@secrecy/lib 1.73.7 → 1.74.0-feat-groups-identity.1

package/dist/lib/client/SecrecyDbClient.js

@@ -1,10 +1,6 @@
 export class SecrecyDbClient {
-    // #client: SecrecyClient;
-    // #keys: KeyPair;
-    #apiClient;
-    constructor(_client, _keys, apiClient) {
-        // this.#client = client;
-        // this.#keys = keys;
-        this.#apiClient = apiClient;
+    #client;
+    constructor(client) {
+        this.#client = client;
     }
 }

package/dist/lib/client/SecrecyMailClient.js

@@ -3,35 +3,29 @@ import { encryptCryptoBox, sodium } from '../index.js';
 import { convertInternalMailToExternal } from './convert/mail.js';
 export class SecrecyMailClient {
     #client;
-    #keys;
-    #apiClient;
-    constructor(client, keys, apiClient) {
+    constructor(client) {
         this.#client = client;
-        this.#keys = keys;
-        this.#apiClient = apiClient;
     }
     async get({ id }) {
-        const mail = await this.#apiClient.mail.byId.query({ id });
+        const mail = await this.#client.apiClient.mail.byId.query({ id });
         return await convertInternalMailToExternal({
             mail,
-            client: this.#client,
-            keyPair: this.#keys,
+            keyPairs: this.#client.keyPairs,
         });
     }
     async recover({ mailId }) {
-        const { isRecovered } = await this.#apiClient.mail.recover.mutate({
+        const { isRecovered } = await this.#client.apiClient.mail.recover.mutate({
             id: mailId,
         });
         return isRecovered;
     }
     async deletedMails({ mailType, }) {
-        const deletedMails = await this.#apiClient.mail.deleted.query({
+        const deletedMails = await this.#client.apiClient.mail.deleted.query({
             type: mailType,
         });
         return await Promise.all(deletedMails.map(async (mail) => await convertInternalMailToExternal({
             mail,
-            client: this.#client,
-            keyPair: this.#keys,
+            keyPairs: this.#client.keyPairs,
         })));
     }
     async create(data, customMessage) {
@@ -43,7 +37,7 @@ export class SecrecyMailClient {
         return { ...mail, type: 'sent' };
     }
     async waitingReceivedMails() {
-        const waitingReceivedMails = await this.#apiClient.mail.waitingReceived.query({});
+        const waitingReceivedMails = await this.#client.apiClient.mail.waitingReceived.query({});
         const waitingReceivedMailsWithIds = waitingReceivedMails.map((mail) => ({
             id: Math.random().toString(36).substring(2, 9),
             sender: mail.sender,
@@ -79,18 +73,18 @@ export class SecrecyMailClient {
                         throw new Error(`File ${f.name} (${f.id}) does not exists`);
                     }
                 }
-                f.name = sodium.to_hex(encryptCryptoBox(sodium.from_string(f.name), this.#keys.publicKey, this.#keys.privateKey));
+                f.name = sodium.to_hex(encryptCryptoBox(sodium.from_string(f.name), this.#client.uaIdentity.identityPubKey, this.#client.uaPrivateKey));
             }
         }
-        const updateDraftMail = await this.#apiClient.mail.updateDraft.mutate({
+        const updateDraftMail = await this.#client.apiClient.mail.updateDraft.mutate({
             id: draftId,
             recipients: recipients ?? null,
             replyToId: replyToId ?? null,
             body: body !== undefined
-                ? sodium.to_hex(encryptCryptoBox(sodium.from_string(body), this.#keys.publicKey, this.#keys.privateKey))
+                ? sodium.to_hex(encryptCryptoBox(sodium.from_string(body), this.#client.uaIdentity.identityPubKey, this.#client.uaPrivateKey))
                 : null,
             subject: subject !== undefined
-                ? sodium.to_hex(encryptCryptoBox(sodium.from_string(subject), this.#keys.publicKey, this.#keys.privateKey))
+                ? sodium.to_hex(encryptCryptoBox(sodium.from_string(subject), this.#client.uaIdentity.identityPubKey, this.#client.uaPrivateKey))
                 : null,
             senderFiles: senderFiles ?? null,
             hash,
@@ -98,28 +92,27 @@ export class SecrecyMailClient {
         });
         return (await convertInternalMailToExternal({
             mail: updateDraftMail,
-            client: this.#client,
-            keyPair: this.#keys,
+            keyPairs: this.#client.keyPairs,
         }));
     }
     async deleteDraft(draftId) {
-        const { isDeleted } = await this.#apiClient.mail.deleteDraft.mutate({
+        const { isDeleted } = await this.#client.apiClient.mail.deleteDraft.mutate({
             id: draftId,
         });
         return isDeleted;
     }
     async deleteTrash({ ids }) {
-        const { isDeleted } = await this.#apiClient.mail.deleteTrash.mutate({
+        const { isDeleted } = await this.#client.apiClient.mail.deleteTrash.mutate({
             ids,
         });
         return isDeleted;
     }
     async emptyTrash() {
-        const { isDeleted } = await this.#apiClient.mail.emptyTrash.mutate({});
+        const { isDeleted } = await this.#client.apiClient.mail.emptyTrash.mutate({});
         return isDeleted;
     }
     async delete({ mailId }) {
-        const { isDeleted } = await this.#apiClient.mail.delete.mutate({
+        const { isDeleted } = await this.#client.apiClient.mail.delete.mutate({
             id: mailId,
         });
         return isDeleted;
@@ -153,7 +146,7 @@ export class SecrecyMailClient {
                 recipients.push(input);
             }
         }
-        const { isSent } = await this.#apiClient.mail.sendDraft.mutate({
+        const { isSent } = await this.#client.apiClient.mail.sendDraft.mutate({
             temporaryRecipients,
             recipients,
             id: draft.mailIntegrityId,
@@ -175,10 +168,11 @@ export class SecrecyMailClient {
                     if (input === null) {
                         continue;
                     }
-                    await this.#apiClient.mail.sendOne.mutate({
+                    await this.#client.apiClient.mail.sendOne.mutate({
                         id: mail.mailIntegrityId,
                         recipient: {
                             ...input,
+                            recipientPublicKey: input.recipientPubKey,
                             attachments: input.attachments.map((attachment) => ({
                                 id: attachment.dataId,
                                 key: attachment.key,
@@ -207,62 +201,58 @@ export class SecrecyMailClient {
             }
             senderFiles.push({
                 id: data.id,
-                name: sodium.to_hex(encryptCryptoBox(sodium.from_string(f.name), this.#keys.publicKey, this.#keys.privateKey)),
+                name: sodium.to_hex(encryptCryptoBox(sodium.from_string(f.name), this.#client.uaIdentity.identityPubKey, this.#client.uaPrivateKey)),
             });
         }
-        const createDraftMail = await this.#apiClient.mail.createDraft.mutate({
+        const createDraftMail = await this.#client.apiClient.mail.createDraft.mutate({
             recipients,
             replyToId,
-            body: sodium.to_hex(encryptCryptoBox(sodium.from_string(body), this.#keys.publicKey, this.#keys.privateKey)),
-            subject: sodium.to_hex(encryptCryptoBox(sodium.from_string(subject), this.#keys.publicKey, this.#keys.privateKey)),
+            body: sodium.to_hex(encryptCryptoBox(sodium.from_string(body), this.#client.uaIdentity.identityPubKey, this.#client.uaPrivateKey)),
+            subject: sodium.to_hex(encryptCryptoBox(sodium.from_string(subject), this.#client.uaIdentity.identityPubKey, this.#client.uaPrivateKey)),
             senderFiles,
             hash,
             hashKey,
         });
         return (await convertInternalMailToExternal({
             mail: createDraftMail,
-            client: this.#client,
-            keyPair: this.#keys,
+            keyPairs: this.#client.keyPairs,
         }));
     }
     async read({ mailId }) {
-        const { isRead } = await this.#apiClient.mail.read.mutate({
+        const { isRead } = await this.#client.apiClient.mail.read.mutate({
             id: mailId,
         });
         return isRead;
     }
     async unread({ mailId }) {
-        const { isUnread } = await this.#apiClient.mail.unread.mutate({
+        const { isUnread } = await this.#client.apiClient.mail.unread.mutate({
             id: mailId,
         });
         return isUnread;
     }
     async receivedMails(input) {
-        const receivedMails = await this.#apiClient.mail.received.query(input);
+        const receivedMails = await this.#client.apiClient.mail.received.query(input);
         return await Promise.all(receivedMails.map(async (mail) => (await convertInternalMailToExternal({
             mail,
-            client: this.#client,
-            keyPair: this.#keys,
+            keyPairs: this.#client.keyPairs,
         }))));
     }
     async sentMails(input) {
-        const sentMails = await this.#apiClient.mail.sent.query(input);
+        const sentMails = await this.#client.apiClient.mail.sent.query(input);
         return await Promise.all(sentMails.map(async (mail) => (await convertInternalMailToExternal({
             mail,
-            client: this.#client,
-            keyPair: this.#keys,
+            keyPairs: this.#client.keyPairs,
         }))));
     }
     async draftMails(input) {
-        const draftMails = await this.#apiClient.mail.draft.query(input);
+        const draftMails = await this.#client.apiClient.mail.draft.query(input);
         return await Promise.all(draftMails.map(async (mail) => (await convertInternalMailToExternal({
             mail,
-            client: this.#client,
-            keyPair: this.#keys,
+            keyPairs: this.#client.keyPairs,
         }))));
     }
     async unreadReceivedMailsCount() {
-        const unreadReceivedMailsCount = await this.#apiClient.mail.unreadReceivedCount.query({});
+        const unreadReceivedMailsCount = await this.#client.apiClient.mail.unreadReceivedCount.query({});
         return unreadReceivedMailsCount;
     }
     _eachUser = async (data, subject, body, idOrMail) => {
@@ -282,17 +272,17 @@ export class SecrecyMailClient {
             const key = dataInHistory.key;
             attachments.push({
                 dataId: f.id,
-                name: sodium.to_hex(encryptCryptoBox(sodium.from_string(f.name), pubKey, this.#keys.privateKey)),
+                name: sodium.to_hex(encryptCryptoBox(sodium.from_string(f.name), pubKey, this.#client.uaPrivateKey)),
                 key: key
-                    ? sodium.to_hex(encryptCryptoBox(sodium.from_hex(key), pubKey, this.#keys.privateKey))
+                    ? sodium.to_hex(encryptCryptoBox(sodium.from_hex(key), pubKey, this.#client.uaPrivateKey))
                     : null,
             });
         }
         return {
             // recipientId: userId,
-            recipientId: idOrMail,
-            body: sodium.to_hex(encryptCryptoBox(sodium.from_string(body), pubKey, this.#keys.privateKey)),
-            subject: sodium.to_hex(encryptCryptoBox(sodium.from_string(subject), pubKey, this.#keys.privateKey)),
+            recipientPubKey: pubKey,
+            body: sodium.to_hex(encryptCryptoBox(sodium.from_string(body), pubKey, this.#client.uaPrivateKey)),
+            subject: sodium.to_hex(encryptCryptoBox(sodium.from_string(subject), pubKey, this.#client.uaPrivateKey)),
             attachments,
         };
     };

package/dist/lib/client/SecrecyOrganizationClient.js

@@ -1,29 +1,27 @@
 export class SecrecyOrganizationClient {
-    // readonly #client: SecrecyClient
-    #apiClient;
-    constructor(_client, _keys, apiClient) {
-        // this.#client = client
-        this.#apiClient = apiClient;
+    #client;
+    constructor(client) {
+        this.#client = client;
     }
     async create(input) {
-        return this.#apiClient.org.create.mutate(input);
+        return this.#client.apiClient.org.create.mutate(input);
     }
     async update(input) {
-        return this.#apiClient.org.update.mutate(input);
+        return this.#client.apiClient.org.update.mutate(input);
     }
     async addMember(input) {
-        return this.#apiClient.org.addMember.mutate(input);
+        return this.#client.apiClient.org.addMember.mutate(input);
     }
     async removeMember(input) {
-        return this.#apiClient.org.removeMember.mutate(input);
+        return this.#client.apiClient.org.removeMember.mutate(input);
     }
     async updateRole(input) {
-        return this.#apiClient.org.updateRole.mutate(input);
+        return this.#client.apiClient.org.updateRole.mutate(input);
     }
     async list(input) {
-        return this.#apiClient.org.list.query(input);
+        return this.#client.apiClient.org.list.query(input);
     }
     async plans(input) {
-        return this.#apiClient.org.plans.query(input);
+        return this.#client.apiClient.org.plans.query(input);
     }
 }

package/dist/lib/client/SecrecyPayClient.js

@@ -1,12 +1,8 @@
 import { popup } from '../utils/popup-tools.js';
 export class SecrecyPayClient {
     #client;
-    // #keys: KeyPair
-    // #apiClient: ApiClient
-    constructor(client, _keys, _apiClient) {
+    constructor(client) {
         this.#client = client;
-        // this.#keys = keys
-        // this.#apiClient = apiClient
     }
     async confirmPaymentIntent({ paymentIntentId, secrecyIdWhoCreatedPaymentIntent, secrecyIdWhoNeedToConfirmPaymentIntent, amount, currency, }) {
         const hash = Buffer.from(JSON.stringify({

package/dist/lib/client/SecrecyPseudonymClient.js

@@ -1,19 +1,15 @@
 export class SecrecyPseudonymClient {
     #client;
-    #keys;
-    #apiClient;
-    constructor(client, keys, apiClient) {
+    constructor(client) {
         this.#client = client;
-        this.#keys = keys;
-        this.#apiClient = apiClient;
     }
     async askForLabel(input) {
-        return await this.#apiClient.pseudonym.askForLabel.query(input);
+        return await this.#client.apiClient.pseudonym.askForLabel.query(input);
     }
     async askForUser(input) {
-        return await this.#apiClient.pseudonym.askForUser.query(input);
+        return await this.#client.apiClient.pseudonym.askForUser.query(input);
     }
     async cross(input) {
-        return await this.#apiClient.pseudonym.cross.query(input);
+        return await this.#client.apiClient.pseudonym.cross.query(input);
     }
 }

package/dist/lib/client/SecrecyUserClient.js

@@ -1,30 +1,30 @@
 export class SecrecyUserClient {
-    #apiClient;
-    constructor(_client, _keys, apiClient) {
-        this.#apiClient = apiClient;
+    #client;
+    constructor(client) {
+        this.#client = client;
     }
     async answerInvitation(input) {
-        return await this.#apiClient.contacts.answerInvitation.mutate(input);
+        return await this.#client.apiClient.contacts.answerInvitation.mutate(input);
     }
     async cancelInvitation(input) {
-        return await this.#apiClient.contacts.cancelInvitation.mutate(input);
+        return await this.#client.apiClient.contacts.cancelInvitation.mutate(input);
     }
     async createInvitation(input) {
-        return await this.#apiClient.contacts.createInvitation.mutate(input);
+        return await this.#client.apiClient.contacts.createInvitation.mutate(input);
     }
     async getContacts(input) {
-        return await this.#apiClient.contacts.getContacts.query(input);
+        return await this.#client.apiClient.contacts.getContacts.query(input);
     }
     async getReceivedInvitations(input) {
-        return await this.#apiClient.contacts.getReceivedInvitations.query(input);
+        return await this.#client.apiClient.contacts.getReceivedInvitations.query(input);
     }
     async getSentInvitations(input) {
-        return await this.#apiClient.contacts.getSentInvitations.query(input);
+        return await this.#client.apiClient.contacts.getSentInvitations.query(input);
     }
     async removeContact(input) {
-        return await this.#apiClient.contacts.removeContact.mutate(input);
+        return await this.#client.apiClient.contacts.removeContact.mutate(input);
     }
     async getUsers(input) {
-        return await this.#apiClient.account.getUsers.query(input);
+        return await this.#client.apiClient.account.getUsers.query(input);
     }
 }

package/dist/lib/client/SecrecyWalletClient.js

@@ -1,11 +1,9 @@
 import { popup } from '../utils/popup-tools.js';
 export class SecrecyWalletClient {
     #client;
-    // #keys: KeyPair;
     // #thunder: ReturnType<typeof Thunder>;
     constructor(client) {
         this.#client = client;
-        // this.#keys = keys;
         // this.#thunder = thunder;
     }
     async createTransaction({ network = 'mainnet', tx, }) {

package/dist/lib/client/convert/data.js

@@ -1,7 +1,7 @@
 import { dataCache } from '../../cache.js';
 import { decryptCryptoBox } from '../../crypto/index.js';
 import { sodium } from '../../sodium.js';
-export function apiDataToInternal(apiData, keyPair) {
+export function apiDataToInternal(apiData, keyPairs) {
     const data = {
         id: apiData.id,
         md5: apiData.md5,
@@ -10,7 +10,7 @@ export function apiDataToInternal(apiData, keyPair) {
         size: apiData.size,
         sizeEncrypted: apiData.sizeEncrypted,
         key: apiData.access.key
-            ? sodium.to_hex(decryptCryptoBox(sodium.from_hex(apiData.access.key), apiData.access.sharedByPubKey, keyPair.privateKey))
+            ? sodium.to_hex(decryptCryptoBox(sodium.from_hex(apiData.access.key), apiData.access.sharedByPubKey, keyPairs[apiData.access.identityPubKey]))
             : null,
         mime: apiData.mime ?? undefined,
         ext: apiData.ext ?? undefined,
@@ -30,6 +30,6 @@ export function internalDataToExternalData(internal) {
         ext: internal.ext ?? undefined,
     };
 }
-export function apiDataToExternal(apiData, keyPair) {
-    return internalDataToExternalData(apiDataToInternal(apiData, keyPair));
+export function apiDataToExternal(apiData, keyPairs) {
+    return internalDataToExternalData(apiDataToInternal(apiData, keyPairs));
 }

package/dist/lib/client/convert/mail.js

@@ -1,5 +1,5 @@
-import { sodium, decryptCryptoBox, } from '../../index.js';
-export async function convertInternalMailToExternal({ client, mail, keyPair, }) {
+import { sodium, decryptCryptoBox } from '../../index.js';
+export async function convertInternalMailToExternal({ mail, keyPairs, }) {
     let type = mail.type;
     if (mail.mailIntegrityDraft !== null) {
         type = 'draft';
@@ -8,10 +8,8 @@ export async function convertInternalMailToExternal({ client, mail, keyPair, })
     if (mI === null) {
         throw new Error('Mail integrity is null');
     }
-    const pubKey = mail.type === 'received'
-        ? await client.app.userPublicKey(mail.sender.id)
-        : keyPair.publicKey;
-    const privateKey = keyPair.privateKey;
+    const pubKey = mail.senderPubKey;
+    const privateKey = keyPairs[mail.recipientPubKey];
     const body = sodium.to_string(decryptCryptoBox(sodium.from_hex(mail.body), pubKey, privateKey));
     const subject = sodium.to_string(decryptCryptoBox(sodium.from_hex(mail.subject), pubKey, privateKey));
     const hash = sodium.crypto_generichash(sodium.crypto_generichash_BYTES, JSON.stringify({ body, subject }), mI.hashKey, 'hex');
@@ -30,6 +28,7 @@ export async function convertInternalMailToExternal({ client, mail, keyPair, })
         temporaryRecipients: [], // TODO
         recipients: mI.recipients,
         sender: mail.sender,
+        senderPublicKey: mail.senderPubKey,
         attachments: mail.attachments.map((f) => {
             const name = sodium.to_string(decryptCryptoBox(sodium.from_hex(f.name), pubKey, privateKey));
             return {

package/dist/lib/client/convert/node.js

@@ -3,11 +3,11 @@ import { decryptCryptoBox } from '../../crypto/index.js';
 import { nodesCache, nodesEncryptionCache } from '../../cache.js';
 import { decryptSecretStream } from '../../crypto/data.js';
 import { apiDataToInternal, internalDataToExternalData } from './data.js';
-async function apiNodeToInternal(apiNode, keyPair) {
+async function apiNodeToInternal(apiNode, keyPairs) {
     const internal = {
         id: apiNode.id,
         type: apiNode.type,
-        access: apiNode.access,
+        accesses: apiNode.accesses,
         name: apiNode.name,
         isFavorite: apiNode.isFavorite,
         breadcrumb: 'breadcrumb' in apiNode ? apiNode.breadcrumb : [],
@@ -21,38 +21,48 @@ async function apiNodeToInternal(apiNode, keyPair) {
         createdAt: apiNode.createdAt,
         updatedAt: apiNode.updatedAt,
         deletedAt: apiNode.deletedAt,
-        users: apiNode.users,
+        identities: apiNode.identities,
+        permissions: apiNode.permissions,
         parentId: apiNode.parentId ?? null,
         currentDataId: apiNode.currentDataId ?? null,
     };
-    if (apiNode.access.nameKey !== null) {
-        const key = decryptCryptoBox(sodium.from_hex(apiNode.access.nameKey), apiNode.access.sharedByPubKey, keyPair.privateKey);
-        internal.name = sodium.to_string(await decryptSecretStream(key, sodium.from_hex(internal.name)));
-        internal.access.nameKey = sodium.to_hex(key);
+    for (const access of internal.accesses) {
+        if (access.nameKey === null) {
+            continue;
+        }
+        const pk = keyPairs[access.identityPubKey];
+        const key = decryptCryptoBox(sodium.from_hex(access.nameKey), access.sharedByPubKey, pk);
+        access.nameKey = sodium.to_hex(key);
+    }
+    const firstAccess = internal.accesses[0];
+    if (!firstAccess || firstAccess.nameKey === null) {
+        throw new Error('No access found for node ' + internal.id);
     }
+    internal.name = sodium.to_string(await decryptSecretStream(sodium.from_hex(firstAccess.nameKey), sodium.from_hex(internal.name)));
     for (const b of internal.breadcrumb) {
         if (b.nameKey === null) {
             continue;
         }
-        const key = decryptCryptoBox(sodium.from_hex(b.nameKey), b.pubKey, keyPair.privateKey);
+        const pk = keyPairs[b.identityPubKey];
+        const key = decryptCryptoBox(sodium.from_hex(b.nameKey), b.sharedByPubKey, pk);
         b.nameKey = sodium.to_hex(key);
         b.name = sodium.to_string(await decryptSecretStream(key, sodium.from_hex(b.name)));
     }
     nodesCache.set(internal.id, internal);
     return internal;
 }
-export async function apiNodeFullToInternalFull(apiNodeFull, keyPair) {
-    const f = await apiNodeToInternal(apiNodeFull, keyPair);
+export async function apiNodeFullToInternalFull(apiNodeFull, keyPairs) {
+    const f = await apiNodeToInternal(apiNodeFull, keyPairs);
     const nodeFull = {
         ...f,
         current: !!apiNodeFull.current
-            ? apiDataToInternal(apiNodeFull.current, keyPair)
+            ? apiDataToInternal(apiNodeFull.current, keyPairs)
             : undefined,
         parent: apiNodeFull.parent !== null
-            ? await apiNodeToInternal(apiNodeFull.parent, keyPair)
+            ? await apiNodeToInternal(apiNodeFull.parent, keyPairs)
             : null,
-        children: await Promise.all(apiNodeFull.children.map(async (s) => await apiNodeToInternal(s, keyPair))),
-        history: apiNodeFull.history.map((f) => apiDataToInternal(f, keyPair)),
+        children: await Promise.all(apiNodeFull.children.map(async (s) => await apiNodeToInternal(s, keyPairs))),
+        history: apiNodeFull.history.map((f) => apiDataToInternal(f, keyPairs)),
     };
     nodesCache.set(f.id, nodeFull);
     return nodeFull;
@@ -60,19 +70,19 @@ export async function apiNodeFullToInternalFull(apiNodeFull, keyPair) {
 function internalNodeToNode(internal) {
     const node = {
         ...internal,
-        breadcrumb: internal.breadcrumb.map((b) => ({
-            id: b.id,
-            name: b.name,
-        })),
-        access: {
-            isRoot: internal.access.isRoot,
-            sharedByPubKey: internal.access.sharedByPubKey,
-            rights: internal.access.rights,
-            addAccess: internal.access.addAccess,
-            delAccess: internal.access.delAccess,
-            sharingAddAccess: internal.access.sharingAddAccess,
-            sharingDelAccess: internal.access.sharingDelAccess,
-        },
+        // breadcrumb: internal.breadcrumb.map((b) => ({
+        //   id: b.id,
+        //   name: b.name,
+        // })),
+        // access: {
+        //   isRoot: internal.access.isRoot,
+        //   sharedByPubKey: internal.access.sharedByPubKey,
+        //   rights: internal.access.rights,
+        //   addAccess: internal.access.addAccess,
+        //   delAccess: internal.access.delAccess,
+        //   sharingAddAccess: internal.access.sharingAddAccess,
+        //   sharingDelAccess: internal.access.sharingDelAccess,
+        // },
     };
     return node;
 }
@@ -87,17 +97,18 @@ export function internalNodeFullToNodeFull(internal) {
             : undefined,
     };
 }
-export async function apiNodeToExternalNodeFull(apiNodeFull, keyPair) {
-    const apiNode = await apiNodeFullToInternalFull(apiNodeFull, keyPair);
+export async function apiNodeToExternalNodeFull(apiNodeFull, keyPairs) {
+    const apiNode = await apiNodeFullToInternalFull(apiNodeFull, keyPairs);
     return internalNodeFullToNodeFull(apiNode);
 }
-export async function apiNodeToExternal(apiNode, keyPair) {
-    const internal = await apiNodeToInternal(apiNode, keyPair);
+export async function apiNodeToExternal(apiNode, keyPairs) {
+    const internal = await apiNodeToInternal(apiNode, keyPairs);
     return internalNodeToNode(internal);
 }
-export async function apiNodeForEncryptionToInternal(apiNode, keyPair) {
+export async function apiNodeForEncryptionToInternal(apiNode, keyPairs) {
     const history = apiNode.history.map((history) => {
-        const key = decryptCryptoBox(sodium.from_hex(history.access.key), history.access.sharedByPublicKey, keyPair.privateKey);
+        const pk = keyPairs[history.access.identityPubKey];
+        const key = decryptCryptoBox(sodium.from_hex(history.access.key), history.access.sharedByPublicKey, pk);
         return {
             id: history.id,
             key: sodium.to_hex(key),
@@ -112,7 +123,8 @@ export async function apiNodeForEncryptionToInternal(apiNode, keyPair) {
     };
     internal.access = { ...apiNode.access };
     if (apiNode.access.nameKey !== null) {
-        const key = decryptCryptoBox(sodium.from_hex(apiNode.access.nameKey), apiNode.access.sharedByPublicKey, keyPair.privateKey);
+        const pk = keyPairs[apiNode.access.identityPubKey];
+        const key = decryptCryptoBox(sodium.from_hex(apiNode.access.nameKey), apiNode.access.sharedByPublicKey, pk);
         internal.name = sodium.to_string(await decryptSecretStream(key, sodium.from_hex(internal.name)));
         internal.access.nameKey = sodium.to_hex(key);
     }

package/dist/lib/client/helpers.js

@@ -21,23 +21,26 @@ export function getSecrecyClient(opts = {}) {
     const storage = getStorage(opts.session);
     const infos = parseInfos();
     if (infos !== null) {
-        storage.userAppKeys.save(infos.keys);
+        storage.identities.save(infos.identities);
         storage.userAppSession.save(infos.uaSession);
         storage.jwt.save(infos.jwt);
         return new SecrecyClient({
             uaSession: infos.uaSession,
-            uaKeys: infos.keys,
+            identities: infos.identities,
+            keyPairs: infos.keyPairs,
             uaJwt: infos.jwt,
             secrecyUrls: opts.secrecyUrls,
         });
     }
     const uaSession = storage.userAppSession.load();
-    const uaKeys = storage.userAppKeys.load();
+    const identities = storage.identities.load();
+    const keyPairs = storage.keyPairs.load();
     const uaJwt = storage.jwt.load();
-    if (uaSession && uaKeys && uaJwt) {
+    if (uaSession && identities && keyPairs && uaJwt) {
         return new SecrecyClient({
             uaSession,
-            uaKeys,
+            identities,
+            keyPairs,
             uaJwt,
             secrecyUrls: opts.secrecyUrls,
         });
@@ -64,11 +67,13 @@ export async function login({ appId, context, path, redirect, scopes, backPath,
             const validate = (infos) => {
                 const storage = getStorage(session);
                 storage.userAppSession.save(infos.uaSession);
-                storage.userAppKeys.save(infos.keys);
+                storage.identities.save(infos.identities);
+                storage.keyPairs.save(infos.keyPairs);
                 storage.jwt.save(infos.jwt);
                 resolve(new SecrecyClient({
                     uaSession: infos.uaSession,
-                    uaKeys: infos.keys,
+                    identities: infos.identities,
+                    keyPairs: infos.keyPairs,
                     uaJwt: infos.jwt,
                     secrecyUrls,
                 }));
@@ -108,6 +113,10 @@ export async function login({ appId, context, path, redirect, scopes, backPath,
         }
         else {
             if (context) {
+                if (context.userId && client.uaIdentity.userId !== context.userId) {
+                    innerLogin();
+                    return;
+                }
                 const me = await client.me();
                 if ((context.userId && context.userId !== me.id) ||
                     (context.orgId && context.orgId !== me.organization.id)) {