@lifeready/core 1.0.1 → 1.0.2

package/src/lib/api/shared-contact-card2.gql.ts

@@ -1,76 +0,0 @@
-import { gqlTyped } from '../_common/ast';
-import { ID } from './types';
-
-export interface UpdateOwnedContactCardMutation {
-  updateOwnedContactCard: {
-    ownedContactCard: {
-      id: ID;
-    };
-  };
-}
-export const UpdateOwnedContactCardMutation = gqlTyped<UpdateOwnedContactCardMutation>`
-mutation UpdateOwnedContactCardMutation(
-  $input: UpdateOwnedContactCardInput!
-) {
-  updateOwnedContactCard(input: $input) {
-    ownedContactCard {
-      id
-    }
-  }
-}`;
-
-export interface UpdateReceivedContactCardMutation {
-  updateReceivedContactCard: {
-    receivedContactCard: {
-      id: ID;
-    };
-  };
-}
-export const UpdateReceivedContactCardMutation = gqlTyped<UpdateReceivedContactCardMutation>`
-mutation UpdateReceivedContactCardMutation(
-  $input: UpdateReceivedContactCardInput!
-) {
-  updateReceivedContactCard(input: $input) {
-    receivedContactCard {
-      id
-    }
-  }
-}`;
-
-export interface GetOwnedContactCardKeyIdsQuery {
-  ownedContactCard: {
-    sharedKey: {
-      id: ID;
-    };
-    ownerKey: {
-      id: ID;
-    };
-  };
-}
-export const GetOwnedContactCardKeyIdsQuery = gqlTyped<GetOwnedContactCardKeyIdsQuery>`
-query GetOwnedContactCardKeyIdsQuery($id: LrRelayIdInput!) {
-  ownedContactCard(id: $id) {
-    sharedKey {
-      id
-    }
-    ownerKey {
-      id
-    }
-  }
-}`;
-
-export interface GetReceivedContactCardKeyIdQuery {
-  receivedContactCard: {
-    receiverKey: {
-      id: ID;
-    };
-  };
-}
-export const GetReceivedContactCardKeyIdQuery = gqlTyped<GetReceivedContactCardKeyIdQuery>`
-query GetReceivedContactCardKeyIdQuery($id: LrRelayIdInput!) {
-  receivedContactCard(id: $id) {
-    receiverKey {
-      id
-    }
-  }
-}`;

package/src/lib/api/shared-contact-card2.service.ts

@@ -1,154 +0,0 @@
-import { Injectable, NgZone } from '@angular/core';
-import { Key } from '../cryptography/cryptography.types';
-import { EncryptionService } from '../cryptography/encryption.service';
-import { KeyGraphService } from '../cryptography/key-graph.service';
-import { KeyService } from '../cryptography/key.service';
-import { RunOutsideAngular } from '../_common/run-outside-angular';
-import {
-  ContactCardReceiverCipherData,
-  SendContactCardInput,
-} from './key-exchange2.service';
-import { LrGraphQLService, LrMutation } from './lr-graphql';
-import {
-  GetOwnedContactCardKeyIdsQuery,
-  GetReceivedContactCardKeyIdQuery,
-  UpdateOwnedContactCardMutation,
-  UpdateReceivedContactCardMutation,
-} from './shared-contact-card2.gql';
-import { LrRelayIdInput } from './types';
-
-export interface UpdateOwnedContactCardInput extends SendContactCardInput {
-  id: LrRelayIdInput;
-  ownerKeyId?: LrRelayIdInput;
-  sharedKeyId?: LrRelayIdInput;
-}
-
-export interface UpdateReceivedContactCardInput
-  extends ContactCardReceiverCipherData {
-  id: LrRelayIdInput;
-  receiverKeyId?: LrRelayIdInput;
-}
-
-@RunOutsideAngular({
-  ngZoneName: 'ngZone',
-})
-@Injectable({
-  providedIn: 'root',
-})
-export class SharedContactCard2Service {
-  constructor(
-    private ngZone: NgZone,
-    private keyService: KeyService,
-    private keyGraph: KeyGraphService,
-    private encryptionService: EncryptionService,
-    private lrGraphQL: LrGraphQLService
-  ) {}
-
-  private async getOwnedContactCardKeyIds(id: LrRelayIdInput) {
-    const { ownedContactCard: cc } = await this.lrGraphQL.query({
-      query: GetOwnedContactCardKeyIdsQuery,
-      variables: {
-        id,
-      },
-    });
-
-    return {
-      sharedKeyId: cc.sharedKey.id,
-      ownerKeyId: cc.ownerKey.id,
-    };
-  }
-
-  private async getReceivedContactCardKeyId(id: LrRelayIdInput) {
-    return (
-      await this.lrGraphQL.query({
-        query: GetReceivedContactCardKeyIdQuery,
-        variables: {
-          id,
-        },
-      })
-    ).receivedContactCard.receiverKey.id;
-  }
-
-  async updateOwnedContactCard({
-    id,
-    ownerKeyId,
-    sharedKeyId,
-    ownerPlainDataJson,
-    ownerCipherDataClearJson,
-    sharedCipherDataClearJson,
-  }: UpdateOwnedContactCardInput) {
-    let ownerKey: Key;
-    let sharedKey: Key;
-
-    try {
-      ownerKey = await this.keyGraph.getKey(ownerKeyId);
-      sharedKey = await this.keyGraph.getKey(sharedKeyId);
-    } catch (error) {
-      const keys = await this.getOwnedContactCardKeyIds(id);
-
-      // try again
-      ownerKey = await this.keyGraph.getKey(keys.ownerKeyId);
-      sharedKey = await this.keyGraph.getKey(keys.sharedKeyId);
-    }
-
-    const sigPxk = await this.keyService.getCurrentSigPxk();
-
-    const sharedCipherData = await this.encryptionService.encrypt(
-      sharedKey.jwk,
-      sharedCipherDataClearJson
-    );
-    const sharedCipherDataSig = JSON.stringify(
-      await this.encryptionService.sign(sigPxk.jwk, sharedCipherData)
-    );
-
-    const ownerPlainDataSig = JSON.stringify(
-      await this.encryptionService.sign(sigPxk.jwk, ownerPlainDataJson)
-    );
-
-    const ownerCipherData = await this.encryptionService.encryptToString(
-      ownerKey.jwk,
-      ownerCipherDataClearJson
-    );
-
-    return new LrMutation({
-      mutation: UpdateOwnedContactCardMutation,
-      variables: {
-        input: {
-          id,
-          ownerCipherData,
-          ownerKeyId: ownerKey.id,
-          sharedCipherDataSig,
-          sharedKeyId: sharedKey.id,
-          sigPxkId: sigPxk.id,
-          ownerPlainDataSig,
-        },
-      },
-    });
-  }
-
-  async updateReceivedContactCard({
-    id,
-    receiverKeyId,
-    receiverCipherDataClearJson,
-  }: UpdateReceivedContactCardInput) {
-    const receiverKey = await this.keyGraph.getKey(receiverKeyId, () =>
-      this.getReceivedContactCardKeyId(id)
-    );
-
-    const receiverCipherData = await this.encryptionService.encryptToString(
-      receiverKey.jwk,
-      receiverCipherDataClearJson
-    );
-
-    return new LrMutation({
-      mutation: UpdateReceivedContactCardMutation,
-      variables: {
-        input: {
-          id,
-          receiverCipherData,
-          receiverKeyId: receiverKey.id,
-        },
-      },
-    });
-  }
-}

package/src/lib/api/time.service.spec.ts

@@ -1,48 +0,0 @@
-import { TimeService } from './time.service';
-import { TestBed } from '@angular/core/testing';
-import { environment } from 'projects/lr-auth-app/src/environments/environment';
-import {
-  loginTestUser,
-  logoutUser,
-} from '../auth/life-ready-auth.service.spec';
-import { lrConfigureTestingModule, lrit } from '../_common/tests';
-
-const TIMEOUT = 1000 * 60 * 10;
-
-describe('TimeService', () => {
-  let timeService: TimeService;
-
-  beforeEach(async () => {
-    lrConfigureTestingModule();
-    timeService = TestBed.inject(TimeService);
-  });
-
-  lrit('should get server time', async () => {
-    const serverNow = await timeService.serverNow();
-    console.log('server now', serverNow);
-    console.log('local now', Date.now());
-    expect(serverNow).toBeTruthy();
-    expect(timeService.offsetMs).not.toBeNull();
-    console.log('timeService.offsetMs', timeService.offsetMs);
-  });
-
-  lrit(
-    'should confirm time from independent source',
-    async () => {
-      if (!timeService.VERIFY_ENABLED) {
-        return;
-      }
-
-      // Using AWS Cognito, so need to login first, it might block the client/host as malicious.
-      const {
-        username: username1,
-        password: password1,
-      } = environment.test.users[0];
-      await loginTestUser(username1, password1);
-
-      const serverNow = await timeService.serverNow();
-      expect(timeService.verified).toBeTrue();
-    },
-    TIMEOUT
-  );
-});

package/src/lib/api/time.service.ts

@@ -1,155 +0,0 @@
-import { Injectable } from '@angular/core';
-import { AuthClass } from '@aws-amplify/auth/lib-esm/Auth';
-import { Apollo } from 'apollo-angular';
-import gql from 'graphql-tag';
-import * as moment_ from 'moment';
-import {
-  LrErrorCode,
-  LrException,
-  handleApolloError,
-} from '../_common/exceptions';
-// "why?" you ask: https://stackoverflow.com/questions/59735280/angular-8-moment-error-cannot-call-a-namespace-moment
-const moment = moment_;
-
-export const ServerTimeQuery = gql`
-  query {
-    serverTime {
-      timestamp
-    }
-  }
-`;
-
-interface ServerTime {
-  timestamp: string;
-}
-
-@Injectable({
-  providedIn: 'root',
-})
-export class TimeService {
-  public VERIFY_ENABLED = true;
-  private readonly MAX_DIFF_MSEC = moment
-    .duration({ seconds: 30 })
-    .asMilliseconds();
-
-  offsetMs: number = null; // Millisecond offset of local clock.
-  verified = false; // Verified with independent time source
-
-  constructor(private auth: AuthClass, private apollo: Apollo) {}
-
-  private async getAccessToken(): Promise<string> {
-    try {
-      return (await this.auth.currentAuthenticatedUser())
-        .getSignInUserSession()
-        .getAccessToken()
-        .getJwtToken();
-    } catch (error) {
-      return ''; // Not authenticated
-    }
-  }
-
-  // Get time from independent source to confirm.
-  private async verifyCognito(): Promise<void> {
-    const accessToken = await this.getAccessToken();
-    if (!accessToken) {
-      return;
-    }
-
-    // Request headers from AWS Amplify Auth lib
-    // accept: */*
-    // accept-encoding: gzip, deflate, br
-    // accept-language: en-GB,en-US;q=0.9,en;q=0.8
-    // cache-control: no-cache
-    // content-length: 1089
-    // content-type: application/x-amz-json-1.1
-    // origin: http://localhost:4200
-    // pragma: no-cache
-    // referer: http://localhost:4200/
-    // sec-fetch-dest: empty
-    // sec-fetch-mode: cors
-    // sec-fetch-site: cross-site
-    // user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
-    // x-amz-target: AWSCognitoIdentityProviderService.GetUser
-    // x-amz-user-agent: aws-amplify/0.1.x js
-
-    // We are only interested in the Date field.
-    // AZ: I suppose we could use any end-point that provides a reliable Date field in the header. And we don't
-    // need to be authenticated. Even a 400 response would have a Date header. But the worry is that AWS might
-    // think it's some sort of attack, and block the IP or domain. At least in an authenticated call it can't be
-    // seen as illegitimate.
-    const response = await fetch(
-      'https://cognito-idp.ap-southeast-2.amazonaws.com/',
-      {
-        method: 'POST', // *GET, POST, PUT, DELETE, etc.
-        mode: 'cors', // no-cors, *cors, same-origin
-        cache: 'no-cache', // *default, no-cache, reload, force-cache, only-if-cached
-        headers: {
-          'x-amz-target': 'AWSCognitoIdentityProviderService.GetUser',
-          'x-amz-user-agent': 'aws-amplify/0.1.x js',
-          'Content-Type': 'application/x-amz-json-1.1',
-        },
-        // redirect: 'follow', // manual, *follow, error
-        // referrerPolicy: 'no-referrer', // no-referrer, *no-referrer-when-downgrade, origin, origin-when-cross-origin, same-origin, strict-origin, strict-origin-when-cross-origin, unsafe-url
-        body: JSON.stringify({
-          AccessToken: accessToken,
-        }), // body data type must match "Content-Type" header
-      }
-    );
-
-    const now = Date.now();
-
-    const verifyTime = moment(response.headers.get('Date')).valueOf();
-    const serverTime = now + this.offsetMs;
-    const diff = Math.abs(serverTime - verifyTime);
-
-    if (diff > this.MAX_DIFF_MSEC) {
-      throw new LrException({
-        code: LrErrorCode.BadTimeSync,
-        message: `Server time does not match independent source. ServerTime: ${serverTime}, Cognito time: ${verifyTime}`,
-      });
-    }
-
-    this.verified = true;
-  }
-
-  private async refresh(): Promise<void> {
-    const start = Date.now();
-    const res = await this.apollo
-      .query<{ serverTime: ServerTime }>({ query: ServerTimeQuery })
-      .toPromise();
-    const end = Date.now();
-
-    handleApolloError(res.errors);
-
-    const serverTime = parseInt(res.data.serverTime.timestamp, 10);
-
-    const roundtrip = end - start;
-    this.offsetMs = serverTime - (start + roundtrip / 2);
-
-    if (this.VERIFY_ENABLED) {
-      await this.verifyCognito();
-    }
-  }
-
-  async serverNow(): Promise<number> {
-    let needsRefresh = false;
-
-    // First call
-    if (this.offsetMs === null) {
-      needsRefresh = true;
-    }
-
-    if (this.VERIFY_ENABLED) {
-      // logged in but not yet verified time matches.
-      if (!this.verified && (await this.getAccessToken())) {
-        needsRefresh = true;
-      }
-    }
-
-    if (needsRefresh) {
-      await this.refresh();
-    }
-
-    return Date.now() + this.offsetMs;
-  }
-}

package/src/lib/api/types/graphql.types.ts

@@ -1,48 +0,0 @@
-// ------------------------------------------------------
-// Basic types
-// ------------------------------------------------------
-// These types map directory to types of the same name in graphql.
-// We use these aliases in case in the future we wish to reify the types and do
-// additional automated conversion.
-
-export type ID = string;
-// Server requires this to have certain format. But client
-// just treats this as an opaque string.
-export type LrRelayIdInput = string;
-export type DateTime = string;
-// This is basically the results of: JSON.stringify(obj)
-// Server validated to make sure it can JSON.parse() this.
-export type LrJSONString = string;
-// JSONString is a type from graphene. DB JSON fields maps to this type
-// automatically.
-// Where as LrJSONString is out custom implementation for input variables.
-export type JSONString = string;
-export type LrEmail = string;
-export type GenericScalar = any;
-export type UUID = string;
-
-export interface Node {
-  id?: string;
-}
-
-export interface TimeStamped {
-  created?: DateTime;
-  modified?: DateTime;
-}
-
-export interface Edge<NodeType extends Node> {
-  node?: NodeType;
-  cursor?: string;
-}
-
-export interface Connection<NodeType> {
-  pageInfo?: PageInfo;
-  edges?: Edge<NodeType>[];
-}
-
-export interface PageInfo {
-  hasNextPage?: boolean;
-  hasPreviousPage?: boolean;
-  startCursor?: string;
-  endCursor?: string;
-}