@notabene/javascript-sdk 2.8.0-next.3 → 2.8.0-next.5

package/src/utils/connections.ts

@@ -0,0 +1,174 @@
+import type { ComponentRequest, TransactionOptions, UUID } from '../types';
+import { seal, unseal } from './encryption';
+
+export type TransactionType = 'withdraw' | 'deposit';
+export interface ConnectionData<T extends ComponentRequest> {
+  tx: T;
+  authToken?: string;
+  txOptions?: TransactionOptions;
+}
+
+export interface ConnectionMetadata {
+  nodeUrl?: string;
+  participants: string[];
+  transactionType: TransactionType;
+}
+export interface ConnectionResponse<T extends ComponentRequest> {
+  id: UUID;
+  version: number;
+  metadata: ConnectionMetadata;
+  data: ConnectionData<T>;
+  key: string;
+}
+
+/**
+ * Manages encrypted connections using Cloudflare Durable Objects
+ */
+export class ConnectionManager {
+  private endpoint: string;
+
+  constructor(endpoint: string) {
+    this.endpoint = endpoint;
+  }
+
+  /**
+   * Creates a new encrypted connection
+   * @param data The component request data to encrypt and store
+   * @param participants Array of participant identifiers
+   * @returns Promise resolving to connection details including ID, version, and encryption key
+   */
+  async create<T extends ComponentRequest>(
+    data: ConnectionData<T>,
+    metadata: ConnectionMetadata,
+  ): Promise<ConnectionResponse<T>> {
+    // Encrypt the data
+    const sealed = await seal(data);
+
+    // Prepare the request body
+    const body = {
+      metadata,
+      sealed: sealed.ciphertext,
+    };
+
+    // Create the connection
+    const response = await fetch(this.endpoint, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify(body),
+    });
+
+    if (!response.ok) {
+      throw new Error(`Failed to create connection: ${await response.text()}`);
+    }
+
+    const result = await response.json();
+
+    return {
+      id: result.id,
+      version: result.version,
+      metadata: metadata,
+      data: data,
+      key: sealed.key,
+    };
+  }
+
+  /**
+   * Updates an existing connection with new encrypted data
+   * @param id Connection ID
+   * @param data New data to encrypt and store
+   * @param version Current version number
+   * @returns Promise resolving to updated connection details including new encryption key
+   */
+  async update<T extends ComponentRequest>(
+    id: UUID,
+    data: ConnectionData<T>,
+    version: number,
+  ): Promise<ConnectionResponse<T>> {
+    // Encrypt the new data
+    const sealed = await seal(data);
+
+    // Prepare the request body
+    const body = {
+      sealed: sealed.ciphertext,
+      version,
+    };
+
+    // Update the connection
+    const response = await fetch(`${this.endpoint}/${id}`, {
+      method: 'PATCH',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify(body),
+    });
+
+    if (!response.ok) {
+      throw new Error(`Failed to update connection: ${await response.text()}`);
+    }
+
+    const result = await response.json();
+
+    return {
+      id: result.id,
+      metadata: result.metadata,
+      version: result.version,
+      data: data,
+      key: sealed.key,
+    };
+  }
+
+  /**
+   * Retrieves and decrypts connection data
+   * @param id Connection ID
+   * @param key Encryption key from previous create/update operation
+   * @returns Promise resolving to connection details including decrypted data
+   */
+  async get<T extends ComponentRequest>(
+    id: UUID,
+    key: string,
+  ): Promise<ConnectionResponse<T>> {
+    // Get the connection data
+    const response = await fetch(`${this.endpoint}/${id}`, {
+      method: 'GET',
+    });
+
+    if (!response.ok) {
+      throw new Error(`Failed to get connection: ${await response.text()}`);
+    }
+
+    const result = await response.json();
+
+    // Get the latest sealed data
+    const latestSealed = result.sealed[result.sealed.length - 1];
+
+    // Decrypt the data
+    const data = await unseal<ConnectionData<T>>({
+      ciphertext: latestSealed,
+      key,
+    });
+
+    return {
+      id: result.id,
+      version: result.version,
+      metadata: result.metadata,
+      data,
+      key,
+    };
+  }
+
+  /**
+   * Closes a connection
+   * @param id Connection ID
+   */
+  async close(id: UUID): Promise<void> {
+    const response = await fetch(`${this.endpoint}/${id}`, {
+      method: 'DELETE',
+    });
+
+    if (!response.ok) {
+      throw new Error(`Failed to close connection: ${await response.text()}`);
+    }
+  }
+}

package/src/utils/encryption.ts

@@ -0,0 +1,111 @@
+/**
+ * Result of a sealing operation, containing ciphertext and encryption key.
+ */
+export interface Sealed {
+  /** Base64-encoded ciphertext combined with initialization vector (IV) */
+  ciphertext: string;
+  /** Base64-encoded encryption key */
+  key: string;
+}
+
+/**
+ * Encrypts an object using AES-GCM encryption.
+ * @template T Type of data to encrypt
+ * @param data Data to encrypt
+ * @returns Promise resolving to a Sealed object containing ciphertext and key
+ */
+export async function seal<T>(data: T): Promise<Sealed> {
+  // Convert the object to a JSON string
+  const plaintext = JSON.stringify(data);
+  const encoder = new TextEncoder();
+
+  // Generate a random encryption key and IV
+  const rawKey = crypto.getRandomValues(new Uint8Array(32)); // 256-bit key
+  const key = await crypto.subtle.importKey(
+    'raw',
+    rawKey,
+    { name: 'AES-GCM' },
+    false,
+    ['encrypt'],
+  );
+
+  const iv = crypto.getRandomValues(new Uint8Array(12)); // 96-bit IV
+
+  // Encrypt the plaintext
+  const ciphertextBuffer = await crypto.subtle.encrypt(
+    { name: 'AES-GCM', iv: iv },
+    key,
+    encoder.encode(plaintext),
+  );
+
+  // Combine the IV and ciphertext, separated by `-`
+  const ciphertext = `${arrayBufferToBase64(iv)}-${arrayBufferToBase64(ciphertextBuffer)}`;
+
+  // Return the base64 encoded ciphertext and key
+  return {
+    ciphertext,
+    key: arrayBufferToBase64(rawKey),
+  };
+}
+
+/**
+ * Decrypts previously sealed object.
+ * @template T Type of data that was encrypted
+ * @param sealed Sealed object containing ciphertext and key
+ * @returns Promise resolving to the original decrypted data
+ */
+
+export async function unseal<T>({ ciphertext, key }: Sealed): Promise<T> {
+  // Split the IV and the ciphertext
+  const [ivBase64, ciphertextBase64] = ciphertext.split('-');
+
+  // Decode the key, IV, and ciphertext
+  const rawKey = new Uint8Array(
+    atob(key)
+      .split('')
+      .map((c) => c.charCodeAt(0)),
+  );
+  const iv = base64ToUint8Array(ivBase64);
+  const ciphertextBuffer = base64ToUint8Array(ciphertextBase64);
+
+  // Import the key
+  const keyObj = await crypto.subtle.importKey(
+    'raw',
+    rawKey,
+    { name: 'AES-GCM' },
+    false,
+    ['decrypt'],
+  );
+
+  // Decrypt the ciphertext
+  const decoder = new TextDecoder();
+  const plaintextBuffer = await crypto.subtle.decrypt(
+    { name: 'AES-GCM', iv: new Uint8Array(iv) },
+    keyObj,
+    ciphertextBuffer,
+  );
+
+  // Parse and return the original object
+  return JSON.parse(decoder.decode(plaintextBuffer));
+}
+
+// Utility function to convert ArrayBuffer to Base64
+function arrayBufferToBase64(buffer: ArrayBuffer): string {
+  const uint8Array = new Uint8Array(buffer);
+  let binary = '';
+  for (let i = 0; i < uint8Array.length; i++) {
+    binary += String.fromCharCode(uint8Array[i]);
+  }
+  return btoa(binary);
+}
+
+// Utility function to convert Base64 to ArrayBuffer
+
+function base64ToUint8Array(base64: string): Uint8Array {
+  const binary = atob(base64);
+  const buffer = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    buffer[i] = binary.charCodeAt(i);
+  }
+  return buffer;
+}