npm - @dxos/echo-pipeline - Versions diffs - 0.3.11-main.cc2fe2c → 0.3.11-main.ccc0ca3 - Mend

@dxos/echo-pipeline 0.3.11-main.cc2fe2c → 0.3.11-main.ccc0ca3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/dist/lib/browser/{chunk-MPBRK5OV.mjs → chunk-PB5T4DLC.mjs} +142 -17
package/dist/lib/browser/{chunk-MPBRK5OV.mjs.map → chunk-PB5T4DLC.mjs.map} +3 -3
package/dist/lib/browser/index.mjs +1 -1
package/dist/lib/browser/meta.json +1 -1
package/dist/lib/browser/testing/index.mjs +2 -2
package/dist/lib/browser/testing/index.mjs.map +3 -3
package/dist/lib/node/{chunk-GJQNRSA3.cjs → chunk-WGNVVL2H.cjs} +141 -19
package/dist/lib/node/{chunk-GJQNRSA3.cjs.map → chunk-WGNVVL2H.cjs.map} +3 -3
package/dist/lib/node/index.cjs +26 -26
package/dist/lib/node/index.cjs.map +1 -1
package/dist/lib/node/meta.json +1 -1
package/dist/lib/node/testing/index.cjs +17 -17
package/dist/lib/node/testing/index.cjs.map +3 -3
package/dist/types/src/automerge/automerge-host.d.ts +9 -1
package/dist/types/src/automerge/automerge-host.d.ts.map +1 -1
package/dist/types/src/space/space-manager.d.ts +2 -2
package/dist/types/src/space/space-manager.d.ts.map +1 -1
package/package.json +33 -33
package/src/automerge/automerge-host.test.ts +111 -2
package/src/automerge/automerge-host.ts +99 -8
package/src/space/space-manager.ts +3 -3
package/src/testing/test-agent-builder.ts +1 -1

package/src/automerge/automerge-host.ts CHANGED Viewed

@@ -2,6 +2,7 @@
 // Copyright 2023 DXOS.org
 //
+import { Trigger } from '@dxos/async';
 import {
   Repo,
   NetworkAdapter,
@@ -15,12 +16,13 @@ import {
 import { IndexedDBStorageAdapter } from '@dxos/automerge/automerge-repo-storage-indexeddb';
 import { Stream } from '@dxos/codec-protobuf';
 import { invariant } from '@dxos/invariant';
+import { PublicKey } from '@dxos/keys';
 import { log } from '@dxos/log';
 import { type HostInfo, type SyncRepoRequest, type SyncRepoResponse } from '@dxos/protocols/proto/dxos/echo/service';
 import { type PeerInfo } from '@dxos/protocols/proto/dxos/mesh/teleport/automerge';
 import { StorageType, type Directory } from '@dxos/random-access-storage';
 import { AutomergeReplicator } from '@dxos/teleport-extension-automerge-replicator';
-import { arrayToBuffer, bufferToArray } from '@dxos/util';
+import { ComplexMap, ComplexSet, arrayToBuffer, bufferToArray, defaultMap } from '@dxos/util';
 export class AutomergeHost {
   private readonly _repo: Repo;
@@ -28,6 +30,11 @@ export class AutomergeHost {
   private readonly _clientNetwork: LocalHostNetworkAdapter;
   private readonly _storage: StorageAdapter;
+  /**
+   * spaceKey -> deviceKey[]
+   */
+  private readonly _authorizedDevices = new ComplexMap<PublicKey, ComplexSet<PublicKey>>(PublicKey.hash);
   constructor(storageDirectory: Directory) {
     this._meshNetwork = new MeshNetworkAdapter();
     this._clientNetwork = new LocalHostNetworkAdapter();
@@ -38,11 +45,52 @@ export class AutomergeHost {
         ? new IndexedDBStorageAdapter(storageDirectory.path, 'data')
         : new AutomergeStorageAdapter(storageDirectory);
     this._repo = new Repo({
+      peerId: `host-${PublicKey.random().toHex()}` as PeerId,
       network: [this._clientNetwork, this._meshNetwork],
       storage: this._storage,
       // TODO(dmaretskyi): Share based on HALO permissions and space affinity.
-      sharePolicy: async (peerId, documentId) => true, // Share everything.
+      // Hosts, running in the worker, don't share documents unless requested by other peers.
+      sharePolicy: async (peerId /* device key */, documentId /* space key */) => {
+        if (peerId.startsWith('client-')) {
+          return true;
+        }
+        if (!documentId) {
+          return false;
+        }
+        const doc = this._repo.handles[documentId]?.docSync();
+        if (!doc) {
+          log('doc not found for share policy check', { peerId, documentId });
+          return false;
+        }
+        try {
+          if (!doc.experimental_spaceKey) {
+            log.warn('space key not found for share policy check', { peerId, documentId });
+            return false;
+          }
+          const spaceKey = PublicKey.from(doc.experimental_spaceKey);
+          const authorizedDevices = this._authorizedDevices.get(spaceKey);
+          // TODO(mykola): Hack, stop abusing `peerMetadata` field.
+          const deviceKeyHex = (this.repo.peerMetadataByPeerId[peerId] as any)?.dxos_deviceKey;
+          if (!deviceKeyHex) {
+            log.warn('device key not found for share policy check', { peerId, documentId });
+            return false;
+          }
+          const deviceKey = PublicKey.from(deviceKeyHex);
+          const isAuthorized = authorizedDevices?.has(deviceKey) ?? false;
+          log.info('share policy check', { peerId, documentId, deviceKey, spaceKey, isAuthorized });
+          return isAuthorized;
+        } catch (err) {
+          log.catch(err);
+          return false;
+        }
+      }, // Share everything.
     });
     this._clientNetwork.ready();
     this._meshNetwork.ready();
@@ -53,6 +101,7 @@ export class AutomergeHost {
   }
   async close() {
+    this._storage instanceof AutomergeStorageAdapter && (await this._storage.close());
     await this._clientNetwork.close();
   }
@@ -68,7 +117,7 @@ export class AutomergeHost {
     return this._clientNetwork.sendSyncMessage(request);
   }
-  getHostInfo(): HostInfo {
+  async getHostInfo(): Promise<HostInfo> {
     return this._clientNetwork.getHostInfo();
   }
@@ -79,6 +128,10 @@ export class AutomergeHost {
   createExtension(): AutomergeReplicator {
     return this._meshNetwork.createExtension();
   }
+  authorizeDevice(spaceKey: PublicKey, deviceKey: PublicKey) {
+    defaultMap(this._authorizedDevices, spaceKey, () => new ComplexSet(PublicKey.hash)).add(deviceKey);
+  }
 }
 type ClientSyncState = {
@@ -104,8 +157,11 @@ class LocalHostNetworkAdapter extends NetworkAdapter {
     });
   }
+  private _connected = new Trigger();
   override connect(peerId: PeerId): void {
     this.peerId = peerId;
+    this._connected.wake();
     // No-op. Client always connects first
   }
@@ -146,18 +202,26 @@ class LocalHostNetworkAdapter extends NetworkAdapter {
         },
       });
-      this.emit('peer-candidate', {
-        peerId,
-      });
+      this._connected
+        .wait({ timeout: 1_000 })
+        .then(() => {
+          this.emit('peer-candidate', {
+            peerMetadata: {},
+            peerId,
+          });
+        })
+        .catch((err) => log.catch(err));
     });
   }
   async sendSyncMessage({ id, syncMessage }: SyncRepoRequest): Promise<void> {
+    await this._connected.wait({ timeout: 1_000 });
     const message = cbor.decode(syncMessage!) as Message;
     this.emit('message', message);
   }
-  getHostInfo(): HostInfo {
+  async getHostInfo(): Promise<HostInfo> {
+    await this._connected.wait({ timeout: 1_000 });
     invariant(this.peerId, 'Peer id not set.');
     return {
       peerId: this.peerId,
@@ -210,7 +274,7 @@ export class MeshNetworkAdapter extends NetworkAdapter {
         peerId: this.peerId,
       },
       {
-        onStartReplication: async (info) => {
+        onStartReplication: async (info, remotePeerId /** Teleport ID */) => {
           // Note: We store only one extension per peer.
           //       There can be a case where two connected peers have more than one teleport connection between them
           //       and each of them uses different teleport connections to send messages.
@@ -224,6 +288,10 @@ export class MeshNetworkAdapter extends NetworkAdapter {
           // TODO(mykola): Fix race condition?
           this._extensions.set(info.id, extension);
           this.emit('peer-candidate', {
+            // TODO(mykola): Hack, stop abusing `peerMetadata` field.
+            peerMetadata: {
+              dxos_deviceKey: remotePeerId.toHex(),
+            } as any,
             peerId: info.id as PeerId,
           });
         },
@@ -248,11 +316,18 @@ export class MeshNetworkAdapter extends NetworkAdapter {
 }
 export class AutomergeStorageAdapter extends StorageAdapter {
+  // TODO(mykola): Hack for restricting automerge Repo to access storage if Host is `closed`.
+  //               Automerge Repo do not have any lifetime management.
+  private _state: 'opened' | 'closed' = 'opened';
   constructor(private readonly _directory: Directory) {
     super();
   }
   override async load(key: StorageKey): Promise<Uint8Array | undefined> {
+    if (this._state !== 'opened') {
+      return undefined;
+    }
     const filename = this._getFilename(key);
     const file = this._directory.getOrCreateFile(filename);
     const { size } = await file.stat();
@@ -264,6 +339,9 @@ export class AutomergeStorageAdapter extends StorageAdapter {
   }
   override async save(key: StorageKey, data: Uint8Array): Promise<void> {
+    if (this._state !== 'opened') {
+      return undefined;
+    }
     const filename = this._getFilename(key);
     const file = this._directory.getOrCreateFile(filename);
     await file.write(0, arrayToBuffer(data));
@@ -273,6 +351,9 @@ export class AutomergeStorageAdapter extends StorageAdapter {
   }
   override async remove(key: StorageKey): Promise<void> {
+    if (this._state !== 'opened') {
+      return undefined;
+    }
     // TODO(dmaretskyi): Better deletion.
     const filename = this._getFilename(key);
     const file = this._directory.getOrCreateFile(filename);
@@ -280,6 +361,9 @@ export class AutomergeStorageAdapter extends StorageAdapter {
   }
   override async loadRange(keyPrefix: StorageKey): Promise<Chunk[]> {
+    if (this._state !== 'opened') {
+      return [];
+    }
     const filename = this._getFilename(keyPrefix);
     const entries = await this._directory.list();
     return Promise.all(
@@ -298,6 +382,9 @@ export class AutomergeStorageAdapter extends StorageAdapter {
   }
   override async removeRange(keyPrefix: StorageKey): Promise<void> {
+    if (this._state !== 'opened') {
+      return undefined;
+    }
     const filename = this._getFilename(keyPrefix);
     const entries = await this._directory.list();
     await Promise.all(
@@ -310,6 +397,10 @@ export class AutomergeStorageAdapter extends StorageAdapter {
     );
   }
+  async close(): Promise<void> {
+    this._state = 'closed';
+  }
   private _getFilename(key: StorageKey): string {
     return key.map((k) => k.replaceAll('%', '%25').replaceAll('-', '%2D')).join('-');
   }

package/src/space/space-manager.ts CHANGED Viewed

@@ -42,7 +42,7 @@ export type ConstructSpaceParams = {
   /**
    * Called when connection auth passed successful.
    */
-  onNetworkConnection: (session: Teleport) => void;
+  onAuthorizedConnection: (session: Teleport) => void;
   onAuthFailure?: (session: Teleport) => void;
 };
@@ -93,7 +93,7 @@ export class SpaceManager {
   async constructSpace({
     metadata,
     swarmIdentity,
-    onNetworkConnection,
+    onAuthorizedConnection,
     onAuthFailure,
     memberKey,
   }: ConstructSpaceParams) {
@@ -108,7 +108,7 @@ export class SpaceManager {
       topic: spaceKey,
       swarmIdentity,
       networkManager: this._networkManager,
-      onSessionAuth: onNetworkConnection,
+      onSessionAuth: onAuthorizedConnection,
       onAuthFailure,
       blobStore: this._blobStore,
     });

package/src/testing/test-agent-builder.ts CHANGED Viewed

@@ -189,7 +189,7 @@ export class TestAgent {
         credentialAuthenticator: MOCK_AUTH_VERIFIER,
       },
       memberKey: identityKey,
-      onNetworkConnection: (session) => {
+      onAuthorizedConnection: (session) => {
         session.addExtension(
           'dxos.mesh.teleport.gossip',
           this.createGossip().createExtension({ remotePeerId: session.remotePeerId }),