@msssystems/mss-link-sdk 0.1.5 → 0.1.7

package/dist/client/index.d.ts

@@ -3,6 +3,7 @@ export * from './client-options';
 export * from './decryption-errors';
 export * from './local-crypto-health';
 export * from './local-crypto-health.contracts';
+export * from './media-crypto.contracts';
 export * from './media-message.contracts';
 export * from './media-message-metadata';
 export * from './message.contracts';
@@ -10,3 +11,5 @@ export * from './message-decryption.contracts';
 export * from './message-decryption-state';
 export * from './message.mapper';
 export * from './mss-link-browser-client';
+export * from './storage-metadata-crypto';
+export * from './storage-metadata-crypto.contracts';

package/dist/client/index.js

@@ -3,6 +3,7 @@ export * from './client-options';
 export * from './decryption-errors';
 export * from './local-crypto-health';
 export * from './local-crypto-health.contracts';
+export * from './media-crypto.contracts';
 export * from './media-message.contracts';
 export * from './media-message-metadata';
 export * from './message.contracts';
@@ -10,3 +11,5 @@ export * from './message-decryption.contracts';
 export * from './message-decryption-state';
 export * from './message.mapper';
 export * from './mss-link-browser-client';
+export * from './storage-metadata-crypto';
+export * from './storage-metadata-crypto.contracts';

package/dist/client/media-crypto.contracts.d.ts

@@ -0,0 +1,28 @@
+import type { MediaMessageAttachmentEncryptionInput, MediaMessageAttachmentInput, MediaMessageAttachmentMetadata } from './media-message.contracts';
+export interface EncryptMediaBlobInput {
+    assetId: string;
+    blob: Blob;
+    mimeType: string;
+    size: string | number;
+    originalName?: string;
+    uploadedAt?: string;
+}
+export interface EncryptedMediaBlobResult {
+    encryptedBlob: Blob;
+    attachment: MediaMessageAttachmentInput;
+    encryption: MediaMessageAttachmentEncryptionInput;
+}
+export interface DecryptMediaBlobInput {
+    encryptedBlob: Blob;
+    metadata: MediaMessageAttachmentMetadata;
+}
+export interface DecryptedMediaBlobResult {
+    blob: Blob;
+    fileName?: string;
+    mimeType: string;
+}
+export interface WasmEncryptedMediaBytes {
+    ciphertext: Uint8Array;
+    key: string;
+    nonce: string;
+}

package/dist/client/media-crypto.contracts.js

@@ -0,0 +1 @@
+export {};

package/dist/client/media-message-metadata.js

@@ -22,6 +22,9 @@ export function serializeMediaMessageMetadata(payload) {
                 ? { originalName: attachment.originalName }
                 : {}),
             ...(attachment.uploadedAt ? { uploadedAt: attachment.uploadedAt } : {}),
+            ...(attachment.encryption
+                ? { encryption: serializeAttachmentEncryption(attachment.encryption) }
+                : {}),
         })),
         ...(payload.caption ? { caption: payload.caption } : {}),
     });
@@ -52,5 +55,39 @@ function normalizeAttachment(attachment) {
         ...(attachment.uploadedAt?.trim()
             ? { uploadedAt: attachment.uploadedAt.trim() }
             : {}),
+        ...(attachment.encryption
+            ? { encryption: normalizeAttachmentEncryption(attachment.encryption) }
+            : {}),
+    };
+}
+function normalizeAttachmentEncryption(encryption) {
+    const keyId = encryption.keyId?.trim();
+    const nonce = encryption.nonce?.trim();
+    const wrappedKey = encryption.wrappedKey?.trim();
+    const algorithm = encryption.algorithm ?? 'AES-256-GCM';
+    if (algorithm !== 'AES-256-GCM') {
+        throw new Error('Unsupported media encryption algorithm.');
+    }
+    if (!nonce) {
+        throw new Error('Media encryption nonce is required.');
+    }
+    if (!wrappedKey) {
+        throw new Error('Media encryption wrappedKey is required.');
+    }
+    return {
+        schema: 'mss.link.media-encryption.v1',
+        algorithm,
+        ...(keyId ? { keyId } : {}),
+        nonce,
+        wrappedKey,
+    };
+}
+function serializeAttachmentEncryption(encryption) {
+    return {
+        schema: 'mss.link.media-encryption.v1',
+        algorithm: encryption.algorithm,
+        ...(encryption.keyId ? { keyId: encryption.keyId } : {}),
+        nonce: encryption.nonce,
+        wrappedKey: encryption.wrappedKey,
     };
 }

package/dist/client/media-message.contracts.d.ts

@@ -4,6 +4,14 @@ export interface MediaMessageAttachmentInput {
     size: string | number;
     originalName?: string;
     uploadedAt?: string;
+    encryption?: MediaMessageAttachmentEncryptionInput;
+}
+export interface MediaMessageAttachmentEncryptionInput {
+    schema?: 'mss.link.media-encryption.v1';
+    keyId?: string;
+    nonce?: string;
+    wrappedKey?: string;
+    algorithm?: 'AES-256-GCM';
 }
 export interface SendMediaMessageParams {
     chatId: string;
@@ -17,6 +25,14 @@ export interface MediaMessageAttachmentMetadata {
     size: string;
     originalName?: string;
     uploadedAt?: string;
+    encryption?: MediaMessageAttachmentEncryptionMetadata;
+}
+export interface MediaMessageAttachmentEncryptionMetadata {
+    schema: 'mss.link.media-encryption.v1';
+    algorithm: 'AES-256-GCM';
+    keyId?: string;
+    nonce: string;
+    wrappedKey: string;
 }
 export interface MediaMessageMetadataPayload {
     schema: 'mss.link.media-message.v1';

package/dist/client/mss-link-browser-client.d.ts

@@ -1,7 +1,9 @@
 import type { MssLinkBrowserClientOptions } from './client-options';
 import type { LocalCryptoHealth } from './local-crypto-health.contracts';
+import type { DecryptMediaBlobInput, DecryptedMediaBlobResult, EncryptedMediaBlobResult, EncryptMediaBlobInput } from './media-crypto.contracts';
 import type { SendMediaMessageParams } from './media-message.contracts';
 import type { DecryptedMessage } from './message.contracts';
+import type { DecryptDriveFileMetadataInput, DecryptDriveFolderMetadataInput, DecryptedDriveFileMetadata, DecryptedDriveFolderMetadata, EncryptedDriveFileMetadata, EncryptedDriveFolderMetadata, EncryptDriveFileMetadataInput, EncryptDriveFolderMetadataInput } from './storage-metadata-crypto.contracts';
 export declare class MssLinkBrowserClient {
     private readonly userId;
     private readonly apiBaseUrl;
@@ -26,6 +28,12 @@ export declare class MssLinkBrowserClient {
         kind?: string;
     }): Promise<string>;
     sendMediaMessage(params: SendMediaMessageParams): Promise<string>;
+    encryptMediaBlob(input: EncryptMediaBlobInput): Promise<EncryptedMediaBlobResult>;
+    decryptMediaBlob(input: DecryptMediaBlobInput): Promise<DecryptedMediaBlobResult>;
+    encryptDriveFolderMetadata(input: EncryptDriveFolderMetadataInput): Promise<EncryptedDriveFolderMetadata>;
+    decryptDriveFolderMetadata(input: DecryptDriveFolderMetadataInput): Promise<DecryptedDriveFolderMetadata>;
+    encryptDriveFileMetadata(input: EncryptDriveFileMetadataInput): Promise<EncryptedDriveFileMetadata>;
+    decryptDriveFileMetadata(input: DecryptDriveFileMetadataInput): Promise<DecryptedDriveFileMetadata>;
     syncMessages(): Promise<void>;
     getLocalMessages(chatId: string): Promise<DecryptedMessage[]>;
     reset(): void;

package/dist/client/mss-link-browser-client.js

@@ -3,6 +3,7 @@ import { normalizeLocalCryptoError } from './decryption-errors';
 import { checkLocalCryptoHealth } from './local-crypto-health';
 import { buildMediaMessageMetadataPayload, extractMediaAssetIds, serializeMediaMessageMetadata, } from './media-message-metadata';
 import { mapLocalSdkMessage } from './message.mapper';
+import { buildDecryptedDriveFileMetadata, buildDecryptedDriveFolderMetadata, buildEncryptedDriveFileMetadata, buildEncryptedDriveFolderMetadata, normalizeDriveFileMetadataInput, normalizeDriveFolderMetadataInput, normalizeEncryptedDriveFileMetadataInput, normalizeEncryptedDriveFolderMetadataInput, } from './storage-metadata-crypto';
 import { WasmCallQueue } from './wasm-call-queue';
 const DEFAULT_DEVICE_ID = 1;
 const DEFAULT_REGISTRATION_ID = 1;
@@ -80,6 +81,134 @@ export class MssLinkBrowserClient {
             throw normalizeLocalCryptoError(error);
         }
     }
+    async encryptMediaBlob(input) {
+        try {
+            const plaintext = new Uint8Array(await input.blob.arrayBuffer());
+            const encrypted = await this.queue.run(async () => {
+                const module = await this.loadWasmModule();
+                return module.encryptMediaBytes(plaintext);
+            });
+            const encryptedBytes = new Uint8Array(encrypted.ciphertext);
+            return {
+                encryptedBlob: new Blob([encryptedBytes], {
+                    type: 'application/octet-stream',
+                }),
+                encryption: {
+                    schema: 'mss.link.media-encryption.v1',
+                    algorithm: 'AES-256-GCM',
+                    keyId: input.assetId,
+                    nonce: encrypted.nonce,
+                    wrappedKey: encrypted.key,
+                },
+                attachment: {
+                    assetId: input.assetId,
+                    mimeType: input.mimeType,
+                    size: input.size,
+                    ...(input.originalName ? { originalName: input.originalName } : {}),
+                    ...(input.uploadedAt ? { uploadedAt: input.uploadedAt } : {}),
+                    encryption: {
+                        schema: 'mss.link.media-encryption.v1',
+                        algorithm: 'AES-256-GCM',
+                        keyId: input.assetId,
+                        nonce: encrypted.nonce,
+                        wrappedKey: encrypted.key,
+                    },
+                },
+            };
+        }
+        catch (error) {
+            throw normalizeLocalCryptoError(error);
+        }
+    }
+    async decryptMediaBlob(input) {
+        const encryption = input.metadata.encryption;
+        if (!encryption) {
+            return {
+                blob: input.encryptedBlob,
+                mimeType: input.metadata.mimeType,
+                ...(input.metadata.originalName
+                    ? { fileName: input.metadata.originalName }
+                    : {}),
+            };
+        }
+        try {
+            const ciphertext = new Uint8Array(await input.encryptedBlob.arrayBuffer());
+            const plaintext = await this.queue.run(async () => {
+                const module = await this.loadWasmModule();
+                return module.decryptMediaBytes(ciphertext, encryption.wrappedKey, encryption.nonce);
+            });
+            return {
+                blob: new Blob([new Uint8Array(plaintext)], {
+                    type: input.metadata.mimeType,
+                }),
+                mimeType: input.metadata.mimeType,
+                ...(input.metadata.originalName
+                    ? { fileName: input.metadata.originalName }
+                    : {}),
+            };
+        }
+        catch (error) {
+            throw normalizeLocalCryptoError(error);
+        }
+    }
+    async encryptDriveFolderMetadata(input) {
+        try {
+            const metadata = normalizeDriveFolderMetadataInput(input);
+            const encryptedName = await this.queue.run(async () => {
+                const module = await this.loadWasmModule();
+                return module.encryptStorageMetadata(metadata.name);
+            });
+            return buildEncryptedDriveFolderMetadata(encryptedName);
+        }
+        catch (error) {
+            throw normalizeLocalCryptoError(error);
+        }
+    }
+    async decryptDriveFolderMetadata(input) {
+        try {
+            const metadata = normalizeEncryptedDriveFolderMetadataInput(input);
+            const name = await this.queue.run(async () => {
+                const module = await this.loadWasmModule();
+                return module.decryptStorageMetadata(metadata.encryptedName);
+            });
+            return buildDecryptedDriveFolderMetadata(name);
+        }
+        catch (error) {
+            throw normalizeLocalCryptoError(error);
+        }
+    }
+    async encryptDriveFileMetadata(input) {
+        try {
+            const metadata = normalizeDriveFileMetadataInput(input);
+            const [encryptedName, encryptedMimeType] = await this.queue.run(async () => {
+                const module = await this.loadWasmModule();
+                return [
+                    module.encryptStorageMetadata(metadata.name),
+                    module.encryptStorageMetadata(metadata.mimeType),
+                ];
+            });
+            return buildEncryptedDriveFileMetadata(encryptedName, encryptedMimeType);
+        }
+        catch (error) {
+            throw normalizeLocalCryptoError(error);
+        }
+    }
+    async decryptDriveFileMetadata(input) {
+        try {
+            const metadata = normalizeEncryptedDriveFileMetadataInput(input);
+            const [name, mimeType] = await this.queue.run(async () => {
+                const module = await this.loadWasmModule();
+                return [
+                    module.decryptStorageMetadata(metadata.encryptedName),
+                    module.decryptStorageMetadata(metadata.encryptedMimeType),
+                ];
+            });
+            return buildDecryptedDriveFileMetadata(name, mimeType);
+        }
+        catch (error) {
+            throw normalizeLocalCryptoError(error);
+        }
+    }
     async syncMessages() {
         try {
             await this.runWithClient((client) => client.syncMessages());

package/dist/client/storage-metadata-crypto.contracts.d.ts

@@ -0,0 +1,30 @@
+export interface EncryptDriveFolderMetadataInput {
+    name: string;
+}
+export interface EncryptedDriveFolderMetadata {
+    schema: 'mss.link.drive-folder-metadata.v1';
+    encryptedName: string;
+}
+export interface DecryptDriveFolderMetadataInput {
+    encryptedName: string;
+}
+export interface DecryptedDriveFolderMetadata {
+    name: string;
+}
+export interface EncryptDriveFileMetadataInput {
+    name: string;
+    mimeType: string;
+}
+export interface EncryptedDriveFileMetadata {
+    schema: 'mss.link.drive-file-metadata.v1';
+    encryptedName: string;
+    encryptedMimeType: string;
+}
+export interface DecryptDriveFileMetadataInput {
+    encryptedName: string;
+    encryptedMimeType: string;
+}
+export interface DecryptedDriveFileMetadata {
+    mimeType: string;
+    name: string;
+}

package/dist/client/storage-metadata-crypto.contracts.js

@@ -0,0 +1 @@
+export {};

package/dist/client/storage-metadata-crypto.d.ts

@@ -0,0 +1,9 @@
+import type { DecryptDriveFileMetadataInput, DecryptDriveFolderMetadataInput, DecryptedDriveFileMetadata, DecryptedDriveFolderMetadata, EncryptedDriveFileMetadata, EncryptedDriveFolderMetadata, EncryptDriveFileMetadataInput, EncryptDriveFolderMetadataInput } from './storage-metadata-crypto.contracts';
+export declare function normalizeDriveFolderMetadataInput(input: EncryptDriveFolderMetadataInput): EncryptDriveFolderMetadataInput;
+export declare function normalizeDriveFileMetadataInput(input: EncryptDriveFileMetadataInput): EncryptDriveFileMetadataInput;
+export declare function buildEncryptedDriveFolderMetadata(encryptedName: string): EncryptedDriveFolderMetadata;
+export declare function buildEncryptedDriveFileMetadata(encryptedName: string, encryptedMimeType: string): EncryptedDriveFileMetadata;
+export declare function normalizeEncryptedDriveFolderMetadataInput(input: DecryptDriveFolderMetadataInput): DecryptDriveFolderMetadataInput;
+export declare function normalizeEncryptedDriveFileMetadataInput(input: DecryptDriveFileMetadataInput): DecryptDriveFileMetadataInput;
+export declare function buildDecryptedDriveFolderMetadata(name: string): DecryptedDriveFolderMetadata;
+export declare function buildDecryptedDriveFileMetadata(name: string, mimeType: string): DecryptedDriveFileMetadata;

package/dist/client/storage-metadata-crypto.js

@@ -0,0 +1,76 @@
+export function normalizeDriveFolderMetadataInput(input) {
+    const name = input.name.trim();
+    if (!name) {
+        throw new Error('Drive folder name is required.');
+    }
+    return { name };
+}
+export function normalizeDriveFileMetadataInput(input) {
+    const name = input.name.trim();
+    const mimeType = input.mimeType.trim();
+    if (!name) {
+        throw new Error('Drive file name is required.');
+    }
+    if (!mimeType) {
+        throw new Error('Drive file mimeType is required.');
+    }
+    return { mimeType, name };
+}
+export function buildEncryptedDriveFolderMetadata(encryptedName) {
+    const normalizedName = normalizeEncryptedField(encryptedName, 'encryptedName');
+    return {
+        schema: 'mss.link.drive-folder-metadata.v1',
+        encryptedName: normalizedName,
+    };
+}
+export function buildEncryptedDriveFileMetadata(encryptedName, encryptedMimeType) {
+    const normalizedName = normalizeEncryptedField(encryptedName, 'encryptedName');
+    const normalizedMimeType = normalizeEncryptedField(encryptedMimeType, 'encryptedMimeType');
+    return {
+        schema: 'mss.link.drive-file-metadata.v1',
+        encryptedName: normalizedName,
+        encryptedMimeType: normalizedMimeType,
+    };
+}
+export function normalizeEncryptedDriveFolderMetadataInput(input) {
+    return {
+        encryptedName: normalizeEncryptedField(input.encryptedName, 'encryptedName'),
+    };
+}
+export function normalizeEncryptedDriveFileMetadataInput(input) {
+    return {
+        encryptedName: normalizeEncryptedField(input.encryptedName, 'encryptedName'),
+        encryptedMimeType: normalizeEncryptedField(input.encryptedMimeType, 'encryptedMimeType'),
+    };
+}
+export function buildDecryptedDriveFolderMetadata(name) {
+    const normalizedName = name.trim();
+    if (!normalizedName) {
+        throw new Error('Decrypted drive folder name is empty.');
+    }
+    return { name: normalizedName };
+}
+export function buildDecryptedDriveFileMetadata(name, mimeType) {
+    const normalizedName = name.trim();
+    const normalizedMimeType = mimeType.trim();
+    if (!normalizedName) {
+        throw new Error('Decrypted drive file name is empty.');
+    }
+    if (!normalizedMimeType) {
+        throw new Error('Decrypted drive file mimeType is empty.');
+    }
+    return {
+        mimeType: normalizedMimeType,
+        name: normalizedName,
+    };
+}
+function normalizeEncryptedField(value, fieldName) {
+    const normalized = value.trim();
+    if (!normalized) {
+        throw new Error(`Drive metadata ${fieldName} is required.`);
+    }
+    if (!/^[0-9a-f]+$/i.test(normalized)) {
+        throw new Error(`Drive metadata ${fieldName} must be hexadecimal.`);
+    }
+    return normalized;
+}

package/dist/client/wasm-client.types.d.ts

@@ -1,9 +1,14 @@
 import type { WasmMssClient } from '@msssystems/mss-crypto-wasm';
+import type { WasmEncryptedMediaBytes } from './media-crypto.contracts';
 export interface MssLinkWasmClient extends WasmMssClient {
     sendMediaMessage(chatId: string, targetUserId: string, metadataJson: string, mediaAssetIds: string[]): Promise<string>;
 }
 export type WasmMssClientConstructor = new (userId: string, deviceId: number, apiBaseUrl: string) => MssLinkWasmClient;
 export interface MssCryptoWasmModule {
     WasmMssClient: WasmMssClientConstructor;
+    decryptStorageMetadata(encryptedHex: string): string;
+    encryptMediaBytes(plaintext: Uint8Array): WasmEncryptedMediaBytes;
+    encryptStorageMetadata(plaintext: string): string;
+    decryptMediaBytes(ciphertext: Uint8Array, key: string, nonce: string): Uint8Array;
 }
 export type WasmMssClientInstance = MssLinkWasmClient;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@msssystems/mss-link-sdk",
-  "version": "0.1.5",
+  "version": "0.1.7",
   "description": "Official managed application SDK for MSS ecosystem",
   "type": "module",
   "main": "./dist/index.js",