@haex-space/vault-sdk 2.3.8 → 2.3.12

package/dist/index.mjs

@@ -373,7 +373,9 @@ var HAEXTENSION_EVENTS = {
   /** Context (theme, locale, platform) has changed */
   CONTEXT_CHANGED: "haextension:context:changed",
   /** Search request from HaexHub */
-  SEARCH_REQUEST: "haextension:search:request"
+  SEARCH_REQUEST: "haextension:search:request",
+  /** External request from authorized client (browser extension, CLI, server, etc.) */
+  EXTERNAL_REQUEST: "haextension:external:request"
 };
 
 // src/methods.ts
@@ -816,6 +818,7 @@ var HaexVaultClient = class {
   constructor(config = {}) {
     this.pendingRequests = /* @__PURE__ */ new Map();
     this.eventListeners = /* @__PURE__ */ new Map();
+    this.externalRequestHandlers = /* @__PURE__ */ new Map();
     this.messageHandler = null;
     this.initialized = false;
     this.requestCounter = 0;
@@ -1078,6 +1081,40 @@ var HaexVaultClient = class {
       results
     });
   }
+  /**
+   * Register a handler for external requests (from browser extensions, CLI, servers, etc.)
+   *
+   * @param action - The action/method name to handle (e.g., "get-logins", "get-totp")
+   * @param handler - Function that processes the request and returns a response
+   * @returns Unsubscribe function to remove the handler
+   *
+   * @example
+   * ```typescript
+   * client.onExternalRequest("get-logins", async (request) => {
+   *   const entries = await getMatchingEntries(request.payload.url);
+   *   return {
+   *     requestId: request.requestId,
+   *     success: true,
+   *     data: { entries }
+   *   };
+   * });
+   * ```
+   */
+  onExternalRequest(action, handler) {
+    this.externalRequestHandlers.set(action, handler);
+    this.log(`[ExternalRequest] Registered handler for action: ${action}`);
+    return () => {
+      this.externalRequestHandlers.delete(action);
+      this.log(`[ExternalRequest] Unregistered handler for action: ${action}`);
+    };
+  }
+  /**
+   * Send a response to an external request back to haex-vault
+   * This is called internally after a handler processes a request
+   */
+  async respondToExternalRequest(response) {
+    await this.request("external.respond", response);
+  }
   async request(method, params = {}) {
     if (this.isNativeWindow && typeof window.__TAURI__ !== "undefined") {
       return this.invoke(method, params);
@@ -1175,6 +1212,13 @@ var HaexVaultClient = class {
           extensionVersion: params.extensionVersion,
           migrations: params.migrations
         });
+      case "external.respond":
+        return invoke("webview_extension_external_respond", {
+          requestId: params.requestId,
+          success: params.success,
+          data: params.data,
+          error: params.error
+        });
       default:
         throw new HaexHubError(
           "METHOD_NOT_FOUND" /* METHOD_NOT_FOUND */,
@@ -1243,6 +1287,22 @@ var HaexVaultClient = class {
             console.error("[HaexSpace SDK] Failed to setup context change listener:", error);
             this.log("Failed to setup context change listener:", error);
           }
+          try {
+            await listen(HAEXTENSION_EVENTS.EXTERNAL_REQUEST, (event) => {
+              this.log("Received external request event:", event);
+              if (event.payload) {
+                this.handleEvent({
+                  type: HAEXTENSION_EVENTS.EXTERNAL_REQUEST,
+                  data: event.payload,
+                  timestamp: Date.now()
+                });
+              }
+            });
+            console.log("[HaexSpace SDK] External request listener registered successfully");
+          } catch (error) {
+            console.error("[HaexSpace SDK] Failed to setup external request listener:", error);
+            this.log("Failed to setup external request listener:", error);
+          }
           this.resolveReady();
           return;
         }
@@ -1364,8 +1424,38 @@ postMessage error: ${e}`);
       this.log("Context updated:", this._context);
       this.notifySubscribers();
     }
+    if (event.type === HAEXTENSION_EVENTS.EXTERNAL_REQUEST) {
+      const externalEvent = event;
+      this.handleExternalRequest(externalEvent.data);
+      return;
+    }
     this.emitEvent(event);
   }
+  async handleExternalRequest(request) {
+    this.log(`[ExternalRequest] Received request: ${request.action} from ${request.publicKey.substring(0, 20)}...`);
+    const handler = this.externalRequestHandlers.get(request.action);
+    if (!handler) {
+      this.log(`[ExternalRequest] No handler for action: ${request.action}`);
+      await this.respondToExternalRequest({
+        requestId: request.requestId,
+        success: false,
+        error: `No handler registered for action: ${request.action}`
+      });
+      return;
+    }
+    try {
+      const response = await handler(request);
+      await this.respondToExternalRequest(response);
+      this.log(`[ExternalRequest] Response sent for: ${request.action}`);
+    } catch (error) {
+      this.log(`[ExternalRequest] Handler error:`, error);
+      await this.respondToExternalRequest({
+        requestId: request.requestId,
+        success: false,
+        error: error instanceof Error ? error.message : String(error)
+      });
+    }
+  }
   emitEvent(event) {
     this.log("Event received:", event);
     const listeners = this.eventListeners.get(event.type);
@@ -1526,11 +1616,193 @@ async function verifyExtensionSignature(files, manifest) {
   }
 }
 
+// src/crypto/vaultKey.ts
+var PBKDF2_ITERATIONS = 6e5;
+var KEY_LENGTH = 256;
+var ALGORITHM = "AES-GCM";
+async function deriveKeyFromPassword(password, salt) {
+  const encoder = new TextEncoder();
+  const passwordBuffer = encoder.encode(password);
+  const saltBuffer = new Uint8Array(salt);
+  const keyMaterial = await crypto.subtle.importKey(
+    "raw",
+    passwordBuffer,
+    "PBKDF2",
+    false,
+    ["deriveKey"]
+  );
+  return await crypto.subtle.deriveKey(
+    {
+      name: "PBKDF2",
+      salt: saltBuffer,
+      iterations: PBKDF2_ITERATIONS,
+      hash: "SHA-256"
+    },
+    keyMaterial,
+    { name: ALGORITHM, length: KEY_LENGTH },
+    false,
+    // not extractable
+    ["encrypt", "decrypt"]
+  );
+}
+function generateVaultKey() {
+  return crypto.getRandomValues(new Uint8Array(32));
+}
+async function encryptString(data, derivedKey) {
+  const nonce = crypto.getRandomValues(new Uint8Array(12));
+  const encoder = new TextEncoder();
+  const dataBuffer = encoder.encode(data);
+  const encryptedBuffer = await crypto.subtle.encrypt(
+    {
+      name: ALGORITHM,
+      iv: nonce
+    },
+    derivedKey,
+    dataBuffer
+  );
+  return {
+    encryptedData: arrayBufferToBase64(encryptedBuffer),
+    nonce: arrayBufferToBase64(nonce)
+  };
+}
+async function decryptString(encryptedData, nonce, derivedKey) {
+  const encryptedBuffer = base64ToArrayBuffer(encryptedData);
+  const nonceBuffer = base64ToArrayBuffer(nonce);
+  const encryptedDataBuffer = new Uint8Array(encryptedBuffer);
+  const iv = new Uint8Array(nonceBuffer);
+  const decryptedBuffer = await crypto.subtle.decrypt(
+    {
+      name: ALGORITHM,
+      iv
+    },
+    derivedKey,
+    encryptedDataBuffer
+  );
+  const decoder = new TextDecoder();
+  return decoder.decode(decryptedBuffer);
+}
+async function encryptVaultKey(vaultKey, password) {
+  const salt = crypto.getRandomValues(new Uint8Array(32));
+  const derivedKey = await deriveKeyFromPassword(password, salt);
+  const nonce = crypto.getRandomValues(new Uint8Array(12));
+  const vaultKeyBuffer = new Uint8Array(vaultKey);
+  const encryptedBuffer = await crypto.subtle.encrypt(
+    {
+      name: ALGORITHM,
+      iv: nonce
+    },
+    derivedKey,
+    vaultKeyBuffer
+  );
+  return {
+    encryptedVaultKey: arrayBufferToBase64(encryptedBuffer),
+    salt: arrayBufferToBase64(salt),
+    vaultKeyNonce: arrayBufferToBase64(nonce)
+  };
+}
+async function decryptVaultKey(encryptedVaultKey, salt, vaultKeyNonce, password) {
+  const encryptedBuffer = base64ToArrayBuffer(encryptedVaultKey);
+  const saltBuffer = base64ToArrayBuffer(salt);
+  const nonceBuffer = base64ToArrayBuffer(vaultKeyNonce);
+  const derivedKey = await deriveKeyFromPassword(password, saltBuffer);
+  const encryptedData = new Uint8Array(encryptedBuffer);
+  const iv = new Uint8Array(nonceBuffer);
+  const decryptedBuffer = await crypto.subtle.decrypt(
+    {
+      name: ALGORITHM,
+      iv
+    },
+    derivedKey,
+    encryptedData
+  );
+  return new Uint8Array(decryptedBuffer);
+}
+async function decryptVaultName(encryptedVaultName, vaultNameNonce, vaultNameSalt, password) {
+  const saltBuffer = base64ToArrayBuffer(vaultNameSalt);
+  const derivedKey = await deriveKeyFromPassword(password, saltBuffer);
+  return decryptString(encryptedVaultName, vaultNameNonce, derivedKey);
+}
+async function encryptCrdtData(data, vaultKey) {
+  const vaultKeyBuffer = new Uint8Array(vaultKey);
+  const cryptoKey = await crypto.subtle.importKey(
+    "raw",
+    vaultKeyBuffer,
+    { name: ALGORITHM },
+    false,
+    ["encrypt"]
+  );
+  const nonce = crypto.getRandomValues(new Uint8Array(12));
+  const encoder = new TextEncoder();
+  const dataBuffer = encoder.encode(JSON.stringify(data));
+  const encryptedBuffer = await crypto.subtle.encrypt(
+    {
+      name: ALGORITHM,
+      iv: nonce
+    },
+    cryptoKey,
+    dataBuffer
+  );
+  return {
+    encryptedData: arrayBufferToBase64(encryptedBuffer),
+    nonce: arrayBufferToBase64(nonce)
+  };
+}
+async function decryptCrdtData(encryptedData, nonce, vaultKey) {
+  const vaultKeyBuffer = new Uint8Array(vaultKey);
+  const cryptoKey = await crypto.subtle.importKey(
+    "raw",
+    vaultKeyBuffer,
+    { name: ALGORITHM },
+    false,
+    ["decrypt"]
+  );
+  const encryptedBuffer = base64ToArrayBuffer(encryptedData);
+  const nonceBuffer = base64ToArrayBuffer(nonce);
+  const encryptedDataBuffer = new Uint8Array(encryptedBuffer);
+  const iv = new Uint8Array(nonceBuffer);
+  const decryptedBuffer = await crypto.subtle.decrypt(
+    {
+      name: ALGORITHM,
+      iv
+    },
+    cryptoKey,
+    encryptedDataBuffer
+  );
+  const decoder = new TextDecoder();
+  const jsonString = decoder.decode(decryptedBuffer);
+  return JSON.parse(jsonString);
+}
+function arrayBufferToBase64(buffer) {
+  const bytes = buffer instanceof Uint8Array ? buffer : new Uint8Array(buffer);
+  if (typeof Buffer !== "undefined") {
+    return Buffer.from(bytes).toString("base64");
+  }
+  let binary = "";
+  for (let i = 0; i < bytes.length; i++) {
+    const byte = bytes[i];
+    if (byte !== void 0) {
+      binary += String.fromCharCode(byte);
+    }
+  }
+  return btoa(binary);
+}
+function base64ToArrayBuffer(base64) {
+  if (typeof Buffer !== "undefined") {
+    return new Uint8Array(Buffer.from(base64, "base64"));
+  }
+  const binary = atob(base64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}
+
 // src/index.ts
 function createHaexVaultClient(config = {}) {
   return new HaexVaultClient(config);
 }
 
-export { DEFAULT_TIMEOUT, DatabaseAPI, ErrorCode, FilesystemAPI, HAEXSPACE_MESSAGE_TYPES, HAEXTENSION_EVENTS, HAEXTENSION_METHODS, HaexHubError, HaexVaultClient, PermissionStatus, PermissionsAPI, TABLE_SEPARATOR, WebAPI, createHaexVaultClient, getTableName, hexToBytes, installBaseTag, installCookiePolyfill, installHistoryPolyfill, installLocalStoragePolyfill, installPolyfills, installSessionStoragePolyfill, sortObjectKeysRecursively, verifyExtensionSignature };
+export { DEFAULT_TIMEOUT, DatabaseAPI, ErrorCode, FilesystemAPI, HAEXSPACE_MESSAGE_TYPES, HAEXTENSION_EVENTS, HAEXTENSION_METHODS, HaexHubError, HaexVaultClient, PermissionStatus, PermissionsAPI, TABLE_SEPARATOR, WebAPI, arrayBufferToBase64, base64ToArrayBuffer, createHaexVaultClient, decryptCrdtData, decryptString, decryptVaultKey, decryptVaultName, deriveKeyFromPassword, encryptCrdtData, encryptString, encryptVaultKey, generateVaultKey, getTableName, hexToBytes, installBaseTag, installCookiePolyfill, installHistoryPolyfill, installLocalStoragePolyfill, installPolyfills, installSessionStoragePolyfill, sortObjectKeysRecursively, verifyExtensionSignature };
 //# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map