npm - @haex-space/vault-sdk - Versions diffs - 2.3.3 → 2.3.4 - Mend

@haex-space/vault-sdk 2.3.3 → 2.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { H as HaexVaultClient } from './client-BIiJwbdW.mjs';
 export { D as DatabaseAPI, F as FilesystemAPI, P as PermissionsAPI, W as WebAPI } from './client-BIiJwbdW.mjs';
-import { H as HaexHubConfig } from './types-FE9ewl3r.mjs';
-export { A as ApplicationContext, C as ContextChangedEvent, r as DEFAULT_TIMEOUT, m as DatabaseColumnInfo, k as DatabaseExecuteParams, i as DatabasePermission, d as DatabasePermissionRequest, j as DatabaseQueryParams, D as DatabaseQueryResult, l as DatabaseTableInfo, q as ErrorCode, e as EventCallback, a as ExtensionInfo, E as ExtensionManifest, u as HAEXTENSION_EVENTS, t as HaexHubError, h as HaexHubEvent, f as HaexHubRequest, g as HaexHubResponse, v as HaextensionEvent, P as PermissionResponse, p as PermissionStatus, n as SearchQuery, o as SearchRequestEvent, S as SearchResult, T as TABLE_SEPARATOR, W as WebRequestOptions, c as WebResponse, s as getTableName } from './types-FE9ewl3r.mjs';
+import { E as ExtensionManifest, H as HaexHubConfig } from './types-FE9ewl3r.mjs';
+export { A as ApplicationContext, C as ContextChangedEvent, r as DEFAULT_TIMEOUT, m as DatabaseColumnInfo, k as DatabaseExecuteParams, i as DatabasePermission, d as DatabasePermissionRequest, j as DatabaseQueryParams, D as DatabaseQueryResult, l as DatabaseTableInfo, q as ErrorCode, e as EventCallback, a as ExtensionInfo, u as HAEXTENSION_EVENTS, t as HaexHubError, h as HaexHubEvent, f as HaexHubRequest, g as HaexHubResponse, v as HaextensionEvent, P as PermissionResponse, p as PermissionStatus, n as SearchQuery, o as SearchRequestEvent, S as SearchResult, T as TABLE_SEPARATOR, W as WebRequestOptions, c as WebResponse, s as getTableName } from './types-FE9ewl3r.mjs';
 export { H as HaextensionConfig } from './config-D_HXjsEV.mjs';
 import 'drizzle-orm/sqlite-proxy';
@@ -136,6 +136,60 @@ declare const HAEXSPACE_MESSAGE_TYPES: {
 };
 type HaexspaceMessageType = (typeof HAEXSPACE_MESSAGE_TYPES)[keyof typeof HAEXSPACE_MESSAGE_TYPES];
+interface VerifyResult {
+    valid: boolean;
+    error?: string;
+}
+interface ZipFileEntry {
+    path: string;
+    content: Uint8Array;
+}
+/**
+ * Sort object keys recursively for canonical JSON representation.
+ * Must match the signing implementation exactly.
+ */
+declare function sortObjectKeysRecursively(obj: unknown): unknown;
+/**
+ * Convert hex string to ArrayBuffer
+ * Returns ArrayBuffer directly to avoid type issues with Uint8Array.buffer
+ */
+declare function hexToBytes(hex: string): ArrayBuffer;
+/**
+ * Verify Ed25519 signature of an extension bundle.
+ *
+ * This function is browser-compatible and uses the Web Crypto API.
+ * It verifies that the extension bundle was signed with the private key
+ * corresponding to the public key in the manifest.
+ *
+ * @param files - Array of file entries from the ZIP archive
+ * @param manifest - The extension manifest (parsed from manifest.json)
+ * @returns Promise resolving to verification result
+ *
+ * @example
+ * ```typescript
+ * import JSZip from 'jszip';
+ * import { verifyExtensionSignature } from '@haex-space/vault-sdk';
+ *
+ * const zip = await JSZip.loadAsync(bundleFile);
+ * const manifestContent = await zip.file('haextension/manifest.json')?.async('string');
+ * const manifest = JSON.parse(manifestContent);
+ *
+ * // Collect all files from the ZIP
+ * const files = [];
+ * for (const [path, entry] of Object.entries(zip.files)) {
+ *   if (!entry.dir) {
+ *     files.push({ path, content: await entry.async('uint8array') });
+ *   }
+ * }
+ *
+ * const result = await verifyExtensionSignature(files, manifest);
+ * if (!result.valid) {
+ *   console.error('Signature verification failed:', result.error);
+ * }
+ * ```
+ */
+declare function verifyExtensionSignature(files: ZipFileEntry[], manifest: ExtensionManifest): Promise<VerifyResult>;
 declare function createHaexVaultClient(config?: HaexHubConfig): HaexVaultClient;
-export { HAEXSPACE_MESSAGE_TYPES, HAEXTENSION_METHODS, HaexHubConfig, HaexVaultClient, type HaexspaceMessageType, type HaextensionMethod, createHaexVaultClient, installBaseTag, installCookiePolyfill, installHistoryPolyfill, installLocalStoragePolyfill, installPolyfills, installSessionStoragePolyfill };
+export { ExtensionManifest, HAEXSPACE_MESSAGE_TYPES, HAEXTENSION_METHODS, HaexHubConfig, HaexVaultClient, type HaexspaceMessageType, type HaextensionMethod, type VerifyResult, type ZipFileEntry, createHaexVaultClient, hexToBytes, installBaseTag, installCookiePolyfill, installHistoryPolyfill, installLocalStoragePolyfill, installPolyfills, installSessionStoragePolyfill, sortObjectKeysRecursively, verifyExtensionSignature };

package/dist/index.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { H as HaexVaultClient } from './client-D4hDL-PR.js';
 export { D as DatabaseAPI, F as FilesystemAPI, P as PermissionsAPI, W as WebAPI } from './client-D4hDL-PR.js';
-import { H as HaexHubConfig } from './types-FE9ewl3r.js';
-export { A as ApplicationContext, C as ContextChangedEvent, r as DEFAULT_TIMEOUT, m as DatabaseColumnInfo, k as DatabaseExecuteParams, i as DatabasePermission, d as DatabasePermissionRequest, j as DatabaseQueryParams, D as DatabaseQueryResult, l as DatabaseTableInfo, q as ErrorCode, e as EventCallback, a as ExtensionInfo, E as ExtensionManifest, u as HAEXTENSION_EVENTS, t as HaexHubError, h as HaexHubEvent, f as HaexHubRequest, g as HaexHubResponse, v as HaextensionEvent, P as PermissionResponse, p as PermissionStatus, n as SearchQuery, o as SearchRequestEvent, S as SearchResult, T as TABLE_SEPARATOR, W as WebRequestOptions, c as WebResponse, s as getTableName } from './types-FE9ewl3r.js';
+import { E as ExtensionManifest, H as HaexHubConfig } from './types-FE9ewl3r.js';
+export { A as ApplicationContext, C as ContextChangedEvent, r as DEFAULT_TIMEOUT, m as DatabaseColumnInfo, k as DatabaseExecuteParams, i as DatabasePermission, d as DatabasePermissionRequest, j as DatabaseQueryParams, D as DatabaseQueryResult, l as DatabaseTableInfo, q as ErrorCode, e as EventCallback, a as ExtensionInfo, u as HAEXTENSION_EVENTS, t as HaexHubError, h as HaexHubEvent, f as HaexHubRequest, g as HaexHubResponse, v as HaextensionEvent, P as PermissionResponse, p as PermissionStatus, n as SearchQuery, o as SearchRequestEvent, S as SearchResult, T as TABLE_SEPARATOR, W as WebRequestOptions, c as WebResponse, s as getTableName } from './types-FE9ewl3r.js';
 export { H as HaextensionConfig } from './config-D_HXjsEV.js';
 import 'drizzle-orm/sqlite-proxy';
@@ -136,6 +136,60 @@ declare const HAEXSPACE_MESSAGE_TYPES: {
 };
 type HaexspaceMessageType = (typeof HAEXSPACE_MESSAGE_TYPES)[keyof typeof HAEXSPACE_MESSAGE_TYPES];
+interface VerifyResult {
+    valid: boolean;
+    error?: string;
+}
+interface ZipFileEntry {
+    path: string;
+    content: Uint8Array;
+}
+/**
+ * Sort object keys recursively for canonical JSON representation.
+ * Must match the signing implementation exactly.
+ */
+declare function sortObjectKeysRecursively(obj: unknown): unknown;
+/**
+ * Convert hex string to ArrayBuffer
+ * Returns ArrayBuffer directly to avoid type issues with Uint8Array.buffer
+ */
+declare function hexToBytes(hex: string): ArrayBuffer;
+/**
+ * Verify Ed25519 signature of an extension bundle.
+ *
+ * This function is browser-compatible and uses the Web Crypto API.
+ * It verifies that the extension bundle was signed with the private key
+ * corresponding to the public key in the manifest.
+ *
+ * @param files - Array of file entries from the ZIP archive
+ * @param manifest - The extension manifest (parsed from manifest.json)
+ * @returns Promise resolving to verification result
+ *
+ * @example
+ * ```typescript
+ * import JSZip from 'jszip';
+ * import { verifyExtensionSignature } from '@haex-space/vault-sdk';
+ *
+ * const zip = await JSZip.loadAsync(bundleFile);
+ * const manifestContent = await zip.file('haextension/manifest.json')?.async('string');
+ * const manifest = JSON.parse(manifestContent);
+ *
+ * // Collect all files from the ZIP
+ * const files = [];
+ * for (const [path, entry] of Object.entries(zip.files)) {
+ *   if (!entry.dir) {
+ *     files.push({ path, content: await entry.async('uint8array') });
+ *   }
+ * }
+ *
+ * const result = await verifyExtensionSignature(files, manifest);
+ * if (!result.valid) {
+ *   console.error('Signature verification failed:', result.error);
+ * }
+ * ```
+ */
+declare function verifyExtensionSignature(files: ZipFileEntry[], manifest: ExtensionManifest): Promise<VerifyResult>;
 declare function createHaexVaultClient(config?: HaexHubConfig): HaexVaultClient;
-export { HAEXSPACE_MESSAGE_TYPES, HAEXTENSION_METHODS, HaexHubConfig, HaexVaultClient, type HaexspaceMessageType, type HaextensionMethod, createHaexVaultClient, installBaseTag, installCookiePolyfill, installHistoryPolyfill, installLocalStoragePolyfill, installPolyfills, installSessionStoragePolyfill };
+export { ExtensionManifest, HAEXSPACE_MESSAGE_TYPES, HAEXTENSION_METHODS, HaexHubConfig, HaexVaultClient, type HaexspaceMessageType, type HaextensionMethod, type VerifyResult, type ZipFileEntry, createHaexVaultClient, hexToBytes, installBaseTag, installCookiePolyfill, installHistoryPolyfill, installLocalStoragePolyfill, installPolyfills, installSessionStoragePolyfill, sortObjectKeysRecursively, verifyExtensionSignature };

package/dist/index.js CHANGED Viewed

@@ -1432,6 +1432,98 @@ postMessage error: ${e}`);
   }
 };
+// src/crypto/verify.ts
+function sortObjectKeysRecursively(obj) {
+  if (typeof obj !== "object" || obj === null) {
+    return obj;
+  }
+  if (Array.isArray(obj)) {
+    return obj.map((item) => sortObjectKeysRecursively(item));
+  }
+  return Object.keys(obj).sort().reduce((result, key) => {
+    result[key] = sortObjectKeysRecursively(obj[key]);
+    return result;
+  }, {});
+}
+function hexToBytes(hex) {
+  const bytes = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < hex.length; i += 2) {
+    bytes[i / 2] = parseInt(hex.slice(i, i + 2), 16);
+  }
+  return bytes.buffer;
+}
+async function verifyExtensionSignature(files, manifest) {
+  try {
+    if (typeof crypto === "undefined" || !crypto.subtle) {
+      return { valid: false, error: "WebCrypto API not available" };
+    }
+    const { publicKey: publicKeyHex, signature: signatureHex } = manifest;
+    if (!publicKeyHex) {
+      return { valid: false, error: "Missing publicKey in manifest" };
+    }
+    if (!signatureHex) {
+      return { valid: false, error: "Missing signature in manifest" };
+    }
+    if (!/^[0-9a-fA-F]+$/.test(publicKeyHex)) {
+      return { valid: false, error: "Invalid publicKey format (must be hex)" };
+    }
+    if (!/^[0-9a-fA-F]+$/.test(signatureHex)) {
+      return { valid: false, error: "Invalid signature format (must be hex)" };
+    }
+    const publicKeyBuffer = hexToBytes(publicKeyHex);
+    let publicKey;
+    try {
+      publicKey = await crypto.subtle.importKey(
+        "raw",
+        publicKeyBuffer,
+        { name: "Ed25519", namedCurve: "Ed25519" },
+        false,
+        ["verify"]
+      );
+    } catch (err) {
+      return {
+        valid: false,
+        error: `Failed to import public key: ${err instanceof Error ? err.message : "Ed25519 may not be supported in this browser"}`
+      };
+    }
+    const manifestForHashing = sortObjectKeysRecursively({
+      ...manifest,
+      signature: ""
+    });
+    const manifestJson = JSON.stringify(manifestForHashing, null, 2);
+    const manifestBytes = new TextEncoder().encode(manifestJson);
+    const filesForHashing = files.map((file) => {
+      if (file.path === "haextension/manifest.json") {
+        return { path: file.path, content: manifestBytes };
+      }
+      return file;
+    });
+    filesForHashing.sort((a, b) => a.path.localeCompare(b.path));
+    const totalLength = filesForHashing.reduce((sum, f) => sum + f.content.length, 0);
+    const combined = new Uint8Array(totalLength);
+    let offset = 0;
+    for (const file of filesForHashing) {
+      combined.set(file.content, offset);
+      offset += file.content.length;
+    }
+    const hashBuffer = await crypto.subtle.digest("SHA-256", combined);
+    const signatureBuffer = hexToBytes(signatureHex);
+    const isValid = await crypto.subtle.verify(
+      "Ed25519",
+      publicKey,
+      signatureBuffer,
+      hashBuffer
+    );
+    return { valid: isValid };
+  } catch (err) {
+    console.error("Signature verification error:", err);
+    return {
+      valid: false,
+      error: err instanceof Error ? err.message : "Unknown verification error"
+    };
+  }
+}
 // src/index.ts
 function createHaexVaultClient(config = {}) {
   return new HaexVaultClient(config);
@@ -1452,11 +1544,14 @@ exports.TABLE_SEPARATOR = TABLE_SEPARATOR;
 exports.WebAPI = WebAPI;
 exports.createHaexVaultClient = createHaexVaultClient;
 exports.getTableName = getTableName;
+exports.hexToBytes = hexToBytes;
 exports.installBaseTag = installBaseTag;
 exports.installCookiePolyfill = installCookiePolyfill;
 exports.installHistoryPolyfill = installHistoryPolyfill;
 exports.installLocalStoragePolyfill = installLocalStoragePolyfill;
 exports.installPolyfills = installPolyfills;
 exports.installSessionStoragePolyfill = installSessionStoragePolyfill;
+exports.sortObjectKeysRecursively = sortObjectKeysRecursively;
+exports.verifyExtensionSignature = verifyExtensionSignature;
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map