@secrecy/lib 1.62.0-feat-node-sharing.2 → 1.62.0-feat-node-sharing.4

package/dist/lib/base-client.js

@@ -25,21 +25,23 @@ export class BaseClient {
             account: opts.secrecyUrls?.account ?? 'https://account.secrecy.tech',
             api: opts.secrecyUrls?.api ?? 'https://api.secrecy.tech',
         };
-        this.client = BaseClient.getBaseClient({
-            session: opts.session,
-            apiUrl: this.secrecyUrls.api,
-            onAccessDenied: async () => {
-                console.log('[BASE_CLIENT - BEFORE] - Access denied');
-                await opts.onAccessDenied?.();
-                console.log('[BASE_CLIENT - AFTER] - Access denied');
-                try {
-                    await this.logout();
-                }
-                finally {
-                    location.reload();
-                }
-            },
-        });
+        this.client =
+            opts.apiClient ??
+                BaseClient.getBaseClient({
+                    session: opts.session,
+                    apiUrl: this.secrecyUrls.api,
+                    onAccessDenied: async () => {
+                        console.log('[BASE_CLIENT - BEFORE] - Access denied');
+                        await opts.onAccessDenied?.();
+                        console.log('[BASE_CLIENT - AFTER] - Access denied');
+                        try {
+                            await this.logout();
+                        }
+                        finally {
+                            location.reload();
+                        }
+                    },
+                });
     }
     async logout(sessionId) {
         if (sessionId === null || sessionId === undefined) {

package/dist/lib/client/SecrecyAppClient.js

@@ -76,12 +76,12 @@ export class SecrecyAppClient {
             ...new Set(userIds.filter((userId) => publicKeys[userId] === undefined)),
         ];
         if (missingKeys.length > 0) {
-            const userKeysMap = await this.#apiClient.application.userPublicKey.query(userIds);
+            const userKeysMap = await this.#apiClient.application.userPublicKey.query(missingKeys);
             if ('publicKey' in userKeysMap) {
                 throw Error('Should not happen!');
             }
             if (Object.keys(userKeysMap).length !== missingKeys.length) {
-                throw new Error("Unable to load some user's  public keys!");
+                throw new Error("Unable to load some user's public keys!");
             }
             for (const userId in userKeysMap) {
                 publicKeys[userId] = userKeysMap[userId];

package/dist/lib/client/SecrecyCloudClient.js

@@ -1,6 +1,5 @@
 import axios from 'axios';
 import ky from 'ky';
-import { encryptName } from '../index.js';
 import { nodesCache, dataCache, dataContentCache, nodesEncryptionCache, } from '../cache.js';
 import { secretStreamKeygen } from '../crypto/data.js';
 import { decryptCryptoBox, encryptCryptoBox } from '../crypto/index.js';
@@ -10,10 +9,12 @@ import { enumerate, chunks, concatenate } from '../utils/array.js';
 import { md5 } from '../worker/md5.js';
 import { decrypt, encrypt } from '../worker/sodium.js';
 import { apiDataToExternal, apiDataToInternal } from './convert/data.js';
-import { apiNodeFullToInternalFull, apiNodeToExternal, apiNodeToExternalNodeFull, internalNodeFullToNodeFull, } from './convert/node.js';
+import { apiNodeForEncryptionToInternal, apiNodeFullToInternalFull, apiNodeToExternal, apiNodeToExternalNodeFull, internalNodeFullToNodeFull, } from './convert/node.js';
 import { promiseAllLimit } from '../utils/promise.js';
 import { kiloToBytes } from '../utils.js';
 import { fileTypeFromBuffer } from 'file-type';
+import { encryptName, generateAndEncryptNameAndKey } from '../crypto/domain.js';
+import { chunkByTotalItems } from '../utils/object.js';
 export class SecrecyCloudClient {
     #client;
     #keys;
@@ -32,18 +33,24 @@ export class SecrecyCloudClient {
         const data = node.history.find((d) => d.id === dataId);
         if (data !== undefined) {
             const users = node.users.filter(([u]) => u.id !== this.#client.app.userId);
+            const userIds = users.map(([user]) => user.id);
+            const userKeys = await this.#client.app.userPublicKey(userIds);
+            const shares = users.map(([user]) => {
+                const publicKey = userKeys[user.id];
+                if (!publicKey) {
+                    throw new Error('Unable to retreive share by public key!');
+                }
+                return {
+                    id: user.id,
+                    key: data.key
+                        ? sodium.to_hex(encryptCryptoBox(sodium.from_hex(data.key), publicKey, this.#keys.privateKey))
+                        : null,
+                };
+            });
             await this.#apiClient.cloud.shareDataInHistory.mutate({
                 dataId: data.id,
                 nodeId,
-                users: await Promise.all(users.map(async ([u]) => {
-                    const userPubKey = await this.#client.app.userPublicKey(u.id);
-                    return {
-                        id: u.id,
-                        key: data.key
-                            ? sodium.to_hex(encryptCryptoBox(sodium.from_hex(data.key), userPubKey, this.#keys.privateKey))
-                            : null,
-                    };
-                })),
+                users: shares,
             });
         }
         return internalNodeFullToNodeFull(node);
@@ -284,15 +291,17 @@ export class SecrecyCloudClient {
         return isDeleted;
     }
     async createFolder({ name, parentFolderId, }) {
-        const key = secretStreamKeygen();
-        const encryptedName = await encryptName(name, sodium.to_hex(key));
-        const encryptedKey = encryptCryptoBox(key, this.#keys.publicKey, this.#keys.privateKey);
-        const createFolder = await this.#apiClient.cloud.createFolder.mutate({
+        const { encryptedNameKey, encryptedName } = await generateAndEncryptNameAndKey({
+            name,
+            privateKey: this.#keys.privateKey,
+            publicKey: this.#keys.publicKey,
+        });
+        const createdFolder = await this.#apiClient.cloud.createFolder.mutate({
             name: encryptedName,
             parentId: parentFolderId ?? null,
-            nameKey: sodium.to_hex(encryptedKey),
+            nameKey: sodium.to_hex(encryptedNameKey),
         });
-        const folder = await apiNodeToExternalNodeFull(createFolder, this.#keys);
+        const folder = await apiNodeToExternalNodeFull(createdFolder, this.#keys);
         const users = folder.parent?.users?.filter(([u]) => u.id !== this.#client.app.userId) ??
             [];
         if (users.length > 0) {
@@ -316,7 +325,7 @@ export class SecrecyCloudClient {
         });
         return apiDataToExternal(data, this.#keys);
     }
-    async shareNode(input) {
+    async shareNode(input, progress) {
         const userIds = 'rights' in input
             ? Array.isArray(input.nodes)
                 ? input.nodes.map(({ userId }) => userId)
@@ -324,27 +333,70 @@ export class SecrecyCloudClient {
                     ? input.nodes.userIds
                     : [input.nodes.userId]
             : input.users.map(({ id }) => id);
-        const nodesToShare = 'nodes' in input
-            ? input.nodes
-            : {
-                nodeId: input.nodeId,
-                userIds: input.users.map(({ id }) => id),
-            };
         const [publicKeysMap, nodesIdsMap] = await Promise.all([
             this.#client.app.userPublicKey(userIds),
-            this.#apiClient.cloud.shareNode.mutate(nodesToShare),
+            this.#apiClient.cloud.shareNode.mutate('nodes' in input
+                ? input.nodes
+                : {
+                    nodeId: input.nodeId,
+                    userIds: input.users.map(({ id }) => id),
+                }),
         ]);
-        const nodesInfos = await this.encryptNodesForUsers(nodesIdsMap, publicKeysMap);
-        const sharingState = await this.#apiClient.cloud.shareNodeFinish.mutate(Object.entries(nodesInfos).map('rights' in input
-            ? ([userId, nodes]) => ({ userId, nodes, rights: input.rights })
-            : ([userId, nodes]) => {
-                const user = input.users.find((user) => user.id === userId);
-                if (!user) {
-                    throw new Error(`Unable to find rights for user: ${userId}`);
-                }
-                return { userId, nodes, rights: user.rights };
-            }));
-        return sharingState;
+        const maxNodesBatchSize = 1000;
+        const totalNodesToShare = Object.values(nodesIdsMap).reduce((size, ids) => size + ids.length, 0);
+        const chunks = totalNodesToShare > maxNodesBatchSize
+            ? chunkByTotalItems(nodesIdsMap, maxNodesBatchSize)
+            : [nodesIdsMap];
+        const details = await chunks.reduce(async (pendingState, nodesMap, index) => {
+            const state = await pendingState;
+            const infos = await this.encryptNodesForUsers(nodesMap, publicKeysMap);
+            const subState = await this.#apiClient.cloud.shareNodeFinish.mutate(Object.entries(infos).map('rights' in input
+                ? ([userId, nodes]) => ({ userId, nodes, rights: input.rights })
+                : ([userId, nodes]) => {
+                    const user = input.users.find((user) => user.id === userId);
+                    if (!user) {
+                        throw new Error(`Unable to find rights for user: ${userId}`);
+                    }
+                    return { userId, nodes, rights: user.rights };
+                }));
+            const currentProgress = Math.min((index + 1) * maxNodesBatchSize, totalNodesToShare);
+            progress?.({
+                total: totalNodesToShare,
+                current: currentProgress,
+                percent: Math.round((currentProgress / totalNodesToShare) * 100),
+            });
+            return {
+                missingNodeAccesses: [
+                    ...state.missingNodeAccesses,
+                    ...(subState.isFinished
+                        ? []
+                        : subState.details.missingNodeAccesses),
+                ],
+                missingDataAccesses: [
+                    ...state.missingDataAccesses,
+                    ...(subState.isFinished
+                        ? []
+                        : subState.details.missingDataAccesses),
+                ],
+                invalidRightsAccesses: [
+                    ...state.invalidRightsAccesses,
+                    ...(subState.isFinished
+                        ? []
+                        : subState.details.invalidRightsAccesses),
+                ],
+            };
+        }, Promise.resolve({
+            missingNodeAccesses: [],
+            missingDataAccesses: [],
+            invalidRightsAccesses: [],
+        }));
+        const errorDetailsLength = details.invalidRightsAccesses.length +
+            details.missingDataAccesses.length +
+            details.missingNodeAccesses.length;
+        return {
+            isFinished: errorDetailsLength === 0,
+            details: details,
+        };
     }
     async updateNode({ nodeId, name, isFavorite, deletedAt, }) {
         let node = nodesCache.get(nodeId);
@@ -514,9 +566,11 @@ export class SecrecyCloudClient {
         key = key
             ? sodium.to_hex(encryptCryptoBox(sodium.from_hex(key), this.#keys.publicKey, this.#keys.privateKey))
             : null;
-        const nameKey = secretStreamKeygen();
-        const encryptedName = await encryptName(name, sodium.to_hex(nameKey));
-        const encryptedNameKey = sodium.to_hex(encryptCryptoBox(nameKey, this.#keys.publicKey, this.#keys.privateKey));
+        const { encryptedNameKey, encryptedName } = await generateAndEncryptNameAndKey({
+            name,
+            privateKey: this.#keys.privateKey,
+            publicKey: this.#keys.publicKey,
+        });
         const saveInCloud = await this.#apiClient.cloud.saveInCloud.mutate({
             dataId,
             key,
@@ -581,18 +635,10 @@ export class SecrecyCloudClient {
             const diff = missingNodeIds.filter((id) => !fetchedNodes.some((node) => node.id === id));
             throw new Error(`Unable to fetch some node infos (${diff.join(', ')})`);
         }
-        nodes.push(...fetchedNodes.map((node) => {
-            return {
-                id: node.id,
-                type: node.type,
-                name: node.name,
-                access: { nameKey: node.access.nameKey },
-                history: node.history.map((data) => ({
-                    id: data.id,
-                    key: data.access.key,
-                })),
-            };
+        const finalNodes = await Promise.all(fetchedNodes.map((node) => {
+            return apiNodeForEncryptionToInternal(node, this.#keys);
         }));
+        nodes.push(...finalNodes);
         const nodesMappedUsers = {};
         for (const userId in userNodes) {
             nodesMappedUsers[userId] ??= [];
@@ -607,7 +653,6 @@ export class SecrecyCloudClient {
                 }
                 const nameKey = node.access?.nameKey;
                 const publicKey = userPublicKeys[userId];
-                nodesEncryptionCache.set(node.id, node);
                 nodesMappedUsers[userId].push({
                     id: node.id,
                     nameKey: nameKey !== null

package/dist/lib/client/convert/node.js

@@ -1,6 +1,6 @@
 import { sodium } from '../../sodium.js';
 import { decryptCryptoBox } from '../../crypto/index.js';
-import { nodesCache } from '../../cache.js';
+import { nodesCache, nodesEncryptionCache } from '../../cache.js';
 import { decryptSecretStream } from '../../crypto/data.js';
 import { apiDataToInternal, internalDataToExternalData } from './data.js';
 async function apiNodeToInternal(apiNode, keyPair) {
@@ -46,7 +46,7 @@ export async function apiNodeFullToInternalFull(apiNodeFull, keyPair) {
     const f = await apiNodeToInternal(apiNodeFull, keyPair);
     const nodeFull = {
         ...f,
-        current: apiNodeFull.current !== null
+        current: !!apiNodeFull.current
             ? apiDataToInternal(apiNodeFull.current, keyPair)
             : undefined,
         parent: apiNodeFull.parent !== null
@@ -92,3 +92,27 @@ export async function apiNodeToExternal(apiNode, keyPair) {
     const internal = await apiNodeToInternal(apiNode, keyPair);
     return internalNodeToNode(internal);
 }
+export async function apiNodeForEncryptionToInternal(apiNode, keyPair) {
+    const history = apiNode.history.map((history) => {
+        const key = decryptCryptoBox(sodium.from_hex(history.access.key), history.access.sharedByPublicKey, keyPair.privateKey);
+        return {
+            id: history.id,
+            key: sodium.to_hex(key),
+        };
+    });
+    const internal = {
+        id: apiNode.id,
+        type: apiNode.type,
+        access: apiNode.access,
+        name: apiNode.name,
+        history: history,
+    };
+    internal.access = { ...apiNode.access };
+    if (apiNode.access.nameKey !== null) {
+        const key = decryptCryptoBox(sodium.from_hex(apiNode.access.nameKey), apiNode.access.sharedByPublicKey, keyPair.privateKey);
+        internal.name = sodium.to_string(await decryptSecretStream(key, sodium.from_hex(internal.name)));
+        internal.access.nameKey = sodium.to_hex(key);
+    }
+    nodesEncryptionCache.set(apiNode.id, internal);
+    return internal;
+}

package/dist/lib/client/index.js

@@ -1,6 +1,4 @@
 import { BaseClient } from '../base-client.js';
-import { encryptSecretStream } from '../crypto/data.js';
-import { sodium } from '../sodium.js';
 import { SecrecyCloudClient } from './SecrecyCloudClient.js';
 import { SecrecyMailClient } from './SecrecyMailClient.js';
 import { SecrecyAppClient } from './SecrecyAppClient.js';
@@ -11,11 +9,6 @@ import { SecrecyPayClient } from './SecrecyPayClient.js';
 import { SecrecyUserClient } from './SecrecyUserClient.js';
 import { SecrecyPseudonymClient } from './SecrecyPseudonymClient.js';
 import { decryptAnonymous } from '../crypto/index.js';
-export const encryptName = async (name, nameKey) => {
-    const { data } = await encryptSecretStream(sodium.from_hex(nameKey), sodium.from_string(name));
-    const nameEncrypted = sodium.to_hex(data);
-    return nameEncrypted;
-};
 export class SecrecyClient extends BaseClient {
     #keys;
     cloud;
@@ -30,6 +23,7 @@ export class SecrecyClient extends BaseClient {
         super({
             session: opts.uaSession,
             secrecyUrls: opts.secrecyUrls,
+            apiClient: opts.apiClient,
             onAccessDenied: async () => {
                 console.log('[CLIENT] - Access denied');
                 try {

package/dist/lib/crypto/domain.js

@@ -0,0 +1,17 @@
+import { encryptCryptoBox } from '.';
+import { sodium } from '../sodium';
+import { encryptSecretStream, secretStreamKeygen } from './data';
+export async function encryptName(name, nameKey) {
+    const { data } = await encryptSecretStream(sodium.from_hex(nameKey), sodium.from_string(name));
+    return sodium.to_hex(data);
+}
+export async function generateAndEncryptNameAndKey(args) {
+    const nameKey = secretStreamKeygen();
+    const encryptedName = await encryptName(args.name, sodium.to_hex(nameKey));
+    const encryptedNameKey = sodium.to_hex(encryptCryptoBox(nameKey, args.publicKey, args.privateKey));
+    return {
+        nameKey,
+        encryptedName,
+        encryptedNameKey,
+    };
+}

package/dist/lib/utils/object.js

@@ -0,0 +1,29 @@
+export function chunkByTotalItems(input, maxItemsPerChunk = 1000) {
+    const entries = Object.entries(input);
+    const chunks = [];
+    let currentChunk = {};
+    let currentCount = 0;
+    for (const [key, values] of entries) {
+        let i = 0;
+        while (i < values.length) {
+            const remaining = maxItemsPerChunk - currentCount;
+            const take = Math.min(remaining, values.length - i);
+            if (!currentChunk[key]) {
+                currentChunk[key] = [];
+            }
+            currentChunk[key].push(...values.slice(i, i + take));
+            currentCount += take;
+            i += take;
+            if (currentCount === maxItemsPerChunk) {
+                chunks.push(currentChunk);
+                currentChunk = {};
+                currentCount = 0;
+            }
+        }
+    }
+    // Last chunk
+    if (currentCount > 0) {
+        chunks.push(currentChunk);
+    }
+    return chunks;
+}

package/dist/lib/worker/md5.js

@@ -1,18 +1,33 @@
+import SparkMD5 from 'spark-md5';
 import { workerMd5Script } from './workerCodes.js';
-export async function md5(data) {
-    return await new Promise((resolve, reject) => {
-        const worker = new Worker(URL.createObjectURL(new Blob([workerMd5Script], { type: 'text/javascript' })));
-        worker.addEventListener('error', reject);
-        worker.addEventListener('messageerror', reject);
-        worker.addEventListener('message', ({ data }) => {
-            if (data.event === 'md5-result') {
-                worker.terminate();
-                resolve(data.data);
-            }
-        });
-        worker.postMessage({
-            event: 'md5',
-            data,
-        });
-    });
+function* chunks(arr, n) {
+    for (let i = 0; i < arr.length; i += n) {
+        yield arr.slice(i, i + n);
+    }
 }
+const CHUNK_SIZE = 8192;
+export const md5 = process.env.NODE_ENV !== 'test'
+    ? async (data) => {
+        return await new Promise((resolve, reject) => {
+            const worker = new Worker(URL.createObjectURL(new Blob([workerMd5Script], { type: 'text/javascript' })));
+            worker.addEventListener('error', reject);
+            worker.addEventListener('messageerror', reject);
+            worker.addEventListener('message', ({ data }) => {
+                if (data.event === 'md5-result') {
+                    worker.terminate();
+                    resolve(data.data);
+                }
+            });
+            worker.postMessage({
+                event: 'md5',
+                data,
+            });
+        });
+    }
+    : async (data) => {
+        const spark = new SparkMD5.ArrayBuffer();
+        for (const chunk of chunks(data, CHUNK_SIZE)) {
+            spark.append(chunk.buffer);
+        }
+        return spark.end();
+    };

package/dist/lib/worker/sodium.js

@@ -1,3 +1,4 @@
+import { decryptSecretStream, encryptSecretStream, } from '../crypto/data.js';
 import { workerSodiumScript } from './workerCodes.js';
 // const ensureNonDetachedUniqueBuffers = (
 //   values: Transferable[]
@@ -11,85 +12,93 @@ import { workerSodiumScript } from './workerCodes.js';
 //       }
 //     })
 //   );
-export async function encrypt(key, dataToEncrypt, progress, signal) {
-    return await new Promise((resolve, reject) => {
-        void progress?.({
-            current: 0,
-            percent: 0,
-            total: dataToEncrypt.byteLength,
-        });
-        const worker = new Worker(URL.createObjectURL(new Blob([workerSodiumScript], { type: 'text/javascript' })));
-        worker.addEventListener('error', reject);
-        worker.addEventListener('messageerror', reject);
-        worker.addEventListener('message', ({ data }) => {
-            switch (data.event) {
-                case 'ready': {
-                    const postData = {
-                        event: 'encrypt',
-                        data: dataToEncrypt,
-                        key,
-                    };
-                    worker.postMessage(postData, {
-                        transfer: [postData.data.buffer],
-                    });
-                    break;
-                }
-                case 'encrypt-progress': {
-                    if (signal?.aborted === true) {
-                        const abortError = new Error('Aborted');
-                        abortError.name = 'AbortError';
+export const encrypt = process.env.NODE_ENV !== 'test'
+    ? async (key, dataToEncrypt, progress, signal) => {
+        return await new Promise((resolve, reject) => {
+            void progress?.({
+                current: 0,
+                percent: 0,
+                total: dataToEncrypt.byteLength,
+            });
+            const worker = new Worker(URL.createObjectURL(new Blob([workerSodiumScript], { type: 'text/javascript' })));
+            worker.addEventListener('error', reject);
+            worker.addEventListener('messageerror', reject);
+            worker.addEventListener('message', ({ data }) => {
+                switch (data.event) {
+                    case 'ready': {
+                        const postData = {
+                            event: 'encrypt',
+                            data: dataToEncrypt,
+                            key,
+                        };
+                        worker.postMessage(postData, {
+                            transfer: [postData.data.buffer],
+                        });
+                        break;
+                    }
+                    case 'encrypt-progress': {
+                        if (signal?.aborted === true) {
+                            const abortError = new Error('Aborted');
+                            abortError.name = 'AbortError';
+                            worker.terminate();
+                            reject(abortError);
+                        }
+                        void progress?.(data.data);
+                        break;
+                    }
+                    case 'encrypt-result': {
                         worker.terminate();
-                        reject(abortError);
+                        resolve(data.data);
                     }
-                    void progress?.(data.data);
-                    break;
-                }
-                case 'encrypt-result': {
-                    worker.terminate();
-                    resolve(data.data);
                 }
-            }
+            });
         });
-    });
-}
-export async function decrypt(key, dataToDecrypt, progress, signal) {
-    return await new Promise((resolve, reject) => {
-        void progress?.({
-            current: 0,
-            percent: 0,
-            total: dataToDecrypt.byteLength,
-        });
-        const worker = new Worker(URL.createObjectURL(new Blob([workerSodiumScript], { type: 'text/javascript' })));
-        worker.addEventListener('error', reject);
-        worker.addEventListener('messageerror', reject);
-        worker.addEventListener('message', ({ data }) => {
-            switch (data.event) {
-                case 'ready': {
-                    const postData = {
-                        event: 'decrypt',
-                        key,
-                        data: dataToDecrypt,
-                    };
-                    worker.postMessage(postData, {
-                        transfer: [postData.data.buffer],
-                    });
-                    break;
-                }
-                case 'decrypt-progress': {
-                    if (signal?.aborted === true) {
-                        const abortError = new Error('Aborted');
-                        abortError.name = 'AbortError';
+    }
+    : async (key, dataToEncrypt, progress, signal) => {
+        return encryptSecretStream(key, dataToEncrypt);
+    };
+export const decrypt = process.env.NODE_ENV !== 'test'
+    ? async (key, dataToDecrypt, progress, signal) => {
+        return await new Promise((resolve, reject) => {
+            void progress?.({
+                current: 0,
+                percent: 0,
+                total: dataToDecrypt.byteLength,
+            });
+            const worker = new Worker(URL.createObjectURL(new Blob([workerSodiumScript], { type: 'text/javascript' })));
+            worker.addEventListener('error', reject);
+            worker.addEventListener('messageerror', reject);
+            worker.addEventListener('message', ({ data }) => {
+                switch (data.event) {
+                    case 'ready': {
+                        const postData = {
+                            event: 'decrypt',
+                            key,
+                            data: dataToDecrypt,
+                        };
+                        worker.postMessage(postData, {
+                            transfer: [postData.data.buffer],
+                        });
+                        break;
+                    }
+                    case 'decrypt-progress': {
+                        if (signal?.aborted === true) {
+                            const abortError = new Error('Aborted');
+                            abortError.name = 'AbortError';
+                            worker.terminate();
+                            reject(abortError);
+                        }
+                        void progress?.(data.data);
+                        break;
+                    }
+                    case 'decrypt-result': {
                         worker.terminate();
-                        reject(abortError);
+                        resolve(data.data);
                     }
-                    void progress?.(data.data);
-                    break;
-                }
-                case 'decrypt-result': {
-                    worker.terminate();
-                    resolve(data.data);
                 }
-            }
+            });
         });
-    });
-}
+    }
+    : async (key, dataToDecrypt, progress, signal) => {
+        return decryptSecretStream(key, dataToDecrypt);
+    };

package/dist/lib/worker/workerDependencies.js

@@ -0,0 +1,140 @@
+// @ts-nocheck
+function* chunks(arr, n) {
+    for (let i = 0; i < arr.length; i += n) {
+        yield arr.slice(i, i + n);
+    }
+}
+function assert(c, message) {
+    if (!c) {
+        throw new Error(message);
+    }
+}
+function encrypt(key) {
+    let destroyed = false;
+    const { state, header } = sodium.crypto_secretstream_xchacha20poly1305_init_push(key);
+    const encrypt = (tag, plaintext) => {
+        assert(destroyed === false, 'state already destroyed');
+        return sodium.crypto_secretstream_xchacha20poly1305_push(state, plaintext, null, tag);
+    };
+    function destroy() {
+        assert(destroyed === false, 'state already destroyed');
+        destroyed = true;
+    }
+    return {
+        encrypt,
+        destroy,
+        header,
+    };
+}
+function decrypt(header, key) {
+    assert(header.byteLength >=
+        sodium.crypto_secretstream_xchacha20poly1305_HEADERBYTES, 'header must be at least HEADERBYTES (' +
+        sodium.crypto_secretstream_xchacha20poly1305_HEADERBYTES +
+        ') long');
+    assert(key.byteLength >= sodium.crypto_secretstream_xchacha20poly1305_KEYBYTES, 'key must be at least KEYBYTES (' +
+        sodium.crypto_secretstream_xchacha20poly1305_KEYBYTES +
+        ') long');
+    let destroyed = false;
+    const state = sodium.crypto_secretstream_xchacha20poly1305_init_pull(header, key);
+    const decrypt = (ciphertext) => {
+        assert(destroyed === false, 'state already destroyed');
+        return sodium.crypto_secretstream_xchacha20poly1305_pull(state, ciphertext);
+    };
+    function destroy() {
+        assert(destroyed === false, 'state already destroyed');
+        destroyed = true;
+    }
+    return {
+        decrypt,
+        destroy,
+    };
+}
+const CHUNK_SIZE = 8192;
+export async function encryptSecretstream(key, data, progress) {
+    const { encrypt: crypt, destroy, header } = encrypt(key);
+    const cryptedChunk = CHUNK_SIZE + sodium.crypto_secretstream_xchacha20poly1305_ABYTES;
+    const max = Math.ceil(data.byteLength / CHUNK_SIZE) * cryptedChunk + header.byteLength;
+    progress?.({
+        percent: 0,
+        total: max,
+        current: 0,
+    });
+    const final = new Uint8Array(max);
+    const sparkEncrypted = new SparkMD5.ArrayBuffer();
+    const spark = new SparkMD5.ArrayBuffer();
+    final.set(header);
+    sparkEncrypted.append(header);
+    let total = header.byteLength;
+    progress?.({
+        percent: total / max,
+        total: max,
+        current: total,
+    });
+    let lastPercent = total / max;
+    for (const chunk of chunks(data, CHUNK_SIZE)) {
+        spark.append(chunk);
+        const tag = chunk.length < CHUNK_SIZE
+            ? sodium.crypto_secretstream_xchacha20poly1305_TAG_FINAL
+            : sodium.crypto_secretstream_xchacha20poly1305_TAG_MESSAGE;
+        const crypted = crypt(tag, chunk);
+        sparkEncrypted.append(crypted);
+        final.set(crypted, total);
+        total += crypted.byteLength;
+        const percent = total / max;
+        if (percent > lastPercent + 0.01) {
+            progress?.({
+                percent,
+                total: max,
+                current: total,
+            });
+            lastPercent = percent;
+        }
+    }
+    destroy();
+    progress?.({
+        percent: 1,
+        total,
+        current: total,
+    });
+    return {
+        data: final.slice(0, total),
+        md5Encrypted: sparkEncrypted.end(),
+        md5: spark.end(),
+    };
+}
+export async function decryptSecretstream(key, data, progress) {
+    const header = data.slice(0, sodium.crypto_secretstream_xchacha20poly1305_HEADERBYTES);
+    data = data.slice(sodium.crypto_secretstream_xchacha20poly1305_HEADERBYTES);
+    const { decrypt: decryptt, destroy } = decrypt(header, key);
+    const chunkSize = CHUNK_SIZE + sodium.crypto_secretstream_xchacha20poly1305_ABYTES;
+    const max = Math.ceil(data.byteLength / chunkSize) * CHUNK_SIZE;
+    progress?.({
+        percent: 0,
+        total: max,
+        current: 0,
+    });
+    const final = new Uint8Array(max);
+    let total = 0;
+    let lastPercent = total / max;
+    for (const chunk of chunks(data, chunkSize)) {
+        const tmp = decryptt(chunk);
+        final.set(tmp.message, total);
+        total += tmp.message.byteLength;
+        const percent = total / max;
+        if (percent > lastPercent + 0.01) {
+            progress?.({
+                percent,
+                total: max,
+                current: total,
+            });
+            lastPercent = percent;
+        }
+    }
+    destroy();
+    progress?.({
+        percent: 1,
+        total,
+        current: total,
+    });
+    return final.slice(0, total);
+}

package/dist/types/base-client.d.ts

@@ -8,6 +8,7 @@ export type SecrecyUrls = {
 };
 export type BaseClientOptions = {
     session: string;
+    apiClient?: ApiClient;
     onAccessDenied?: () => void | Promise<void>;
     secrecyUrls?: Partial<SecrecyUrls>;
 };

package/dist/types/client/SecrecyCloudClient.d.ts

@@ -75,7 +75,7 @@ export declare class SecrecyCloudClient {
             id: string;
             rights: Rights;
         }[];
-    }): Promise<RouterOutputs['cloud']['shareNodeFinish']>;
+    }, progress?: ProgressCallback): Promise<RouterOutputs['cloud']['shareNodeFinish']>;
     updateNode({ nodeId, name, isFavorite, deletedAt, }: {
         nodeId: string;
         name?: string | null | undefined;

package/dist/types/client/convert/node.d.ts

@@ -1,5 +1,6 @@
-import type { Node, ApiNode, ApiNodeFull, InternalNodeFull, NodeFull, KeyPair, ApiNodeParent } from '../types/index.js';
+import type { Node, ApiNode, ApiNodeFull, InternalNodeFull, NodeFull, KeyPair, ApiNodeParent, ApiNodeForEncryption, InternalMinimalNodeForEncryption } from '../types/index.js';
 export declare function apiNodeFullToInternalFull(apiNodeFull: ApiNodeFull, keyPair: KeyPair): Promise<InternalNodeFull>;
 export declare function internalNodeFullToNodeFull(internal: InternalNodeFull): NodeFull;
 export declare function apiNodeToExternalNodeFull(apiNodeFull: ApiNodeFull, keyPair: KeyPair): Promise<NodeFull>;
 export declare function apiNodeToExternal(apiNode: ApiNode | ApiNodeParent, keyPair: KeyPair): Promise<Node>;
+export declare function apiNodeForEncryptionToInternal(apiNode: ApiNodeForEncryption, keyPair: KeyPair): Promise<InternalMinimalNodeForEncryption>;

package/dist/types/client/index.d.ts

@@ -6,17 +6,17 @@ import { SecrecyAppClient } from './SecrecyAppClient.js';
 import { SecrecyDbClient } from './SecrecyDbClient.js';
 import { SecrecyWalletClient } from './SecrecyWalletClient.js';
 import { SecrecyPayClient } from './SecrecyPayClient.js';
-import { type RouterInputs } from '../client.js';
+import { ApiClient, type RouterInputs } from '../client.js';
 import { type KeyPair } from './types/index.js';
 import { SecrecyUserClient } from './SecrecyUserClient.js';
 import { SecrecyPseudonymClient } from './SecrecyPseudonymClient.js';
 export type NewMail = Pick<RouterInputs['mail']['createDraft'], 'body' | 'subject' | 'senderFiles' | 'recipients' | 'replyToId'>;
 export type ProgressCallback = (progress: Progress) => Promise<void>;
-export declare const encryptName: (name: string, nameKey: string) => Promise<string>;
 export interface SecrecyClientOptions {
     uaSession: string;
     uaKeys: KeyPair;
     uaJwt: string;
+    apiClient?: ApiClient;
     secrecyUrls?: Partial<SecrecyUrls>;
 }
 export declare class SecrecyClient extends BaseClient {

package/dist/types/client/types/node.d.ts

@@ -58,6 +58,7 @@ export type InternalMinimalNodeForEncryption = {
 export type InternalNode = Node<InternalNodeBreadcrumbItem, NameKey>;
 export type InternalNodeFull = NodeFull<InternalNodeBreadcrumbItem, NameKey, InternalData>;
 export type ApiNode = RouterOutputs['cloud']['nodeById'];
+export type ApiNodeForEncryption = RouterOutputs['cloud']['nodesForEncryption'][number];
 export type ApiNodeFull = RouterOutputs['cloud']['nodeFullById'];
 export type ApiNodeParent = NonNullable<RouterOutputs['cloud']['nodeFullById']['parent']>;
 export type NodeType = ApiNode['type'];
@@ -69,4 +70,21 @@ export type EncryptedNodeInfos = {
         key: string | null;
     }[];
 };
+export type ShareNodeDetails = {
+    missingNodeAccesses: {
+        userId: string;
+        nodeId: string;
+    }[];
+    missingDataAccesses: {
+        userId: string;
+        dataId: string;
+        nodeId: string;
+    }[];
+    invalidRightsAccesses: {
+        userId: string;
+        current: 'admin' | 'write' | 'read';
+        nodeId: string;
+        expect: 'admin' | 'write' | 'read';
+    }[];
+};
 export {};

package/dist/types/client.d.ts

@@ -5392,10 +5392,12 @@ export declare const createTRPCClient: (opts: CreateTrpcClientOptions) => {
                         id: string;
                         access: {
                             key: string;
+                            sharedByPublicKey: string;
                         };
                     }[];
                     access: {
                         nameKey: string;
+                        sharedByPublicKey: string;
                     };
                 }[];
                 _output_out: {
@@ -5406,10 +5408,12 @@ export declare const createTRPCClient: (opts: CreateTrpcClientOptions) => {
                         id: string;
                         access: {
                             key: string;
+                            sharedByPublicKey: string;
                         };
                     }[];
                     access: {
                         nameKey: string;
+                        sharedByPublicKey: string;
                     };
                 }[];
             }, unknown>>;

package/dist/types/crypto/domain.d.ts

@@ -0,0 +1,10 @@
+export declare function encryptName(name: string, nameKey: string): Promise<string>;
+export declare function generateAndEncryptNameAndKey(args: {
+    name: string;
+    privateKey: string;
+    publicKey: string;
+}): Promise<{
+    nameKey: Uint8Array<ArrayBufferLike>;
+    encryptedName: string;
+    encryptedNameKey: string;
+}>;

package/dist/types/utils/object.d.ts

@@ -0,0 +1 @@
+export declare function chunkByTotalItems<T>(input: Record<string, T[]>, maxItemsPerChunk?: number): Record<string, T[]>[];

package/dist/types/worker/md5.d.ts

@@ -1 +1 @@
-export declare function md5(data: Uint8Array): Promise<string>;
+export declare const md5: (data: Uint8Array) => Promise<string>;

package/dist/types/worker/sodium.d.ts

@@ -1,3 +1,3 @@
-import type { EncryptedFile, Progress } from '../crypto/data.js';
-export declare function encrypt(key: Uint8Array, dataToEncrypt: Uint8Array, progress?: (progress: Progress) => Promise<void>, signal?: AbortSignal): Promise<EncryptedFile>;
-export declare function decrypt(key: Uint8Array, dataToDecrypt: Uint8Array, progress?: (progress: Progress) => Promise<void>, signal?: AbortSignal): Promise<Uint8Array>;
+import { type EncryptedFile, type Progress } from '../crypto/data.js';
+export declare const encrypt: (key: Uint8Array, dataToEncrypt: Uint8Array, progress?: (progress: Progress) => Promise<void>, signal?: AbortSignal) => Promise<EncryptedFile>;
+export declare const decrypt: (key: Uint8Array, dataToDecrypt: Uint8Array, progress?: (progress: Progress) => Promise<void>, signal?: AbortSignal) => Promise<Uint8Array>;

package/dist/types/worker/workerDependencies.d.ts

@@ -0,0 +1,6 @@
+export declare function encryptSecretstream(key: any, data: any, progress: any): Promise<{
+    data: Uint8Array<ArrayBuffer>;
+    md5Encrypted: any;
+    md5: any;
+}>;
+export declare function decryptSecretstream(key: any, data: any, progress: any): Promise<Uint8Array<ArrayBuffer>>;

package/package.json

@@ -2,7 +2,7 @@
   "name": "@secrecy/lib",
   "author": "Anonymize <anonymize@gmail.com>",
   "description": "Anonymize Secrecy Library",
-  "version": "1.62.0-feat-node-sharing.2",
+  "version": "1.62.0-feat-node-sharing.4",
   "repository": {
     "type": "git",
     "url": "https://github.com/anonymize-org/lib.git"
@@ -74,7 +74,7 @@
     "typescript": "^5.7.2"
   },
   "dependencies": {
-    "@secrecy/trpc-api-types": "1.33.0-feat-share-node-enhanced.11",
+    "@secrecy/trpc-api-types": "1.33.0-feat-share-node-enhanced.12",
     "@trpc/client": "10.45.2",
     "@trpc/server": "10.45.2",
     "@types/libsodium-wrappers-sumo": "^0.7.8",