@ibgib/core-gib 0.1.57 → 0.1.59

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (162) hide show
  1. package/dist/keystone/keystone-config-builder.d.mts +12 -1
  2. package/dist/keystone/keystone-config-builder.d.mts.map +1 -1
  3. package/dist/keystone/keystone-config-builder.mjs +58 -4
  4. package/dist/keystone/keystone-config-builder.mjs.map +1 -1
  5. package/dist/keystone/keystone-constants.d.mts +40 -5
  6. package/dist/keystone/keystone-constants.d.mts.map +1 -1
  7. package/dist/keystone/keystone-constants.mjs +39 -5
  8. package/dist/keystone/keystone-constants.mjs.map +1 -1
  9. package/dist/keystone/keystone-helpers.d.mts +11 -1
  10. package/dist/keystone/keystone-helpers.d.mts.map +1 -1
  11. package/dist/keystone/keystone-helpers.mjs +37 -1
  12. package/dist/keystone/keystone-helpers.mjs.map +1 -1
  13. package/dist/keystone/keystone-policy-types.d.mts +23 -0
  14. package/dist/keystone/keystone-policy-types.d.mts.map +1 -0
  15. package/dist/keystone/keystone-policy-types.mjs +2 -0
  16. package/dist/keystone/keystone-policy-types.mjs.map +1 -0
  17. package/dist/sync/graft-info/graft-info-helpers.respec.mjs +8 -8
  18. package/dist/sync/graft-info/graft-info-helpers.respec.mjs.map +1 -1
  19. package/dist/sync/sync-conflict-adv-multitimelines.respec.mjs +22 -22
  20. package/dist/sync/sync-conflict-adv-multitimelines.respec.mjs.map +1 -1
  21. package/dist/sync/sync-conflict-basic-divergence.respec.mjs +3 -3
  22. package/dist/sync/sync-conflict-basic-divergence.respec.mjs.map +1 -1
  23. package/dist/sync/sync-conflict-basic-multitimelines.respec.mjs +6 -6
  24. package/dist/sync/sync-conflict-basic-multitimelines.respec.mjs.map +1 -1
  25. package/dist/sync/sync-conflict-text-merge.respec.mjs +26 -26
  26. package/dist/sync/sync-conflict-text-merge.respec.mjs.map +1 -1
  27. package/dist/sync/sync-helpers.d.mts +19 -0
  28. package/dist/sync/sync-helpers.d.mts.map +1 -1
  29. package/dist/sync/sync-helpers.mjs +51 -1
  30. package/dist/sync/sync-helpers.mjs.map +1 -1
  31. package/dist/sync/sync-innerspace-constants.respec.mjs +2 -2
  32. package/dist/sync/sync-innerspace-constants.respec.mjs.map +1 -1
  33. package/dist/sync/sync-innerspace-deep-updates.respec.mjs +2 -2
  34. package/dist/sync/sync-innerspace-deep-updates.respec.mjs.map +1 -1
  35. package/dist/sync/sync-innerspace-dest-ahead.respec.mjs +4 -4
  36. package/dist/sync/sync-innerspace-dest-ahead.respec.mjs.map +1 -1
  37. package/dist/sync/sync-innerspace-multiple-timelines.respec.mjs +2 -2
  38. package/dist/sync/sync-innerspace-multiple-timelines.respec.mjs.map +1 -1
  39. package/dist/sync/sync-innerspace-partial-update.respec.mjs +3 -3
  40. package/dist/sync/sync-innerspace-partial-update.respec.mjs.map +1 -1
  41. package/dist/sync/sync-innerspace.respec.mjs +4 -4
  42. package/dist/sync/sync-innerspace.respec.mjs.map +1 -1
  43. package/dist/sync/sync-peer/sync-peer-http-receiver/sync-peer-http-receiver-v1.d.mts +5 -0
  44. package/dist/sync/sync-peer/sync-peer-http-receiver/sync-peer-http-receiver-v1.d.mts.map +1 -1
  45. package/dist/sync/sync-peer/sync-peer-http-receiver/sync-peer-http-receiver-v1.mjs +24 -2
  46. package/dist/sync/sync-peer/sync-peer-http-receiver/sync-peer-http-receiver-v1.mjs.map +1 -1
  47. package/dist/sync/sync-peer/sync-peer-http-sender/sync-peer-http-sender-v1.d.mts +5 -0
  48. package/dist/sync/sync-peer/sync-peer-http-sender/sync-peer-http-sender-v1.d.mts.map +1 -1
  49. package/dist/sync/sync-peer/sync-peer-http-sender/sync-peer-http-sender-v1.mjs +21 -3
  50. package/dist/sync/sync-peer/sync-peer-http-sender/sync-peer-http-sender-v1.mjs.map +1 -1
  51. package/dist/sync/sync-peer/sync-peer-innerspace/sync-peer-innerspace-types.d.mts +1 -1
  52. package/dist/sync/sync-peer/sync-peer-innerspace/sync-peer-innerspace-v1.d.mts +13 -1
  53. package/dist/sync/sync-peer/sync-peer-innerspace/sync-peer-innerspace-v1.d.mts.map +1 -1
  54. package/dist/sync/sync-peer/sync-peer-innerspace/sync-peer-innerspace-v1.mjs +40 -10
  55. package/dist/sync/sync-peer/sync-peer-innerspace/sync-peer-innerspace-v1.mjs.map +1 -1
  56. package/dist/sync/sync-peer/sync-peer-types.d.mts +81 -1
  57. package/dist/sync/sync-peer/sync-peer-types.d.mts.map +1 -1
  58. package/dist/sync/sync-peer/sync-peer-v1.d.mts +37 -3
  59. package/dist/sync/sync-peer/sync-peer-v1.d.mts.map +1 -1
  60. package/dist/sync/sync-peer/sync-peer-v1.mjs +163 -23
  61. package/dist/sync/sync-peer/sync-peer-v1.mjs.map +1 -1
  62. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-constants.d.mts +46 -0
  63. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-constants.d.mts.map +1 -0
  64. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-constants.mjs +45 -0
  65. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-constants.mjs.map +1 -0
  66. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-receiver/sync-peer-websocket-receiver-types.d.mts +30 -0
  67. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-receiver/sync-peer-websocket-receiver-types.d.mts.map +1 -0
  68. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-receiver/sync-peer-websocket-receiver-types.mjs +2 -0
  69. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-receiver/sync-peer-websocket-receiver-types.mjs.map +1 -0
  70. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-receiver/sync-peer-websocket-receiver-v1.d.mts +68 -0
  71. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-receiver/sync-peer-websocket-receiver-v1.d.mts.map +1 -0
  72. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-receiver/sync-peer-websocket-receiver-v1.mjs +324 -0
  73. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-receiver/sync-peer-websocket-receiver-v1.mjs.map +1 -0
  74. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-receiver/sync-websocket-peer-helpers.d.mts +85 -0
  75. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-receiver/sync-websocket-peer-helpers.d.mts.map +1 -0
  76. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-receiver/sync-websocket-peer-helpers.mjs +332 -0
  77. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-receiver/sync-websocket-peer-helpers.mjs.map +1 -0
  78. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-sender/sync-peer-websocket-sender-types.d.mts +29 -0
  79. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-sender/sync-peer-websocket-sender-types.d.mts.map +1 -0
  80. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-sender/sync-peer-websocket-sender-types.mjs +2 -0
  81. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-sender/sync-peer-websocket-sender-types.mjs.map +1 -0
  82. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-sender/sync-peer-websocket-sender-v1.d.mts +44 -0
  83. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-sender/sync-peer-websocket-sender-v1.d.mts.map +1 -0
  84. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-sender/sync-peer-websocket-sender-v1.mjs +303 -0
  85. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-sender/sync-peer-websocket-sender-v1.mjs.map +1 -0
  86. package/dist/sync/sync-saga-context/sync-saga-context-helpers.d.mts +22 -5
  87. package/dist/sync/sync-saga-context/sync-saga-context-helpers.d.mts.map +1 -1
  88. package/dist/sync/sync-saga-context/sync-saga-context-helpers.mjs +223 -27
  89. package/dist/sync/sync-saga-context/sync-saga-context-helpers.mjs.map +1 -1
  90. package/dist/sync/sync-saga-context/sync-saga-context-types.d.mts +9 -0
  91. package/dist/sync/sync-saga-context/sync-saga-context-types.d.mts.map +1 -1
  92. package/dist/sync/sync-saga-coordinator.d.mts +41 -2
  93. package/dist/sync/sync-saga-coordinator.d.mts.map +1 -1
  94. package/dist/sync/sync-saga-coordinator.mjs +110 -11
  95. package/dist/sync/sync-saga-coordinator.mjs.map +1 -1
  96. package/dist/sync/sync-types.d.mts +24 -0
  97. package/dist/sync/sync-types.d.mts.map +1 -1
  98. package/dist/sync/sync-types.mjs +0 -1
  99. package/dist/sync/sync-types.mjs.map +1 -1
  100. package/dist/sync/sync-withid.connect.respec.d.mts +12 -0
  101. package/dist/sync/sync-withid.connect.respec.d.mts.map +1 -0
  102. package/dist/sync/sync-withid.connect.respec.mjs +205 -0
  103. package/dist/sync/sync-withid.connect.respec.mjs.map +1 -0
  104. package/dist/sync/sync-withid.establish.respec.d.mts +19 -0
  105. package/dist/sync/sync-withid.establish.respec.d.mts.map +1 -0
  106. package/dist/sync/sync-withid.establish.respec.mjs +322 -0
  107. package/dist/sync/sync-withid.establish.respec.mjs.map +1 -0
  108. package/dist/sync/sync-withid.pingpong.respec.d.mts +11 -0
  109. package/dist/sync/sync-withid.pingpong.respec.d.mts.map +1 -0
  110. package/dist/sync/sync-withid.pingpong.respec.mjs +131 -0
  111. package/dist/sync/sync-withid.pingpong.respec.mjs.map +1 -0
  112. package/dist/witness/space/inner-space/inner-space-v1.d.mts.map +1 -1
  113. package/dist/witness/space/inner-space/inner-space-v1.mjs +1 -1
  114. package/dist/witness/space/inner-space/inner-space-v1.mjs.map +1 -1
  115. package/package.json +4 -4
  116. package/src/keystone/keystone-config-builder.mts +73 -4
  117. package/src/keystone/keystone-constants.mts +42 -6
  118. package/src/keystone/keystone-helpers.mts +44 -2
  119. package/src/keystone/keystone-policy-types.mts +25 -0
  120. package/src/keystone/keystone-policy.schema.json +51 -0
  121. package/src/keystone/keystone-service-v1.mts +3 -3
  122. package/src/sync/docs/architecture.md +20 -0
  123. package/src/sync/docs/ping_pong_plan.md +147 -0
  124. package/src/sync/docs/security.md +207 -3
  125. package/src/sync/graft-info/graft-info-helpers.respec.mts +7 -7
  126. package/src/sync/sync-conflict-adv-multitimelines.respec.mts +21 -21
  127. package/src/sync/sync-conflict-basic-divergence.respec.mts +2 -2
  128. package/src/sync/sync-conflict-basic-multitimelines.respec.mts +5 -5
  129. package/src/sync/sync-conflict-text-merge.respec.mts +25 -25
  130. package/src/sync/sync-helpers.mts +51 -1
  131. package/src/sync/sync-innerspace-constants.respec.mts +1 -1
  132. package/src/sync/sync-innerspace-deep-updates.respec.mts +1 -1
  133. package/src/sync/sync-innerspace-dest-ahead.respec.mts +3 -3
  134. package/src/sync/sync-innerspace-multiple-timelines.respec.mts +1 -1
  135. package/src/sync/sync-innerspace-partial-update.respec.mts +2 -2
  136. package/src/sync/sync-innerspace.respec.mts +3 -3
  137. package/src/sync/sync-peer/sync-peer-http-receiver/sync-peer-http-receiver-v1.mts +26 -2
  138. package/src/sync/sync-peer/sync-peer-http-sender/sync-peer-http-sender-v1.mts +23 -3
  139. package/src/sync/sync-peer/sync-peer-innerspace/sync-peer-innerspace-types.mts +1 -1
  140. package/src/sync/sync-peer/sync-peer-innerspace/sync-peer-innerspace-v1.mts +47 -13
  141. package/src/sync/sync-peer/sync-peer-types.mts +87 -1
  142. package/src/sync/sync-peer/sync-peer-v1.mts +171 -32
  143. package/src/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-constants.mts +68 -0
  144. package/src/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-receiver/sync-peer-websocket-receiver-types.mts +36 -0
  145. package/src/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-receiver/sync-peer-websocket-receiver-v1.mts +385 -0
  146. package/src/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-receiver/sync-websocket-peer-helpers.mts +388 -0
  147. package/src/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-sender/sync-peer-websocket-sender-types.mts +35 -0
  148. package/src/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-sender/sync-peer-websocket-sender-v1.mts +345 -0
  149. package/src/sync/sync-saga-context/sync-saga-context-helpers.mts +223 -34
  150. package/src/sync/sync-saga-context/sync-saga-context-types.mts +9 -0
  151. package/src/sync/sync-saga-coordinator.mts +162 -6
  152. package/src/sync/sync-types.mts +28 -4
  153. package/src/sync/sync-withid.connect.respec.mts +243 -0
  154. package/src/sync/sync-withid.establish.respec.mts +361 -0
  155. package/src/sync/sync-withid.pingpong.respec.mts +161 -0
  156. package/src/sync/unused-identity-backup.mts.md +1 -1
  157. package/src/witness/space/inner-space/inner-space-v1.mts +4 -5
  158. package/dist/sync/sync-innerspace-dest-ahead-withid.respec.d.mts +0 -2
  159. package/dist/sync/sync-innerspace-dest-ahead-withid.respec.d.mts.map +0 -1
  160. package/dist/sync/sync-innerspace-dest-ahead-withid.respec.mjs +0 -310
  161. package/dist/sync/sync-innerspace-dest-ahead-withid.respec.mjs.map +0 -1
  162. package/src/sync/sync-innerspace-dest-ahead-withid.respec.mts +0 -364
package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-sender/sync-peer-websocket-sender-v1.mjs ADDED
@@ -0,0 +1,303 @@
1
+ /**
2
+ * @module sync-peer-websocket-sender-v1
3
+ */
4
+ import { extractErrorMsg } from '@ibgib/helper-gib/dist/helpers/utils-helper.mjs';
5
+ import { getIbGibAddr } from '@ibgib/ts-gib/dist/helper.mjs';
6
+ import { KeystoneService_V1 } from '../../../../keystone/keystone-service-v1.mjs';
7
+ import { KeystoneStrategyFactory } from '../../../../keystone/strategy/keystone-strategy-factory.mjs';
8
+ import { deriveSessionSecret } from '../../../sync-helpers.mjs';
9
+ import { SyncPeer_V1 } from '../../sync-peer-v1.mjs';
10
+ import { GLOBAL_LOG_A_LOT } from '../../../../core-constants.mjs';
11
+ import { SESSION_KEYSTONE_POLICY, getConnectChallenge } from '../sync-peer-websocket-receiver/sync-websocket-peer-helpers.mjs';
12
+ import { SyncWebSocketMsgType } from '../sync-peer-websocket-constants.mjs';
13
+ const logalot = GLOBAL_LOG_A_LOT || true;
14
+ /**
15
+ * WebSocket Sender Peer implementation running in browser/native environment.
16
+ */
17
+ export class SyncPeerWebSocketSender_V1 extends SyncPeer_V1 {
18
+ lc = `[${SyncPeerWebSocketSender_V1.name}]`;
19
+ get classname() {
20
+ return SyncPeerWebSocketSender_V1.name;
21
+ }
22
+ get isSocketOpen() {
23
+ return this.ws !== undefined && this.ws.readyState === WebSocket.OPEN;
24
+ }
25
+ ws;
26
+ activeResolve;
27
+ activeReject;
28
+ pendingPayloadsToSend = [];
29
+ constructor(initialData, initialRel8ns) {
30
+ super(initialData, initialRel8ns);
31
+ }
32
+ async preConnectCheck(opts) {
33
+ const lc = `${this.lc}[${this.preConnectCheck.name}]`;
34
+ if (!this.data?.wsUrl) {
35
+ throw new Error(`Missing wsUrl in peer data (E: a3b2c1d0e9f8e7d6c5b4a3f2e1d0c910)`);
36
+ }
37
+ if (!this.data?.httpEvolveUrl) {
38
+ throw new Error(`Missing httpEvolveUrl in peer data (E: a3b2c1d0e9f8e7d6c5b4a3f2e1d0c911)`);
39
+ }
40
+ }
41
+ /**
42
+ * Submits the evolved master identity (I1) and new session keystone (S) to the server's HTTP registry.
43
+ */
44
+ async postEstablishToReceiver({ newSenderIdentity, sessionIdentity, }) {
45
+ const lc = `${this.lc}[${this.postEstablishToReceiver.name}]`;
46
+ try {
47
+ if (logalot) {
48
+ console.log(`${lc} posting evolved keystones to ${this.data.httpEvolveUrl}...`);
49
+ }
50
+ if (!this.data) {
51
+ throw new Error(`(UNEXPECTED) this.data falsy? (E: d642e8a9af18b532c87c6f581aa53b26)`);
52
+ }
53
+ if (!this.data.httpEvolveUrl) {
54
+ throw new Error(`(UNEXPECTED) this.data.httpEvolveUrl falsy? (E: 8589ddbb155914d85c09658881da2c26)`);
55
+ }
56
+ const response = await fetch(this.data.httpEvolveUrl, {
57
+ method: 'PUT',
58
+ headers: {
59
+ 'Content-Type': 'application/json',
60
+ },
61
+ body: JSON.stringify({
62
+ keystoneIbGib: newSenderIdentity,
63
+ relatedIbGibs: [sessionIdentity]
64
+ }),
65
+ });
66
+ if (!response.ok) {
67
+ const data = await response.json().catch(() => ({}));
68
+ const errorMsg = data.message || data.error || 'Unknown error';
69
+ throw new Error(`HTTP ${response.status} evolution post rejected. errorMsg: ${errorMsg} (E: e8a478291b88d05c68cf6b385684b826)`);
70
+ }
71
+ if (logalot) {
72
+ console.log(`${lc} evolve post accepted by server.`);
73
+ }
74
+ }
75
+ catch (error) {
76
+ console.error(`${lc} establish post failed: ${extractErrorMsg(error)}`);
77
+ throw error;
78
+ }
79
+ }
80
+ /**
81
+ * Establishes the stateful WebSocket connection and performs the multi-turn cryptographic challenge connect.
82
+ */
83
+ async connectImpl(opts) {
84
+ const lc = `${this.lc}[${this.connectImpl.name}]`;
85
+ try {
86
+ if (logalot) {
87
+ console.log(`${lc} starting...`);
88
+ }
89
+ const { senderIdentity, fnSenderSecret, sagaId, localMetaspace, localSpace } = this.opts;
90
+ if (!senderIdentity || !fnSenderSecret || !sagaId) {
91
+ throw new Error(`Missing identity parameters in peer options (E: ed49b6711ac82efcdb42b8a28c5b6826)`);
92
+ }
93
+ // 1. Solve upfront pre-filter solution
94
+ const senderSecret = await fnSenderSecret();
95
+ const sessionSecret = await deriveSessionSecret({ senderSecret, sagaId });
96
+ // Fetch session identity S that establishSessionIdentity just created
97
+ const sAddr_tjp = getIbGibAddr({ ibGib: senderIdentity }); // wait, S's past contains I
98
+ // Actually, we can get the S keystone that was returned by establishSessionIdentity.
99
+ // Let's resolve S from the sender localSpace using its target claim or the targetAddrs
100
+ const sAddr = getIbGibAddr({ ibGib: senderIdentity.rel8ns?.past ? senderIdentity : senderIdentity }); // stub: get the actual generated S
101
+ // To make sure we have the exact session identity S, we can query localSpace.
102
+ // Since we know the sagaId, we can walk or locate it.
103
+ // But wait, the coordinator calls establishSessionIdentity first, which returns the created S keystone!
104
+ // Let's store a reference to the sessionIdentity S on this class during establish, or lookup from localSpace.
105
+ // Wait, does the coordinator let the peer store S? No, but let's query the latest keystone in localSpace.
106
+ const senderIdentityLatestAddr = await localMetaspace.getLatestAddr({ ibGib: senderIdentity, space: localSpace });
107
+ if (!senderIdentityLatestAddr) {
108
+ throw new Error(`senderIdentityLatestAddr falsy. we should have a latest addr that is different than the sender identity at this point (done in the peer establish phase) (E: 225607318bef485d7821f82de97b6826)`);
109
+ }
110
+ const resGet = await localMetaspace.get({ addrs: [senderIdentityLatestAddr], space: localSpace });
111
+ const I_tip = resGet.ibGibs?.[0];
112
+ // const targetSAddr = I_tip?.rel8ns?.past?.[0] ?? I_tip?.data?.proofs?.[0]?.claim?.target;
113
+ const targetSAddr = I_tip.data.proofs.at(0)?.claim.target;
114
+ if (!targetSAddr) {
115
+ throw new Error(`Could not locate session keystone target from identity (E: 5ec4882f7e5e4c33fbd00ab8b3166726)`);
116
+ }
117
+ const resGetS = await localMetaspace.get({ addrs: [targetSAddr], space: localSpace });
118
+ const sessionS = resGetS.ibGibs?.[0];
119
+ if (!sessionS) {
120
+ throw new Error(`Session keystone not found in local space: ${targetSAddr} (E: 9ba818e6622808bb4ae749be31f80b26)`);
121
+ }
122
+ // Solve dynamic upfront picket-fence challenge
123
+ const connectPool = (sessionS.data?.challengePools ?? [])
124
+ .find(p => p.id === SESSION_KEYSTONE_POLICY.CONNECT_POOL.ID);
125
+ if (!connectPool) {
126
+ throw new Error(`Session keystone missing connect pool (E: f50968afca04b6d38ec19824ea201826)`);
127
+ }
128
+ const { challengeId } = getConnectChallenge(sessionS);
129
+ const strategy = KeystoneStrategyFactory.create({ config: connectPool.config });
130
+ const poolSecret = await strategy.derivePoolSecret({ masterSecret: sessionSecret });
131
+ const solution = await strategy.generateSolution({
132
+ poolSecret,
133
+ poolId: SESSION_KEYSTONE_POLICY.CONNECT_POOL.ID,
134
+ challengeId
135
+ });
136
+ // 2. Open WebSocket connection
137
+ const wsUrl = `${this.data.wsUrl}?sAddr=${encodeURIComponent(targetSAddr)}&solution=${encodeURIComponent(solution.value)}`;
138
+ if (logalot) {
139
+ console.log(`${lc} connecting to WebSocket: ${wsUrl}`);
140
+ }
141
+ const ws = new WebSocket(wsUrl);
142
+ this.ws = ws;
143
+ return new Promise((resolve, reject) => {
144
+ let isResolved = false;
145
+ ws.addEventListener('open', () => {
146
+ if (logalot) {
147
+ console.log(`${lc} WebSocket opened. Awaiting challenge...`);
148
+ }
149
+ });
150
+ ws.addEventListener('message', async (ev) => {
151
+ try {
152
+ const msg = JSON.parse(ev.data);
153
+ if (logalot) {
154
+ console.log(`${lc} received frame: ${msg.type}`);
155
+ }
156
+ if (msg.type === SyncWebSocketMsgType.auth_challenge_init) {
157
+ ws.send(JSON.stringify({
158
+ type: SyncWebSocketMsgType.auth_init,
159
+ sAddr: targetSAddr
160
+ }));
161
+ }
162
+ else if (msg.type === SyncWebSocketMsgType.auth_challenge) {
163
+ const { challengeUuid, demandedIds } = msg;
164
+ if (logalot) {
165
+ console.log(`${lc} solving demanded challenges: ${demandedIds.join(', ')}`);
166
+ }
167
+ const keystoneService = new KeystoneService_V1();
168
+ const proofFrame = await keystoneService.sign({
169
+ latestKeystone: sessionS,
170
+ masterSecret: sessionSecret,
171
+ poolId: SESSION_KEYSTONE_POLICY.CONNECT_POOL.ID,
172
+ requiredChallengeIds: demandedIds,
173
+ claim: {
174
+ verb: SESSION_KEYSTONE_POLICY.CONNECT_POOL.VERB,
175
+ target: challengeUuid
176
+ },
177
+ metaspace: localMetaspace,
178
+ space: localSpace
179
+ });
180
+ ws.send(JSON.stringify({
181
+ type: SyncWebSocketMsgType.auth_proof,
182
+ proofFrame
183
+ }));
184
+ }
185
+ else if (msg.type === SyncWebSocketMsgType.auth_ok) {
186
+ if (logalot) {
187
+ console.log(`${lc} WebSocket connect SUCCESS!`);
188
+ }
189
+ isResolved = true;
190
+ // Setup persistent runtime listeners
191
+ ws.removeEventListener('message', (() => { }));
192
+ ws.addEventListener('message', (event) => this.handleRuntimeMessage(event));
193
+ resolve();
194
+ }
195
+ else if (msg.type === SyncWebSocketMsgType.auth_fail) {
196
+ reject(new Error(`Connect failed: ${msg.message}`));
197
+ }
198
+ }
199
+ catch (error) {
200
+ reject(error);
201
+ }
202
+ });
203
+ ws.addEventListener('close', (event) => {
204
+ if (!isResolved) {
205
+ reject(new Error(`WebSocket closed before connect completed (code: ${event.code})`));
206
+ }
207
+ });
208
+ ws.addEventListener('error', (err) => {
209
+ if (!isResolved) {
210
+ reject(new Error(`WebSocket connection error`));
211
+ }
212
+ });
213
+ });
214
+ }
215
+ catch (error) {
216
+ console.error(`${lc} connect failed: ${extractErrorMsg(error)}`);
217
+ throw error;
218
+ }
219
+ }
220
+ /**
221
+ * Handles synchronizing messages and evolved context frames during active transaction turns.
222
+ */
223
+ async handleRuntimeMessage(event) {
224
+ const lc = `${this.lc}[${this.handleRuntimeMessage.name}]`;
225
+ try {
226
+ const msg = JSON.parse(event.data);
227
+ if (logalot) {
228
+ console.log(`${lc} received runtime frame: ${msg.type}`);
229
+ }
230
+ if (msg.type === SyncWebSocketMsgType.sync_frame_response) {
231
+ const responseContext = msg.context;
232
+ // Validate and authenticate Bob's response context first
233
+ await this.authenticateAndValidate({ context: responseContext });
234
+ // If response has expected payloads, authorize Bob to stream them
235
+ const expectedPayloadAddrs = responseContext.data?.['@payloadAddrsDomain'] || [];
236
+ if (expectedPayloadAddrs.length > 0) {
237
+ this.ws.send(JSON.stringify({
238
+ type: SyncWebSocketMsgType.sync_frame_response_authenticated,
239
+ contextAddr: getIbGibAddr({ ibGib: responseContext })
240
+ }));
241
+ }
242
+ if (this.activeResolve) {
243
+ const resolve = this.activeResolve;
244
+ this.activeResolve = undefined;
245
+ this.activeReject = undefined;
246
+ resolve(responseContext);
247
+ }
248
+ }
249
+ else if (msg.type === SyncWebSocketMsgType.sync_frame_authenticated) {
250
+ // Bob authenticated our context, stream buffered payloads
251
+ const payloads = this.pendingPayloadsToSend || [];
252
+ this.pendingPayloadsToSend = [];
253
+ for (const ibGib of payloads) {
254
+ this.ws.send(JSON.stringify({
255
+ type: SyncWebSocketMsgType.domain_payload,
256
+ ibGib
257
+ }));
258
+ }
259
+ }
260
+ else if (msg.type === SyncWebSocketMsgType.domain_payload) {
261
+ const payload = msg.ibGib;
262
+ this.payloadIbGibsDomainReceived$.next(payload);
263
+ }
264
+ }
265
+ catch (error) {
266
+ console.error(`${lc} failed parsing runtime frame: ${extractErrorMsg(error)}`);
267
+ if (this.activeReject) {
268
+ this.activeReject(error);
269
+ }
270
+ }
271
+ }
272
+ /**
273
+ * Serializes the transaction context and payload down the active WebSocket connection.
274
+ */
275
+ async sendContextRequest(context) {
276
+ const lc = `${this.lc}[${this.sendContextRequest.name}]`;
277
+ try {
278
+ if (!this.ws || this.ws.readyState !== WebSocket.OPEN) {
279
+ throw new Error(`WebSocket is not connected or open (E: a3b2c1d0e9f8e7d6c5b4a3f2e1d0c915)`);
280
+ }
281
+ // 1. Separate payloads to send later
282
+ const domainPayloads = context.payloadIbGibsDomain ?? [];
283
+ this.pendingPayloadsToSend = [...domainPayloads];
284
+ // 2. Clone context without payloads for transport
285
+ const contextToSend = { ...context };
286
+ delete contextToSend.payloadIbGibsDomain;
287
+ // 3. Transmit the synchronizing transaction context
288
+ return new Promise((resolve, reject) => {
289
+ this.activeResolve = resolve;
290
+ this.activeReject = reject;
291
+ this.ws.send(JSON.stringify({
292
+ type: SyncWebSocketMsgType.sync_frame,
293
+ context: contextToSend
294
+ }));
295
+ });
296
+ }
297
+ catch (error) {
298
+ console.error(`${lc} sendContextRequest failed: ${extractErrorMsg(error)}`);
299
+ throw error;
300
+ }
301
+ }
302
+ }
303
+ //# sourceMappingURL=sync-peer-websocket-sender-v1.mjs.map
package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-sender/sync-peer-websocket-sender-v1.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"sync-peer-websocket-sender-v1.mjs","sourceRoot":"","sources":["../../../../../src/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-sender/sync-peer-websocket-sender-v1.mts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,iDAAiD,CAAC;AAClF,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAG7D,OAAO,EAAE,kBAAkB,EAAE,MAAM,8CAA8C,CAAC;AAClF,OAAO,EAAE,uBAAuB,EAAE,MAAM,6DAA6D,CAAC;AACtG,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAErD,OAAO,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AAQlE,OAAO,EACH,uBAAuB,EACvB,mBAAmB,EACtB,MAAM,iEAAiE,CAAC;AACzE,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAE5E,MAAM,OAAO,GAAG,gBAAgB,IAAI,IAAI,CAAC;AAEzC;;GAEG;AACH,MAAM,OAAO,0BACT,SAAQ,WAAsF;IAG3E,EAAE,GAAW,IAAI,0BAA0B,CAAC,IAAI,GAAG,CAAC;IAEvE,IAAa,SAAS;QAClB,OAAO,0BAA0B,CAAC,IAAI,CAAC;IAC3C,CAAC;IAED,IAAW,YAAY;QACnB,OAAO,IAAI,CAAC,EAAE,KAAK,SAAS,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,KAAK,SAAS,CAAC,IAAI,CAAC;IAC1E,CAAC;IAKS,EAAE,CAAa;IACf,aAAa,CAAwD;IACrE,YAAY,CAAyB;IACrC,qBAAqB,GAAe,EAAE,CAAC;IAEjD,YACI,WAA2C,EAC3C,aAAgD;QAEhD,KAAK,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;IACtC,CAAC;IAEkB,KAAK,CAAC,eAAe,CAAC,IAAwC;QAC7E,MAAM,EAAE,GAAG,GAAG,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,eAAe,CAAC,IAAI,GAAG,CAAC;QACtD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;QACxF,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;QAChG,CAAC;IACL,CAAC;IAED;;OAEG;IACgB,KAAK,CAAC,uBAAuB,CAAC,EAC7C,iBAAiB,EACjB,eAAe,GAIlB;QACG,MAAM,EAAE,GAAG,GAAG,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,uBAAuB,CAAC,IAAI,GAAG,CAAC;QAC9D,IAAI,CAAC;YACD,IAAI,OAAO,EAAE,CAAC;gBAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,iCAAiC,IAAI,CAAC,IAAK,CAAC,aAAa,KAAK,CAAC,CAAC;YAAC,CAAC;YAClG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;gBAAC,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;YAAC,CAAC;YAE3G,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;gBAAC,MAAM,IAAI,KAAK,CAAC,mFAAmF,CAAC,CAAC;YAAC,CAAC;YAEvI,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE;gBAClD,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE;oBACL,cAAc,EAAE,kBAAkB;iBACrC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACjB,aAAa,EAAE,iBAAiB;oBAChC,aAAa,EAAE,CAAC,eAAe,CAAC;iBACnC,CAAC;aACL,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACf,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBACrD,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,KAAK,IAAI,eAAe,CAAC;gBAC/D,MAAM,IAAI,KAAK,CAAC,QAAQ,QAAQ,CAAC,MAAM,uCAAuC,QAAQ,wCAAwC,CAAC,CAAC;YACpI,CAAC;YAED,IAAI,OAAO,EAAE,CAAC;gBAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,kCAAkC,CAAC,CAAC;YAAC,CAAC;QAC1E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,2BAA2B,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YACxE,MAAM,KAAK,CAAC;QAChB,CAAC;IACL,CAAC;IAED;;OAEG;IACgB,KAAK,CAAC,WAAW,CAAC,IAAwC;QACzE,MAAM,EAAE,GAAG,GAAG,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC;QAClD,IAAI,CAAC;YACD,IAAI,OAAO,EAAE,CAAC;gBAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;YAAC,CAAC;YAElD,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC,IAAK,CAAC;YAC1F,IAAI,CAAC,cAAc,IAAI,CAAC,cAAc,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChD,MAAM,IAAI,KAAK,CAAC,mFAAmF,CAAC,CAAC;YACzG,CAAC;YAED,uCAAuC;YACvC,MAAM,YAAY,GAAG,MAAM,cAAc,EAAE,CAAC;YAC5C,MAAM,aAAa,GAAG,MAAM,mBAAmB,CAAC,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC,CAAC;YAE1E,sEAAsE;YACtE,MAAM,SAAS,GAAG,YAAY,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,4BAA4B;YACvF,qFAAqF;YACrF,uFAAuF;YACvF,MAAM,KAAK,GAAG,YAAY,CAAC,EAAE,KAAK,EAAE,cAAc,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,mCAAmC;YAEzI,8EAA8E;YAC9E,sDAAsD;YACtD,wGAAwG;YACxG,8GAA8G;YAC9G,0GAA0G;YAC1G,MAAM,wBAAwB,GAC1B,MAAM,cAAc,CAAC,aAAa,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC;YACrF,IAAI,CAAC,wBAAwB,EAAE,CAAC;gBAAC,MAAM,IAAI,KAAK,CAAC,gMAAgM,CAAC,CAAC;YAAC,CAAC;YAErP,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,wBAAwB,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC;YAClG,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAqB,CAAC;YAErD,2FAA2F;YAC3F,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC;YAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CAAC,8FAA8F,CAAC,CAAC;YACpH,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,WAAW,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC;YACtF,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAqB,CAAC;YACzD,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACZ,MAAM,IAAI,KAAK,CAAC,8CAA8C,WAAW,wCAAwC,CAAC,CAAC;YACvH,CAAC;YAED,+CAA+C;YAC/C,MAAM,WAAW,GACb,CAAC,QAAQ,CAAC,IAAI,EAAE,cAAc,IAAI,EAAE,CAAC;iBAChC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,uBAAuB,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;YACrE,IAAI,CAAC,WAAW,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CAAC,6EAA6E,CAAC,CAAC;YACnG,CAAC;YAED,MAAM,EAAE,WAAW,EAAE,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YACtD,MAAM,QAAQ,GAAG,uBAAuB,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC;YAChF,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,gBAAgB,CAAC,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC,CAAC;YACpF,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,gBAAgB,CAAC;gBAC7C,UAAU;gBACV,MAAM,EAAE,uBAAuB,CAAC,YAAY,CAAC,EAAE;gBAC/C,WAAW;aACd,CAAC,CAAC;YAEH,+BAA+B;YAC/B,MAAM,KAAK,GAAG,GAAG,IAAI,CAAC,IAAK,CAAC,KAAK,UAAU,kBAAkB,CAAC,WAAW,CAAC,aAAa,kBAAkB,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5H,IAAI,OAAO,EAAE,CAAC;gBAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,6BAA6B,KAAK,EAAE,CAAC,CAAC;YAAC,CAAC;YAExE,MAAM,EAAE,GAAG,IAAI,SAAS,CAAC,KAAK,CAAC,CAAC;YAChC,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;YAEb,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACzC,IAAI,UAAU,GAAG,KAAK,CAAC;gBAEvB,EAAE,CAAC,gBAAgB,CAAC,MAAM,EAAE,GAAG,EAAE;oBAC7B,IAAI,OAAO,EAAE,CAAC;wBAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,0CAA0C,CAAC,CAAC;oBAAC,CAAC;gBAClF,CAAC,CAAC,CAAC;gBAEH,EAAE,CAAC,gBAAgB,CAAC,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE;oBACxC,IAAI,CAAC;wBACD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;wBAChC,IAAI,OAAO,EAAE,CAAC;4BAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,oBAAoB,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;wBAAC,CAAC;wBAElE,IAAI,GAAG,CAAC,IAAI,KAAK,oBAAoB,CAAC,mBAAmB,EAAE,CAAC;4BACxD,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;gCACnB,IAAI,EAAE,oBAAoB,CAAC,SAAS;gCACpC,KAAK,EAAE,WAAW;6BACrB,CAAC,CAAC,CAAC;wBACR,CAAC;6BAAM,IAAI,GAAG,CAAC,IAAI,KAAK,oBAAoB,CAAC,cAAc,EAAE,CAAC;4BAC1D,MAAM,EAAE,aAAa,EAAE,WAAW,EAAE,GAAG,GAAG,CAAC;4BAC3C,IAAI,OAAO,EAAE,CAAC;gCAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,iCAAiC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;4BAAC,CAAC;4BAE7F,MAAM,eAAe,GAAG,IAAI,kBAAkB,EAAE,CAAC;4BACjD,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC;gCAC1C,cAAc,EAAE,QAAQ;gCACxB,YAAY,EAAE,aAAa;gCAC3B,MAAM,EAAE,uBAAuB,CAAC,YAAY,CAAC,EAAE;gCAC/C,oBAAoB,EAAE,WAAW;gCACjC,KAAK,EAAE;oCACH,IAAI,EAAE,uBAAuB,CAAC,YAAY,CAAC,IAAI;oCAC/C,MAAM,EAAE,aAAa;iCACxB;gCACD,SAAS,EAAE,cAAc;gCACzB,KAAK,EAAE,UAAU;6BACpB,CAAC,CAAC;4BAEH,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;gCACnB,IAAI,EAAE,oBAAoB,CAAC,UAAU;gCACrC,UAAU;6BACb,CAAC,CAAC,CAAC;wBACR,CAAC;6BAAM,IAAI,GAAG,CAAC,IAAI,KAAK,oBAAoB,CAAC,OAAO,EAAE,CAAC;4BACnD,IAAI,OAAO,EAAE,CAAC;gCAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,6BAA6B,CAAC,CAAC;4BAAC,CAAC;4BACjE,UAAU,GAAG,IAAI,CAAC;4BAElB,qCAAqC;4BACrC,EAAE,CAAC,mBAAmB,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,CAAQ,CAAC,CAAC;4BACtD,EAAE,CAAC,gBAAgB,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC,CAAC;4BAE5E,OAAO,EAAE,CAAC;wBACd,CAAC;6BAAM,IAAI,GAAG,CAAC,IAAI,KAAK,oBAAoB,CAAC,SAAS,EAAE,CAAC;4BACrD,MAAM,CAAC,IAAI,KAAK,CAAC,mBAAmB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;wBACxD,CAAC;oBACL,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACb,MAAM,CAAC,KAAK,CAAC,CAAC;oBAClB,CAAC;gBACL,CAAC,CAAC,CAAC;gBAEH,EAAE,CAAC,gBAAgB,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;oBACnC,IAAI,CAAC,UAAU,EAAE,CAAC;wBACd,MAAM,CAAC,IAAI,KAAK,CAAC,oDAAoD,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC;oBACzF,CAAC;gBACL,CAAC,CAAC,CAAC;gBAEH,EAAE,CAAC,gBAAgB,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;oBACjC,IAAI,CAAC,UAAU,EAAE,CAAC;wBACd,MAAM,CAAC,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC;oBACpD,CAAC;gBACL,CAAC,CAAC,CAAC;YACP,CAAC,CAAC,CAAC;QAEP,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,oBAAoB,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YACjE,MAAM,KAAK,CAAC;QAChB,CAAC;IACL,CAAC;IAED;;OAEG;IACO,KAAK,CAAC,oBAAoB,CAAC,KAAmB;QACpD,MAAM,EAAE,GAAG,GAAG,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,oBAAoB,CAAC,IAAI,GAAG,CAAC;QAC3D,IAAI,CAAC;YACD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACnC,IAAI,OAAO,EAAE,CAAC;gBAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,4BAA4B,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;YAAC,CAAC;YAE1E,IAAI,GAAG,CAAC,IAAI,KAAK,oBAAoB,CAAC,mBAAmB,EAAE,CAAC;gBACxD,MAAM,eAAe,GAAG,GAAG,CAAC,OAAkC,CAAC;gBAE/D,yDAAyD;gBACzD,MAAM,IAAI,CAAC,uBAAuB,CAAC,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,CAAC;gBAEjE,kEAAkE;gBAClE,MAAM,oBAAoB,GAAG,eAAe,CAAC,IAAI,EAAE,CAAC,qBAAqB,CAAC,IAAI,EAAE,CAAC;gBACjF,IAAI,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAClC,IAAI,CAAC,EAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;wBACzB,IAAI,EAAE,oBAAoB,CAAC,iCAAiC;wBAC5D,WAAW,EAAE,YAAY,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;qBACxD,CAAC,CAAC,CAAC;gBACR,CAAC;gBAED,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;oBACrB,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC;oBACnC,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC;oBAC/B,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;oBAC9B,OAAO,CAAC,eAAe,CAAC,CAAC;gBAC7B,CAAC;YACL,CAAC;iBAAM,IAAI,GAAG,CAAC,IAAI,KAAK,oBAAoB,CAAC,wBAAwB,EAAE,CAAC;gBACpE,0DAA0D;gBAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,qBAAqB,IAAI,EAAE,CAAC;gBAClD,IAAI,CAAC,qBAAqB,GAAG,EAAE,CAAC;gBAChC,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;oBAC3B,IAAI,CAAC,EAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;wBACzB,IAAI,EAAE,oBAAoB,CAAC,cAAc;wBACzC,KAAK;qBACR,CAAC,CAAC,CAAC;gBACR,CAAC;YACL,CAAC;iBAAM,IAAI,GAAG,CAAC,IAAI,KAAK,oBAAoB,CAAC,cAAc,EAAE,CAAC;gBAC1D,MAAM,OAAO,GAAG,GAAG,CAAC,KAAiB,CAAC;gBACtC,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACpD,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,kCAAkC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC/E,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBACpB,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;YAC7B,CAAC;QACL,CAAC;IACL,CAAC;IAED;;OAEG;IACgB,KAAK,CAAC,kBAAkB,CAAC,OAAgC;QACxE,MAAM,EAAE,GAAG,GAAG,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC;QACzD,IAAI,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,KAAK,SAAS,CAAC,IAAI,EAAE,CAAC;gBACpD,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;YAChG,CAAC;YAED,qCAAqC;YACrC,MAAM,cAAc,GAAG,OAAO,CAAC,mBAAmB,IAAI,EAAE,CAAC;YACzD,IAAI,CAAC,qBAAqB,GAAG,CAAC,GAAG,cAAc,CAAC,CAAC;YAEjD,kDAAkD;YAClD,MAAM,aAAa,GAAG,EAAE,GAAG,OAAO,EAAE,CAAC;YACrC,OAAO,aAAa,CAAC,mBAAmB,CAAC;YAEzC,oDAAoD;YACpD,OAAO,IAAI,OAAO,CAAsC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACxE,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC;gBAC7B,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC;gBAE3B,IAAI,CAAC,EAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;oBACzB,IAAI,EAAE,oBAAoB,CAAC,UAAU;oBACrC,OAAO,EAAE,aAAa;iBACzB,CAAC,CAAC,CAAC;YACR,CAAC,CAAC,CAAC;QAEP,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,+BAA+B,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC5E,MAAM,KAAK,CAAC;QAChB,CAAC;IACL,CAAC;CACJ"}
package/dist/sync/sync-saga-context/sync-saga-context-helpers.d.mts CHANGED
@@ -3,7 +3,7 @@
3
3
  */
4
4
  import { Ib } from '@ibgib/ts-gib/dist/types.mjs';
5
5
  import { SyncSagaContextData_V1, SyncSagaContextIbGib_V1, SyncSagaContextIb_V1 } from './sync-saga-context-types.mjs';
6
- import { SyncSagaFrameDependencyGraph } from '../sync-types.mjs';
6
+ import { IbGibSpaceAny } from '../../witness/space/space-base-v1.mjs';
7
7
  /**
8
8
  * Constructs the standard 'ib' string for a Sync Saga Context stone.
9
9
  */
@@ -42,12 +42,29 @@ export declare function validateContextAndSagaFrame({ context, }: {
42
42
  export declare function validateContextDomainPayloadIbGibs({ context }: {
43
43
  context: SyncSagaContextIbGib_V1;
44
44
  }): Promise<string[]>;
45
- export declare function authenticateContext({}: {}): Promise<string[]>;
46
45
  /**
47
- * move to sync-peer-helpers.mts as a pure function?
46
+ * "Intrinsically": This authenticates assuming we have already established that
47
+ * this context is a valid continuation of previous sync contexts/saga state. It
48
+ * does not check that the session identity contained on this context is a valid
49
+ * continuation.
50
+ *
51
+ * ## notes
52
+ *
53
+ * Say an attacker tries to hijack a legit sync process by capturing previous
54
+ * context(s). Then the attacker just either creates its own sessionIdentity
55
+ *
56
+ * ## implementation notes
57
+ *
58
+ * This is a HUGE function right now, because there are just a lot of things to
59
+ * check. I'm basically going through and just taking every assumption that I
60
+ * can think of and encoding it.
61
+ *
62
+ * We will need to refactor this at some point to neaten it up, but we should
63
+ * not remove sections without EXTREMELY good reasoning, as this would reduce
64
+ * security.
48
65
  */
49
- export declare function authorizeContext({ context, fullSagaHistory }: {
66
+ export declare function authenticateContextIntrinsically({ context, space, }: {
50
67
  context: SyncSagaContextIbGib_V1;
51
- fullSagaHistory: SyncSagaFrameDependencyGraph[];
68
+ space: IbGibSpaceAny;
52
69
  }): Promise<string[]>;
53
70
  //# sourceMappingURL=sync-saga-context-helpers.d.mts.map
package/dist/sync/sync-saga-context/sync-saga-context-helpers.d.mts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sync-saga-context-helpers.d.mts","sourceRoot":"","sources":["../../../src/sync/sync-saga-context/sync-saga-context-helpers.mts"],"names":[],"mappings":"AAAA;;GAEG;AAMH,OAAO,EAAE,EAAE,EAAE,MAAM,8BAA8B,CAAC;AAMlD,OAAO,EACH,sBAAsB,EAAE,uBAAuB,EAAE,oBAAoB,EAExE,MAAM,+BAA+B,CAAC;AAGvC,OAAO,EAAgB,4BAA4B,EAAE,MAAM,mBAAmB,CAAC;AAM/E;;GAEG;AACH,wBAAsB,oBAAoB,CAAC,EACvC,IAAI,GACP,EAAE;IACC,IAAI,EAAE,sBAAsB,CAAC;CAChC,GAAG,OAAO,CAAC,EAAE,CAAC,CAkBd;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAAC,EACzC,EAAE,GACL,EAAE;IACC,EAAE,EAAE,EAAE,CAAC;CACV,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAkChC;AAED,wBAAgB,sBAAsB,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,IAAI,uBAAuB,CAgB3E;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,2BAA2B,CAAC,EAC9C,OAAO,GACV,EAAE;IACC,OAAO,EAAE,uBAAuB,CAAC;CACpC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAyCpB;AAED;;;;;;GAMG;AACH,wBAAsB,kCAAkC,CAAC,EAAE,OAAO,EAAE,EAAE;IAAE,OAAO,EAAE,uBAAuB,CAAA;CAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAY7H;AAED,wBAAsB,mBAAmB,CAAC,EACzC,IAAA,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAYpB;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,EACnC,OAAO,EACP,eAAe,EAClB,EAAE;IACC,OAAO,EAAE,uBAAuB,CAAC;IACjC,eAAe,EAAE,4BAA4B,EAAE,CAAC;CACnD,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAcpB"}
1
+ {"version":3,"file":"sync-saga-context-helpers.d.mts","sourceRoot":"","sources":["../../../src/sync/sync-saga-context/sync-saga-context-helpers.mts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,EAAE,EAAE,EAAG,MAAM,8BAA8B,CAAC;AAMnD,OAAO,EACH,sBAAsB,EAAE,uBAAuB,EAAE,oBAAoB,EACxE,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,uCAAuC,CAAC;AAWtE;;GAEG;AACH,wBAAsB,oBAAoB,CAAC,EACvC,IAAI,GACP,EAAE;IACC,IAAI,EAAE,sBAAsB,CAAC;CAChC,GAAG,OAAO,CAAC,EAAE,CAAC,CAkBd;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAAC,EACzC,EAAE,GACL,EAAE;IACC,EAAE,EAAE,EAAE,CAAC;CACV,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAkChC;AAED,wBAAgB,sBAAsB,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,IAAI,uBAAuB,CAgB3E;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,2BAA2B,CAAC,EAC9C,OAAO,GACV,EAAE;IACC,OAAO,EAAE,uBAAuB,CAAC;CACpC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAyCpB;AAED;;;;;;GAMG;AACH,wBAAsB,kCAAkC,CAAC,EAAE,OAAO,EAAE,EAAE;IAAE,OAAO,EAAE,uBAAuB,CAAA;CAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAY7H;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAsB,gCAAgC,CAAC,EACnD,OAAO,EACP,KAAK,GAER,EAAE;IACC,OAAO,EAAE,uBAAuB,CAAC;IACjC,KAAK,EAAE,aAAa,CAAC;CAKxB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAmMpB"}
package/dist/sync/sync-saga-context/sync-saga-context-helpers.mjs CHANGED
@@ -1,12 +1,16 @@
1
1
  /**
2
2
  * @module sync saga context helpers
3
3
  */
4
- import { extractErrorMsg } from '@ibgib/helper-gib/dist/helpers/utils-helper.mjs';
4
+ import { extractErrorMsg, } from '@ibgib/helper-gib/dist/helpers/utils-helper.mjs';
5
+ import { getIbGibAddr, } from '@ibgib/ts-gib/dist/helper.mjs';
5
6
  import { validateIbGibIntrinsically } from '@ibgib/ts-gib/dist/V1/validate-helper.mjs';
6
7
  import { GLOBAL_LOG_A_LOT } from '../../core-constants.mjs';
7
8
  import { SYNC_SAGA_CONTEXT_ATOM } from './sync-saga-context-constants.mjs';
9
+ import { getFromSpace, getLatestAddrs, getTjpIbGib } from '../../witness/space/space-helper.mjs';
8
10
  import { validateSyncSagaFrame } from '../sync-helpers.mjs';
9
11
  import { isIbGibWithAtom } from '../../common/other/ibgib-helper.mjs';
12
+ import { KeystoneService_V1 } from '../../keystone/keystone-service-v1.mjs';
13
+ import { KEYSTONE_VERB_SYNC } from '../../keystone/keystone-constants.mjs';
10
14
  const logalot = GLOBAL_LOG_A_LOT;
11
15
  /**
12
16
  * Constructs the standard 'ib' string for a Sync Saga Context stone.
@@ -166,40 +170,232 @@ export async function validateContextDomainPayloadIbGibs({ context }) {
166
170
  }
167
171
  }
168
172
  }
169
- export async function authenticateContext({}) {
170
- const lc = `[${authenticateContext.name}]`;
173
+ /**
174
+ * "Intrinsically": This authenticates assuming we have already established that
175
+ * this context is a valid continuation of previous sync contexts/saga state. It
176
+ * does not check that the session identity contained on this context is a valid
177
+ * continuation.
178
+ *
179
+ * ## notes
180
+ *
181
+ * Say an attacker tries to hijack a legit sync process by capturing previous
182
+ * context(s). Then the attacker just either creates its own sessionIdentity
183
+ *
184
+ * ## implementation notes
185
+ *
186
+ * This is a HUGE function right now, because there are just a lot of things to
187
+ * check. I'm basically going through and just taking every assumption that I
188
+ * can think of and encoding it.
189
+ *
190
+ * We will need to refactor this at some point to neaten it up, but we should
191
+ * not remove sections without EXTREMELY good reasoning, as this would reduce
192
+ * security.
193
+ */
194
+ export async function authenticateContextIntrinsically({ context, space,
195
+ // stageInProtocol,
196
+ }) {
197
+ const lc = `[${authenticateContextIntrinsically.name}]`;
171
198
  try {
172
199
  if (logalot) {
173
200
  console.log(`${lc} starting... (I: 3c34e8f1d6ef965f98725c88459ea926)`);
174
201
  }
175
- console.warn(`${lc}[NAG] not thrown. not implemented right now after removing all identity-related code. (W: e5fad31cfb49eef198a189a82dbcf726)`);
176
- return [];
177
- }
178
- catch (error) {
179
- console.error(`${lc} ${extractErrorMsg(error)}`);
180
- throw error;
181
- }
182
- finally {
183
- if (logalot) {
184
- console.log(`${lc} complete.`);
202
+ const errors = [];
203
+ if (!context.data) {
204
+ throw new Error(`(UNEXPECTED) context.data falsy? (E: 3e4ddd0eb4b828ad489658d88d9a6326)`);
185
205
  }
186
- }
187
- }
188
- /**
189
- * move to sync-peer-helpers.mts as a pure function?
190
- */
191
- export async function authorizeContext({ context, fullSagaHistory }) {
192
- const lc = `[${authorizeContext.name}]`;
193
- try {
194
- if (logalot) {
195
- console.log(`${lc} starting... (I: 48c918b41ceec0cd489ca3b8819e6826)`);
206
+ if (!context.rel8ns) {
207
+ throw new Error(`(UNEXPECTED) context.rel8ns falsy? (E: 8026589d4fed69c828334ee842074326)`);
196
208
  }
197
- console.error(`${lc} NAG ERROR (NOT THROWN): not implemented. authorize business logic (v1 must have this, but later when we are working on admin vs. student)(E: bc3a78f2dab18ab64c36d055a4b50526)`);
198
- return [];
209
+ const { sagaFrame, signedSessionIdentity: currSessionIdentity } = context;
210
+ if (!sagaFrame.data) {
211
+ throw new Error(`(UNEXPECTED) sagaFrame.data falsy? (E: b61cc82d25984c92f75db74a5a855b26)`);
212
+ }
213
+ // We only sign at the context level.
214
+ // If context has no signedSessionIdentity, skip authentication (anonymous or broker response).
215
+ if (!currSessionIdentity) {
216
+ // check the sync saga to determine if there _should_ be a session
217
+ // identity according to the given sagaFrame (which could be
218
+ // malicious, remember!!)
219
+ // todo: add logic to SET this property when using identity, then (and only then) remove this todo.
220
+ console.error(`${lc}[NAG][not thrown] sagaFrame.data.sessionIdentityTjpAddr logic needs to be added in coordinator (E: 4fc47800a1086c917a47381824280826)`);
221
+ if (sagaFrame.data.sessionIdentityTjpAddr) {
222
+ errors.push('Context has no session identity, but sync saga frame shows a session identity (sagaFrame.data.sessionIdentityTjpAddr is truthy). (E: 69dd6cdc2e1859c0f3d62958c4339826)');
223
+ return errors; /* <<<< returns early */
224
+ }
225
+ else if (context.rel8ns.sessionIdentity) {
226
+ errors.push('Context has no signed session identity, but context.rel8ns.sessionIdentity is truthy. (E: 96a04a8a6c88ea8bf88118f89ad8e326)');
227
+ return errors; /* <<<< returns early */
228
+ }
229
+ else {
230
+ // nothing further to authenticate
231
+ if (logalot) {
232
+ console.log(`${lc} context has no signedSessionIdentity and sync saga frame doesn't state there should be session identity. So nothing further to authenticate - returning early with no authentication errors. (I: d708735f9a2899ee98f762b8a09ed826)`);
233
+ }
234
+ return []; /* <<<< returns early */
235
+ }
236
+ }
237
+ const currSessionIdentityAddr = getIbGibAddr({ ibGib: currSessionIdentity });
238
+ // ensure the context rel8ns points to a session identity
239
+ const prevSessionIdentityAddrs_accordingToContextRel8ns = context.rel8ns?.sessionIdentity ?? [];
240
+ if (prevSessionIdentityAddrs_accordingToContextRel8ns.length === 0) {
241
+ errors.push(`context.rel8ns.sessionIdentity is falsy/empty but context.signedSessionIdentity is present. (E: 66f906421eb2468c0b33f908a3cf2826)`);
242
+ return errors; /* <<<< returns early */
243
+ }
244
+ if (prevSessionIdentityAddrs_accordingToContextRel8ns.length > 1) {
245
+ errors.push(`context.rel8ns.sessionIdentity has multiple identity addrs. (E: 489428bfe6fdaa4cd885b938dc4c5826)`);
246
+ return errors; /* <<<< returns early */
247
+ }
248
+ // ensure the context session identity is the immediate past of the
249
+ // current session identity
250
+ const prevSessionIdentityAddr = prevSessionIdentityAddrs_accordingToContextRel8ns[0];
251
+ // Confirm previous session identity addr exists in space and that it is
252
+ // the most recent in the session keystone's timeline
253
+ const resGetLatestAddr = await getLatestAddrs({ addrs: [prevSessionIdentityAddr], space });
254
+ if (!resGetLatestAddr) {
255
+ throw new Error(`(UNEXPECTED) resGetLatestAddr for prevSessionIdentityAddr in space (${space.ib}) falsy? (E: 7b207e5cbcec9037ea5adbe822ead826)`);
256
+ }
257
+ if (!resGetLatestAddr.data) {
258
+ throw new Error(`(UNEXPECTED) resGetLatestAddr.data for prevSessionIdentityAddr in space (${space.ib}) falsy? (E: de4eb8d730c8c4dcb59c8b9c79277826)`);
259
+ }
260
+ if (!resGetLatestAddr.data.success) {
261
+ throw new Error(`(UNEXPECTED) resGetLatestAddr.data.success falsy? (E: c94298dfd9684ad6a87eb748459aa826)`);
262
+ }
263
+ const { latestAddrsMap } = resGetLatestAddr.data;
264
+ if (!latestAddrsMap) {
265
+ throw new Error(`(UNEXPECTED) resGetLatestAddr.data.latestAddrsMap falsy? (E: 19f1fd5fe798cf2e5fa923919169d826)`);
266
+ }
267
+ if (Object.keys(latestAddrsMap).length !== 1) {
268
+ throw new Error(`(UNEXPECTED) Object.keys(latestAddrsMap).length !== 1? (E: fe526a0747589c6427a8bcc86da34a26)`);
269
+ }
270
+ const prevSessionIdentityAddr_latest = latestAddrsMap[prevSessionIdentityAddr];
271
+ if (!prevSessionIdentityAddr_latest) {
272
+ errors.push(`prevSessionIdentityAddr (${prevSessionIdentityAddr}) not found in space (${space.ib}). this should have been the incoming prevSessionIdentityAddr (E: f6d042bd6b54819998653228dee34226)`);
273
+ return errors; /* <<<< returns early */
274
+ }
275
+ if (prevSessionIdentityAddr !== prevSessionIdentityAddr_latest) {
276
+ if (prevSessionIdentityAddr_latest === currSessionIdentityAddr) {
277
+ // this is ok? if the sender peer is calling this just to validate **before sending**, then this will be the case. If the receiver is calling this code before continuing the sync/at the start of continuing the sync, then this will not hit.
278
+ // debugger; // in sync saga context auth, want to know if this hits...this does hit, so my thoughts on the innerspace/sender peer seem to be correct
279
+ }
280
+ else {
281
+ // debugger; // in sync saga context auth, want to know if this hits...so far this does NOT hit
282
+ errors.push(`context.rel8ns.sessionIdentity does not point to the most recent in the space (${space.ib}). (E: 2f8288f53c87b6aa47bd2178d9df0c26)`);
283
+ return errors; /* <<<< returns early */
284
+ }
285
+ }
286
+ const resGetPrevSessionIdentity = await getFromSpace({ addr: prevSessionIdentityAddr, space });
287
+ if (!resGetPrevSessionIdentity.success || resGetPrevSessionIdentity.ibGibs?.length !== 1) {
288
+ errors.push(`could not fetch latest sender identity ${prevSessionIdentityAddr} from space (${space.ib}). (E: fd48c3e64c9fa4efd8a1f8280af18226)`);
289
+ return errors;
290
+ }
291
+ const prevSessionIdentity = resGetPrevSessionIdentity.ibGibs[0];
292
+ // get the session identity tjp, which has frame details that link back
293
+ // to the identity that authorized the session
294
+ const sessionIdentityTjp = await getTjpIbGib({ ibGib: prevSessionIdentity, naive: true, space });
295
+ if (!sessionIdentityTjp) {
296
+ throw new Error(`(UNEXPECTED) couldn't get sessionIdentityTjp in space (${space.ib})? we have already gotten the identity itself in the space, so we would expect the entire timeline to exist in it. (E: 9be0382ff1c8a0e77645ea38c096f826)`);
297
+ }
298
+ const sessionIdentityTjpAddr = getIbGibAddr({ ibGib: sessionIdentityTjp });
299
+ if (sessionIdentityTjpAddr !== sagaFrame.data.sessionIdentityTjpAddr) {
300
+ throw new Error(`(UNEXPECTED) sessionIdentityTjpAddr !== sagaFrame.data.sessionIdentityTjpAddr? (E: c9a4ad5c2728fe38e86afc58e4abaf26)`);
301
+ }
302
+ const sessionGenesisFrameDetails = sessionIdentityTjp.data.frameDetails;
303
+ if (!sessionGenesisFrameDetails) {
304
+ errors.push(`Invalid session identity tjp: sessionIdentityTjp.data.frameDetails is falsy. (E: 0187f8f804a84256281720586620b826)`);
305
+ return errors; /* <<<< returns early */
306
+ }
307
+ const { senderIdentityAddr, senderIdentityTjpAddr } = sessionGenesisFrameDetails;
308
+ if (!senderIdentityAddr) {
309
+ throw new Error(`sessionGenesisFrameDetails.senderIdentityAddr falsy (E: 02a0c80a3ead9e3af8af4cf3b156e826)`);
310
+ }
311
+ if (!senderIdentityTjpAddr) {
312
+ throw new Error(`sessionGenesisFrameDetails.senderIdentityTjpAddr falsy (E: 271928090ff5dc56d4bb63d8d5c68826)`);
313
+ }
314
+ const resGetLatestAddr_senderIdentity = await getLatestAddrs({ addrs: [senderIdentityTjpAddr, senderIdentityAddr], space });
315
+ if (!resGetLatestAddr_senderIdentity) {
316
+ throw new Error(`(UNEXPECTED) resGetLatestAddr_senderIdentity for prevSessionIdentityAddr in space (${space.ib}) falsy? (E: 2e4ae8083b6fb7cbb8fae2a519062926)`);
317
+ }
318
+ if (!resGetLatestAddr_senderIdentity.data) {
319
+ throw new Error(`(UNEXPECTED) resGetLatestAddr_senderIdentity.data for prevSessionIdentityAddr in space (${space.ib}) falsy? (E: 2e231850c2a898cc282b4b2841056826)`);
320
+ }
321
+ if (!resGetLatestAddr_senderIdentity.data.success) {
322
+ throw new Error(`(UNEXPECTED) resGetLatestAddr_senderIdentity.data.success falsy? (E: e93508f03e0475925875b00746ffd826)`);
323
+ }
324
+ const { latestAddrsMap: latestAddrsMap_senderIdentity } = resGetLatestAddr_senderIdentity.data;
325
+ if (!latestAddrsMap_senderIdentity) {
326
+ throw new Error(`(UNEXPECTED) resGetLatestAddr_senderIdentity.data.latestAddrsMap falsy? (E: 87a91e3f9968ad9ba79cdfe8cd878326)`);
327
+ }
328
+ if (Object.keys(latestAddrsMap_senderIdentity).length !== 2 && senderIdentityTjpAddr !== senderIdentityAddr) {
329
+ throw new Error(`(UNEXPECTED) Object.keys(latestAddrsMap_senderIdentity).length !== 2 && senderIdentityTjpAddr !== senderIdentityAddr? (E: fe46bd584853d8e1e8e2d11f52012826)`);
330
+ }
331
+ // these two should be the same, we're just confirming that they're both
332
+ // on the same timeline.
333
+ const senderIdentityTjpAddr_latest = latestAddrsMap_senderIdentity[senderIdentityTjpAddr];
334
+ const senderIdentityAddr_latest = latestAddrsMap_senderIdentity[senderIdentityAddr];
335
+ if (!senderIdentityAddr_latest) {
336
+ throw new Error(`(UNEXPECTED) senderIdentityAddr_latest falsy? (E: e151798ae2e9241578d09948937c4b26)`);
337
+ }
338
+ if (senderIdentityTjpAddr_latest !== senderIdentityAddr_latest) {
339
+ throw new Error(`senderIdentityTjpAddr_latest !== senderIdentityAddr_latest (E: 52478a1053589e72665031a853cc1826)`);
340
+ }
341
+ // ATOW, we're only allowing a single sync to occur on an identity at
342
+ // any given time (which makes sense). We also are assuming that the
343
+ // sender identity is not doing anything ELSE at this time, which in
344
+ // the (far) future may change. So the user couldn't edit their primary
345
+ // identity's profile, description, etc., while the sync is in progress.
346
+ // This may ultimately be asking too much though. But for now, we'll
347
+ // enforce that the latest senderIdentity addr should be that addr that
348
+ // authorized the session keystone.
349
+ // if (senderIdentityAddr_latest !== senderIdentityAddr) {
350
+ // errors.push(`The senderIdentityAddr referenced in the session keystone's genesis frameDetails (${senderIdentityAddr}) is DIFFERENT than the latest sender identity addr (${senderIdentityAddr_latest}). This means that the sender has done something besides the current sync operation, which isn't supported at this time. (E: a02598271b48cbeb584e45abde121826)`);
351
+ // return errors; /* <<<< returns early */
352
+ // }
353
+ // now we confirm the other direction: sender identity should have been
354
+ // signed with "sync" verb and targeting the sessionIdentity tjp
355
+ // (genesis) frame.
356
+ const resGetSenderIdentity_latest = await getFromSpace({
357
+ addr: senderIdentityAddr_latest,
358
+ space,
359
+ });
360
+ if (!resGetSenderIdentity_latest.success || resGetSenderIdentity_latest.ibGibs?.length !== 1) {
361
+ errors.push(`could not fetch latest sender identity ${prevSessionIdentityAddr} from space (${space.ib}). (E: 3565ff0ed458f5a2384c40b16e849826)`);
362
+ return errors; /* <<<< returns early */
363
+ }
364
+ const senderIdentity_latest = resGetSenderIdentity_latest.ibGibs[0];
365
+ if (!senderIdentity_latest.data.proofs) {
366
+ errors.push(`Invalid sender identity. Proofs empty/falsy. (E: ebf488853061614d2b5b137828119526)`);
367
+ return errors; /* <<<< returns early */
368
+ }
369
+ const syncClaim = senderIdentity_latest.data.proofs.find(p => p.claim.verb === KEYSTONE_VERB_SYNC)?.claim;
370
+ if (!syncClaim) {
371
+ errors.push(`Most recent senderIdentity has no proof whose claim.verb === ${KEYSTONE_VERB_SYNC}. (E: b0f488ecccbbfe43d9a0b7c8a29d7826)`);
372
+ return errors; /* <<<< returns early */
373
+ }
374
+ if (syncClaim.target !== sessionIdentityTjpAddr) {
375
+ errors.push(`Most recent sender identity claim has claim.verb === ${KEYSTONE_VERB_SYNC} but DOES NOT target expected session identity addr ${prevSessionIdentityAddr}. (E: 3e7f18d99848969be8586423d5ccb826)`);
376
+ return errors;
377
+ }
378
+ const keystoneSvc = new KeystoneService_V1();
379
+ const transitionErrors = await keystoneSvc.validate({
380
+ currentIbGib: currSessionIdentity,
381
+ prevIbGib: prevSessionIdentity,
382
+ });
383
+ if (transitionErrors.length > 0) {
384
+ errors.push(`Invalid session identity transition: ${transitionErrors.join(', ')} (E: da1c81c6d3c86aec3254f48fe7514226)`);
385
+ }
386
+ // we have a valid keystone evolution/signing, but was it specifically
387
+ // for this incoming context? verify that the signing targets context.
388
+ const contextAddr = getIbGibAddr({ ibGib: context });
389
+ const targetsThisContext = currSessionIdentity.data?.proofs?.some(p => p.claim.target === contextAddr);
390
+ if (!targetsThisContext) {
391
+ errors.push(`Session identity signature does not target current context ibgib (${contextAddr}). (E: acae68938c287178c878d1b88bebb826)`);
392
+ }
393
+ return errors;
199
394
  }
200
395
  catch (error) {
201
- console.error(`${lc} ${extractErrorMsg(error)}`);
202
- throw error;
396
+ const emsg = `${lc} ${extractErrorMsg(error)}`;
397
+ console.error(emsg);
398
+ return [`authentication produced an error: ${emsg} (E: 45e014b82af81993d936611ca6fc4d26)`];
203
399
  }
204
400
  finally {
205
401
  if (logalot) {