@haex-space/vault-sdk 2.3.3 → 2.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/dist/cli/index.js +40 -31
  2. package/dist/cli/index.js.map +1 -1
  3. package/dist/cli/index.mjs +39 -30
  4. package/dist/cli/index.mjs.map +1 -1
  5. package/dist/index.d.mts +57 -3
  6. package/dist/index.d.ts +57 -3
  7. package/dist/index.js +95 -0
  8. package/dist/index.js.map +1 -1
  9. package/dist/index.mjs +93 -1
  10. package/dist/index.mjs.map +1 -1
  11. package/dist/react.js.map +1 -1
  12. package/dist/react.mjs.map +1 -1
  13. package/dist/svelte.js.map +1 -1
  14. package/dist/svelte.mjs.map +1 -1
  15. package/dist/vue.js.map +1 -1
  16. package/dist/vue.mjs.map +1 -1
  17. package/package.json +1 -1
package/dist/index.mjs CHANGED
@@ -1430,11 +1430,103 @@ postMessage error: ${e}`);
1430
1430
  }
1431
1431
  };
1432
1432
 
1433
+ // src/crypto/verify.ts
1434
+ function sortObjectKeysRecursively(obj) {
1435
+ if (typeof obj !== "object" || obj === null) {
1436
+ return obj;
1437
+ }
1438
+ if (Array.isArray(obj)) {
1439
+ return obj.map((item) => sortObjectKeysRecursively(item));
1440
+ }
1441
+ return Object.keys(obj).sort().reduce((result, key) => {
1442
+ result[key] = sortObjectKeysRecursively(obj[key]);
1443
+ return result;
1444
+ }, {});
1445
+ }
1446
+ function hexToBytes(hex) {
1447
+ const bytes = new Uint8Array(hex.length / 2);
1448
+ for (let i = 0; i < hex.length; i += 2) {
1449
+ bytes[i / 2] = parseInt(hex.slice(i, i + 2), 16);
1450
+ }
1451
+ return bytes.buffer;
1452
+ }
1453
+ async function verifyExtensionSignature(files, manifest) {
1454
+ try {
1455
+ if (typeof crypto === "undefined" || !crypto.subtle) {
1456
+ return { valid: false, error: "WebCrypto API not available" };
1457
+ }
1458
+ const { publicKey: publicKeyHex, signature: signatureHex } = manifest;
1459
+ if (!publicKeyHex) {
1460
+ return { valid: false, error: "Missing publicKey in manifest" };
1461
+ }
1462
+ if (!signatureHex) {
1463
+ return { valid: false, error: "Missing signature in manifest" };
1464
+ }
1465
+ if (!/^[0-9a-fA-F]+$/.test(publicKeyHex)) {
1466
+ return { valid: false, error: "Invalid publicKey format (must be hex)" };
1467
+ }
1468
+ if (!/^[0-9a-fA-F]+$/.test(signatureHex)) {
1469
+ return { valid: false, error: "Invalid signature format (must be hex)" };
1470
+ }
1471
+ const publicKeyBuffer = hexToBytes(publicKeyHex);
1472
+ let publicKey;
1473
+ try {
1474
+ publicKey = await crypto.subtle.importKey(
1475
+ "raw",
1476
+ publicKeyBuffer,
1477
+ { name: "Ed25519", namedCurve: "Ed25519" },
1478
+ false,
1479
+ ["verify"]
1480
+ );
1481
+ } catch (err) {
1482
+ return {
1483
+ valid: false,
1484
+ error: `Failed to import public key: ${err instanceof Error ? err.message : "Ed25519 may not be supported in this browser"}`
1485
+ };
1486
+ }
1487
+ const manifestForHashing = sortObjectKeysRecursively({
1488
+ ...manifest,
1489
+ signature: ""
1490
+ });
1491
+ const manifestJson = JSON.stringify(manifestForHashing, null, 2);
1492
+ const manifestBytes = new TextEncoder().encode(manifestJson);
1493
+ const filesForHashing = files.map((file) => {
1494
+ if (file.path === "haextension/manifest.json") {
1495
+ return { path: file.path, content: manifestBytes };
1496
+ }
1497
+ return file;
1498
+ });
1499
+ filesForHashing.sort((a, b) => a.path.localeCompare(b.path));
1500
+ const totalLength = filesForHashing.reduce((sum, f) => sum + f.content.length, 0);
1501
+ const combined = new Uint8Array(totalLength);
1502
+ let offset = 0;
1503
+ for (const file of filesForHashing) {
1504
+ combined.set(file.content, offset);
1505
+ offset += file.content.length;
1506
+ }
1507
+ const hashBuffer = await crypto.subtle.digest("SHA-256", combined);
1508
+ const signatureBuffer = hexToBytes(signatureHex);
1509
+ const isValid = await crypto.subtle.verify(
1510
+ "Ed25519",
1511
+ publicKey,
1512
+ signatureBuffer,
1513
+ hashBuffer
1514
+ );
1515
+ return { valid: isValid };
1516
+ } catch (err) {
1517
+ console.error("Signature verification error:", err);
1518
+ return {
1519
+ valid: false,
1520
+ error: err instanceof Error ? err.message : "Unknown verification error"
1521
+ };
1522
+ }
1523
+ }
1524
+
1433
1525
  // src/index.ts
1434
1526
  function createHaexVaultClient(config = {}) {
1435
1527
  return new HaexVaultClient(config);
1436
1528
  }
1437
1529
 
1438
- export { DEFAULT_TIMEOUT, DatabaseAPI, ErrorCode, FilesystemAPI, HAEXSPACE_MESSAGE_TYPES, HAEXTENSION_EVENTS, HAEXTENSION_METHODS, HaexHubError, HaexVaultClient, PermissionStatus, PermissionsAPI, TABLE_SEPARATOR, WebAPI, createHaexVaultClient, getTableName, installBaseTag, installCookiePolyfill, installHistoryPolyfill, installLocalStoragePolyfill, installPolyfills, installSessionStoragePolyfill };
1530
+ export { DEFAULT_TIMEOUT, DatabaseAPI, ErrorCode, FilesystemAPI, HAEXSPACE_MESSAGE_TYPES, HAEXTENSION_EVENTS, HAEXTENSION_METHODS, HaexHubError, HaexVaultClient, PermissionStatus, PermissionsAPI, TABLE_SEPARATOR, WebAPI, createHaexVaultClient, getTableName, hexToBytes, installBaseTag, installCookiePolyfill, installHistoryPolyfill, installLocalStoragePolyfill, installPolyfills, installSessionStoragePolyfill, sortObjectKeysRecursively, verifyExtensionSignature };
1439
1531
  //# sourceMappingURL=index.mjs.map
1440
1532
  //# sourceMappingURL=index.mjs.map