@haex-space/vault-sdk 2.5.107 → 2.5.108
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +20 -1
- package/dist/index.d.ts +20 -1
- package/dist/index.js +38 -0
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +37 -1
- package/dist/index.mjs.map +1 -1
- package/dist/react.js.map +1 -1
- package/dist/react.mjs.map +1 -1
- package/dist/svelte.js.map +1 -1
- package/dist/svelte.mjs.map +1 -1
- package/dist/vue.js.map +1 -1
- package/dist/vue.mjs.map +1 -1
- package/package.json +1 -1
package/dist/index.d.mts
CHANGED
|
@@ -796,6 +796,25 @@ interface SignableRecord {
|
|
|
796
796
|
}
|
|
797
797
|
declare function signRecordAsync(record: SignableRecord, privateKeyBase64: string): Promise<string>;
|
|
798
798
|
declare function verifyRecordSignatureAsync(record: SignableRecord, signatureBase64: string, publicKeyBase64: string): Promise<boolean>;
|
|
799
|
+
/**
|
|
800
|
+
* Sign a space challenge to prove private key possession.
|
|
801
|
+
* Generates a fresh timestamp internally to prevent misuse.
|
|
802
|
+
*
|
|
803
|
+
* @returns signature (Base64) + timestamp (ISO 8601) to send as
|
|
804
|
+
* X-Space-Signature / X-Space-Timestamp headers.
|
|
805
|
+
*/
|
|
806
|
+
declare function signSpaceChallengeAsync(spaceId: string, privateKeyBase64: string): Promise<{
|
|
807
|
+
signature: string;
|
|
808
|
+
timestamp: string;
|
|
809
|
+
}>;
|
|
810
|
+
/**
|
|
811
|
+
* Verify a space challenge signature (server-side).
|
|
812
|
+
* Checks both cryptographic validity and timestamp freshness (max 30s).
|
|
813
|
+
*/
|
|
814
|
+
declare function verifySpaceChallengeAsync(spaceId: string, timestamp: string, signatureBase64: string, publicKeyBase64: string): Promise<{
|
|
815
|
+
valid: boolean;
|
|
816
|
+
error?: string;
|
|
817
|
+
}>;
|
|
799
818
|
|
|
800
819
|
/**
|
|
801
820
|
* Crypto utilities for WebAuthn/Passkey operations
|
|
@@ -871,4 +890,4 @@ declare function exportKeyPairAsync(keyPair: PasskeyKeyPair): Promise<ExportedPa
|
|
|
871
890
|
|
|
872
891
|
declare function createHaexVaultSdk(config?: HaexHubConfig): HaexVaultSdk;
|
|
873
892
|
|
|
874
|
-
export { type AuthUser, COSE_ALGORITHM, type CoseAlgorithm, type CreateSpaceRequest, type EncryptedSpaceKey, type ExportedPasskeyKeyPair, type ExportedUserKeypair, ExtensionManifest, HAEXSPACE_MESSAGE_TYPES, HaexHubConfig, HaexVaultSdk, type HaexspaceMessageType, type InviteMemberRequest, KEY_AGREEMENT_ALGO, type PasskeyKeyPair, type RegisterKeypairRequest, SIGNING_ALGO, type SignableRecord, SpaceRole, type StorageConfig, type ErrorResponse as SyncServerErrorResponse, type ServerInfo as SyncServerInfo, type LoginRequest as SyncServerLoginRequest, type LoginResponse as SyncServerLoginResponse, type RefreshRequest as SyncServerRefreshRequest, TAURI_COMMANDS, type TauriCommand, type UserKeypair, type VerifyResult, type ZipFileEntry, arrayBufferToBase64, base64ToArrayBuffer, createHaexVaultSdk, decryptCrdtData, decryptPrivateKeyAsync, decryptSpaceKeyAsync, decryptString, decryptVaultKey, decryptVaultName, deriveKeyFromPassword, encryptCrdtData, encryptPrivateKeyAsync, encryptSpaceKeyForRecipientAsync, encryptString, encryptVaultKey, exportKeyPairAsync, exportPrivateKeyAsync, exportPublicKeyAsync, exportPublicKeyCoseAsync, exportUserKeypairAsync, generateCredentialId, generatePasskeyPairAsync, generateSpaceKey, generateUserKeypairAsync, generateVaultKey, hexToBytes, importPrivateKeyAsync, importPrivateKeyForKeyAgreementAsync, importPublicKeyAsync, importPublicKeyForKeyAgreementAsync, importUserPrivateKeyAsync, importUserPublicKeyAsync, installBaseTag, installCookiePolyfill, installHistoryPolyfill, installLocalStoragePolyfill, installPolyfills, installSessionStoragePolyfill, signRecordAsync, signWithPasskeyAsync, sortObjectKeysRecursively, unwrapKey, verifyExtensionSignature, verifyRecordSignatureAsync, verifyWithPasskeyAsync, wrapKey };
|
|
893
|
+
export { type AuthUser, COSE_ALGORITHM, type CoseAlgorithm, type CreateSpaceRequest, type EncryptedSpaceKey, type ExportedPasskeyKeyPair, type ExportedUserKeypair, ExtensionManifest, HAEXSPACE_MESSAGE_TYPES, HaexHubConfig, HaexVaultSdk, type HaexspaceMessageType, type InviteMemberRequest, KEY_AGREEMENT_ALGO, type PasskeyKeyPair, type RegisterKeypairRequest, SIGNING_ALGO, type SignableRecord, SpaceRole, type StorageConfig, type ErrorResponse as SyncServerErrorResponse, type ServerInfo as SyncServerInfo, type LoginRequest as SyncServerLoginRequest, type LoginResponse as SyncServerLoginResponse, type RefreshRequest as SyncServerRefreshRequest, TAURI_COMMANDS, type TauriCommand, type UserKeypair, type VerifyResult, type ZipFileEntry, arrayBufferToBase64, base64ToArrayBuffer, createHaexVaultSdk, decryptCrdtData, decryptPrivateKeyAsync, decryptSpaceKeyAsync, decryptString, decryptVaultKey, decryptVaultName, deriveKeyFromPassword, encryptCrdtData, encryptPrivateKeyAsync, encryptSpaceKeyForRecipientAsync, encryptString, encryptVaultKey, exportKeyPairAsync, exportPrivateKeyAsync, exportPublicKeyAsync, exportPublicKeyCoseAsync, exportUserKeypairAsync, generateCredentialId, generatePasskeyPairAsync, generateSpaceKey, generateUserKeypairAsync, generateVaultKey, hexToBytes, importPrivateKeyAsync, importPrivateKeyForKeyAgreementAsync, importPublicKeyAsync, importPublicKeyForKeyAgreementAsync, importUserPrivateKeyAsync, importUserPublicKeyAsync, installBaseTag, installCookiePolyfill, installHistoryPolyfill, installLocalStoragePolyfill, installPolyfills, installSessionStoragePolyfill, signRecordAsync, signSpaceChallengeAsync, signWithPasskeyAsync, sortObjectKeysRecursively, unwrapKey, verifyExtensionSignature, verifyRecordSignatureAsync, verifySpaceChallengeAsync, verifyWithPasskeyAsync, wrapKey };
|
package/dist/index.d.ts
CHANGED
|
@@ -796,6 +796,25 @@ interface SignableRecord {
|
|
|
796
796
|
}
|
|
797
797
|
declare function signRecordAsync(record: SignableRecord, privateKeyBase64: string): Promise<string>;
|
|
798
798
|
declare function verifyRecordSignatureAsync(record: SignableRecord, signatureBase64: string, publicKeyBase64: string): Promise<boolean>;
|
|
799
|
+
/**
|
|
800
|
+
* Sign a space challenge to prove private key possession.
|
|
801
|
+
* Generates a fresh timestamp internally to prevent misuse.
|
|
802
|
+
*
|
|
803
|
+
* @returns signature (Base64) + timestamp (ISO 8601) to send as
|
|
804
|
+
* X-Space-Signature / X-Space-Timestamp headers.
|
|
805
|
+
*/
|
|
806
|
+
declare function signSpaceChallengeAsync(spaceId: string, privateKeyBase64: string): Promise<{
|
|
807
|
+
signature: string;
|
|
808
|
+
timestamp: string;
|
|
809
|
+
}>;
|
|
810
|
+
/**
|
|
811
|
+
* Verify a space challenge signature (server-side).
|
|
812
|
+
* Checks both cryptographic validity and timestamp freshness (max 30s).
|
|
813
|
+
*/
|
|
814
|
+
declare function verifySpaceChallengeAsync(spaceId: string, timestamp: string, signatureBase64: string, publicKeyBase64: string): Promise<{
|
|
815
|
+
valid: boolean;
|
|
816
|
+
error?: string;
|
|
817
|
+
}>;
|
|
799
818
|
|
|
800
819
|
/**
|
|
801
820
|
* Crypto utilities for WebAuthn/Passkey operations
|
|
@@ -871,4 +890,4 @@ declare function exportKeyPairAsync(keyPair: PasskeyKeyPair): Promise<ExportedPa
|
|
|
871
890
|
|
|
872
891
|
declare function createHaexVaultSdk(config?: HaexHubConfig): HaexVaultSdk;
|
|
873
892
|
|
|
874
|
-
export { type AuthUser, COSE_ALGORITHM, type CoseAlgorithm, type CreateSpaceRequest, type EncryptedSpaceKey, type ExportedPasskeyKeyPair, type ExportedUserKeypair, ExtensionManifest, HAEXSPACE_MESSAGE_TYPES, HaexHubConfig, HaexVaultSdk, type HaexspaceMessageType, type InviteMemberRequest, KEY_AGREEMENT_ALGO, type PasskeyKeyPair, type RegisterKeypairRequest, SIGNING_ALGO, type SignableRecord, SpaceRole, type StorageConfig, type ErrorResponse as SyncServerErrorResponse, type ServerInfo as SyncServerInfo, type LoginRequest as SyncServerLoginRequest, type LoginResponse as SyncServerLoginResponse, type RefreshRequest as SyncServerRefreshRequest, TAURI_COMMANDS, type TauriCommand, type UserKeypair, type VerifyResult, type ZipFileEntry, arrayBufferToBase64, base64ToArrayBuffer, createHaexVaultSdk, decryptCrdtData, decryptPrivateKeyAsync, decryptSpaceKeyAsync, decryptString, decryptVaultKey, decryptVaultName, deriveKeyFromPassword, encryptCrdtData, encryptPrivateKeyAsync, encryptSpaceKeyForRecipientAsync, encryptString, encryptVaultKey, exportKeyPairAsync, exportPrivateKeyAsync, exportPublicKeyAsync, exportPublicKeyCoseAsync, exportUserKeypairAsync, generateCredentialId, generatePasskeyPairAsync, generateSpaceKey, generateUserKeypairAsync, generateVaultKey, hexToBytes, importPrivateKeyAsync, importPrivateKeyForKeyAgreementAsync, importPublicKeyAsync, importPublicKeyForKeyAgreementAsync, importUserPrivateKeyAsync, importUserPublicKeyAsync, installBaseTag, installCookiePolyfill, installHistoryPolyfill, installLocalStoragePolyfill, installPolyfills, installSessionStoragePolyfill, signRecordAsync, signWithPasskeyAsync, sortObjectKeysRecursively, unwrapKey, verifyExtensionSignature, verifyRecordSignatureAsync, verifyWithPasskeyAsync, wrapKey };
|
|
893
|
+
export { type AuthUser, COSE_ALGORITHM, type CoseAlgorithm, type CreateSpaceRequest, type EncryptedSpaceKey, type ExportedPasskeyKeyPair, type ExportedUserKeypair, ExtensionManifest, HAEXSPACE_MESSAGE_TYPES, HaexHubConfig, HaexVaultSdk, type HaexspaceMessageType, type InviteMemberRequest, KEY_AGREEMENT_ALGO, type PasskeyKeyPair, type RegisterKeypairRequest, SIGNING_ALGO, type SignableRecord, SpaceRole, type StorageConfig, type ErrorResponse as SyncServerErrorResponse, type ServerInfo as SyncServerInfo, type LoginRequest as SyncServerLoginRequest, type LoginResponse as SyncServerLoginResponse, type RefreshRequest as SyncServerRefreshRequest, TAURI_COMMANDS, type TauriCommand, type UserKeypair, type VerifyResult, type ZipFileEntry, arrayBufferToBase64, base64ToArrayBuffer, createHaexVaultSdk, decryptCrdtData, decryptPrivateKeyAsync, decryptSpaceKeyAsync, decryptString, decryptVaultKey, decryptVaultName, deriveKeyFromPassword, encryptCrdtData, encryptPrivateKeyAsync, encryptSpaceKeyForRecipientAsync, encryptString, encryptVaultKey, exportKeyPairAsync, exportPrivateKeyAsync, exportPublicKeyAsync, exportPublicKeyCoseAsync, exportUserKeypairAsync, generateCredentialId, generatePasskeyPairAsync, generateSpaceKey, generateUserKeypairAsync, generateVaultKey, hexToBytes, importPrivateKeyAsync, importPrivateKeyForKeyAgreementAsync, importPublicKeyAsync, importPublicKeyForKeyAgreementAsync, importUserPrivateKeyAsync, importUserPublicKeyAsync, installBaseTag, installCookiePolyfill, installHistoryPolyfill, installLocalStoragePolyfill, installPolyfills, installSessionStoragePolyfill, signRecordAsync, signSpaceChallengeAsync, signWithPasskeyAsync, sortObjectKeysRecursively, unwrapKey, verifyExtensionSignature, verifyRecordSignatureAsync, verifySpaceChallengeAsync, verifyWithPasskeyAsync, wrapKey };
|
package/dist/index.js
CHANGED
|
@@ -2885,6 +2885,42 @@ async function verifyRecordSignatureAsync(record, signatureBase64, publicKeyBase
|
|
|
2885
2885
|
canonicalize(record)
|
|
2886
2886
|
);
|
|
2887
2887
|
}
|
|
2888
|
+
var CHALLENGE_MAX_AGE_MS = 3e4;
|
|
2889
|
+
function canonicalizeChallenge(spaceId, timestamp) {
|
|
2890
|
+
return new TextEncoder().encode(`${spaceId}\0${timestamp}`).buffer;
|
|
2891
|
+
}
|
|
2892
|
+
async function signSpaceChallengeAsync(spaceId, privateKeyBase64) {
|
|
2893
|
+
const timestamp = (/* @__PURE__ */ new Date()).toISOString();
|
|
2894
|
+
const key = await importUserPrivateKeyAsync(privateKeyBase64);
|
|
2895
|
+
const sig = await crypto.subtle.sign(
|
|
2896
|
+
{ name: "ECDSA", hash: "SHA-256" },
|
|
2897
|
+
key,
|
|
2898
|
+
canonicalizeChallenge(spaceId, timestamp)
|
|
2899
|
+
);
|
|
2900
|
+
return { signature: arrayBufferToBase64(sig), timestamp };
|
|
2901
|
+
}
|
|
2902
|
+
async function verifySpaceChallengeAsync(spaceId, timestamp, signatureBase64, publicKeyBase64) {
|
|
2903
|
+
const tsMs = new Date(timestamp).getTime();
|
|
2904
|
+
if (Number.isNaN(tsMs)) {
|
|
2905
|
+
return { valid: false, error: "Invalid timestamp format" };
|
|
2906
|
+
}
|
|
2907
|
+
const age = Date.now() - tsMs;
|
|
2908
|
+
if (age < 0 || age > CHALLENGE_MAX_AGE_MS) {
|
|
2909
|
+
return { valid: false, error: "Challenge timestamp expired or in the future" };
|
|
2910
|
+
}
|
|
2911
|
+
try {
|
|
2912
|
+
const key = await importUserPublicKeyAsync(publicKeyBase64);
|
|
2913
|
+
const isValid = await crypto.subtle.verify(
|
|
2914
|
+
{ name: "ECDSA", hash: "SHA-256" },
|
|
2915
|
+
key,
|
|
2916
|
+
base64ToArrayBuffer(signatureBase64),
|
|
2917
|
+
canonicalizeChallenge(spaceId, timestamp)
|
|
2918
|
+
);
|
|
2919
|
+
return isValid ? { valid: true } : { valid: false, error: "Invalid challenge signature" };
|
|
2920
|
+
} catch {
|
|
2921
|
+
return { valid: false, error: "Challenge verification failed" };
|
|
2922
|
+
}
|
|
2923
|
+
}
|
|
2888
2924
|
|
|
2889
2925
|
// src/crypto/passkey.ts
|
|
2890
2926
|
function toArrayBuffer(data) {
|
|
@@ -3124,11 +3160,13 @@ exports.isPermissionDeniedError = isPermissionDeniedError;
|
|
|
3124
3160
|
exports.isPermissionError = isPermissionError;
|
|
3125
3161
|
exports.isPermissionPromptError = isPermissionPromptError;
|
|
3126
3162
|
exports.signRecordAsync = signRecordAsync;
|
|
3163
|
+
exports.signSpaceChallengeAsync = signSpaceChallengeAsync;
|
|
3127
3164
|
exports.signWithPasskeyAsync = signWithPasskeyAsync;
|
|
3128
3165
|
exports.sortObjectKeysRecursively = sortObjectKeysRecursively;
|
|
3129
3166
|
exports.unwrapKey = unwrapKey;
|
|
3130
3167
|
exports.verifyExtensionSignature = verifyExtensionSignature;
|
|
3131
3168
|
exports.verifyRecordSignatureAsync = verifyRecordSignatureAsync;
|
|
3169
|
+
exports.verifySpaceChallengeAsync = verifySpaceChallengeAsync;
|
|
3132
3170
|
exports.verifyWithPasskeyAsync = verifyWithPasskeyAsync;
|
|
3133
3171
|
exports.wrapKey = wrapKey;
|
|
3134
3172
|
//# sourceMappingURL=index.js.map
|