@protontech/drive-sdk 0.2.1 → 0.3.1

package/src/internal/sharing/sharingManagement.test.ts

@@ -10,12 +10,14 @@ import {
     resultOk,
 } from '../../interface';
 import { SharingAPIService } from './apiService';
+import { SharingCache } from './cache';
 import { SharingCryptoService } from './cryptoService';
 import { SharesService, NodesService } from './interface';
 import { SharingManagement } from './sharingManagement';
 
 describe('SharingManagement', () => {
     let apiService: SharingAPIService;
+    let cache: SharingCache;
     let cryptoService: SharingCryptoService;
     let accountService: ProtonDriveAccount;
     let sharesService: SharesService;
@@ -57,12 +59,16 @@ describe('SharingManagement', () => {
             updatePublicLink: jest.fn(),
         };
         // @ts-expect-error No need to implement all methods for mocking
+        cache = {
+            hasSharedByMeNodeUidsLoaded: jest.fn().mockResolvedValue(true),
+            addSharedByMeNodeUid: jest.fn(),
+            removeSharedByMeNodeUid: jest.fn(),
+        };
+        // @ts-expect-error No need to implement all methods for mocking
         cryptoService = {
-            generateShareKeys: jest
-                .fn()
-                .mockResolvedValue({
-                    shareKey: { encrypted: 'encrypted-key', decrypted: { passphraseSessionKey: 'pass-session-key' } },
-                }),
+            generateShareKeys: jest.fn().mockResolvedValue({
+                shareKey: { encrypted: 'encrypted-key', decrypted: { passphraseSessionKey: 'pass-session-key' } },
+            }),
             decryptShare: jest.fn().mockImplementation((share) => share),
             decryptInvitation: jest.fn().mockImplementation((invitation) => invitation),
             decryptExternalInvitation: jest.fn().mockImplementation((invitation) => invitation),
@@ -70,7 +76,7 @@ describe('SharingManagement', () => {
             encryptInvitation: jest.fn().mockImplementation(() => {}),
             encryptExternalInvitation: jest.fn().mockImplementation((invitation) => ({
                 ...invitation,
-                base64ExternalInvitationSignature: 'extenral-signature',
+                base64ExternalInvitationSignature: 'external-signature',
             })),
             decryptPublicLink: jest.fn().mockImplementation((publicLink) => publicLink),
             generatePublicLinkPassword: jest.fn().mockResolvedValue('generatedPassword'),
@@ -85,17 +91,12 @@ describe('SharingManagement', () => {
         };
         // @ts-expect-error No need to implement all methods for mocking
         sharesService = {
-            loadEncryptedShare: jest
-                .fn()
-                .mockResolvedValue({
-                    id: 'shareId',
-                    addressId: 'addressId',
-                    creatorEmail: 'address@example.com',
-                    passphraseSessionKey: 'sharePassphraseSessionKey',
-                }),
-            getContextShareMemberEmailKey: jest
-                .fn()
-                .mockResolvedValue({ email: 'volume-email', addressId: 'addressId', addressKey: 'volume-key' }),
+            loadEncryptedShare: jest.fn().mockResolvedValue({
+                id: 'shareId',
+                addressId: 'addressId',
+                creatorEmail: 'address@example.com',
+                passphraseSessionKey: 'sharePassphraseSessionKey',
+            }),
         };
         // @ts-expect-error No need to implement all methods for mocking
         nodesService = {
@@ -111,6 +112,7 @@ describe('SharingManagement', () => {
         sharingManagement = new SharingManagement(
             getMockLogger(),
             apiService,
+            cache,
             cryptoService,
             accountService,
             sharesService,
@@ -196,13 +198,11 @@ describe('SharingManagement', () => {
         const nodeUid = 'volumeId~nodeUid';
 
         it('should create share if no exists', async () => {
-            nodesService.getNode = jest
-                .fn()
-                .mockImplementation((nodeUid) => ({
-                    nodeUid,
-                    parentUid: 'parentUid',
-                    name: { ok: true, value: 'name' },
-                }));
+            nodesService.getNode = jest.fn().mockImplementation((nodeUid) => ({
+                nodeUid,
+                parentUid: 'parentUid',
+                name: { ok: true, value: 'name' },
+            }));
             nodesService.notifyNodeChanged = jest.fn();
 
             const sharingInfo = await sharingManagement.shareNode(nodeUid, { users: ['email'] });
@@ -223,6 +223,7 @@ describe('SharingManagement', () => {
             expect(apiService.updateInvitation).not.toHaveBeenCalled();
             expect(apiService.inviteProtonUser).toHaveBeenCalled();
             expect(nodesService.notifyNodeChanged).toHaveBeenCalledWith(nodeUid);
+            expect(cache.addSharedByMeNodeUid).toHaveBeenCalledWith(nodeUid);
         });
     });
 
@@ -288,6 +289,7 @@ describe('SharingManagement', () => {
                 });
                 expect(apiService.updateInvitation).not.toHaveBeenCalled();
                 expect(apiService.inviteProtonUser).toHaveBeenCalled();
+                expect(cache.addSharedByMeNodeUid).not.toHaveBeenCalled();
             });
 
             it('should share node with proton email with specific role', async () => {
@@ -311,6 +313,7 @@ describe('SharingManagement', () => {
                 });
                 expect(apiService.updateInvitation).not.toHaveBeenCalled();
                 expect(apiService.inviteProtonUser).toHaveBeenCalled();
+                expect(cache.addSharedByMeNodeUid).not.toHaveBeenCalled();
             });
 
             it('should update existing role', async () => {
@@ -331,6 +334,7 @@ describe('SharingManagement', () => {
                 });
                 expect(apiService.updateInvitation).toHaveBeenCalled();
                 expect(apiService.inviteProtonUser).not.toHaveBeenCalled();
+                expect(cache.addSharedByMeNodeUid).not.toHaveBeenCalled();
             });
 
             it('should be no-op if no change', async () => {
@@ -346,6 +350,25 @@ describe('SharingManagement', () => {
                 });
                 expect(apiService.updateInvitation).not.toHaveBeenCalled();
                 expect(apiService.inviteProtonUser).not.toHaveBeenCalled();
+                expect(cache.addSharedByMeNodeUid).not.toHaveBeenCalled();
+            });
+
+            it('should use address from the root node context share', async () => {
+                nodesService.getRootNodeEmailKey = jest
+                    .fn()
+                    .mockResolvedValue({ email: 'my-volume-email', addressKey: 'my-volume-key' });
+
+                await sharingManagement.shareNode(nodeUid, { users: ['email'] });
+
+                expect(apiService.inviteProtonUser).toHaveBeenCalledWith(
+                    'shareId',
+                    {
+                        addedByEmail: 'my-volume-email',
+                        inviteeEmail: 'email',
+                        role: 'viewer',
+                    },
+                    expect.anything(),
+                );
             });
         });
 
@@ -374,6 +397,7 @@ describe('SharingManagement', () => {
                 });
                 expect(apiService.updateExternalInvitation).not.toHaveBeenCalled();
                 expect(apiService.inviteExternalUser).toHaveBeenCalled();
+                expect(cache.addSharedByMeNodeUid).not.toHaveBeenCalled();
             });
 
             it('should share node with external email with specific role', async () => {
@@ -398,6 +422,7 @@ describe('SharingManagement', () => {
                 });
                 expect(apiService.updateExternalInvitation).not.toHaveBeenCalled();
                 expect(apiService.inviteExternalUser).toHaveBeenCalled();
+                expect(cache.addSharedByMeNodeUid).not.toHaveBeenCalled();
             });
 
             it('should update existing role', async () => {
@@ -418,6 +443,7 @@ describe('SharingManagement', () => {
                 });
                 expect(apiService.updateExternalInvitation).toHaveBeenCalled();
                 expect(apiService.inviteExternalUser).not.toHaveBeenCalled();
+                expect(cache.addSharedByMeNodeUid).not.toHaveBeenCalled();
             });
 
             it('should be no-op if no change', async () => {
@@ -433,6 +459,28 @@ describe('SharingManagement', () => {
                 });
                 expect(apiService.updateExternalInvitation).not.toHaveBeenCalled();
                 expect(apiService.inviteExternalUser).not.toHaveBeenCalled();
+                expect(cache.addSharedByMeNodeUid).not.toHaveBeenCalled();
+            });
+
+            it('should use address from the root node context share', async () => {
+                nodesService.getRootNodeEmailKey = jest.fn().mockResolvedValue({
+                    email: 'my-volume-email',
+                    addressId: 'my-volume-addressId',
+                    addressKey: 'my-volume-key',
+                });
+
+                await sharingManagement.shareNode(nodeUid, { users: ['email'] });
+
+                expect(apiService.inviteExternalUser).toHaveBeenCalledWith(
+                    'shareId',
+                    {
+                        inviterAddressId: 'my-volume-addressId',
+                        inviteeEmail: 'email',
+                        role: 'viewer',
+                        base64Signature: 'external-signature',
+                    },
+                    expect.anything(),
+                );
             });
         });
 
@@ -482,6 +530,7 @@ describe('SharingManagement', () => {
                     }),
                     expect.anything(),
                 );
+                expect(cache.addSharedByMeNodeUid).not.toHaveBeenCalled();
             });
         });
 
@@ -505,6 +554,7 @@ describe('SharingManagement', () => {
                 expect(apiService.updateMember).toHaveBeenCalled();
                 expect(apiService.updateInvitation).not.toHaveBeenCalled();
                 expect(apiService.inviteProtonUser).not.toHaveBeenCalled();
+                expect(cache.addSharedByMeNodeUid).not.toHaveBeenCalled();
             });
 
             it('should be no-op if no change via proton user', async () => {
@@ -521,6 +571,7 @@ describe('SharingManagement', () => {
                 expect(apiService.updateMember).not.toHaveBeenCalled();
                 expect(apiService.updateInvitation).not.toHaveBeenCalled();
                 expect(apiService.inviteProtonUser).not.toHaveBeenCalled();
+                expect(cache.addSharedByMeNodeUid).not.toHaveBeenCalled();
             });
 
             it('should update member via non-proton user', async () => {
@@ -542,6 +593,7 @@ describe('SharingManagement', () => {
                 expect(apiService.updateMember).toHaveBeenCalled();
                 expect(apiService.updateInvitation).not.toHaveBeenCalled();
                 expect(apiService.inviteProtonUser).not.toHaveBeenCalled();
+                expect(cache.addSharedByMeNodeUid).not.toHaveBeenCalled();
             });
 
             it('should be no-op if no change via non-proton user', async () => {
@@ -558,6 +610,7 @@ describe('SharingManagement', () => {
                 expect(apiService.updateMember).not.toHaveBeenCalled();
                 expect(apiService.updateInvitation).not.toHaveBeenCalled();
                 expect(apiService.inviteProtonUser).not.toHaveBeenCalled();
+                expect(cache.addSharedByMeNodeUid).not.toHaveBeenCalled();
             });
         });
 
@@ -605,6 +658,7 @@ describe('SharingManagement', () => {
                         srp: 'publicLinkSrp',
                     }),
                 );
+                expect(cache.addSharedByMeNodeUid).not.toHaveBeenCalled();
             });
 
             it('should share node with custom password and expiration', async () => {
@@ -650,6 +704,7 @@ describe('SharingManagement', () => {
                         srp: 'publicLinkSrp',
                     }),
                 );
+                expect(cache.addSharedByMeNodeUid).not.toHaveBeenCalled();
             });
 
             it('should update public link with custom password and expiration', async () => {
@@ -704,6 +759,7 @@ describe('SharingManagement', () => {
                         srp: 'publicLinkSrp',
                     }),
                 );
+                expect(cache.addSharedByMeNodeUid).not.toHaveBeenCalled();
             });
 
             it('should not allow updating legacy public link', async () => {
@@ -809,6 +865,7 @@ describe('SharingManagement', () => {
             expect(apiService.deleteExternalInvitation).not.toHaveBeenCalled();
             expect(apiService.removeMember).not.toHaveBeenCalled();
             expect(apiService.removePublicLink).not.toHaveBeenCalled();
+            expect(cache.removeSharedByMeNodeUid).not.toHaveBeenCalled();
         });
 
         it('should delete external invitation', async () => {
@@ -825,6 +882,7 @@ describe('SharingManagement', () => {
             expect(apiService.deleteExternalInvitation).toHaveBeenCalled();
             expect(apiService.removeMember).not.toHaveBeenCalled();
             expect(apiService.removePublicLink).not.toHaveBeenCalled();
+            expect(cache.removeSharedByMeNodeUid).not.toHaveBeenCalled();
         });
 
         it('should remove member', async () => {
@@ -841,6 +899,7 @@ describe('SharingManagement', () => {
             expect(apiService.deleteExternalInvitation).not.toHaveBeenCalled();
             expect(apiService.removeMember).toHaveBeenCalled();
             expect(apiService.removePublicLink).not.toHaveBeenCalled();
+            expect(cache.removeSharedByMeNodeUid).not.toHaveBeenCalled();
         });
 
         it('should be no-op if not shared with email', async () => {
@@ -857,6 +916,7 @@ describe('SharingManagement', () => {
             expect(apiService.deleteExternalInvitation).not.toHaveBeenCalled();
             expect(apiService.removeMember).not.toHaveBeenCalled();
             expect(apiService.removePublicLink).not.toHaveBeenCalled();
+            expect(cache.removeSharedByMeNodeUid).not.toHaveBeenCalled();
         });
 
         it('should remove public link', async () => {
@@ -873,6 +933,7 @@ describe('SharingManagement', () => {
             expect(apiService.deleteExternalInvitation).not.toHaveBeenCalled();
             expect(apiService.removeMember).not.toHaveBeenCalled();
             expect(apiService.removePublicLink).toHaveBeenCalled();
+            expect(cache.removeSharedByMeNodeUid).not.toHaveBeenCalled();
         });
 
         it('should remove share if all is removed', async () => {
@@ -885,6 +946,7 @@ describe('SharingManagement', () => {
             expect(apiService.removeMember).not.toHaveBeenCalled();
             expect(apiService.removePublicLink).not.toHaveBeenCalled();
             expect(nodesService.notifyNodeChanged).toHaveBeenCalled();
+            expect(cache.removeSharedByMeNodeUid).toHaveBeenCalledWith(nodeUid);
         });
 
         it('should remove share if everything is manually removed', async () => {
@@ -899,6 +961,7 @@ describe('SharingManagement', () => {
             expect(apiService.deleteExternalInvitation).toHaveBeenCalled();
             expect(apiService.removeMember).toHaveBeenCalled();
             expect(apiService.removePublicLink).toHaveBeenCalled();
+            expect(cache.removeSharedByMeNodeUid).toHaveBeenCalledWith(nodeUid);
         });
     });
 

package/src/internal/sharing/sharingManagement.ts

@@ -1,6 +1,6 @@
 import { c } from 'ttag';
 
-import { SessionKey } from '../../crypto';
+import { PrivateKey, SessionKey } from '../../crypto';
 import { ValidationError } from '../../errors';
 import {
     Logger,
@@ -20,6 +20,7 @@ import { getErrorMessage } from '../errors';
 import { SharingAPIService } from './apiService';
 import { PUBLIC_LINK_GENERATED_PASSWORD_LENGTH, SharingCryptoService } from './cryptoService';
 import { SharesService, NodesService, ShareResultWithCreatorEmail, PublicLinkWithCreatorEmail } from './interface';
+import { SharingCache } from './cache';
 
 interface InternalShareResult extends ShareResultWithCreatorEmail {
     share: Share;
@@ -33,6 +34,12 @@ interface Share {
     passphraseSessionKey: SessionKey;
 }
 
+interface ContextShareAddress {
+    addressId: string;
+    addressKey: PrivateKey;
+    email: string;
+}
+
 interface EmailOptions {
     message?: string;
     nodeName?: string;
@@ -48,6 +55,7 @@ export class SharingManagement {
     constructor(
         private logger: Logger,
         private apiService: SharingAPIService,
+        private cache: SharingCache,
         private cryptoService: SharingCryptoService,
         private account: ProtonDriveAccount,
         private sharesService: SharesService,
@@ -55,6 +63,7 @@ export class SharingManagement {
     ) {
         this.logger = logger;
         this.apiService = apiService;
+        this.cache = cache;
         this.cryptoService = cryptoService;
         this.account = account;
         this.sharesService = sharesService;
@@ -138,18 +147,22 @@ export class SharingManagement {
             throw new ValidationError(c('Error').t`Expiration date cannot be in the past`);
         }
 
+        let contextShareAddress: ContextShareAddress;
         let currentSharing = await this.getInternalSharingInfo(nodeUid);
-        if (!currentSharing) {
+        if (currentSharing) {
+            contextShareAddress = await this.nodesService.getRootNodeEmailKey(nodeUid);
+        } else {
             const node = await this.nodesService.getNode(nodeUid);
-            const share = await this.createShare(nodeUid);
+            const result = await this.createShare(nodeUid);
             currentSharing = {
-                share,
+                share: result.share,
                 nodeName: node.name.ok ? node.name.value : node.name.error.name,
                 protonInvitations: [],
                 nonProtonInvitations: [],
                 members: [],
                 publicLink: undefined,
             };
+            contextShareAddress = result.contextShareAddress;
         }
 
         const emailOptions: EmailOptions = {
@@ -187,7 +200,13 @@ export class SharingManagement {
             }
 
             this.logger.info(`Inviting user ${email} with role ${role} to node ${nodeUid}`);
-            const invitation = await this.inviteProtonUser(currentSharing.share, email, role, emailOptions);
+            const invitation = await this.inviteProtonUser(
+                contextShareAddress,
+                currentSharing.share,
+                email,
+                role,
+                emailOptions,
+            );
             currentSharing.protonInvitations.push(invitation);
         }
 
@@ -225,7 +244,13 @@ export class SharingManagement {
             }
 
             this.logger.info(`Inviting external user ${email} with role ${role} to node ${nodeUid}`);
-            const invitation = await this.inviteExternalUser(currentSharing.share, email, role, emailOptions);
+            const invitation = await this.inviteExternalUser(
+                contextShareAddress,
+                currentSharing.share,
+                email,
+                role,
+                emailOptions,
+            );
             currentSharing.nonProtonInvitations.push(invitation);
         }
 
@@ -241,7 +266,7 @@ export class SharingManagement {
                 );
             } else {
                 this.logger.info(`Sharing via public link with role ${options.role} to node ${nodeUid}`);
-                currentSharing.publicLink = await this.shareViaLink(currentSharing.share, options);
+                currentSharing.publicLink = await this.shareViaLink(contextShareAddress, currentSharing.share, options);
             }
         }
 
@@ -371,7 +396,7 @@ export class SharingManagement {
         };
     }
 
-    private async createShare(nodeUid: string): Promise<Share> {
+    private async createShare(nodeUid: string): Promise<{ share: Share; contextShareAddress: ContextShareAddress }> {
         const node = await this.nodesService.getNode(nodeUid);
         if (!node.parentUid) {
             throw new ValidationError(c('Error').t`Cannot share root folder`);
@@ -387,26 +412,42 @@ export class SharingManagement {
             base64NameKeyPacket: keys.base64NameKeyPacket,
         });
         await this.nodesService.notifyNodeChanged(nodeUid);
-        return {
+        if (await this.cache.hasSharedByMeNodeUidsLoaded()) {
+            await this.cache.addSharedByMeNodeUid(nodeUid);
+        }
+
+        const share = {
             volumeId,
             shareId,
             creatorEmail: email,
             passphraseSessionKey: keys.shareKey.decrypted.passphraseSessionKey,
         };
+        const contextShareAddress = {
+            email,
+            addressId,
+            addressKey,
+        };
+        return {
+            share,
+            contextShareAddress,
+        };
     }
 
     private async deleteShare(shareId: string, nodeUid: string): Promise<void> {
         await this.apiService.deleteShare(shareId);
         await this.nodesService.notifyNodeChanged(nodeUid);
+        if (await this.cache.hasSharedByMeNodeUidsLoaded()) {
+            await this.cache.removeSharedByMeNodeUid(nodeUid);
+        }
     }
 
     private async inviteProtonUser(
+        inviter: ContextShareAddress,
         share: Share,
         inviteeEmail: string,
         role: MemberRole,
         emailOptions: EmailOptions,
     ): Promise<ProtonInvitation> {
-        const inviter = await this.sharesService.getContextShareMemberEmailKey(share.shareId);
         const invitationCrypto = await this.cryptoService.encryptInvitation(
             share.passphraseSessionKey,
             inviter.addressKey,
@@ -461,12 +502,12 @@ export class SharingManagement {
     }
 
     private async inviteExternalUser(
+        inviter: ContextShareAddress,
         share: Share,
         inviteeEmail: string,
         role: MemberRole,
         emailOptions: EmailOptions,
     ): Promise<NonProtonInvitation> {
-        const inviter = await this.sharesService.getContextShareMemberEmailKey(share.shareId);
         const invitationCrypto = await this.cryptoService.encryptExternalInvitation(
             share.passphraseSessionKey,
             inviter.addressKey,
@@ -515,21 +556,20 @@ export class SharingManagement {
     }
 
     private async shareViaLink(
+        inviter: ContextShareAddress,
         share: Share,
         options: SharePublicLinkSettingsObject,
     ): Promise<PublicLinkWithCreatorEmail> {
-        const { email: creatorEmail } = await this.sharesService.getContextShareMemberEmailKey(share.shareId);
-
         const generatedPassword = await this.cryptoService.generatePublicLinkPassword();
         const password = options.customPassword ? `${generatedPassword}${options.customPassword}` : generatedPassword;
 
         const { crypto, srp } = await this.cryptoService.encryptPublicLink(
-            creatorEmail,
+            inviter.email,
             share.passphraseSessionKey,
             password,
         );
         const publicLink = await this.apiService.createPublicLink(share.shareId, {
-            creatorEmail,
+            creatorEmail: inviter.email,
             role: options.role,
             includesCustomPassword: !!options.customPassword,
             expirationTime: options.expiration ? Math.floor(options.expiration.getTime() / 1000) : undefined,
@@ -545,7 +585,7 @@ export class SharingManagement {
             customPassword: options.customPassword,
             expirationTime: options.expiration,
             numberOfInitializedDownloads: 0,
-            creatorEmail,
+            creatorEmail: inviter.email,
         };
     }
 

package/src/internal/sharingPublic/apiService.ts

@@ -0,0 +1,164 @@
+import { DriveAPIService, drivePaths, nodeTypeNumberToNodeType } from '../apiService';
+import { Logger } from '../../interface';
+import { makeNodeUid, splitNodeUid } from '../uids';
+import { EncryptedShareCrypto, EncryptedNode } from './interface';
+
+const PAGE_SIZE = 50;
+
+type GetTokenInfoResponse = drivePaths['/drive/urls/{token}']['get']['responses']['200']['content']['application/json'];
+
+type GetTokenFolderChildrenResponse =
+    drivePaths['/drive/urls/{token}/folders/{linkID}/children']['get']['responses']['200']['content']['application/json'];
+
+/**
+ * Provides API communication for accessing public link data.
+ *
+ * The service is responsible for transforming local objects to API payloads
+ * and vice versa. It should not contain any business logic.
+ */
+export class SharingPublicAPIService {
+    constructor(
+        private logger: Logger,
+        private apiService: DriveAPIService,
+    ) {
+        this.logger = logger;
+        this.apiService = apiService;
+    }
+
+    async getPublicLinkRoot(token: string): Promise<{
+        encryptedNode: EncryptedNode;
+        encryptedShare: EncryptedShareCrypto;
+    }> {
+        const response = await this.apiService.get<GetTokenInfoResponse>(`drive/urls/${token}`);
+        const encryptedNode = tokenToEncryptedNode(this.logger, response.Token);
+
+        return {
+            encryptedNode: encryptedNode,
+            encryptedShare: {
+                base64UrlPasswordSalt: response.Token.SharePasswordSalt,
+                armoredKey: response.Token.ShareKey,
+                armoredPassphrase: response.Token.SharePassphrase,
+            },
+        };
+    }
+
+    async *iterateChildren(parentUid: string): AsyncGenerator<EncryptedNode> {
+        const { volumeId: token, nodeId } = splitNodeUid(parentUid);
+
+        let page = 0;
+        while (true) {
+            const response = await this.apiService.get<GetTokenFolderChildrenResponse>(
+                `drive/urls/${token}/folders/${nodeId}/children?Page=${page}&PageSize=${PAGE_SIZE}`,
+            );
+
+            for (const link of response.Links) {
+                yield linkToEncryptedNode(this.logger, token, link);
+            }
+
+            if (response.Links.length < PAGE_SIZE) {
+                break;
+            }
+            page++;
+        }
+    }
+}
+
+function tokenToEncryptedNode(logger: Logger, token: GetTokenInfoResponse['Token']): EncryptedNode {
+    const baseNodeMetadata = {
+        // Internal metadata
+        encryptedName: token.Name,
+
+        // Basic node metadata
+        uid: makeNodeUid(token.Token, token.LinkID),
+        parentUid: undefined,
+        type: nodeTypeNumberToNodeType(logger, token.LinkType),
+    };
+
+    const baseCryptoNodeMetadata = {
+        signatureEmail: token.SignatureEmail || undefined,
+        armoredKey: token.NodeKey,
+        armoredNodePassphrase: token.NodePassphrase,
+        armoredNodePassphraseSignature: token.NodePassphraseSignature || undefined,
+    };
+
+    if (token.LinkType === 1 && token.NodeHashKey) {
+        return {
+            ...baseNodeMetadata,
+            encryptedCrypto: {
+                ...baseCryptoNodeMetadata,
+                folder: {
+                    armoredHashKey: token.NodeHashKey as string,
+                },
+            },
+        };
+    }
+
+    if (token.LinkType === 2 && token.ContentKeyPacket) {
+        return {
+            ...baseNodeMetadata,
+            totalStorageSize: token.Size || undefined,
+            mediaType: token.MIMEType || undefined,
+            encryptedCrypto: {
+                ...baseCryptoNodeMetadata,
+                file: {
+                    base64ContentKeyPacket: token.ContentKeyPacket,
+                },
+            },
+        };
+    }
+
+    throw new Error(`Unknown node type: ${token.LinkType}`);
+}
+
+function linkToEncryptedNode(
+    logger: Logger,
+    token: string,
+    link: GetTokenFolderChildrenResponse['Links'][0],
+): EncryptedNode {
+    const baseNodeMetadata = {
+        // Internal metadata
+        hash: link.Hash || undefined,
+        encryptedName: link.Name,
+
+        // Basic node metadata
+        uid: makeNodeUid(token, link.LinkID),
+        parentUid: link.ParentLinkID ? makeNodeUid(token, link.ParentLinkID) : undefined,
+        type: nodeTypeNumberToNodeType(logger, link.Type),
+        totalStorageSize: link.TotalSize,
+    };
+
+    const baseCryptoNodeMetadata = {
+        signatureEmail: link.SignatureEmail || undefined,
+        armoredKey: link.NodeKey,
+        armoredNodePassphrase: link.NodePassphrase,
+        armoredNodePassphraseSignature: link.NodePassphraseSignature || undefined,
+    };
+
+    if (link.Type === 1 && link.FolderProperties) {
+        return {
+            ...baseNodeMetadata,
+            encryptedCrypto: {
+                ...baseCryptoNodeMetadata,
+                folder: {
+                    armoredHashKey: link.FolderProperties.NodeHashKey as string,
+                },
+            },
+        };
+    }
+
+    if (link.Type === 2 && link.FileProperties?.ContentKeyPacket) {
+        return {
+            ...baseNodeMetadata,
+            totalStorageSize: link.FileProperties.ActiveRevision?.Size || undefined,
+            mediaType: link.MIMEType || undefined,
+            encryptedCrypto: {
+                ...baseCryptoNodeMetadata,
+                file: {
+                    base64ContentKeyPacket: link.FileProperties.ContentKeyPacket,
+                },
+            },
+        };
+    }
+
+    throw new Error(`Unknown node type: ${link.Type}`);
+}