@protontech/drive-sdk 0.3.0 → 0.3.2

package/dist/protonDrivePublicLinkClient.js

@@ -0,0 +1,73 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProtonDrivePublicLinkClient = void 0;
+const config_1 = require("./config");
+const crypto_1 = require("./crypto");
+const telemetry_1 = require("./telemetry");
+const transformers_1 = require("./transformers");
+const apiService_1 = require("./internal/apiService");
+const sdkEvents_1 = require("./internal/sdkEvents");
+const sharingPublic_1 = require("./internal/sharingPublic");
+/**
+ * ProtonDrivePublicLinkClient is the interface for the public link client.
+ *
+ * The client provides high-level operations for managing nodes, and
+ * downloading/uploading files.
+ *
+ * Do not use this client direclty, use ProtonDriveClient instead.
+ * The main client handles public link sessions and provides access to
+ * public links.
+ *
+ * See `experimental.getPublicLinkInfo` and `experimental.authPublicLink`
+ * for more information.
+ */
+class ProtonDrivePublicLinkClient {
+    logger;
+    sdkEvents;
+    sharingPublic;
+    experimental;
+    constructor({ httpClient, cryptoCache, account, openPGPCryptoModule, srpModule, config, telemetry, token, password, }) {
+        if (!telemetry) {
+            telemetry = new telemetry_1.Telemetry();
+        }
+        this.logger = telemetry.getLogger('interface');
+        const fullConfig = (0, config_1.getConfig)(config);
+        this.sdkEvents = new sdkEvents_1.SDKEvents(telemetry);
+        const apiService = new apiService_1.DriveAPIService(telemetry, this.sdkEvents, httpClient, fullConfig.baseUrl, fullConfig.language);
+        const driveCrypto = new crypto_1.DriveCrypto(openPGPCryptoModule, srpModule);
+        this.sharingPublic = (0, sharingPublic_1.initSharingPublicModule)(telemetry, apiService, cryptoCache, driveCrypto, account, token, password);
+        this.experimental = {
+            getNodeUrl: async (nodeUid) => {
+                this.logger.debug(`Getting node URL for ${(0, transformers_1.getUid)(nodeUid)}`);
+                // TODO: public node has different URL
+                return '';
+            },
+            getDocsKey: async (nodeUid) => {
+                this.logger.debug(`Getting docs keys for ${(0, transformers_1.getUid)(nodeUid)}`);
+                const keys = await this.sharingPublic.getNodeKeys((0, transformers_1.getUid)(nodeUid));
+                if (!keys.contentKeyPacketSessionKey) {
+                    throw new Error('Node does not have a content key packet session key');
+                }
+                return keys.contentKeyPacketSessionKey;
+            },
+        };
+    }
+    /**
+     * @returns The root folder to the public link.
+     */
+    async getRootNode() {
+        this.logger.info(`Getting root node`);
+        return (0, transformers_1.convertInternalNodePromise)(this.sharingPublic.getRootNode());
+    }
+    /**
+     * Iterates the children of the given parent node.
+     *
+     * See `ProtonDriveClient.iterateFolderChildren` for more information.
+     */
+    async *iterateFolderChildren(parentUid, signal) {
+        this.logger.info(`Iterating children of ${(0, transformers_1.getUid)(parentUid)}`);
+        yield* (0, transformers_1.convertInternalNodeIterator)(this.sharingPublic.iterateFolderChildren((0, transformers_1.getUid)(parentUid), signal));
+    }
+}
+exports.ProtonDrivePublicLinkClient = ProtonDrivePublicLinkClient;
+//# sourceMappingURL=protonDrivePublicLinkClient.js.map

package/dist/protonDrivePublicLinkClient.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"protonDrivePublicLinkClient.js","sourceRoot":"","sources":["../src/protonDrivePublicLinkClient.ts"],"names":[],"mappings":";;;AAAA,qCAAqC;AACrC,qCAA6E;AAW7E,2CAAwC;AACxC,iDAAiG;AACjG,sDAAwD;AACxD,oDAAiD;AACjD,4DAAmE;AAEnE;;;;;;;;;;;;GAYG;AACH,MAAa,2BAA2B;IAC5B,MAAM,CAAS;IACf,SAAS,CAAY;IACrB,aAAa,CAA6C;IAE3D,YAAY,CAejB;IAEF,YAAY,EACR,UAAU,EACV,WAAW,EACX,OAAO,EACP,mBAAmB,EACnB,SAAS,EACT,MAAM,EACN,SAAS,EACT,KAAK,EACL,QAAQ,GAWX;QACG,IAAI,CAAC,SAAS,EAAE,CAAC;YACb,SAAS,GAAG,IAAI,qBAAS,EAAE,CAAC;QAChC,CAAC;QACD,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAE/C,MAAM,UAAU,GAAG,IAAA,kBAAS,EAAC,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,SAAS,GAAG,IAAI,qBAAS,CAAC,SAAS,CAAC,CAAC;QAE1C,MAAM,UAAU,GAAG,IAAI,4BAAe,CAClC,SAAS,EACT,IAAI,CAAC,SAAS,EACd,UAAU,EACV,UAAU,CAAC,OAAO,EAClB,UAAU,CAAC,QAAQ,CACtB,CAAC;QACF,MAAM,WAAW,GAAG,IAAI,oBAAW,CAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC;QACpE,IAAI,CAAC,aAAa,GAAG,IAAA,uCAAuB,EACxC,SAAS,EACT,UAAU,EACV,WAAW,EACX,WAAW,EACX,OAAO,EACP,KAAK,EACL,QAAQ,CACX,CAAC;QAEF,IAAI,CAAC,YAAY,GAAG;YAChB,UAAU,EAAE,KAAK,EAAE,OAAkB,EAAE,EAAE;gBACrC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,IAAA,qBAAM,EAAC,OAAO,CAAC,EAAE,CAAC,CAAC;gBAC7D,sCAAsC;gBACtC,OAAO,EAAE,CAAC;YACd,CAAC;YACD,UAAU,EAAE,KAAK,EAAE,OAAkB,EAAE,EAAE;gBACrC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,yBAAyB,IAAA,qBAAM,EAAC,OAAO,CAAC,EAAE,CAAC,CAAC;gBAC9D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,IAAA,qBAAM,EAAC,OAAO,CAAC,CAAC,CAAC;gBACnE,IAAI,CAAC,IAAI,CAAC,0BAA0B,EAAE,CAAC;oBACnC,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;gBAC3E,CAAC;gBACD,OAAO,IAAI,CAAC,0BAA0B,CAAC;YAC3C,CAAC;SACJ,CAAC;IACN,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACb,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACtC,OAAO,IAAA,yCAA0B,EAAC,IAAI,CAAC,aAAa,CAAC,WAAW,EAAE,CAAC,CAAC;IACxE,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,CAAC,qBAAqB,CAAC,SAAoB,EAAE,MAAoB;QACnE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yBAAyB,IAAA,qBAAM,EAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAC/D,KAAM,CAAC,CAAC,IAAA,0CAA2B,EAAC,IAAI,CAAC,aAAa,CAAC,qBAAqB,CAAC,IAAA,qBAAM,EAAC,SAAS,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IAC7G,CAAC;CACJ;AAvGD,kEAuGC"}

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@protontech/drive-sdk",
-    "version": "0.3.0",
+    "version": "0.3.2",
     "description": "Proton Drive SDK",
     "license": "GPL-3.0",
     "main": "dist/index.js",

package/src/crypto/driveCrypto.ts

@@ -170,7 +170,7 @@ export class DriveCrypto {
     async decryptKey(
         armoredKey: string,
         armoredPassphrase: string,
-        armoredPassphraseSignature: string,
+        armoredPassphraseSignature: string | undefined,
         decryptionKeys: PrivateKey[],
         verificationKeys: PublicKey[],
     ): Promise<{

package/src/crypto/interface.ts

@@ -52,6 +52,17 @@ export enum VERIFICATION_STATUS {
 }
 
 export interface SRPModule {
+    getSrp: (
+        version: number,
+        modulus: string,
+        serverEphemeral: string,
+        salt: string,
+        password: string,
+    ) => Promise<{
+        expectedServerProof: string;
+        clientProof: string;
+        clientEphemeral: string;
+    }>;
     getSrpVerifier: (password: string) => Promise<SRPVerifier>;
     computeKeyPassword: (password: string, salt: string) => Promise<string>;
 }
@@ -229,7 +240,7 @@ export interface OpenPGPCrypto {
 
     decryptArmoredAndVerifyDetached: (
         armoredData: string,
-        armoredSignature: string,
+        armoredSignature: string | undefined,
         sessionKey: SessionKey,
         verificationKeys: PublicKey | PublicKey[],
     ) => Promise<{

package/src/crypto/openPGPCrypto.ts

@@ -1,3 +1,4 @@
+import { c } from 'ttag';
 import { OpenPGPCrypto, PrivateKey, PublicKey, SessionKey, VERIFICATION_STATUS } from './interface';
 import { uint8ArrayToBase64String } from './utils';
 
@@ -393,7 +394,7 @@ export class OpenPGPCryptoWithCryptoProxy implements OpenPGPCrypto {
 
     async decryptArmoredAndVerifyDetached(
         armoredData: string,
-        armoredSignature: string,
+        armoredSignature: string | undefined,
         sessionKey: SessionKey,
         verificationKeys: PublicKey | PublicKey[],
     ) {
@@ -410,7 +411,9 @@ export class OpenPGPCryptoWithCryptoProxy implements OpenPGPCrypto {
             // pmcrypto 8.3.0 changes `verified` to `verificationStatus`.
             // Proper typing is too complex, it will be removed to support only newer pmcrypto.
             verified: verified || verificationStatus!,
-            verificationErrors,
+            verificationErrors: !armoredSignature
+                ? [new Error(c('Error').t`Signature is missing`)]
+                : verificationErrors,
         };
     }
 

package/src/diagnostic/httpClient.ts

@@ -1,7 +1,7 @@
 import {
     ProtonDriveHTTPClient,
-    ProtonDriveHTTPClientBlobOptions,
-    ProtonDriveHTTPClientJsonOptions,
+    ProtonDriveHTTPClientBlobRequest,
+    ProtonDriveHTTPClientJsonRequest,
 } from '../interface';
 import { EventsGenerator } from './eventsGenerator';
 
@@ -19,7 +19,7 @@ export class DiagnosticHTTPClient extends EventsGenerator implements ProtonDrive
         this.httpClient = httpClient;
     }
 
-    async fetchJson(options: ProtonDriveHTTPClientJsonOptions): Promise<Response> {
+    async fetchJson(options: ProtonDriveHTTPClientJsonRequest): Promise<Response> {
         try {
             const response = await this.httpClient.fetchJson(options);
 
@@ -78,7 +78,7 @@ export class DiagnosticHTTPClient extends EventsGenerator implements ProtonDrive
         }
     }
 
-    fetchBlob(options: ProtonDriveHTTPClientBlobOptions): Promise<Response> {
+    fetchBlob(options: ProtonDriveHTTPClientBlobRequest): Promise<Response> {
         return this.httpClient.fetchBlob(options);
     }
 }

package/src/interface/httpClient.ts

@@ -1,18 +1,18 @@
 export interface ProtonDriveHTTPClient {
-    fetchJson(options: ProtonDriveHTTPClientJsonOptions): Promise<Response>;
-    fetchBlob(options: ProtonDriveHTTPClientBlobOptions): Promise<Response>;
+    fetchJson(request: ProtonDriveHTTPClientJsonRequest): Promise<Response>;
+    fetchBlob(request: ProtonDriveHTTPClientBlobRequest): Promise<Response>;
 }
 
-export type ProtonDriveHTTPClientJsonOptions = ProtonDriveHTTPClientBaseOptions & {
+export type ProtonDriveHTTPClientJsonRequest = ProtonDriveHTTPClientBaseRequest & {
     json?: object;
 };
 
-export type ProtonDriveHTTPClientBlobOptions = ProtonDriveHTTPClientBaseOptions & {
+export type ProtonDriveHTTPClientBlobRequest = ProtonDriveHTTPClientBaseRequest & {
     body?: XMLHttpRequestBodyInit;
     onProgress?: (progress: number) => void;
 };
 
-type ProtonDriveHTTPClientBaseOptions = {
+type ProtonDriveHTTPClientBaseRequest = {
     url: string;
     method: string;
     headers: Headers;

package/src/interface/index.ts

@@ -27,8 +27,8 @@ export type {
 export { DriveEventType, SDKEvent } from './events';
 export type {
     ProtonDriveHTTPClient,
-    ProtonDriveHTTPClientJsonOptions,
-    ProtonDriveHTTPClientBlobOptions,
+    ProtonDriveHTTPClientJsonRequest,
+    ProtonDriveHTTPClientBlobRequest,
 } from './httpClient';
 export type {
     MaybeNode,
@@ -89,10 +89,22 @@ export type ProtonDriveTelemetry = Telemetry<MetricEvent>;
 export type ProtonDriveEntitiesCache = ProtonDriveCache<string>;
 export type ProtonDriveCryptoCache = ProtonDriveCache<CachedCryptoMaterial>;
 export type CachedCryptoMaterial = {
-    passphrase?: string;
-    key: PrivateKey;
-    passphraseSessionKey: SessionKey;
-    hashKey?: Uint8Array;
+    nodeKeys?: {
+        // Passphrase should not be needed to keep, sessionKey should be enough.
+        // We will improve this in the future.
+        passphrase: string;
+        key: PrivateKey;
+        passphraseSessionKey: SessionKey;
+        contentKeyPacketSessionKey?: SessionKey;
+        hashKey?: Uint8Array;
+    };
+    shareKey?: {
+        key: PrivateKey;
+        passphraseSessionKey: SessionKey;
+    };
+    publicShareKey?: {
+        key: PrivateKey;
+    };
 };
 
 export interface ProtonDriveClientContructorParameters {

package/src/internal/apiService/apiService.ts

@@ -165,7 +165,7 @@ export class DriveAPIService {
             if (error instanceof ProtonDriveError) {
                 throw error;
             }
-            throw apiErrorFactory({ response });
+            throw apiErrorFactory({ response, error });
         }
     }
 

package/src/internal/apiService/errorCodes.ts

@@ -1,5 +1,6 @@
 export const enum HTTPErrorCode {
     OK = 200,
+    UNAUTHORIZED = 401,
     NOT_FOUND = 404,
     TOO_MANY_REQUESTS = 429,
     INTERNAL_SERVER_ERROR = 500,

package/src/internal/apiService/errors.test.ts

@@ -62,7 +62,8 @@ describe('apiErrorFactory should return', () => {
     it('NotFoundAPIError when code is ErrorCode.NOT_EXISTS', () => {
         const error = apiErrorFactory(mockAPIResponseAndResult({ code: ErrorCode.NOT_EXISTS, message: 'Not found' }));
         expect(error).toBeInstanceOf(errors.NotFoundAPIError);
-        expectAPICodeError(error, ErrorCode.NOT_EXISTS, 'Not found');
+        expect(error.message).toBe('Not found');
+        expect((error as errors.NotFoundAPIError).code).toBe(ErrorCode.NOT_EXISTS);
     });
 });
 

package/src/internal/apiService/errors.ts

@@ -3,12 +3,23 @@ import { c } from 'ttag';
 import { ServerError, ValidationError } from '../../errors';
 import { ErrorCode, HTTPErrorCode } from './errorCodes';
 
-export function apiErrorFactory({ response, result }: { response: Response; result?: unknown }): ServerError {
+export function apiErrorFactory({
+    response,
+    result,
+    error,
+}: {
+    response: Response;
+    result?: unknown;
+    error?: unknown;
+}): ServerError {
     // Backend responses with 404 both in the response and body code.
     // In such a case we want to stick to APIHTTPError to be very clear
     // it is not NotFoundAPIError.
     if (response.status === HTTPErrorCode.NOT_FOUND || !result) {
-        return new APIHTTPError(response.statusText || c('Error').t`Unknown error`, response.status);
+        const fallbackMessage = error instanceof Error ? error.message : c('Error').t`Unknown error`;
+        const apiHttpError = new APIHTTPError(response.statusText || fallbackMessage, response.status);
+        apiHttpError.cause = error;
+        return apiHttpError;
     }
 
     const typedResult = result as {
@@ -40,7 +51,7 @@ export function apiErrorFactory({ response, result }: { response: Response; resu
 
     switch (code) {
         case ErrorCode.NOT_EXISTS:
-            return new NotFoundAPIError(message, code);
+            return new NotFoundAPIError(message, code, details);
         // ValidationError should be only when it is clearly user input error,
         // otherwise it should be ServerError.
         // Here we convert only general enough codes. Specific cases that are
@@ -94,6 +105,6 @@ export class APICodeError extends ServerError {
     }
 }
 
-export class NotFoundAPIError extends APICodeError {
+export class NotFoundAPIError extends ValidationError {
     name = 'NotFoundAPIError';
 }

package/src/internal/download/cryptoService.ts

@@ -49,7 +49,7 @@ export class DownloadCryptoService {
             );
         } catch (error: unknown) {
             const message = getErrorMessage(error);
-            throw new DecryptionError(c('Error').t`Failed to decrypt block: ${message}`);
+            throw new DecryptionError(c('Error').t`Failed to decrypt block: ${message}`, { cause: error });
         }
 
         return decryptedBlock;
@@ -66,7 +66,7 @@ export class DownloadCryptoService {
             decryptedBlock = result.decryptedThumbnail;
         } catch (error: unknown) {
             const message = getErrorMessage(error);
-            throw new DecryptionError(c('Error').t`Failed to decrypt thumbnail: ${message}`);
+            throw new DecryptionError(c('Error').t`Failed to decrypt thumbnail: ${message}`, { cause: error });
         }
 
         return decryptedBlock;

package/src/internal/download/fileDownloader.test.ts

@@ -123,8 +123,10 @@ describe('FileDownloader', () => {
 
         const verifyOnProgress = async (downloadedBytes: number[]) => {
             expect(onProgress).toHaveBeenCalledTimes(downloadedBytes.length);
+            let fileProgress = 0;
             for (let i = 0; i < downloadedBytes.length; i++) {
-                expect(onProgress).toHaveBeenNthCalledWith(i + 1, downloadedBytes[i]);
+                fileProgress += downloadedBytes[i];
+                expect(onProgress).toHaveBeenNthCalledWith(i + 1, fileProgress);
             }
         };
 

package/src/internal/download/fileDownloader.ts

@@ -134,7 +134,7 @@ export class FileDownloader {
             const blockData = await this.downloadBlockData(blockMetadata, true, cryptoKeys);
             return blockData.slice(blockOffset);
         } catch (error: unknown) {
-            return error instanceof Error ? error : new Error(`Unknown error: ${error}`);
+            return error instanceof Error ? error : new Error(`Unknown error: ${error}`, { cause: error });
         }
     }
 
@@ -193,7 +193,7 @@ export class FileDownloader {
                     cryptoKeys,
                     (downloadedBytes) => {
                         fileProgress += downloadedBytes;
-                        onProgress?.(downloadedBytes);
+                        onProgress?.(fileProgress);
                     },
                 );
                 this.ongoingDownloads.set(blockMetadata.index, { downloadPromise });

package/src/internal/events/index.ts

@@ -7,7 +7,7 @@ import { VolumeEventManager } from './volumeEventManager';
 import { EventManager } from './eventManager';
 import { SharesManager } from '../shares/manager';
 
-export type { DriveEvent, DriveListener } from './interface';
+export type { DriveEvent, DriveListener, EventSubscription } from './interface';
 export { DriveEventType } from './interface';
 
 const OWN_VOLUME_POLLING_INTERVAL = 30;

package/src/internal/nodes/cache.ts

@@ -53,7 +53,9 @@ export class NodesCache {
             return deserialiseNode(nodeData);
         } catch (error: unknown) {
             await this.removeCorruptedNode({ nodeUid }, error);
-            throw new Error(`Failed to deserialise node: ${error instanceof Error ? error.message : error}`);
+            throw new Error(`Failed to deserialise node: ${error instanceof Error ? error.message : error}`, {
+                cause: error,
+            });
         }
     }
 

package/src/internal/nodes/cryptoCache.test.ts

@@ -18,10 +18,7 @@ describe('nodesCryptoCache', () => {
 
     beforeEach(async () => {
         memoryCache = new MemoryCache();
-        await memoryCache.setEntity('nodeKeys-missingPassphrase', {
-            key: 'privateKey',
-            sessionKey: 'sessionKey',
-        } as any);
+        await memoryCache.setEntity('nodeKeys-missingProperties', {} as any);
 
         cache = new NodesCryptoCache(getMockLogger(), memoryCache);
     });
@@ -96,14 +93,14 @@ describe('nodesCryptoCache', () => {
 
     it('should throw an error when retrieving a bad keys and remove the key', async () => {
         try {
-            await cache.getNodeKeys('missingPassphrase');
+            await cache.getNodeKeys('missingProperties');
             throw new Error('Should have thrown an error');
         } catch (error) {
-            expect(`${error}`).toBe('Error: Failed to deserialize node keys: missing passphrase');
+            expect(`${error}`).toBe('Error: Failed to deserialize node keys');
         }
 
         try {
-            await memoryCache.getEntity('nodeKeys-missingPassphrase');
+            await memoryCache.getEntity('nodeKeys-missingProperties');
             throw new Error('Should have thrown an error');
         } catch (error) {
             expect(`${error}`).toBe('Error: Entity not found');

package/src/internal/nodes/cryptoCache.ts

@@ -18,12 +18,14 @@ export class NodesCryptoCache {
 
     async setNodeKeys(nodeUid: string, keys: DecryptedNodeKeys): Promise<void> {
         const cacheUid = getCacheKey(nodeUid);
-        await this.driveCache.setEntity(cacheUid, keys);
+        await this.driveCache.setEntity(cacheUid, {
+            nodeKeys: keys,
+        });
     }
 
     async getNodeKeys(nodeUid: string): Promise<DecryptedNodeKeys> {
         const nodeKeysData = await this.driveCache.getEntity(getCacheKey(nodeUid));
-        if (!nodeKeysData.passphrase) {
+        if (!nodeKeysData.nodeKeys) {
             try {
                 await this.removeNodeKeys([nodeUid]);
             } catch (removingError: unknown) {
@@ -33,12 +35,9 @@ export class NodesCryptoCache {
                     `Failed to remove corrupted node keys from the cache: ${removingError instanceof Error ? removingError.message : removingError}`,
                 );
             }
-            throw new Error(`Failed to deserialize node keys: missing passphrase`);
+            throw new Error(`Failed to deserialize node keys`);
         }
-        return {
-            ...nodeKeysData,
-            passphrase: nodeKeysData.passphrase,
-        };
+        return nodeKeysData.nodeKeys;
     }
 
     async removeNodeKeys(nodeUids: string[]): Promise<void> {

package/src/internal/nodes/cryptoReporter.ts

@@ -0,0 +1,145 @@
+import { VERIFICATION_STATUS } from '../../crypto';
+import {
+    resultOk,
+    resultError,
+    Author,
+    AnonymousUser,
+    ProtonDriveTelemetry,
+    Logger,
+    MetricsDecryptionErrorField,
+    MetricVerificationErrorField,
+} from '../../interface';
+import { getVerificationMessage } from '../errors';
+import { splitNodeUid } from '../uids';
+import {
+    EncryptedNode,
+    SharesService,
+} from './interface';
+
+export class NodesCryptoReporter {
+    private logger: Logger;
+
+    private reportedDecryptionErrors = new Set<string>();
+    private reportedVerificationErrors = new Set<string>();
+
+    constructor(
+        private telemetry: ProtonDriveTelemetry,
+        private shareService: SharesService,
+    ) {
+        this.telemetry = telemetry;
+        this.logger = telemetry.getLogger('nodes-crypto');
+        this.shareService = shareService;
+    }
+
+    async handleClaimedAuthor(
+        node: { uid: string; creationTime: Date },
+        field: MetricVerificationErrorField,
+        signatureType: string,
+        verified: VERIFICATION_STATUS,
+        verificationErrors?: Error[],
+        claimedAuthor?: string,
+        notAvailableVerificationKeys = false,
+    ): Promise<Author> {
+        const author = handleClaimedAuthor(
+            signatureType,
+            verified,
+            verificationErrors,
+            claimedAuthor,
+            notAvailableVerificationKeys,
+        );
+        if (!author.ok) {
+            void this.reportVerificationError(node, field, verificationErrors, claimedAuthor);
+        }
+        return author;
+    }
+
+    async reportVerificationError(
+        node: { uid: string; creationTime: Date },
+        field: MetricVerificationErrorField,
+        verificationErrors?: Error[],
+        claimedAuthor?: string,
+    ) {
+        if (this.reportedVerificationErrors.has(node.uid)) {
+            return;
+        }
+        this.reportedVerificationErrors.add(node.uid);
+
+        const fromBefore2024 = node.creationTime < new Date('2024-01-01');
+
+        let addressMatchingDefaultShare, volumeType;
+        try {
+            const { volumeId } = splitNodeUid(node.uid);
+            const { email } = await this.shareService.getMyFilesShareMemberEmailKey();
+            addressMatchingDefaultShare = claimedAuthor ? claimedAuthor === email : undefined;
+            volumeType = await this.shareService.getVolumeMetricContext(volumeId);
+        } catch (error: unknown) {
+            this.logger.error('Failed to check if claimed author matches default share', error);
+        }
+
+        this.logger.warn(
+            `Failed to verify ${field} for node ${node.uid} (from before 2024: ${fromBefore2024}, matching address: ${addressMatchingDefaultShare})`,
+        );
+
+        this.telemetry.recordMetric({
+            eventName: 'verificationError',
+            volumeType,
+            field,
+            addressMatchingDefaultShare,
+            fromBefore2024,
+            error: verificationErrors?.map((e) => e.message).join(', '),
+            uid: node.uid,
+        });
+    }
+
+    async reportDecryptionError(node: EncryptedNode, field: MetricsDecryptionErrorField, error: unknown) {
+        if (this.reportedDecryptionErrors.has(node.uid)) {
+            return;
+        }
+
+        const fromBefore2024 = node.creationTime < new Date('2024-01-01');
+
+        let volumeType;
+        try {
+            const { volumeId } = splitNodeUid(node.uid);
+            volumeType = await this.shareService.getVolumeMetricContext(volumeId);
+        } catch (error: unknown) {
+            this.logger.error('Failed to get metric context', error);
+        }
+
+        this.logger.error(`Failed to decrypt node ${node.uid} (from before 2024: ${fromBefore2024})`, error);
+
+        this.telemetry.recordMetric({
+            eventName: 'decryptionError',
+            volumeType,
+            field,
+            fromBefore2024,
+            error,
+            uid: node.uid,
+        });
+        this.reportedDecryptionErrors.add(node.uid);
+    }
+}
+
+/**
+ * @param signatureType - Must be translated before calling this function.
+ */
+function handleClaimedAuthor(
+    signatureType: string,
+    verified: VERIFICATION_STATUS,
+    verificationErrors?: Error[],
+    claimedAuthor?: string,
+    notAvailableVerificationKeys = false,
+): Author {
+    if (!claimedAuthor && notAvailableVerificationKeys) {
+        return resultOk(null as AnonymousUser);
+    }
+
+    if (verified === VERIFICATION_STATUS.SIGNED_AND_VALID) {
+        return resultOk(claimedAuthor || (null as AnonymousUser));
+    }
+
+    return resultError({
+        claimedAuthor,
+        error: getVerificationMessage(verified, verificationErrors, signatureType, notAvailableVerificationKeys),
+    });
+}

package/src/internal/nodes/cryptoService.test.ts

@@ -3,6 +3,7 @@ import { MemberRole, ProtonDriveAccount, ProtonDriveTelemetry, RevisionState } f
 import { getMockTelemetry } from '../../tests/telemetry';
 import { DecryptedNode, DecryptedNodeKeys, DecryptedUnparsedNode, EncryptedNode, SharesService } from './interface';
 import { NodesCryptoService } from './cryptoService';
+import { NodesCryptoReporter } from './cryptoReporter';
 
 describe('nodesCryptoService', () => {
     let telemetry: ProtonDriveTelemetry;
@@ -74,7 +75,8 @@ describe('nodesCryptoService', () => {
             getVolumeMetricContext: jest.fn().mockResolvedValue('own_volume'),
         };
 
-        cryptoService = new NodesCryptoService(telemetry, driveCrypto, account, sharesService);
+        const nodesCryptoReporter = new NodesCryptoReporter(telemetry, sharesService);
+        cryptoService = new NodesCryptoService(telemetry, driveCrypto, account, nodesCryptoReporter);
     });
 
     const parentKey = 'parentKey' as unknown as PrivateKey;