@secrecy/lib 1.7.0 → 1.8.0

package/dist/lib/client/index.js

@@ -0,0 +1,49 @@
+import { BaseClient } from '../base-client.js';
+import { encryptSecretstream } from '../crypto/file.js';
+import { sodium } from '../sodium.js';
+import { SecrecyCloudClient } from './SecrecyCloudClient.js';
+import { SecrecyMailClient } from './SecrecyMailClient.js';
+import { SecrecyAppClient } from './SecrecyAppClient.js';
+import { nodesCache, filesCache, publicKeysCache } from '../cache.js';
+import { SecrecyDbClient } from './SecrecyDbClient.js';
+import { SecrecyWalletClient } from './SecrecyWalletClient.js';
+import { SecrecyPayClient } from './SecrecyPayClient.js';
+import { SecrecyUserClient } from './SecrecyUserClient.js';
+import { SecrecyCareClient } from './SecrecryCareClient.js';
+export const encryptName = async (name, nameKey) => {
+    const { data } = await encryptSecretstream(sodium.from_hex(nameKey), sodium.from_string(name));
+    const nameEncrypted = sodium.to_hex(data);
+    return nameEncrypted;
+};
+export class SecrecyClient extends BaseClient {
+    #keys;
+    care;
+    cloud;
+    mail;
+    app;
+    db;
+    wallet;
+    pay;
+    user;
+    constructor(uaSession, uaKeys, uaJwt) {
+        super(uaSession);
+        this.#keys = uaKeys;
+        this.care = new SecrecyCareClient(this, this.#keys, this.client);
+        this.cloud = new SecrecyCloudClient(this, this.#keys, this.client);
+        this.mail = new SecrecyMailClient(this, this.#keys, this.client);
+        this.app = new SecrecyAppClient(uaJwt, this, this.#keys, this.client);
+        this.db = new SecrecyDbClient(this, this.#keys, this.client);
+        this.wallet = new SecrecyWalletClient(this);
+        this.pay = new SecrecyPayClient(this, this.#keys, this.client);
+        this.user = new SecrecyUserClient(this, this.#keys, this.client);
+    }
+    get publicKey() {
+        return this.#keys.publicKey;
+    }
+    async logout(sessionId) {
+        nodesCache.clear();
+        filesCache.clear();
+        publicKeysCache.clear();
+        await super.logout(sessionId);
+    }
+}

package/dist/lib/client/storage.js

@@ -0,0 +1,7 @@
+import { storeBuddy } from '../utils/store-buddy.js';
+export function getStorage(session) {
+    const userAppSession = storeBuddy(`secrecy.user_app_session`, session).init(null);
+    const userAppKeys = storeBuddy(`secrecy.user_app_keys`, session).init(null);
+    const jwt = storeBuddy(`secrecy.jwt`, session).init(null);
+    return { userAppKeys, userAppSession, jwt };
+}

package/dist/lib/client/types/app.js

@@ -0,0 +1 @@
+export {};

package/dist/lib/client/types/file.js

@@ -0,0 +1 @@
+export {};

package/dist/lib/client/types/index.js

@@ -0,0 +1,15 @@
+import { z } from 'zod';
+const keyPair = z
+    .object({
+    publicKey: z.string(),
+    privateKey: z.string(),
+})
+    .strict();
+export const secrecyUserApp = z
+    .object({
+    keys: keyPair,
+    jwt: z.string(),
+    uaSession: z.string(),
+})
+    .strict()
+    .readonly();

package/dist/lib/client/types/mail.js

@@ -0,0 +1 @@
+export {};

package/dist/lib/client/types/node.js

@@ -0,0 +1 @@
+export {};

package/dist/lib/client/types/user.js

@@ -0,0 +1 @@
+export {};

package/dist/lib/client.js

@@ -0,0 +1,47 @@
+import { httpBatchLink, loggerLink, createTRPCProxyClient, TRPCClientError, } from '@trpc/client';
+import superjson from 'superjson';
+export function isTRPCClientError(cause) {
+    return cause instanceof TRPCClientError;
+}
+export const createTRPCClient = (session, onAccessDenied) => createTRPCProxyClient({
+    transformer: superjson,
+    links: [
+        loggerLink({
+            enabled: (op) => {
+                if (op.direction === 'down' &&
+                    isTRPCClientError(op.result) &&
+                    op.result.data?.code === 'UNAUTHORIZED') {
+                    onAccessDenied?.();
+                }
+                return (process.env.NODE_ENV === 'development' ||
+                    (op.direction === 'down' && op.result instanceof Error));
+            },
+        }),
+        httpBatchLink({
+            url: process.env.NEXT_PUBLIC_SECRECY_API_URL ??
+                'https://api.secrecy.tech/',
+            maxURLLength: 2083,
+            fetch: async (input, init) => {
+                const controller = new AbortController();
+                const id = setTimeout(() => {
+                    controller.abort();
+                }, 20000);
+                const headers = new Headers(init?.headers);
+                if (typeof session === 'string') {
+                    headers.set('secrecy-session', session);
+                }
+                const call = fetch(input, {
+                    ...init,
+                    headers,
+                    signal: controller.signal,
+                    mode: 'cors',
+                    credentials: 'same-origin',
+                });
+                void call.finally(() => {
+                    clearTimeout(id);
+                });
+                return await call;
+            },
+        }),
+    ],
+});

package/dist/lib/crypto/file.js

@@ -0,0 +1,184 @@
+import { setup, sodium } from '../sodium.js';
+import SparkMD5 from 'spark-md5';
+import { chunks } from '../utils/array.js';
+function assert(c, message) {
+    if (!c) {
+        throw new Error(message);
+    }
+}
+export function secretstreamKeygen() {
+    return sodium.crypto_secretstream_xchacha20poly1305_keygen();
+}
+function encrypt(key) {
+    let destroyed = false;
+    const { state, header } = sodium.crypto_secretstream_xchacha20poly1305_init_push(key);
+    const encrypt = (tag, plaintext) => {
+        assert(!destroyed, 'state already destroyed');
+        return sodium.crypto_secretstream_xchacha20poly1305_push(state, plaintext, null, tag);
+    };
+    function destroy() {
+        assert(!destroyed, 'state already destroyed');
+        destroyed = true;
+    }
+    return {
+        encrypt,
+        destroy,
+        header,
+    };
+}
+function decrypt(header, key) {
+    assert(header.byteLength >=
+        sodium.crypto_secretstream_xchacha20poly1305_HEADERBYTES, `header must be at least HEADERBYTES (${sodium.crypto_secretstream_xchacha20poly1305_HEADERBYTES}) long`);
+    assert(key.byteLength >= sodium.crypto_secretstream_xchacha20poly1305_KEYBYTES, `key must be at least KEYBYTES (${sodium.crypto_secretstream_xchacha20poly1305_KEYBYTES}) long`);
+    let destroyed = false;
+    const state = sodium.crypto_secretstream_xchacha20poly1305_init_pull(header, key);
+    const decrypt = (ciphertext) => {
+        assert(!destroyed, 'state already destroyed');
+        return sodium.crypto_secretstream_xchacha20poly1305_pull(state, ciphertext);
+    };
+    function destroy() {
+        assert(!destroyed, 'state already destroyed');
+        destroyed = true;
+    }
+    return {
+        decrypt,
+        destroy,
+    };
+}
+export const CHUNK_SIZE = 8192;
+export async function encryptSecretstream(key, data, progress, abort) {
+    await setup();
+    const { encrypt: crypt, destroy, header } = encrypt(key);
+    const encryptedChunk = CHUNK_SIZE + sodium.crypto_secretstream_xchacha20poly1305_ABYTES;
+    const max = Math.ceil(data.byteLength / CHUNK_SIZE) * encryptedChunk + header.byteLength;
+    void progress?.({
+        percent: 0,
+        total: max,
+        current: 0,
+    });
+    const final = new Uint8Array(max);
+    const sparkEncrypted = new SparkMD5.ArrayBuffer();
+    const spark = new SparkMD5.ArrayBuffer();
+    final.set(header);
+    sparkEncrypted.append(header.buffer);
+    let total = header.byteLength;
+    void progress?.({
+        percent: total / max,
+        total: max,
+        current: total,
+    });
+    let lastPercent = total / max;
+    for (const chunk of chunks(data, CHUNK_SIZE)) {
+        if (abort?.signal.aborted === true) {
+            throw new Error(`Encrypt aborted`);
+        }
+        spark.append(chunk.buffer);
+        const tag = chunk.length < CHUNK_SIZE
+            ? sodium.crypto_secretstream_xchacha20poly1305_TAG_FINAL
+            : sodium.crypto_secretstream_xchacha20poly1305_TAG_MESSAGE;
+        const encrypted = crypt(tag, chunk);
+        sparkEncrypted.append(encrypted.buffer);
+        final.set(encrypted, total);
+        total += encrypted.byteLength;
+        const percent = total / max;
+        if (percent > lastPercent + 0.01) {
+            void progress?.({
+                percent,
+                total: max,
+                current: total,
+            });
+            lastPercent = percent;
+        }
+    }
+    destroy();
+    void progress?.({
+        percent: 1,
+        total,
+        current: total,
+    });
+    return {
+        data: final.slice(0, total),
+        md5Encrypted: sparkEncrypted.end(),
+        md5: spark.end(),
+    };
+}
+export async function decryptSecretstream(key, data, progress, abort) {
+    await setup();
+    const header = data.slice(0, sodium.crypto_secretstream_xchacha20poly1305_HEADERBYTES);
+    data = data.slice(sodium.crypto_secretstream_xchacha20poly1305_HEADERBYTES);
+    const { decrypt: decryptt, destroy } = decrypt(header, key);
+    const chunkSize = CHUNK_SIZE + sodium.crypto_secretstream_xchacha20poly1305_ABYTES;
+    const max = Math.ceil(data.byteLength / chunkSize) * CHUNK_SIZE;
+    void progress?.({
+        percent: 0,
+        total: max,
+        current: 0,
+    });
+    const final = new Uint8Array(max);
+    let total = 0;
+    let lastPercent = total / max;
+    for (const chunk of chunks(data, chunkSize)) {
+        if (abort?.signal.aborted === true) {
+            throw new Error(`Decrypt aborted`);
+        }
+        const tmp = decryptt(chunk);
+        final.set(tmp.message, total);
+        total += tmp.message.byteLength;
+        const percent = total / max;
+        if (percent > lastPercent + 0.01) {
+            void progress?.({
+                percent,
+                total: max,
+                current: total,
+            });
+            lastPercent = percent;
+        }
+    }
+    destroy();
+    void progress?.({
+        percent: 1,
+        total,
+        current: total,
+    });
+    return final.slice(0, total);
+}
+// async function mainSecretstream(random: Uint8Array): Promise<vo id> {
+//   const key = secretstreamKeygen();
+//   console.time("secretstream_encrypt");
+//   const crypted = en cryptSecretstream(key, random);
+//   consol e.timeEnd("secretstream_encrypt");
+//   console.time("secretstream_decrypt");
+//   const decrypted =  decryptSecretstream(key, crypted);
+//   con sole.timeEnd("secretstream_decrypt");
+//   const first = t o_hex(random).slice(0, 32);
+//   const final = to_hex(decrypted).slice(0, 32);
+//   console.lo g({
+//     first,
+//     final,
+//     equals: firs t === final
+//   }) ;
+// }
+// async function mai nSecretbox(random: Uint8Array): Promise< void> {
+//   const key = generateSecretBox();
+//   console.time("secretbox _encrypt");
+//   const crypted = encryptFile(random, key);
+//   console.timeEn d("secretbox_encrypt");
+//   console.time("secretbox_decrypt");
+//   const decrypted = decryptFile(crypted, key);
+//   console.tim eEnd("secretbox_decrypt");
+//   const first = to_h ex(random).slice(0, 32);
+//   const final = to_hex(decrypted).slice(0, 32);
+//   console.lo g({
+//     first,
+//     final,
+//     equals: firs t === final
+//   }) ;
+// }
+// asy nc function ma in(): Promise<void> {
+//   await ready;
+//   console.time("randombytes_buf");
+//   const random = randombytes_buf(1_000_000 * 1024);
+//   consol e.timeEnd("randombytes_buf");
+//   await Promise.all([m ainSecretstream(random), mainSecretbox(random)]);
+// }
+// main();

package/dist/lib/crypto/index.js

@@ -0,0 +1,41 @@
+import { concatenate } from '../utils/array.js';
+import { sodium } from '../sodium.js';
+export function encryptCryptoBox(data, publicKeyBob, privateKeyAlice) {
+    const nonce = sodium.randombytes_buf(sodium.crypto_box_NONCEBYTES);
+    const crypt = sodium.crypto_box_easy(data, nonce, sodium.from_hex(publicKeyBob), sodium.from_hex(privateKeyAlice));
+    return concatenate(nonce, crypt);
+}
+export function generateCryptoBoxKeyPair() {
+    return sodium.crypto_box_keypair('hex');
+}
+export function decryptCryptoBox(data, publicKeyAlice, privateKeyBob) {
+    if (data.length < sodium.crypto_box_NONCEBYTES + sodium.crypto_box_MACBYTES) {
+        throw 'data too short';
+    }
+    const nonce = data.slice(0, sodium.crypto_box_NONCEBYTES);
+    const cipher = data.slice(sodium.crypto_box_NONCEBYTES);
+    return sodium.crypto_box_open_easy(cipher, nonce, sodium.from_hex(publicKeyAlice), sodium.from_hex(privateKeyBob));
+}
+export function generateSecretBoxKey() {
+    return sodium.randombytes_buf(sodium.crypto_secretbox_KEYBYTES, 'hex');
+}
+export function encryptSecretBox(data, key) {
+    const nonce = sodium.randombytes_buf(sodium.crypto_secretbox_NONCEBYTES);
+    const crypt = sodium.crypto_secretbox_easy(data, nonce, sodium.from_hex(key));
+    return concatenate(nonce, crypt);
+}
+export function decryptSecretBox(data, key) {
+    if (data.length <
+        sodium.crypto_secretbox_NONCEBYTES + sodium.crypto_secretbox_MACBYTES) {
+        throw 'data too short';
+    }
+    const nonce = data.slice(0, sodium.crypto_secretbox_NONCEBYTES);
+    const cipher = data.slice(sodium.crypto_secretbox_NONCEBYTES);
+    return sodium.crypto_secretbox_open_easy(cipher, nonce, sodium.from_hex(key));
+}
+export function encryptAnonymous(data, receiverPublicKey) {
+    return sodium.crypto_box_seal(data, sodium.from_hex(receiverPublicKey));
+}
+export function decryptAnonymous(data, { privateKey, publicKey }) {
+    return sodium.crypto_box_seal_open(data, sodium.from_hex(publicKey), sodium.from_hex(privateKey));
+}

package/dist/lib/error/client.js

@@ -0,0 +1,10 @@
+import { z } from 'zod';
+export const clientErrorCodeKey = z.enum(['NOT_FOUND']);
+export const clientError = z.object({
+    name: z.literal('ClientError'),
+    code: clientErrorCodeKey,
+    message: z.string(),
+});
+export const isClientError = (input) => {
+    return clientError.safeParse(input).success;
+};

package/dist/lib/error/index.js

@@ -0,0 +1,10 @@
+import { z } from 'zod';
+import { clientError } from './client.js';
+import { serverError } from './server.js';
+export const secrecyError = z.discriminatedUnion('name', [
+    serverError,
+    clientError,
+]);
+export const isSecrecyError = (input) => {
+    return secrecyError.safeParse(input).success;
+};

package/dist/lib/error/server.js

@@ -0,0 +1,27 @@
+import { z } from 'zod';
+export const trpcErrorCodeKey = z.enum([
+    'PARSE_ERROR',
+    'BAD_REQUEST',
+    'INTERNAL_SERVER_ERROR',
+    'NOT_IMPLEMENTED',
+    'UNAUTHORIZED',
+    'FORBIDDEN',
+    'NOT_FOUND',
+    'METHOD_NOT_SUPPORTED',
+    'TIMEOUT',
+    'CONFLICT',
+    'PRECONDITION_FAILED',
+    'PAYLOAD_TOO_LARGE',
+    'UNPROCESSABLE_CONTENT',
+    'TOO_MANY_REQUESTS',
+    'CLIENT_CLOSED_REQUEST',
+]);
+export const serverError = z.object({
+    name: z.literal('TRPCError'),
+    code: trpcErrorCodeKey,
+    message: z.string(),
+    data: z.unknown().optional(),
+});
+export const isServerError = (input) => {
+    return serverError.safeParse(input).success;
+};

package/dist/lib/index.js

@@ -0,0 +1,10 @@
+/* eslint-disable @typescript-eslint/triple-slash-reference */
+/// <reference lib="dom" />
+/// <reference lib="dom.iterable" />
+export * from './client/index.js';
+export * from './crypto/index.js';
+export { BaseClient } from './base-client.js';
+export * from './client/helpers.js';
+export * from './sodium.js';
+export * from './utils/store-buddy.js';
+export * from './error/index.js';

package/dist/lib/minify/index.js

@@ -0,0 +1,23 @@
+import { calcUncompressedLen, compressBlockBound, compressBlockHC, uncompressBlock, } from './lz4.js';
+import { concatenate } from '../utils/array.js';
+export function compress(data) {
+    // If the data is too small, it's not worth compressing.
+    if (data.byteLength < 15_000_000) {
+        return concatenate(new Uint8Array([0]), data);
+    }
+    const compressed = new Uint8Array(compressBlockBound(data.byteLength));
+    const compressedSize = compressBlockHC(data, compressed, 0);
+    if (compressedSize === 0) {
+        return concatenate(new Uint8Array([0]), data);
+    }
+    return concatenate(new Uint8Array([1]), compressed.slice(0, compressedSize));
+}
+export function decompress(data) {
+    const realData = data.slice(1);
+    if (data[0] === 0) {
+        return realData;
+    }
+    const dst = new Uint8Array(calcUncompressedLen(realData));
+    const uncompressedSize = uncompressBlock(realData, dst);
+    return dst.slice(0, uncompressedSize);
+}