npm - @protontech/drive-sdk - Versions diffs - 0.7.3 → 0.9.0 - Mend

@protontech/drive-sdk 0.7.3 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (83) hide show

package/dist/crypto/driveCrypto.js +1 -1
package/dist/crypto/driveCrypto.js.map +1 -1
package/dist/crypto/interface.d.ts +3 -1
package/dist/crypto/openPGPCrypto.d.ts +4 -1
package/dist/crypto/openPGPCrypto.js +2 -1
package/dist/crypto/openPGPCrypto.js.map +1 -1
package/dist/errors.d.ts +1 -1
package/dist/errors.js +2 -2
package/dist/errors.js.map +1 -1
package/dist/interface/account.d.ts +6 -0
package/dist/interface/download.d.ts +14 -0
package/dist/internal/apiService/driveTypes.d.ts +197 -22
package/dist/internal/download/controller.d.ts +3 -0
package/dist/internal/download/controller.js +7 -0
package/dist/internal/download/controller.js.map +1 -1
package/dist/internal/download/cryptoService.js +9 -2
package/dist/internal/download/cryptoService.js.map +1 -1
package/dist/internal/download/fileDownloader.js +9 -3
package/dist/internal/download/fileDownloader.js.map +1 -1
package/dist/internal/download/fileDownloader.test.js +14 -11
package/dist/internal/download/fileDownloader.test.js.map +1 -1
package/dist/internal/download/interface.d.ts +14 -0
package/dist/internal/download/interface.js +16 -0
package/dist/internal/download/interface.js.map +1 -1
package/dist/internal/nodes/apiService.d.ts +2 -1
package/dist/internal/nodes/apiService.js +5 -2
package/dist/internal/nodes/apiService.js.map +1 -1
package/dist/internal/nodes/cryptoService.d.ts +1 -0
package/dist/internal/nodes/cryptoService.js +28 -4
package/dist/internal/nodes/cryptoService.js.map +1 -1
package/dist/internal/nodes/cryptoService.test.js +70 -2
package/dist/internal/nodes/cryptoService.test.js.map +1 -1
package/dist/internal/nodes/nodesManagement.d.ts +2 -1
package/dist/internal/nodes/nodesManagement.js +6 -1
package/dist/internal/nodes/nodesManagement.js.map +1 -1
package/dist/internal/shares/apiService.js +2 -0
package/dist/internal/shares/apiService.js.map +1 -1
package/dist/internal/sharingPublic/nodes.d.ts +1 -1
package/dist/internal/sharingPublic/nodes.js +2 -2
package/dist/internal/sharingPublic/nodes.js.map +1 -1
package/dist/internal/upload/apiService.d.ts +1 -0
package/dist/internal/upload/apiService.js +12 -0
package/dist/internal/upload/apiService.js.map +1 -1
package/dist/internal/upload/manager.js +19 -1
package/dist/internal/upload/manager.js.map +1 -1
package/dist/internal/upload/manager.test.js +23 -0
package/dist/internal/upload/manager.test.js.map +1 -1
package/dist/internal/upload/streamUploader.js +1 -1
package/dist/internal/upload/streamUploader.js.map +1 -1
package/dist/protonDriveClient.d.ts +1 -1
package/dist/protonDriveClient.js +3 -3
package/dist/protonDriveClient.js.map +1 -1
package/dist/protonDrivePhotosClient.js +1 -1
package/dist/protonDrivePhotosClient.js.map +1 -1
package/dist/protonDrivePublicLinkClient.d.ts +3 -1
package/dist/protonDrivePublicLinkClient.js +4 -2
package/dist/protonDrivePublicLinkClient.js.map +1 -1
package/package.json +1 -1
package/src/crypto/driveCrypto.ts +1 -0
package/src/crypto/interface.ts +1 -0
package/src/crypto/openPGPCrypto.ts +3 -0
package/src/errors.ts +2 -2
package/src/interface/account.ts +6 -0
package/src/interface/download.ts +16 -0
package/src/internal/apiService/driveTypes.ts +197 -22
package/src/internal/download/controller.ts +9 -0
package/src/internal/download/cryptoService.ts +13 -3
package/src/internal/download/fileDownloader.test.ts +17 -11
package/src/internal/download/fileDownloader.ts +9 -5
package/src/internal/download/interface.ts +15 -0
package/src/internal/nodes/apiService.ts +20 -6
package/src/internal/nodes/cryptoService.test.ts +113 -2
package/src/internal/nodes/cryptoService.ts +53 -8
package/src/internal/nodes/nodesManagement.ts +7 -1
package/src/internal/shares/apiService.ts +3 -1
package/src/internal/sharingPublic/nodes.ts +2 -2
package/src/internal/upload/apiService.ts +25 -0
package/src/internal/upload/manager.test.ts +37 -0
package/src/internal/upload/manager.ts +17 -1
package/src/internal/upload/streamUploader.ts +1 -1
package/src/protonDriveClient.ts +3 -3
package/src/protonDrivePhotosClient.ts +1 -1
package/src/protonDrivePublicLinkClient.ts +4 -2

package/src/internal/nodes/cryptoService.test.ts CHANGED Viewed

@@ -20,6 +20,9 @@ describe('nodesCryptoService', () => {
     let cryptoService: NodesCryptoService;
+    const publicAddressKey = { _idx: 21312 };
+    const ownPrivateAddressKey = { id: 'id', key: 'key' as unknown as PrivateKey };
     beforeEach(() => {
         jest.clearAllMocks();
@@ -71,7 +74,15 @@ describe('nodesCryptoService', () => {
         };
         account = {
             // @ts-expect-error No need to implement all methods for mocking
-            getPublicKeys: jest.fn(async () => [{ _idx: 21312 }]),
+            getPublicKeys: jest.fn(async () => [publicAddressKey]),
+            getOwnAddresses: jest.fn(async () => [
+                {
+                    email: 'email',
+                    addressId: 'addressId',
+                    primaryKeyIndex: 0,
+                    keys: [ownPrivateAddressKey],
+                },
+            ]),
         };
         // @ts-expect-error No need to implement all methods for mocking
         sharesService = {
@@ -576,6 +587,7 @@ describe('nodesCryptoService', () => {
                 armoredNodePassphraseSignature: 'armoredNodePassphraseSignature',
                 file: {
                     base64ContentKeyPacket: 'base64ContentKeyPacket',
+                    armoredContentKeyPacketSignature: 'armoredContentKeyPacketSignature',
                 },
                 activeRevision: {
                     uid: 'revisionUid',
@@ -764,7 +776,7 @@ describe('nodesCryptoService', () => {
                 });
             });
-            it('on content key packet', async () => {
+            it('on content key packet without fallback verification', async () => {
                 driveCrypto.decryptAndVerifySessionKey = jest.fn(
                     async () =>
                         Promise.resolve({
@@ -789,6 +801,105 @@ describe('nodesCryptoService', () => {
                     error: 'verification error',
                 });
             });
+            it('on content key packet with successful fallback verification', async () => {
+                driveCrypto.decryptAndVerifySessionKey = jest
+                    .fn()
+                    .mockImplementationOnce(
+                        async () =>
+                            Promise.resolve({
+                                sessionKey: 'contentKeyPacketSessionKey',
+                                verified: VERIFICATION_STATUS.SIGNED_AND_INVALID,
+                                verificationErrors: [new Error('verification error')],
+                            }) as any,
+                    )
+                    .mockImplementationOnce(
+                        async () =>
+                            Promise.resolve({
+                                sessionKey: 'contentKeyPacketSessionKey',
+                                verified: VERIFICATION_STATUS.SIGNED_AND_VALID,
+                            }) as any,
+                    );
+                const result = await cryptoService.decryptNode(
+                    {
+                        ...encryptedNode,
+                        creationTime: new Date('2022-01-01'),
+                    },
+                    parentKey,
+                );
+                verifyResult(result);
+                expect(driveCrypto.decryptAndVerifySessionKey).toHaveBeenCalledTimes(2);
+                expect(driveCrypto.decryptAndVerifySessionKey).toHaveBeenCalledWith(
+                    'base64ContentKeyPacket',
+                    'armoredContentKeyPacketSignature',
+                    'decryptedKey',
+                    ['decryptedKey', publicAddressKey],
+                );
+                expect(driveCrypto.decryptAndVerifySessionKey).toHaveBeenCalledWith(
+                    'base64ContentKeyPacket',
+                    'armoredContentKeyPacketSignature',
+                    'decryptedKey',
+                    [ownPrivateAddressKey.key],
+                );
+                expect(telemetry.recordMetric).not.toHaveBeenCalled();
+            });
+            it('on content key packet with failed fallback verification', async () => {
+                driveCrypto.decryptAndVerifySessionKey = jest
+                    .fn()
+                    .mockImplementationOnce(
+                        async () =>
+                            Promise.resolve({
+                                sessionKey: 'contentKeyPacketSessionKey',
+                                verified: VERIFICATION_STATUS.SIGNED_AND_INVALID,
+                                verificationErrors: [new Error('verification error')],
+                            }) as any,
+                    )
+                    .mockImplementationOnce(
+                        async () =>
+                            Promise.resolve({
+                                sessionKey: 'contentKeyPacketSessionKey',
+                                verified: VERIFICATION_STATUS.SIGNED_AND_INVALID,
+                                verificationErrors: [new Error('fallback verification error')],
+                            }) as any,
+                    );
+                const result = await cryptoService.decryptNode(
+                    {
+                        ...encryptedNode,
+                        creationTime: new Date('2022-01-01'),
+                    },
+                    parentKey,
+                );
+                verifyResult(result, {
+                    keyAuthor: {
+                        ok: false,
+                        error: {
+                            claimedAuthor: 'signatureEmail',
+                            error: 'Signature verification for content key failed: verification error',
+                        },
+                    },
+                });
+                expect(driveCrypto.decryptAndVerifySessionKey).toHaveBeenCalledTimes(2);
+                expect(driveCrypto.decryptAndVerifySessionKey).toHaveBeenCalledWith(
+                    'base64ContentKeyPacket',
+                    'armoredContentKeyPacketSignature',
+                    'decryptedKey',
+                    ['decryptedKey', publicAddressKey],
+                );
+                expect(driveCrypto.decryptAndVerifySessionKey).toHaveBeenCalledWith(
+                    'base64ContentKeyPacket',
+                    'armoredContentKeyPacketSignature',
+                    'decryptedKey',
+                    [ownPrivateAddressKey.key],
+                );
+                verifyLogEventVerificationError({
+                    field: 'nodeContentKey',
+                    error: 'verification error',
+                    fromBefore2024: true,
+                });
+            });
         });
         describe('should decrypt with decryption issues', () => {

package/src/internal/nodes/cryptoService.ts CHANGED Viewed

@@ -25,6 +25,7 @@ import {
     EncryptedRevision,
     DecryptedUnparsedRevision,
     NodeSigningKeys,
+    EncryptedNodeFileCrypto,
 } from './interface';
 export interface NodesCryptoReporter {
@@ -200,14 +201,7 @@ export class NodesCryptoService {
         if ('file' in node.encryptedCrypto) {
             const [activeRevisionPromise, contentKeyPacketSessionKeyPromise] = [
                 this.decryptRevision(node.uid, node.encryptedCrypto.activeRevision, key),
-                this.driveCrypto.decryptAndVerifySessionKey(
-                    node.encryptedCrypto.file.base64ContentKeyPacket,
-                    node.encryptedCrypto.file.armoredContentKeyPacketSignature,
-                    key,
-                    // Content key packet is signed with the node key, but
-                    // in the past some clients signed with the address key.
-                    [key, ...keyVerificationKeys],
-                ),
+                this.decryptContentKeyPacket(node, node.encryptedCrypto, key, keyVerificationKeys),
             ];
             try {
@@ -502,6 +496,57 @@ export class NodesCryptoService {
         };
     }
+    private async decryptContentKeyPacket(
+        node: EncryptedNode,
+        encryptedCrypto: EncryptedNodeFileCrypto,
+        key: PrivateKey,
+        keyVerificationKeys: PublicKey[],
+    ): Promise<{
+        sessionKey: SessionKey;
+        verified?: VERIFICATION_STATUS;
+        verificationErrors?: Error[];
+    }> {
+        const result = await this.driveCrypto.decryptAndVerifySessionKey(
+            encryptedCrypto.file.base64ContentKeyPacket,
+            encryptedCrypto.file.armoredContentKeyPacketSignature,
+            key,
+            // Content key packet is signed with the node key, but
+            // in the past some clients signed with the address key.
+            [key, ...keyVerificationKeys],
+        );
+        // Return right away if the verification is signed or not signed.
+        // If the verification is failing and the file is before 2023, try
+        // to decrypt with all owners keys. Because of the old nodes signed
+        // with address key instead of node key, when the node was renamed
+        // or moved, it could change the address but without updating the
+        // content key packet, which is now failing.
+        if (result.verified !== VERIFICATION_STATUS.SIGNED_AND_INVALID || node.creationTime > new Date(2023, 0, 1)) {
+            return result;
+        }
+        const allAddresses = await this.account.getOwnAddresses();
+        const allKeys = allAddresses.flatMap((address) => address.keys.map(({ key }) => key));
+        const resultWithAllKeys = await this.driveCrypto.decryptAndVerifySessionKey(
+            encryptedCrypto.file.base64ContentKeyPacket,
+            encryptedCrypto.file.armoredContentKeyPacketSignature,
+            key,
+            // Content key packet is signed with the node key, but
+            // in the past some clients signed with the address key.
+            allKeys,
+        );
+        // Return original result with original error if the fallback verification also fails.
+        if (resultWithAllKeys.verified === VERIFICATION_STATUS.SIGNED_AND_VALID) {
+            this.logger.warn(
+                'Content key packet signature verification failed, but fallback to all addresses succeeded',
+            );
+            return resultWithAllKeys;
+        }
+        return result;
+    }
     private async decryptExtendedAttributes(
         node: { uid: string; creationTime: Date },
         encryptedExtendedAttributes: string | undefined,

package/src/internal/nodes/nodesManagement.ts CHANGED Viewed

@@ -127,6 +127,12 @@ export abstract class NodesManagementBase<
         }
     }
+    async emptyTrash(): Promise<void> {
+        const node = await this.nodesAccess.getVolumeRootFolder();
+        const { volumeId } = splitNodeUid(node.uid);
+        await this.apiService.emptyTrash(volumeId);
+    }
     async moveNode(nodeUid: string, newParentUid: string): Promise<TDecryptedNode> {
         const node = await this.nodesAccess.getNode(nodeUid);
@@ -293,7 +299,7 @@ export abstract class NodesManagementBase<
         }
     }
-    async *deleteNodes(nodeUids: string[], signal?: AbortSignal): AsyncGenerator<NodeResult> {
+    async *deleteTrashedNodes(nodeUids: string[], signal?: AbortSignal): AsyncGenerator<NodeResult> {
         for await (const result of this.apiService.deleteTrashedNodes(nodeUids, signal)) {
             if (result.ok) {
                 await this.nodesAccess.notifyNodeDeleted(result.uid);

package/src/internal/shares/apiService.ts CHANGED Viewed

@@ -173,7 +173,7 @@ function convertSharePayload(response: GetShareResponse): EncryptedShare {
     };
 }
-function convertShareTypeNumberToEnum(type: 1 | 2 | 3 | 4): ShareType {
+function convertShareTypeNumberToEnum(type: 1 | 2 | 3 | 4 | 5): ShareType {
     switch (type) {
         case 1:
             return ShareType.Main;
@@ -183,5 +183,7 @@ function convertShareTypeNumberToEnum(type: 1 | 2 | 3 | 4): ShareType {
             return ShareType.Device;
         case 4:
             return ShareType.Photo;
+        case 5:
+            throw new Error('Organization shares are not supported yet');
     }
 }

package/src/internal/sharingPublic/nodes.ts CHANGED Viewed

@@ -87,10 +87,10 @@ export class SharingPublicNodesManagement extends NodesManagement {
         super(apiService, cryptoCache, cryptoService, nodesAccess);
     }
-    async *deleteNodes(nodeUids: string[], signal?: AbortSignal): AsyncGenerator<NodeResult> {
+    async *deleteMyNodes(nodeUids: string[], signal?: AbortSignal): AsyncGenerator<NodeResult> {
         // Public link does not support trashing and deleting trashed nodes.
         // Instead, if user is owner, API allows directly deleting existing nodes.
-        for await (const result of this.apiService.deleteExistingNodes(nodeUids, signal)) {
+        for await (const result of this.apiService.deleteMyNodes(nodeUids, signal)) {
             if (result.ok) {
                 await this.nodesAccess.notifyNodeDeleted(result.uid);
             }

package/src/internal/upload/apiService.ts CHANGED Viewed

@@ -45,6 +45,13 @@ type PostDeleteNodesRequest = Extract<
 type PostDeleteNodesResponse =
     drivePaths['/drive/v2/volumes/{volumeID}/delete_multiple']['post']['responses']['200']['content']['application/json'];
+type PostLoadLinksMetadataRequest = Extract<
+    drivePaths['/drive/v2/volumes/{volumeID}/links']['post']['requestBody'],
+    { content: object }
+>['content']['application/json'];
+type PostLoadLinksMetadataResponse =
+    drivePaths['/drive/v2/volumes/{volumeID}/links']['post']['responses']['200']['content']['application/json'];
 export class UploadAPIService {
     constructor(
         protected apiService: DriveAPIService,
@@ -262,4 +269,22 @@ export class UploadAPIService {
         await this.apiService.postBlockStream(url, token, formData, onProgress, signal);
     }
+    async isRevisionUploaded(nodeRevisionUid: string): Promise<boolean> {
+        const { volumeId, nodeId, revisionId } = splitNodeRevisionUid(nodeRevisionUid);
+        const result = await this.apiService.post<PostLoadLinksMetadataRequest, PostLoadLinksMetadataResponse>(
+            `drive/v2/volumes/${volumeId}/links`,
+            {
+                LinkIDs: [nodeId],
+            },
+        );
+        if (result.Links.length === 0) {
+            return false;
+        }
+        const link = result.Links[0];
+        return (
+            link.Link.State === 1 && // ACTIVE state
+            link.File?.ActiveRevision?.RevisionID === revisionId
+        );
+    }
 }

package/src/internal/upload/manager.test.ts CHANGED Viewed

@@ -327,5 +327,42 @@ describe('UploadManager', () => {
             expect(nodesService.notifyChildCreated).toHaveBeenCalledWith('parentUid');
             expect(nodesService.notifyNodeChanged).not.toHaveBeenCalled();
         });
+        it('should ignore error if revision was committed successfully', async () => {
+            apiService.commitDraftRevision = jest
+                .fn()
+                .mockRejectedValue(new Error('Revision to commit must be a draft'));
+            apiService.isRevisionUploaded = jest.fn().mockResolvedValue(true);
+            await manager.commitDraft(nodeRevisionDraft as any, manifest, extendedAttributes);
+            expect(apiService.commitDraftRevision).toHaveBeenCalledWith(
+                nodeRevisionDraft.nodeRevisionUid,
+                expect.anything(),
+            );
+            expect(nodesService.notifyNodeChanged).toHaveBeenCalled();
+        });
+        it('should throw error if revision was not committed successfully', async () => {
+            apiService.commitDraftRevision = jest
+                .fn()
+                .mockRejectedValue(new Error('Revision to commit must be a draft'));
+            apiService.isRevisionUploaded = jest.fn().mockResolvedValue(false);
+            await expect(manager.commitDraft(nodeRevisionDraft as any, manifest, extendedAttributes)).rejects.toThrow(
+                'Revision to commit must be a draft',
+            );
+            expect(nodesService.notifyNodeChanged).not.toHaveBeenCalled();
+        });
+        it('should throw original error if revision cannot be verified', async () => {
+            apiService.commitDraftRevision = jest.fn().mockRejectedValue(new Error('Failed to commit revision'));
+            apiService.isRevisionUploaded = jest.fn().mockRejectedValue(new Error('Failed to verify revision'));
+            await expect(manager.commitDraft(nodeRevisionDraft as any, manifest, extendedAttributes)).rejects.toThrow(
+                'Failed to commit revision',
+            );
+            expect(nodesService.notifyNodeChanged).not.toHaveBeenCalled();
+        });
     });
 });

package/src/internal/upload/manager.ts CHANGED Viewed

@@ -246,7 +246,23 @@ export class UploadManager {
             manifest,
             generatedExtendedAttributes,
         );
-        await this.apiService.commitDraftRevision(nodeRevisionDraft.nodeRevisionUid, nodeCommitCrypto);
+        try {
+            await this.apiService.commitDraftRevision(nodeRevisionDraft.nodeRevisionUid, nodeCommitCrypto);
+        } catch (error: unknown) {
+            // Commit might be sent but due to network error no response is
+            // received. In this case, API service automatically retries the
+            // request. If the first attempt passed, it will fail on the second
+            // attempt. We need to check if the revision was actually committed.
+            try {
+                const isRevisionUploaded = await this.apiService.isRevisionUploaded(nodeRevisionDraft.nodeRevisionUid);
+                if (!isRevisionUploaded) {
+                    throw error;
+                }
+            } catch {
+                throw error; // Throw original error, not the checking one.
+            }
+            this.logger.warn(`Node commit failed but node was committed successfully ${nodeRevisionDraft.nodeUid}`);
+        }
         await this.notifyNodeUploaded(nodeRevisionDraft);
     }

package/src/internal/upload/streamUploader.ts CHANGED Viewed

@@ -181,7 +181,7 @@ export class StreamUploader {
             await this.controller.waitWhilePaused();
             await this.waitForUploadCapacityAndBufferedBlocks();
-            if (this.isEncryptionFullyFinished) {
+            if (this.isEncryptionFullyFinished || this.isUploadAborted) {
                 break;
             }

package/src/protonDriveClient.ts CHANGED Viewed

@@ -495,7 +495,7 @@ export class ProtonDriveClient {
     }
     /**
-     * Delete the nodes permanently.
+     * Delete the trashed nodes permanently. Only the owner can do that.
      *
      * The operation is performed in batches and the results are yielded
      * as they are available. Order of the results is not guaranteed.
@@ -509,12 +509,12 @@ export class ProtonDriveClient {
      */
     async *deleteNodes(nodeUids: NodeOrUid[], signal?: AbortSignal): AsyncGenerator<NodeResult> {
         this.logger.info(`Deleting ${nodeUids.length} nodes`);
-        yield* this.nodes.management.deleteNodes(getUids(nodeUids), signal);
+        yield* this.nodes.management.deleteTrashedNodes(getUids(nodeUids), signal);
     }
     async emptyTrash(): Promise<void> {
         this.logger.info('Emptying trash');
-        throw new Error('Method not implemented');
+        return this.nodes.management.emptyTrash();
     }
     /**

package/src/protonDrivePhotosClient.ts CHANGED Viewed

@@ -295,7 +295,7 @@ export class ProtonDrivePhotosClient {
      */
     async *deleteNodes(nodeUids: NodeOrUid[], signal?: AbortSignal): AsyncGenerator<NodeResult> {
         this.logger.info(`Deleting ${nodeUids.length} nodes`);
-        yield* this.nodes.management.deleteNodes(getUids(nodeUids), signal);
+        yield * this.nodes.management.deleteTrashedNodes(getUids(nodeUids), signal);
     }
     /**

package/src/protonDrivePublicLinkClient.ts CHANGED Viewed

@@ -233,13 +233,15 @@ export class ProtonDrivePublicLinkClient {
     }
     /**
-     * Delete the nodes permanently.
+     * Delete own nodes permanently. It skips the trash and allows to delete
+     * only nodes that are owned by the user. For anonymous files, this method
+     * allows to delete them only in the same session.
      *
      * See `ProtonDriveClient.deleteNodes` for more information.
      */
     async *deleteNodes(nodeUids: NodeOrUid[], signal?: AbortSignal): AsyncGenerator<NodeResult> {
         this.logger.info(`Deleting ${nodeUids.length} nodes`);
-        yield* this.sharingPublic.nodes.management.deleteNodes(getUids(nodeUids), signal);
+        yield* this.sharingPublic.nodes.management.deleteMyNodes(getUids(nodeUids), signal);
     }
     /**