2465,7 +2467,7 @@ var DataSpaceManager = class extends Resource4 {
|
|
|
2465
2467
|
});
|
|
2466
2468
|
dataSpace.preClose.append(async () => {
|
|
2467
2469
|
const setting = dataSpace.getEdgeReplicationSetting();
|
|
2468
|
-
if (setting === EdgeReplicationSetting.ENABLED) {
|
|
2470
|
+
if (!setting || setting === EdgeReplicationSetting.ENABLED) {
|
|
2469
2471
|
await this._echoEdgeReplicator?.disconnectFromSpace(dataSpace.id);
|
|
2470
2472
|
}
|
|
2471
2473
|
});
|
|
@@ -2570,7 +2572,7 @@ var DataSpaceManager = class extends Resource4 {
|
|
|
2570
2572
|
guestKeypair: invitation.guestKey ? {
|
|
2571
2573
|
publicKey: invitation.guestKey
|
|
2572
2574
|
} : void 0,
|
|
2573
|
-
lifetime: invitation.expiresOn ? invitation.expiresOn.getTime() - Date.now() : void 0,
|
|
2575
|
+
lifetime: invitation.expiresOn ? (invitation.expiresOn.getTime() - Date.now()) / 1e3 : void 0,
|
|
2574
2576
|
multiUse: invitation.multiUse,
|
|
2575
2577
|
delegationCredentialId: credentialId,
|
|
2576
2578
|
persistent: false
|
|
@@ -2598,7 +2600,7 @@ DataSpaceManager = _ts_decorate3([
|
|
|
2598
2600
|
// packages/sdk/client-services/src/packlets/spaces/spaces-service.ts
|
|
2599
2601
|
import { EventSubscriptions as EventSubscriptions2, UpdateScheduler, scheduleTask as scheduleTask3 } from "@dxos/async";
|
|
2600
2602
|
import { Stream as Stream7 } from "@dxos/codec-protobuf/stream";
|
|
2601
|
-
import { createAdmissionCredentials as createAdmissionCredentials2, getCredentialAssertion as getCredentialAssertion3 } from "@dxos/credentials";
|
|
2603
|
+
import { createAdmissionCredentials as createAdmissionCredentials2, createDidFromIdentityKey as createDidFromIdentityKey2, getCredentialAssertion as getCredentialAssertion3 } from "@dxos/credentials";
|
|
2602
2604
|
import { raise } from "@dxos/debug";
|
|
2603
2605
|
import { writeMessages as writeMessages2 } from "@dxos/feed-store";
|
|
2604
2606
|
import { invariant as invariant6 } from "@dxos/invariant";
|
|
@@ -2654,7 +2656,7 @@ var SpacesServiceImpl = class {
|
|
|
2654
2656
|
const credentials = await createAdmissionCredentials2(identity.getIdentityCredentialSigner(), request.memberKey, space.key, space.genesisFeedKey, request.newRole, space.spaceState.membershipChainHeads);
|
|
2655
2657
|
invariant6(credentials[0].credential, void 0, {
|
|
2656
2658
|
F: __dxlog_file10,
|
|
2657
|
-
L:
|
|
2659
|
+
L: 111,
|
|
2658
2660
|
S: this,
|
|
2659
2661
|
A: [
|
|
2660
2662
|
"credentials[0].credential",
|
|
@@ -2664,7 +2666,7 @@ var SpacesServiceImpl = class {
|
|
|
2664
2666
|
const spaceMemberCredential = credentials[0].credential.credential;
|
|
2665
2667
|
invariant6(getCredentialAssertion3(spaceMemberCredential)["@type"] === "dxos.halo.credentials.SpaceMember", void 0, {
|
|
2666
2668
|
F: __dxlog_file10,
|
|
2667
|
-
L:
|
|
2669
|
+
L: 113,
|
|
2668
2670
|
S: this,
|
|
2669
2671
|
A: [
|
|
2670
2672
|
"getCredentialAssertion(spaceMemberCredential)['@type'] === 'dxos.halo.credentials.SpaceMember'",
|
|
@@ -2677,12 +2679,12 @@ var SpacesServiceImpl = class {
|
|
|
2677
2679
|
return new Stream7(({ next, ctx }) => {
|
|
2678
2680
|
const scheduler = new UpdateScheduler(ctx, async () => {
|
|
2679
2681
|
const dataSpaceManager = await this._getDataSpaceManager();
|
|
2680
|
-
const spaces = Array.from(dataSpaceManager.spaces.values()).map((space) => this._serializeSpace(space));
|
|
2682
|
+
const spaces = await Promise.all(Array.from(dataSpaceManager.spaces.values()).map((space) => this._serializeSpace(space)));
|
|
2681
2683
|
log7("update", () => ({
|
|
2682
2684
|
ids: spaces.map((space) => space.id)
|
|
2683
2685
|
}), {
|
|
2684
2686
|
F: __dxlog_file10,
|
|
2685
|
-
L:
|
|
2687
|
+
L: 126,
|
|
2686
2688
|
S: this,
|
|
2687
2689
|
C: (f, a) => f(...a)
|
|
2688
2690
|
});
|
|
@@ -2774,7 +2776,7 @@ var SpacesServiceImpl = class {
|
|
|
2774
2776
|
} else {
|
|
2775
2777
|
invariant6(!credential.id, "Id on unsigned credentials is not allowed", {
|
|
2776
2778
|
F: __dxlog_file10,
|
|
2777
|
-
L:
|
|
2779
|
+
L: 224,
|
|
2778
2780
|
S: this,
|
|
2779
2781
|
A: [
|
|
2780
2782
|
"!credential.id",
|
|
@@ -2783,7 +2785,7 @@ var SpacesServiceImpl = class {
|
|
|
2783
2785
|
});
|
|
2784
2786
|
invariant6(this._identityManager.identity, "Identity is not available", {
|
|
2785
2787
|
F: __dxlog_file10,
|
|
2786
|
-
L:
|
|
2788
|
+
L: 225,
|
|
2787
2789
|
S: this,
|
|
2788
2790
|
A: [
|
|
2789
2791
|
"this._identityManager.identity",
|
|
@@ -2793,7 +2795,7 @@ var SpacesServiceImpl = class {
|
|
|
2793
2795
|
const signer = this._identityManager.identity.getIdentityCredentialSigner();
|
|
2794
2796
|
invariant6(credential.issuer.equals(signer.getIssuer()), void 0, {
|
|
2795
2797
|
F: __dxlog_file10,
|
|
2796
|
-
L:
|
|
2798
|
+
L: 227,
|
|
2797
2799
|
S: this,
|
|
2798
2800
|
A: [
|
|
2799
2801
|
"credential.issuer.equals(signer.getIssuer())",
|
|
@@ -2843,7 +2845,7 @@ var SpacesServiceImpl = class {
|
|
|
2843
2845
|
const assertion = getCredentialAssertion3(credential);
|
|
2844
2846
|
invariant6(assertion["@type"] === "dxos.halo.credentials.SpaceMember", "Invalid credential", {
|
|
2845
2847
|
F: __dxlog_file10,
|
|
2846
|
-
L:
|
|
2848
|
+
L: 261,
|
|
2847
2849
|
S: this,
|
|
2848
2850
|
A: [
|
|
2849
2851
|
"assertion['@type'] === 'dxos.halo.credentials.SpaceMember'",
|
|
@@ -2853,7 +2855,7 @@ var SpacesServiceImpl = class {
|
|
|
2853
2855
|
const myIdentity = this._identityManager.identity;
|
|
2854
2856
|
invariant6(myIdentity && credential.subject.id.equals(myIdentity.identityKey), void 0, {
|
|
2855
2857
|
F: __dxlog_file10,
|
|
2856
|
-
L:
|
|
2858
|
+
L: 263,
|
|
2857
2859
|
S: this,
|
|
2858
2860
|
A: [
|
|
2859
2861
|
"myIdentity && credential.subject.id.equals(myIdentity.identityKey)",
|
|
@@ -2874,10 +2876,10 @@ var SpacesServiceImpl = class {
|
|
|
2874
2876
|
});
|
|
2875
2877
|
}
|
|
2876
2878
|
return {
|
|
2877
|
-
space: this._serializeSpace(dataSpace)
|
|
2879
|
+
space: await this._serializeSpace(dataSpace)
|
|
2878
2880
|
};
|
|
2879
2881
|
}
|
|
2880
|
-
_serializeSpace(space) {
|
|
2882
|
+
async _serializeSpace(space) {
|
|
2881
2883
|
return {
|
|
2882
2884
|
id: space.id,
|
|
2883
2885
|
spaceKey: space.key,
|
|
@@ -2897,7 +2899,7 @@ var SpacesServiceImpl = class {
|
|
|
2897
2899
|
totalDataTimeframe: void 0,
|
|
2898
2900
|
spaceRootUrl: space.databaseRoot?.url
|
|
2899
2901
|
},
|
|
2900
|
-
members: Array.from(space.inner.spaceState.members.values()).map((member) => {
|
|
2902
|
+
members: await Promise.all(Array.from(space.inner.spaceState.members.values()).map(async (member) => {
|
|
2901
2903
|
const peers = space.presence.getPeersOnline().filter(({ identityKey }) => identityKey.equals(member.key));
|
|
2902
2904
|
const isMe = this._identityManager.identity?.identityKey.equals(member.key);
|
|
2903
2905
|
if (isMe) {
|
|
@@ -2905,6 +2907,7 @@ var SpacesServiceImpl = class {
|
|
|
2905
2907
|
}
|
|
2906
2908
|
return {
|
|
2907
2909
|
identity: {
|
|
2910
|
+
did: await createDidFromIdentityKey2(member.key),
|
|
2908
2911
|
identityKey: member.key,
|
|
2909
2912
|
profile: member.profile ?? {}
|
|
2910
2913
|
},
|
|
@@ -2912,7 +2915,7 @@ var SpacesServiceImpl = class {
|
|
|
2912
2915
|
presence: peers.length > 0 ? SpaceMember4.PresenceState.ONLINE : SpaceMember4.PresenceState.OFFLINE,
|
|
2913
2916
|
peerStates: peers
|
|
2914
2917
|
};
|
|
2915
|
-
}),
|
|
2918
|
+
})),
|
|
2916
2919
|
creator: space.inner.spaceState.creator?.key,
|
|
2917
2920
|
cache: space.cache,
|
|
2918
2921
|
metrics: space.metrics,
|
|
@@ -2957,13 +2960,14 @@ var Identity = class {
|
|
|
2957
2960
|
this.space = params.space;
|
|
2958
2961
|
this._signer = params.signer;
|
|
2959
2962
|
this._presence = params.presence;
|
|
2963
|
+
this.did = params.did;
|
|
2960
2964
|
this.identityKey = params.identityKey;
|
|
2961
2965
|
this.deviceKey = params.deviceKey;
|
|
2962
2966
|
log8.trace("dxos.halo.device", {
|
|
2963
2967
|
deviceKey: params.deviceKey
|
|
2964
2968
|
}, {
|
|
2965
2969
|
F: __dxlog_file11,
|
|
2966
|
-
L:
|
|
2970
|
+
L: 82,
|
|
2967
2971
|
S: this,
|
|
2968
2972
|
C: (f, a) => f(...a)
|
|
2969
2973
|
});
|
|
@@ -3065,7 +3069,7 @@ var Identity = class {
|
|
|
3065
3069
|
getIdentityCredentialSigner() {
|
|
3066
3070
|
invariant7(this._deviceStateMachine.deviceCredentialChain, "Device credential chain is not ready.", {
|
|
3067
3071
|
F: __dxlog_file11,
|
|
3068
|
-
L:
|
|
3072
|
+
L: 198,
|
|
3069
3073
|
S: this,
|
|
3070
3074
|
A: [
|
|
3071
3075
|
"this._deviceStateMachine.deviceCredentialChain",
|
|
@@ -3109,7 +3113,7 @@ var Identity = class {
|
|
|
3109
3113
|
dataFeedKey
|
|
3110
3114
|
}, {
|
|
3111
3115
|
F: __dxlog_file11,
|
|
3112
|
-
L:
|
|
3116
|
+
L: 223,
|
|
3113
3117
|
S: this,
|
|
3114
3118
|
C: (f, a) => f(...a)
|
|
3115
3119
|
});
|
|
@@ -3166,7 +3170,7 @@ Identity = _ts_decorate4([
|
|
|
3166
3170
|
import platform from "platform";
|
|
3167
3171
|
import { Event as Event6 } from "@dxos/async";
|
|
3168
3172
|
import { Context as Context4 } from "@dxos/context";
|
|
3169
|
-
import { createCredentialSignerWithKey as createCredentialSignerWithKey2,
|
|
3173
|
+
import { createCredentialSignerWithKey as createCredentialSignerWithKey2, createDidFromIdentityKey as createDidFromIdentityKey3, CredentialGenerator } from "@dxos/credentials";
|
|
3170
3174
|
import { invariant as invariant8 } from "@dxos/invariant";
|
|
3171
3175
|
import { PublicKey as PublicKey7 } from "@dxos/keys";
|
|
3172
3176
|
import { log as log9 } from "@dxos/log";
|
|
@@ -3208,7 +3212,7 @@ var IdentityManager = class {
|
|
|
3208
3212
|
id: traceId
|
|
3209
3213
|
}), {
|
|
3210
3214
|
F: __dxlog_file12,
|
|
3211
|
-
L:
|
|
3215
|
+
L: 116,
|
|
3212
3216
|
S: this,
|
|
3213
3217
|
C: (f, a) => f(...a)
|
|
3214
3218
|
});
|
|
@@ -3217,7 +3221,7 @@ var IdentityManager = class {
|
|
|
3217
3221
|
identityRecord
|
|
3218
3222
|
}, {
|
|
3219
3223
|
F: __dxlog_file12,
|
|
3220
|
-
L:
|
|
3224
|
+
L: 119,
|
|
3221
3225
|
S: this,
|
|
3222
3226
|
C: (f, a) => f(...a)
|
|
3223
3227
|
});
|
|
@@ -3230,7 +3234,7 @@ var IdentityManager = class {
|
|
|
3230
3234
|
displayName: this._identity.profileDocument?.displayName
|
|
3231
3235
|
}, {
|
|
3232
3236
|
F: __dxlog_file12,
|
|
3233
|
-
L:
|
|
3237
|
+
L: 124,
|
|
3234
3238
|
S: this,
|
|
3235
3239
|
C: (f, a) => f(...a)
|
|
3236
3240
|
});
|
|
@@ -3240,7 +3244,7 @@ var IdentityManager = class {
|
|
|
3240
3244
|
id: traceId
|
|
3241
3245
|
}), {
|
|
3242
3246
|
F: __dxlog_file12,
|
|
3243
|
-
L:
|
|
3247
|
+
L: 131,
|
|
3244
3248
|
S: this,
|
|
3245
3249
|
C: (f, a) => f(...a)
|
|
3246
3250
|
});
|
|
@@ -3248,13 +3252,13 @@ var IdentityManager = class {
|
|
|
3248
3252
|
async close() {
|
|
3249
3253
|
await this._identity?.close(new Context4(void 0, {
|
|
3250
3254
|
F: __dxlog_file12,
|
|
3251
|
-
L:
|
|
3255
|
+
L: 135
|
|
3252
3256
|
}));
|
|
3253
3257
|
}
|
|
3254
3258
|
async createIdentity({ displayName, deviceProfile } = {}) {
|
|
3255
3259
|
invariant8(!this._identity, "Identity already exists.", {
|
|
3256
3260
|
F: __dxlog_file12,
|
|
3257
|
-
L:
|
|
3261
|
+
L: 140,
|
|
3258
3262
|
S: this,
|
|
3259
3263
|
A: [
|
|
3260
3264
|
"!this._identity",
|
|
@@ -3263,7 +3267,7 @@ var IdentityManager = class {
|
|
|
3263
3267
|
});
|
|
3264
3268
|
log9("creating identity...", void 0, {
|
|
3265
3269
|
F: __dxlog_file12,
|
|
3266
|
-
L:
|
|
3270
|
+
L: 141,
|
|
3267
3271
|
S: this,
|
|
3268
3272
|
C: (f, a) => f(...a)
|
|
3269
3273
|
});
|
|
@@ -3281,13 +3285,13 @@ var IdentityManager = class {
|
|
|
3281
3285
|
const identity = await this._constructIdentity(identityRecord);
|
|
3282
3286
|
await identity.open(new Context4(void 0, {
|
|
3283
3287
|
F: __dxlog_file12,
|
|
3284
|
-
L:
|
|
3288
|
+
L: 156
|
|
3285
3289
|
}));
|
|
3286
3290
|
{
|
|
3287
3291
|
const generator = new CredentialGenerator(this._keyring, identityRecord.identityKey, identityRecord.deviceKey);
|
|
3288
3292
|
invariant8(identityRecord.haloSpace.genesisFeedKey, "Genesis feed key is required.", {
|
|
3289
3293
|
F: __dxlog_file12,
|
|
3290
|
-
L:
|
|
3294
|
+
L: 160,
|
|
3291
3295
|
S: this,
|
|
3292
3296
|
A: [
|
|
3293
3297
|
"identityRecord.haloSpace.genesisFeedKey",
|
|
@@ -3296,7 +3300,7 @@ var IdentityManager = class {
|
|
|
3296
3300
|
});
|
|
3297
3301
|
invariant8(identityRecord.haloSpace.dataFeedKey, "Data feed key is required.", {
|
|
3298
3302
|
F: __dxlog_file12,
|
|
3299
|
-
L:
|
|
3303
|
+
L: 161,
|
|
3300
3304
|
S: this,
|
|
3301
3305
|
A: [
|
|
3302
3306
|
"identityRecord.haloSpace.dataFeedKey",
|
|
@@ -3335,7 +3339,7 @@ var IdentityManager = class {
|
|
|
3335
3339
|
displayName: this._identity.profileDocument?.displayName
|
|
3336
3340
|
}, {
|
|
3337
3341
|
F: __dxlog_file12,
|
|
3338
|
-
L:
|
|
3342
|
+
L: 199,
|
|
3339
3343
|
S: this,
|
|
3340
3344
|
C: (f, a) => f(...a)
|
|
3341
3345
|
});
|
|
@@ -3346,7 +3350,7 @@ var IdentityManager = class {
|
|
|
3346
3350
|
profile: identity.profileDocument
|
|
3347
3351
|
}, {
|
|
3348
3352
|
F: __dxlog_file12,
|
|
3349
|
-
L:
|
|
3353
|
+
L: 205,
|
|
3350
3354
|
S: this,
|
|
3351
3355
|
C: (f, a) => f(...a)
|
|
3352
3356
|
});
|
|
@@ -3383,13 +3387,13 @@ var IdentityManager = class {
|
|
|
3383
3387
|
params
|
|
3384
3388
|
}, {
|
|
3385
3389
|
F: __dxlog_file12,
|
|
3386
|
-
L:
|
|
3390
|
+
L: 244,
|
|
3387
3391
|
S: this,
|
|
3388
3392
|
C: (f, a) => f(...a)
|
|
3389
3393
|
});
|
|
3390
3394
|
invariant8(!this._identity, "Identity already exists.", {
|
|
3391
3395
|
F: __dxlog_file12,
|
|
3392
|
-
L:
|
|
3396
|
+
L: 245,
|
|
3393
3397
|
S: this,
|
|
3394
3398
|
A: [
|
|
3395
3399
|
"!this._identity",
|
|
@@ -3410,7 +3414,7 @@ var IdentityManager = class {
|
|
|
3410
3414
|
const identity = await this._constructIdentity(identityRecord);
|
|
3411
3415
|
await identity.open(new Context4(void 0, {
|
|
3412
3416
|
F: __dxlog_file12,
|
|
3413
|
-
L:
|
|
3417
|
+
L: 259
|
|
3414
3418
|
}));
|
|
3415
3419
|
return {
|
|
3416
3420
|
identity,
|
|
@@ -3429,7 +3433,7 @@ var IdentityManager = class {
|
|
|
3429
3433
|
displayName: this._identity.profileDocument?.displayName
|
|
3430
3434
|
}, {
|
|
3431
3435
|
F: __dxlog_file12,
|
|
3432
|
-
L:
|
|
3436
|
+
L: 273,
|
|
3433
3437
|
S: this,
|
|
3434
3438
|
C: (f, a) => f(...a)
|
|
3435
3439
|
});
|
|
@@ -3443,7 +3447,7 @@ var IdentityManager = class {
|
|
|
3443
3447
|
deviceKey: identity.deviceKey
|
|
3444
3448
|
}, {
|
|
3445
3449
|
F: __dxlog_file12,
|
|
3446
|
-
L:
|
|
3450
|
+
L: 284,
|
|
3447
3451
|
S: this,
|
|
3448
3452
|
C: (f, a) => f(...a)
|
|
3449
3453
|
});
|
|
@@ -3454,7 +3458,7 @@ var IdentityManager = class {
|
|
|
3454
3458
|
async updateProfile(profile) {
|
|
3455
3459
|
invariant8(this._identity, "Identity not initialized.", {
|
|
3456
3460
|
F: __dxlog_file12,
|
|
3457
|
-
L:
|
|
3461
|
+
L: 291,
|
|
3458
3462
|
S: this,
|
|
3459
3463
|
A: [
|
|
3460
3464
|
"this._identity",
|
|
@@ -3485,7 +3489,7 @@ var IdentityManager = class {
|
|
|
3485
3489
|
async updateDeviceProfile(profile) {
|
|
3486
3490
|
invariant8(this._identity, "Identity not initialized.", {
|
|
3487
3491
|
F: __dxlog_file12,
|
|
3488
|
-
L:
|
|
3492
|
+
L: 308,
|
|
3489
3493
|
S: this,
|
|
3490
3494
|
A: [
|
|
3491
3495
|
"this._identity",
|
|
@@ -3518,48 +3522,10 @@ var IdentityManager = class {
|
|
|
3518
3522
|
profile
|
|
3519
3523
|
};
|
|
3520
3524
|
}
|
|
3521
|
-
async createRecoveryPhrase() {
|
|
3522
|
-
const identity = this._identity;
|
|
3523
|
-
invariant8(identity, void 0, {
|
|
3524
|
-
F: __dxlog_file12,
|
|
3525
|
-
L: 340,
|
|
3526
|
-
S: this,
|
|
3527
|
-
A: [
|
|
3528
|
-
"identity",
|
|
3529
|
-
""
|
|
3530
|
-
]
|
|
3531
|
-
});
|
|
3532
|
-
const seedphrase = generateSeedPhrase();
|
|
3533
|
-
const keypair = keyPairFromSeedPhrase(seedphrase);
|
|
3534
|
-
const recoveryKey = PublicKey7.from(keypair.publicKey);
|
|
3535
|
-
const identityKey = identity.identityKey;
|
|
3536
|
-
const credential = await identity.getIdentityCredentialSigner().createCredential({
|
|
3537
|
-
subject: identityKey,
|
|
3538
|
-
assertion: {
|
|
3539
|
-
"@type": "dxos.halo.credentials.IdentityRecovery",
|
|
3540
|
-
recoveryKey,
|
|
3541
|
-
identityKey
|
|
3542
|
-
}
|
|
3543
|
-
});
|
|
3544
|
-
const receipt = await identity.controlPipeline.writer.write({
|
|
3545
|
-
credential: {
|
|
3546
|
-
credential
|
|
3547
|
-
}
|
|
3548
|
-
});
|
|
3549
|
-
await identity.controlPipeline.state.waitUntilTimeframe(new Timeframe3([
|
|
3550
|
-
[
|
|
3551
|
-
receipt.feedKey,
|
|
3552
|
-
receipt.seq
|
|
3553
|
-
]
|
|
3554
|
-
]));
|
|
3555
|
-
return {
|
|
3556
|
-
seedphrase
|
|
3557
|
-
};
|
|
3558
|
-
}
|
|
3559
3525
|
async _constructIdentity(identityRecord) {
|
|
3560
3526
|
invariant8(!this._identity, void 0, {
|
|
3561
3527
|
F: __dxlog_file12,
|
|
3562
|
-
L:
|
|
3528
|
+
L: 334,
|
|
3563
3529
|
S: this,
|
|
3564
3530
|
A: [
|
|
3565
3531
|
"!this._identity",
|
|
@@ -3570,7 +3536,7 @@ var IdentityManager = class {
|
|
|
3570
3536
|
identityRecord
|
|
3571
3537
|
}, {
|
|
3572
3538
|
F: __dxlog_file12,
|
|
3573
|
-
L:
|
|
3539
|
+
L: 335,
|
|
3574
3540
|
S: this,
|
|
3575
3541
|
C: (f, a) => f(...a)
|
|
3576
3542
|
});
|
|
@@ -3585,7 +3551,7 @@ var IdentityManager = class {
|
|
|
3585
3551
|
});
|
|
3586
3552
|
invariant8(identityRecord.haloSpace.controlFeedKey, void 0, {
|
|
3587
3553
|
F: __dxlog_file12,
|
|
3588
|
-
L:
|
|
3554
|
+
L: 348,
|
|
3589
3555
|
S: this,
|
|
3590
3556
|
A: [
|
|
3591
3557
|
"identityRecord.haloSpace.controlFeedKey",
|
|
@@ -3597,7 +3563,7 @@ var IdentityManager = class {
|
|
|
3597
3563
|
});
|
|
3598
3564
|
invariant8(identityRecord.haloSpace.dataFeedKey, void 0, {
|
|
3599
3565
|
F: __dxlog_file12,
|
|
3600
|
-
L:
|
|
3566
|
+
L: 352,
|
|
3601
3567
|
S: this,
|
|
3602
3568
|
A: [
|
|
3603
3569
|
"identityRecord.haloSpace.dataFeedKey",
|
|
@@ -3621,10 +3587,12 @@ var IdentityManager = class {
|
|
|
3621
3587
|
});
|
|
3622
3588
|
await space.setControlFeed(controlFeed);
|
|
3623
3589
|
await space.setDataFeed(dataFeed);
|
|
3590
|
+
const did = await createDidFromIdentityKey3(identityRecord.identityKey);
|
|
3624
3591
|
const identity = new Identity({
|
|
3625
3592
|
space,
|
|
3626
3593
|
presence,
|
|
3627
3594
|
signer: this._keyring,
|
|
3595
|
+
did,
|
|
3628
3596
|
identityKey: identityRecord.identityKey,
|
|
3629
3597
|
deviceKey: identityRecord.deviceKey,
|
|
3630
3598
|
edgeConnection: this._edgeConnection,
|
|
@@ -3634,7 +3602,7 @@ var IdentityManager = class {
|
|
|
3634
3602
|
identityKey: identityRecord.identityKey
|
|
3635
3603
|
}, {
|
|
3636
3604
|
F: __dxlog_file12,
|
|
3637
|
-
L:
|
|
3605
|
+
L: 383,
|
|
3638
3606
|
S: this,
|
|
3639
3607
|
C: (f, a) => f(...a)
|
|
3640
3608
|
});
|
|
@@ -3659,7 +3627,7 @@ var IdentityManager = class {
|
|
|
3659
3627
|
onAuthFailure: () => {
|
|
3660
3628
|
log9.warn("auth failure", void 0, {
|
|
3661
3629
|
F: __dxlog_file12,
|
|
3662
|
-
L:
|
|
3630
|
+
L: 408,
|
|
3663
3631
|
S: this,
|
|
3664
3632
|
C: (f, a) => f(...a)
|
|
3665
3633
|
});
|
|
@@ -3722,7 +3690,7 @@ var IdentityServiceImpl = class extends Resource5 {
|
|
|
3722
3690
|
const identity = this._identityManager.identity;
|
|
3723
3691
|
invariant9(identity, void 0, {
|
|
3724
3692
|
F: __dxlog_file13,
|
|
3725
|
-
L:
|
|
3693
|
+
L: 61,
|
|
3726
3694
|
S: this,
|
|
3727
3695
|
A: [
|
|
3728
3696
|
"identity",
|
|
@@ -3745,6 +3713,7 @@ var IdentityServiceImpl = class extends Resource5 {
|
|
|
3745
3713
|
return void 0;
|
|
3746
3714
|
}
|
|
3747
3715
|
return {
|
|
3716
|
+
did: this._identityManager.identity.did,
|
|
3748
3717
|
identityKey: this._identityManager.identity.identityKey,
|
|
3749
3718
|
spaceKey: this._identityManager.identity.space.key,
|
|
3750
3719
|
profile: this._identityManager.identity.profileDocument
|
|
@@ -3753,7 +3722,7 @@ var IdentityServiceImpl = class extends Resource5 {
|
|
|
3753
3722
|
async updateProfile(profile) {
|
|
3754
3723
|
invariant9(this._identityManager.identity, "Identity not initialized.", {
|
|
3755
3724
|
F: __dxlog_file13,
|
|
3756
|
-
L:
|
|
3725
|
+
L: 88,
|
|
3757
3726
|
S: this,
|
|
3758
3727
|
A: [
|
|
3759
3728
|
"this._identityManager.identity",
|
|
@@ -3764,18 +3733,29 @@ var IdentityServiceImpl = class extends Resource5 {
|
|
|
3764
3733
|
await this._onProfileUpdate?.(this._identityManager.identity.profileDocument);
|
|
3765
3734
|
return this._getIdentity();
|
|
3766
3735
|
}
|
|
3767
|
-
async
|
|
3768
|
-
return this._recoveryManager.
|
|
3736
|
+
async createRecoveryCredential(request) {
|
|
3737
|
+
return this._recoveryManager.createRecoveryCredential(request);
|
|
3738
|
+
}
|
|
3739
|
+
async requestRecoveryChallenge() {
|
|
3740
|
+
return this._recoveryManager.requestRecoveryChallenge();
|
|
3769
3741
|
}
|
|
3770
3742
|
async recoverIdentity(request) {
|
|
3771
|
-
|
|
3743
|
+
if (request.recoveryCode) {
|
|
3744
|
+
await this._recoveryManager.recoverIdentity({
|
|
3745
|
+
recoveryCode: request.recoveryCode
|
|
3746
|
+
});
|
|
3747
|
+
} else if (request.external) {
|
|
3748
|
+
await this._recoveryManager.recoverIdentityWithExternalSignature(request.external);
|
|
3749
|
+
} else {
|
|
3750
|
+
throw new Error("Invalid request.");
|
|
3751
|
+
}
|
|
3772
3752
|
return this._getIdentity();
|
|
3773
3753
|
}
|
|
3774
3754
|
// TODO(burdon): Rename createPresentation?
|
|
3775
3755
|
async signPresentation({ presentation, nonce }) {
|
|
3776
3756
|
invariant9(this._identityManager.identity, "Identity not initialized.", {
|
|
3777
3757
|
F: __dxlog_file13,
|
|
3778
|
-
L:
|
|
3758
|
+
L: 116,
|
|
3779
3759
|
S: this,
|
|
3780
3760
|
A: [
|
|
3781
3761
|
"this._identityManager.identity",
|
|
@@ -3794,7 +3774,7 @@ var IdentityServiceImpl = class extends Resource5 {
|
|
|
3794
3774
|
const identity = this._identityManager.identity;
|
|
3795
3775
|
invariant9(identity, "Identity not initialized.", {
|
|
3796
3776
|
F: __dxlog_file13,
|
|
3797
|
-
L:
|
|
3777
|
+
L: 130,
|
|
3798
3778
|
S: this,
|
|
3799
3779
|
A: [
|
|
3800
3780
|
"identity",
|
|
@@ -3832,7 +3812,7 @@ var IdentityServiceImpl = class extends Resource5 {
|
|
|
3832
3812
|
duplicate: space.id
|
|
3833
3813
|
}, {
|
|
3834
3814
|
F: __dxlog_file13,
|
|
3835
|
-
L:
|
|
3815
|
+
L: 164,
|
|
3836
3816
|
S: this,
|
|
3837
3817
|
C: (f, a) => f(...a)
|
|
3838
3818
|
});
|
|
@@ -3846,7 +3826,7 @@ var IdentityServiceImpl = class extends Resource5 {
|
|
|
3846
3826
|
}, (err) => {
|
|
3847
3827
|
log10.catch(err, void 0, {
|
|
3848
3828
|
F: __dxlog_file13,
|
|
3849
|
-
L:
|
|
3829
|
+
L: 175,
|
|
3850
3830
|
S: this,
|
|
3851
3831
|
C: (f, a) => f(...a)
|
|
3852
3832
|
});
|
|
@@ -4627,14 +4607,14 @@ var DeviceInvitationProtocol = class {
|
|
|
4627
4607
|
|
|
4628
4608
|
// packages/sdk/client-services/src/packlets/invitations/invitations-handler.ts
|
|
4629
4609
|
import { scheduleTask as scheduleTask7, TimeoutError as TimeoutError2 } from "@dxos/async";
|
|
4630
|
-
import { INVITATION_TIMEOUT } from "@dxos/client-protocol";
|
|
4610
|
+
import { INVITATION_TIMEOUT, getExpirationTime } from "@dxos/client-protocol";
|
|
4631
4611
|
import { ContextDisposedError as ContextDisposedError3 } from "@dxos/context";
|
|
4632
4612
|
import { createKeyPair, sign as sign2 } from "@dxos/crypto";
|
|
4633
4613
|
import { invariant as invariant15 } from "@dxos/invariant";
|
|
4634
4614
|
import { PublicKey as PublicKey11 } from "@dxos/keys";
|
|
4635
4615
|
import { log as log17 } from "@dxos/log";
|
|
4636
4616
|
import { createTeleportProtocolFactory } from "@dxos/network-manager";
|
|
4637
|
-
import { InvalidInvitationExtensionRoleError as InvalidInvitationExtensionRoleError3, trace as trace7 } from "@dxos/protocols";
|
|
4617
|
+
import { InvalidInvitationError, InvalidInvitationExtensionRoleError as InvalidInvitationExtensionRoleError3, trace as trace7 } from "@dxos/protocols";
|
|
4638
4618
|
import { Invitation as Invitation7 } from "@dxos/protocols/proto/dxos/client/services";
|
|
4639
4619
|
import { AuthenticationResponse as AuthenticationResponse2 } from "@dxos/protocols/proto/dxos/halo/invitations";
|
|
4640
4620
|
import { InvitationOptions as InvitationOptions4 } from "@dxos/protocols/proto/dxos/halo/invitations";
|
|
@@ -4657,6 +4637,12 @@ import { Invitation as Invitation3 } from "@dxos/protocols/proto/dxos/client/ser
|
|
|
4657
4637
|
var stateToString = (state) => {
|
|
4658
4638
|
return Object.entries(Invitation3.State).find(([key, val]) => val === state)?.[0] ?? "unknown";
|
|
4659
4639
|
};
|
|
4640
|
+
var computeExpirationTime = (invitation) => {
|
|
4641
|
+
if (!invitation.lifetime) {
|
|
4642
|
+
return;
|
|
4643
|
+
}
|
|
4644
|
+
return new Date((invitation.created?.getTime() ?? Date.now()) + invitation.lifetime * 1e3);
|
|
4645
|
+
};
|
|
4660
4646
|
var tryAcquireBeforeContextDisposed = async (ctx, mutex) => {
|
|
4661
4647
|
let guard;
|
|
4662
4648
|
return cancelWithContext3(ctx, (async () => {
|
|
@@ -5672,18 +5658,19 @@ var InvitationsHandler = class {
|
|
|
5672
5658
|
});
|
|
5673
5659
|
return extension;
|
|
5674
5660
|
};
|
|
5675
|
-
|
|
5676
|
-
|
|
5661
|
+
const expiresOn = getExpirationTime(invitation);
|
|
5662
|
+
if (expiresOn) {
|
|
5663
|
+
if (expiresOn.getTime() < Date.now()) {
|
|
5677
5664
|
log17.warn("invitation has already expired", void 0, {
|
|
5678
5665
|
F: __dxlog_file21,
|
|
5679
|
-
L:
|
|
5666
|
+
L: 194,
|
|
5680
5667
|
S: this,
|
|
5681
5668
|
C: (f, a) => f(...a)
|
|
5682
5669
|
});
|
|
5683
5670
|
guardedState.set(null, Invitation7.State.EXPIRED);
|
|
5684
5671
|
void ctx.dispose().catch((err) => log17.catch(err, void 0, {
|
|
5685
5672
|
F: __dxlog_file21,
|
|
5686
|
-
L:
|
|
5673
|
+
L: 196,
|
|
5687
5674
|
S: this,
|
|
5688
5675
|
C: (f, a) => f(...a)
|
|
5689
5676
|
}));
|
|
@@ -5694,7 +5681,7 @@ var InvitationsHandler = class {
|
|
|
5694
5681
|
guardedState.set(null, Invitation7.State.EXPIRED);
|
|
5695
5682
|
metrics.increment("dxos.invitation.expired");
|
|
5696
5683
|
await ctx.dispose();
|
|
5697
|
-
},
|
|
5684
|
+
}, expiresOn.getTime() - Date.now());
|
|
5698
5685
|
}
|
|
5699
5686
|
let swarmConnection;
|
|
5700
5687
|
scheduleTask7(ctx, async () => {
|
|
@@ -5710,7 +5697,7 @@ var InvitationsHandler = class {
|
|
|
5710
5697
|
type: invitation.type
|
|
5711
5698
|
}, {
|
|
5712
5699
|
F: __dxlog_file21,
|
|
5713
|
-
L:
|
|
5700
|
+
L: 227,
|
|
5714
5701
|
S: this,
|
|
5715
5702
|
C: (f, a) => f(...a)
|
|
5716
5703
|
});
|
|
@@ -5718,7 +5705,7 @@ var InvitationsHandler = class {
|
|
|
5718
5705
|
if (deviceProfile) {
|
|
5719
5706
|
invariant15(invitation.kind === Invitation7.Kind.DEVICE, "deviceProfile provided for non-device invitation", {
|
|
5720
5707
|
F: __dxlog_file21,
|
|
5721
|
-
L:
|
|
5708
|
+
L: 236,
|
|
5722
5709
|
S: this,
|
|
5723
5710
|
A: [
|
|
5724
5711
|
"invitation.kind === Invitation.Kind.DEVICE",
|
|
@@ -5736,7 +5723,7 @@ var InvitationsHandler = class {
|
|
|
5736
5723
|
triedPeers: triedPeersIds.size
|
|
5737
5724
|
}, {
|
|
5738
5725
|
F: __dxlog_file21,
|
|
5739
|
-
L:
|
|
5726
|
+
L: 244,
|
|
5740
5727
|
S: this,
|
|
5741
5728
|
C: (f, a) => f(...a)
|
|
5742
5729
|
});
|
|
@@ -5763,7 +5750,7 @@ var InvitationsHandler = class {
|
|
|
5763
5750
|
currentState: guardedState.current.state
|
|
5764
5751
|
}, {
|
|
5765
5752
|
F: __dxlog_file21,
|
|
5766
|
-
L:
|
|
5753
|
+
L: 272,
|
|
5767
5754
|
S: this,
|
|
5768
5755
|
C: (f, a) => f(...a)
|
|
5769
5756
|
});
|
|
@@ -5781,7 +5768,7 @@ var InvitationsHandler = class {
|
|
|
5781
5768
|
id: traceId
|
|
5782
5769
|
}), {
|
|
5783
5770
|
F: __dxlog_file21,
|
|
5784
|
-
L:
|
|
5771
|
+
L: 284,
|
|
5785
5772
|
S: this,
|
|
5786
5773
|
C: (f, a) => f(...a)
|
|
5787
5774
|
});
|
|
@@ -5793,7 +5780,7 @@ var InvitationsHandler = class {
|
|
|
5793
5780
|
...protocol.toJSON()
|
|
5794
5781
|
}, {
|
|
5795
5782
|
F: __dxlog_file21,
|
|
5796
|
-
L:
|
|
5783
|
+
L: 295,
|
|
5797
5784
|
S: this,
|
|
5798
5785
|
C: (f, a) => f(...a)
|
|
5799
5786
|
});
|
|
@@ -5803,7 +5790,7 @@ var InvitationsHandler = class {
|
|
|
5803
5790
|
...protocol.toJSON()
|
|
5804
5791
|
}, {
|
|
5805
5792
|
F: __dxlog_file21,
|
|
5806
|
-
L:
|
|
5793
|
+
L: 299,
|
|
5807
5794
|
S: this,
|
|
5808
5795
|
C: (f, a) => f(...a)
|
|
5809
5796
|
});
|
|
@@ -5817,7 +5804,7 @@ var InvitationsHandler = class {
|
|
|
5817
5804
|
authMethod: introductionResponse.authMethod
|
|
5818
5805
|
}, {
|
|
5819
5806
|
F: __dxlog_file21,
|
|
5820
|
-
L:
|
|
5807
|
+
L: 307,
|
|
5821
5808
|
S: this,
|
|
5822
5809
|
C: (f, a) => f(...a)
|
|
5823
5810
|
});
|
|
@@ -5839,7 +5826,7 @@ var InvitationsHandler = class {
|
|
|
5839
5826
|
...protocol.toJSON()
|
|
5840
5827
|
}, {
|
|
5841
5828
|
F: __dxlog_file21,
|
|
5842
|
-
L:
|
|
5829
|
+
L: 337,
|
|
5843
5830
|
S: this,
|
|
5844
5831
|
C: (f, a) => f(...a)
|
|
5845
5832
|
});
|
|
@@ -5852,7 +5839,7 @@ var InvitationsHandler = class {
|
|
|
5852
5839
|
...protocol.toJSON()
|
|
5853
5840
|
}, {
|
|
5854
5841
|
F: __dxlog_file21,
|
|
5855
|
-
L:
|
|
5842
|
+
L: 351,
|
|
5856
5843
|
S: this,
|
|
5857
5844
|
C: (f, a) => f(...a)
|
|
5858
5845
|
});
|
|
@@ -5865,7 +5852,7 @@ var InvitationsHandler = class {
|
|
|
5865
5852
|
id: traceId
|
|
5866
5853
|
}), {
|
|
5867
5854
|
F: __dxlog_file21,
|
|
5868
|
-
L:
|
|
5855
|
+
L: 360,
|
|
5869
5856
|
S: this,
|
|
5870
5857
|
C: (f, a) => f(...a)
|
|
5871
5858
|
});
|
|
@@ -5875,7 +5862,7 @@ var InvitationsHandler = class {
|
|
|
5875
5862
|
...protocol.toJSON()
|
|
5876
5863
|
}, {
|
|
5877
5864
|
F: __dxlog_file21,
|
|
5878
|
-
L:
|
|
5865
|
+
L: 363,
|
|
5879
5866
|
S: this,
|
|
5880
5867
|
C: (f, a) => f(...a)
|
|
5881
5868
|
});
|
|
@@ -5883,7 +5870,7 @@ var InvitationsHandler = class {
|
|
|
5883
5870
|
} else {
|
|
5884
5871
|
log17.verbose("auth failed", err, {
|
|
5885
5872
|
F: __dxlog_file21,
|
|
5886
|
-
L:
|
|
5873
|
+
L: 366,
|
|
5887
5874
|
S: this,
|
|
5888
5875
|
C: (f, a) => f(...a)
|
|
5889
5876
|
});
|
|
@@ -5895,7 +5882,7 @@ var InvitationsHandler = class {
|
|
|
5895
5882
|
error: err
|
|
5896
5883
|
}), {
|
|
5897
5884
|
F: __dxlog_file21,
|
|
5898
|
-
L:
|
|
5885
|
+
L: 370,
|
|
5899
5886
|
S: this,
|
|
5900
5887
|
C: (f, a) => f(...a)
|
|
5901
5888
|
});
|
|
@@ -5911,7 +5898,7 @@ var InvitationsHandler = class {
|
|
|
5911
5898
|
...protocol.toJSON()
|
|
5912
5899
|
}, {
|
|
5913
5900
|
F: __dxlog_file21,
|
|
5914
|
-
L:
|
|
5901
|
+
L: 379,
|
|
5915
5902
|
S: this,
|
|
5916
5903
|
C: (f, a) => f(...a)
|
|
5917
5904
|
});
|
|
@@ -5919,7 +5906,7 @@ var InvitationsHandler = class {
|
|
|
5919
5906
|
} else {
|
|
5920
5907
|
log17.verbose("auth failed", err, {
|
|
5921
5908
|
F: __dxlog_file21,
|
|
5922
|
-
L:
|
|
5909
|
+
L: 382,
|
|
5923
5910
|
S: this,
|
|
5924
5911
|
C: (f, a) => f(...a)
|
|
5925
5912
|
});
|
|
@@ -5936,7 +5923,7 @@ var InvitationsHandler = class {
|
|
|
5936
5923
|
...protocol.toJSON()
|
|
5937
5924
|
}, {
|
|
5938
5925
|
F: __dxlog_file21,
|
|
5939
|
-
L:
|
|
5926
|
+
L: 394,
|
|
5940
5927
|
S: this,
|
|
5941
5928
|
C: (f, a) => f(...a)
|
|
5942
5929
|
});
|
|
@@ -5949,14 +5936,14 @@ var InvitationsHandler = class {
|
|
|
5949
5936
|
});
|
|
5950
5937
|
edgeInvitationHandler.handle(ctx, guardedState, protocol, deviceProfile);
|
|
5951
5938
|
scheduleTask7(ctx, async () => {
|
|
5952
|
-
const error =
|
|
5939
|
+
const error = checkInvitation(protocol, invitation);
|
|
5953
5940
|
if (error) {
|
|
5954
5941
|
stream.error(error);
|
|
5955
5942
|
await ctx.dispose();
|
|
5956
5943
|
} else {
|
|
5957
5944
|
invariant15(invitation.swarmKey, void 0, {
|
|
5958
5945
|
F: __dxlog_file21,
|
|
5959
|
-
L:
|
|
5946
|
+
L: 406,
|
|
5960
5947
|
S: this,
|
|
5961
5948
|
A: [
|
|
5962
5949
|
"invitation.swarmKey",
|
|
@@ -6000,7 +5987,7 @@ var InvitationsHandler = class {
|
|
|
6000
5987
|
for (let attempt = 1; attempt <= MAX_OTP_ATTEMPTS; attempt++) {
|
|
6001
5988
|
log17("guest waiting for authentication code...", void 0, {
|
|
6002
5989
|
F: __dxlog_file21,
|
|
6003
|
-
L:
|
|
5990
|
+
L: 458,
|
|
6004
5991
|
S: this,
|
|
6005
5992
|
C: (f, a) => f(...a)
|
|
6006
5993
|
});
|
|
@@ -6008,7 +5995,7 @@ var InvitationsHandler = class {
|
|
|
6008
5995
|
const authCode = await authenticated.wait(options);
|
|
6009
5996
|
log17("sending authentication request", void 0, {
|
|
6010
5997
|
F: __dxlog_file21,
|
|
6011
|
-
L:
|
|
5998
|
+
L: 462,
|
|
6012
5999
|
S: this,
|
|
6013
6000
|
C: (f, a) => f(...a)
|
|
6014
6001
|
});
|
|
@@ -6027,7 +6014,7 @@ var InvitationsHandler = class {
|
|
|
6027
6014
|
attempt
|
|
6028
6015
|
}, {
|
|
6029
6016
|
F: __dxlog_file21,
|
|
6030
|
-
L:
|
|
6017
|
+
L: 473,
|
|
6031
6018
|
S: this,
|
|
6032
6019
|
C: (f, a) => f(...a)
|
|
6033
6020
|
});
|
|
@@ -6045,7 +6032,7 @@ var InvitationsHandler = class {
|
|
|
6045
6032
|
}
|
|
6046
6033
|
log17("sending authentication request", void 0, {
|
|
6047
6034
|
F: __dxlog_file21,
|
|
6048
|
-
L:
|
|
6035
|
+
L: 492,
|
|
6049
6036
|
S: this,
|
|
6050
6037
|
C: (f, a) => f(...a)
|
|
6051
6038
|
});
|
|
@@ -6058,6 +6045,13 @@ var InvitationsHandler = class {
|
|
|
6058
6045
|
}
|
|
6059
6046
|
}
|
|
6060
6047
|
};
|
|
6048
|
+
var checkInvitation = (protocol, invitation) => {
|
|
6049
|
+
const expiresOn = getExpirationTime(invitation);
|
|
6050
|
+
if (expiresOn && expiresOn.getTime() < Date.now()) {
|
|
6051
|
+
return new InvalidInvitationError("Invitation already expired.");
|
|
6052
|
+
}
|
|
6053
|
+
return protocol.checkInvitation(invitation);
|
|
6054
|
+
};
|
|
6061
6055
|
var createAdmissionKeypair = () => {
|
|
6062
6056
|
const keypair = createKeyPair();
|
|
6063
6057
|
return {
|
|
@@ -6172,7 +6166,7 @@ import { createCancelDelegatedSpaceInvitationCredential, createDelegatedSpaceInv
|
|
|
6172
6166
|
import { writeMessages as writeMessages4 } from "@dxos/feed-store";
|
|
6173
6167
|
import { invariant as invariant16 } from "@dxos/invariant";
|
|
6174
6168
|
import { log as log18 } from "@dxos/log";
|
|
6175
|
-
import { AlreadyJoinedError as AlreadyJoinedError3, AuthorizationError as AuthorizationError2, InvalidInvitationError, SpaceNotFoundError as SpaceNotFoundError2 } from "@dxos/protocols";
|
|
6169
|
+
import { AlreadyJoinedError as AlreadyJoinedError3, AuthorizationError as AuthorizationError2, InvalidInvitationError as InvalidInvitationError2, SpaceNotFoundError as SpaceNotFoundError2 } from "@dxos/protocols";
|
|
6176
6170
|
import { Invitation as Invitation8 } from "@dxos/protocols/proto/dxos/client/services";
|
|
6177
6171
|
import { SpaceMember as SpaceMember6 } from "@dxos/protocols/proto/dxos/halo/credentials";
|
|
6178
6172
|
var __dxlog_file22 = "/home/runner/work/dxos/dxos/packages/sdk/client-services/src/packlets/invitations/space-invitation-protocol.ts";
|
|
@@ -6192,7 +6186,7 @@ var SpaceInvitationProtocol = class {
|
|
|
6192
6186
|
}
|
|
6193
6187
|
checkCanInviteNewMembers() {
|
|
6194
6188
|
if (this._spaceKey == null) {
|
|
6195
|
-
return new
|
|
6189
|
+
return new InvalidInvitationError2("No spaceKey was provided for a space invitation.");
|
|
6196
6190
|
}
|
|
6197
6191
|
const space = this._spaceManager.spaces.get(this._spaceKey);
|
|
6198
6192
|
if (space == null) {
|
|
@@ -6206,7 +6200,7 @@ var SpaceInvitationProtocol = class {
|
|
|
6206
6200
|
getInvitationContext() {
|
|
6207
6201
|
invariant16(this._spaceKey, void 0, {
|
|
6208
6202
|
F: __dxlog_file22,
|
|
6209
|
-
L:
|
|
6203
|
+
L: 65,
|
|
6210
6204
|
S: this,
|
|
6211
6205
|
A: [
|
|
6212
6206
|
"this._spaceKey",
|
|
@@ -6216,7 +6210,7 @@ var SpaceInvitationProtocol = class {
|
|
|
6216
6210
|
const space = this._spaceManager.spaces.get(this._spaceKey);
|
|
6217
6211
|
invariant16(space, void 0, {
|
|
6218
6212
|
F: __dxlog_file22,
|
|
6219
|
-
L:
|
|
6213
|
+
L: 67,
|
|
6220
6214
|
S: this,
|
|
6221
6215
|
A: [
|
|
6222
6216
|
"space",
|
|
@@ -6232,7 +6226,7 @@ var SpaceInvitationProtocol = class {
|
|
|
6232
6226
|
async admit(invitation, request, guestProfile) {
|
|
6233
6227
|
invariant16(this._spaceKey && request.space, void 0, {
|
|
6234
6228
|
F: __dxlog_file22,
|
|
6235
|
-
L:
|
|
6229
|
+
L: 80,
|
|
6236
6230
|
S: this,
|
|
6237
6231
|
A: [
|
|
6238
6232
|
"this._spaceKey && request.space",
|
|
@@ -6244,7 +6238,7 @@ var SpaceInvitationProtocol = class {
|
|
|
6244
6238
|
guest: request.space.deviceKey
|
|
6245
6239
|
}, {
|
|
6246
6240
|
F: __dxlog_file22,
|
|
6247
|
-
L:
|
|
6241
|
+
L: 81,
|
|
6248
6242
|
S: this,
|
|
6249
6243
|
C: (f, a) => f(...a)
|
|
6250
6244
|
});
|
|
@@ -6266,7 +6260,7 @@ var SpaceInvitationProtocol = class {
|
|
|
6266
6260
|
async delegate(invitation) {
|
|
6267
6261
|
invariant16(this._spaceKey, void 0, {
|
|
6268
6262
|
F: __dxlog_file22,
|
|
6269
|
-
L:
|
|
6263
|
+
L: 101,
|
|
6270
6264
|
S: this,
|
|
6271
6265
|
A: [
|
|
6272
6266
|
"this._spaceKey",
|
|
@@ -6276,7 +6270,7 @@ var SpaceInvitationProtocol = class {
|
|
|
6276
6270
|
const space = this._spaceManager.spaces.get(this._spaceKey);
|
|
6277
6271
|
invariant16(space, void 0, {
|
|
6278
6272
|
F: __dxlog_file22,
|
|
6279
|
-
L:
|
|
6273
|
+
L: 103,
|
|
6280
6274
|
S: this,
|
|
6281
6275
|
A: [
|
|
6282
6276
|
"space",
|
|
@@ -6286,7 +6280,7 @@ var SpaceInvitationProtocol = class {
|
|
|
6286
6280
|
if (invitation.authMethod === Invitation8.AuthMethod.KNOWN_PUBLIC_KEY) {
|
|
6287
6281
|
invariant16(invitation.guestKeypair?.publicKey, void 0, {
|
|
6288
6282
|
F: __dxlog_file22,
|
|
6289
|
-
L:
|
|
6283
|
+
L: 105,
|
|
6290
6284
|
S: this,
|
|
6291
6285
|
A: [
|
|
6292
6286
|
"invitation.guestKeypair?.publicKey",
|
|
@@ -6299,7 +6293,7 @@ var SpaceInvitationProtocol = class {
|
|
|
6299
6293
|
id: invitation.invitationId
|
|
6300
6294
|
}, {
|
|
6301
6295
|
F: __dxlog_file22,
|
|
6302
|
-
L:
|
|
6296
|
+
L: 108,
|
|
6303
6297
|
S: this,
|
|
6304
6298
|
C: (f, a) => f(...a)
|
|
6305
6299
|
});
|
|
@@ -6308,13 +6302,13 @@ var SpaceInvitationProtocol = class {
|
|
|
6308
6302
|
authMethod: invitation.authMethod,
|
|
6309
6303
|
swarmKey: invitation.swarmKey,
|
|
6310
6304
|
role: invitation.role ?? SpaceMember6.Role.ADMIN,
|
|
6311
|
-
expiresOn:
|
|
6305
|
+
expiresOn: computeExpirationTime(invitation),
|
|
6312
6306
|
multiUse: invitation.multiUse ?? false,
|
|
6313
6307
|
guestKey: invitation.authMethod === Invitation8.AuthMethod.KNOWN_PUBLIC_KEY ? invitation.guestKeypair.publicKey : void 0
|
|
6314
6308
|
});
|
|
6315
6309
|
invariant16(credential.credential, void 0, {
|
|
6316
6310
|
F: __dxlog_file22,
|
|
6317
|
-
L:
|
|
6311
|
+
L: 126,
|
|
6318
6312
|
S: this,
|
|
6319
6313
|
A: [
|
|
6320
6314
|
"credential.credential",
|
|
@@ -6329,7 +6323,7 @@ var SpaceInvitationProtocol = class {
|
|
|
6329
6323
|
async cancelDelegation(invitation) {
|
|
6330
6324
|
invariant16(this._spaceKey, void 0, {
|
|
6331
6325
|
F: __dxlog_file22,
|
|
6332
|
-
L:
|
|
6326
|
+
L: 132,
|
|
6333
6327
|
S: this,
|
|
6334
6328
|
A: [
|
|
6335
6329
|
"this._spaceKey",
|
|
@@ -6338,7 +6332,7 @@ var SpaceInvitationProtocol = class {
|
|
|
6338
6332
|
});
|
|
6339
6333
|
invariant16(invitation.type === Invitation8.Type.DELEGATED && invitation.delegationCredentialId, void 0, {
|
|
6340
6334
|
F: __dxlog_file22,
|
|
6341
|
-
L:
|
|
6335
|
+
L: 133,
|
|
6342
6336
|
S: this,
|
|
6343
6337
|
A: [
|
|
6344
6338
|
"invitation.type === Invitation.Type.DELEGATED && invitation.delegationCredentialId",
|
|
@@ -6348,7 +6342,7 @@ var SpaceInvitationProtocol = class {
|
|
|
6348
6342
|
const space = this._spaceManager.spaces.get(this._spaceKey);
|
|
6349
6343
|
invariant16(space, void 0, {
|
|
6350
6344
|
F: __dxlog_file22,
|
|
6351
|
-
L:
|
|
6345
|
+
L: 135,
|
|
6352
6346
|
S: this,
|
|
6353
6347
|
A: [
|
|
6354
6348
|
"space",
|
|
@@ -6360,14 +6354,14 @@ var SpaceInvitationProtocol = class {
|
|
|
6360
6354
|
id: invitation.invitationId
|
|
6361
6355
|
}, {
|
|
6362
6356
|
F: __dxlog_file22,
|
|
6363
|
-
L:
|
|
6357
|
+
L: 137,
|
|
6364
6358
|
S: this,
|
|
6365
6359
|
C: (f, a) => f(...a)
|
|
6366
6360
|
});
|
|
6367
6361
|
const credential = await createCancelDelegatedSpaceInvitationCredential(this._signingContext.credentialSigner, space.key, invitation.delegationCredentialId);
|
|
6368
6362
|
invariant16(credential.credential, void 0, {
|
|
6369
6363
|
F: __dxlog_file22,
|
|
6370
|
-
L:
|
|
6364
|
+
L: 144,
|
|
6371
6365
|
S: this,
|
|
6372
6366
|
A: [
|
|
6373
6367
|
"credential.credential",
|
|
@@ -6380,7 +6374,7 @@ var SpaceInvitationProtocol = class {
|
|
|
6380
6374
|
}
|
|
6381
6375
|
checkInvitation(invitation) {
|
|
6382
6376
|
if (invitation.spaceKey == null) {
|
|
6383
|
-
return new
|
|
6377
|
+
return new InvalidInvitationError2("No spaceKey was provided for a space invitation.");
|
|
6384
6378
|
}
|
|
6385
6379
|
if (this._spaceManager.spaces.has(invitation.spaceKey)) {
|
|
6386
6380
|
return new AlreadyJoinedError3("Already joined space.");
|
|
@@ -6406,7 +6400,7 @@ var SpaceInvitationProtocol = class {
|
|
|
6406
6400
|
async accept(response) {
|
|
6407
6401
|
invariant16(response.space, void 0, {
|
|
6408
6402
|
F: __dxlog_file22,
|
|
6409
|
-
L:
|
|
6403
|
+
L: 179,
|
|
6410
6404
|
S: this,
|
|
6411
6405
|
A: [
|
|
6412
6406
|
"response.space",
|
|
@@ -6417,7 +6411,7 @@ var SpaceInvitationProtocol = class {
|
|
|
6417
6411
|
const assertion = getCredentialAssertion5(credential);
|
|
6418
6412
|
invariant16(assertion["@type"] === "dxos.halo.credentials.SpaceMember", "Invalid credential", {
|
|
6419
6413
|
F: __dxlog_file22,
|
|
6420
|
-
L:
|
|
6414
|
+
L: 182,
|
|
6421
6415
|
S: this,
|
|
6422
6416
|
A: [
|
|
6423
6417
|
"assertion['@type'] === 'dxos.halo.credentials.SpaceMember'",
|
|
@@ -6426,7 +6420,7 @@ var SpaceInvitationProtocol = class {
|
|
|
6426
6420
|
});
|
|
6427
6421
|
invariant16(credential.subject.id.equals(this._signingContext.identityKey), void 0, {
|
|
6428
6422
|
F: __dxlog_file22,
|
|
6429
|
-
L:
|
|
6423
|
+
L: 183,
|
|
6430
6424
|
S: this,
|
|
6431
6425
|
A: [
|
|
6432
6426
|
"credential.subject.id.equals(this._signingContext.identityKey)",
|
|
@@ -6662,7 +6656,7 @@ var InvitationsManager = class {
|
|
|
6662
6656
|
}
|
|
6663
6657
|
}
|
|
6664
6658
|
_createInvitation(protocol, _options) {
|
|
6665
|
-
const { invitationId = PublicKey12.random().toHex(), type = Invitation9.Type.INTERACTIVE, authMethod = Invitation9.AuthMethod.SHARED_SECRET, state = Invitation9.State.INIT, timeout = INVITATION_TIMEOUT2, swarmKey = PublicKey12.random(), persistent = _options?.authMethod !== Invitation9.AuthMethod.KNOWN_PUBLIC_KEY, created = /* @__PURE__ */ new Date(), guestKeypair = void 0, role = SpaceMember7.Role.ADMIN, lifetime = 86400, multiUse = false, ...options } = _options ?? {};
|
|
6659
|
+
const { invitationId = PublicKey12.random().toHex(), type = Invitation9.Type.INTERACTIVE, authMethod = Invitation9.AuthMethod.SHARED_SECRET, state = Invitation9.State.INIT, timeout = INVITATION_TIMEOUT2, swarmKey = PublicKey12.random(), persistent = _options?.authMethod !== Invitation9.AuthMethod.KNOWN_PUBLIC_KEY, created = /* @__PURE__ */ new Date(), guestKeypair = void 0, role = SpaceMember7.Role.ADMIN, lifetime = 86400 * 7, multiUse = false, ...options } = _options ?? {};
|
|
6666
6660
|
const authCode = options?.authCode ?? (authMethod === Invitation9.AuthMethod.SHARED_SECRET ? generatePasscode(AUTHENTICATION_CODE_LENGTH) : void 0);
|
|
6667
6661
|
return {
|
|
6668
6662
|
invitationId,
|
|
@@ -7022,6 +7016,18 @@ var EdgeAgentManager = class extends Resource6 {
|
|
|
7022
7016
|
haloSpaceKey: this._identity.haloSpaceKey.toHex()
|
|
7023
7017
|
});
|
|
7024
7018
|
const deviceKey = PublicKey13.fromHex(response.deviceKey);
|
|
7019
|
+
if (await this._identity.authorizedDeviceKeys.has(deviceKey)) {
|
|
7020
|
+
log21.info("agent was already added to HALO, ignoring response", {
|
|
7021
|
+
response
|
|
7022
|
+
}, {
|
|
7023
|
+
F: __dxlog_file25,
|
|
7024
|
+
L: 67,
|
|
7025
|
+
S: this,
|
|
7026
|
+
C: (f, a) => f(...a)
|
|
7027
|
+
});
|
|
7028
|
+
this._updateStatus(EdgeAgentStatus.ACTIVE, deviceKey);
|
|
7029
|
+
return;
|
|
7030
|
+
}
|
|
7025
7031
|
await this._identity.admitDevice({
|
|
7026
7032
|
deviceKey,
|
|
7027
7033
|
controlFeedKey: PublicKey13.fromHex(response.feedKey),
|
|
@@ -7030,7 +7036,7 @@ var EdgeAgentManager = class extends Resource6 {
|
|
|
7030
7036
|
});
|
|
7031
7037
|
log21("agent created", response, {
|
|
7032
7038
|
F: __dxlog_file25,
|
|
7033
|
-
L:
|
|
7039
|
+
L: 79,
|
|
7034
7040
|
S: this,
|
|
7035
7041
|
C: (f, a) => f(...a)
|
|
7036
7042
|
});
|
|
@@ -7042,7 +7048,7 @@ var EdgeAgentManager = class extends Resource6 {
|
|
|
7042
7048
|
isEnabled
|
|
7043
7049
|
}, {
|
|
7044
7050
|
F: __dxlog_file25,
|
|
7045
|
-
L:
|
|
7051
|
+
L: 87,
|
|
7046
7052
|
S: this,
|
|
7047
7053
|
C: (f, a) => f(...a)
|
|
7048
7054
|
});
|
|
@@ -7075,7 +7081,7 @@ var EdgeAgentManager = class extends Resource6 {
|
|
|
7075
7081
|
async _fetchAgentStatus() {
|
|
7076
7082
|
invariant19(this._edgeHttpClient, void 0, {
|
|
7077
7083
|
F: __dxlog_file25,
|
|
7078
|
-
L:
|
|
7084
|
+
L: 121,
|
|
7079
7085
|
S: this,
|
|
7080
7086
|
A: [
|
|
7081
7087
|
"this._edgeHttpClient",
|
|
@@ -7085,7 +7091,7 @@ var EdgeAgentManager = class extends Resource6 {
|
|
|
7085
7091
|
try {
|
|
7086
7092
|
log21("fetching agent status", void 0, {
|
|
7087
7093
|
F: __dxlog_file25,
|
|
7088
|
-
L:
|
|
7094
|
+
L: 123,
|
|
7089
7095
|
S: this,
|
|
7090
7096
|
C: (f, a) => f(...a)
|
|
7091
7097
|
});
|
|
@@ -7104,7 +7110,7 @@ var EdgeAgentManager = class extends Resource6 {
|
|
|
7104
7110
|
err
|
|
7105
7111
|
}, {
|
|
7106
7112
|
F: __dxlog_file25,
|
|
7107
|
-
L:
|
|
7113
|
+
L: 133,
|
|
7108
7114
|
S: this,
|
|
7109
7115
|
C: (f, a) => f(...a)
|
|
7110
7116
|
});
|
|
@@ -7117,7 +7123,7 @@ var EdgeAgentManager = class extends Resource6 {
|
|
|
7117
7123
|
retryAfterMs
|
|
7118
7124
|
}, {
|
|
7119
7125
|
F: __dxlog_file25,
|
|
7120
|
-
L:
|
|
7126
|
+
L: 138,
|
|
7121
7127
|
S: this,
|
|
7122
7128
|
C: (f, a) => f(...a)
|
|
7123
7129
|
});
|
|
@@ -7153,7 +7159,7 @@ var EdgeAgentManager = class extends Resource6 {
|
|
|
7153
7159
|
spaceId: space.id
|
|
7154
7160
|
}, {
|
|
7155
7161
|
F: __dxlog_file25,
|
|
7156
|
-
L:
|
|
7162
|
+
L: 165,
|
|
7157
7163
|
S: this,
|
|
7158
7164
|
C: (f, a) => f(...a)
|
|
7159
7165
|
});
|
|
@@ -7173,7 +7179,7 @@ var EdgeAgentManager = class extends Resource6 {
|
|
|
7173
7179
|
status
|
|
7174
7180
|
}, {
|
|
7175
7181
|
F: __dxlog_file25,
|
|
7176
|
-
L:
|
|
7182
|
+
L: 181,
|
|
7177
7183
|
S: this,
|
|
7178
7184
|
C: (f, a) => f(...a)
|
|
7179
7185
|
});
|
|
@@ -7263,7 +7269,7 @@ import { trace as Trace3 } from "@dxos/tracing";
|
|
|
7263
7269
|
import { safeInstanceof } from "@dxos/util";
|
|
7264
7270
|
|
|
7265
7271
|
// packages/sdk/client-services/src/packlets/identity/identity-recovery-manager.ts
|
|
7266
|
-
import { generateSeedPhrase
|
|
7272
|
+
import { generateSeedPhrase, keyPairFromSeedPhrase } from "@dxos/credentials";
|
|
7267
7273
|
import { sign as sign3 } from "@dxos/crypto";
|
|
7268
7274
|
import { invariant as invariant20 } from "@dxos/invariant";
|
|
7269
7275
|
import { PublicKey as PublicKey14 } from "@dxos/keys";
|
|
@@ -7279,27 +7285,41 @@ var EdgeIdentityRecoveryManager = class {
|
|
|
7279
7285
|
this._identityProvider = _identityProvider;
|
|
7280
7286
|
this._acceptRecoveredIdentity = _acceptRecoveredIdentity;
|
|
7281
7287
|
}
|
|
7282
|
-
async
|
|
7288
|
+
async createRecoveryCredential({ data }) {
|
|
7283
7289
|
const identity = this._identityProvider();
|
|
7284
7290
|
invariant20(identity, void 0, {
|
|
7285
7291
|
F: __dxlog_file26,
|
|
7286
|
-
L:
|
|
7292
|
+
L: 37,
|
|
7287
7293
|
S: this,
|
|
7288
7294
|
A: [
|
|
7289
7295
|
"identity",
|
|
7290
7296
|
""
|
|
7291
7297
|
]
|
|
7292
7298
|
});
|
|
7293
|
-
|
|
7294
|
-
|
|
7295
|
-
|
|
7299
|
+
let recoveryKey;
|
|
7300
|
+
let lookupKey;
|
|
7301
|
+
let algorithm;
|
|
7302
|
+
let recoveryCode;
|
|
7303
|
+
if (data) {
|
|
7304
|
+
recoveryKey = data.recoveryKey;
|
|
7305
|
+
lookupKey = data.lookupKey;
|
|
7306
|
+
algorithm = data.algorithm;
|
|
7307
|
+
} else {
|
|
7308
|
+
recoveryCode = generateSeedPhrase();
|
|
7309
|
+
const keypair = keyPairFromSeedPhrase(recoveryCode);
|
|
7310
|
+
recoveryKey = PublicKey14.from(keypair.publicKey);
|
|
7311
|
+
lookupKey = PublicKey14.from(keypair.publicKey);
|
|
7312
|
+
algorithm = "ED25519";
|
|
7313
|
+
}
|
|
7296
7314
|
const identityKey = identity.identityKey;
|
|
7297
7315
|
const credential = await identity.getIdentityCredentialSigner().createCredential({
|
|
7298
7316
|
subject: identityKey,
|
|
7299
7317
|
assertion: {
|
|
7300
7318
|
"@type": "dxos.halo.credentials.IdentityRecovery",
|
|
7301
7319
|
recoveryKey,
|
|
7302
|
-
identityKey
|
|
7320
|
+
identityKey,
|
|
7321
|
+
algorithm,
|
|
7322
|
+
lookupKey
|
|
7303
7323
|
}
|
|
7304
7324
|
});
|
|
7305
7325
|
const receipt = await identity.controlPipeline.writer.write({
|
|
@@ -7314,25 +7334,86 @@ var EdgeIdentityRecoveryManager = class {
|
|
|
7314
7334
|
]
|
|
7315
7335
|
]));
|
|
7316
7336
|
return {
|
|
7317
|
-
|
|
7337
|
+
recoveryCode
|
|
7318
7338
|
};
|
|
7319
7339
|
}
|
|
7320
|
-
async
|
|
7340
|
+
async requestRecoveryChallenge() {
|
|
7321
7341
|
invariant20(this._edgeClient, "Not connected to EDGE.", {
|
|
7322
7342
|
F: __dxlog_file26,
|
|
7323
|
-
L:
|
|
7343
|
+
L: 74,
|
|
7344
|
+
S: this,
|
|
7345
|
+
A: [
|
|
7346
|
+
"this._edgeClient",
|
|
7347
|
+
"'Not connected to EDGE.'"
|
|
7348
|
+
]
|
|
7349
|
+
});
|
|
7350
|
+
const deviceKey = await this._keyring.createKey();
|
|
7351
|
+
const controlFeedKey = await this._keyring.createKey();
|
|
7352
|
+
const request = {
|
|
7353
|
+
deviceKey: deviceKey.toHex(),
|
|
7354
|
+
controlFeedKey: controlFeedKey.toHex()
|
|
7355
|
+
};
|
|
7356
|
+
try {
|
|
7357
|
+
await this._edgeClient.recoverIdentity(request);
|
|
7358
|
+
throw new Error("No challenge received.");
|
|
7359
|
+
} catch (error) {
|
|
7360
|
+
if (!(error instanceof EdgeAuthChallengeError2)) {
|
|
7361
|
+
throw error;
|
|
7362
|
+
}
|
|
7363
|
+
return {
|
|
7364
|
+
deviceKey,
|
|
7365
|
+
controlFeedKey,
|
|
7366
|
+
challenge: error.challenge
|
|
7367
|
+
};
|
|
7368
|
+
}
|
|
7369
|
+
}
|
|
7370
|
+
async recoverIdentityWithExternalSignature({ lookupKey, deviceKey, controlFeedKey, signature, clientDataJson, authenticatorData }) {
|
|
7371
|
+
invariant20(this._edgeClient, "Not connected to EDGE.", {
|
|
7372
|
+
F: __dxlog_file26,
|
|
7373
|
+
L: 106,
|
|
7374
|
+
S: this,
|
|
7375
|
+
A: [
|
|
7376
|
+
"this._edgeClient",
|
|
7377
|
+
"'Not connected to EDGE.'"
|
|
7378
|
+
]
|
|
7379
|
+
});
|
|
7380
|
+
const request = {
|
|
7381
|
+
lookupKey: lookupKey.toHex(),
|
|
7382
|
+
deviceKey: deviceKey.toHex(),
|
|
7383
|
+
controlFeedKey: controlFeedKey.toHex(),
|
|
7384
|
+
signature: clientDataJson && authenticatorData ? {
|
|
7385
|
+
signature: Buffer.from(signature).toString("base64"),
|
|
7386
|
+
clientDataJson: Buffer.from(clientDataJson).toString("base64"),
|
|
7387
|
+
authenticatorData: Buffer.from(authenticatorData).toString("base64")
|
|
7388
|
+
} : Buffer.from(signature).toString("base64")
|
|
7389
|
+
};
|
|
7390
|
+
const response = await this._edgeClient.recoverIdentity(request);
|
|
7391
|
+
await this._acceptRecoveredIdentity({
|
|
7392
|
+
authorizedDeviceCredential: decodeCredential(response.deviceAuthCredential),
|
|
7393
|
+
haloGenesisFeedKey: PublicKey14.fromHex(response.genesisFeedKey),
|
|
7394
|
+
haloSpaceKey: PublicKey14.fromHex(response.haloSpaceKey),
|
|
7395
|
+
identityKey: PublicKey14.fromHex(response.identityKey),
|
|
7396
|
+
deviceKey,
|
|
7397
|
+
controlFeedKey,
|
|
7398
|
+
dataFeedKey: await this._keyring.createKey()
|
|
7399
|
+
});
|
|
7400
|
+
}
|
|
7401
|
+
async recoverIdentity({ recoveryCode }) {
|
|
7402
|
+
invariant20(this._edgeClient, "Not connected to EDGE.", {
|
|
7403
|
+
F: __dxlog_file26,
|
|
7404
|
+
L: 136,
|
|
7324
7405
|
S: this,
|
|
7325
7406
|
A: [
|
|
7326
7407
|
"this._edgeClient",
|
|
7327
7408
|
"'Not connected to EDGE.'"
|
|
7328
7409
|
]
|
|
7329
7410
|
});
|
|
7330
|
-
const recoveryKeypair =
|
|
7411
|
+
const recoveryKeypair = keyPairFromSeedPhrase(recoveryCode);
|
|
7331
7412
|
const recoveryKey = PublicKey14.from(recoveryKeypair.publicKey);
|
|
7332
7413
|
const deviceKey = await this._keyring.createKey();
|
|
7333
7414
|
const controlFeedKey = await this._keyring.createKey();
|
|
7334
7415
|
const request = {
|
|
7335
|
-
|
|
7416
|
+
lookupKey: recoveryKey.toHex(),
|
|
7336
7417
|
deviceKey: deviceKey.toHex(),
|
|
7337
7418
|
controlFeedKey: controlFeedKey.toHex()
|
|
7338
7419
|
};
|
|
@@ -7351,7 +7432,7 @@ var EdgeIdentityRecoveryManager = class {
|
|
|
7351
7432
|
}
|
|
7352
7433
|
log22.info("recovering identity", response, {
|
|
7353
7434
|
F: __dxlog_file26,
|
|
7354
|
-
L:
|
|
7435
|
+
L: 162,
|
|
7355
7436
|
S: this,
|
|
7356
7437
|
C: (f, a) => f(...a)
|
|
7357
7438
|
});
|
|
@@ -8953,4 +9034,4 @@ export {
|
|
|
8953
9034
|
importProfileData,
|
|
8954
9035
|
ClientServicesHost
|
|
8955
9036
|
};
|
|
8956
|
-
//# sourceMappingURL=chunk-
|
|
9037
|
+
//# sourceMappingURL=chunk-YAOQ7FPR.mjs.map
|