npm - @majikah/majik-file - Versions diffs - 0.0.2 → 0.0.3 - Mend

@majikah/majik-file 0.0.2 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/core/compressor/majik-compressor.d.ts +6 -5
package/dist/core/compressor/majik-compressor.js +13 -14
package/dist/majik-file.d.ts +17 -0
package/dist/majik-file.js +64 -0
package/package.json +1 -1

package/dist/core/compressor/majik-compressor.d.ts CHANGED Viewed

@@ -8,12 +8,13 @@
  * lifetime of the module. Subsequent calls are synchronous after the first
  * await.
  */
-/**
- * Ensure the Zstd WASM module is initialised.
- * Safe to call concurrently — the second caller will await the same promise.
- */
-export declare function ensureZstd(): Promise<void>;
 export declare class MajikCompressor {
+    private static initialized;
+    /**
+     * Ensure the Zstd WASM module is initialised.
+     * Safe to call concurrently — the second caller will await the same promise.
+     */
+    private static ensureInit;
     /**
      * Compress raw bytes using Zstd at the specified level.
      *

package/dist/core/compressor/majik-compressor.js CHANGED Viewed

@@ -11,20 +11,19 @@
 import { init, compress as zstdCompress, decompress as zstdDecompress, } from "@bokuweb/zstd-wasm";
 import { MajikFileError } from "../error";
 import { ZSTD_MAX_LEVEL } from "../crypto/constants";
-// ─── Init Guard ───────────────────────────────────────────────────────────────
-let zstdReady = false;
-/**
- * Ensure the Zstd WASM module is initialised.
- * Safe to call concurrently — the second caller will await the same promise.
- */
-export async function ensureZstd() {
-    if (!zstdReady) {
-        await init();
-        zstdReady = true;
-    }
-}
 // ─── MajikCompressor ──────────────────────────────────────────────────────────
 export class MajikCompressor {
+    static initialized = false;
+    /**
+     * Ensure the Zstd WASM module is initialised.
+     * Safe to call concurrently — the second caller will await the same promise.
+     */
+    static async ensureInit() {
+        if (!this.initialized) {
+            await init(); // only init Zstd for binary mode
+            this.initialized = true;
+        }
+    }
     /**
      * Compress raw bytes using Zstd at the specified level.
      *
@@ -41,7 +40,7 @@ export class MajikCompressor {
             throw MajikFileError.invalidInput(`MajikCompressor.compress: level must be an integer between 1 and 22 (got ${level})`);
         }
         try {
-            await ensureZstd();
+            await this.ensureInit();
             return zstdCompress(data, level);
         }
         catch (err) {
@@ -60,7 +59,7 @@ export class MajikCompressor {
             throw MajikFileError.invalidInput("MajikCompressor.decompress: data must be a non-empty Uint8Array");
         }
         try {
-            await ensureZstd();
+            await this.ensureInit();
             return zstdDecompress(data);
         }
         catch (err) {

package/dist/majik-file.d.ts CHANGED Viewed

@@ -147,6 +147,23 @@ export declare class MajikFile {
      * @throws MajikFileError on wrong key, missing key entry, corrupt data, or format errors.
      */
     static decrypt(source: Blob | Uint8Array | ArrayBuffer, identity: Pick<MajikFileIdentity, "fingerprint" | "mlKemSecretKey">): Promise<Uint8Array>;
+    /**
+     * Decrypt a .mjkb binary and return the raw bytes together with the
+     * original filename and MIME type that were embedded in the payload at
+     * encryption time.
+     *
+     * This is the preferred method for the File Vault UI because it avoids a
+     * second parse of the binary — everything comes from the single decodeMjkb
+     * call that decryption already performs.
+     *
+     * @returns `{ bytes, originalName, mimeType }` where `originalName` and
+     *          `mimeType` may be null if the file was encrypted without metadata.
+     */
+    static decryptWithMetadata(source: Blob | Uint8Array | ArrayBuffer, identity: Pick<MajikFileIdentity, "fingerprint" | "mlKemSecretKey">): Promise<{
+        bytes: Uint8Array;
+        originalName: string | null;
+        mimeType: string | null;
+    }>;
     /**
      * Decrypt the .mjkb binary already loaded on this instance.
      * Convenience wrapper around MajikFile.decrypt() — avoids re-fetching from R2.

package/dist/majik-file.js CHANGED Viewed

@@ -457,6 +457,70 @@ export class MajikFile {
             throw MajikFileError.decryptionFailed("File decryption failed", err);
         }
     }
+    /**
+     * Decrypt a .mjkb binary and return the raw bytes together with the
+     * original filename and MIME type that were embedded in the payload at
+     * encryption time.
+     *
+     * This is the preferred method for the File Vault UI because it avoids a
+     * second parse of the binary — everything comes from the single decodeMjkb
+     * call that decryption already performs.
+     *
+     * @returns `{ bytes, originalName, mimeType }` where `originalName` and
+     *          `mimeType` may be null if the file was encrypted without metadata.
+     */
+    static async decryptWithMetadata(source, identity) {
+        if (!identity)
+            throw MajikFileError.invalidInput("identity is required for decryption");
+        if (!(identity.mlKemSecretKey instanceof Uint8Array) ||
+            identity.mlKemSecretKey.length !== ML_KEM_SK_LEN) {
+            throw MajikFileError.invalidInput(`identity.mlKemSecretKey must be ${ML_KEM_SK_LEN} bytes (got ${identity.mlKemSecretKey?.length ?? "undefined"})`);
+        }
+        try {
+            const raw = await normaliseToUint8ArrayAsync(source);
+            const { iv, payload, ciphertext } = decodeMjkb(raw);
+            let aesKey;
+            if (isMjkbSinglePayload(payload)) {
+                const mlKemCT = base64ToUint8Array(payload.mlKemCipherText);
+                aesKey = mlKemDecapsulate(mlKemCT, identity.mlKemSecretKey);
+            }
+            else if (isMjkbGroupPayload(payload)) {
+                if (!identity.fingerprint?.trim()) {
+                    throw MajikFileError.invalidInput("identity.fingerprint is required to decrypt group files");
+                }
+                const entry = payload.keys.find((k) => k.fingerprint === identity.fingerprint);
+                if (!entry) {
+                    throw MajikFileError.decryptionFailed(`No key entry found for fingerprint "${identity.fingerprint}"`);
+                }
+                const mlKemCT = base64ToUint8Array(entry.mlKemCipherText);
+                const sharedSecret = mlKemDecapsulate(mlKemCT, identity.mlKemSecretKey);
+                const encAesKey = base64ToUint8Array(entry.encryptedAesKey);
+                aesKey = new Uint8Array(AES_KEY_LEN);
+                for (let i = 0; i < AES_KEY_LEN; i++) {
+                    aesKey[i] = encAesKey[i] ^ sharedSecret[i];
+                }
+            }
+            else {
+                throw MajikFileError.formatError(".mjkb payload JSON is neither a single nor group payload");
+            }
+            const compressed = aesGcmDecrypt(aesKey, iv, ciphertext);
+            if (!compressed) {
+                throw MajikFileError.decryptionFailed("Decryption failed — wrong key or corrupted .mjkb file");
+            }
+            const bytes = await MajikCompressor.decompress(compressed);
+            // Extract original_name and mime_type from the payload.
+            // Both fields are written at encryption time by MajikFile.create().
+            // They may be null for files encrypted without metadata.
+            const originalName = payload.original_name ?? null;
+            const mimeType = payload.mime_type ?? null;
+            return { bytes, originalName, mimeType };
+        }
+        catch (err) {
+            if (err instanceof MajikFileError)
+                throw err;
+            throw MajikFileError.decryptionFailed("File decryption failed", err);
+        }
+    }
     /**
      * Decrypt the .mjkb binary already loaded on this instance.
      * Convenience wrapper around MajikFile.decrypt() — avoids re-fetching from R2.

package/package.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "@majikah/majik-file",
   "type": "module",
   "description": "Majik File is the core cryptographic engine for secure file handling in the Majikah ecosystem. It provides a post-quantum secure \"MJKB\" format designed for file encryption, multi-recipient key encapsulation, and transparent compression using NIST-standardized algorithms.",
-  "version": "0.0.2",
+  "version": "0.0.3",
   "license": "Apache-2.0",
   "author": "Zelijah",
   "main": "./dist/index.js",